Search in sources :

Example 6 with AccountInfo

use of org.bf2.srs.fleetmanager.spi.common.model.AccountInfo in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.

the class AuditingServletFilter method doFilter.

@Override
@ActivateRequestContext
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    // Activate Operation Context
    if (opCtx.isContextDataLoaded()) {
        throw new IllegalStateException("Unexpected state: Operation Context is already loaded");
    }
    opCtx.loadNewContextData();
    var req = (HttpServletRequest) request;
    var res = (HttpServletResponse) response;
    // TODO Unify logic to extract this using parameter extractors
    auditing.addTraceMetadata(KEY_REQUEST_SOURCE_IP, req.getRemoteAddr());
    auditing.addTraceMetadata(KEY_REQUEST_FORWARDED_FOR, req.getHeader(HEADER_X_FORWARDED_FOR));
    auditing.addTraceMetadata(KEY_REQUEST_METHOD, req.getMethod());
    auditing.addTraceMetadata(KEY_REQUEST_PATH, req.getRequestURI());
    AccountInfo accountInfo = authService.extractAccountInfo();
    auditing.addTraceMetadata(KEY_USER_ACCOUNT_ID, accountInfo.getAccountId());
    auditing.addTraceMetadata(KEY_USER_ACCOUNT_NAME, accountInfo.getAccountUsername());
    auditing.addTraceMetadata(KEY_USER_ORG_ID, accountInfo.getOrganizationId());
    auditing.addTraceMetadata(KEY_USER_IS_ORG_ADMIN, accountInfo.isAdmin());
    chain.doFilter(request, response);
    if (res.getStatus() >= 400) {
        var event = new AuditingEvent();
        event.setEventId("request_failure");
        event.addData(KEY_RESPONSE_CODE, res.getStatus());
        event.setSuccessful(false);
        auditing.recordEvent(event);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) AccountInfo(org.bf2.srs.fleetmanager.spi.common.model.AccountInfo) AuditingEvent(org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent) ActivateRequestContext(javax.enterprise.context.control.ActivateRequestContext)

Example 7 with AccountInfo

use of org.bf2.srs.fleetmanager.spi.common.model.AccountInfo in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.

the class CheckReadPermissionsInterceptor method intercept.

@AroundInvoke
public Object intercept(InvocationContext context) throws Exception {
    if (isResolvable(securityIdentity)) {
        final AccountInfo accountInfo = authService.extractAccountInfo();
        final Optional<RegistryData> registry = storage.getRegistryById(context.getParameters()[0].toString());
        if (userCanReadInstance(accountInfo, registry)) {
            return context.proceed();
        }
    } else {
        return context.proceed();
    }
    // TODO Refactor for readability
    log.info("Attempt to read registry instance without the proper permissions");
    throw new ForbiddenException();
}
Also used : ForbiddenException(javax.ws.rs.ForbiddenException) RegistryData(org.bf2.srs.fleetmanager.storage.sqlPanacheImpl.model.RegistryData) AccountInfo(org.bf2.srs.fleetmanager.spi.common.model.AccountInfo) AroundInvoke(javax.interceptor.AroundInvoke)

Example 8 with AccountInfo

use of org.bf2.srs.fleetmanager.spi.common.model.AccountInfo in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.

the class RegistryDeprovisioningIT method testDeprovisionRegistryBasic.

