diff --git a/.docker/docker-compose.yml b/.docker/docker-compose.yml
index a7496bc4f47838b9944b1c844a3b7d98e32cf1f3..2e2a41a065da226ac4dc9a3076d69be04d6f0d21 100644
--- a/.docker/docker-compose.yml
+++ b/.docker/docker-compose.yml
@@ -17,8 +17,8 @@ services:
image: docker.io/bitnami/mariadb:11.1.3-debian-11-r6
volumes:
- metadata-db-data:/bitnami/mariadb
- - ./dbrepo-metadata-db/setup-schema.sql:/docker-entrypoint-initdb.d/1_setup-schema.sql
- - ./dbrepo-metadata-db/setup-data.sql:/docker-entrypoint-initdb.d/2_setup-data.sql
+ - ./dist/setup-schema.sql:/docker-entrypoint-initdb.d/1_setup-schema.sql
+ - ./dist/setup-data.sql:/docker-entrypoint-initdb.d/2_setup-data.sql
ports:
- "3306:3306"
environment:
@@ -192,8 +192,6 @@ services:
volumes:
- ./dist/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf
- ./dist/enabled_plugins:/etc/rabbitmq/enabled_plugins
- - ./dist/cert.pem:/app/cert.pem
- - ./dist/pubkey.pem:/app/pubkey.pem
- ./dist/definitions.json:/app/definitions.json
- broker-service-data:/bitnami/rabbitmq/mnesia
depends_on:
diff --git a/.docs/api/broker-service.md b/.docs/api/broker-service.md
index 0345271bf1c23545e029b51f2de70311235ade5a..f2f684c4a944f4e726a53f4d050bb19b2f368a8d 100644
--- a/.docs/api/broker-service.md
+++ b/.docs/api/broker-service.md
@@ -19,23 +19,18 @@ It holds exchanges and topics responsible for holding AMQP messages for later co
use [RabbitMQ](https://www.rabbitmq.com/) in the implementation. By default, the endpoint listens to the insecure port `5672` for incoming
AMQP tuples and insecure port `15672` for the management UI.
-The default configuration creates a user with administrative privileges on the default virtual host `dbrepo`:
+The default configuration allows any user in the `cn=system,ou=users,dc=dbrepo,dc=at` from the
+[Identity Service](../identity-service) to access the Broker Service as user with `administrator` role, i.e. the
+`cn=admin,dc=dbrepo,dc=at` user that is created by default.
-* Username: `fda`
-* Password: `fda`
-* Roles: `["administrator"]`
+The Broker Service allows two ways of authentication for AMQP tuples:
-The Broker Service allows two ways of authentication:
+1. LDAP
+2. Plain (RabbitMQ's internal authentication)
-1. Plain
-2. OAuth2
-
-For detailed examples how to authenticate with the Broker Service see
-the [usage](/usage-broker) page.
-
-The architecture of the Broker Service is very simple. There is only one durable, topic exchange `dbrepo` and one quorum
-queue `dbrepo`, connected with a binding of `dbrepo.#` which routes all tuples with routing key prefix `dbrepo.` (mind
-the dot!) to this queue.
+The queue architecture of the Broker Service is very simple. There is only one durable, topic exchange `dbrepo` and one
+quorum queue `dbrepo`, connected with a binding of `dbrepo.#` which routes all tuples with routing key prefix `dbrepo.`
+to this queue.
<figure markdown>
@@ -64,10 +59,10 @@ The consumer takes care of writing it to the correct table in the [Data Service]
For a secure deployment it is necessary to configure the Broker Service as follows:
-1. Download the [`rabbitmq.conf`](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/dev/dbrepo-broker-service/rabbitmq.conf.secure) and
- change the `default_user` and `default_pass` lines before mounting it to `/etc/rabbitmq/rabbitmq.conf`.
-2. Mount your previously generated certificate and RSA public key pair (PEM-encoded) to `/app/cert.pem`
+1. Once you change the admin password of the [Identity Service](../identity-service), you need to change it in the
+ `rabbitmq.conf` as well: `auth_ldap.dn_lookup_bind.password=newpassword`.
+2. Enable TLS and mount your previously generated certificate and RSA public key pair (PEM-encoded) to `/app/cert.pem`
and `/app/pubkey.pem`. Note that these are *not* used for TLS encryption, but only for authentication of users. It
- is not recommended to use "real" TLS certificates, self-signed certificates with *sufficient keylength* are best-practice.
-3. Mount your TLS certificate authority file into `/etc/rabbitmq/cacert.crt` and your TLS certificate / private key pair
- into `/etc/tls/tls.crt` and `/etc/tls/tls.key`.
+ is not recommended to use "real" TLS certificates, self-signed certificates with *sufficient keylength* are
+ best-practice. Mount your TLS certificate authority file into `/etc/rabbitmq/cacert.crt` and your TLS certificate
+ / private key pair into `/etc/tls/tls.crt` and `/etc/tls/tls.key`.
diff --git a/.docs/api/identity-service.md b/.docs/api/identity-service.md
new file mode 100644
index 0000000000000000000000000000000000000000..1fe3454956aca84b3c38e174e1f16705afa5360b
--- /dev/null
+++ b/.docs/api/identity-service.md
@@ -0,0 +1,59 @@
+---
+author: Martin Weise
+---
+
+## tl;dr
+
+!!! debug "Debug Information"
+
+ Image: [`docker.io/openldap:2.6.8-debian-12-r1`](https://hub.docker.com/r/openldap)
+
+ * Ports: 1389/tcp, 1636/tcp
+
+## Overview
+
+This service holds the user identities which we simply call identities in the following. It is integrated into the
+[Auth Service](../auth-service) through an LDAP federation, allowing any identity to authenticate through the Auth
+Service. The LDAP protocol is not used for authentication. You can use your own identity provider, e.g. Active
+Directory.
+
+## Identities
+
+Any identity is identified by its `entryUUID` by default in the Auth Service. Note that Keycloak (the software running
+the Auth Service) may assign a different UUID to a user. DBRepo **always** uses the UUID provided through the Identity
+Service.
+
+## Limitations
+
+* Limited support for scaling in Kubernetes, see the
+ [guide](https://github.com/jp-gouin/helm-openldap?tab=readme-ov-file#scaling-your-cluster) of the chart developers.
+* Currently no support for LDAP in the Data Database.
+
+!!! question "Do you miss functionality? Do these limitations affect you?"
+
+ We strongly encourage you to help us implement it as we are welcoming contributors to open-source software and get
+ in [contact](../contact) with us, we happily answer requests for collaboration with attached CV and your programming
+ experience!
+
+## Security
+
+1. By default, no ingress is enabled. If you need ingress on LTP Password and phpLDAPadmin, configure the ingress
+ to use your TLS secret `tls-cert-secret` containing the `tls.crt` and `tls.key`, e.g.:
+
+ ```yaml title="values.yaml"
+ identityservice:
+ ltb-passwd:
+ ingress:
+ enabled: true
+ tls:
+ - secretName: tls-cert-secret
+ hosts:
+ - example.com
+ phpldapadmin:
+ ingress:
+ enabled: true
+ tls:
+ - secretName: tls-cert-secret
+ hosts:
+ - example.com
+ ```
\ No newline at end of file
diff --git a/.docs/docker/_header.md b/.docs/docker/_header.md
index 9deeeab3ac512c477b67fe4181dfe289bf94b6c2..e2e0ca0eaf0cbb17bf430831a2cb0501b98b1f76 100644
--- a/.docs/docker/_header.md
+++ b/.docs/docker/_header.md
@@ -10,7 +10,7 @@
# Supported tags
-* [`1.4.4`](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/blob/release-1.4.3/dbrepo-DIR/Dockerfile/)
+* [`1.4.5`](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/blob/release-1.4.3/dbrepo-DIR/Dockerfile/)
* [`latest`](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/blob/release-latest/dbrepo-DIR/Dockerfile/)
# Non-supported tags
@@ -29,7 +29,7 @@
* **Source of this description:**
- [docs repo's `.docs/docker` directory](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/tree/release-1.4.4/.docs/docker)
+ [docs repo's `.docs/docker` directory](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/tree/release-1.4.5/.docs/docker)
([history](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/commits/release-1.4.34/.docs/docker))
# What is DBRepo?
diff --git a/.docs/examples/air.md b/.docs/examples/air.md
index 1e4d9ddeddf83d5861ad421ba8d00f7397508f46..7c290f047c1bc45712fd52da3c00ff16a2b54d9a 100644
--- a/.docs/examples/air.md
+++ b/.docs/examples/air.md
@@ -5,7 +5,7 @@ author: Martin Weise
## tl;dr
[:fontawesome-solid-database: Dataset](https://handle.stage.datacite.org/10.82556/gd17-aq82){ .md-button .md-button--primary target="_blank" }
-[:material-file-document: Archive](https://doi.org/10.48436/mtha8-w2406){ .md-button .md-button--secondary target="_blank" }
+[:simple-grafana: Dashboard](https://dbrepo1.ec.tuwien.ac.at/admin/grafana/d/FLB9eAv4z/airquality){ .md-button .md-button--secondary target="_blank" }
## Description
@@ -14,14 +14,25 @@ in Vienna, spanning the years from 1980 to 2021. The data was provided by the Um
original form in this record. This record forms the basis of an analysis carried out in a bachelor's thesis at the TU
Wien.
-## Solution
+<figure markdown>
+
+<figcaption>Figure 1: Grafana dashboard visualizing the dataset.</figcaption>
+</figure>
+The analysis was carried out in a Jupyter Notebook hosted by our IT-department
+[JupyterHub](https://science.datalab.tuwien.ac.at/) as part of TU Wien's virtual research environment.
<figure markdown>
{ .img-border }
-<figcaption>Figure 1: Jupyter Notebook accessing data on DBRepo using the Python Library.</figcaption>
+<figcaption>Figure 2: Jupyter Notebook accessing data on DBRepo using the Python Library.</figcaption>
</figure>
+## Solution
+
+One of the first use-cases of importing external data into DBRepo which was provided as .csv flat file. We developed a
+database schema and a web scraper that scrapes live air quality data from the
+[public map](https://luft.umweltbundesamt.at/pub/map_chart/index.pl) of the environment agency of Austria.
+
## DBRepo Features
- [x] Import complex dataset
diff --git a/.docs/examples/survey.md b/.docs/examples/survey.md
index 88eea632e066e4ce3ed250d47e7ba6e5c46b5c8f..c30f5efb67efc827474dd7a33cba99ae73af323d 100644
--- a/.docs/examples/survey.md
+++ b/.docs/examples/survey.md
@@ -9,22 +9,25 @@ author: Martin Weise
## Description
-This digital record contains historical air pollution and air quality data from approximately 20 air monitoring stations
-in Vienna, spanning the years from 1980 to 2021. The data was provided by the Umweltbundesamt and is stored in its
-original form in this record. This record forms the basis of an analysis carried out in a bachelor's thesis at the TU
-Wien.
+As part of a literature study, the research unit of data science has collected data on 47 Trusted Research Environments
+(TREs) who enable analysis of confidential data under strict security assertions who protect the data with technical,
+organizational and legal measures from (accidentally) being leaked outside the facility. The literature study shows that
+47 TREs worldwide provide access to confidential data of which two-thirds provide data themselves (n=32, 68%),
+predominantly via secure remote access (n=46, 98%).
## Solution
+We designed a database schema that allows collection of the data with correct primary key and foreign-key relationships.
+Three defined views allow for a simpler exploration of the study data. The analysis of the data was performed in TU
+Wien's virtual research environment using [JupyterHub](https://science.datalab.tuwien.ac.at/) as well as the chart
<figure markdown>
-{ .img-border }
+{ .img-border }
<figcaption>Figure 1: Jupyter Notebook accessing data on DBRepo using the Python Library.</figcaption>
</figure>
## DBRepo Features
-- [x] Import complex dataset
- [x] System versioning
- [x] Subset exploration
- [x] Aggregated views
@@ -33,6 +36,6 @@ Wien.
## Acknowledgement
-This work was part of a cooperation with the [Umweltbundesamt](https://www.umweltbundesamt.at/).
+This work was part of a cooperation with the [Research Unit of Data Science](https://informatics.tuwien.ac.at/orgs/e194-04).
-<img src="../../images/logos/umweltbundesamt.png" width=100 />
\ No newline at end of file
+<img src="../../images/logos/ds-ifs.png" width=100 />
\ No newline at end of file
diff --git a/.docs/images/logos/ds-ifs.png b/.docs/images/logos/ds-ifs.png
new file mode 100644
index 0000000000000000000000000000000000000000..0bce76feea8eabadf5c63422d927d01284cd5c91
Binary files /dev/null and b/.docs/images/logos/ds-ifs.png differ
diff --git a/.docs/images/screenshots/air-dashboard.png b/.docs/images/screenshots/air-dashboard.png
new file mode 100644
index 0000000000000000000000000000000000000000..309a1c689f2c7955d36cdd0e724bfb71027db562
Binary files /dev/null and b/.docs/images/screenshots/air-dashboard.png differ
diff --git a/.docs/images/screenshots/tre-notebook.png b/.docs/images/screenshots/tre-notebook.png
new file mode 100644
index 0000000000000000000000000000000000000000..26b335113aeea58e1d50200973e60946fe681a73
Binary files /dev/null and b/.docs/images/screenshots/tre-notebook.png differ
diff --git a/.docs/index.md b/.docs/index.md
index 4b869b4d8fac9e7cf09ae7cd0e57dacaf077b411..d47bf06b2861569060235cf86bb13b58dd3eb046 100644
--- a/.docs/index.md
+++ b/.docs/index.md
@@ -8,7 +8,7 @@ author: Martin Weise
[](https://hub.docker.com/u/dbrepo){ tabindex=-1 }
[](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services){ tabindex=-1 }
-Documentation for version: [v1.4.4](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/releases).
+Documentation for version: [v1.4.5](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/releases).
DBRepo is a repository for data in databases that are used from the beginning until the end of a research
project supporting data evolution, -citation and -versioning. It implements the query store of the
diff --git a/.docs/installation.md b/.docs/installation.md
index 2561b4944b65de05a6f79b55502ad2d61ad15906..b6cb219cef3bbd97f5b8c7d54a91cbc52a19b8ad 100644
--- a/.docs/installation.md
+++ b/.docs/installation.md
@@ -44,7 +44,48 @@ are *not* recommended and not tested.
## Custom Install
-TBD
+In case you prefer a customized install, start by downloading the `docker-compose.yml` file used to define the services:
+
+```bash
+curl -O docker-compose.yml -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.4/.docker/docker-compose.yml
+```
+
+Create the folder `dist/` that hold necessary configuration files and download the Metadata Database schema and initial
+data to display the created Data Database container:
+
+```bash
+mkdir -p dist
+curl -O dist/setup-schema.sql -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.4/dbrepo-metadata-db/setup-schema.sql
+curl -O dist/setup-data.sql -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.4/dbrepo-metadata-db/setup-data.sql
+```
+
+Download the Broker Service configuration files:
+
+```bash
+curl -O dist/rabbitmq.conf -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.4/dbrepo-broker-service/rabbitmq.conf
+curl -O dist/enabled_plugins -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.4/dbrepo-broker-service/enabled_plugins
+curl -O dist/definitions.json -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.4/dbrepo-broker-service/definitions.json
+```
+
+!!! warning "Default admin user credentials"
+
+ Note that you need to change the default user credentials `fda:fda` of the Broker Service by setting `users.0.name`
+ and `users.0.password_hash` of the `definitions.json` file. The `password_hash` can be created by executing
+ `./helm/dbrepo/hack/generate-rabbitmq-pw.sh <your_password>`.
+
+Download the Gateway Service configuration file (or integrate it into your existing NGINX reverse proxy config):
+
+```bash
+curl -O dist/dbrepo.conf -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.4/dbrepo-gateway-service/dbrepo.conf
+```
+
+Download the S3 configuration for the Storage Service:
+
+```bash
+curl -O dist/s3_config.conf -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.4/dbrepo-storage-service/s3_config.conf
+```
+
+Continue the custom install by customizing the [User Interface](../api/ui).
## Architecture
@@ -106,6 +147,12 @@ In case the deployment is unsuccessful, we have explanations on their origin and
: *Origin*: Your deployment machine (e.g. laptop, virtual machine) appears to not have enough RAM assigned.
: *Solution*: Assign more RAM to the deployment machine (e.g. add vRAM to the virtual machine).
+**HTTP access denied: user 'admin' - invalid credentials**
+
+: *Origin*: The broker service cannot bind to the identity service due to wrong configuration.
+: *Solution*: This is very likely due to a wrong `auth_ldap.dn_lookup_bind.password` in `rabbitmq.conf`. The error
+ indicates that LDAP check is not even attempted.
+
## Next Steps
You should now be able to view the front end at [http://localhost](http://localhost).
