1. Add support in REST and Mgmt API for dynamic group template
2. If present - groups follows the pattern of this template, otherwise - the last static group
3. This allows to create pure dynamic rollout with 0 static groups - auto assignment equivalent with groups
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* adds PUT method for updating name and description of a rollout
* restrict RolloutUpdate to changing only name and description
* small refactoring
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
1. Definded with properties users (static) are configured using property map (no need of indexes)
2. AuthenticationProvider that authenticates them is always registered (if not needed - don't configure them)
3. UserDetailsService (in case of missing - won't be registered)
4. Spring security user (spring.security.username) will be registered together with other users (if any). If any - it will be system-wide, otherwise tenant-scoped.
5. UserPrincipal renamed to TenantAwareUser in order to match its purpose.
6. Some if its fields are removes as not needed - to be closer to spring security user
7. DefaultRolloutApprovalStrategy now use UserAuthoritiesResolver instead of UserDetailsService as the central point of truth
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* [#1383] Spring Boot 3 migration Step 2
Some of the steps:
1. Change spring version parent and versions in root pom.xml
2. update eclipselink versions
3. javax.annotation -> jakarta.annotation (*.java)
4. javax.persistence -> jakarta.persistence (*.java)
5. javax.servlet -> jakarta.servlet (*.java, pom.xml)
6. javax.validation:validation-api -> jakarta.validation:jakarta.validation-api (pom.xml)
7. javax.validation -> jakarta.validation (*.java)
8. javax.transaction -> jakarta.transaction (*.java)
9. replace spring-cloud-stream-binder-test (hawkbit-repository-test) with
```
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream-test-binder</artifactId>
</dependency>
```
, TestSupportBinderAutoConfiguration.class }) -> })
@Import(TestChannelBinderConfiguration.class)
10. Set to Simple UI standard parent
11. requestMatchers to securityMatcher
12. @SpringBootApplication(scanBasePackages = "org.eclipse.hawkbit") (otherwise for instance flyway doesn't work - suffix is default ".sql", not H2.sql and don't differentiate dbs? strange is there a change?)
13. @NonEmpty for Long leads to validation exception - replaced with @NotNull
14. RSQLUtilityTest.correctRsqlBuildsPredicate - fixed - mock query builder add method
15. https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#spring-mvc-and-webflux-url-matching-changes - aliases as targers/ return 404 - remove trailing slash
16. firewall tests (allowedHostNameWithNotAllowedHost) doesn't throw 'rejected exception' but return 400 instead (as probably is expected anyway)
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com
* Fix tenant listing to do not mix with multitenancy
Tenant metadata is not multitenancy aware while depend on distribution set type
which is. Thus querying all tenant metadata (in non tenant context) sometimes leads to
resolution of distribution set type which is tenant scoped and leads to problems.
So, now listing tenant lists just their ids - not fill entities.
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---------
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* [#1548] Add support for dynamic rollouts
-- Current status --
Initial draft only !!!, to be improved
TODO:
* evaluate the target count - if update group/rollout total count fails dynamic updates could (?), actually, contain more targets
* is it needed to break handler on group creating?
* if dynamic group schedulers occur to be heavy - maybe a handler per tenant will ensure that one tenant won't break all
*Concept for dynamic groups*:
Rollouts are static and dynamic.
Static rollouts consist of static groups only while dynamic rollouts have a number of static groups (first groups) and then an unlimited number of dynamic groups.
Group targets assignments:
* static groups include ALL matching targets created at the time the rollout was created, nevertheless they have active actions with bigger weight or not. Actions for the rollout and included targeets however are created at the start time.
* dynamic groups however are filled in when started and consider the action weight. The targets included in a dynamic group are:
* matching (filter and distribution set compatible)
* not included in this or following rollout static groups (if already included in any of the following rollouts - it's intended to be overridden)
* not in active actions of any rollouts with equal or bigger weight
In general, when you create a rollout it contains all matching targets available at create time overriding any previous rollouts, actions, and so on. If the rollout is dynamic when its dynamic group becomes running it gets only matching targets that doesn't belong to static groups or have actions with great or equal weight
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* [#1548] Add 1000 weight for actions, rollouts and auto assignments without weight
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---------
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Introduce the AccessControlManager and use if for the TargetManagement and TargetTypeManagement.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Extend the access control manager by an API to serialize the current active context and persist it for scheduled background operations like auto-assignment.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Verify modification is permitted before performing automatic assignment
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Start with controlling distribution set type access. Perform some refactoring.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Support distribution set access control. Increase character limit to 512 chars for access control context. Refactor default implementations.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce ContextRunner and define admin execution to check for duplicates before creating/updating entities.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce Software Module, Module Type and Artifact control management. Fix tests.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce access controlling test base. Add first test verifying the read operations for target types.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Finalize target type access controlling test.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce ContextRunnerTest and TargetAccessControllingTest.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce DistributionSetAccessControllingTest and fix missing access control specifications.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Extend test cases. Include only updatable targets into rollout.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Fix action visibility.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Modifiable->Updatable & UPDATE check where needed
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* ContextRunner superseded by ContextAware
+ ContextRunner remaned to ContextAware (move as a cenral entry/concept).
