* Introduce the AccessControlManager and use if for the TargetManagement and TargetTypeManagement.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Extend the access control manager by an API to serialize the current active context and persist it for scheduled background operations like auto-assignment.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Verify modification is permitted before performing automatic assignment
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Start with controlling distribution set type access. Perform some refactoring.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Support distribution set access control. Increase character limit to 512 chars for access control context. Refactor default implementations.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce ContextRunner and define admin execution to check for duplicates before creating/updating entities.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce Software Module, Module Type and Artifact control management. Fix tests.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce access controlling test base. Add first test verifying the read operations for target types.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Finalize target type access controlling test.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce ContextRunnerTest and TargetAccessControllingTest.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce DistributionSetAccessControllingTest and fix missing access control specifications.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Extend test cases. Include only updatable targets into rollout.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Fix action visibility.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Modifiable->Updatable & UPDATE check where needed
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* ContextRunner superseded by ContextAware
+ ContextRunner remaned to ContextAware (move as a cenral entry/concept).
It now extends (and replace) TenantAware
+ SecurityContextTenantAware becomes ContextAware
+ Pluggable serialization mechanism
(default Java serialization of contexts) for SecurityContextTenantAware
(using SecurityContextSerializer)
+ AccessControl methods are added to ensure no entities fill be retrieved
just to call access control - so, if all permitted - no additional db
queries will be made
+ <repo type>AccessControl classes removed and replaced with
AccessControl <repo type> generics
+ AccessControlService removed - every AccessControl is registered and
overiden independently
+ access_control_context in DB increased to 4k (in order to support java
security context serialization)
+ needed adaptaion of implemtation and tests done
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Refactor SoftModules & DistSets
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Refactoring of the Repositories
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Repostiotory level permissions
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Improvements
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Simplification of AccessControl interface
* Simplifications & management package
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Implementation improvements
+ Artifact management & repo reviewed and tuned
+ Action(Status) management & repo reviewed and tuned
+ SoftwareModule(Type/Meta) management & repo reviewed and tuned
+ DistributionSet(Type/Tag/Meta) management(+Invalidation) & repo reviewed and tuned
+ Target(Tag/Type/Meta) management & repo reviewed and tuned
+ TargetQueryFilter management & repo reviewed and tuned
* Apply suggestions from code review
Suggestions accepted. Thanks @herdt-michael
Co-authored-by: Michael Herdt <michael.herdt@bosch.com>
* Apply suggestions from code review 2
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---------
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
Co-authored-by: Michael Herdt <Michael.Herdt@bosch.com>
* Enforce decoding in authentication check
+Enforce decoding of controllerId when authentication is performed for the reverse proxy use case
* Remove unused imports
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Switch approach to decode retrieved values from map
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Remove unused imports
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Style improve
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Move logic to separate class
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Remove TODO comment
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Hide public constructor in Util class
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
---------
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Prevent losing headers (like CORS related ones) when resetting the response headers due to artifact stream.
* add comment
* Extend CORS tests to verify provided header.
* Introduce user consent flow
* Add permissions to confirmation management
* rename from consent to confirmation
* Reformat code. Remove unused imports. Change and add permission checks when configuring auto-confirmation.
* Do not include null values for DDI confirmation base endpoint
* fix confirmation required checkbox id
* Remove unused import. Fix consume/produce type of new API's.
* Change term processing to proceeding when activating user consent flow
* Align formatting and extend integration test cases for DMF and DDI.
* Extend DMF test cases to consider auto-confirmation
* Refactor action management to fix problem of handling action status updates on closed actions.
* remove unsupported validation
* use new confirmation api for DMF. Extend test cases.,
* Remove unnecessary fields.
* Extend API documentation for DDI and MGMT API.