diff --git a/.docs/redirect.html b/.docs/redirect.html
index dd85a970b2a874ec3abb95888d43c03c8c9e4ee4..4e513b2170628796d31b592b0e5b3190cfb0fe09 100644
--- a/.docs/redirect.html
+++ b/.docs/redirect.html
@@ -5,16 +5,16 @@
<head>
<meta charset="UTF-8">
<title>Redirect Notice</title>
- <meta http-equiv="Refresh" content="0; url='/infrastructures/dbrepo/1.4.4/'" />
+ <meta http-equiv="Refresh" content="0; url='/infrastructures/dbrepo/1.4.5/'" />
</head>
<body>
<h1>Redirect Notice</h1>
<p>
- This page should automatically open the documentation for version <code>1.4.4</code>. In case this page does not load the site is
+ This page should automatically open the documentation for version <code>1.4.5</code>. In case this page does not load the site is
available at:
</p>
<p>
- <a href="/infrastructures/dbrepo/1.4.4/">/infrastructures/dbrepo/1.4.4/</a>
+ <a href="/infrastructures/dbrepo/1.4.5/">/infrastructures/dbrepo/1.4.5/</a>
</p>
</body>
</html>
\ No newline at end of file
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c7c0cfca0b6f44025bc8e597ed2030a7a291d41f..e67f8d3b9e279624500eb8f8c018b145b5265987 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,8 +4,8 @@ variables:
TRIVY_CACHE_DIR: ".trivycache/"
DOCKER_HOST: "unix:///var/run/dind/docker.sock"
TESTCONTAINERS_RYUK_DISABLED: "false"
- APP_VERSION: "1.4.4"
- CHART_VERSION: "1.4.4"
+ APP_VERSION: "1.4.5"
+ CHART_VERSION: "1.4.5"
image: debian:12-slim
@@ -18,6 +18,7 @@ cache:
stages:
- build
+ - lint
- test
- docs
- release
@@ -140,6 +141,18 @@ verify-install-script:
- bash install.sh
- exit 0
+lint-helm:
+ image: docker.io/docker:24-dind
+ stage: lint
+ except:
+ refs:
+ - /^release-.*/
+ needs:
+ - build-metadata-service
+ script:
+ - apk add sed helm curl
+ - helm lint ./helm/dbrepo
+
test-metadata-service:
image: maven:3-openjdk-17
stage: test
@@ -602,6 +615,7 @@ release-docs:
- /^release-.*/
before_script:
- "apk add --update alpine-sdk bash sed wget openssh"
+ - "pip install pipenv"
- "pip install -r ./requirements.txt"
- "mkdir -p ./final/${APP_VERSION}/rest"
script:
diff --git a/Makefile b/Makefile
index d3438ab7d5cfa78cfc7a5b829c37b917c14a42a9..b279097f827becd26e3e39da0bbf866fd513516f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
.PHONY: all
-APP_VERSION ?= 1.4.4
-CHART_VERSION ?= 1.4.4
+APP_VERSION ?= 1.4.5
+CHART_VERSION ?= 1.4.5
REPOSITORY_URL ?= registry.datalab.tuwien.ac.at/dbrepo
.PHONY: all
diff --git a/dbrepo-analyse-service/Pipfile b/dbrepo-analyse-service/Pipfile
index 98166931a4f958a9ea6a5c94187e5d02d2014b4c..a0fb0bfd7be1fdb83dfacbcf42dc1bc557f83d82 100644
--- a/dbrepo-analyse-service/Pipfile
+++ b/dbrepo-analyse-service/Pipfile
@@ -21,7 +21,7 @@ numpy = "*"
pandas = "*"
minio = "*"
pydantic = "*"
-dbrepo = {path = "./lib/dbrepo-1.4.4.tar.gz"}
+dbrepo = {path = "./lib/dbrepo-1.4.5.tar.gz"}
opensearch-py = "*"
[dev-packages]
diff --git a/dbrepo-analyse-service/Pipfile.lock b/dbrepo-analyse-service/Pipfile.lock
index fa863d3b7b63cffb1752ce9d5426f653a569b23f..a34914b5d78f9686bbef821284161e39acc59567 100644
--- a/dbrepo-analyse-service/Pipfile.lock
+++ b/dbrepo-analyse-service/Pipfile.lock
@@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
- "sha256": "f862bcd0c3285ad0a48d0d0f738bddf0f3c1d2c5d263af9e07994463e39e5610"
+ "sha256": "81259bb4fb1f303f1bfc9f643c6210d3b5f8de902725e4134cdab680d3fdfbb3"
},
"pipfile-spec": 6,
"requires": {
@@ -167,19 +167,19 @@
},
"boto3": {
"hashes": [
- "sha256:b781d267dd5e7583966e05697f6bd45e2f46c01dc619ba0860b042963ee69296",
- "sha256:c163fb7135a94e7b8c8c478a44071c843f05e212fa4bec3105f8a437ecbf1bcb"
+ "sha256:0314e6598f59ee0f34eb4e6d1a0f69fa65c146d2b88a6e837a527a9956ec2731",
+ "sha256:d41037e2c680ab8d6c61a0a4ee6bf1fdd9e857f43996672830a95d62d6f6fa79"
],
"index": "pypi",
- "version": "==1.34.130"
+ "version": "==1.34.136"
},
"botocore": {
"hashes": [
- "sha256:a242b3b0a836b14f308a309565cd63e88654cec238f9b73abbbd3c0526db4c81",
- "sha256:a3b36e9dac1ed31c4cb3a5c5e540a7d8a9b90ff1d17f87734e674154b41776d8"
+ "sha256:7f7135178692b39143c8f152a618d2a3b71065a317569a7102d2306d4946f42f",
+ "sha256:c63fe9032091fb9e9477706a3ebfa4d0c109b807907051d892ed574f9b573e61"
],
"markers": "python_version >= '3.8'",
- "version": "==1.34.130"
+ "version": "==1.34.136"
},
"certifi": {
"hashes": [
@@ -392,10 +392,11 @@
"dbrepo": {
"hashes": [
"sha256:2506475fc8fb3f4fdd722e3e92f8e6ad28d0707023c3d8ea5d6d076cef71f395",
- "sha256:2bdb48c70b4c99b5044fbfc12aa653c1e9281ca8913a433cc08a1e14cb4bd2ef"
+ "sha256:2bdb48c70b4c99b5044fbfc12aa653c1e9281ca8913a433cc08a1e14cb4bd2ef",
+ "sha256:dccfaec20a3972a578313206678a119db3d6f898604aab4b694aa2ac37a20629"
],
- "path": "./lib/dbrepo-1.4.4.tar.gz",
- "version": "==1.4.4"
+ "path": "./lib/dbrepo-1.4.5.tar.gz",
+ "version": "==1.4.5"
},
"events": {
"hashes": [
@@ -1353,19 +1354,19 @@
},
"s3transfer": {
"hashes": [
- "sha256:5683916b4c724f799e600f41dd9e10a9ff19871bf87623cc8f491cb4f5fa0a19",
- "sha256:ceb252b11bcf87080fb7850a224fb6e05c8a776bab8f2b64b7f25b969464839d"
+ "sha256:0711534e9356d3cc692fdde846b4a1e4b0cb6519971860796e6bc4c7aea00ef6",
+ "sha256:eca1c20de70a39daee580aef4986996620f365c4e0fda6a86100231d62f1bf69"
],
"markers": "python_version >= '3.8'",
- "version": "==0.10.1"
+ "version": "==0.10.2"
},
"setuptools": {
"hashes": [
- "sha256:01a1e793faa5bd89abc851fa15d0a0db26f160890c7102cd8dce643e886b47f5",
- "sha256:d9b8b771455a97c8a9f3ab3448ebe0b29b5e105f1228bba41028be116985a267"
+ "sha256:937a48c7cdb7a21eb53cd7f9b59e525503aa8abaf3584c730dc5f7a5bec3a650",
+ "sha256:a58a8fde0541dab0419750bcc521fbdf8585f6e5cb41909df3a472ef7b81ca95"
],
"markers": "python_version >= '3.8'",
- "version": "==70.1.0"
+ "version": "==70.1.1"
},
"six": {
"hashes": [
@@ -1770,61 +1771,61 @@
},
"coverage": {
"hashes": [
- "sha256:015eddc5ccd5364dcb902eaecf9515636806fa1e0d5bef5769d06d0f31b54523",
- "sha256:04aefca5190d1dc7a53a4c1a5a7f8568811306d7a8ee231c42fb69215571944f",
- "sha256:05ac5f60faa0c704c0f7e6a5cbfd6f02101ed05e0aee4d2822637a9e672c998d",
- "sha256:0bbddc54bbacfc09b3edaec644d4ac90c08ee8ed4844b0f86227dcda2d428fcb",
- "sha256:1d2a830ade66d3563bb61d1e3c77c8def97b30ed91e166c67d0632c018f380f0",
- "sha256:239a4e75e09c2b12ea478d28815acf83334d32e722e7433471fbf641c606344c",
- "sha256:244f509f126dc71369393ce5fea17c0592c40ee44e607b6d855e9c4ac57aac98",
- "sha256:25a5caf742c6195e08002d3b6c2dd6947e50efc5fc2c2205f61ecb47592d2d83",
- "sha256:296a7d9bbc598e8744c00f7a6cecf1da9b30ae9ad51c566291ff1314e6cbbed8",
- "sha256:2e079c9ec772fedbade9d7ebc36202a1d9ef7291bc9b3a024ca395c4d52853d7",
- "sha256:33ca90a0eb29225f195e30684ba4a6db05dbef03c2ccd50b9077714c48153cac",
- "sha256:33fc65740267222fc02975c061eb7167185fef4cc8f2770267ee8bf7d6a42f84",
- "sha256:341dd8f61c26337c37988345ca5c8ccabeff33093a26953a1ac72e7d0103c4fb",
- "sha256:34d6d21d8795a97b14d503dcaf74226ae51eb1f2bd41015d3ef332a24d0a17b3",
- "sha256:3538d8fb1ee9bdd2e2692b3b18c22bb1c19ffbefd06880f5ac496e42d7bb3884",
- "sha256:38a3b98dae8a7c9057bd91fbf3415c05e700a5114c5f1b5b0ea5f8f429ba6614",
- "sha256:3d5a67f0da401e105753d474369ab034c7bae51a4c31c77d94030d59e41df5bd",
- "sha256:50084d3516aa263791198913a17354bd1dc627d3c1639209640b9cac3fef5807",
- "sha256:55f689f846661e3f26efa535071775d0483388a1ccfab899df72924805e9e7cd",
- "sha256:5bc5a8c87714b0c67cfeb4c7caa82b2d71e8864d1a46aa990b5588fa953673b8",
- "sha256:62bda40da1e68898186f274f832ef3e759ce929da9a9fd9fcf265956de269dbc",
- "sha256:705f3d7c2b098c40f5b81790a5fedb274113373d4d1a69e65f8b68b0cc26f6db",
- "sha256:75e3f4e86804023e991096b29e147e635f5e2568f77883a1e6eed74512659ab0",
- "sha256:7b2a19e13dfb5c8e145c7a6ea959485ee8e2204699903c88c7d25283584bfc08",
- "sha256:7cec2af81f9e7569280822be68bd57e51b86d42e59ea30d10ebdbb22d2cb7232",
- "sha256:8383a6c8cefba1b7cecc0149415046b6fc38836295bc4c84e820872eb5478b3d",
- "sha256:8c836309931839cca658a78a888dab9676b5c988d0dd34ca247f5f3e679f4e7a",
- "sha256:8e317953bb4c074c06c798a11dbdd2cf9979dbcaa8ccc0fa4701d80042d4ebf1",
- "sha256:923b7b1c717bd0f0f92d862d1ff51d9b2b55dbbd133e05680204465f454bb286",
- "sha256:990fb20b32990b2ce2c5f974c3e738c9358b2735bc05075d50a6f36721b8f303",
- "sha256:9aad68c3f2566dfae84bf46295a79e79d904e1c21ccfc66de88cd446f8686341",
- "sha256:a5812840d1d00eafae6585aba38021f90a705a25b8216ec7f66aebe5b619fb84",
- "sha256:a6519d917abb15e12380406d721e37613e2a67d166f9fb7e5a8ce0375744cd45",
- "sha256:ab0b028165eea880af12f66086694768f2c3139b2c31ad5e032c8edbafca6ffc",
- "sha256:aea7da970f1feccf48be7335f8b2ca64baf9b589d79e05b9397a06696ce1a1ec",
- "sha256:b1196e13c45e327d6cd0b6e471530a1882f1017eb83c6229fc613cd1a11b53cd",
- "sha256:b368e1aee1b9b75757942d44d7598dcd22a9dbb126affcbba82d15917f0cc155",
- "sha256:bde997cac85fcac227b27d4fb2c7608a2c5f6558469b0eb704c5726ae49e1c52",
- "sha256:c4c2872b3c91f9baa836147ca33650dc5c172e9273c808c3c3199c75490e709d",
- "sha256:c59d2ad092dc0551d9f79d9d44d005c945ba95832a6798f98f9216ede3d5f485",
- "sha256:d1da0a2e3b37b745a2b2a678a4c796462cf753aebf94edcc87dcc6b8641eae31",
- "sha256:d8b7339180d00de83e930358223c617cc343dd08e1aa5ec7b06c3a121aec4e1d",
- "sha256:dd4b3355b01273a56b20c219e74e7549e14370b31a4ffe42706a8cda91f19f6d",
- "sha256:e08c470c2eb01977d221fd87495b44867a56d4d594f43739a8028f8646a51e0d",
- "sha256:f5102a92855d518b0996eb197772f5ac2a527c0ec617124ad5242a3af5e25f85",
- "sha256:f542287b1489c7a860d43a7d8883e27ca62ab84ca53c965d11dac1d3a1fab7ce",
- "sha256:f78300789a708ac1f17e134593f577407d52d0417305435b134805c4fb135adb",
- "sha256:f81bc26d609bf0fbc622c7122ba6307993c83c795d2d6f6f6fd8c000a770d974",
- "sha256:f836c174c3a7f639bded48ec913f348c4761cbf49de4a20a956d3431a7c9cb24",
- "sha256:fa21a04112c59ad54f69d80e376f7f9d0f5f9123ab87ecd18fbb9ec3a2beed56",
- "sha256:fcf7d1d6f5da887ca04302db8e0e0cf56ce9a5e05f202720e49b3e8157ddb9a9",
- "sha256:fd27d8b49e574e50caa65196d908f80e4dff64d7e592d0c59788b45aad7e8b35"
+ "sha256:018a12985185038a5b2bcafab04ab833a9a0f2c59995b3cec07e10074c78635f",
+ "sha256:02ff6e898197cc1e9fa375581382b72498eb2e6d5fc0b53f03e496cfee3fac6d",
+ "sha256:042183de01f8b6d531e10c197f7f0315a61e8d805ab29c5f7b51a01d62782747",
+ "sha256:1014fbf665fef86cdfd6cb5b7371496ce35e4d2a00cda501cf9f5b9e6fced69f",
+ "sha256:1137f46adb28e3813dec8c01fefadcb8c614f33576f672962e323b5128d9a68d",
+ "sha256:16852febd96acd953b0d55fc842ce2dac1710f26729b31c80b940b9afcd9896f",
+ "sha256:2174e7c23e0a454ffe12267a10732c273243b4f2d50d07544a91198f05c48f47",
+ "sha256:2214ee920787d85db1b6a0bd9da5f8503ccc8fcd5814d90796c2f2493a2f4d2e",
+ "sha256:3257fdd8e574805f27bb5342b77bc65578e98cbc004a92232106344053f319ba",
+ "sha256:3684bc2ff328f935981847082ba4fdc950d58906a40eafa93510d1b54c08a66c",
+ "sha256:3a6612c99081d8d6134005b1354191e103ec9705d7ba2754e848211ac8cacc6b",
+ "sha256:3d7564cc09dd91b5a6001754a5b3c6ecc4aba6323baf33a12bd751036c998be4",
+ "sha256:44da56a2589b684813f86d07597fdf8a9c6ce77f58976727329272f5a01f99f7",
+ "sha256:5013ed890dc917cef2c9f765c4c6a8ae9df983cd60dbb635df8ed9f4ebc9f555",
+ "sha256:54317c2b806354cbb2dc7ac27e2b93f97096912cc16b18289c5d4e44fc663233",
+ "sha256:56b4eafa21c6c175b3ede004ca12c653a88b6f922494b023aeb1e836df953ace",
+ "sha256:581ea96f92bf71a5ec0974001f900db495488434a6928a2ca7f01eee20c23805",
+ "sha256:5cd64adedf3be66f8ccee418473c2916492d53cbafbfcff851cbec5a8454b136",
+ "sha256:5df54843b88901fdc2f598ac06737f03d71168fd1175728054c8f5a2739ac3e4",
+ "sha256:65e528e2e921ba8fd67d9055e6b9f9e34b21ebd6768ae1c1723f4ea6ace1234d",
+ "sha256:6aae5cce399a0f065da65c7bb1e8abd5c7a3043da9dceb429ebe1b289bc07806",
+ "sha256:6cfb5a4f556bb51aba274588200a46e4dd6b505fb1a5f8c5ae408222eb416f99",
+ "sha256:7076b4b3a5f6d2b5d7f1185fde25b1e54eb66e647a1dfef0e2c2bfaf9b4c88c8",
+ "sha256:73ca8fbc5bc622e54627314c1a6f1dfdd8db69788f3443e752c215f29fa87a0b",
+ "sha256:79b356f3dd5b26f3ad23b35c75dbdaf1f9e2450b6bcefc6d0825ea0aa3f86ca5",
+ "sha256:7a892be37ca35eb5019ec85402c3371b0f7cda5ab5056023a7f13da0961e60da",
+ "sha256:8192794d120167e2a64721d88dbd688584675e86e15d0569599257566dec9bf0",
+ "sha256:820bc841faa502e727a48311948e0461132a9c8baa42f6b2b84a29ced24cc078",
+ "sha256:8f894208794b164e6bd4bba61fc98bf6b06be4d390cf2daacfa6eca0a6d2bb4f",
+ "sha256:a04e990a2a41740b02d6182b498ee9796cf60eefe40cf859b016650147908029",
+ "sha256:a44963520b069e12789d0faea4e9fdb1e410cdc4aab89d94f7f55cbb7fef0353",
+ "sha256:a6bb74ed465d5fb204b2ec41d79bcd28afccf817de721e8a807d5141c3426638",
+ "sha256:ab73b35e8d109bffbda9a3e91c64e29fe26e03e49addf5b43d85fc426dde11f9",
+ "sha256:aea072a941b033813f5e4814541fc265a5c12ed9720daef11ca516aeacd3bd7f",
+ "sha256:b1ccf5e728ccf83acd313c89f07c22d70d6c375a9c6f339233dcf792094bcbf7",
+ "sha256:b385d49609f8e9efc885790a5a0e89f2e3ae042cdf12958b6034cc442de428d3",
+ "sha256:b3d45ff86efb129c599a3b287ae2e44c1e281ae0f9a9bad0edc202179bcc3a2e",
+ "sha256:b4a474f799456e0eb46d78ab07303286a84a3140e9700b9e154cfebc8f527016",
+ "sha256:b95c3a8cb0463ba9f77383d0fa8c9194cf91f64445a63fc26fb2327e1e1eb088",
+ "sha256:c5986ee7ea0795a4095ac4d113cbb3448601efca7f158ec7f7087a6c705304e4",
+ "sha256:cdd31315fc20868c194130de9ee6bfd99755cc9565edff98ecc12585b90be882",
+ "sha256:cef4649ec906ea7ea5e9e796e68b987f83fa9a718514fe147f538cfeda76d7a7",
+ "sha256:d05c16cf4b4c2fc880cb12ba4c9b526e9e5d5bb1d81313d4d732a5b9fe2b9d53",
+ "sha256:d2e344d6adc8ef81c5a233d3a57b3c7d5181f40e79e05e1c143da143ccb6377d",
+ "sha256:d45d3cbd94159c468b9b8c5a556e3f6b81a8d1af2a92b77320e887c3e7a5d080",
+ "sha256:db14f552ac38f10758ad14dd7b983dbab424e731588d300c7db25b6f89e335b5",
+ "sha256:dbc5958cb471e5a5af41b0ddaea96a37e74ed289535e8deca404811f6cb0bc3d",
+ "sha256:ddbd2f9713a79e8e7242d7c51f1929611e991d855f414ca9996c20e44a895f7c",
+ "sha256:e16f3d6b491c48c5ae726308e6ab1e18ee830b4cdd6913f2d7f77354b33f91c8",
+ "sha256:e2afe743289273209c992075a5a4913e8d007d569a406ffed0bd080ea02b0633",
+ "sha256:e564c2cf45d2f44a9da56f4e3a26b2236504a496eb4cb0ca7221cd4cc7a9aca9",
+ "sha256:ed550e7442f278af76d9d65af48069f1fb84c9f745ae249c1a183c1e9d1b025c"
],
"index": "pypi",
- "version": "==7.5.3"
+ "version": "==7.5.4"
},
"docker": {
"hashes": [
diff --git a/dbrepo-analyse-service/app.py b/dbrepo-analyse-service/app.py
index 61c866982bb60e721a3e0c5a1e9e7a144cf8f517..bfc8212864933c7ec8253825d5fbe4d5dc7e7b44 100644
--- a/dbrepo-analyse-service/app.py
+++ b/dbrepo-analyse-service/app.py
@@ -151,7 +151,7 @@ template = {
"info": {
"title": "Database Repository Analyse Service API",
"description": "Service that analyses data structures",
- "version": "1.4.4",
+ "version": "1.4.5",
"contact": {
"name": "Prof. Andreas Rauber",
"email": "andreas.rauber@tuwien.ac.at"
@@ -163,7 +163,7 @@ template = {
},
"externalDocs": {
"description": "Sourcecode Documentation",
- "url": "https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/"
+ "url": "https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.5/"
},
"servers": [
{
diff --git a/dbrepo-analyse-service/lib/dbrepo-1.4.5-py3-none-any.whl b/dbrepo-analyse-service/lib/dbrepo-1.4.5-py3-none-any.whl
new file mode 100644
index 0000000000000000000000000000000000000000..249fd5dc181271a3069745f5a6ef8a26de398037
Binary files /dev/null and b/dbrepo-analyse-service/lib/dbrepo-1.4.5-py3-none-any.whl differ
diff --git a/dbrepo-analyse-service/lib/dbrepo-1.4.5.tar.gz b/dbrepo-analyse-service/lib/dbrepo-1.4.5.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..2f21496bd2280550f4242bbc0fff4a47116d6ad5
Binary files /dev/null and b/dbrepo-analyse-service/lib/dbrepo-1.4.5.tar.gz differ
diff --git a/dbrepo-auth-service/dbrepo-realm.json b/dbrepo-auth-service/dbrepo-realm.json
index bd5a5464e7aeadd4c4012e7c0fa7e74efa2b6d04..270ca00a1f59dedc2b3f9b25b7c30c73064f7c82 100644
--- a/dbrepo-auth-service/dbrepo-realm.json
+++ b/dbrepo-auth-service/dbrepo-realm.json
@@ -131,6 +131,14 @@
"clientRole" : false,
"containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
"attributes" : { }
+ }, {
+ "id" : "79534da1-4c85-409e-810e-a7ce6d632b09",
+ "name" : "system",
+ "description" : "${system}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
}, {
"id" : "b0d66d3d-59b4-4aae-aa66-e3d5a49f28e3",
"name" : "view-database-view-data",
@@ -1099,7 +1107,7 @@
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"otpPolicyCodeReusable" : false,
- "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ],
+ "otpSupportedApplications" : [ "totpAppMicrosoftAuthenticatorName", "totpAppFreeOTPName", "totpAppGoogleName" ],
"webAuthnPolicyRpEntityName" : "keycloak",
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyRpId" : "",
@@ -1295,60 +1303,46 @@
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
- "id" : "6a8cae99-294f-4fc2-9561-5a52f3f6a1ba",
- "name" : "Audience",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-hardcoded-claim-mapper",
- "consentRequired" : false,
- "config" : {
- "claim.value" : "spring",
- "userinfo.token.claim" : "false",
- "id.token.claim" : "false",
- "access.token.claim" : "true",
- "claim.name" : "aud",
- "access.tokenResponse.claim" : "false"
- }
- }, {
- "id" : "8ae79e43-b2b7-4bb9-a420-b498690dd8c3",
- "name" : "given name",
+ "id" : "da0b27c1-ae2e-4baa-bf78-db233e15c78d",
+ "name" : "preferred_username",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
- "userinfo.token.claim" : "false",
- "user.attribute" : "firstName",
- "id.token.claim" : "false",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
"access.token.claim" : "true",
- "claim.name" : "user.firstname",
- "jsonType.label" : "String"
+ "claim.name" : "preferred_username",
+ "userinfo.token.claim" : "true"
}
}, {
- "id" : "ef081a47-f023-4056-958c-4194d3878d8c",
- "name" : "username",
+ "id" : "7c94de93-f60f-487b-b4b7-1891c67f74cc",
+ "name" : "aud",
"protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
+ "protocolMapper" : "oidc-hardcoded-claim-mapper",
"consentRequired" : false,
"config" : {
- "userinfo.token.claim" : "false",
- "user.attribute" : "username",
- "id.token.claim" : "false",
+ "claim.value" : "dbrepo",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
"access.token.claim" : "true",
- "claim.name" : "client_id",
- "jsonType.label" : "String"
+ "claim.name" : "aud",
+ "access.tokenResponse.claim" : "false"
}
}, {
- "id" : "99e3b48b-86ff-4e5b-8652-fcd2738b0ad1",
- "name" : "family name",
+ "id" : "030a1cd9-53d1-4a62-a375-94d50a2dc6fc",
+ "name" : "uid",
"protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
+ "aggregate.attrs" : "false",
+ "multivalued" : "false",
"userinfo.token.claim" : "true",
- "user.attribute" : "lastName",
+ "user.attribute" : "LDAP_ID",
"id.token.claim" : "true",
"access.token.claim" : "true",
- "claim.name" : "user.lastname",
- "jsonType.label" : "String"
+ "claim.name" : "uid"
}
} ],
"defaultClientScopes" : [ "roles", "attributes" ],
