Commit Graph

24 Commits

Author SHA1 Message Date
Avgustin Marinov
d958d8e82c Remove download by downloadId functionality (#1820)
This functionallity seems to get via AMQP (after some authentication)
a private (wihtout need of authentication) url to an artifact assigned
to the controller.

By default, DDI or DMF shall provide proper urls (for direct download)
to devices and if they have to be without authentication this shall be
solved in different ways - for instance separate download server providing
dedicated private / signed urls.

This functinallity is not a real hawkBit part but more like something
intended to solve some edge cases.
Since it is complicated, heeds support, doesn't solve wide spread use
cases, and could be achieved with other means - better to be removed.

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
2024-08-14 17:28:46 +03:00
Avgustin Marinov
b982039a74 Feature/ctx aware and access controller2 (#1456)
* Introduce the AccessControlManager and use if for the TargetManagement and TargetTypeManagement.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Extend the access control manager by an API to serialize the current active context and persist it for scheduled background operations like auto-assignment.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Verify modification is permitted before performing automatic assignment

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Start with controlling distribution set type access. Perform some refactoring.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Support distribution set access control. Increase character limit to 512 chars for access control context. Refactor default implementations.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce ContextRunner and define admin execution to check for duplicates before creating/updating entities.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce Software Module, Module Type and Artifact control management. Fix tests.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce access controlling test base. Add first test verifying the read operations for target types.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Finalize target type access controlling test.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce ContextRunnerTest and TargetAccessControllingTest.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce DistributionSetAccessControllingTest and fix missing access control specifications.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Extend test cases. Include only updatable targets into rollout.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Fix action visibility.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Modifiable->Updatable & UPDATE check where needed

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* ContextRunner superseded by ContextAware

+ ContextRunner remaned to ContextAware (move as a cenral entry/concept).
  It now extends (and replace) TenantAware
+ SecurityContextTenantAware becomes ContextAware
+ Pluggable serialization mechanism
  (default Java serialization of contexts) for SecurityContextTenantAware
  (using SecurityContextSerializer)
+ AccessControl methods are added to ensure no entities fill be retrieved
  just to call access control - so, if all permitted - no additional db
  queries will be made
+ &lt;repo type&gt;AccessControl classes removed and replaced with
  AccessControl &lt;repo type&gt; generics
+ AccessControlService removed - every AccessControl is registered and
  overiden independently
+ access_control_context in DB increased to 4k (in order to support java
  security context serialization)
+ needed adaptaion of implemtation and tests done

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Refactor SoftModules & DistSets

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Refactoring of the Repositories

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Repostiotory level permissions

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Improvements

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Simplification of AccessControl interface

* Simplifications & management package

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Implementation improvements

+ Artifact management & repo reviewed and tuned
+ Action(Status) management & repo reviewed and tuned
+ SoftwareModule(Type/Meta) management & repo reviewed and tuned
+ DistributionSet(Type/Tag/Meta) management(+Invalidation) & repo reviewed and tuned
+ Target(Tag/Type/Meta) management & repo reviewed and tuned
+ TargetQueryFilter management & repo reviewed and tuned

* Apply suggestions from code review

Suggestions accepted. Thanks @herdt-michael

Co-authored-by: Michael Herdt <michael.herdt@bosch.com>

* Apply suggestions from code review 2

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

---------

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
Co-authored-by: Michael Herdt <Michael.Herdt@bosch.com>
2023-11-16 11:07:06 +02:00
Avgustin Marinov
9c86729a68 [#1393,#1008] Switch to Eclipse v2.0 license (#1427)
Switching license from EPL v1 to v2. Following
https://www.eclipse.org/legal/epl-2.0/faq.php#h.tci84nlsqpgw

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
2023-09-14 11:03:20 +03:00
Peter Vigier
44a85f20eb Feature/fix sonar warnings (#1226)
* Fixed sonar warnings

