hawkbit

Author	SHA1	Message	Date
Avgustin Marinov	20bb41c51c	Move rollout executor related target management methods in executor (#2812 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-11-18 08:44:35 +02:00
Avgustin Marinov	62139055b0	Remove deprecated (#2800 ) * ActionFields.DETAILSTATUS removed and replaces with STATUS (so status is with changed semantic - not active but real status) * MgmtAction.detailStatus removed and replaced with status (so status is with changed semantic - not active but real status) * MgmtTargetTagRestApi.assignTargetsPut removed - use POST method * ActionStatusFields.REPORTEDAT deprecation removed - it is a synonym of CREATEDAT but is part of timestamp/reported aspect while createdat is part of creted at/by * MgmtDistributionSetRequestBodyPost.os/runtime/application is removed and * ActionStatusFields.TIMESTAMPT added Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-11-13 13:39:03 +02:00
Avgustin Marinov	6ad20252ba	Refactor UserAuthoritiesResolver - to run in tenant context (#2756 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-10-14 17:28:57 +03:00
Avgustin Marinov	04cd9fb30d	Refactor TenantAware - remove TenantRunner and replace with standard Runnable / Callable (#2755 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-10-14 16:36:42 +03:00
Avgustin Marinov	3447ac3b1b	Fix system context resolving in ACM (#2737 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-10-10 12:02:16 +03:00
Avgustin Marinov	cc36ca8801	Fix EntityMatcher when for Identifiable.getId (#2724 ) * Fix EntityMatcher to process properly filters of type targetType.id - to resolve correctly the getter return type Long not T * Add AutoAsssignTest access control test * Simplify rest of the ACM tests Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-10-07 15:26:04 +03:00
Avgustin Marinov	ccecf9b8d6	Rename READ_SOFTWARE_MODULE_DOWNLOAD to READ_SOFTWARE_MODULE_ARTIFACT (#2710 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-30 16:13:41 +03:00
Avgustin Marinov	4b98d89ab0	Remove deprecated DOWNLOAD_REPOSITORY_ARTIFACT permission (#2709 ) use READ_SOFTWARE_MODULE_DOWNLOAD Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-30 15:40:15 +03:00
Avgustin Marinov	c906c2f2eb	Type Access Controllers enabled by default if AC is enabled (#2694 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-25 16:53:19 +03:00
Avgustin Marinov	1a44acf503	Fix role hierarchy (missing new line) (#2689 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-24 10:12:26 +03:00
Avgustin Marinov	7980b5defb	Remove Java security context serialization (#2677 ) Remove Java security context serialization - it is replaced by JSON security context serialization (optimized as size). Backward incompatible change. Java security context serialization was not used in default hawkbit runtime out of the box. So, it's assumed none uses it. Anyway, if anyone has enabled it, he could, in order to keep backward compatibility, get the java security context serialization from the previous hawkbit releases/commits and register it again as a spring bean in his hawkbit extension. Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-18 14:46:51 +03:00
Avgustin Marinov	4444fc92bc	Finalize and polish fine-grained permission (Follow up) (#2676 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-18 12:02:40 +03:00
Vasil Ilchev	5deb519e7c	Fix X_DistributionSet IMPLY_READ DISTRIBUTION_SET_TYPE (#2666 ) Co-authored-by: vasilchev <vasil.ilchev@bosch.com>	2025-09-15 19:09:44 +03:00
Vasil Ilchev	2cffd89d15	Fix permission length permit (32chars) on SOFTWARE_MODULE_DOWNLOAD_AR… (#2665 ) * Fix permission length permit (32chars) on SOFTWARE_MODULE_DOWNLOAD_ARTIFACT -> SM_DOWNLOAD_ARTIFACT Fix missing DISTRIBUTION_SET imply read DISTRIBUTION_SET_TYPE * change to SOFTWARE_MODULE_DOWNLOAD as more intuitive --------- Co-authored-by: vasilchev <vasil.ilchev@bosch.com>	2025-09-15 14:58:44 +03:00
Avgustin Marinov	2d45e2a76c	Fix Json serializer defaults (#2663 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-10 10:56:19 +03:00
Avgustin Marinov	6e334d4888	Add support for "username" to be set as auditor (#2661 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-09 17:05:05 +03:00
Avgustin Marinov	ae3a004da0	Finalize and polish fine-grained permission (#2660 ) * Remove _REPOSITORY_ permissions -> replaced with _SOFTWARE_MODULE_, _SOFTWARE_MODULE_TYPE_, _DISTRIBUTION_SET_, _DISTRIBUTION_SET_TYPE_ permissions * Still kept _ROLE_REPOSITORY_ADMIN_ role granting all repository fine-graned permissions * Added dedicated _TARGET_TYPE_ permission set - the _TARGET_ permissions just grant _READ_TARGET_TYPE_ (analogically _SOFTWARE_MODULE_ permissions grant _READ_SOFTWARE_MODULE_TYPE_ and _DISTRIBUTION_SET_ grants _READ_DISTRIBUTON_SET_TYPE_ * Hierarcy is not configurable - could be completely replaced by setting spring application property org.eclipse.hawkbit.hierarchy or could be extended by adding rules using org.eclipse.hawkbit.hierarchy.ext Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-09 15:42:11 +03:00
Avgustin Marinov	eee2830369	Order all permissions/roles in CRUD fashion (#2656 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-05 16:39:09 +03:00
Avgustin Marinov	d622faf14f	Add in hierarcy rules that RPOSITORY permissions imply TARGET_TYPE (#2655 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-05 16:29:28 +03:00
Avgustin Marinov	c31e5b1265	Define auditor aware principal (#2654 ) Allowing for cusomising auditor by extenders Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-05 16:07:46 +03:00
Avgustin Marinov	1f71e01318	Implement JSON security context serializer (new default) - smaller info and human readable (#2652 ) keeps backward compatibility by being able to fallback to JAVA_SERIALIZATION + fix DMF messages with status code Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-05 13:35:45 +03:00
Avgustin Marinov	9b121b3431	Fix TENANT_CONFIGURATION > READ_GATEWAY_SECURITY_TOKEN imply (#2650 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-04 16:09:17 +03:00