@@ -2078,23 +2072,6 @@
"config" : {
"allow-default-scopes" : [ "true" ]
}
- }, {
- "id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1",
- "name" : "Trusted Hosts",
- "providerId" : "trusted-hosts",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : {
- "host-sending-registration-request-must-match" : [ "true" ],
- "client-uris-must-match" : [ "true" ]
- }
- }, {
- "id" : "f565cb47-3bcf-4078-8f94-eb4179c375b8",
- "name" : "Full Scope Disabled",
- "providerId" : "scope",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : { }
}, {
"id" : "0efa669d-1017-4b4a-82e1-c2eaf72de2c9",
"name" : "Allowed Client Scopes",
@@ -2112,25 +2089,185 @@
"subComponents" : { },
"config" : { }
}, {
- "id" : "104ec5a9-025b-4c44-8ac0-82d22887ca3e",
+ "id" : "3ab11d74-5e76-408a-b85a-26bf8950f979",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
- "subType" : "authenticated",
+ "subType" : "anonymous",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper" ]
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper" ]
}
}, {
- "id" : "3ab11d74-5e76-408a-b85a-26bf8950f979",
+ "id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "f565cb47-3bcf-4078-8f94-eb4179c375b8",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "104ec5a9-025b-4c44-8ac0-82d22887ca3e",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
- "subType" : "anonymous",
+ "subType" : "authenticated",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper" ]
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-role-list-mapper" ]
+ }
+ } ],
+ "org.keycloak.storage.UserStorageProvider" : [ {
+ "id" : "c109d473-5ce1-4032-af7b-02e5442f5c07",
+ "name" : "openldap",
+ "providerId" : "ldap",
+ "subComponents" : {
+ "org.keycloak.storage.ldap.mappers.LDAPStorageMapper" : [ {
+ "id" : "db9963a3-03d1-468e-998c-9f3338fdb493",
+ "name" : "creation date",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "createTimestamp" ],
+ "is.mandatory.in.ldap" : [ "false" ],
+ "read.only" : [ "true" ],
+ "always.read.value.from.ldap" : [ "true" ],
+ "user.model.attribute" : [ "createTimestamp" ]
+ }
+ }, {
+ "id" : "9d7b9abc-321e-4674-ba36-b104b9990641",
+ "name" : "last name",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "sn" ],
+ "is.mandatory.in.ldap" : [ "true" ],
+ "always.read.value.from.ldap" : [ "true" ],
+ "read.only" : [ "false" ],
+ "user.model.attribute" : [ "lastName" ]
+ }
+ }, {
+ "id" : "b5b7253b-984e-4aa3-b862-20dbe06e4cf9",
+ "name" : "first name",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "cn" ],
+ "is.mandatory.in.ldap" : [ "true" ],
+ "always.read.value.from.ldap" : [ "true" ],
+ "read.only" : [ "false" ],
+ "user.model.attribute" : [ "firstName" ]
+ }
+ }, {
+ "id" : "ea383c2f-3bfe-4117-a8fd-f012d6ebbf9e",
+ "name" : "email",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "mail" ],
+ "is.mandatory.in.ldap" : [ "false" ],
+ "always.read.value.from.ldap" : [ "false" ],
+ "read.only" : [ "false" ],
+ "user.model.attribute" : [ "email" ]
+ }
+ }, {
+ "id" : "5692d060-55b8-4cb1-b68f-0ae123cd9d02",
+ "name" : "system",
+ "providerId" : "group-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "membership.attribute.type" : [ "DN" ],
+ "group.name.ldap.attribute" : [ "cn" ],
+ "preserve.group.inheritance" : [ "false" ],
+ "membership.user.ldap.attribute" : [ "uid" ],
+ "groups.dn" : [ "cn=system,ou=users,dc=dbrepo,dc=at" ],
+ "mode" : [ "LDAP_ONLY" ],
+ "user.roles.retrieve.strategy" : [ "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE" ],
+ "ignore.missing.groups" : [ "false" ],
+ "membership.ldap.attribute" : [ "member" ],
+ "memberof.ldap.attribute" : [ "memberOf" ],
+ "group.object.classes" : [ "groupOfNames" ],
+ "groups.path" : [ "/" ],
+ "drop.non.existing.groups.during.sync" : [ "false" ]
+ }
+ }, {
+ "id" : "b6ff3285-35af-4e86-8bb4-d94b8e0d70bb",
+ "name" : "modify date",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "modifyTimestamp" ],
+ "is.mandatory.in.ldap" : [ "false" ],
+ "always.read.value.from.ldap" : [ "true" ],
+ "read.only" : [ "true" ],
+ "user.model.attribute" : [ "modifyTimestamp" ]
+ }
+ }, {
+ "id" : "b5d08699-ba3a-4ffd-bf2e-36d1bcac48d9",
+ "name" : "username",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "uid" ],
+ "attribute.force.default" : [ "false" ],
+ "is.mandatory.in.ldap" : [ "true" ],
+ "is.binary.attribute" : [ "false" ],
+ "always.read.value.from.ldap" : [ "false" ],
+ "read.only" : [ "false" ],
+ "user.model.attribute" : [ "username" ]
+ }
+ } ]
+ },
+ "config" : {
+ "fullSyncPeriod" : [ "-1" ],
+ "pagination" : [ "false" ],
+ "startTls" : [ "false" ],
+ "usersDn" : [ "ou=users,dc=dbrepo,dc=at" ],
+ "connectionPooling" : [ "true" ],
+ "cachePolicy" : [ "DEFAULT" ],
+ "useKerberosForPasswordAuthentication" : [ "false" ],
+ "importEnabled" : [ "true" ],
+ "enabled" : [ "true" ],
+ "usernameLDAPAttribute" : [ "uid" ],
+ "bindDn" : [ "cn=admin,dc=dbrepo,dc=at" ],
+ "bindCredential" : [ "adminpassword" ],
+ "changedSyncPeriod" : [ "-1" ],
+ "lastSync" : [ "1719252666" ],
+ "vendor" : [ "other" ],
+ "uuidLDAPAttribute" : [ "entryUUID" ],
+ "allowKerberosAuthentication" : [ "false" ],
+ "connectionUrl" : [ "ldap://identity-service:1389" ],
+ "syncRegistrations" : [ "true" ],
+ "authType" : [ "simple" ],
+ "useTruststoreSpi" : [ "ldapsOnly" ],
+ "usePasswordModifyExtendedOp" : [ "false" ],
+ "trustEmail" : [ "false" ],
+ "userObjectClasses" : [ "inetOrgPerson, organizationalPerson, person" ],
+ "rdnLDAPAttribute" : [ "uid" ],
+ "editMode" : [ "WRITABLE" ],
+ "validatePasswordPolicy" : [ "false" ]
}
} ],
"org.keycloak.keys.KeyProvider" : [ {
+ "id" : "2f53ccf3-37b0-4d34-83e7-ed497499ee51",
+ "name" : "rsa-enc-generated",
+ "providerId" : "rsa-enc-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEowIBAAKCAQEA3b1tNLfcjFLUw9UShVDNf+ZD8sQqb4YBaIXcSJTX/zDQUPiCp176BBGI3s4VplDArnOW+LumozmKogeoHEnGEIDW8ovgK5uMU9tSA2p0qqGBUMOdR8YATTIfCJe7qGiiuGa3WZy3sQLM70SuRzx02YU8gvUcvl2Js4KyqAziOUX/w3Wa59H9jjGNUXYyqaPWJp73eHzbVYWySzyLG22mVlcUtBx5siL5T2/Xu0p9z4l7/bapwwmOVi1ZrcHjbEAwdGEiSMGI/uWqAF+r1BRpmJLR7HNXcL3eK4/56VYLaiwSejfyYeRFMITEn/UxGYhcXZ5xMUUCG0TxjBhLYpTBuwIDAQABAoIBAA4dwebcxkrH99Poa8+WkiE7JgaS9sahx9OBI2xwJANoIU2TpzGuNLQZ76uLgB+rPWZTD9Xm5a1iJjwOyQ9/937TzPCk91D0tpgcusRikb8jx/6TGB9acL4kBjYUVCCHr3BA2G75MKKGtJ2OMvAbCQSosZj+r2VDwYFEPUkV2jheE5JHSBkwyIRrus3JCwu8gu5fyCg9z8ljcxJxI5HIsi4v8Z21aCw/cLj7h5cMt44wCjQz4rOfYNBEFeHDtlfR1QtWKgjm4ZHHJbKrzf9b2kQXclziceEbSM0tYbROEXKi+s0Zc+z3HEG89vv0vfN400clmzzIAijKY6gg3pPRWdECgYEA+lnWYbSlXDMNYx6RBXm1RnlMUYIm4oy4/9ljgnoGJ6WCn3SjFkgaDtiKfGIG1BSB85r04pAPANgcWHf5tWDnq0ARvBVG0BX2bKd++7B3D4d3CRYKCwm88SslJXv9dfHVhq4+zViFPiUWwT20A72jCuUCvL88y5fh/YBecfdh+jECgYEA4r5RD0NB9dMaeg5/jk/GEHIo4Z9KLc6FrSoOFo2xFkPOy1sgDpDOiNtypuWvniO7k7Ose3DS3hlfTMsKzIW/CgQJ20+Y4cvBWDaOsRxfjj7w3d+jH5OSJdKKSzTrgLKc9ZhlRzVXy0J0hipIA6HG5kdVdLXmh85ITmf1CbJhE6sCgYBjPVeBNbXTHZ2x6/z62aslO5IoQVqetb/kE82hfDOSZcao5Ph9Lam+ttH2ynkAevykj4mBgi+gWwqpey2uW7KaLPSaxShj9kDQA3mP1fzsV/u0y1rB02Nlin/YIxVvOqU1FT9p8SwoXVVu1sHUNck62VtDbN9xqUx5S/ikXrclEQKBgQCoTssOwEcK+Vty9KYcdfy4onTUHZBLdjxl8Iyqkxy7QTQUYRznkvesQPDXEDGO+kk3dyx2KKZt9Hl4IFNww2quPZcvcuMx4DQxjbXXpA8OIIxcta95NepLJwA+mRai3nKCH1A2TlNP7pFeMa5o+8IPly3Ix2lKr4Wepa4PN5i1pwKBgCZ1QP6XAOERl9NznNmU0rXVcvYNP4PIIfQWfvGsldZ4QKkmjjAGiS0/oYqdWs+UDRZyCRChaVjDXO9fk0PEG5OGKAj9nyiYCT/M8xtJ3UeP5ffZZvJ/vnye3QdDIo1e38ZzsWwJHmLYw7fRqY9W5Vxo0Vsy22U3CJY70KTxVdTy" ],
+ "keyUse" : [ "ENC" ],
+ "certificate" : [ "MIICmzCCAYMCBgGG3GWycDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdvW00t9yMUtTD1RKFUM1/5kPyxCpvhgFohdxIlNf/MNBQ+IKnXvoEEYjezhWmUMCuc5b4u6ajOYqiB6gcScYQgNbyi+Arm4xT21IDanSqoYFQw51HxgBNMh8Il7uoaKK4ZrdZnLexAszvRK5HPHTZhTyC9Ry+XYmzgrKoDOI5Rf/DdZrn0f2OMY1RdjKpo9Ymnvd4fNtVhbJLPIsbbaZWVxS0HHmyIvlPb9e7Sn3PiXv9tqnDCY5WLVmtweNsQDB0YSJIwYj+5aoAX6vUFGmYktHsc1dwvd4rj/npVgtqLBJ6N/Jh5EUwhMSf9TEZiFxdnnExRQIbRPGMGEtilMG7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAK3kQ1VkQrzvSWvmXmazmNoA1ZiPzRDs1XhGUWxgsxzgPylr3dGBuqQbKvgnLUBQLSqlJHpI4fZflHswu1qrvVZYtekPcGef4WhcKAu2i1RwxrKa6RJQ1tRbrLuVYCzPv5p/DWgltWVn88aoLnqQn0SK/0PB/o4a4Cm7Kq2ZzCr1dACBr06LvOHsc7249OySmbG4HH+pLK6jVURhZ9VaObqAHe2FJBVVoIzURbdiRRURqumrIvbnpeaU1aFyg6ED5wTnXvmMPmVPt9F79mcB33bASO5wyu00X8t1hyN2Show2l2vxLACGUzVkTQt15s7uDLKE7qLmKSR3EuSGXWv3wA=" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "RSA-OAEP" ]
+ }
+ }, {
"id" : "28ca0b6d-b2e2-4785-b04b-2391e6344e30",
"name" : "aes-generated",
"providerId" : "aes-generated",
@@ -2151,18 +2288,6 @@
"priority" : [ "100" ],
"algorithm" : [ "HS256" ]
}
- }, {
- "id" : "2f53ccf3-37b0-4d34-83e7-ed497499ee51",
- "name" : "rsa-enc-generated",
- "providerId" : "rsa-enc-generated",
- "subComponents" : { },
- "config" : {
- "privateKey" : [ "MIIEowIBAAKCAQEA3b1tNLfcjFLUw9UShVDNf+ZD8sQqb4YBaIXcSJTX/zDQUPiCp176BBGI3s4VplDArnOW+LumozmKogeoHEnGEIDW8ovgK5uMU9tSA2p0qqGBUMOdR8YATTIfCJe7qGiiuGa3WZy3sQLM70SuRzx02YU8gvUcvl2Js4KyqAziOUX/w3Wa59H9jjGNUXYyqaPWJp73eHzbVYWySzyLG22mVlcUtBx5siL5T2/Xu0p9z4l7/bapwwmOVi1ZrcHjbEAwdGEiSMGI/uWqAF+r1BRpmJLR7HNXcL3eK4/56VYLaiwSejfyYeRFMITEn/UxGYhcXZ5xMUUCG0TxjBhLYpTBuwIDAQABAoIBAA4dwebcxkrH99Poa8+WkiE7JgaS9sahx9OBI2xwJANoIU2TpzGuNLQZ76uLgB+rPWZTD9Xm5a1iJjwOyQ9/937TzPCk91D0tpgcusRikb8jx/6TGB9acL4kBjYUVCCHr3BA2G75MKKGtJ2OMvAbCQSosZj+r2VDwYFEPUkV2jheE5JHSBkwyIRrus3JCwu8gu5fyCg9z8ljcxJxI5HIsi4v8Z21aCw/cLj7h5cMt44wCjQz4rOfYNBEFeHDtlfR1QtWKgjm4ZHHJbKrzf9b2kQXclziceEbSM0tYbROEXKi+s0Zc+z3HEG89vv0vfN400clmzzIAijKY6gg3pPRWdECgYEA+lnWYbSlXDMNYx6RBXm1RnlMUYIm4oy4/9ljgnoGJ6WCn3SjFkgaDtiKfGIG1BSB85r04pAPANgcWHf5tWDnq0ARvBVG0BX2bKd++7B3D4d3CRYKCwm88SslJXv9dfHVhq4+zViFPiUWwT20A72jCuUCvL88y5fh/YBecfdh+jECgYEA4r5RD0NB9dMaeg5/jk/GEHIo4Z9KLc6FrSoOFo2xFkPOy1sgDpDOiNtypuWvniO7k7Ose3DS3hlfTMsKzIW/CgQJ20+Y4cvBWDaOsRxfjj7w3d+jH5OSJdKKSzTrgLKc9ZhlRzVXy0J0hipIA6HG5kdVdLXmh85ITmf1CbJhE6sCgYBjPVeBNbXTHZ2x6/z62aslO5IoQVqetb/kE82hfDOSZcao5Ph9Lam+ttH2ynkAevykj4mBgi+gWwqpey2uW7KaLPSaxShj9kDQA3mP1fzsV/u0y1rB02Nlin/YIxVvOqU1FT9p8SwoXVVu1sHUNck62VtDbN9xqUx5S/ikXrclEQKBgQCoTssOwEcK+Vty9KYcdfy4onTUHZBLdjxl8Iyqkxy7QTQUYRznkvesQPDXEDGO+kk3dyx2KKZt9Hl4IFNww2quPZcvcuMx4DQxjbXXpA8OIIxcta95NepLJwA+mRai3nKCH1A2TlNP7pFeMa5o+8IPly3Ix2lKr4Wepa4PN5i1pwKBgCZ1QP6XAOERl9NznNmU0rXVcvYNP4PIIfQWfvGsldZ4QKkmjjAGiS0/oYqdWs+UDRZyCRChaVjDXO9fk0PEG5OGKAj9nyiYCT/M8xtJ3UeP5ffZZvJ/vnye3QdDIo1e38ZzsWwJHmLYw7fRqY9W5Vxo0Vsy22U3CJY70KTxVdTy" ],
- "keyUse" : [ "ENC" ],
- "certificate" : [ "MIICmzCCAYMCBgGG3GWycDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdvW00t9yMUtTD1RKFUM1/5kPyxCpvhgFohdxIlNf/MNBQ+IKnXvoEEYjezhWmUMCuc5b4u6ajOYqiB6gcScYQgNbyi+Arm4xT21IDanSqoYFQw51HxgBNMh8Il7uoaKK4ZrdZnLexAszvRK5HPHTZhTyC9Ry+XYmzgrKoDOI5Rf/DdZrn0f2OMY1RdjKpo9Ymnvd4fNtVhbJLPIsbbaZWVxS0HHmyIvlPb9e7Sn3PiXv9tqnDCY5WLVmtweNsQDB0YSJIwYj+5aoAX6vUFGmYktHsc1dwvd4rj/npVgtqLBJ6N/Jh5EUwhMSf9TEZiFxdnnExRQIbRPGMGEtilMG7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAK3kQ1VkQrzvSWvmXmazmNoA1ZiPzRDs1XhGUWxgsxzgPylr3dGBuqQbKvgnLUBQLSqlJHpI4fZflHswu1qrvVZYtekPcGef4WhcKAu2i1RwxrKa6RJQ1tRbrLuVYCzPv5p/DWgltWVn88aoLnqQn0SK/0PB/o4a4Cm7Kq2ZzCr1dACBr06LvOHsc7249OySmbG4HH+pLK6jVURhZ9VaObqAHe2FJBVVoIzURbdiRRURqumrIvbnpeaU1aFyg6ED5wTnXvmMPmVPt9F79mcB33bASO5wyu00X8t1hyN2Show2l2vxLACGUzVkTQt15s7uDLKE7qLmKSR3EuSGXWv3wA=" ],
- "priority" : [ "100" ],
- "algorithm" : [ "RSA-OAEP" ]
- }
}, {
"id" : "2293ff99-3c6d-46d1-8635-5e679d5b134a",
"name" : "rsa-generated",
@@ -2179,7 +2304,7 @@
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
- "id" : "8b55b559-905f-4f73-b050-0cd68f676a42",
+ "id" : "df1ebc5f-2037-43f5-9915-71eb4cd0ed7e",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
@@ -2201,7 +2326,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "293efab0-aa10-44e6-8f5a-dd63d6908d9e",
+ "id" : "76ef2d26-2756-4ce1-904b-4be58e99b576",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
@@ -2230,7 +2355,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "f3c7659d-9c24-43e7-b94c-8bfb4811084f",
+ "id" : "b0d74a54-cea7-48f2-a4c9-f35204488da6",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -2252,7 +2377,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "1d83f267-0342-41c1-9a64-11cc9b8e62fc",
+ "id" : "07b964c7-4527-4071-9f7a-e50d6321d951",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -2274,7 +2399,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "bb881bf0-e8f5-418e-91ec-09624683ec66",
+ "id" : "be69fd2d-1bf5-429e-9833-a76232a23904",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -2296,7 +2421,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "aea83d83-6c28-4df6-9543-2bf74cc4b78a",
+ "id" : "e9d23d2a-d857-4547-a419-2fd850ed58e5",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
@@ -2318,7 +2443,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "78283326-7419-4cca-a5dd-cf510db7041c",
+ "id" : "75e1f120-8a28-4cc0-af60-26fa9d865975",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow",
@@ -2340,7 +2465,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "c88bb673-7092-4996-8c46-e9b08c94eb8c",
+ "id" : "eeb37a0b-2f2f-47f5-9ee6-3da2c8b48ec0",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
@@ -2363,7 +2488,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "6632c7a3-8a7f-4f94-a15d-bdce1563f419",
+ "id" : "8637f64c-8b45-48b0-b3ba-c6e93225cce4",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
@@ -2385,7 +2510,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "3a383f61-8ad4-4815-93a8-d04eefc48791",
+ "id" : "7ad56360-b344-4f26-9dea-1a718ed99d4e",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
@@ -2421,7 +2546,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "fc65865d-d3a4-4769-a665-fd49b34d2687",
+ "id" : "c6817917-1d21-4693-9171-b2e3dfde9582",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
@@ -2457,7 +2582,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "40077362-bb0b-41c7-a297-1d4c3625b17d",
+ "id" : "7cd02437-6d05-486d-a7fe-4d1762895ded",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
@@ -2486,7 +2611,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "5b2f7f25-f5dd-4013-800d-6030b79e257e",
+ "id" : "eb1d9721-b4a0-40a5-9236-b4fd95ca9024",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
@@ -2501,7 +2626,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "e9da2536-e792-461d-aceb-085f18ca533c",
+ "id" : "219415d8-3bab-47a6-9d0c-8c1061ffb68a",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
@@ -2524,7 +2649,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "4c17ae53-d99e-4f47-92ef-47accae912fd",
+ "id" : "ccbf8944-bd32-4aa1-a6f8-93513a3fa5a4",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
@@ -2546,7 +2671,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "da0ed32c-3259-4571-877b-914fa2aa30b3",
+ "id" : "805f972b-75ca-48c0-a390-752b32c0688a",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow",
@@ -2568,7 +2693,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "476d469b-5c54-42af-a41c-5dbe08412395",
+ "id" : "2b15383f-ded1-4fb6-afdc-0c19f65dacc7",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
@@ -2584,7 +2709,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "714c4dc0-d7b3-4e12-93bd-59a7c4fbeef2",
+ "id" : "1c18c3c7-a191-426b-84a4-1ffec96562cc",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
@@ -2620,7 +2745,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "316122ff-d003-49f7-9a0d-a570489bec9d",
+ "id" : "cab07ead-2a48-4b0c-8916-2f89abe55720",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
@@ -2656,7 +2781,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "5c90488c-9d5c-460d-9deb-9740740c3a9e",
+ "id" : "6e158077-d221-4695-b0d3-9528c5ba6bfd",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
@@ -2672,13 +2797,13 @@
} ]
} ],
"authenticatorConfig" : [ {
- "id" : "874c7063-05d5-45fb-b919-840798663176",
+ "id" : "fcb6cb09-fec5-4390-800c-00a3d49525ec",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
- "id" : "93cf220e-2830-4ccb-9054-b3b87ef75fd4",
+ "id" : "68f9e765-81d4-47cd-b111-94d6723883c5",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
diff --git a/dbrepo-broker-service/README.md b/dbrepo-broker-service/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..95e5afaefdfc73751db6856526ca8c5e3a8f4c7c
--- /dev/null
+++ b/dbrepo-broker-service/README.md
@@ -0,0 +1,5 @@
+# Broker Service
+
+## Advanced Config
+
+https://www.rabbitmq.com/docs/ldap
\ No newline at end of file
diff --git a/dbrepo-broker-service/advanced.config b/dbrepo-broker-service/advanced.config
new file mode 100644
index 0000000000000000000000000000000000000000..cf1411a1275648f666188a0d1bc40a6a29d02111
--- /dev/null
+++ b/dbrepo-broker-service/advanced.config
@@ -0,0 +1,17 @@
+[
+ {
+ rabbitmq_auth_backend_ldap,
+ [
+ {
+ tag_queries, [
+ {
+ administrator, {in_group_nested, "cn=system,ou=users,dn=dbrepo,dn=at", "member"}
+ },
+ {
+ management, {constant, true}
+ }
+ ]
+ }
+ ]
+ }
+].
\ No newline at end of file
diff --git a/dbrepo-broker-service/cert.pem b/dbrepo-broker-service/cert.pem
deleted file mode 100644
index e66555558cfa59a12b3d754401e9f84fef7299e4..0000000000000000000000000000000000000000
--- a/dbrepo-broker-service/cert.pem
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk=
------END CERTIFICATE-----
\ No newline at end of file
diff --git a/dbrepo-broker-service/definitions.json b/dbrepo-broker-service/definitions.json
index f9186096c542b3873c5a19f9371f8527c5a531cd..a3b70c989de5cb287e37588860e664afb6b7d6ec 100644
--- a/dbrepo-broker-service/definitions.json
+++ b/dbrepo-broker-service/definitions.json
@@ -21,15 +21,7 @@
],
"global_parameters": [],
"parameters": [],
- "permissions": [
- {
- "configure": ".*",
- "read": ".*",
- "user": "fda",
- "vhost": "dbrepo",
- "write": ".*"
- }
- ],
+ "permissions": [],
"policies": [],
"queues": [
{
@@ -46,17 +38,7 @@
"rabbit_version": "3.10.25",
"rabbitmq_version": "3.10.25",
"topic_permissions": [],
- "users": [
- {
- "hashing_algorithm": "rabbit_password_hashing_sha256",
- "limits": {},
- "name": "fda",
- "password_hash": "7e3Pa0qgP4kvQmCecg6mfFLDWuBEtKagLcNvPcgCd1XCr3sR",
- "tags": [
- "administrator"
- ]
- }
- ],
+ "users": [],
"vhosts": [
{
"limits": [],
diff --git a/dbrepo-broker-service/enabled_plugins b/dbrepo-broker-service/enabled_plugins
index a6ad748caa0392cb3193d79164349243639fc46c..95f1c0014dd4ee232580adea29176756a25274ed 100644
--- a/dbrepo-broker-service/enabled_plugins
+++ b/dbrepo-broker-service/enabled_plugins
@@ -1 +1 @@
-[rabbitmq_prometheus,rabbitmq_auth_backend_oauth2,rabbitmq_auth_mechanism_ssl,rabbitmq_management].
\ No newline at end of file
+[rabbitmq_prometheus,rabbitmq_auth_backend_ldap,rabbitmq_auth_mechanism_ssl,rabbitmq_management].
