Files
hawkbit/hawkbit-repository/hawkbit-repository-api
Avgustin Marinov b982039a74 Feature/ctx aware and access controller2 (#1456)
* Introduce the AccessControlManager and use if for the TargetManagement and TargetTypeManagement.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Extend the access control manager by an API to serialize the current active context and persist it for scheduled background operations like auto-assignment.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Verify modification is permitted before performing automatic assignment

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Start with controlling distribution set type access. Perform some refactoring.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Support distribution set access control. Increase character limit to 512 chars for access control context. Refactor default implementations.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce ContextRunner and define admin execution to check for duplicates before creating/updating entities.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce Software Module, Module Type and Artifact control management. Fix tests.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce access controlling test base. Add first test verifying the read operations for target types.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Finalize target type access controlling test.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce ContextRunnerTest and TargetAccessControllingTest.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Introduce DistributionSetAccessControllingTest and fix missing access control specifications.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Extend test cases. Include only updatable targets into rollout.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Fix action visibility.

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>

* Modifiable->Updatable & UPDATE check where needed

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* ContextRunner superseded by ContextAware

+ ContextRunner remaned to ContextAware (move as a cenral entry/concept).
  It now extends (and replace) TenantAware
+ SecurityContextTenantAware becomes ContextAware
+ Pluggable serialization mechanism
  (default Java serialization of contexts) for SecurityContextTenantAware
  (using SecurityContextSerializer)
+ AccessControl methods are added to ensure no entities fill be retrieved
  just to call access control - so, if all permitted - no additional db
  queries will be made
+ &lt;repo type&gt;AccessControl classes removed and replaced with
  AccessControl &lt;repo type&gt; generics
+ AccessControlService removed - every AccessControl is registered and
  overiden independently
+ access_control_context in DB increased to 4k (in order to support java
  security context serialization)
+ needed adaptaion of implemtation and tests done

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Refactor SoftModules & DistSets

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Refactoring of the Repositories

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Repostiotory level permissions

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Improvements

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Simplification of AccessControl interface

* Simplifications & management package

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

* Implementation improvements

+ Artifact management & repo reviewed and tuned
+ Action(Status) management & repo reviewed and tuned
+ SoftwareModule(Type/Meta) management & repo reviewed and tuned
+ DistributionSet(Type/Tag/Meta) management(+Invalidation) & repo reviewed and tuned
+ Target(Tag/Type/Meta) management & repo reviewed and tuned
+ TargetQueryFilter management & repo reviewed and tuned

* Apply suggestions from code review

Suggestions accepted. Thanks @herdt-michael

Co-authored-by: Michael Herdt <michael.herdt@bosch.com>

* Apply suggestions from code review 2

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

---------

Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
Co-authored-by: Michael Herdt <Michael.Herdt@bosch.com>
2023-11-16 11:07:06 +02:00
..

hawkBit repository API

API for repository access. Contains:

  • Entity Model
  • Management service API

Method naming concept (example target management)

// Count all targets
Long count()

// Count by filter parameter (example)
Long countByTargetFilterQuery(@NotEmpty String targetFilterQuery);

//Create entity
List<Target> create(@NotEmpty Collection<TargetCreate> create)
Target create(@NotNull TargetCreate create)

//Delete entities (throws EntityNotFoundException if one element does not exist (at least one not found in collection case))
void delete(@NotEmpty Collection<Long> targetIDs);
void delete(@NotNull Long targetID);
void deleteByControllerId(@NotEmpty String controllerId);
void deleteByControllerId(@NotEmpty Collection<String> controllerId);

//Update Target (throws EntityNotFoundException if one element does not exist (at least one not found in collection case))
List<Target> update(@NotEmpty Collection<TargetUpdate> update);
Target update(@NotNull TargetUpdate update);

//Exist
boolean exists(@NotNull Long targetId)
boolean existsByAssignedDistributionSet(@NotNull Long distributionSetID);

// Read methods
// Find one on technical ID (Optional, no EntityNotFoundException)
Optional<Target> get(@NotNull Long targetId);
List<Target> get(@NotEmpty Collection<Long> targetId);

// Find one on non-ID but unique constraint (Optional, no EntityNotFoundException)
Optional<Target> getByControllerID(@NotEmpty String controllerId);
List<Target> getByControllerID(@NotEmpty Collection<String> controllerId);

// Find one on non-ID but and non unique constraint (Optional, no EntityNotFoundException)
Optional<Target> findFirstByDescription(@NotEmpty String description);

// Query/search repository (page might be empty, no EntityNotFoundException) (note: pageReq always first in signature)
Page<Target> findByAssignedDistributionSet(@NotNull Pageable pageReq, @NotNull Long distributionSetID);