add decrypt feature for serviceEndpoints. see #24253
This commit is contained in:
parent
99e3f05ea5
commit
1b76d204ac
|
@ -3,6 +3,10 @@
|
||||||
All notable changes to this project will be documented in this file.
|
All notable changes to this project will be documented in this file.
|
||||||
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
## [v1.3.0-SNAPSHOT] - [2023-01-27]
|
||||||
|
|
||||||
|
- Feature #24253 add support for decrypted ServiceEndpoint
|
||||||
|
|
||||||
## [v1.2.0] - [2021-06-08]
|
## [v1.2.0] - [2021-06-08]
|
||||||
|
|
||||||
- Feature #21584 added support for /ServiceEndpoint/{category} REST call
|
- Feature #21584 added support for /ServiceEndpoint/{category} REST call
|
||||||
|
|
6
pom.xml
6
pom.xml
|
@ -11,7 +11,7 @@
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<groupId>org.gcube.information-system</groupId>
|
<groupId>org.gcube.information-system</groupId>
|
||||||
<artifactId>icproxy</artifactId>
|
<artifactId>icproxy</artifactId>
|
||||||
<version>1.2.0</version>
|
<version>1.3.0-SNAPSHOT</version>
|
||||||
<name>ICProxy</name>
|
<name>ICProxy</name>
|
||||||
|
|
||||||
<packaging>war</packaging>
|
<packaging>war</packaging>
|
||||||
|
@ -75,6 +75,10 @@
|
||||||
<groupId>org.gcube.resources</groupId>
|
<groupId>org.gcube.resources</groupId>
|
||||||
<artifactId>common-gcore-resources</artifactId>
|
<artifactId>common-gcore-resources</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.gcube.core</groupId>
|
||||||
|
<artifactId>common-encryption</artifactId>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
<!-- jersey -->
|
<!-- jersey -->
|
||||||
|
|
||||||
|
|
|
@ -4,23 +4,23 @@ import static org.gcube.resources.discovery.icclient.ICFactory.client;
|
||||||
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
|
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
|
||||||
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
|
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
||||||
import javax.validation.constraints.NotNull;
|
import javax.validation.constraints.NotNull;
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.*;
|
||||||
import javax.ws.rs.Path;
|
|
||||||
import javax.ws.rs.PathParam;
|
|
||||||
import javax.ws.rs.Produces;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
import org.gcube.common.resources.gcore.*;
|
import org.gcube.common.resources.gcore.*;
|
||||||
|
import org.gcube.common.resources.gcore.utils.Group;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.gcube.resources.discovery.client.api.DiscoveryClient;
|
import org.gcube.resources.discovery.client.api.DiscoveryClient;
|
||||||
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
|
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
|
||||||
import org.gcube.resources.discovery.client.queries.impl.XQuery;
|
import org.gcube.resources.discovery.client.queries.impl.XQuery;
|
||||||
|
import org.gcube.common.encryption.StringEncrypter;
|
||||||
|
|
||||||
@Slf4j
|
@Slf4j
|
||||||
@Path("ServiceEndpoint")
|
@Path("ServiceEndpoint")
|
||||||
|
@ -39,52 +39,60 @@ public class ServiceEndpointResource {
|
||||||
return endpoints;
|
return endpoints;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// @GET
|
||||||
|
// @Path("/{category}/{name}")
|
||||||
|
// @Produces(MediaType.APPLICATION_XML)
|
||||||
|
// public List<ServiceEndpoint> retrieve(@NotNull @PathParam("name") String resourceName,
|
||||||
|
// @NotNull @PathParam("category") String resourceCategory) {
|
||||||
|
// log.info("ServiceEndpoint called with category {} and name {} in scope {}",resourceCategory, resourceName, ScopeProvider.instance.get());
|
||||||
|
//
|
||||||
|
// DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
||||||
|
//
|
||||||
|
// List<ServiceEndpoint> endpoints = client.submit(getQuery(resourceName, resourceCategory));
|
||||||
|
// log.debug("retrieved resources are "+endpoints.size());
|
||||||
|
// return endpoints;
|
||||||
|
// }
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Path("/{category}/{name}")