\ No newline at end of file
diff --git a/dbrepo-broker-service/pubkey.pem b/dbrepo-broker-service/pubkey.pem
deleted file mode 100644
index 9e4e9308e115194765587bb0451e85f98996f1c6..0000000000000000000000000000000000000000
--- a/dbrepo-broker-service/pubkey.pem
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN RSA PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
------END RSA PUBLIC KEY-----
\ No newline at end of file
diff --git a/dbrepo-broker-service/rabbitmq.conf b/dbrepo-broker-service/rabbitmq.conf
index 9efa167ba41d77d9c91a12fa63382a4d626f0b90..c71804aefeac2fc36adaf95e4fca1f3582cc72e6 100644
--- a/dbrepo-broker-service/rabbitmq.conf
+++ b/dbrepo-broker-service/rabbitmq.conf
@@ -18,20 +18,15 @@ log.console.level = warning
# Obviously your authentication server cannot vouch for itself, so you'll need another backend with at least one user in
# it. You should probably use the internal database
-auth_backends.1 = rabbit_auth_backend_oauth2
-auth_backends.2 = rabbit_auth_backend_internal
+auth_backends.1.authn = ldap
+auth_backends.1.authz = ldap
+auth_backends.2 = internal
-# management.oauth_enabled = true
-# management.oauth_client_id = rabbitmq-client
-# management.oauth_client_secret = JEC2FexxrX4N65fLeDGukAl6R3Lc9y0u
-# management.oauth_scopes = openid
-# management.oauth_provider_url = http://localhost/api/auth/realms/dbrepo
-
-# OAuth 2.0 files
-auth_oauth2.resource_server_id = rabbitmq
-auth_oauth2.preferred_username_claims.1 = client_id
-auth_oauth2.default_key = t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM
-auth_oauth2.signing_keys.t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM = /app/cert.pem
-auth_oauth2.signing_keys.id2 = /app/pubkey.pem
-auth_oauth2.algorithms.1 = HS256
-auth_oauth2.algorithms.2 = RS256
+# LDAP
+auth_ldap.servers.1 = identity-service
+auth_ldap.port = 1389
+auth_ldap.user_dn_pattern = ${username}
+auth_ldap.dn_lookup_base = ou=users,dc=dbrepo,dc=at
+auth_ldap.dn_lookup_attribute = uid
+auth_ldap.dn_lookup_bind.user_dn = cn=admin,dc=dbrepo,dc=at
+auth_ldap.dn_lookup_bind.password = admin
diff --git a/dbrepo-broker-service/rabbitmq.conf.secure b/dbrepo-broker-service/rabbitmq.conf.secure
deleted file mode 100644
index dd6edf75ae2ee0e54612657667c1892cb74bafa6..0000000000000000000000000000000000000000
--- a/dbrepo-broker-service/rabbitmq.conf.secure
+++ /dev/null
@@ -1,40 +0,0 @@
-# user
-default_vhost = dbrepo
-default_user = fda
-default_pass = fda
-default_user_tags.administrator = true
-default_permissions.configure = .*
-default_permissions.read = .*
-default_permissions.write = .*
-
-# enable http outside localhost
-listeners.tcp.1 = 0.0.0.0:5672
-listeners.ssl.2 = 0.0.0.0:5671
-
-# management prefix (https://www.rabbitmq.com/management.html#path-prefix)
-management.path_prefix = /admin/broker
-management.load_definitions = /app/definitions.json
-
-# logging
-log.console = true
-log.console.level = warning
-ssl_options.cacertfile = /etc/rabbitmq/cacert.crt
-ssl_options.certfile = /etc/tls/tls.crt
-ssl_options.keyfile = /etc/tls/tls.key
-ssl_options.verify = verify_peer
-ssl_options.fail_if_no_peer_cert = true
-
-# Obviously your authentication server cannot vouch for itself, so you'll need another backend with at least one user in
-# it. You should probably use the internal database
-auth_backends.1 = rabbit_auth_backend_oauth2
-auth_backends.2 = rabbit_auth_backend_internal
-
-# OAuth 2.0 files
-auth_oauth2.resource_server_id = rabbitmq
-#auth_oauth2.additional_scopes_key = my_custom_scope_key
-auth_oauth2.preferred_username_claims.1 = client_id
-auth_oauth2.default_key = t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM
-auth_oauth2.signing_keys.t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM = /app/cert.pem
-auth_oauth2.signing_keys.id2 = /app/pubkey.pem
-auth_oauth2.algorithms.1 = HS256
-auth_oauth2.algorithms.2 = RS256
diff --git a/dbrepo-data-service/pom.xml b/dbrepo-data-service/pom.xml
index 3d3182bb231a8c0bb82c7bd4a8b99cc076ba20da..76ead57517edb931164c3758dd1ea49c9d5c111a 100644
--- a/dbrepo-data-service/pom.xml
+++ b/dbrepo-data-service/pom.xml
@@ -11,7 +11,7 @@
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-data-service</artifactId>
<name>dbrepo-data-service</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<description>Service that manages the data</description>
diff --git a/dbrepo-data-service/querystore/pom.xml b/dbrepo-data-service/querystore/pom.xml
index 4e08bccd72ee108c77bb795468a44eefed375073..57bb5dd76ca4f08668eab02c0391ef54a7ea5fa5 100644
--- a/dbrepo-data-service/querystore/pom.xml
+++ b/dbrepo-data-service/querystore/pom.xml
@@ -6,12 +6,12 @@
<parent>
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-data-service</artifactId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>dbrepo-data-service-querystore</artifactId>
<name>dbrepo-data-service-querystore</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies/>
diff --git a/dbrepo-data-service/report/pom.xml b/dbrepo-data-service/report/pom.xml
index 9a46c8f2fbe3d5a4257835c1a6935d36e4376d36..10663ef86dfa470e69a0254308d00761af5f7a44 100644
--- a/dbrepo-data-service/report/pom.xml
+++ b/dbrepo-data-service/report/pom.xml
@@ -6,12 +6,12 @@
<parent>
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-data-service</artifactId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>report</artifactId>
<name>dbrepo-data-service-report</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<description>
This module is only intended for the pipeline coverage report. See the detailed report in the
respective modules
diff --git a/dbrepo-data-service/rest-service/pom.xml b/dbrepo-data-service/rest-service/pom.xml
index 72f1a8f5d927f7334692c032bc3169d2b83d2b60..9eb7ec933b8a66a8984d900f2382b838e2c6b2d5 100644
--- a/dbrepo-data-service/rest-service/pom.xml
+++ b/dbrepo-data-service/rest-service/pom.xml
@@ -6,18 +6,18 @@
<parent>
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-data-service</artifactId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>rest-service</artifactId>
<name>dbrepo-data-service-rest-service</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies>
<dependency>
<groupId>at.tuwien</groupId>
<artifactId>services</artifactId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</dependency>
</dependencies>
diff --git a/dbrepo-data-service/rest-service/src/main/resources/application-local.yml b/dbrepo-data-service/rest-service/src/main/resources/application-local.yml
index c36b248b7ea2a72bf60d27eeaef910679035e01b..5a6dc187e80cde15b38961c77875d4e2fde0ff98 100644
--- a/dbrepo-data-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-data-service/rest-service/src/main/resources/application-local.yml
@@ -9,8 +9,8 @@ spring:
rabbitmq:
host: localhost
virtual-host: dbrepo
- password: guest
- username: guest
+ password: admin
+ username: admin
port: 5672
jpa:
show-sql: false
diff --git a/dbrepo-data-service/rest-service/src/main/resources/application.yml b/dbrepo-data-service/rest-service/src/main/resources/application.yml
index 7c91d6a5c822692136ceafe6b8700150d2d8ba58..93f31ab5ae3020352e56bea4c890fe81c26e7f31 100644
--- a/dbrepo-data-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-data-service/rest-service/src/main/resources/application.yml
@@ -10,8 +10,8 @@ spring:
rabbitmq:
host: "${BROKER_HOST:broker-service}"
virtual-host: "${BROKER_VIRTUALHOST:dbrepo}"
- password: "${BROKER_PASSWORD:fda}"
- username: "${BROKER_USERNAME:fda}"
+ password: "${BROKER_PASSWORD:admin}"
+ username: "${BROKER_USERNAME:admin}"
port: ${BROKER_PORT:5672}
jpa:
show-sql: false
diff --git a/dbrepo-data-service/rest-service/src/test/java/at/tuwien/service/StorageServiceIntegrationTest.java b/dbrepo-data-service/rest-service/src/test/java/at/tuwien/service/StorageServiceIntegrationTest.java
index 336a2072c58f36762e74ad154f1737647466c7a7..7b3cc4703748b070bdab83d2e46b9bbd804dc266 100644
--- a/dbrepo-data-service/rest-service/src/test/java/at/tuwien/service/StorageServiceIntegrationTest.java
+++ b/dbrepo-data-service/rest-service/src/test/java/at/tuwien/service/StorageServiceIntegrationTest.java
@@ -15,12 +15,10 @@ import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.DynamicPropertyRegistry;
import org.springframework.test.context.DynamicPropertySource;
import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.testcontainers.containers.MariaDBContainer;
import org.testcontainers.containers.MinIOContainer;
import org.testcontainers.junit.jupiter.Container;
import org.testcontainers.junit.jupiter.Testcontainers;
@@ -32,7 +30,6 @@ import software.amazon.awssdk.services.s3.model.PutObjectRequest;
import java.io.File;
import java.io.InputStream;
import java.sql.SQLException;
-import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
diff --git a/dbrepo-data-service/services/pom.xml b/dbrepo-data-service/services/pom.xml
index d5f6be25c8c35716eb34186b20d5711210e6f923..0b57ceef9d0e575cdedd03c769ecc24aacf682e5 100644
--- a/dbrepo-data-service/services/pom.xml
+++ b/dbrepo-data-service/services/pom.xml
@@ -6,12 +6,12 @@
<parent>
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-data-service</artifactId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>services</artifactId>
<name>dbrepo-data-service-services</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies>
<dependency>
@@ -22,7 +22,7 @@
<dependency>
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-data-service-querystore</artifactId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</dependency>
</dependencies>
diff --git a/dbrepo-data-service/services/src/main/java/at/tuwien/auth/AuthTokenFilter.java b/dbrepo-data-service/services/src/main/java/at/tuwien/auth/AuthTokenFilter.java
index 46ec0e6a24bdd2bc2a9a88f8fad4815467ebff08..35e55797ebffb688f801bfcf64163d3a4a630049 100644
--- a/dbrepo-data-service/services/src/main/java/at/tuwien/auth/AuthTokenFilter.java
+++ b/dbrepo-data-service/services/src/main/java/at/tuwien/auth/AuthTokenFilter.java
@@ -74,8 +74,8 @@ public class AuthTokenFilter extends OncePerRequestFilter {
final DecodedJWT jwt = verifier.verify(token);
final RealmAccessDto realmAccess = jwt.getClaim("realm_access").as(RealmAccessDto.class);
return UserDetailsDto.builder()
- .id(jwt.getSubject())
- .username(jwt.getClaim("client_id").asString())
+ .id(jwt.getClaim("uid").asString())
+ .username(jwt.getClaim("preferred_username").asString())
.authorities(Arrays.stream(realmAccess.getRoles()).map(SimpleGrantedAuthority::new).collect(Collectors.toList()))
.build();
}
diff --git a/dbrepo-data-service/services/src/main/java/at/tuwien/auth/BasicAuthenticationProvider.java b/dbrepo-data-service/services/src/main/java/at/tuwien/auth/BasicAuthenticationProvider.java
index 805035d42171ba59b997639d26f8104129628a74..8aa52308bf3f237a0f84cca7d0f3a34edd1d32c3 100644
--- a/dbrepo-data-service/services/src/main/java/at/tuwien/auth/BasicAuthenticationProvider.java
+++ b/dbrepo-data-service/services/src/main/java/at/tuwien/auth/BasicAuthenticationProvider.java
@@ -3,14 +3,11 @@ package at.tuwien.auth;
import at.tuwien.api.keycloak.TokenDto;
import at.tuwien.api.user.UserDetailsDto;
import at.tuwien.config.GatewayConfig;
-import at.tuwien.exception.RemoteUnavailableException;
-import at.tuwien.exception.ServiceConnectionException;
-import at.tuwien.exception.ServiceException;
+import at.tuwien.exception.*;
import at.tuwien.gateway.KeycloakGateway;
import jakarta.servlet.ServletException;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
diff --git a/dbrepo-data-service/services/src/main/java/at/tuwien/config/RabbitConfig.java b/dbrepo-data-service/services/src/main/java/at/tuwien/config/RabbitConfig.java
index 8d2ef4bbe9f92d6e0cf374c8af8277c14d6af7bc..3cdff97a17aaf48bb5fa69507bcfdc2895e7e0fd 100644
--- a/dbrepo-data-service/services/src/main/java/at/tuwien/config/RabbitConfig.java
+++ b/dbrepo-data-service/services/src/main/java/at/tuwien/config/RabbitConfig.java
@@ -1,5 +1,6 @@
package at.tuwien.config;
+import at.tuwien.listener.DefaultListener;
import lombok.Getter;
import lombok.extern.log4j.Log4j2;
import org.springframework.amqp.core.AcknowledgeMode;
@@ -7,6 +8,8 @@ import org.springframework.amqp.rabbit.config.SimpleRabbitListenerContainerFacto
import org.springframework.amqp.rabbit.connection.CachingConnectionFactory;
import org.springframework.amqp.rabbit.connection.ConnectionFactory;
import org.springframework.amqp.rabbit.core.RabbitTemplate;
+import org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer;
+import org.springframework.amqp.rabbit.listener.adapter.MessageListenerAdapter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -53,34 +56,25 @@ public class RabbitConfig {
private Integer connectionTimeout;
@Bean
- public SimpleRabbitListenerContainerFactory getSimpleRabbitListenerContainerFactory() {
- log.debug("container factory settings: concurrentConsumers={}, maxConcurrentConsumers={}, acknowledgeMode={}, requeueRejected={}",
- minConcurrent, maxConcurrent, AcknowledgeMode.AUTO, requeueRejected);
- final SimpleRabbitListenerContainerFactory factory = new SimpleRabbitListenerContainerFactory();
- factory.setConnectionFactory(getConnectionFactory());
- factory.setConcurrentConsumers(minConcurrent);
- factory.setMaxConcurrentConsumers(maxConcurrent);
- factory.setConsecutiveActiveTrigger(1);
- factory.setAcknowledgeMode(AcknowledgeMode.AUTO);
- factory.setDefaultRequeueRejected(requeueRejected);
- return factory;
+ public SimpleMessageListenerContainer container(ConnectionFactory connectionFactory,
+ MessageListenerAdapter listenerAdapter) {
+ SimpleMessageListenerContainer container = new SimpleMessageListenerContainer();
+ container.setConnectionFactory(connectionFactory);
+ container.setQueueNames(queueName);
+ container.setMessageListener(listenerAdapter);
+ container.setConcurrentConsumers(minConcurrent);
+ container.setMaxConcurrentConsumers(maxConcurrent);
+ return container;
}
@Bean
- public ConnectionFactory getConnectionFactory() {
- log.debug("rabbitmq endpoint: amqp://{}:{}/{}", host, port, virtualHost);
- final CachingConnectionFactory factory = new CachingConnectionFactory();
- factory.setAddresses(host);
- factory.setPort(port);
- factory.setUsername(username);
- factory.setPassword(password);
- factory.setVirtualHost(virtualHost);
- return factory;
+ public MessageListenerAdapter listenerAdapter(DefaultListener listener) {
+ return new MessageListenerAdapter(listener, "onMessage");
}
@Bean
- public RabbitTemplate rabbitTemplate() {
- return new RabbitTemplate(getConnectionFactory());
+ public RabbitTemplate rabbitTemplate(ConnectionFactory connectionFactory) {
+ return new RabbitTemplate(connectionFactory);
}
}
diff --git a/dbrepo-data-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java b/dbrepo-data-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
index 5bb4b2e9705f36d0e4168f5688ac42ca13de8882..2aa39d5d4354912cd2101861328341f00725c3d3 100644
--- a/dbrepo-data-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
+++ b/dbrepo-data-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
@@ -44,7 +44,8 @@ public class WebSecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http, KeycloakGateway keycloakGateway,
- GatewayConfig gatewayConfig) throws Exception {
+ GatewayConfig gatewayConfig)
+ throws Exception {
final OrRequestMatcher internalEndpoints = new OrRequestMatcher(
new AntPathRequestMatcher("/actuator/**", "GET"),
new AntPathRequestMatcher("/v3/api-docs.yaml"),
diff --git a/dbrepo-data-service/services/src/main/java/at/tuwien/listener/DefaultListener.java b/dbrepo-data-service/services/src/main/java/at/tuwien/listener/DefaultListener.java
index 89b18b3275323545e0defadc3e8b851ada914072..192fc30a61bcf68743d0f9eec36a190a3bc4941b 100644
--- a/dbrepo-data-service/services/src/main/java/at/tuwien/listener/DefaultListener.java
+++ b/dbrepo-data-service/services/src/main/java/at/tuwien/listener/DefaultListener.java
@@ -12,7 +12,6 @@ import lombok.extern.log4j.Log4j2;
import org.springframework.amqp.core.Message;
import org.springframework.amqp.core.MessageListener;
import org.springframework.amqp.core.MessageProperties;
-import org.springframework.amqp.rabbit.annotation.RabbitListener;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -23,7 +22,6 @@ import java.util.Map;
@Log4j2
@Component
-@RabbitListener(queues = "dbrepo")
public class DefaultListener implements MessageListener {
private final ObjectMapper objectMapper;
diff --git a/dbrepo-data-service/services/src/main/java/at/tuwien/service/impl/QueueServiceRabbitMqImpl.java b/dbrepo-data-service/services/src/main/java/at/tuwien/service/impl/QueueServiceRabbitMqImpl.java
index fd7966e0bebe65df727b903452d792ac59625a77..f2675d4e5b537d751743ae70ea7c366e19a05351 100644
--- a/dbrepo-data-service/services/src/main/java/at/tuwien/service/impl/QueueServiceRabbitMqImpl.java
+++ b/dbrepo-data-service/services/src/main/java/at/tuwien/service/impl/QueueServiceRabbitMqImpl.java
@@ -46,6 +46,7 @@ public class QueueServiceRabbitMqImpl extends HibernateConnector implements Queu
dataMapper.prepareStatementWithColumnTypeObject(preparedStatement, optional.get().getColumnType(), idx[0]++,
entry.getValue());
}
+ preparedStatement.executeUpdate();
log.trace("successfully inserted tuple");
} finally {
dataSource.close();
diff --git a/dbrepo-metadata-db/setup-data.sql b/dbrepo-metadata-db/setup-data.sql
index 0e1a3971b7676bb67cf18a378766673a12d552d4..24e587fc50cb9beb6363c6bc562c7120a9d9a714 100644
--- a/dbrepo-metadata-db/setup-data.sql
+++ b/dbrepo-metadata-db/setup-data.sql
@@ -2,7 +2,7 @@ BEGIN;
INSERT INTO `mdb_containers` (name, internal_name, image_id, host, port, ui_host, ui_port, sidecar_host, sidecar_port,
privileged_username, privileged_password)
-VALUES ('MariaDB Galera 11.1.3', 'mariadb_11_1_3', 1, 'data-db', 3306, 'localhost', 3306, 'data-db-sidecar', 8080,
+VALUES ('MariaDB 11.1.3', 'mariadb_11_1_3', 1, 'data-db', 3306, 'localhost', 3306, 'data-db-sidecar', 8080,
'root', 'dbrepo');
COMMIT;
diff --git a/dbrepo-metadata-service/api/pom.xml b/dbrepo-metadata-service/api/pom.xml
index 6815b5f9e6139001d2908d339a254e1424d21732..b62bfdc94ad922ffa7b1c8f44e3f1e54d89a2d87 100644
--- a/dbrepo-metadata-service/api/pom.xml
+++ b/dbrepo-metadata-service/api/pom.xml
@@ -6,12 +6,12 @@
<parent>
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-metadata-service</artifactId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>dbrepo-metadata-service-api</artifactId>
<name>dbrepo-metadata-service-api</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies/>
diff --git a/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/keycloak/UserAttributesDto.java b/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/keycloak/UserAttributesDto.java
new file mode 100644
index 0000000000000000000000000000000000000000..027955ba77b69fd708c1c18463c1a92d09c93c95
--- /dev/null
+++ b/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/keycloak/UserAttributesDto.java
@@ -0,0 +1,27 @@
+package at.tuwien.api.keycloak;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.*;
+import lombok.extern.jackson.Jacksonized;
+
+import java.util.UUID;
+
+@Getter
+@Setter
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Jacksonized
+@ToString
+public class UserAttributesDto {
+
+ @Schema(example = "s3cr3t")
+ @JsonProperty("LDAP_ENTRY_DN")
+ private String[] ldapEntryDn;
+
+ @Schema(example = "false")
+ @JsonProperty("LDAP_ID")
+ private UUID[] ldapId;
+
+}
diff --git a/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/keycloak/UserDto.java b/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/keycloak/UserDto.java
index a96c6932abc2a3a6015cd730427f45b3120cee50..a2d7811ab0aa334a4f3a5d49916428b58166317b 100644
--- a/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/keycloak/UserDto.java
+++ b/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/keycloak/UserDto.java
@@ -46,4 +46,7 @@ public class UserDto {
@Schema(example = "0")
private Long notBefore;
+ @NotNull
+ private UserAttributesDto attributes;
+
}
diff --git a/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/ldap/UserDto.java b/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/ldap/UserDto.java
new file mode 100644
index 0000000000000000000000000000000000000000..3cb0a86e738a994a829fa064a95c5db1ac90b3a3
--- /dev/null
+++ b/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/ldap/UserDto.java
@@ -0,0 +1,29 @@
+package at.tuwien.api.ldap;
+
+import jakarta.validation.constraints.NotNull;
+import lombok.*;
+import lombok.extern.jackson.Jacksonized;
+
+import java.util.UUID;
+
+@Getter
+@Setter
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Jacksonized
+@ToString
+@EqualsAndHashCode(onlyExplicitlyIncluded = true)
+public class UserDto {
+
+ @NotNull
+ @EqualsAndHashCode.Include
+ private UUID id;
+
+ @NotNull
+ private String username;
+
+ @NotNull
+ private String email;
+
+}
diff --git a/dbrepo-metadata-service/entities/pom.xml b/dbrepo-metadata-service/entities/pom.xml
index 62dec0e318ee6dc3f660220db1d4f233a2b7a7e0..2fb8efa9e9f07076e4891377c876658dbb04d146 100644
--- a/dbrepo-metadata-service/entities/pom.xml
+++ b/dbrepo-metadata-service/entities/pom.xml
@@ -6,12 +6,12 @@
<parent>
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-metadata-service</artifactId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>dbrepo-metadata-service-entities</artifactId>
<name>dbrepo-metadata-service-entity</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies/>
diff --git a/dbrepo-metadata-service/entities/src/main/java/at/tuwien/entities/user/User.java b/dbrepo-metadata-service/entities/src/main/java/at/tuwien/entities/user/User.java
index aff997a3ae3caf76f70c056d9dbf8b7bbc016f3e..797b0bd30f760fd27c2a82789ff22674b14acab1 100644
--- a/dbrepo-metadata-service/entities/src/main/java/at/tuwien/entities/user/User.java
+++ b/dbrepo-metadata-service/entities/src/main/java/at/tuwien/entities/user/User.java
@@ -3,6 +3,7 @@ package at.tuwien.entities.user;
import at.tuwien.entities.database.DatabaseAccess;
import jakarta.persistence.*;
import lombok.*;
+import lombok.extern.log4j.Log4j2;
import org.hibernate.annotations.JdbcTypeCode;
import org.springframework.data.jpa.domain.support.AuditingEntityListener;
@@ -10,6 +11,7 @@ import java.security.Principal;
import java.util.List;
import java.util.UUID;
+@Log4j2
@Data
@Entity
@Builder
@@ -19,9 +21,6 @@ import java.util.UUID;
@EntityListeners(AuditingEntityListener.class)
@EqualsAndHashCode(onlyExplicitlyIncluded = true)
@Table(name = "mdb_users")
-@NamedQueries({
- @NamedQuery(name = "User.findByUsername", query = "select u from User u where u.username = ?1")
-})
public class User {
@Id
@@ -71,12 +70,16 @@ public class User {
return true;
}
if (o instanceof Principal principal) {
- return this.getUsername().equals(principal.getName());
+ final boolean result = this.getUsername().equals(principal.getName());
+ log.trace("check if username {} equals principal name {}: {}", username, principal.getName(), result);
+ return result;
}
if (!(o instanceof User other)) {
return false;
}
- return this.getId().equals(other.getId());
+ final boolean result = this.getId().equals(other.getId());
+ log.trace("check if id {} equals other id {}: {}", id, other.getId(), result);
+ return result;
}
}
diff --git a/dbrepo-metadata-service/metrics.md b/dbrepo-metadata-service/metrics.md
index 976bacc4aaf07d381b939b457d9af19f5417de41..c8cd48baf08069f079f5ce9df58123751be65f2d 100644
--- a/dbrepo-metadata-service/metrics.md
+++ b/dbrepo-metadata-service/metrics.md
@@ -1,67 +1,67 @@
-| **Metric** | **Description** |
-|------------------------------------|----------------------------------------|
