lingwei.kong/hawkbit
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
3,695 Commits 1 Branch 0 Tags
ade9904d213ef3bc58d45c0b7d59d3e631e7898d
Commit Graph

204 Commits

Author SHA1 Message Date
Vasil Ilchev
5deb519e7c Fix X_DistributionSet IMPLY_READ DISTRIBUTION_SET_TYPE (#2666) 
Co-authored-by: vasilchev <vasil.ilchev@bosch.com>
 2025-09-15 19:09:44 +03:00
Vasil Ilchev
2cffd89d15 Fix permission length permit (32chars) on SOFTWARE_MODULE_DOWNLOAD_AR… (#2665) 
* Fix permission length permit (32chars) on SOFTWARE_MODULE_DOWNLOAD_ARTIFACT -> SM_DOWNLOAD_ARTIFACT
Fix missing DISTRIBUTION_SET imply read DISTRIBUTION_SET_TYPE

* change to SOFTWARE_MODULE_DOWNLOAD as more intuitive

---------

Co-authored-by: vasilchev <vasil.ilchev@bosch.com>
 2025-09-15 14:58:44 +03:00
Avgustin Marinov
2d45e2a76c Fix Json serializer defaults (#2663) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-09-10 10:56:19 +03:00
Avgustin Marinov
6e334d4888 Add support for "username" to be set as auditor (#2661) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-09-09 17:05:05 +03:00
Avgustin Marinov
ae3a004da0 Finalize and polish fine-grained permission (#2660) 
* Remove _REPOSITORY_ permissions -> replaced with _SOFTWARE_MODULE_, _SOFTWARE_MODULE_TYPE_, _DISTRIBUTION_SET_, _DISTRIBUTION_SET_TYPE_ permissions
* Still kept _ROLE_REPOSITORY_ADMIN_ role granting all repository fine-graned permissions
* Added dedicated _TARGET_TYPE_ permission set - the _TARGET_ permissions just grant _READ_TARGET_TYPE_ (analogically _SOFTWARE_MODULE_ permissions grant _READ_SOFTWARE_MODULE_TYPE_ and _DISTRIBUTION_SET_ grants _READ_DISTRIBUTON_SET_TYPE_
* Hierarcy is not configurable - could be completely replaced by setting spring application property org.eclipse.hawkbit.hierarchy or could be extended by adding rules using org.eclipse.hawkbit.hierarchy.ext

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-09-09 15:42:11 +03:00
Avgustin Marinov
eee2830369 Order all permissions/roles in CRUD fashion (#2656) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-09-05 16:39:09 +03:00
Avgustin Marinov
d622faf14f Add in hierarcy rules that RPOSITORY permissions imply TARGET_TYPE (#2655) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-09-05 16:29:28 +03:00
Avgustin Marinov
c31e5b1265 Define auditor aware principal (#2654) 
Allowing for cusomising auditor by extenders

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-09-05 16:07:46 +03:00
Avgustin Marinov
1f71e01318 Implement JSON security context serializer (new default) - smaller info and human readable (#2652) 
keeps backward compatibility by being able to fallback to JAVA_SERIALIZATION

+ fix DMF messages with status code

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-09-05 13:35:45 +03:00
Avgustin Marinov
9b121b3431 Fix TENANT_CONFIGURATION > READ_GATEWAY_SECURITY_TOKEN imply (#2650) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-09-04 16:09:17 +03:00
Avgustin Marinov
2c995b3665 Add fine grained sm/ds type permission (#2649) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-09-04 15:05:32 +03:00
Avgustin Marinov
2a636328a0 20250828 cleanup (#2639) 
* Cleanup

* Refactor artifact management
 2025-09-02 16:08:14 +03:00
Avgustin Marinov
441b78460d Improve Permission Management (#2604) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-08-12 14:09:27 +03:00
Avgustin Marinov
c038c507a9 TargetManagement over RepositoryManagement (#2599) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-08-07 17:20:22 +03:00
Avgustin Marinov
10da0288d9 Fix sonar findings (#2572) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-07-30 10:13:23 +03:00
Avgustin Marinov
2b66449ff1 Fine grained repository permissions (#2562) 
1. Introduce @PrreAuthorize check based on hasPermission - allowing custom processing (compared with non-modifiable hasAuthority/Role processing)
2. Dedicated permissions could be implemented on management api level. Check is made by plugged in PermissionEvaluator
3. Thus common XXX_REPOSITORY permissions could differ for extending services
4. Change create/update entity builder pattern - not via EntityFactory but via clean static lombok based builders (with fine fluent api).
5. Implement abstract repository management jpa class that handles the boilerplate code from extending classes in single place consistently -> AbsreactJpaRepositoryManagement
6. Register management api-s as **Sevice**-s instead of **Bean**-s in order to make easier maintainable and get away from heavy argument forwading
7. Simplify custom hawkbit repository registration + adding proxy to handle exception mapping at lower level - thus not depending on Aspects for converting exceptions
8. Implemented general purpose 'copy' utility (ObjectCopyUtil) that using getter/setter patterns is able to copy (e.g. Create/Update) objects to other objects (e.g. JPA entity objects)
 2025-07-28 14:57:33 +03:00
Avgustin Marinov
0d38cb5a7d Fix Sonar findings (#2553) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-07-16 10:38:47 +03:00
Avgustin Marinov
a34364bc3e Make allAuthorities unmodifiable (#2551) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-07-15 13:29:20 +03:00
Avgustin Marinov
8bf77ee5dc Single all authorities resolving (#2550) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-07-15 10:56:36 +03:00
Avgustin Marinov
8a60f9b98b Fix getAllAuthorities (#2548) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-07-15 09:28:55 +03:00
Avgustin Marinov
e7373275bf Add distribution set and target type fine grained permissions (#2545) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-07-14 14:52:36 +03:00
Avgustin Marinov
c3fdd9fcc8 Refactor permissions (#2544) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-07-11 16:50:01 +03:00
Avgustin Marinov
21581c4ea4 Fine-grained permissions (#2535) 
* Fine-grained permissions