|
@Path("/{category}/{name}")
|
||||||
@Produces(MediaType.APPLICATION_XML)
|
@Produces(MediaType.APPLICATION_XML)
|
||||||
public List<ServiceEndpoint> retrieve(@NotNull @PathParam("name") String resourceName,
|
public List<ServiceEndpoint> retrieve(@NotNull @PathParam("name") String resourceName,
|
||||||
@NotNull @PathParam("category") String resourceCategory) {
|
@NotNull @PathParam("category") String resourceCategory, @QueryParam("decrypt") boolean isDecrypt) {
|
||||||
log.info("ServiceEndpoint called with category {} and name {} in scope {}",resourceCategory, resourceName, ScopeProvider.instance.get());
|
log.info("ServiceEndpoint called with category {} and name {} in scope {}",resourceCategory, resourceName, ScopeProvider.instance.get());
|
||||||
|
|
||||||
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
||||||
|
|
||||||
List<ServiceEndpoint> endpoints = client.submit(getQuery(resourceName, resourceCategory));
|
List<ServiceEndpoint> endpoints = client.submit(getQuery(resourceName, resourceCategory));
|
||||||
log.debug("retrieved resources are "+endpoints.size());
|
if(Objects.nonNull(endpoints)) {
|
||||||
return endpoints;
|
log.debug("retrieved resources are "+endpoints.size());
|
||||||
|
if (isDecrypt) {
|
||||||
|
List<ServiceEndpoint> ses = new ArrayList<>(endpoints.size());
|
||||||
|
for (ServiceEndpoint resource : endpoints) {
|
||||||
|
ses.add(decryptResource(resource));
|
||||||
|
}
|
||||||
|
return ses;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return endpoints;
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
// @GET
|
||||||
@Path("/{category}/{name}/{ap}")
|
// @Path("/{category}/{name}/{ap}")
|
||||||
@Produces(MediaType.TEXT_XML)
|
// @Produces(MediaType.TEXT_XML)
|
||||||
public String retrieve(@NotNull @PathParam("name") String resourceName,
|
// public String retrieve(@NotNull @PathParam("name") String resourceName,
|
||||||
@NotNull @PathParam("category") String resourceCategory,
|
// @NotNull @PathParam("category") String resourceCategory,
|
||||||
@NotNull @PathParam("ap") String accessPoint) {
|
// @NotNull @PathParam("ap") String accessPoint) {
|
||||||
log.info("ServiceEndpoint called with category {}, name {} and accessPoint {} in scope {}",resourceCategory, resourceName, accessPoint, ScopeProvider.instance.get());
|
// log.info("ServiceEndpoint called with category {}, name {} and accessPoint {} in scope {}",resourceCategory, resourceName, accessPoint, ScopeProvider.instance.get());
|
||||||
// SimpleQuery query = getQuery(resourceName, resourceCategory);
|
// XQuery query=queryFor(ServiceEndpoint.class);
|
||||||
// query.setResult("$resource/Profile/AccessPoint/Interface/Endpoint[@EntryName='"+accessPoint+"'");
|
// query.addCondition(String.format("$resource/Profile/Name/text() eq '%s'",resourceName));
|
||||||
//// DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
// query.addCondition(String.format("$resource/Profile/Category/text() eq '%s'",resourceCategory));
|
||||||
|
// query.setResult("$resource/Profile/AccessPoint/Interface/Endpoint[@EntryName='"+accessPoint+"']/text()");
|
||||||
// DiscoveryClient<String> client = client();
|
// DiscoveryClient<String> client = client();
|
||||||
//// List<ServiceEndpoint> endpoints = client.submit(query);
|
// List<String> accessList= client.submit(query);
|
||||||
// log.debug("retrieved endpoint is "+endpoints);
|
// if (Objects.nonNull(accessList))
|
||||||
// if (Objects.nonNull(endpoints))
|
// return accessList.get(0).toString();
|
||||||
// return endpoints.get(0).toString();
|
|
||||||
// else
|
// else
|
||||||
// log.warn("endpoint not found with following coordinates: {} {} and accesspoint: {}", resourceCategory, resourceName,accessPoint);
|
// log.warn("endpoint not found with following coordinates: {} {} and accesspoint: {}", resourceCategory, resourceName,accessPoint);
|
||||||
// return null;
|
// return null;
|
||||||
|
// }
|
||||||
|
|
||||||
XQuery query=queryFor(ServiceEndpoint.class);