-| `dbrepo_access_delete` | Revoke access to some database |
-| `dbrepo_access_get` | Check access to some database |
-| `dbrepo_access_give` | Give access to some database |
-| `dbrepo_access_modify` | Modify access to some database |
-| `dbrepo_container_create` | Create container |
-| `dbrepo_container_delete` | Delete some container |
-| `dbrepo_container_find` | Find some container |
-| `dbrepo_container_findall` | Find all containers |
-| `dbrepo_database_create` | Create database |
-| `dbrepo_database_find` | Find some database |
-| `dbrepo_database_findall` | List databases |
-| `dbrepo_database_image` | Update database image |
-| `dbrepo_database_transfer` | Update database owner |
-| `dbrepo_database_visibility` | Update database visibility |
-| `dbrepo_identifier_create` | Draft identifier |
-| `dbrepo_identifier_delete` | Delete some identifier |
-| `dbrepo_identifier_find` | Find some identifier |
-| `dbrepo_identifier_list` | Find all identifiers |
-| `dbrepo_identifier_publish` | Publish identifier |
-| `dbrepo_identifier_retrieve` | Retrieve metadata from identifier |
-| `dbrepo_identifier_save` | Save identifier |
-| `dbrepo_image_create` | Create image |
-| `dbrepo_image_delete` | Delete some image |
-| `dbrepo_image_find` | Find some image |
-| `dbrepo_image_findall` | Find all images |
-| `dbrepo_image_update` | Update some image |
-| `dbrepo_license_findall` | Get all licenses |
-| `dbrepo_maintenance_create` | Create maintenance message |
-| `dbrepo_maintenance_delete` | Delete maintenance message |
-| `dbrepo_maintenance_find` | Find one maintenance message |
-| `dbrepo_maintenance_findall` | Find maintenance messages |
-| `dbrepo_maintenance_update` | Update maintenance message |
-| `dbrepo_oai_identifiers_list` | List the identifiers |
-| `dbrepo_oai_identify` | Identify the repository |
-| `dbrepo_oai_metadataformats_list` | List the metadata formats |
-| `dbrepo_oai_record_get` | Get the record |
-| `dbrepo_ontologies_create` | Register a new ontology |
-| `dbrepo_ontologies_delete` | Delete an ontology |
-| `dbrepo_ontologies_entities_find` | Find entities |
-| `dbrepo_ontologies_find` | Find one ontology |
-| `dbrepo_ontologies_findall` | List all ontologies |
-| `dbrepo_ontologies_update` | Update an ontology |
-| `dbrepo_semantic_column_analyse` | Suggest table column semantics |
-| `dbrepo_semantic_concepts_findall` | List semantic concepts |
-| `dbrepo_semantic_table_analyse` | Suggest table semantics |
-| `dbrepo_semantic_units_findall` | List semantic units |
-| `dbrepo_semantics_column_save` | Update a table column semantic mapping |
-| `dbrepo_statistic_table_update` | Update table statistics |
-| `dbrepo_table_create` | Create a table |
-| `dbrepo_table_delete` | Delete a table |
-| `dbrepo_tables_find` | Get information about table |
-| `dbrepo_tables_findall` | List all tables |
-| `dbrepo_tables_refresh` | Refresh database tables metadata |
-| `dbrepo_user_create` | Create user |
-| `dbrepo_user_find` | Get a user info |
-| `dbrepo_user_modify` | Modify user information |
-| `dbrepo_user_password_modify` | Modify user password |
-| `dbrepo_user_refresh_token` | Refresh user token |
-| `dbrepo_user_token` | Obtain user token |
-| `dbrepo_users_list` | Find all users |
-| `dbrepo_view_create` | Create a view |
-| `dbrepo_view_delete` | Delete one view |
-| `dbrepo_view_find` | Find one view |
-| `dbrepo_views_findall` | Find all views |
-| `dbrepo_views_refresh` | Refresh database views metadata |
+| **Metric** | **Description** |
+|------------------------------------|-------------------------------|
+| `dbrepo_access_delete` | Delete access |
+| `dbrepo_access_get` | Find/Check access |
+| `dbrepo_access_give` | Give access |
+| `dbrepo_access_modify` | Modify access |
+| `dbrepo_container_create` | Create container |
+| `dbrepo_container_delete` | Delete container |
+| `dbrepo_container_find` | Find container |
+| `dbrepo_container_findall` | List containers |
+| `dbrepo_database_create` | Create database |
+| `dbrepo_database_find` | Find database |
+| `dbrepo_database_findall` | List databases |
+| `dbrepo_database_image` | Update database preview image |
+| `dbrepo_database_transfer` | Update database owner |
+| `dbrepo_database_visibility` | Update database visibility |
+| `dbrepo_identifier_create` | Create identifier |
+| `dbrepo_identifier_delete` | Delete identifier |
+| `dbrepo_identifier_find` | Find identifier |
+| `dbrepo_identifier_list` | List identifiers |
+| `dbrepo_identifier_publish` | Publish identifier |
+| `dbrepo_identifier_retrieve` | Retrieve PID metadata |
+| `dbrepo_identifier_save` | Save identifier |
+| `dbrepo_image_create` | Create image |
+| `dbrepo_image_delete` | Delete image |
+| `dbrepo_image_find` | Find image |
+| `dbrepo_image_findall` | List images |
+| `dbrepo_image_update` | Update image |
+| `dbrepo_license_findall` | List licenses |
+| `dbrepo_maintenance_create` | Create message |
+| `dbrepo_maintenance_delete` | Delete message |
+| `dbrepo_maintenance_find` | Find message |
+| `dbrepo_maintenance_findall` | List messages |
+| `dbrepo_maintenance_update` | Update message |
+| `dbrepo_oai_identifiers_list` | List identifiers |
+| `dbrepo_oai_identify` | Identify repository |
+| `dbrepo_oai_metadataformats_list` | List metadata formats |
+| `dbrepo_oai_record_get` | Get record |
+| `dbrepo_ontologies_create` | Create ontology |
+| `dbrepo_ontologies_delete` | Delete ontology |
+| `dbrepo_ontologies_entities_find` | Find entities |
+| `dbrepo_ontologies_find` | Find ontology |
+| `dbrepo_ontologies_findall` | List ontologies |
+| `dbrepo_ontologies_update` | Update ontology |
+| `dbrepo_semantic_column_analyse` | Suggest semantics |
+| `dbrepo_semantic_concepts_findall` | List concepts |
+| `dbrepo_semantic_table_analyse` | Suggest semantics |
+| `dbrepo_semantic_units_findall` | List units |
+| `dbrepo_semantics_column_save` | Update semantics |
+| `dbrepo_statistic_table_update` | Update statistics |
+| `dbrepo_table_create` | Create table |
+| `dbrepo_table_delete` | Delete table |
+| `dbrepo_tables_find` | Find table |
+| `dbrepo_tables_findall` | List tables |
+| `dbrepo_tables_refresh` | Update database table schemas |
+| `dbrepo_user_create` | Create user |
+| `dbrepo_user_find` | Get user |
+| `dbrepo_user_modify` | Update user |
+| `dbrepo_user_password_modify` | Update user password |
+| `dbrepo_user_refresh_token` | Refresh token |
+| `dbrepo_user_token` | Create token |
+| `dbrepo_users_list` | List users |
+| `dbrepo_view_create` | Create view |
+| `dbrepo_view_delete` | Delete view |
+| `dbrepo_view_find` | Get view |
+| `dbrepo_views_findall` | List views |
+| `dbrepo_views_refresh` | Update database view schemas |
diff --git a/dbrepo-metadata-service/oai/pom.xml b/dbrepo-metadata-service/oai/pom.xml
index e432736721cba310f5a48416beeeb9ed3196774e..5b37750134eb43f3c077ac3c719c94fcad8d6d77 100644
--- a/dbrepo-metadata-service/oai/pom.xml
+++ b/dbrepo-metadata-service/oai/pom.xml
@@ -6,12 +6,12 @@
<parent>
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-metadata-service</artifactId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>dbrepo-metadata-service-oai</artifactId>
<name>dbrepo-metadata-service-oai</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies/>
diff --git a/dbrepo-metadata-service/pom.xml b/dbrepo-metadata-service/pom.xml
index 563373645070c416f257ec69b25354e1d00111c5..ef3bee26370857c035b7df3971f6d95e9924854a 100644
--- a/dbrepo-metadata-service/pom.xml
+++ b/dbrepo-metadata-service/pom.xml
@@ -11,7 +11,7 @@
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-metadata-service</artifactId>
<name>dbrepo-metadata-service</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<description>Service that manages the metadata</description>
diff --git a/dbrepo-metadata-service/report/pom.xml b/dbrepo-metadata-service/report/pom.xml
index 9012f19379811a0fec2a80cdb869ec0720ce98e1..6a7874d4e9352a783ca03711ab1e8efe4eabadea 100644
--- a/dbrepo-metadata-service/report/pom.xml
+++ b/dbrepo-metadata-service/report/pom.xml
@@ -6,12 +6,12 @@
<parent>
<artifactId>dbrepo-metadata-service</artifactId>
<groupId>at.tuwien</groupId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>dbrepo-metadata-service-report</artifactId>
<name>dbrepo-metadata-service-report</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies>
<dependency>
diff --git a/dbrepo-metadata-service/repositories/pom.xml b/dbrepo-metadata-service/repositories/pom.xml
index 1fa4ba34e789e6d9f12a45e756b7e7d481309baa..b67917715a5c2e1200e3e14884e45cd1ff60c055 100644
--- a/dbrepo-metadata-service/repositories/pom.xml
+++ b/dbrepo-metadata-service/repositories/pom.xml
@@ -6,12 +6,12 @@
<parent>
<artifactId>dbrepo-metadata-service</artifactId>
<groupId>at.tuwien</groupId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>dbrepo-metadata-service-repositories</artifactId>
<name>dbrepo-metadata-service-repositories</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies>
<dependency>
diff --git a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/exception/AuthServiceConnectionException.java b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/exception/AuthServiceConnectionException.java
new file mode 100644
index 0000000000000000000000000000000000000000..08cb54f9de186033e1513c270e4461c5638db9d0
--- /dev/null
+++ b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/exception/AuthServiceConnectionException.java
@@ -0,0 +1,21 @@
+package at.tuwien.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(code = HttpStatus.BAD_GATEWAY, reason = "error.auth.connection")
+public class AuthServiceConnectionException extends Exception {
+
+ public AuthServiceConnectionException(String msg) {
+ super(msg);
+ }
+
+ public AuthServiceConnectionException(String msg, Throwable thr) {
+ super(msg + ": " + thr.getLocalizedMessage(), thr);
+ }
+
+ public AuthServiceConnectionException(Throwable thr) {
+ super(thr);
+ }
+
+}
diff --git a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/exception/AuthServiceException.java b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/exception/AuthServiceException.java
new file mode 100644
index 0000000000000000000000000000000000000000..de43ce1cbefab60f6e56d4aa942d107c921f7291
--- /dev/null
+++ b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/exception/AuthServiceException.java
@@ -0,0 +1,21 @@
+package at.tuwien.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(code = HttpStatus.SERVICE_UNAVAILABLE, reason = "error.auth.invalid")
+public class AuthServiceException extends Exception {
+
+ public AuthServiceException(String message) {
+ super(message);
+ }
+
+ public AuthServiceException(String message, Throwable thr) {
+ super(message, thr);
+ }
+
+ public AuthServiceException(Throwable thr) {
+ super(thr);
+ }
+
+}
diff --git a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/ContainerRepository.java b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/ContainerRepository.java
index e1a1f209e3adf49d1d85ce2ced2779857da16a38..8155aef9cc3f67eb83c52ed5bb15c4a67c50c208 100644
--- a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/ContainerRepository.java
+++ b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/ContainerRepository.java
@@ -1,7 +1,6 @@
package at.tuwien.repository;
import at.tuwien.entities.container.Container;
-import at.tuwien.entities.container.image.ContainerImageDate;
import org.springframework.data.domain.Pageable;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
diff --git a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/IdentifierRepository.java b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/IdentifierRepository.java
index 338d0e269b828daf1ed2165877a0c8377d491dd7..12b309ec521e84c7eaed1bf446442498bfd4c481 100644
--- a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/IdentifierRepository.java
+++ b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/IdentifierRepository.java
@@ -1,11 +1,7 @@
package at.tuwien.repository;
import at.tuwien.entities.identifier.Identifier;
-import at.tuwien.entities.identifier.IdentifierType;
import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.Modifying;
-import org.springframework.data.jpa.repository.Query;
-import org.springframework.data.repository.query.Param;
import org.springframework.stereotype.Repository;
import java.util.List;
diff --git a/dbrepo-metadata-service/rest-service/pom.xml b/dbrepo-metadata-service/rest-service/pom.xml
index 97e108fa0d55fb1b46c9220ab6368a61fb5c123b..ab556f9c4521be25c046a5777200ce9ab59cfc6b 100644
--- a/dbrepo-metadata-service/rest-service/pom.xml
+++ b/dbrepo-metadata-service/rest-service/pom.xml
@@ -6,12 +6,12 @@
<parent>
<artifactId>dbrepo-metadata-service</artifactId>
<groupId>at.tuwien</groupId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>dbrepo-metadata-service-rest-service</artifactId>
<name>dbrepo-metadata-service-rest</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies>
<dependency>
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/DbrepoMetadataServiceApplication.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/DbrepoMetadataServiceApplication.java
index 8e51c7cff9cb56000678b60d5e1c60dc41b7c3e7..bd979054e64314a6055467249587f1311a50da10 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/DbrepoMetadataServiceApplication.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/DbrepoMetadataServiceApplication.java
@@ -2,13 +2,10 @@ package at.tuwien;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.data.elasticsearch.ElasticsearchDataAutoConfiguration;
import org.springframework.boot.autoconfigure.domain.EntityScan;
-import org.springframework.boot.autoconfigure.elasticsearch.ElasticsearchRestClientAutoConfiguration;
import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.scheduling.annotation.EnableScheduling;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.transaction.annotation.EnableTransactionManagement;
@EnableJpaAuditing
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/AccessEndpoint.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/AccessEndpoint.java
index 1a85308940c749bef9b66099b006d08f4eaf64d8..3c33e2b05781eb8d04362f68eb4c81f54d450312 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/AccessEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/AccessEndpoint.java
@@ -92,9 +92,9 @@ public class AccessEndpoint {
schema = @Schema(implementation = ApiErrorDto.class))}),
})
public ResponseEntity<DatabaseAccessDto> create(@NotBlank @PathVariable("databaseId") Long databaseId,
- @NotBlank @PathVariable("userId") UUID userId,
- @Valid @RequestBody UpdateDatabaseAccessDto data,
- @NotNull Principal principal) throws NotAllowedException, ServiceException,
+ @NotBlank @PathVariable("userId") UUID userId,
+ @Valid @RequestBody UpdateDatabaseAccessDto data,
+ @NotNull Principal principal) throws NotAllowedException, ServiceException,
ServiceConnectionException, DatabaseNotFoundException, UserNotFoundException, AccessNotFoundException,
SearchServiceException, SearchServiceConnectionException {
log.debug("endpoint give access to database, databaseId={}, userId={}, access.type={}", databaseId, userId,
@@ -154,9 +154,9 @@ public class AccessEndpoint {
schema = @Schema(implementation = ApiErrorDto.class))}),
})
public ResponseEntity<Void> update(@NotBlank @PathVariable("databaseId") Long databaseId,
- @NotBlank @PathVariable("userId") UUID userId,
- @Valid @RequestBody UpdateDatabaseAccessDto data,
- @NotNull Principal principal) throws NotAllowedException,
+ @NotBlank @PathVariable("userId") UUID userId,
+ @Valid @RequestBody UpdateDatabaseAccessDto data,
+ @NotNull Principal principal) throws NotAllowedException,
ServiceException, ServiceConnectionException, DatabaseNotFoundException, UserNotFoundException,
AccessNotFoundException, SearchServiceException, SearchServiceConnectionException {
log.debug("endpoint modify database access, databaseId={}, userId={}, access.type={}", databaseId, userId,
@@ -255,8 +255,8 @@ public class AccessEndpoint {
schema = @Schema(implementation = ApiErrorDto.class))}),
})
public ResponseEntity<Void> revoke(@NotBlank @PathVariable("databaseId") Long databaseId,
- @NotBlank @PathVariable("userId") UUID userId,
- @NotNull Principal principal) throws NotAllowedException, ServiceException,
+ @NotBlank @PathVariable("userId") UUID userId,
+ @NotNull Principal principal) throws NotAllowedException, ServiceException,
ServiceConnectionException, DatabaseNotFoundException, UserNotFoundException, AccessNotFoundException,
SearchServiceException, SearchServiceConnectionException {
log.debug("endpoint revoke database access, databaseId={}, userId={}", databaseId, userId);
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
index 36cf03bb37a2686b27163665c63948a5bcc0e04b..d974de427667f390d995a7d25fbc9789484b5bb4 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
@@ -1,9 +1,7 @@
package at.tuwien.endpoints;
-import at.tuwien.api.amqp.ExchangeDto;
import at.tuwien.api.database.*;
import at.tuwien.api.error.ApiErrorDto;
-import at.tuwien.config.RabbitConfig;
import at.tuwien.entities.database.Database;
import at.tuwien.entities.database.DatabaseAccess;
import at.tuwien.entities.user.User;
@@ -43,21 +41,16 @@ import java.util.stream.Collectors;
public class DatabaseEndpoint {
private final UserService userService;
- private final RabbitConfig rabbitConfig;
private final AccessService accessService;
- private final BrokerService brokerService;
private final MetadataMapper databaseMapper;
private final StorageService storageService;
private final DatabaseService databaseService;
@Autowired
- public DatabaseEndpoint(UserService userService, RabbitConfig rabbitConfig, AccessService accessService,
- BrokerService brokerService, MetadataMapper databaseMapper,
+ public DatabaseEndpoint(UserService userService, AccessService accessService, MetadataMapper databaseMapper,
StorageService storageService, DatabaseService databaseService) {
this.userService = userService;
- this.rabbitConfig = rabbitConfig;
this.accessService = accessService;
- this.brokerService = brokerService;
this.databaseMapper = databaseMapper;
this.storageService = storageService;
this.databaseService = databaseService;
@@ -475,9 +468,6 @@ public class DatabaseEndpoint {
}
final HttpHeaders headers = new HttpHeaders();
if (principal != null) {
- /* extra effort only when having access */
- final ExchangeDto exchange = brokerService.findExchange(rabbitConfig.getExchangeName());
- dto.setExchangeType(exchange.getType());
final Authentication authentication = (Authentication) principal;
if (authentication.isAuthenticated() && authentication.getAuthorities().stream().anyMatch(a -> a.getAuthority().equals("admin"))) {
headers.set("X-Username", database.getContainer().getPrivilegedUsername());
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/TableEndpoint.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/TableEndpoint.java
index 0577ef723236c2b871edbbadd94dba3acf5cb07c..c8f01bf26a2e1eaa6f020ed80eefc5673aefc2d2 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/TableEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/TableEndpoint.java
@@ -1,6 +1,5 @@
package at.tuwien.endpoints;
-import at.tuwien.api.amqp.QueueDto;
import at.tuwien.api.database.table.TableBriefDto;
import at.tuwien.api.database.table.TableCreateDto;
import at.tuwien.api.database.table.TableDto;
@@ -11,7 +10,6 @@ import at.tuwien.api.database.table.columns.concepts.ColumnSemanticsUpdateDto;
import at.tuwien.api.error.ApiErrorDto;
import at.tuwien.api.semantics.EntityDto;
import at.tuwien.api.semantics.TableColumnEntityDto;
-import at.tuwien.config.RabbitConfig;
import at.tuwien.entities.database.Database;
import at.tuwien.entities.database.table.Table;
import at.tuwien.entities.database.table.columns.TableColumn;
@@ -53,22 +51,18 @@ public class TableEndpoint {
private final UserService userService;
private final TableService tableService;
- private final RabbitConfig rabbitMqConfig;
private final EntityService entityService;
- private final BrokerService messageQueueService;
private final MetadataMapper metadataMapper;
private final DatabaseService databaseService;
private final EndpointValidator endpointValidator;
@Autowired
- public TableEndpoint(UserService userService, TableService tableService, RabbitConfig rabbitMqConfig,
- EntityService entityService, BrokerService messageQueueService, MetadataMapper metadataMapper,
- DatabaseService databaseService, EndpointValidator endpointValidator) {
+ public TableEndpoint(UserService userService, TableService tableService, EntityService entityService,
+ MetadataMapper metadataMapper, DatabaseService databaseService,
+ EndpointValidator endpointValidator) {
this.userService = userService;
this.tableService = tableService;
- this.rabbitMqConfig = rabbitMqConfig;
this.entityService = entityService;
- this.messageQueueService = messageQueueService;
this.metadataMapper = metadataMapper;
this.databaseService = databaseService;
this.endpointValidator = endpointValidator;
@@ -415,8 +409,6 @@ public class TableEndpoint {
final HttpHeaders headers = new HttpHeaders();
if (principal != null) {
/* extra effort only when logged-in */
- final QueueDto queue = messageQueueService.findQueue(rabbitMqConfig.getQueueName());
- dto.setQueueType(queue.getType());
final Authentication authentication = (Authentication) principal;
if (authentication.isAuthenticated() && authentication.getAuthorities().stream().anyMatch(a -> a.getAuthority().equals("admin"))) {
headers.set("X-Username", table.getDatabase().getContainer().getPrivilegedUsername());
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
index 1ca013ac2c7bf684526cf3ca52c09683b28adc47..1ee680e0169bfa24ca68eece30737de0763792bd 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
@@ -6,6 +6,7 @@ import at.tuwien.api.auth.SignupRequestDto;
import at.tuwien.api.error.ApiErrorDto;
import at.tuwien.api.keycloak.TokenDto;
import at.tuwien.api.user.*;
+import at.tuwien.config.KeycloakConfig;
import at.tuwien.entities.database.Database;
import at.tuwien.entities.user.User;
import at.tuwien.exception.*;
@@ -92,8 +93,13 @@ public class UserEndpoint {
@ApiResponse(responseCode = "400",
description = "Parameters are not well-formed (likely email)",
content = {@Content(mediaType = "application/json")}),
+ @ApiResponse(responseCode = "403",
+ description = "Internal authentication to the auth service is invalid",
+ content = {@Content(
+ mediaType = "application/json",
+ schema = @Schema(implementation = ApiErrorDto.class))}),
@ApiResponse(responseCode = "404",
- description = "default role not found",
+ description = "Default role not found",
content = {@Content(
mediaType = "application/json",
schema = @Schema(implementation = ApiErrorDto.class))}),
@@ -119,14 +125,12 @@ public class UserEndpoint {
schema = @Schema(implementation = ApiErrorDto.class))}),
})
public ResponseEntity<UserDto> create(@NotNull @Valid @RequestBody SignupRequestDto data)
- throws UserExistsException, EmailExistsException, ServiceException, ServiceConnectionException,
- UserNotFoundException {
+ throws UserExistsException, EmailExistsException, AuthServiceException, AuthServiceConnectionException,
+ UserNotFoundException, CredentialsInvalidException {
log.debug("endpoint create user, data.username={}", data.getUsername());
userService.validateUsernameNotExists(data.getUsername());
userService.validateEmailNotExists(data.getEmail());
- authenticationService.create(data);
- final at.tuwien.api.keycloak.UserDto keycloakUserDto = authenticationService.findByUsername(data.getUsername());
- final User user = userService.create(data, keycloakUserDto.getId());
