* Refactor hawkbit core and security
* improve access to the base core features - static
* thus easiear access
* and less boilerplate passing of instances
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
* Refactor context classes
* make JSON context serialization default
* AccessContext
* Split hawkbit-security-core to other modules and remove it
---------
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
Could be disabled by setting spring property _hawkbit.server.ui.notification.text_ to empty value.
For instance by setting environment propery:
```shell
export HAWKBIT_SERVER_UI_NOTIFICATION_TEXT=
```
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Fix ACM related executions.
* Introduce access controller for actions. Resolve some todos and fix distribution set invalidation strategy.
* Do only check for access if returned values are access controlled.
* Fix review findings.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.com>
---------
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.com>
* Introduce the AccessControlManager and use if for the TargetManagement and TargetTypeManagement.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Extend the access control manager by an API to serialize the current active context and persist it for scheduled background operations like auto-assignment.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Verify modification is permitted before performing automatic assignment
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Start with controlling distribution set type access. Perform some refactoring.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Support distribution set access control. Increase character limit to 512 chars for access control context. Refactor default implementations.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce ContextRunner and define admin execution to check for duplicates before creating/updating entities.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce Software Module, Module Type and Artifact control management. Fix tests.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce access controlling test base. Add first test verifying the read operations for target types.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Finalize target type access controlling test.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce ContextRunnerTest and TargetAccessControllingTest.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce DistributionSetAccessControllingTest and fix missing access control specifications.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Extend test cases. Include only updatable targets into rollout.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Fix action visibility.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Modifiable->Updatable & UPDATE check where needed
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* ContextRunner superseded by ContextAware
+ ContextRunner remaned to ContextAware (move as a cenral entry/concept).
It now extends (and replace) TenantAware
+ SecurityContextTenantAware becomes ContextAware
+ Pluggable serialization mechanism
(default Java serialization of contexts) for SecurityContextTenantAware
(using SecurityContextSerializer)
+ AccessControl methods are added to ensure no entities fill be retrieved
just to call access control - so, if all permitted - no additional db
queries will be made
+ <repo type>AccessControl classes removed and replaced with
AccessControl <repo type> generics
+ AccessControlService removed - every AccessControl is registered and
overiden independently
+ access_control_context in DB increased to 4k (in order to support java
security context serialization)
+ needed adaptaion of implemtation and tests done
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Refactor SoftModules & DistSets
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Refactoring of the Repositories
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Repostiotory level permissions
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Improvements
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Simplification of AccessControl interface
* Simplifications & management package
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Implementation improvements
+ Artifact management & repo reviewed and tuned
+ Action(Status) management & repo reviewed and tuned
+ SoftwareModule(Type/Meta) management & repo reviewed and tuned
+ DistributionSet(Type/Tag/Meta) management(+Invalidation) & repo reviewed and tuned
+ Target(Tag/Type/Meta) management & repo reviewed and tuned
+ TargetQueryFilter management & repo reviewed and tuned
* Apply suggestions from code review
Suggestions accepted. Thanks @herdt-michael
Co-authored-by: Michael Herdt <michael.herdt@bosch.com>
* Apply suggestions from code review 2
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---------
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
Co-authored-by: Michael Herdt <Michael.Herdt@bosch.com>
Disclaimer: Automated Commit Alert
Please be aware that this commit, generated through automated processes, may contain false alerts or not be precisely targeted. This automated commit is part of a large-scale effort to enhance software security over time. It is sent to various repositories to improve code quality and security. Exercise caution when reviewing the changes, and ensure that any necessary adjustments are made to maintain the integrity and functionality of the software.
Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/TkgUEiqd7?organizationId=RWNsaXBzZSBGb3VuZGF0aW9u
Co-authored-by: Moderne <team@moderne.io>
Typos fixed
Disables empty string gateway token for sure. Test if the gateway token is not empty string ecplicitly.
Empty string is the default value and if accepted could be a security vulnerability (e.g. enabling gateway token
authentication and using empty string as token). According to https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.4
the header value shall not have trailing spaces and the http server shall already have trimmed them. So if execution passes
start with "GatewayToken " then token shall not be empty. But but let's check anyway
In UI first set key then enable the gateway token authentication. Otherwise the key might be left empty (default). This however
shall not be really problem since (because of token trimming) the empty token will be rejected anyway.
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Introduce text input converter and validator to prevent problems with rollout group definitions.
* Add 2023 bosch.io license
* add new header to pom
* Extend usage of new TrimmingStringConverter.
* fixed compile error
* Introduce user consent flow
* Add permissions to confirmation management
* rename from consent to confirmation
* Reformat code. Remove unused imports. Change and add permission checks when configuring auto-confirmation.
* Do not include null values for DDI confirmation base endpoint
* fix confirmation required checkbox id
* Remove unused import. Fix consume/produce type of new API's.
* Change term processing to proceeding when activating user consent flow
* Align formatting and extend integration test cases for DMF and DDI.
* Extend DMF test cases to consider auto-confirmation
* Refactor action management to fix problem of handling action status updates on closed actions.
* remove unsupported validation
* use new confirmation api for DMF. Extend test cases.,
* Remove unnecessary fields.
* Extend API documentation for DDI and MGMT API.
* adapt ddi api docs adoc file
* Fixed the duplicate migration version for db files
* fix method to support confirmation
* Fixed PR comments
* Addressed PR comments
* Fixed after merge compilation issue
* Fixed after merge compilation issue
* Fix failing tests in MgmtRolloutResourceTest
* Fixed the permissions issue reflected by integration tests
* Added back the missing line of code lost during merge
* Fix the failing test on Jenkins
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
Signed-off-by: Shruthi Manavalli Ramanna <shruthimanavalli.ramanna@bosch-si.com>
Co-authored-by: Shruthi Manavalli Ramanna <shruthimanavalli.ramanna@bosch-si.com>
* Make attributes layout horizonthal scroll bar visible some more minor improvements afterwards
* Fix sonar build
Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io>
* Trigger next rollout group - backend and management API implementations. Backend and management API tests.
* Trigger next rollout group - Fixed resource documentation test.
* Trigger next rollout group - Fixed resource documentation test.
* add rest docs
* Trigger next rollout group - UI changes. New button for trigger next rollout group in rollout view.
* add error test for rest api
* Trigger next rollout group - Added test for triggering next group for all rollout states.
* add confirm
* fix test
* replace DB calls
* fix translation
* fix error message
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
Signed-off-by: Stefan Klotz <stefan.klotz@bosch.io>
Co-authored-by: Stefan Klotz <stefan.klotz@bosch.io>
* added column action status code to RolloutGroupTarget view, currently bug too many rows
* changed JPA query to return also action status code
* added repository tests
* additional checks in tests
* improved jpa query to retrieve targets of rollout group
* added new property lastActionStatusCode to action for performance reasons
* added new property lastActionStatusCode to action for performance reasons
* adapted test cases
* fixing build problems on MAC with asciidoctor
* added testcase to ensure action status code is stored on action
* setting min push size to this value reduces multiple calls to the db
* renamed properties for consistency
* incorporated code review remarks
* provided infrastructure to enable sorting in grids
* Fixed sorting in RolloutGroupTarget
* fixed sorting with pinning and assigned SoftwareModules
* Added sorting for columns createdBy, createdAt, lastModifiedBy and lastModifiedAt
* Adapted status columns to be sortable
* fixed unit tests
* fixing sonar findings
* making Sonar happy
* added testcases for management classes regarding sorting
* added testcases for management classes regarding sorting
* using name for element ids in DOM
* incorporated code review remarks
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* Adapted GridComponentBuilder#addControllerIdColumn to create a link
* Do not hard-code target link ID prefix
* Encode controller ID
* Introduce HTML encoder for controller IDs
* Remove unused imports
* initial draft to maximize custom target filer table for better UX in case of long keys/names
* Set correct maximize icon identifier and fix problem with wrong db table structure.
* Remove unnecessary local variable.
* Fix db migration scripts
* Fix losing the target tag table when mac and minimizing target table.
* fixed minor styling, removed duplication
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Extend event information by it's first interface class and improve constructing the event by providing the directly only.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Check if entity interface is assignable from TenantAwareBaseEntity.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* first iteration of query optimization for target and distribution set
* fixed type distribution set filter
* adapted all ui dataproviders to use repository count
* adapted test to not check target attributes within search query
* unified search behaviuor for ds and sm
* removed unneccessary count queries for some mgmt calls
* removed unneccessary type id proprty from ProxyDistributionSetInfo to minimize lazy fetches
* refactored mgmt classes
* removed duplication of name version filter
* fixed copy rollout compatibility check
* cleaned-up management left overs
* added index to rollouts table on tenant/status queries
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* Fixed sonar warnings
- "Cognitive Complexity"
- "Do not use replaceAll when not using a regex"
- java:S5869 - Character classes in regular expressions should not contain the same character twice
- Improved bad name
- Typos
- reduced code duplications
- Replaced hand-made wait-utility with Awaitility
- Log messages
- Duplicate code
- Typos
- Removed Thread.sleep, instead relaxed check condition
- Removed use of deprecated API
- Removed use of deprecated API
- Added supress-warnings as I do not see a better way to write the tests
- Removed Thread.sleep / redundant functionality to Awaitility
- Fixed other warnings (use isZero, isEmpty, hasToString)
- Removed/Reduced duplicate code
- Added generics
- Fixed asserts
- removed: field.setAccessible(true) actually should not be needed for public static fields!