* adapt ddi api docs adoc file
* Fixed the duplicate migration version for db files
* fix method to support confirmation
* Fixed PR comments
* Addressed PR comments
* Fixed after merge compilation issue
* Fixed after merge compilation issue
* Fix failing tests in MgmtRolloutResourceTest
* Fixed the permissions issue reflected by integration tests
* Added back the missing line of code lost during merge
* Fix the failing test on Jenkins
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
Signed-off-by: Dimitar Shterev <dimitar.shterev@bosch.io>
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
Signed-off-by: Shruthi Manavalli Ramanna <shruthimanavalli.ramanna@bosch-si.com>
Co-authored-by: Shruthi Manavalli Ramanna <shruthimanavalli.ramanna@bosch-si.com>
* Fixed sonar warnings
- "Cognitive Complexity"
- "Do not use replaceAll when not using a regex"
- java:S5869 - Character classes in regular expressions should not contain the same character twice
- Improved bad name
- Typos
- reduced code duplications
- Replaced hand-made wait-utility with Awaitility
- Log messages
- Duplicate code
- Typos
- Removed Thread.sleep, instead relaxed check condition
- Removed use of deprecated API
- Removed use of deprecated API
- Added supress-warnings as I do not see a better way to write the tests
- Removed Thread.sleep / redundant functionality to Awaitility
- Fixed other warnings (use isZero, isEmpty, hasToString)
- Removed/Reduced duplicate code
- Added generics
- Fixed asserts
- removed: field.setAccessible(true) actually should not be needed for public static fields!
- Too long constructor passes arguments in wrong order - how surprisingly...
- Clean-up use of varargs arguments
- Fixed regex
- Fixed typos and other minor stuff
- Making public constructors protected in abstract classes
- Swapped expected and asserted argument
- volatile not enough for syncing threads
- volatile not enough for syncing threads
- out-commented code
- Made regex not-greedy, added tests for verification
- Avoid exposure of thread-local member var
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixed Sonar warnings
* License header fix
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* License header fix#2
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixing review findings
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixing tests
- Fixed '&' usage in javadoc and typos
- Fixing some warnings
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Execute rollouts and auto assignments in correct user context
Signed-off-by: Stefan Behl <stefan.behl@bosch.io>
* Fix PR review findings
Signed-off-by: Stefan Behl <stefan.behl@bosch.io>
* Cleanup usage of lenient
Signed-off-by: Stefan Behl <stefan.behl@bosch.io>
-Update Spring Cloud to Hoxton.SR7
-Replace ResourceSupport by RepresentationModel (Spring Hateoas 1.0)
-Replace ControllerLinkBuilder by WebMvcLinkBuilder (Spring Hateoas 1.0)
-Move getId() from Identifiable to BaseEntity (Spring Hateoas 1.0)
-Remove hamcrest.Factory
-Use static Sort.by reference
-Place http security anyRequest().authenticated()
-Replace MockMvcRequestBuilders.fileUpload by MockMvcRequestBuilders.multipart
-Deprecate MEDIA_TYPE_CBOR_UTF8
-Replace MEDIA_TYPE_CBOR_UTF8 by MEDIA_TYPE_CBOR in tests
-Replace HAL_JSON_UTF8 by HAL_JSON in tests
-Replace APPLICATION_JSON_UTF8 by APPLICATION_JSON in tests
-Use org.mockito.junit.MockitoJUnitRunner
-Remove overridden dependency versions
-Removing not needed comments in pom.xml
-Downgrade flyway-core to be MySQL 5.6 compatible
-Add maven-site-plugin since it was removed with spring-boot 2.3
-Set servlet encoding properties
-Introducing Test that verifies the charset inside the content-type of a response
-Add @DirtiesContext to CorsTest and ContentTypeTest
-Add content-type mockmvc test with adapted mockmvc config
-Move encoding.force property to test class
-Switch expected and actual parameter values in content-type test
-Delete deprecated content-type test with TestRestTemplate
-Exclude JUnit5 from spring-boot-starter-test
-Upgrade allure-junit4 to 2.13.5
-Add aspectjweaver 1.9.6 to surefire test execution
-Add flyway-core version to property
-Use getRequiredLink() within MgmtBaseEntity.getId()
Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>
* added triggeredBy for rollouts and autoassignment
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch-si.com>
* use createdBy as fallback for triggeredBy in AutoAssignChecker
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch-si.com>
* removed 'NOT NULL' from db migration scripts for JpaTargetFilterQuery