+ final User user = userService.create(data, authenticationService.create(data).getAttributes().getLdapId()[0]);
log.info("Created user with id: {}", user.getId());
return ResponseEntity.status(HttpStatus.CREATED)
.body(userMapper.userToUserDto(user));
@@ -174,7 +178,7 @@ public class UserEndpoint {
schema = @Schema(implementation = ApiErrorDto.class))}),
})
public ResponseEntity<TokenDto> getToken(@NotNull @Valid @RequestBody LoginRequestDto data)
- throws ServiceException, ServiceConnectionException, UserNotFoundException, CredentialsInvalidException,
+ throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException, CredentialsInvalidException,
AccountNotSetupException {
log.debug("endpoint get token, data.username={}", data.getUsername());
/* check */
@@ -223,7 +227,7 @@ public class UserEndpoint {
schema = @Schema(implementation = ApiErrorDto.class))}),
})
public ResponseEntity<TokenDto> refreshToken(@NotNull @Valid @RequestBody RefreshTokenRequestDto data)
- throws ServiceConnectionException, CredentialsInvalidException {
+ throws AuthServiceConnectionException, CredentialsInvalidException {
log.debug("endpoint refresh token");
/* check */
final TokenDto token = authenticationService.refreshToken(data.getRefreshToken());
@@ -258,7 +262,7 @@ public class UserEndpoint {
public ResponseEntity<UserDto> find(@NotNull @PathVariable("userId") UUID userId,
@NotNull Principal principal) throws NotAllowedException,
UserNotFoundException {
- log.debug("endpoint find a user, userId={}", userId);
+ log.debug("endpoint find a user, userId={}, principal.name={}", userId, principal.getName());
/* check */
final User user = userService.findById(userId);
if (!user.equals(principal)) {
@@ -354,9 +358,10 @@ public class UserEndpoint {
schema = @Schema(implementation = ApiErrorDto.class))}),
})
public ResponseEntity<Void> password(@NotNull @PathVariable("userId") UUID userId,
- @NotNull @Valid @RequestBody UserPasswordDto data,
- @NotNull Principal principal) throws NotAllowedException, ServiceException,
- ServiceConnectionException, UserNotFoundException, DatabaseNotFoundException {
+ @NotNull @Valid @RequestBody UserPasswordDto data,
+ @NotNull Principal principal) throws NotAllowedException, AuthServiceException,
+ AuthServiceConnectionException, UserNotFoundException, DatabaseNotFoundException, ServiceException,
+ ServiceConnectionException, CredentialsInvalidException {
log.debug("endpoint modify a user password, userId={}, data.password=(hidden)", userId);
User user = userService.findById(userId);
if (!user.equals(principal)) {
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/ViewEndpoint.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/ViewEndpoint.java
index 775b117bc37b847782496fa411d574e64003be09..a22bdff267e906fcd372e32b5ba36c70944d2188 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/ViewEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/ViewEndpoint.java
@@ -4,6 +4,7 @@ import at.tuwien.api.database.ViewBriefDto;
import at.tuwien.api.database.ViewCreateDto;
import at.tuwien.api.database.ViewDto;
import at.tuwien.api.error.ApiErrorDto;
+import at.tuwien.config.KeycloakConfig;
import at.tuwien.entities.database.Database;
import at.tuwien.entities.database.View;
import at.tuwien.entities.user.User;
@@ -48,7 +49,7 @@ public class ViewEndpoint {
private final DatabaseService databaseService;
@Autowired
- public ViewEndpoint(UserService userService, ViewService viewService, MetadataMapper metadataMapper,
+ public ViewEndpoint(UserService userService, ViewService viewService, MetadataMapper metadataMapper,
DatabaseService databaseService) {
this.userService = userService;
this.viewService = viewService;
@@ -242,8 +243,8 @@ public class ViewEndpoint {
schema = @Schema(implementation = ApiErrorDto.class))}),
})
public ResponseEntity<View> delete(@NotNull @PathVariable("databaseId") Long databaseId,
- @NotNull @PathVariable("viewId") Long viewId,
- @NotNull Principal principal) throws NotAllowedException, ServiceException,
+ @NotNull @PathVariable("viewId") Long viewId,
+ @NotNull Principal principal) throws NotAllowedException, ServiceException,
ServiceConnectionException, DatabaseNotFoundException, ViewNotFoundException, SearchServiceException,
SearchServiceConnectionException {
log.debug("endpoint delete view, databaseId={}, viewId={}", databaseId, viewId);
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/handlers/ApiExceptionHandler.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/handlers/ApiExceptionHandler.java
index bca87e510e1d849c371f76d79f39b7471d9413d2..6b981eb62f8b395e16cd18aa74dc2a88e4c4c502 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/handlers/ApiExceptionHandler.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/handlers/ApiExceptionHandler.java
@@ -10,7 +10,6 @@ import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseStatus;
-import org.springframework.web.context.request.WebRequest;
import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
@Log4j2
@@ -31,6 +30,20 @@ public class ApiExceptionHandler extends ResponseEntityExceptionHandler {
return generic_handle(e.getClass(), e.getLocalizedMessage());
}
+ @Hidden
+ @ResponseStatus(code = HttpStatus.BAD_GATEWAY)
+ @ExceptionHandler(AuthServiceConnectionException.class)
+ public ResponseEntity<ApiErrorDto> handle(AuthServiceConnectionException e) {
+ return generic_handle(e.getClass(), e.getLocalizedMessage());
+ }
+
+ @Hidden
+ @ResponseStatus(code = HttpStatus.SERVICE_UNAVAILABLE)
+ @ExceptionHandler(AuthServiceException.class)
+ public ResponseEntity<ApiErrorDto> handle(AuthServiceException e) {
+ return generic_handle(e.getClass(), e.getLocalizedMessage());
+ }
+
@Hidden
@ResponseStatus(code = HttpStatus.NOT_FOUND)
@ExceptionHandler(ConceptNotFoundException.class)
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/validation/EndpointValidator.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/validation/EndpointValidator.java
index ab3f80b8021e0004eaf2cab0b17e4f8b62736863..7f05bf84a58ad90788476850fed0765394f80ae2 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/validation/EndpointValidator.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/validation/EndpointValidator.java
@@ -255,7 +255,7 @@ public class EndpointValidator {
throw new NotAllowedException("Access not allowed: database with id " + database.getId() + " is not public and no authorization provided");
}
final User user = User.builder()
- .id(UserUtil.getId(principal))
+ .username(principal.getName())
.build();
final DatabaseAccess access = accessService.find(database, user);
log.trace("found access {}", access);
diff --git a/dbrepo-metadata-service/rest-service/src/main/resources/application-local.yml b/dbrepo-metadata-service/rest-service/src/main/resources/application-local.yml
index 87987f76bc609a2bdcf430510b611cb2d5b8059e..fd44a809ca442d50bfd670703ef0c634ba68d4f5 100644
--- a/dbrepo-metadata-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-metadata-service/rest-service/src/main/resources/application-local.yml
@@ -1,4 +1,10 @@
spring:
+ ldap:
+ urls: ldap://localhost:1389
+ userDn: cn=admin,dc=dbrepo,dc=at
+ password: adminpassword
+ base: dc=dbrepo,dc=at
+ adminDn: cn=admins,ou=users,dc=dbrepo,dc=at
datasource:
url: jdbc:mariadb://localhost:3306/dbrepo
driver-class-name: org.mariadb.jdbc.Driver
@@ -10,7 +16,7 @@ spring:
open-in-view: false
properties:
hibernate:
- default_schema: fda
+ default_schema: dbrepo
jdbc:
time_zone: UTC
format_sql: false
@@ -19,8 +25,8 @@ spring:
rabbitmq:
host: localhost
virtual-host: dbrepo
- username: fda
- password: fda
+ username: admin
+ password: admin
port: 5672
management:
endpoints:
@@ -75,8 +81,8 @@ dbrepo:
jwt:
public_key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
keycloak:
- username: fda
- password: fda
+ username: admin
+ password: admin
client: dbrepo-client
clientSecret: MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG
website: http://localhost
diff --git a/dbrepo-metadata-service/rest-service/src/main/resources/application.yml b/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
index ca7cec2ea5045c077bc58c4817546aff8d0d1f75..0552cce9cb2b14a4e88714a85339137a6ddb4e0e 100644
--- a/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
@@ -2,6 +2,12 @@ application:
title: DBRepo
version: '@project.version@'
spring:
+ ldap:
+ urls: "${IDENTITY_SERVICE_URLS:ldap://identity-service:1389}"
+ userDn: "${IDENTITY_SERVICE_USERNAME:cn=admin,dc=dbrepo,dc=at}"
+ password: "${IDENTITY_SERVICE_PASSWORD:adminpassword}"
+ base: "${IDENTITY_SERVICE_BASE:dc=dbrepo,dc=at}"
+ adminDn: "${IDENTITY_SERVICE_ADMIN_GROUP:cn=admins,ou=users,dc=dbrepo,dc=at}"
datasource:
url: "jdbc:mariadb://${METADATA_HOST:metadata-db}:3306/${METADATA_DB:dbrepo}${METADATA_JDBC_EXTRA_ARGS}"
driver-class-name: org.mariadb.jdbc.Driver
@@ -13,7 +19,7 @@ spring:
open-in-view: false
properties:
hibernate:
- default_schema: "${METADATA_DB:fda}"
+ default_schema: "${METADATA_DB:dbrepo}"
jdbc:
time_zone: UTC
application:
@@ -21,8 +27,8 @@ spring:
rabbitmq:
host: "${BROKER_HOST:broker-service}"
virtual-host: "${BROKER_VIRTUALHOST:dbrepo}"
- username: "${BROKER_USERNAME:fda}"
- password: "${BROKER_PASSWORD:fda}"
+ username: "${BROKER_USERNAME:admin}"
+ password: "${BROKER_PASSWORD:admin}"
port: ${BROKER_PORT:5672}
main:
banner-mode: off
@@ -77,8 +83,8 @@ dbrepo:
jwt:
public_key: "${JWT_PUBKEY:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB}"
keycloak:
- username: "${AUTH_SERVICE_ADMIN:fda}"
- password: "${AUTH_SERVICE_ADMIN_PASSWORD:fda}"
+ username: "${AUTH_SERVICE_ADMIN:admin}"
+ password: "${AUTH_SERVICE_ADMIN_PASSWORD:admin}"
client: "${AUTH_SERVICE_CLIENT:dbrepo-client}"
clientSecret: "${AUTH_SERVICE_CLIENT_SECRET:MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}"
website: "${BASE_URL:http://localhost}"
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java
index 08233dfd4478321c77b5662d02f7dd4d6bc053b2..7e53274f504ea36838ce1deda16f3390d372e98b 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java
@@ -96,7 +96,8 @@ public class DatabaseEndpointUnitTest extends AbstractUnitTest {
@WithMockUser(username = USER_1_USERNAME, authorities = {"create-database"})
public void create_succeeds() throws ServiceException, ServiceConnectionException, UserNotFoundException,
DatabaseNotFoundException, ContainerNotFoundException, SearchServiceException,
- SearchServiceConnectionException {
+ SearchServiceConnectionException, AuthServiceException, AuthServiceConnectionException,
+ CredentialsInvalidException {
final DatabaseCreateDto request = DatabaseCreateDto.builder()
.cid(CONTAINER_1_ID)
.name(DATABASE_1_NAME)
@@ -184,8 +185,9 @@ public class DatabaseEndpointUnitTest extends AbstractUnitTest {
@Test
@WithMockUser(username = USER_1_USERNAME, authorities = {"modify-database-visibility"})
- public void visibility_hasRole_succeeds() throws NotAllowedException, ServiceException, ServiceConnectionException,
- UserNotFoundException, DatabaseNotFoundException, SearchServiceException, SearchServiceConnectionException {
+ public void visibility_hasRole_succeeds() throws NotAllowedException, UserNotFoundException,
+ DatabaseNotFoundException, SearchServiceException, SearchServiceConnectionException, AuthServiceException,
+ AuthServiceConnectionException, CredentialsInvalidException {
final DatabaseModifyVisibilityDto request = DatabaseModifyVisibilityDto.builder()
.isPublic(true)
.build();
@@ -302,7 +304,8 @@ public class DatabaseEndpointUnitTest extends AbstractUnitTest {
@WithMockUser(username = USER_1_USERNAME, authorities = {"modify-database-owner"})
public void transfer_hasRole_succeeds() throws ServiceConnectionException, ServiceException,
NotAllowedException, UserNotFoundException, DatabaseNotFoundException, SearchServiceException,
- SearchServiceConnectionException {
+ SearchServiceConnectionException, AuthServiceException, AuthServiceConnectionException,
+ CredentialsInvalidException {
final DatabaseTransferDto request = DatabaseTransferDto.builder()
.id(USER_4_ID)
.build();
@@ -471,15 +474,10 @@ public class DatabaseEndpointUnitTest extends AbstractUnitTest {
if (database != null) {
when(databaseService.findById(databaseId))
.thenReturn(database);
- when(messageQueueService.findExchange(EXCHANGE_DBREPO_NAME))
- .thenReturn(EXCHANGE_DBREPO_DTO);
} else {
doThrow(DatabaseNotFoundException.class)
.when(databaseService)
.findById(databaseId);
- doThrow(ExchangeNotFoundException.class)
- .when(messageQueueService)
- .findExchange(EXCHANGE_DBREPO_NAME);
}
/* test */
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/TableEndpointUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/TableEndpointUnitTest.java
index e5e5097edeedebed520ce7156af79b6e3f88bd3b..b9a67d9911292efaa0234cb9e61d9ea5c778d03f 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/TableEndpointUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/TableEndpointUnitTest.java
@@ -958,8 +958,6 @@ public class TableEndpointUnitTest extends AbstractUnitTest {
.when(accessService)
.find(database, user);
}
- when(messageQueueService.findQueue("dbrepo"))
- .thenReturn(QUEUE_DTO);
/* test */
return tableEndpoint.findById(databaseId, tableId, principal);
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/UserEndpointUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/UserEndpointUnitTest.java
index dfc2615b29d89cfb186c0c169f5c4fc7f3baef8e..f21e13711b88b25cdf981f674edaa103c80b7fe6 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/UserEndpointUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/UserEndpointUnitTest.java
@@ -61,8 +61,8 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
@Test
@WithAnonymousUser
- public void create_anonymous_succeeds() throws UserExistsException, ServiceException, ServiceConnectionException,
- EmailExistsException, UserNotFoundException {
+ public void create_anonymous_succeeds() throws UserExistsException, EmailExistsException, UserNotFoundException,
+ AuthServiceException, AuthServiceConnectionException, CredentialsInvalidException {
final SignupRequestDto request = SignupRequestDto.builder()
.email(USER_1_EMAIL)
.username(USER_1_USERNAME)
@@ -100,8 +100,7 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
@Test
@WithMockUser(username = USER_1_USERNAME)
- public void find_self_succeeds() throws NotAllowedException, UserNotFoundException, ServiceException,
- ServiceConnectionException {
+ public void find_self_succeeds() throws NotAllowedException, UserNotFoundException{
/* test */
find_generic(USER_1_ID, USER_1, USER_1_PRINCIPAL);
@@ -177,8 +176,7 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
@Test
@WithMockUser(username = USER_1_USERNAME, authorities = {"modify-user-information"})
- public void modify_succeeds() throws ServiceException, NotAllowedException,
- ServiceConnectionException, UserNotFoundException, DatabaseNotFoundException {
+ public void modify_succeeds() throws NotAllowedException, UserNotFoundException, DatabaseNotFoundException {
final UserUpdateDto request = UserUpdateDto.builder()
.firstname(USER_1_FIRSTNAME)
.lastname(USER_1_LASTNAME)
@@ -219,7 +217,8 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
@Test
@WithMockUser(username = USER_1_USERNAME)
public void password_succeeds() throws NotAllowedException, ServiceException, ServiceConnectionException,
- UserNotFoundException, DatabaseNotFoundException {
+ UserNotFoundException, DatabaseNotFoundException, AuthServiceException, AuthServiceConnectionException,
+ CredentialsInvalidException {
final UserPasswordDto request = UserPasswordDto.builder()
.password(USER_1_PASSWORD)
.build();
@@ -247,16 +246,16 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
}
protected void create_generic(SignupRequestDto data, User user, at.tuwien.api.keycloak.UserDto userDto, UUID id)
- throws UserExistsException, ServiceException, ServiceConnectionException, EmailExistsException, UserNotFoundException {
+ throws UserExistsException, EmailExistsException, UserNotFoundException, AuthServiceException,
+ AuthServiceConnectionException, CredentialsInvalidException {
/* mock */
- when(userService.create(data, id))
+ when(userService.create(eq(data), any(UUID.class)))
.thenReturn(user);
when(authenticationService.findByUsername(data.getUsername()))
.thenReturn(userDto);
- doNothing()
- .when(authenticationService)
- .create(any(SignupRequestDto.class));
+ when(authenticationService.create(data))
+ .thenReturn(userDto);
/* test */
final ResponseEntity<UserDto> response = userEndpoint.create(data);
@@ -266,7 +265,7 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
}
protected void find_generic(UUID id, User user, Principal principal) throws NotAllowedException,
- UserNotFoundException, ServiceException, ServiceConnectionException {
+ UserNotFoundException{
/* mock */
if (user != null) {
@@ -286,8 +285,7 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
}
protected void modify_generic(UUID userId, User user, Principal principal, UserUpdateDto data)
- throws ServiceException, NotAllowedException, ServiceConnectionException, UserNotFoundException,
- DatabaseNotFoundException {
+ throws NotAllowedException, UserNotFoundException, DatabaseNotFoundException {
/* mock */
if (user != null) {
when(userService.findById(userId))
@@ -304,7 +302,8 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
}
protected void password_generic(Principal principal, UserPasswordDto data) throws NotAllowedException,
- ServiceException, ServiceConnectionException, UserNotFoundException, DatabaseNotFoundException {
+ ServiceException, ServiceConnectionException, UserNotFoundException, DatabaseNotFoundException,
+ AuthServiceException, AuthServiceConnectionException, CredentialsInvalidException {
/* mock */
when(userService.findById(USER_1_ID))
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/BrokerServiceGatewayUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/BrokerServiceGatewayUnitTest.java
index 976a14ccbdad131029de0c99fa2cc3a06021301f..ffa2ff6c1b163d0defbd4d8fa1fe3d608e923309 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/BrokerServiceGatewayUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/BrokerServiceGatewayUnitTest.java
@@ -1,8 +1,6 @@
package at.tuwien.gateway;
import at.tuwien.test.AbstractUnitTest;
-import at.tuwien.api.amqp.ExchangeDto;
-import at.tuwien.api.amqp.QueueDto;
import at.tuwien.exception.*;
import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.Test;
@@ -144,90 +142,6 @@ public class BrokerServiceGatewayUnitTest extends AbstractUnitTest {
});
}
- @Test
- public void findQueue_fails() {
- final ResponseEntity<QueueDto> mock = ResponseEntity.status(HttpStatus.NO_CONTENT)
- .build();
-
- /* mock */
- when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(QueueDto.class)))
- .thenReturn(mock);
-
- /* test */
- assertThrows(ServiceException.class, () -> {
- brokerServiceGateway.findQueue("dbrepo");
- });
- }
-
- @Test
- public void findQueue_unexpected_fails() {
-
- /* mock */
- doThrow(RestClientException.class)
- .when(restTemplate)
- .exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(QueueDto.class));
-
- /* test */
- assertThrows(ServiceException.class, () -> {
- brokerServiceGateway.findQueue("dbrepo");
- });
- }
-
- @Test
- public void findQueue_succeeds() throws ServiceConnectionException, ServiceException, QueueNotFoundException {
- final ResponseEntity<QueueDto> mock = ResponseEntity.status(HttpStatus.OK)
- .build();
-
- /* mock */
- when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(QueueDto.class)))
- .thenReturn(mock);
-
- /* test */
- brokerServiceGateway.findQueue("dbrepo");
- }
-
- @Test
- public void findExchange_fails() {
- final ResponseEntity<ExchangeDto> mock = ResponseEntity.status(HttpStatus.NO_CONTENT)
- .build();
-
- /* mock */
- when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(ExchangeDto.class)))
- .thenReturn(mock);
-
- /* test */
- assertThrows(ServiceException.class, () -> {
- brokerServiceGateway.findExchange("dbrepo");
- });
- }
-
- @Test
- public void findExchange_succeeds() throws ServiceConnectionException, ServiceException, ExchangeNotFoundException {
- final ResponseEntity<ExchangeDto> mock = ResponseEntity.status(HttpStatus.OK)
- .build();
-
- /* mock */
- when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(ExchangeDto.class)))
- .thenReturn(mock);
-
- /* test */
- brokerServiceGateway.findExchange("dbrepo");
- }
-
- @Test
- public void findExchange_unexpected_fails() {
-
- /* mock */
- doThrow(RestClientException.class)
- .when(restTemplate)
- .exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(ExchangeDto.class));
-
- /* test */
- assertThrows(ServiceException.class, () -> {
- brokerServiceGateway.findExchange("dbrepo");
- });
- }
-
@Test
public void grantExchangePermission_succeeds() throws ServiceConnectionException, ServiceException {
final ResponseEntity<Void> mock = ResponseEntity.status(HttpStatus.CREATED)
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
index ce85aa2d8f9387e8e9f046216a77d0a54a29998a..06e75c62fec70377bf0dabb56b11036cedce22a9 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
@@ -37,7 +37,8 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
private KeycloakGatewayImpl keycloakGateway;
@Test
- public void obtainToken_succeeds() throws ServiceException, ServiceConnectionException {
+ public void obtainToken_succeeds() throws AuthServiceException, AuthServiceConnectionException,
+ CredentialsInvalidException {
/* mock */
when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
@@ -48,20 +49,6 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
keycloakGateway.obtainToken();
}
- @Test
- public void obtainToken_noAccess_fails() {
-
- /* mock */
- doThrow(ResourceAccessException.class)
- .when(restTemplate)
- .exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class));
-
- /* test */
- assertThrows(ServiceConnectionException.class, () -> {
- keycloakGateway.obtainToken();
- });
- }
-
@Test
public void obtainToken_fails() {
@@ -71,13 +58,14 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class));
/* test */
- assertThrows(ServiceConnectionException.class, () -> {
+ assertThrows(AuthServiceConnectionException.class, () -> {
keycloakGateway.obtainToken();
});
}
@Test
- public void createUser_succeeds() throws UserExistsException, ServiceException, ServiceConnectionException, EmailExistsException {
+ public void createUser_succeeds() throws UserExistsException, EmailExistsException, AuthServiceException,
+ AuthServiceConnectionException, CredentialsInvalidException {
/* mock */
when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
@@ -103,7 +91,7 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
.build());
/* test */
- assertThrows(ServiceException.class, () -> {
+ assertThrows(AuthServiceException.class, () -> {
keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
});
}
@@ -145,23 +133,6 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
@Test
public void createUser_unexpected_fails() {
- /* mock */
- when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.OK)
- .body(TOKEN_DTO));
- doThrow(ResourceAccessException.class)
- .when(restTemplate)
- .exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class));
-
- /* test */
- assertThrows(ServiceConnectionException.class, () -> {
- keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
- });
- }
-
- @Test
- public void createUser_unexpected2_fails() {
-
/* mock */
when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
.thenReturn(ResponseEntity.status(HttpStatus.OK)
@@ -171,7 +142,7 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class));
/* test */
- assertThrows(ServiceConnectionException.class, () -> {