@Test
void testDeprovisionRegistryBasic() {
    FleetManagerApi.verifyApiIsSecured();
    var alice = new AccountInfo("testDeprovisionRegistry", "alice", false, 10L);
    var registry1 = new RegistryCreate();
    registry1.setName("registry1");
    var createdRegistry1 = FleetManagerApi.createRegistry(registry1, alice);
    assertNotEquals(RegistryStatusValue.failed, createdRegistry1.getStatus());
    Awaitility.await("registry1 available").atMost(30, SECONDS).pollInterval(5, SECONDS).until(() -> {
        var reg = FleetManagerApi.getRegistry(createdRegistry1.getId(), alice);
        return reg.getStatus().equals(RegistryStatusValue.ready);
    });
    Registry registry = FleetManagerApi.getRegistry(createdRegistry1.getId(), alice);
    TenantManagerClient tenantManager = Utils.createTenantManagerClient();
    var internalTenant = tenantManager.getTenant(registry.getId());
    assertEquals(TenantStatusValue.READY, internalTenant.getStatus());
    FleetManagerApi.deleteRegistry(createdRegistry1.getId(), alice);
    // We don't have to wait for the status to be RegistryStatusValueRest.deleting, since that happens almost immediately now.
    Awaitility.await("registry1 deleting initiated").atMost(5, SECONDS).pollInterval(1, SECONDS).until(() -> {
        var tenant1 = tenantManager.getTenant(registry.getId());
        return TenantStatusValue.TO_BE_DELETED.equals(tenant1.getStatus());
    });
    var req = new UpdateRegistryTenantRequest();
    req.setStatus(TenantStatusValue.DELETED);
    tenantManager.updateTenant(registry.getId(), req);
    Awaitility.await("registry1 deleted").atMost(5, SECONDS).pollInterval(1, SECONDS).until(() -> {
        try {
            FleetManagerApi.verifyRegistryNotExists(createdRegistry1.getId(), alice);
            return true;
        } catch (AssertionError ex) {
            return false;
        }
    });
}
Also used : TenantManagerClient(io.apicurio.multitenant.client.TenantManagerClient) Registry(org.bf2.srs.fleetmanager.rest.publicapi.beans.Registry) RegistryCreate(org.bf2.srs.fleetmanager.rest.publicapi.beans.RegistryCreate) AccountInfo(org.bf2.srs.fleetmanager.spi.common.model.AccountInfo) UpdateRegistryTenantRequest(io.apicurio.multitenant.api.datamodel.UpdateRegistryTenantRequest) Test(org.junit.jupiter.api.Test)

Example 9 with AccountInfo

use of org.bf2.srs.fleetmanager.spi.common.model.AccountInfo in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.

the class RegistryProvisioningIT method testProvisionRegistry.

@Test
void testProvisionRegistry() {
    FleetManagerApi.verifyApiIsSecured();
    var alice = new AccountInfo("testProvisionRegistry", "alice", false, 10L);
    // verify static deployments config file feature
    var deployment = new RegistryDeploymentCreateRest();
    deployment.setName("test-deployment");
    deployment.setTenantManagerUrl(infra.getTenantManagerUri());
    deployment.setRegistryDeploymentUrl("http://registry-test");
    FleetManagerApi.verifyCreateDeploymentNotAllowed(deployment, alice);
    var registry1 = new RegistryCreate();
    registry1.setName("test-registry-1");
    var registry1Result = FleetManagerApi.createRegistry(registry1, alice);
    assertNotEquals(RegistryStatusValue.failed, registry1Result.getStatus());
    Awaitility.await("registry available").atMost(30, TimeUnit.SECONDS).pollInterval(5, TimeUnit.SECONDS).until(() -> {
        var reg = FleetManagerApi.getRegistry(registry1Result.getId(), alice);
        return reg.getStatus().equals(RegistryStatusValue.ready);
    });
    Registry registry = FleetManagerApi.getRegistry(registry1Result.getId(), alice);
    TenantManagerClient tenantManager = Utils.createTenantManagerClient();
    var internalTenant = tenantManager.getTenant(registry.getId());
    var resources = internalTenant.getResources();
    TenantResource maxTotalSchemas = null;
    for (var r : resources) {
        if (r.getType() == ResourceType.MAX_TOTAL_SCHEMAS_COUNT) {
            maxTotalSchemas = r;
        }
    }
    assertNotNull(maxTotalSchemas);
    assertEquals(10, maxTotalSchemas.getLimit());
    // TODO e2e test check limits are applied
    // Delete
    FleetManagerApi.deleteRegistry(registry1Result.getId(), alice);
}
Also used : TenantManagerClient(io.apicurio.multitenant.client.TenantManagerClient) RegistryDeploymentCreateRest(org.bf2.srs.fleetmanager.rest.privateapi.beans.RegistryDeploymentCreateRest) TenantResource(io.apicurio.multitenant.api.datamodel.TenantResource) Registry(org.bf2.srs.fleetmanager.rest.publicapi.beans.Registry) RegistryCreate(org.bf2.srs.fleetmanager.rest.publicapi.beans.RegistryCreate) AccountInfo(org.bf2.srs.fleetmanager.spi.common.model.AccountInfo) Test(org.junit.jupiter.api.Test)

Example 10 with AccountInfo

use of org.bf2.srs.fleetmanager.spi.common.model.AccountInfo in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.

the class RegistryServiceImpl method getRegistries.