Avgustin Marinov	2c995b3665	Add fine grained sm/ds type permission (#2649 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-09-04 15:05:32 +03:00
Avgustin Marinov	2a636328a0	20250828 cleanup (#2639 ) * Cleanup * Refactor artifact management	2025-09-02 16:08:14 +03:00
Avgustin Marinov	441b78460d	Improve Permission Management (#2604 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-08-12 14:09:27 +03:00
Avgustin Marinov	c038c507a9	TargetManagement over RepositoryManagement (#2599 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-08-07 17:20:22 +03:00
Avgustin Marinov	10da0288d9	Fix sonar findings (#2572 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-30 10:13:23 +03:00
Avgustin Marinov	2b66449ff1	Fine grained repository permissions (#2562 ) 1. Introduce @PrreAuthorize check based on hasPermission - allowing custom processing (compared with non-modifiable hasAuthority/Role processing) 2. Dedicated permissions could be implemented on management api level. Check is made by plugged in PermissionEvaluator 3. Thus common XXX_REPOSITORY permissions could differ for extending services 4. Change create/update entity builder pattern - not via EntityFactory but via clean static lombok based builders (with fine fluent api). 5. Implement abstract repository management jpa class that handles the boilerplate code from extending classes in single place consistently -> AbsreactJpaRepositoryManagement 6. Register management api-s as Sevice-s instead of Bean-s in order to make easier maintainable and get away from heavy argument forwading 7. Simplify custom hawkbit repository registration + adding proxy to handle exception mapping at lower level - thus not depending on Aspects for converting exceptions 8. Implemented general purpose 'copy' utility (ObjectCopyUtil) that using getter/setter patterns is able to copy (e.g. Create/Update) objects to other objects (e.g. JPA entity objects)	2025-07-28 14:57:33 +03:00
Avgustin Marinov	0d38cb5a7d	Fix Sonar findings (#2553 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-16 10:38:47 +03:00
Avgustin Marinov	a34364bc3e	Make allAuthorities unmodifiable (#2551 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-15 13:29:20 +03:00
Avgustin Marinov	8bf77ee5dc	Single all authorities resolving (#2550 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-15 10:56:36 +03:00
Avgustin Marinov	8a60f9b98b	Fix getAllAuthorities (#2548 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-15 09:28:55 +03:00
Avgustin Marinov	e7373275bf	Add distribution set and target type fine grained permissions (#2545 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-14 14:52:36 +03:00
Avgustin Marinov	c3fdd9fcc8	Refactor permissions (#2544 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-11 16:50:01 +03:00
Avgustin Marinov	21581c4ea4	Fine-grained permissions (#2535 ) * Fine-grained permissions Adds support for permissions of type <permission>(/<rsql filter scope>) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com> * Apply review fixes --------- Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-10 13:51:49 +03:00
Avgustin Marinov	8c6d56f177	Make some test timeouts (await) configurable (#2525 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-02 12:45:26 +03:00
Avgustin Marinov	ef25aa59f0	Fix new line after @Test (#2486 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-06-20 17:42:55 +03:00
Avgustin Marinov	cb7f1107fe	Remove allure (phase2) (#2483 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-06-20 15:51:06 +03:00
Avgustin Marinov	ba23ae3fc2	Remove allure (phase 1) - switch to surefire reporting (#2478 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-06-20 13:41:26 +03:00
Avgustin Marinov	0ba4c7b790	Update documentation (#2451 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-06-13 13:19:35 +03:00
Denislav Prinov	7aa33cd96b	Refactoring the audit log message -> description field Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>	2025-04-22 08:11:53 +03:00
Avgustin Marinov	32990ab2ea	Add CORS support for DDI API (#2337 ) For instance if used in remote swagger or web apps Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-04-02 09:01:02 +03:00
Denislav Prinov	c6d89f6c83	Audit log wildcard * introduction to include all parameters by default Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>	2025-04-01 10:02:26 +03:00
Denislav Prinov	23154d70cc	Audit Logging in HawkBit (#2314 ) * Introduction of Audit Logging in hawkBit Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Introduction of Audit Logging in hawkBit Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Refactoring: * applied code formatter * audit moved into hawkbit-security-core * minimize dependences * use AuditorAware to retrieve user - so to be compatible with the logs into DB Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com> * Move audit entities to security core Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Introduce audit log method types Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> --------- Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com> Co-authored-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-03-31 08:51:54 +03:00
Avgustin Marinov	1c3245e013	Remove SYSTEM_ADMIN imply ROLTE_TENANT_ADMIN (#2293 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-02-19 14:45:09 +02:00
Avgustin Marinov	76ce1cf052	Cleanup and improve the controller authentication (#2287 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-02-18 15:10:16 +02:00
Avgustin Marinov	849ea24632	Security artifacts moved in hawkbit-security-parent (#2016 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-12 12:50:36 +02:00
Avgustin Marinov	6867b8eac0	Move spring-boot-starter-test and alure to root (#1973 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 16:25:19 +02:00
Avgustin Marinov	3effa996dd	Refactor tenancy classes (#1972 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 16:12:18 +02:00
Avgustin Marinov	590dbc06ff	Fix TenantAwareUserPropertes.User password (#1971 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 15:42:57 +02:00

1 2 3 4 5

227 Commits