+ assertThrows(AuthServiceConnectionException.class, () -> {
keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
});
}
@@ -188,13 +159,14 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
.build());
/* test */
- assertThrows(ServiceException.class, () -> {
+ assertThrows(AuthServiceException.class, () -> {
keycloakGateway.deleteUser(USER_1_ID);
});
}
@Test
- public void deleteUser_succeeds() throws ServiceException, ServiceConnectionException, UserNotFoundException {
+ public void deleteUser_succeeds() throws UserNotFoundException, AuthServiceException,
+ AuthServiceConnectionException, CredentialsInvalidException {
/* mock */
when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
@@ -220,7 +192,7 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
.exchange(anyString(), eq(HttpMethod.DELETE), any(HttpEntity.class), eq(Void.class));
/* test */
- assertThrows(ServiceConnectionException.class, () -> {
+ assertThrows(AuthServiceException.class, () -> {
keycloakGateway.deleteUser(USER_1_ID);
});
}
@@ -254,13 +226,14 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
.exchange(anyString(), eq(HttpMethod.DELETE), any(HttpEntity.class), eq(Void.class));
/* test */
- assertThrows(ServiceException.class, () -> {
+ assertThrows(AuthServiceConnectionException.class, () -> {
keycloakGateway.deleteUser(USER_1_ID);
});
}
@Test
- public void updateUserCredentials_succeeds() throws ServiceException, ServiceConnectionException {
+ public void updateUserCredentials_succeeds() throws AuthServiceException, AuthServiceConnectionException,
+ CredentialsInvalidException {
/* mock */
when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
@@ -286,7 +259,7 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
.build());
/* test */
- assertThrows(ServiceException.class, () -> {
+ assertThrows(AuthServiceException.class, () -> {
keycloakGateway.updateUserCredentials(USER_1_ID, USER_1_PASSWORD_DTO);
});
}
@@ -294,23 +267,6 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
@Test
public void updateUserCredentials_unexpected_fails() {
- /* mock */
- when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.OK)
- .body(TOKEN_DTO));
- doThrow(ResourceAccessException.class)
- .when(restTemplate)
- .exchange(anyString(), eq(HttpMethod.PUT), any(HttpEntity.class), eq(Void.class));
-
- /* test */
- assertThrows(ServiceConnectionException.class, () -> {
- keycloakGateway.updateUserCredentials(USER_1_ID, USER_1_PASSWORD_DTO);
- });
- }
-
- @Test
- public void updateUserCredentials_unexpected2_fails() {
-
/* mock */
when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
.thenReturn(ResponseEntity.status(HttpStatus.OK)
@@ -320,7 +276,7 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
.exchange(anyString(), eq(HttpMethod.PUT), any(HttpEntity.class), eq(Void.class));
/* test */
- assertThrows(ServiceException.class, () -> {
+ assertThrows(AuthServiceConnectionException.class, () -> {
keycloakGateway.updateUserCredentials(USER_1_ID, USER_1_PASSWORD_DTO);
});
}
@@ -354,7 +310,7 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(UserDto[].class));
/* test */
- assertThrows(ServiceConnectionException.class, () -> {
+ assertThrows(AuthServiceException.class, () -> {
keycloakGateway.findByUsername(USER_1_USERNAME);
});
}
@@ -371,7 +327,7 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(UserDto[].class));
/* test */
- assertThrows(ServiceException.class, () -> {
+ assertThrows(AuthServiceConnectionException.class, () -> {
keycloakGateway.findByUsername(USER_1_USERNAME);
});
}
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/MetadataEndpointMvcTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/MetadataEndpointMvcTest.java
index b38aee91d5e1fe7a136b83e5e6bd9f0fcb9ec286..9c79f01d66c07e36b22d1ab112464b7d3943a693 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/MetadataEndpointMvcTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/MetadataEndpointMvcTest.java
@@ -1,8 +1,8 @@
package at.tuwien.mvc;
+import at.tuwien.repository.IdentifierRepository;
import at.tuwien.test.AbstractUnitTest;
import at.tuwien.config.MetadataConfig;
-import at.tuwien.repository.*;
import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/PrometheusEndpointMvcTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/PrometheusEndpointMvcTest.java
index 23aa393e9f57bfcd82c805891d7f979ba704527b..2b2df73909dfa67fe416d279f864b580f6a776b2 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/PrometheusEndpointMvcTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/PrometheusEndpointMvcTest.java
@@ -15,7 +15,6 @@ import io.micrometer.observation.tck.TestObservationRegistry;
import io.swagger.v3.oas.annotations.Operation;
import lombok.extern.log4j.Log4j2;
import org.apache.commons.io.FileUtils;
-import org.apache.commons.lang3.StringUtils;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
@@ -36,8 +35,6 @@ import org.springframework.test.web.servlet.MockMvc;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Method;
-import java.math.BigDecimal;
-import java.nio.charset.Charset;
import java.util.*;
import static io.micrometer.observation.tck.TestObservationRegistryAssert.assertThat;
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AccessServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AccessServiceUnitTest.java
index 8750e7d1dba5875ecc24e71dca3e9398a7cfccdc..75a08540b0cae6f9528a25b3c6c855bff9358991 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AccessServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AccessServiceUnitTest.java
@@ -25,8 +25,6 @@ import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.RestTemplate;
-import java.util.LinkedList;
-import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.assertEquals;
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java
index b9f4eb27afce9810be1f1716ed1c5a6abea46ab8..ba560f0e47ff2426f2bb3623048a03f5f6c58d13 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java
@@ -34,8 +34,8 @@ public class AuthenticationServiceIntegrationTest extends AbstractUnitTest {
@Container
private static KeycloakContainer keycloakContainer = new KeycloakContainer("quay.io/keycloak/keycloak:21.0")
.withImagePullPolicy(PullPolicy.alwaysPull())
- .withAdminUsername("fda")
- .withAdminPassword("fda")
+ .withAdminUsername("admin")
+ .withAdminPassword("admin")
.withRealmImportFile("./init/dbrepo-realm.json")
.withEnv("KC_HOSTNAME_STRICT_HTTPS", "false");
@@ -45,8 +45,8 @@ public class AuthenticationServiceIntegrationTest extends AbstractUnitTest {
}
@Test
- public void delete_succeeds() throws EmailExistsException, UserExistsException, ServiceException,
- ServiceConnectionException, UserNotFoundException {
+ public void delete_succeeds() throws EmailExistsException, UserExistsException, UserNotFoundException,
+ AuthServiceException, AuthServiceConnectionException, CredentialsInvalidException {
/* mock */
try {
@@ -65,7 +65,8 @@ public class AuthenticationServiceIntegrationTest extends AbstractUnitTest {
@Test
public void create_succeeds() throws EmailExistsException, UserExistsException, ServiceException,
- ServiceConnectionException {
+ ServiceConnectionException, AuthServiceException, AuthServiceConnectionException,
+ CredentialsInvalidException {
/* mock */
try {
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/ConceptServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/ConceptServiceUnitTest.java
index d0323941dfbd61bd9460082e6d7f0c21a3e2ecf6..164f335eb73f68c986583da9881b743a32c44a06 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/ConceptServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/ConceptServiceUnitTest.java
@@ -1,9 +1,9 @@
package at.tuwien.service;
import at.tuwien.exception.ConceptNotFoundException;
+import at.tuwien.repository.ConceptRepository;
import at.tuwien.test.AbstractUnitTest;
import at.tuwien.entities.database.table.columns.TableColumnConcept;
-import at.tuwien.repository.*;
import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DataCiteIdentifierServicePersistenceTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DataCiteIdentifierServicePersistenceTest.java
index f28cc0b9b105f81feee49aabd9647af2cdf9624f..7443439608dbf6c353a5873c42aafcf9368b3db2 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DataCiteIdentifierServicePersistenceTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DataCiteIdentifierServicePersistenceTest.java
@@ -1,7 +1,10 @@
package at.tuwien.service;
import at.tuwien.entities.identifier.Identifier;
-import at.tuwien.repository.*;
+import at.tuwien.repository.ContainerRepository;
+import at.tuwien.repository.DatabaseRepository;
+import at.tuwien.repository.LicenseRepository;
+import at.tuwien.repository.UserRepository;
import at.tuwien.test.AbstractUnitTest;
import at.tuwien.api.datacite.DataCiteBody;
import at.tuwien.api.datacite.doi.DataCiteDoi;
@@ -9,7 +12,6 @@ import at.tuwien.entities.database.Database;
import at.tuwien.exception.*;
import at.tuwien.gateway.SearchServiceGateway;
import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
@@ -75,7 +77,6 @@ public class DataCiteIdentifierServicePersistenceTest extends AbstractUnitTest {
}
@Test
- @Disabled
public void save_database_succeeds() throws ServiceException, ServiceConnectionException,
DatabaseNotFoundException, MalformedException, IdentifierNotFoundException, ViewNotFoundException,
QueryNotFoundException, SearchServiceException, SearchServiceConnectionException {
@@ -93,7 +94,6 @@ public class DataCiteIdentifierServicePersistenceTest extends AbstractUnitTest {
}
@Test
- @Disabled
public void save_invalidMetadata_fails() throws DatabaseNotFoundException, SearchServiceException,
SearchServiceConnectionException {
@@ -111,7 +111,6 @@ public class DataCiteIdentifierServicePersistenceTest extends AbstractUnitTest {
}
@Test
- @Disabled
public void save_restClientException_fails() throws DatabaseNotFoundException, SearchServiceException,
SearchServiceConnectionException {
@@ -129,7 +128,6 @@ public class DataCiteIdentifierServicePersistenceTest extends AbstractUnitTest {
}
@Test
- @Disabled
public void create_succeeds() throws SearchServiceException, MalformedException, ServiceException,
QueryNotFoundException, ServiceConnectionException, DatabaseNotFoundException,
SearchServiceConnectionException, IdentifierNotFoundException, ViewNotFoundException {
@@ -146,7 +144,6 @@ public class DataCiteIdentifierServicePersistenceTest extends AbstractUnitTest {
}
@Test
- @Disabled
public void create_hasDoi_succeeds() throws SearchServiceException, MalformedException, ServiceException,
QueryNotFoundException, ServiceConnectionException, DatabaseNotFoundException,
SearchServiceConnectionException, IdentifierNotFoundException, ViewNotFoundException {
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServicePersistenceTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServicePersistenceTest.java
index 1d6d1c30e45f04b20f10985ec7ea67e2c8c88a4a..8ccb486638447039360f17b08d4a42712d77bdd0 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServicePersistenceTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServicePersistenceTest.java
@@ -2,40 +2,31 @@ package at.tuwien.service;
import at.tuwien.entities.database.Database;
import at.tuwien.exception.*;
-import at.tuwien.gateway.DataServiceGateway;
-import at.tuwien.gateway.SearchServiceGateway;
-import at.tuwien.repository.*;
+import at.tuwien.repository.ContainerRepository;
+import at.tuwien.repository.DatabaseRepository;
+import at.tuwien.repository.LicenseRepository;
+import at.tuwien.repository.UserRepository;
import at.tuwien.test.AbstractUnitTest;
import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.transaction.annotation.Transactional;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
@Log4j2
@SpringBootTest
-@Disabled("CI/CD")
@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_EACH_TEST_METHOD)
@ExtendWith(SpringExtension.class)
public class DatabaseServicePersistenceTest extends AbstractUnitTest {
- @MockBean
- private DataServiceGateway dataServiceGateway;
-
- @MockBean
- private SearchServiceGateway searchServiceGateway;
-
@Autowired
private DatabaseService databaseService;
@@ -62,6 +53,7 @@ public class DatabaseServicePersistenceTest extends AbstractUnitTest {
}
@Test
+ @Transactional
public void findById_succeeds() throws DatabaseNotFoundException {
/* test */
@@ -102,20 +94,4 @@ public class DatabaseServicePersistenceTest extends AbstractUnitTest {
assertNotNull(response.getCreator().getAccesses());
}
- @Test
- public void updateTableMetadata_succeeds() throws SearchServiceException, MalformedException, ServiceException,
- QueryNotFoundException, DatabaseNotFoundException, ServiceConnectionException,
- SearchServiceConnectionException {
-
- /* mock */
- when(dataServiceGateway.getTableSchemas(DATABASE_1_ID))
- .thenReturn(List.of(TABLE_5_DTO));
- when(searchServiceGateway.update(any(Database.class)))
- .thenReturn(DATABASE_1_DTO); /* ignored */
-
- /* test */
- final Database response = databaseService.updateTableMetadata(DATABASE_1);
- log.debug("");
- }
-
}
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServiceUnitTest.java
index 6c6357aaf63aeed98a6649f68c47bb63ae62946d..ede17383813eb46445a33833d680644641b90a20 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServiceUnitTest.java
@@ -11,7 +11,6 @@ import at.tuwien.gateway.DataServiceGateway;
import at.tuwien.gateway.SearchServiceGateway;
import at.tuwien.repository.ContainerRepository;
import at.tuwien.repository.DatabaseRepository;
-import at.tuwien.service.impl.DatabaseServiceImpl;
import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/IdentifierServicePersistenceTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/IdentifierServicePersistenceTest.java
index efba7075d9d94e558e4b595a79d6558d8f886755..e664abd5163000e21029836faf0b8db536ddda65 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/IdentifierServicePersistenceTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/IdentifierServicePersistenceTest.java
@@ -1,7 +1,10 @@
package at.tuwien.service;
import at.tuwien.entities.database.License;
-import at.tuwien.repository.*;
+import at.tuwien.repository.ContainerRepository;
+import at.tuwien.repository.DatabaseRepository;
+import at.tuwien.repository.LicenseRepository;
+import at.tuwien.repository.UserRepository;
import at.tuwien.test.AbstractUnitTest;
import at.tuwien.api.database.query.QueryDto;
import at.tuwien.api.identifier.BibliographyTypeDto;
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/TableServicePersistenceTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/TableServicePersistenceTest.java
index 24536a9ca56a9686e13905a46d7326d4863fa6c7..f30bf485f3be9a75eaa43f28e0d57fecd7d96b2a 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/TableServicePersistenceTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/TableServicePersistenceTest.java
@@ -14,11 +14,13 @@ import at.tuwien.entities.database.table.constraints.unique.Unique;
import at.tuwien.exception.*;
import at.tuwien.gateway.DataServiceGateway;
import at.tuwien.gateway.SearchServiceGateway;
-import at.tuwien.repository.*;
+import at.tuwien.repository.ContainerRepository;
+import at.tuwien.repository.DatabaseRepository;
+import at.tuwien.repository.LicenseRepository;
+import at.tuwien.repository.UserRepository;
import at.tuwien.test.AbstractUnitTest;
import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
@@ -32,7 +34,6 @@ import java.util.*;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.*;
@Log4j2
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UnitServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UnitServiceUnitTest.java
index 4b78ae76b43c1bc634a2194657e7c62905936e66..67b396c66015ca66f392fbd424c0c94daa717a69 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UnitServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UnitServiceUnitTest.java
@@ -1,9 +1,9 @@
package at.tuwien.service;
+import at.tuwien.repository.UnitRepository;
import at.tuwien.test.AbstractUnitTest;
import at.tuwien.entities.database.table.columns.TableColumnUnit;
import at.tuwien.exception.UnitNotFoundException;
-import at.tuwien.repository.*;
import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServicePersistenceTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServicePersistenceTest.java
index 64e305febd96b44f293a7dd2ac7b6662d651cfc3..09a372a6eb3ca23bb0539b8a1be4a648a1bff9a1 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServicePersistenceTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServicePersistenceTest.java
@@ -17,7 +17,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.testcontainers.junit.jupiter.Testcontainers;
import java.util.List;
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
index ddf44b890beb6292c5456f04c967215bfd915fbc..f85d4663700427aaca2f55bae9c88e26e441f45b 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
@@ -72,7 +72,8 @@ public class UserServiceUnitTest extends AbstractUnitTest {
@Test
public void create_succeeds() throws UserNotFoundException, UserExistsException, EmailExistsException,
- ServiceException, ServiceConnectionException {
+ ServiceException, ServiceConnectionException, AuthServiceException, AuthServiceConnectionException,
+ CredentialsInvalidException {
/* mock */
when(userRepository.findById(USER_1_ID))
@@ -107,7 +108,8 @@ public class UserServiceUnitTest extends AbstractUnitTest {
}
@Test
- public void updatePassword_succeeds() throws ServiceException, ServiceConnectionException {
+ public void updatePassword_succeeds() throws AuthServiceException, AuthServiceConnectionException,
+ CredentialsInvalidException {
/* mock */
doNothing()
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/ViewServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/ViewServiceUnitTest.java
index da345658ef9897deba1486fc4b9d009823c3e459..517661ce1a03220bb536ef1fbacfe81e3d0f32c9 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/ViewServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/ViewServiceUnitTest.java
@@ -1,5 +1,6 @@
package at.tuwien.service;
+import at.tuwien.repository.DatabaseRepository;
import at.tuwien.test.AbstractUnitTest;
import at.tuwien.api.database.ViewCreateDto;
import at.tuwien.entities.database.Database;
@@ -7,7 +8,6 @@ import at.tuwien.entities.database.View;
import at.tuwien.exception.*;
import at.tuwien.gateway.DataServiceGateway;
import at.tuwien.gateway.SearchServiceGateway;
-import at.tuwien.repository.*;
import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
diff --git a/dbrepo-metadata-service/rest-service/src/test/resources/application.properties b/dbrepo-metadata-service/rest-service/src/test/resources/application.properties
index ef2acba64ace030e362d2a73aabd3e768c6e9551..4243bcf79e7133c183f076dd33c07269921b900b 100644
--- a/dbrepo-metadata-service/rest-service/src/test/resources/application.properties
+++ b/dbrepo-metadata-service/rest-service/src/test/resources/application.properties
@@ -5,7 +5,7 @@ spring.profiles.active=local,junit
spring.cloud.discovery.enabled=false
# internal datasource
-spring.datasource.url=jdbc:h2:mem:testdb;DB_CLOSE_ON_EXIT=FALSE;INIT=CREATE SCHEMA IF NOT EXISTS FDA;NON_KEYWORDS=value
+spring.datasource.url=jdbc:h2:mem:testdb;DB_CLOSE_ON_EXIT=FALSE;INIT=CREATE SCHEMA IF NOT EXISTS DBREPO;NON_KEYWORDS=value
spring.datasource.driverClassName=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=password
@@ -14,6 +14,14 @@ spring.sql.init.mode=always
spring.sql.init.schema-locations=classpath*:init/schema.sql
spring.jpa.hibernate.ddl-auto=create
+# LDAP
+spring.ldap.userDn: cn=admin,dc=dbrepo,dc=at
+spring.ldap.password: adminpassword
+spring.ldap.base: dc=dbrepo,dc=at
+
+# admin
+dbrepo.system.role: admin
+
# logging
logging.level.root=error
logging.level.at.tuwien.=trace
diff --git a/dbrepo-metadata-service/services/pom.xml b/dbrepo-metadata-service/services/pom.xml
index a66dfb7c87ea86057a39fdba40902bb784457e11..bf2105f98da2ff1644bd94493f54f1b5929ea9ce 100644
--- a/dbrepo-metadata-service/services/pom.xml
+++ b/dbrepo-metadata-service/services/pom.xml
@@ -6,12 +6,12 @@
<parent>
<artifactId>dbrepo-metadata-service</artifactId>
<groupId>at.tuwien</groupId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>dbrepo-metadata-service-services</artifactId>
<name>dbrepo-metadata-service-services</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies>
<dependency>
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/auth/AuthTokenFilter.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/auth/AuthTokenFilter.java
index 46ec0e6a24bdd2bc2a9a88f8fad4815467ebff08..35e55797ebffb688f801bfcf64163d3a4a630049 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/auth/AuthTokenFilter.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/auth/AuthTokenFilter.java
@@ -74,8 +74,8 @@ public class AuthTokenFilter extends OncePerRequestFilter {
final DecodedJWT jwt = verifier.verify(token);
final RealmAccessDto realmAccess = jwt.getClaim("realm_access").as(RealmAccessDto.class);
return UserDetailsDto.builder()
- .id(jwt.getSubject())
- .username(jwt.getClaim("client_id").asString())
+ .id(jwt.getClaim("uid").asString())
+ .username(jwt.getClaim("preferred_username").asString())
.authorities(Arrays.stream(realmAccess.getRoles()).map(SimpleGrantedAuthority::new).collect(Collectors.toList()))
.build();
}
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/auth/BasicAuthenticationProvider.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/auth/BasicAuthenticationProvider.java
index 918c02013af97a75f7d954706ec68a1a3e301a8b..1f8f3ced9d21bb27eccb4c9f7475bee2e5a6bc5f 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/auth/BasicAuthenticationProvider.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/auth/BasicAuthenticationProvider.java
@@ -51,7 +51,8 @@ public class BasicAuthenticationProvider implements AuthenticationManager {
final TokenDto tokenDto = keycloakGateway.obtainUserToken(auth.getName(), auth.getCredentials().toString());
final UserDetails userDetails = authTokenFilter.verifyJwt(tokenDto.getAccessToken());
return new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
- } catch (ServletException | ServiceConnectionException | CredentialsInvalidException | AccountNotSetupException e) {
+ } catch (ServletException | CredentialsInvalidException | AccountNotSetupException |
+ AuthServiceConnectionException e) {
throw new BadCredentialsException("Failed to authenticate with authentication service", e);
}
}
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
index 810e335c7461a26f953694330d709f9299062469..769cf00b01292a131609d2241e23685289e6a888 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
@@ -43,8 +43,8 @@ public class WebSecurityConfig {
}
@Bean
- public SecurityFilterChain filterChain(HttpSecurity http, KeycloakGateway keycloakGateway,
- GatewayConfig gatewayConfig) throws Exception {
+ public SecurityFilterChain filterChain(GatewayConfig gatewayConfig, HttpSecurity http,
+ KeycloakGateway keycloakGateway) throws Exception {
final OrRequestMatcher internalEndpoints = new OrRequestMatcher(
new AntPathRequestMatcher("/actuator/**", "GET"),
new AntPathRequestMatcher("/v3/api-docs.yaml"),
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/BrokerServiceGateway.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/BrokerServiceGateway.java
index 5ed71fc43584e4b7f84c97d9c6e7d42a6f99d2d1..0ca0f707e45da7bc25138707eedc68ad88ab26e2 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/BrokerServiceGateway.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/BrokerServiceGateway.java
@@ -10,38 +10,31 @@ public interface BrokerServiceGateway {
* Create topic exchange permissions at the broker service.