- "Cognitive Complexity"
- "Do not use replaceAll when not using a regex"
- java:S5869 - Character classes in regular expressions should not contain the same character twice
- Improved bad name
- Typos
- reduced code duplications
- Replaced hand-made wait-utility with Awaitility
- Log messages
- Duplicate code
- Typos
- Removed Thread.sleep, instead relaxed check condition
- Removed use of deprecated API
- Removed use of deprecated API
- Added supress-warnings as I do not see a better way to write the tests
- Removed Thread.sleep / redundant functionality to Awaitility
- Fixed other warnings (use isZero, isEmpty, hasToString)
- Removed/Reduced duplicate code
- Added generics
- Fixed asserts
- removed: field.setAccessible(true) actually should not be needed for public static fields!
- Too long constructor passes arguments in wrong order - how surprisingly...
- Clean-up use of varargs arguments
- Fixed regex
- Fixed typos and other minor stuff
- Making public constructors protected in abstract classes
- Swapped expected and asserted argument
- volatile not enough for syncing threads
- volatile not enough for syncing threads
- out-commented code
- Made regex not-greedy, added tests for verification
- Avoid exposure of thread-local member var

Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>

* Fixed Sonar warnings

* License header fix

Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>

* License header fix #2

Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>

* Fixing review findings

Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>

* Fixing tests

- Fixed '&' usage in javadoc and typos
- Fixing some warnings

Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
2022-01-31 21:59:46 +01:00
Stefan Behl
cf67467fb5 Execute rollouts and auto assignments in the correct user context (#1100)
* Execute rollouts and auto assignments in correct user context

Signed-off-by: Stefan Behl <stefan.behl@bosch.io>

* Fix PR review findings

Signed-off-by: Stefan Behl <stefan.behl@bosch.io>

* Cleanup usage of lenient

Signed-off-by: Stefan Behl <stefan.behl@bosch.io>
2021-04-15 12:23:14 +02:00
Dominic Schabel
81defa10a6 Migration to JUnit5 as default test runtime (#1082)
* Migrate tests to JUnit5

Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>

* REST docs tests migrated to JUnit5

Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>

* Migrated security and UI tests to JUnit5

Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>

* Migrated management tests to JUnit5

Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>

* Reflecting changes from JUnit5 migration

Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>

* Fix RabbitMQ test detection

Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>

* Drop support for JUnit4

Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>
2021-03-15 13:40:40 +01:00
Ammar Bikic
28b65a290d Update Spring Boot to 2.3.2
-Update Spring Cloud to Hoxton.SR7
-Replace ResourceSupport by RepresentationModel (Spring Hateoas 1.0)
-Replace ControllerLinkBuilder by WebMvcLinkBuilder (Spring Hateoas 1.0)
-Move getId() from Identifiable to BaseEntity (Spring Hateoas 1.0)
-Remove hamcrest.Factory
-Use static Sort.by reference
-Place http security anyRequest().authenticated()
-Replace MockMvcRequestBuilders.fileUpload by MockMvcRequestBuilders.multipart
-Deprecate MEDIA_TYPE_CBOR_UTF8
-Replace MEDIA_TYPE_CBOR_UTF8 by MEDIA_TYPE_CBOR in tests
-Replace HAL_JSON_UTF8 by HAL_JSON in tests
-Replace APPLICATION_JSON_UTF8 by APPLICATION_JSON in tests
-Use org.mockito.junit.MockitoJUnitRunner
-Remove overridden dependency versions
-Removing not needed comments in pom.xml
-Downgrade flyway-core to be MySQL 5.6 compatible
-Add maven-site-plugin since it was removed with spring-boot 2.3
-Set servlet encoding properties
-Introducing Test that verifies the charset inside the content-type of a response
-Add @DirtiesContext to CorsTest and ContentTypeTest
-Add content-type mockmvc test with adapted mockmvc config
-Move encoding.force property to test class
-Switch expected and actual parameter values in content-type test
-Delete deprecated content-type test with TestRestTemplate
-Exclude JUnit5 from spring-boot-starter-test
-Upgrade allure-junit4 to 2.13.5
-Add aspectjweaver 1.9.6 to surefire test execution
-Add flyway-core version to property
-Use getRequiredLink() within MgmtBaseEntity.getId()

Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>
2020-10-02 18:11:18 +02:00
Kai Zimmermann
d52a720480 Spring Boot 2.0 (#721)
* Migration to Boot 2.0.

Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com>
2019-01-31 07:29:27 +01:00
Stefan Klotz
d09ca7be05 Migrate to Allure 2 (#749)
Add allure 2.7.0 dependency; change class references of Description, Features, Stories

Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com>
2018-10-25 18:18:37 +02:00
Kai Zimmermann
428e3af2bc hawkBit rest docs (management & DDI API) (#688)
* hawkBit REST docs.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Fiy gitignore.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Add to website.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Switch to generated docs.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Fix typos.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Review findings.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Otimizations.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Revert accidental checkin.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Add security link.
2018-05-24 16:10:01 +02:00
Kai Zimmermann
61c862d296 Security header filter support additional separator and is case (#625)
insensitive.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
2018-02-05 11:59:20 +01:00
Kai Zimmermann
5d774dc70a Anonymous download activated does not result in general DDI anonymous (#616)
* Fix unintended anonymous access in DDI API.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Fix test.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Fix ant matcher.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
2017-12-19 17:53:17 +01:00
Kai Zimmermann
5a6fc37a15 Remove DMF API dependency from security integration (#604)
* Dmf security token out of API.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Allow to override dispatching routines.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* TargetAssign event is bulk ready.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Completed Javadoc.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* readibility and fix serialization bug.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Fix sonar issue.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Simplify artifact management usage.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
2017-12-07 15:55:09 +01:00
kaizimmerm
806491d9b5 Rename DMF model classes to avoid name clashes with the repository.
Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
2017-05-16 16:57:07 +02:00
Kai Zimmermann
804522f966 hawkBit repository uses Optional on single entity find/get requests (#435)
* Repo returns optionals.
* Improved exception handling for collection usage in repo queries.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
2017-02-16 10:09:14 +01:00
Kai Zimmermann
feb3369858 Custom Tenant configuration. (#395)
* Tenant configuration configurable.
Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
2016-12-23 07:19:46 +01:00
kaizimmerm
43511ed63e Fixed test.
Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
2016-10-13 09:17:24 +02:00
Dominik Herbst
05cebdba54 Used HeaderAuthentication for getPreAuthenticatedPrincipal. Improved test
quality.

Signed-off-by: Dominik Herbst <dominik.herbst@bosch-si.com>
2016-10-12 15:43:39 +02:00
Dominik Herbst
97ab881d6e Code improvements
Signed-off-by: Dominik Herbst <dominik.herbst@bosch-si.com>
2016-10-05 12:46:21 +02:00
Marcel Mager (INST-IOT/ESB)
7176f93ca4 Fix code smells.
Signed-off-by: Marcel Mager (INST-IOT/ESB) <Marcel.Mager@bosch-si.com>
2016-09-23 10:11:36 +02:00
Marcel Mager (INST-IOT/ESB)
54c4c8c481 Review fixes of code quality.
Signed-off-by: Marcel Mager (INST-IOT/ESB) <Marcel.Mager@bosch-si.com>
2016-09-22 16:02:27 +02:00
Marcel Mager (INST-IOT/ESB)
5215580cd7 Fix code review findings:
* adapt return type of #getPreAuthenticatedPrincipal to the
#getPreAuthenticatedCredentials return type (both Object)
* #splitMultiHash returns list instead of array

Signed-off-by: Marcel Mager (INST-IOT/ESB) <Marcel.Mager@bosch-si.com>
2016-09-22 14:21:59 +02:00
Marcel Mager (INST-IOT/ESB)
0ccd458585 Add support for multiple hashes in Issuer hash based authentication
Signed-off-by: Marcel Mager (INST-IOT/ESB) <Marcel.Mager@bosch-si.com>
2016-09-22 14:21:55 +02:00
Michael Hirsch
e033e8718c unit tests for ControllerPreAuthenticatedAnonymousDownloadTest
Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>
2016-03-29 11:12:42 +02:00