- Too long constructor passes arguments in wrong order - how surprisingly...
- Clean-up use of varargs arguments
- Fixed regex
- Fixed typos and other minor stuff
- Making public constructors protected in abstract classes
- Swapped expected and asserted argument
- volatile not enough for syncing threads
- volatile not enough for syncing threads
- out-commented code
- Made regex not-greedy, added tests for verification
- Avoid exposure of thread-local member var
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixed Sonar warnings
* License header fix
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* License header fix#2
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixing review findings
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixing tests
- Fixed '&' usage in javadoc and typos
- Fixing some warnings
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Added Target type filter with drag and drop support
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Removed the unused enums and target type filter button class
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Resolved merge conflicts
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Fixed java doc issue with the method link in the comment
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Fixed the IN query overflow for target Type assignment
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Fixed Review comments
Signed-off-by: Anand kumar <anand.kumar@bosch-si.com>
* Added compatibility calls needed for UI
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* Adapted UI for target type compatibility checks
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* improved exception handling for incompatibility check
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* added & fixed unit tests
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed merged conflicts
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed target type incompatibly specification
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* changed UI behaviour to close assignment popup in case of IncompatibleTargetTypeException
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* added unit test to validate incompatibly specification fix
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed review findings
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed review findings
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fix potential null pointer
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* Fixed rolloutcopy by adding dsTypeId to ProxyDistributionSetInfo
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* suppressed warning
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* added targettype compatibility check in deployment
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* added targettype compatibility for autssignment
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* added / fixed tests for auto assignment compatibility check
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* adapted rollout creation to use JPA specifications for compatibility checks
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fix unit tests and javadoc
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fix copyright header
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed review findings
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed review findings
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* replaced validated-DS management calls
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* improved compatibility check in DeploymentManagementTest
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* fixed review findings
Signed-off-by: Robert Sing <robert.sing@bosch-si.com>
* Visualization of action/button invalidate DistributionSet
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* introduced two dialogs to confirm ds invalidation
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* fixed dialog titles appear centered and added manamgement classes
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* retrieving affected entities from repository
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* considered multiselection for invalidating dist sets
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* adapt style and tooltip of invalid distributions in grid
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* showing errors for actions not allowed for invalidate DS
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* enhanced error message with dist name and version
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* added ids to the labels to be used in tests
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* added support for overwriting entity specific edit behaviour
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* Fixed incorrect label for cancelled action due to invalidation of ds in
a rollout
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* Fixed error notification to not show "please try again" for an invalid
DS
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* fixed typo
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* fixed Sonar findings
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* remove DS of a copied Rollout in case the DS is invalidated
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* changed icon of RolloutActionStatus in case of stopped Rollout because
of invalidation of DS and DS wasn't yet assigned to target. This is to
distinguish from the case of not assigned DS because of duplicate DS
assignemnt
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* Prevent editing Metadata of invalid DS
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* show DS as invalidated in Rollout view
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* incorporated code review remarks
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* invalidated DS should be removed from the list of DS to be invalidated
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* fixed missing code due to merge
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* Fixed compile error due to rebase
Signed-off-by: Markus Block <markus.block@bosch-si.com>
* added UI EntityNotFound error details extractor
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* changed Target count label to not rely on grid data change events but rather on EntityModified UI events to decide how to react dependand on the event type
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* added current view check on entity modified events
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* unsubscribe/resubscribe event listeners on view leave/enter, reselect grid entities on view enter
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* fixed target grid count reset on initial load and after view change
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* re-evaluate filters on Deployment View enter
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* added on view enter logic for rest of the views
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* introduced event listener aware layout and view, adapted code accordingly
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* fixed bulk upload
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* added missing docs
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* adapted software module deselection upon master entity change
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* fixed npe in case master support is not present (Artifact View)
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* restructured amqp assignDistributionSetMultipleTimes test
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* added waiting for the messages to be dispached by test
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* initial proposal for injectible target data provider
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* improved selection of first entity in grid
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* introduced constructor to explicitely set DataCommunicator for a Grid
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* made data communicator for target grid injectable
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* adapted size page request to load only one entity for getting total elements, fixed grid duplicates in case lastModified property is the same for targets and rollouts
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* DeleteSupport rethrows the exception to be intercepted by error handlers
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* minor grid refactoring
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* adapted docu for base data providers
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* added custom filter data provider, made filter effectively immutable by cloning before data refresh
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* grid returns size directly from data provider instead of data communicator
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* restructured data provider/communicator dependency injection, added injectable data supplier for target filter view grid
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* do not remove confirmation dialog window from UI explicitely
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
* fixed sonar, added docs
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