|
|
||||||
query.addCondition(String.format("$resource/Profile/Name/text() eq '%s'",resourceName));
|
|
||||||
query.addCondition(String.format("$resource/Profile/Category/text() eq '%s'",resourceCategory));
|
|
||||||
query.setResult("$resource/Profile/AccessPoint/Interface/Endpoint[@EntryName='"+accessPoint+"']/text()");
|
|
||||||
DiscoveryClient<String> client = client();
|
|
||||||
List<String> accessList= client.submit(query);
|
|
||||||
if (Objects.nonNull(accessList))
|
|
||||||
return accessList.get(0).toString();
|
|
||||||
else
|
|
||||||
log.warn("endpoint not found with following coordinates: {} {} and accesspoint: {}", resourceCategory, resourceName,accessPoint);
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Path("/{category}/{name}/Result/{result:([^$\\?]+)}")
|
@Path("/{category}/{name}/Result/{result:([^$\\?]+)}")
|
||||||
|
@ -126,20 +134,23 @@ public class ServiceEndpointResource {
|
||||||
return query;
|
return query;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static <T extends Resource> XQuery getSpecificXQuery(T resource) {
|
private ServiceEndpoint decryptResource(ServiceEndpoint resource) {
|
||||||
XQuery query = null;
|
Group<ServiceEndpoint.AccessPoint> aps=resource.profile().accessPoints();
|
||||||
if(resource.type().toString().equalsIgnoreCase("RuntimeResource")){
|
for (ServiceEndpoint.AccessPoint ap : aps){
|
||||||
query = queryFor(ServiceEndpoint.class);
|
String decrypted =decryptString(ap.password());
|
||||||
}else if(resource.type().toString().equalsIgnoreCase("GenericResource")){
|
String user= ap.username();
|
||||||
query = queryFor(GenericResource.class);
|
|
||||||
}else if(resource.type().toString().equalsIgnoreCase("RunningInstance")){
|
ap.credentials(decrypted, user);
|
||||||
query = queryFor(GCoreEndpoint.class);
|
}
|
||||||
}else if(resource.type().toString().equalsIgnoreCase("GHN")){
|
return resource;
|
||||||
query = queryFor(HostingNode.class);
|
}
|
||||||
}else{
|
|
||||||
throw new RuntimeException("The following resource type is not managed: "+resource);
|
public static String decryptString(String toDecrypt){
|
||||||
|
try{
|
||||||
|
return StringEncrypter.getEncrypter().decrypt(toDecrypt);
|
||||||
|
}catch(Exception e) {
|
||||||
|
throw new RuntimeException("Unable to decrypt : "+toDecrypt,e);
|
||||||
}
|
}
|
||||||
return query;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,8 @@ import org.gcube.informationsystem.icproxy.resources.ICResource;
|
||||||
import org.gcube.informationsystem.icproxy.resources.ServiceEndpointResource;
|
import org.gcube.informationsystem.icproxy.resources.ServiceEndpointResource;
|
||||||
import org.glassfish.jersey.server.ResourceConfig;
|
import org.glassfish.jersey.server.ResourceConfig;
|
||||||
import org.glassfish.jersey.test.JerseyTest;
|
import org.glassfish.jersey.test.JerseyTest;
|
||||||
|
import org.junit.Before;
|
||||||
|
import org.junit.BeforeClass;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
public class TestCall extends JerseyTest{
|
public class TestCall extends JerseyTest{
|
||||||
|
@ -53,12 +55,11 @@ public class TestCall extends JerseyTest{
|
||||||
System.out.println(ret);
|
System.out.println(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void serviceEndpointAP() {
|
public void serviceEndpointFree() {
|
||||||
ScopeProvider.instance.set("/gcube/devsec");
|
ScopeProvider.instance.set("/gcube/devsec");
|
||||||
//SecurityTokenProvider.instance.set("/gcube/devsec");
|
//SecurityTokenProvider.instance.set("/gcube/devsec");
|
||||||
final String ret = target("ServiceEndpoint").path("Storage").path("StorageManager").path("server1").queryParam("scope", "/gcube/devsec").request().get(String.class);
|
final String ret = target("ServiceEndpoint").path("Storage").path("StorageManager").queryParam("decrypt", true).queryParam("scope", "/gcube/devsec").request().get(String.class);
|
||||||
System.out.println(ret);
|
System.out.println(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue