Skip to content

Commit

Permalink
Removed trustee role from server code - NOT FROM DATABASE
Browse files Browse the repository at this point in the history 
- **DATABASE REMOVAL NEEDS MORE WORK/DISCUSSION**
- Removed all trustee related flows from the code
	- Registration and user management
	- Policy creation - policies with item type APD
- Updated unit tests, integration tests
- Updated OpenAPI spec for both APD API changes and trustee changes
  • Loading branch information
@ThorodanBrom
ThorodanBrom committed Jul 11, 2023
1 parent 63704e6 commit 4ce500c
Show file tree
Hide file tree
Showing 14 changed files with 165 additions and 2,836 deletions.
2 changes: 1 addition & 1 deletion Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ pipeline {
sh 'docker compose -f docker-compose-test.yml up test'
}
xunit (
thresholds: [ skipped(failureThreshold: '14'), failed(failureThreshold: '0') ],
thresholds: [ skipped(failureThreshold: '15'), failed(failureThreshold: '0') ],
tools: [ JUnit(pattern: 'target/surefire-reports/*.xml') ]
)
jacoco classPattern: 'target/classes', execPattern: 'target/jacoco.exec', sourcePattern: 'src/main/java', exclusionPattern:'**/*VertxEBProxy.class,**/Constants.class,**/*VertxProxyHandler.class,**/*Verticle.class,iudx/aaa/server/deploy/*.class,iudx/aaa/server/registration/KcAdmin.class,iudx/aaa/server/apiserver/*,iudx/aaa/server/apiserver/util/*,iudx/aaa/server/admin/AdminService.class,iudx/aaa/server/apd/ApdService.class,iudx/aaa/server/auditing/AuditingService.class,iudx/aaa/server/auditing/AuditingService.class,iudx/aaa/server/registration/RegistrationService.class,iudx/aaa/server/token/TokenService.class,iudx/aaa/server/policy/PolicyService.class'
Expand Down
234 changes: 20 additions & 214 deletions docs/openapi.yaml
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion src/main/java/iudx/aaa/server/apiserver/Roles.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
* Enum that defines all valid roles recognized by the AAA server.
*/
public enum Roles {
PROVIDER, DELEGATE, TRUSTEE, CONSUMER, ADMIN;
PROVIDER, DELEGATE, CONSUMER, ADMIN;

static List<String> rolesAsStrings =
Arrays.stream(Roles.values()).map(r -> r.name()).collect(Collectors.toList());
Expand Down
116 changes: 5 additions & 111 deletions src/main/java/iudx/aaa/server/policy/PolicyServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,8 +159,7 @@ public PolicyService createPolicy(

if (!roles.contains(Roles.ADMIN)
&& !roles.contains(Roles.PROVIDER)
&& !roles.contains(Roles.DELEGATE)
&& !roles.contains(Roles.TRUSTEE)) {
&& !roles.contains(Roles.DELEGATE)) {

Response r =
new Response.ResponseBuilder()
Expand Down Expand Up @@ -218,15 +217,6 @@ public PolicyService createPolicy(
.map(CreatePolicyRequest::getItemId)
.collect(Collectors.toList());

// getApdInfo for all apdIds
// if itemType is apdIds, getApdInfo
List<String> apdUrls =
userPolicyRequests.stream()
.filter(
tagObject -> tagObject.getItemType().toUpperCase().equals(itemTypes.APD.toString()))
.map(CreatePolicyRequest::getItemId)
.collect(Collectors.toList());

List<String> resGrpIds =
request.stream()
.filter(
Expand All @@ -249,7 +239,6 @@ public PolicyService createPolicy(
Map<String, List<String>> catItem = new HashMap<>();

// check if resServer itemType, All requests must be resServer, role must contain admin
// if itemType is Apd, all req must be Apd,role must contain Trustee
// if item type neither, for request may have both apd and user policies (catalogueFetch)
if (resServerIds.size() > 0) {
// if request has itemType resourceServer, then all request should be for resource server
Expand All @@ -276,32 +265,6 @@ public PolicyService createPolicy(
return this;
} else catItem.put(RES_SERVER, resServerIds);
} else {
// check if user policy for apd exists
if (apdUrls.size() > 0) {
if (apdUrls.size() != request.size()) {
Response r =
new Response.ResponseBuilder()
.type(URN_INVALID_INPUT)
.title(INVALID_INPUT)
.detail("All requests must be for APD")
.status(400)
.build();
handler.handle(Future.succeededFuture(r.toJson()));
return this;
}
if (!roles.contains(Roles.TRUSTEE)) {
Response r =
new Response.ResponseBuilder()
.type(URN_INVALID_ROLE)
.title(INVALID_ROLE)
.detail(INVALID_ROLE)
.status(403)
.build();
handler.handle(Future.succeededFuture(r.toJson()));
return this;
}
catItem.put(APD, apdUrls);
} else {
if (!roles.contains(Roles.PROVIDER) && !roles.contains(Roles.DELEGATE)) {
Response r =
new Response.ResponseBuilder()
Expand All @@ -316,53 +279,11 @@ public PolicyService createPolicy(
if (resGrpIds.size() > 0) catItem.put(RES_GRP, resGrpIds);
if (resIds.size() > 0) catItem.put(RES, resIds);
}
}