It now extends (and replace) TenantAware
+ SecurityContextTenantAware becomes ContextAware
+ Pluggable serialization mechanism
(default Java serialization of contexts) for SecurityContextTenantAware
(using SecurityContextSerializer)
+ AccessControl methods are added to ensure no entities fill be retrieved
just to call access control - so, if all permitted - no additional db
queries will be made
+ <repo type>AccessControl classes removed and replaced with
AccessControl <repo type> generics
+ AccessControlService removed - every AccessControl is registered and
overiden independently
+ access_control_context in DB increased to 4k (in order to support java
security context serialization)
+ needed adaptaion of implemtation and tests done
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Refactor SoftModules & DistSets
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Refactoring of the Repositories
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Repostiotory level permissions
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Improvements
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Simplification of AccessControl interface
* Simplifications & management package
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Implementation improvements
+ Artifact management & repo reviewed and tuned
+ Action(Status) management & repo reviewed and tuned
+ SoftwareModule(Type/Meta) management & repo reviewed and tuned
+ DistributionSet(Type/Tag/Meta) management(+Invalidation) & repo reviewed and tuned
+ Target(Tag/Type/Meta) management & repo reviewed and tuned
+ TargetQueryFilter management & repo reviewed and tuned
* Apply suggestions from code review
Suggestions accepted. Thanks @herdt-michael
Co-authored-by: Michael Herdt <michael.herdt@bosch.com>
* Apply suggestions from code review 2
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---------
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
Co-authored-by: Michael Herdt <Michael.Herdt@bosch.com>
Disclaimer: Automated Commit Alert
Please be aware that this commit, generated through automated processes, may contain false alerts or not be precisely targeted. This automated commit is part of a large-scale effort to enhance software security over time. It is sent to various repositories to improve code quality and security. Exercise caution when reviewing the changes, and ensure that any necessary adjustments are made to maintain the integrity and functionality of the software.
Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/TkgUEiqd7?organizationId=RWNsaXBzZSBGb3VuZGF0aW9u
Co-authored-by: Moderne <team@moderne.io>
* Introduce request parameter to request download URLs when retrieving list of artifacts for a specific software module.
* Fix DDI integration test by aligning download path to new config
* Make use of mgmt representation mode in sw-module mgmt api
* Changed path
* refactor test names
* Do some refactoring to fix dependencies between rollout management, executor and evaluator beans.
* Move rollout retrieving in same transaction as execution.
* Do some refactoring. Extend logging and exception handling.
* Remove unnecessary transactional and validation annotations.
* remove catching never thrown bean
* Fix new rollout handling API
* Fix formatting of the sub entity attribute by verifying the formatting against the sub entity attributes list of the related parent property enum.
* Verify action API by target property filter
* Introduce user consent flow
* Add permissions to confirmation management
* rename from consent to confirmation
* Reformat code. Remove unused imports. Change and add permission checks when configuring auto-confirmation.
* Do not include null values for DDI confirmation base endpoint
* fix confirmation required checkbox id
* Remove unused import. Fix consume/produce type of new API's.
* Change term processing to proceeding when activating user consent flow
* Align formatting and extend integration test cases for DMF and DDI.
* Extend DMF test cases to consider auto-confirmation
* Refactor action management to fix problem of handling action status updates on closed actions.
* remove unsupported validation
* use new confirmation api for DMF. Extend test cases.,
* Remove unnecessary fields.
* Extend API documentation for DDI and MGMT API.
* adapt ddi api docs adoc file
* Fixed the duplicate migration version for db files
* fix method to support confirmation
* Fixed PR comments
* Addressed PR comments
* Fixed after merge compilation issue
* Fixed after merge compilation issue
* Fix failing tests in MgmtRolloutResourceTest
* Fixed the permissions issue reflected by integration tests
* Added back the missing line of code lost during merge
* Fix the failing test on Jenkins
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
Signed-off-by: Shruthi Manavalli Ramanna <shruthimanavalli.ramanna@bosch-si.com>
Co-authored-by: Shruthi Manavalli Ramanna <shruthimanavalli.ramanna@bosch-si.com>
* added column action status code to RolloutGroupTarget view, currently bug too many rows
* changed JPA query to return also action status code
* added repository tests
* additional checks in tests
* improved jpa query to retrieve targets of rollout group
* added new property lastActionStatusCode to action for performance reasons
* added new property lastActionStatusCode to action for performance reasons
* adapted test cases
* fixing build problems on MAC with asciidoctor
* added testcase to ensure action status code is stored on action
* setting min push size to this value reduces multiple calls to the db
* renamed properties for consistency
* incorporated code review remarks
* Dmf batch support changes. Implement single batch message instead of multiple messages for assigment on multiple targets. Added system property to switch on/off.
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
* Dmf batch support changes. Implement single batch message instead of multiple messages for assigment on multiple targets. Added system property to switch on/off.