Adds support for permissions of type <permission>(/<rsql filter scope>)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>

* Apply review fixes

---------

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-07-10 13:51:49 +03:00
Avgustin Marinov
8c6d56f177 Make some test timeouts (await) configurable (#2525) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-07-02 12:45:26 +03:00
Avgustin Marinov
ef25aa59f0 Fix new line after @Test (#2486) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-06-20 17:42:55 +03:00
Avgustin Marinov
cb7f1107fe Remove allure (phase2) (#2483) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-06-20 15:51:06 +03:00
Avgustin Marinov
0ba4c7b790 Update documentation (#2451) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-06-13 13:19:35 +03:00
Denislav Prinov
7aa33cd96b Refactoring the audit log message -> description field 
Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>
 2025-04-22 08:11:53 +03:00
Avgustin Marinov
32990ab2ea Add CORS support for DDI API (#2337) 
For instance if used in remote swagger or web apps

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-04-02 09:01:02 +03:00
Denislav Prinov
c6d89f6c83 Audit log wildcard * introduction to include all parameters by default 
Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>
 2025-04-01 10:02:26 +03:00
Denislav Prinov
23154d70cc Audit Logging in HawkBit (#2314) 
* Introduction of Audit Logging in hawkBit

Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>

* Introduction of Audit Logging in hawkBit

Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>

* Refactoring:

* applied code formatter
* audit moved into hawkbit-security-core
* minimize dependences
* use AuditorAware to retrieve user - so to be compatible with the logs into DB

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>

* Move audit entities to security core

Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>

* Introduce audit log method types

Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>

---------

Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
Co-authored-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-03-31 08:51:54 +03:00
Avgustin Marinov
1c3245e013 Remove SYSTEM_ADMIN imply ROLTE_TENANT_ADMIN (#2293) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-02-19 14:45:09 +02:00
Avgustin Marinov
76ce1cf052 Cleanup and improve the controller authentication (#2287) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2025-02-18 15:10:16 +02:00
Avgustin Marinov
849ea24632 Security artifacts moved in hawkbit-security-parent (#2016) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2024-11-12 12:50:36 +02:00
Avgustin Marinov
3effa996dd Refactor tenancy classes (#1972) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2024-11-08 16:12:18 +02:00
Avgustin Marinov
590dbc06ff Fix TenantAwareUserPropertes.User password (#1971) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2024-11-08 15:42:57 +02:00
Avgustin Marinov
a1e319ee37 Remove OidcUserManagementAutoConfiguration (#1969) 
[release notes]

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2024-11-08 14:32:17 +02:00
Avgustin Marinov
73253abce0 Refactor hawkbit-core (#1967) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2024-11-08 13:11:59 +02:00
Avgustin Marinov
ade5723c8c Remove unused TenantUserPasswordAuthenticationToken (#1966) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2024-11-08 12:29:19 +02:00
Avgustin Marinov
03baf2a4c2 Remvoe PermissionUtils class (#1965) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2024-11-08 11:36:16 +02:00
Avgustin Marinov
c69efe65b2 Remove PermissionsUtil (#1964) 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
 2024-11-08 11:31:09 +02:00
Avgustin Marinov
1c16bd66d3 Code format hawkbit2 (#1949) 
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
 2024-11-05 11:43:54 +02:00
Avgustin Marinov
d842bc2aaa Code format hawkbit (#1948) 
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
 2024-11-05 11:41:56 +02:00
Avgustin Marinov
71aa00ca7c Code format - hawkbit-security-core (#1925) 
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
 2024-11-05 09:21:55 +02:00
Avgustin Marinov
8da475dff0 MDC hanlder refactoring (#1911) 
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
 2024-10-23 09:20:15 +03:00
Avgustin Marinov
12928a5939 Fix/jparolloutshandlerlogging (#1819) 
Fix JpaExecutorHandler logging MDC context

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
 2024-08-13 09:30:09 +03:00
Avgustin Marinov
9bb61fd829 Add MDC context in SecurityContdxtTenantAware (#1818) 
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
 2024-08-13 09:06:53 +03:00
Avgustin Marinov
a99e80b41e MDCHandler - fix sonar findings (#1816) 
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
 2024-08-12 11:45:35 +03:00
Avgustin Marinov
e10542929a Small code clean-up (#1815) 
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
 2024-08-12 09:11:19 +03:00
Avgustin Marinov
e9759fecdb Fix MDCHandler unused import (#1814) 
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
 2024-08-12 08:45:27 +03:00