Future<Map<String, ResourceObj>> reqItemDetail;
if (catItem.containsKey(RES_SERVER)) {
reqItemDetail = createPolicy.getResSerDetails(catItem.get(RES_SERVER), user.getUserId());
} else {
if (catItem.containsKey(APD)) {
List<String> urls = catItem.get(APD);
Promise<JsonObject> promise = Promise.promise();
apdService.getApdDetails(urls, List.of(), promise);
reqItemDetail =
promise
.future()
.compose(
apdDetail -> {
Map<String, ResourceObj> apdMap = new HashMap<>();
List<String> failedUrl = new ArrayList<>();
urls.forEach(
url -> {
if (!apdDetail.containsKey(url)) failedUrl.add(url);
else {
JsonObject detail = apdDetail.getJsonObject(url);
//status of the apd is not validated for creating policy by the trustee
JsonObject resObj = new JsonObject();
resObj.put(ITEMTYPE, APD);
resObj.put(ID, detail.getString(ID));
resObj.put(CAT_ID, detail.getString(URL));
resObj.put(
OWNER_ID, detail.getJsonObject(OWNER_DETAILS).getString(ID));
resObj.put("resource_server_id",NIL_UUID);
resObj.put("resource_group_id",NIL_UUID);
apdMap.put(resObj.getString(CAT_ID), new ResourceObj(resObj));
}
});

if (failedUrl.size() > 0) {
Response r =
new ResponseBuilder()
.status(400)
.type(URN_INVALID_INPUT)
.title(INVALID_INPUT)
.detail(failedUrl.toString())
.build();
return Future.failedFuture(new ComposeException(r));
}
return Future.succeededFuture(apdMap);
});
} else // For both apdPolicy and userPolicy
reqItemDetail = catalogueClient.checkReqItems(catItem);
}

Expand Down Expand Up @@ -415,28 +336,7 @@ public PolicyService createPolicy(
return createPolicy.checkAuthPolicy(user.getUserId());
});

// to create a policy in the apd_polcies table, user must have a policy by the dataTrustee for the apdId
Future<Boolean> checkTrusteeAuthPolicy =
ItemChecks.compose(obj ->
{
if(validApd.result().isEmpty())
return Future.succeededFuture(true);
else
{
Set<UUID> apdIds = new HashSet<UUID>();
List<String> urls =
apdPolicyRequests.stream().map(CreatePolicyRequest::getApdId).collect(Collectors.toList());
urls.forEach(url ->
{
apdIds.add(UUID.fromString(validApd.result().getJsonObject(url).getString(ID)));
});
return createPolicy.checkAuthTrusteePolicy(providerId, apdIds);
}
}
);


Future<List<UUID>> checkDelegate = CompositeFuture.all(checkAuthPolicy,checkTrusteeAuthPolicy).compose(
Future<List<UUID>> checkDelegate = checkAuthPolicy.compose(
checkAut -> {
if (checkAut.equals(false)) return Future.succeededFuture(new ArrayList<>());
List<ResourceObj> resourceObj = new ArrayList<>(reqItemDetail.result().values());
Expand Down Expand Up @@ -537,7 +437,7 @@ public PolicyService deletePolicy(JsonArray request, User user, JsonObject data,
List<Roles> roles = user.getRoles();

if (!roles.contains(Roles.ADMIN) && !roles.contains(Roles.PROVIDER)
&& !roles.contains(Roles.DELEGATE) && ! roles.contains(Roles.TRUSTEE)) {
&& !roles.contains(Roles.DELEGATE)) {
// cannot create policy
Response r = new Response.ResponseBuilder().type(URN_INVALID_ROLE).title(INVALID_ROLE)
.detail(INVALID_ROLE).status(401).build();
Expand Down Expand Up @@ -637,14 +537,8 @@ public PolicyService listPolicy(User user, JsonObject data,

List<String> userIds = new ArrayList<String>(userIdSet);

/*
* For APD IDs get IDs from policies where the item type is APD and from the APD IDs in
* APD policies
*/
Set<String> apdIdSet = itemTypeToIds.get(itemTypes.APD).stream().map(id -> id.toString())
Set<String> apdIdSet = apdPolicies.result().stream().map(j -> j.getString(APD_ID))
.collect(Collectors.toSet());
apdIdSet.addAll(apdPolicies.result().stream().map(j -> j.getString(APD_ID))
.collect(Collectors.toSet()));

List<String> apdIds = new ArrayList<String>(apdIdSet);