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch-si.com>
* fixed tests
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch-si.com>
* fixed review findings
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch-si.com>
* inlined redundant method in JpaDeploymentManagement
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch-si.com>
* added tests + renamed property to 'initiatedBy'
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch-si.com>
* fixed review findings
Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch-si.com>
* Add multiassignment to mgmt api target endpoint
* Remove single assignment ds to targets offline
* Fix tests
* Add quota for maxResultingActionsPerManualAssignment
* Fix assignment with same target or distribution set multiple times in one request
* Log UI error
* Add tests
* Enable single assignment requests with multiple DSs and types
* Remove redundant target to DS assignment methods
* Add tests, fix assignment
* Fix possible nullpointer during target assignment request
* Update api docu
* Clean up deployment management code
* Enforce MaxActions quota for offline assignment
* Fix review findings
* Rename property, add migration into
* Add builder for DeploymentRequest
* Change offline assignment method to accept an assignment list, like online assignment
* Fix PR findings
Signed-off-by: Stefan Klotz <stefan.klotz@bosch-si.com>
* Add feature to listen to rollout status update
* With this feature, extensions can update back the status of a given rollout using an event(containing distributionSetId and targetId).
* In future, AmqpMessageHandlerService can make use of this feature and de-couple its own implementation from performing status update of an action.
* Implement ActionStatusUpdateHandlerService using actionId
* Extend actions to support externalRef
* Update the action status using externalRef.
* Update securityContext to support running a callable under specific authorities.
* Fixing the review comments
* Increase length of externalRef to 128 chars
* Remove actionStatusUpdateEvent and the handler service
* Use 256 chars for externalRef
* Increment the version for migration script
* Another feature had use v1_12_12 in a recent PR. So incrementing the version.
* Create length limit for externalRef and add it to index
* Externalref will be much longer than 256 chars if controllerId is as long as 256 chars
* Adding tests for verifying externalRef in controllerManagement
* Improve test to consider multiple externalRefs
* Fix issue in migration script for mssql server
* Fix documentation
Signed-off-by: Ravindranath Sandeep (INST-IOT/ESW-Imb) <Sandeep.Ravindranath@bosch-si.com>
* enabled cors in security configuration, added corresponding properties
* added test for cors validation
* formatting
* added mariadb test dependency and refactored test
* added database listeners to the test
* Remove dependency duplicate
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch-si.com>
Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>
* Defined the model for target matadata and the corresponding repository layer/management
* Added target metadata quotas incl enforcement
* Extended Target Mgmt REST API to allow for metadata CRUD operations
* Added migration scripts for each database
* Added back reference to target metadata in JpaTarget
* Added tests for target management, Mgmt REST API, target metadata RSQL, and REST documentation
* Updated asciidocs for target rest documentation
* Fix Allure imports and annotations
* Fix review findings
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch-si.com>
Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>
* Change length of createdBy and lastModifiedBy property to 64 characters
* Change length of approval_decided_by property to 64 characters
* Use one update statement for one DB table for MySQL
* Fix migration skript for rollout approval
Signed-off-by: Melanie Retter <melanie.retter@bosch-si.com>
* First preparation to build HawkBit with JDK 9
Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
* Reverted Mockito 2 update since it is not compiling under JDK 8 anymore
* Fix for JDK internal calls by old version
* Guava raised to 25.0-jre and CQ added.
Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
* Add updated RabbitMQ http client
* Exclude test dependencies.
Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
* Exclusions for unnecessary Guava dependencies added
Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
* Remove provided annotation dependency for maven plugin
Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