@Override
public RegistryListDto getRegistries(Integer page, Integer size, String orderBy, String search) {
    // Defaults
    var sort = Sort.by("id", Sort.Direction.Ascending);
    page = (page != null) ? page : 1;
    size = (size != null) ? size : 10;
    if (orderBy != null) {
        var order = orderBy.split(" ");
        if (order.length != 2) {
            throw new ValidationException("invalid orderBy");
        }
        if ("asc".equals(order[1])) {
            sort = Sort.by(order[0], Sort.Direction.Ascending);
        } else {
            sort = Sort.by(order[0], Sort.Direction.Descending);
        }
    }
    List<Pair<String, Object>> conditions = new ArrayList<>();
    if (search != null && !search.isEmpty()) {
        var basicQuery = new BasicQuery(search, Arrays.asList("name", "status"));
        conditions.add(Pair.of(basicQuery.getColumn(), basicQuery.getArgument()));
    }
    // list only registries from your organization or the ones the user owns
    if (isResolvable(securityIdentity)) {
        final AccountInfo accountInfo = authService.extractAccountInfo();
        String orgId = accountInfo.getOrganizationId();
        if (orgId != null) {
            conditions.add(Pair.of("orgId", orgId));
        } else {
            conditions.add(Pair.of("ownerId", accountInfo.getAccountId()));
        }
    } else {
        conditions.add(Pair.of("ownerId", OWNER_ID_PLACEHOLDER));
    }
    var query = new SearchQuery(conditions);
    PanacheQuery<RegistryData> itemsQuery = storage.executeRegistrySearchQuery(query, sort);
    var items = itemsQuery.page(Page.of(page - 1, size)).stream().map(convertRegistry::convert).collect(Collectors.toList());
    return RegistryListDto.builder().items(items).page(page).size(size).total(itemsQuery.count()).build();
}
Also used : SearchQuery(org.bf2.srs.fleetmanager.util.SearchQuery) ValidationException(javax.validation.ValidationException) BasicQuery(org.bf2.srs.fleetmanager.util.BasicQuery) ArrayList(java.util.ArrayList) RegistryData(org.bf2.srs.fleetmanager.storage.sqlPanacheImpl.model.RegistryData) AccountInfo(org.bf2.srs.fleetmanager.spi.common.model.AccountInfo) Pair(org.apache.commons.lang3.tuple.Pair)

Aggregations

AccountInfo (org.bf2.srs.fleetmanager.spi.common.model.AccountInfo)9 RegistryData (org.bf2.srs.fleetmanager.storage.sqlPanacheImpl.model.RegistryData)4 TenantManagerClient (io.apicurio.multitenant.client.TenantManagerClient)3 Audited (org.bf2.srs.fleetmanager.common.operation.auditing.Audited)3 RegistryCreate (org.bf2.srs.fleetmanager.rest.publicapi.beans.RegistryCreate)3 Test (org.junit.jupiter.api.Test)3 UpdateRegistryTenantRequest (io.apicurio.multitenant.api.datamodel.UpdateRegistryTenantRequest)2 Timed (io.micrometer.core.annotation.Timed)2 AroundInvoke (javax.interceptor.AroundInvoke)2 ForbiddenException (javax.ws.rs.ForbiddenException)2 Registry (org.bf2.srs.fleetmanager.rest.publicapi.beans.Registry)2 AccountManagementSystemClientException (org.bf2.srs.fleetmanager.spi.ams.impl.exception.AccountManagementSystemClientException)2 TenantResource (io.apicurio.multitenant.api.datamodel.TenantResource)1 ArrayList (java.util.ArrayList)1 ActivateRequestContext (javax.enterprise.context.control.ActivateRequestContext)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 ValidationException (javax.validation.ValidationException)1 Pair (org.apache.commons.lang3.tuple.Pair)1 RetryUnwrap (org.bf2.srs.fleetmanager.common.operation.faulttolerance.RetryUnwrap)1