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
* Dmf batch support changes. Implement single batch message instead of multiple messages for assigment on multiple targets. Added system property to switch on/off.
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
* Dmf batch support changes. Implement single batch message instead of multiple messages for assigment on multiple targets. Added system property to switch on/off.
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
* Update hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/integration/AmqpMessageDispatcherServiceIntegrationTest.java
Co-authored-by: Bondar Bogdan <36962546+bogdan-bondar@users.noreply.github.com>
* Dmf batch support changes. Implement single batch message instead of multiple messages for assigment on multiple targets. Added system property to switch on/off.
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
* Dmf batch support changes. Implement single batch message instead of multiple messages for assigment on multiple targets. Added system property to switch on/off.
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
* Dmf batch support changes. Implement code review comments.
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
Co-authored-by: Bondar Bogdan <36962546+bogdan-bondar@users.noreply.github.com>
* Fix join type for targets with their assignedDs
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Override saveAll method and make use of it in the JpaTargetManagement
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Use unmodifiable list and flip transactional logic
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Initialize new list instead of an unmodifiable list.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Fix testdata factory
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* reduce the number of created entities in tests
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch.io>
* fixed tests
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch.io>
* fixed review findings
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch.io>
* merged master
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch.io>
* adapted target count
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch.io>
* fixed review findings
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch.io>
* fixed RolloutManagementTest
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch.io>
* fixed flaky test ConcurrentDistributionSetInvalidationTest
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch.io>
* Fixed sonar warnings
- "Cognitive Complexity"
- "Do not use replaceAll when not using a regex"
- java:S5869 - Character classes in regular expressions should not contain the same character twice
- Improved bad name
- Typos
- reduced code duplications
- Replaced hand-made wait-utility with Awaitility
- Log messages
- Duplicate code
- Typos
- Removed Thread.sleep, instead relaxed check condition
- Removed use of deprecated API
- Removed use of deprecated API
- Added supress-warnings as I do not see a better way to write the tests
- Removed Thread.sleep / redundant functionality to Awaitility
- Fixed other warnings (use isZero, isEmpty, hasToString)
- Removed/Reduced duplicate code
- Added generics
- Fixed asserts
- removed: field.setAccessible(true) actually should not be needed for public static fields!
- Too long constructor passes arguments in wrong order - how surprisingly...
- Clean-up use of varargs arguments
- Fixed regex
- Fixed typos and other minor stuff
- Making public constructors protected in abstract classes
- Swapped expected and asserted argument
- volatile not enough for syncing threads
- volatile not enough for syncing threads
- out-commented code
- Made regex not-greedy, added tests for verification
- Avoid exposure of thread-local member var
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixed Sonar warnings
* License header fix
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* License header fix#2
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixing review findings
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixing tests
- Fixed '&' usage in javadoc and typos
- Fixing some warnings
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Added Target type filter with drag and drop support
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Removed the unused enums and target type filter button class
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Resolved merge conflicts
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Fixed java doc issue with the method link in the comment
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Fixed the IN query overflow for target Type assignment
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Fixed Review comments
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Added compatibility calls needed for UI
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* Adapted UI for target type compatibility checks
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* improved exception handling for incompatibility check
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* added & fixed unit tests
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed merged conflicts
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed target type incompatibly specification
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* changed UI behaviour to close assignment popup in case of IncompatibleTargetTypeException
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* added unit test to validate incompatibly specification fix
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed review findings
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed review findings
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fix potential null pointer
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* Fixed rolloutcopy by adding dsTypeId to ProxyDistributionSetInfo
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* suppressed warning
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* added targettype compatibility check in deployment
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* added targettype compatibility for autssignment
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* added / fixed tests for auto assignment compatibility check
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* adapted rollout creation to use JPA specifications for compatibility checks
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fix unit tests and javadoc
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fix copyright header
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed review findings
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed review findings
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* replaced validated-DS management calls
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* improved compatibility check in DeploymentManagementTest
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed review findings
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* Update name SP to hawkbit in api guide adocs
Signed-off-by: Natalia Kislicyn <natalia.kislicyn@bosch.io>
* fix javadoc class descriptions of existing resource/api classes
Signed-off-by: Natalia Kislicyn <natalia.kislicyn@bosch.io>
* Add color property to api response of ds/sw type
Signed-off-by: Natalia Kislicyn <natalia.kislicyn@bosch.io>
* Add color property to sw type test data & adapt rest docu
Signed-off-by: Natalia Kislicyn <natalia.kislicyn@bosch.io>
* Add missing property description for "colour" and "deleted"
Signed-off-by: Natalia Kislicyn <natalia.kislicyn@bosch.io>
* fix review findings
Signed-off-by: Natalia Kislicyn <natalia.kislicyn@bosch.io>
* Execute rollouts and auto assignments in correct user context
Signed-off-by: Stefan Behl <stefan.behl@bosch.io>
* Fix PR review findings
Signed-off-by: Stefan Behl <stefan.behl@bosch.io>
* Cleanup usage of lenient
Signed-off-by: Stefan Behl <stefan.behl@bosch.io>