Expand Down
30 changes: 0 additions & 30 deletions src/main/java/iudx/aaa/server/policy/createPolicy.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,36 +369,6 @@ public Future<Boolean> checkAuthPolicy(String userId) {
return p.future();
}

public Future<Boolean> checkAuthTrusteePolicy(String providerId, Set<UUID> apdIds) {
Promise<Boolean> p = Promise.promise();
pool.withConnection(
conn ->
conn.preparedQuery(CHECK_TRUSTEE_POLICY)
.execute(Tuple.of(providerId, status.ACTIVE, apdIds.toArray(UUID[]::new)))
.onFailure(
obj -> {
LOGGER.error(
"checkAuthTrusteePolicy db fail :: " + obj.getLocalizedMessage());
p.fail(INTERNALERROR);
})
.onSuccess(
obj -> {
if (obj.rowCount() == apdIds.size()) p.complete(true);
else {
Response r =
new Response.ResponseBuilder()
.type(URN_INVALID_INPUT)
.title(NO_AUTH_TRUSTEE_POLICY)
.detail(NO_AUTH_TRUSTEE_POLICY)
.status(403)
.build();
p.fail(new ComposeException(r));
}
}));

return p.future();
}

public Future<List<Tuple>> userPolicyDuplicate(
List<CreatePolicyRequest> req, Map<String, ResourceObj> resourceObj, User user) {
Promise<List<Tuple>> p = Promise.promise();
Expand Down
24 changes: 4 additions & 20 deletions src/main/java/iudx/aaa/server/registration/RegistrationServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,8 +140,7 @@ public RegistrationService createUser(RegistrationRequest request, User user,
UUID orgId = UUID.fromString(request.getOrgId());
final String phone = request.getPhone();

if (requestedRoles.contains(Roles.PROVIDER) || requestedRoles.contains(Roles.DELEGATE)
|| requestedRoles.contains(Roles.TRUSTEE)) {
if (requestedRoles.contains(Roles.PROVIDER) || requestedRoles.contains(Roles.DELEGATE)) {
if (orgId.toString().equals(NIL_UUID)) {
Response r = new ResponseBuilder().status(400).type(URN_MISSING_INFO)
.title(ERR_TITLE_ORG_ID_REQUIRED).detail(ERR_DETAIL_ORG_ID_REQUIRED).build();
Expand Down Expand Up @@ -169,8 +168,7 @@ public RegistrationService createUser(RegistrationRequest request, User user,
Future<String> checkOrgExist;
String orgIdToSet;

if (roles.containsKey(Roles.PROVIDER) || roles.containsKey(Roles.DELEGATE)
|| roles.containsKey(Roles.TRUSTEE)) {
if (roles.containsKey(Roles.PROVIDER) || roles.containsKey(Roles.DELEGATE)) {
orgIdToSet = request.getOrgId();
checkOrgExist = pool.withConnection(
conn -> conn.preparedQuery(SQL_GET_ORG_DETAILS).execute(Tuple.of(orgId.toString())).map(
Expand Down Expand Up @@ -615,7 +613,7 @@ public void addRoles(User user, UpdateProfileRequest request, Promise<JsonObject
* orgId is needed always for delegate or trustee reg, even if the user has registered for
* provider role
*/
if (requestedRoles.contains(Roles.DELEGATE) || requestedRoles.contains(Roles.TRUSTEE)) {
if (requestedRoles.contains(Roles.DELEGATE)) {
if (orgId.toString().equals(NIL_UUID)) {
Response r = new ResponseBuilder().status(400).type(URN_MISSING_INFO)
.title(ERR_TITLE_ORG_ID_REQUIRED).detail(ERR_DETAIL_ORG_ID_REQUIRED).build();
Expand Down Expand Up @@ -827,24 +825,10 @@ public void searchUser(User user, JsonObject searchUserDetails, Boolean isAuthDe
};

List<Roles> roles = user.getRoles();
/*
* If the user is a trustee, check for auth admin policy. This is to prevent any user registered
* as a trustee to perform search. Currently, the auth admin policy is set when an APD owned by
* the trustee is set to active for the first time.
*/
Future<Void> trusteeAuthPolicyCheck;

if (roles.contains(Roles.PROVIDER) || roles.contains(Roles.ADMIN)) {
trusteeAuthPolicyCheck = Future.succeededFuture();

} else if (roles.contains(Roles.DELEGATE) && isAuthDelegate) {
trusteeAuthPolicyCheck = Future.succeededFuture();

} else if (roles.contains(Roles.TRUSTEE)) {
Promise<Void> authPolPromise = Promise.promise();
/* checkAuthPolicy sends ComposeException with correct response, can pass the future as is */
policyService.checkAuthPolicy(user.getUserId(), authPolPromise);
trusteeAuthPolicyCheck = authPolPromise.future();

} else {
Response r = new ResponseBuilder().status(401).type(URN_INVALID_ROLE)
Expand All @@ -857,7 +841,7 @@ public void searchUser(User user, JsonObject searchUserDetails, Boolean isAuthDe
String email = searchUserDetails.getString("email").toLowerCase();
Roles role = Roles.valueOf(searchUserDetails.getString("role").toUpperCase());

Future<JsonObject> foundUser = trusteeAuthPolicyCheck.compose(res -> kc.findUserByEmail(email));
Future<JsonObject> foundUser = kc.findUserByEmail(email);

Future<UUID> exists = foundUser.compose(res -> {
if (res.isEmpty()) {
Expand Down
Loading

0 comments on commit 4ce500c

Please sign in to comment.