*
* @param data The topic exchange permissions.
+ * @throws ServiceConnectionException
+ * @throws ServiceException
*/
- void grantExchangePermission(String username, GrantExchangePermissionsDto data) throws ServiceConnectionException, ServiceException;
+ void grantExchangePermission(String username, GrantExchangePermissionsDto data) throws ServiceConnectionException,
+ ServiceException;
/**
* Grants a user permission at a virtual host in the queue service.
*
* @param username The username of the user.
* @param data The grant data.
+ * @throws ServiceConnectionException
+ * @throws ServiceException
*/
- void grantTopicPermission(String username, ExchangeUpdatePermissionsDto data) throws ServiceConnectionException, ServiceException;
+ void grantTopicPermission(String username, ExchangeUpdatePermissionsDto data) throws ServiceConnectionException,
+ ServiceException;
/**
* Grants a user permission at a virtual host in the queue service.
*
* @param username The username of the user.
* @param data The grant data.
+ * @throws ServiceConnectionException
+ * @throws ServiceException
*/
- void grantVirtualHostPermission(String username, GrantVirtualHostPermissionsDto data) throws ServiceConnectionException, ServiceException;
-
- /**
- * Finds queue information from the broker service by name.
- *
- * @param name The queue name.
- * @return The queue, if successful.
- */
- QueueDto findQueue(String name) throws ServiceConnectionException, ServiceException, QueueNotFoundException;
-
- /**
- * Finds exchange information from the broker service by name.
- *
- * @param name The exchange name.
- * @return The queue, if successful.
- */
- ExchangeDto findExchange(String name) throws ServiceException, ServiceConnectionException, ExchangeNotFoundException;
+ void grantVirtualHostPermission(String username, GrantVirtualHostPermissionsDto data)
+ throws ServiceConnectionException, ServiceException;
}
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
index b3352869ddd36645eca77a5f8f6de4570065f4b0..b6ee01d4917d36cf205cad35e79350f66403d143 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
@@ -10,10 +10,10 @@ import java.util.UUID;
public interface KeycloakGateway {
- TokenDto obtainUserToken(String username, String password) throws ServiceConnectionException,
+ TokenDto obtainUserToken(String username, String password) throws AuthServiceConnectionException,
CredentialsInvalidException, AccountNotSetupException;
- TokenDto refreshUserToken(String refreshToken) throws ServiceConnectionException,
+ TokenDto refreshUserToken(String refreshToken) throws AuthServiceConnectionException,
CredentialsInvalidException;
/**
@@ -23,14 +23,14 @@ public interface KeycloakGateway {
* @throws UserExistsException The user already exists at the Authentication Service.
* @throws EmailExistsException The user email already exists in the metadata database.
*/
- void createUser(UserCreateDto data) throws ServiceException, ServiceConnectionException, EmailExistsException, UserExistsException;
+ void createUser(UserCreateDto data) throws AuthServiceException, AuthServiceConnectionException, EmailExistsException, UserExistsException, CredentialsInvalidException;
/**
* Deletes a user at the Authentication Service with given user id.
*
* @param id The user id.
*/
- void deleteUser(UUID id) throws ServiceException, ServiceConnectionException, UserNotFoundException;
+ void deleteUser(UUID id) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException, CredentialsInvalidException;
/**
* Update the credentials for a given user.
@@ -38,7 +38,7 @@ public interface KeycloakGateway {
* @param id The user id.
* @param password The user credential.
*/
- void updateUserCredentials(UUID id, UserPasswordDto password) throws ServiceException, ServiceConnectionException;
+ void updateUserCredentials(UUID id, UserPasswordDto password) throws AuthServiceException, AuthServiceConnectionException, CredentialsInvalidException;
/**
* Finds a user in the metadata database by given username.
@@ -46,8 +46,8 @@ public interface KeycloakGateway {
* @param username The user username.
* @return The updated user.
*/
- UserDto findByUsername(String username) throws ServiceException, ServiceConnectionException, UserNotFoundException;
+ UserDto findByUsername(String username) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException, CredentialsInvalidException;
- UserDto findById(UUID id) throws ServiceException, ServiceConnectionException,
- UserNotFoundException;
+ UserDto findById(UUID id) throws AuthServiceException, AuthServiceConnectionException,
+ UserNotFoundException, CredentialsInvalidException;
}
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/BrokerServiceGatewayImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/BrokerServiceGatewayImpl.java
index b86780f5c43401f7a206be3125f54d593ac641ac..9b3bbf4cf2ab931bad65a146a4024eebb94b41da 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/BrokerServiceGatewayImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/BrokerServiceGatewayImpl.java
@@ -87,54 +87,4 @@ public class BrokerServiceGatewayImpl implements BrokerServiceGateway {
}
}
- @Override
- public QueueDto findQueue(String name) throws ServiceConnectionException, ServiceException, QueueNotFoundException {
- final String url = "/api/queues/" + rabbitConfig.getVirtualHost() + "/" + name;
- final HttpHeaders headers = new HttpHeaders();
- headers.set("Accept", "application/json");
- final ResponseEntity<QueueDto> response;
- try {
- response = restTemplate.exchange(url, HttpMethod.GET, new HttpEntity<>(null, headers), QueueDto.class);
- } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable e) {
- log.error("Failed to find queue: {}", e.getMessage());
- throw new ServiceConnectionException("Failed to find queue: " + e.getMessage());
- } catch (HttpClientErrorException.NotFound e) {
- log.error("Failed to find queue: not found: {}", e.getMessage());
- throw new QueueNotFoundException("Failed to find queue: not found: " + e.getMessage(), e);
- } catch (Exception e) {
- log.error("Failed to find queue: unexpected response: {}", e.getMessage());
- throw new ServiceException("Failed to find queue: unexpected response: " + e.getMessage(), e);
- }
- if (!response.getStatusCode().equals(HttpStatus.OK)) {
- log.error("Failed to find queue: unexpected status: {}", response.getStatusCode().value());
- throw new ServiceException("Failed to find queue: unexpected status: " + response.getStatusCode().value());
- }
- return response.getBody();
- }
-
- @Override
- public ExchangeDto findExchange(String name) throws ServiceException, ServiceConnectionException, ExchangeNotFoundException {
- final String url = "/api/exchanges/" + rabbitConfig.getVirtualHost() + "/" + name;
- final HttpHeaders headers = new HttpHeaders();
- headers.set("Accept", "application/json");
- final ResponseEntity<ExchangeDto> response;
- try {
- response = restTemplate.exchange(url, HttpMethod.GET, new HttpEntity<>(null, headers), ExchangeDto.class);
- } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable e) {
- log.error("Failed to find exchange: {}", e.getMessage());
- throw new ServiceConnectionException("Failed to find exchange: " + e.getMessage());
- } catch (HttpClientErrorException.NotFound e) {
- log.error("Failed to find exchange: not found: {}", e.getMessage());
- throw new ExchangeNotFoundException("Failed to find exchange: not found: " + e.getMessage(), e);
- } catch (Exception e) {
- log.error("Failed to find exchange: unexpected response: {}", e.getMessage());
- throw new ServiceException("Failed to find exchange: unexpected response: " + e.getMessage(), e);
- }
- if (!response.getStatusCode().equals(HttpStatus.OK)) {
- log.error("Failed to find exchange: unexpected status: {}", response.getStatusCode().value());
- throw new ServiceException("Failed to find exchange: unexpected status: " + response.getStatusCode().value());
- }
- return response.getBody();
- }
-
}
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
index 1ad9cc46c0bbf9aee9273cc722f266843c951f2c..91ec52d8e092101704acea72ba38656e1aec008f 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
@@ -15,7 +15,6 @@ import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
-import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestTemplate;
import java.util.UUID;
@@ -35,7 +34,8 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
this.metadataMapper = metadataMapper;
}
- public TokenDto obtainToken() throws ServiceConnectionException, ServiceException {
+ public TokenDto obtainToken() throws AuthServiceConnectionException, AuthServiceException,
+ CredentialsInvalidException {
final HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
final MultiValueMap<String, String> payload = new LinkedMultiValueMap<>();
@@ -44,23 +44,29 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
payload.add("grant_type", "password");
payload.add("client_id", "admin-cli");
final String url = keycloakConfig.getKeycloakEndpoint() + "/realms/master/protocol/openid-connect/token";
- log.debug("request admin token from url {}", url);
+ log.trace("request admin token from url: {}", url);
+ log.trace("request username: {}", keycloakConfig.getKeycloakUsername());
+ log.trace("request password: {}", keycloakConfig.getKeycloakPassword() != null ? "(set)" : "(not set)");
+ log.trace("request client_id: admin-cli");
+ log.trace("request client_secret: (not set)");
final ResponseEntity<TokenDto> response;
try {
response = restTemplate.exchange(url, HttpMethod.POST, new HttpEntity<>(payload, headers), TokenDto.class);
- } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable |
- HttpServerErrorException.BadGateway e) {
+ } catch (HttpServerErrorException e) {
log.error("Failed to obtain admin token: {}", e.getMessage());
- throw new ServiceConnectionException("Service unavailable", e);
+ throw new AuthServiceConnectionException("Service unavailable", e);
+ } catch (HttpClientErrorException.Unauthorized e) {
+ log.error("Failed to obtain admin token: invalid credentials: {}", e.getMessage(), e);
+ throw new CredentialsInvalidException("Invalid credentials: " + e.getMessage(), e);
} catch (HttpClientErrorException.BadRequest e) {
- log.error("Failed to obtain admin token: remote host answered unexpected: {}", e.getMessage(), e);
- throw new ServiceException("Authentication service answered unexpected: " + e.getMessage(), e);
+ log.error("Failed to obtain admin token: unexpected response: {}", e.getMessage(), e);
+ throw new AuthServiceException("Unexpected response: " + e.getMessage(), e);
}
return response.getBody();
}
@Override
- public TokenDto obtainUserToken(String username, String password) throws ServiceConnectionException,
+ public TokenDto obtainUserToken(String username, String password) throws AuthServiceConnectionException,
CredentialsInvalidException, AccountNotSetupException {
final HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
@@ -73,13 +79,17 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
payload.add("client_secret", keycloakConfig.getKeycloakClientSecret());
final String url = keycloakConfig.getKeycloakEndpoint() + "/realms/dbrepo/protocol/openid-connect/token";
log.trace("request user token from url: {}", url);
+ log.trace("request username: {}", username);
+ log.trace("request password: {}", password != null ? "(set)" : "(not set)");
+ log.trace("request client_id: {}", keycloakConfig.getKeycloakClient());
+ log.trace("request client_secret: {}", keycloakConfig.getKeycloakClientSecret());
final ResponseEntity<TokenDto> response;
try {
response = new RestTemplate()
.exchange(url, HttpMethod.POST, new HttpEntity<>(payload, headers), TokenDto.class);
- } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable e) {
+ } catch (HttpServerErrorException e) {
log.error("Failed to obtain user token: {}", e.getMessage());
- throw new ServiceConnectionException("Service unavailable", e);
+ throw new AuthServiceConnectionException("Service unavailable", e);
} catch (HttpClientErrorException.BadRequest e) {
final KeycloakErrorDto error = e.getResponseBodyAs(KeycloakErrorDto.class);
if (error != null && error.getError().equals("invalid_grant")) {
@@ -87,7 +97,7 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
throw new AccountNotSetupException(error.getErrorDescription());
}
log.error("Failed to obtain user token: bad request");
- throw new CredentialsInvalidException("Failed to obtain user token: bad request");
+ throw new CredentialsInvalidException("Bad request", e);
} catch (HttpClientErrorException.Unauthorized e) {
log.error("Failed to obtain user token: invalid credentials");
throw new CredentialsInvalidException("Invalid credentials", e);
@@ -96,7 +106,7 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
}
@Override
- public TokenDto refreshUserToken(String refreshToken) throws ServiceConnectionException,
+ public TokenDto refreshUserToken(String refreshToken) throws AuthServiceConnectionException,
CredentialsInvalidException {
final HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
@@ -111,26 +121,26 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
try {
response = new RestTemplate()
.exchange(url, HttpMethod.POST, new HttpEntity<>(payload, headers), TokenDto.class);
- } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable e) {
+ } catch (HttpServerErrorException e) {
log.error("Failed to refresh user token: {}", e.getMessage());
- throw new ServiceConnectionException("Service unavailable", e);
+ throw new AuthServiceConnectionException("Service unavailable", e);
} catch (HttpClientErrorException.Unauthorized e) {
log.error("Failed to refresh user token: invalid credentials");
throw new CredentialsInvalidException("Invalid credentials", e);
} catch (HttpClientErrorException.BadRequest e) {
if (e.getMessage().contains("Session not active")) {
log.error("Failed to refresh user token: inactive session", e);
- throw new CredentialsInvalidException("Failed to refresh user token: inactive session", e);
+ throw new CredentialsInvalidException("Inactive session", e);
}
- log.error("Failed to refresh user token: remote host answered unexpected: {}", e.getMessage(), e);
- throw new CredentialsInvalidException("Authentication service answered unexpected: " + e.getMessage(), e);
+ log.error("Failed to refresh user token: unexpected response: {}", e.getMessage(), e);
+ throw new CredentialsInvalidException("Unexpected response: " + e.getMessage(), e);
}
return response.getBody();
}
@Override
- public void createUser(UserCreateDto data) throws ServiceException, ServiceConnectionException,
- EmailExistsException, UserExistsException {
+ public void createUser(UserCreateDto data) throws AuthServiceException, AuthServiceConnectionException,
+ EmailExistsException, UserExistsException, CredentialsInvalidException {
/* obtain admin token */
final HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer " + obtainToken().getAccessToken());
@@ -139,28 +149,28 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
final ResponseEntity<Void> response;
try {
response = restTemplate.exchange(url, HttpMethod.POST, new HttpEntity<>(data, headers), Void.class);
- } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable |
- HttpServerErrorException.BadGateway e) {
+ } catch (HttpServerErrorException e) {
log.error("Failed to create user: {}", e.getMessage());
- throw new ServiceConnectionException("Service unavailable");
+ throw new AuthServiceConnectionException("Service unavailable", e);
} catch (HttpClientErrorException.Conflict e) {
if (e.getMessage().contains("same email")) {
log.error("Failed to create user: email exists: {}", e.getMessage());
- throw new EmailExistsException("E-Mail exists");
+ throw new EmailExistsException("E-Mail exists", e);
} else {
log.error("Failed to create user: user exists: {}", e.getMessage());
- throw new UserExistsException("User exists");
+ throw new UserExistsException("User exists", e);
}
}
if (!response.getStatusCode().equals(HttpStatus.CREATED)) {
log.error("Failed to create user: unexpected status: {}", response.getStatusCode().value());
- throw new ServiceException("Failed to create user: unexpected status: " + response.getStatusCode().value());
+ throw new AuthServiceException("Unexpected status: " + response.getStatusCode().value());
}
log.debug("Created user {} at auth service", data.getUsername());
}
@Override
- public void deleteUser(UUID id) throws ServiceException, ServiceConnectionException, UserNotFoundException {
+ public void deleteUser(UUID id) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException,
+ CredentialsInvalidException {
/* obtain admin token */
final HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer " + obtainToken().getAccessToken());
@@ -169,26 +179,26 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
final ResponseEntity<Void> response;
try {
response = restTemplate.exchange(url, HttpMethod.DELETE, new HttpEntity<>(null, headers), Void.class);
- } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable e) {
+ } catch (HttpServerErrorException e) {
log.error("Failed to delete user: {}", e.getMessage());
- throw new ServiceConnectionException("Service unavailable");
+ throw new AuthServiceConnectionException("Service unavailable", e);
} catch (HttpClientErrorException.NotFound e) {
log.error("Failed to delete user: user not found: {}", e.getMessage());
- throw new UserNotFoundException("User not found");
+ throw new UserNotFoundException("User not found", e);
} catch (Exception e) {
log.error("Failed to delete user: unexpected response: {}", e.getMessage());
- throw new ServiceException("Unexpected result", e);
+ throw new AuthServiceException("Unexpected result", e);
}
if (!response.getStatusCode().equals(HttpStatus.NO_CONTENT)) {
log.error("Failed to delete user: unexpected response");
- throw new ServiceException("Unexpected result");
+ throw new AuthServiceException("Unexpected result");
}
log.info("Deleted user {} at auth service", id);
}
@Override
- public void updateUserCredentials(UUID id, UserPasswordDto data) throws ServiceException,
- ServiceConnectionException {
+ public void updateUserCredentials(UUID id, UserPasswordDto data) throws AuthServiceException,
+ AuthServiceConnectionException, CredentialsInvalidException {
/* obtain admin token */
final HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer " + obtainToken().getAccessToken());
@@ -198,23 +208,23 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
final ResponseEntity<Void> response;
try {
response = restTemplate.exchange(url, HttpMethod.PUT, new HttpEntity<>(payload, headers), Void.class);
- } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable e) {
+ } catch (HttpServerErrorException e) {
log.error("Failed to update user credentials: {}", e.getMessage());
- throw new ServiceConnectionException("Failed to update user credentials: " + e.getMessage());
+ throw new AuthServiceConnectionException("Service unavailable", e);
} catch (Exception e) {
log.error("Failed to update user: unexpected response: {}", e.getMessage());
- throw new ServiceException("Unexpected result", e);
+ throw new AuthServiceException("Unexpected result", e);
}
if (!response.getStatusCode().equals(HttpStatus.NO_CONTENT)) {
log.error("Failed to update user: unexpected status: {}", response.getStatusCode().value());
- throw new ServiceException("Failed to update user: unexpected status: " + response.getStatusCode().value());
+ throw new AuthServiceException("Unexpected status: " + response.getStatusCode().value());
}
log.info("Updated user {} password at auth service", id);
}
@Override
- public UserDto findByUsername(String username) throws ServiceException, ServiceConnectionException,
- UserNotFoundException {
+ public UserDto findByUsername(String username) throws AuthServiceException, AuthServiceConnectionException,
+ UserNotFoundException, CredentialsInvalidException {
/* obtain admin token */
final HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer " + obtainToken().getAccessToken());
@@ -223,12 +233,12 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
final ResponseEntity<UserDto[]> response;
try {
response = restTemplate.exchange(url, HttpMethod.GET, new HttpEntity<>(null, headers), UserDto[].class);
- } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable e) {
+ } catch (HttpServerErrorException e) {
log.error("Failed to find user: {}", e.getMessage());
- throw new ServiceConnectionException("Failed to find user: " + e.getMessage());
+ throw new AuthServiceConnectionException("Service unavailable", e);
} catch (Exception e) {
log.error("Failed to find user: unexpected response: {}", e.getMessage());
- throw new ServiceException("Unexpected result", e);
+ throw new AuthServiceException("Unexpected result", e);
}
final UserDto[] body = response.getBody();
if (body == null || body.length != 1) {
@@ -239,8 +249,8 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
}
@Override
- public UserDto findById(UUID id) throws ServiceException, ServiceConnectionException,
- UserNotFoundException {
+ public UserDto findById(UUID id) throws AuthServiceException, AuthServiceConnectionException,
+ UserNotFoundException, CredentialsInvalidException {
/* obtain admin token */
final HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer " + obtainToken().getAccessToken());
@@ -249,15 +259,15 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
final ResponseEntity<UserDto> response;
try {
response = restTemplate.exchange(url, HttpMethod.GET, new HttpEntity<>(null, headers), UserDto.class);
- } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable e) {
+ } catch (HttpServerErrorException e) {
log.error("Failed to find user: {}", e.getMessage());
- throw new ServiceConnectionException("Service unavailable");
+ throw new AuthServiceConnectionException("Service unavailable", e);
} catch (HttpClientErrorException.NotFound e) {
log.error("Failed to find user: not found: {}", e.getMessage());
throw new UserNotFoundException("User not found");
} catch (Exception e) {
log.error("Failed to find user: unexpected response: {}", e.getMessage());
- throw new ServiceException("Unexpected result", e);
+ throw new AuthServiceException("Unexpected result", e);
}
return response.getBody();
}
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java
index de5fd9772ab44da26b25832c53de20a831abd663..7127138fab2a98a3bb769ae2e5720f5b7886371a 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java
@@ -16,48 +16,49 @@ public interface AuthenticationService {
* Create a user at the Authentication Service with given credentials.
*
* @param data The credentials.
+ * @return The user, if successful.
* @throws UserExistsException The user already exists at the auth database.
- * @throws ServiceException The auth service responded with unexpected behavior.
- * @throws ServiceConnectionException The connection with the auth service could not be established.
+ * @throws AuthServiceException The auth service responded with unexpected behavior.
+ * @throws AuthServiceConnectionException The connection with the auth service could not be established.
* @throws EmailExistsException The user email already exists in the metadata database.
*/
- void create(SignupRequestDto data) throws UserExistsException, ServiceException, ServiceConnectionException,
- EmailExistsException;
+ UserDto create(SignupRequestDto data) throws UserExistsException, AuthServiceException, AuthServiceConnectionException,
+ EmailExistsException, CredentialsInvalidException;
/**
* Deletes a user at the Authentication Service with given user id.
*
* @param user The user.
- * @throws ServiceException The auth service responded with unexpected behavior.
- * @throws ServiceConnectionException The connection with the auth service could not be established.
+ * @throws AuthServiceException The auth service responded with unexpected behavior.
+ * @throws AuthServiceConnectionException The connection with the auth service could not be established.
* @throws UserNotFoundException The user was not found after creation in the auth database.
*/
- void delete(User user) throws ServiceException, ServiceConnectionException, UserNotFoundException;
+ void delete(User user) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException, CredentialsInvalidException;
/**
* Finds a user with given username.
*
* @param username The username.
* @return The user, if successful.
- * @throws ServiceException The auth service responded with unexpected behavior.
- * @throws ServiceConnectionException The connection with the auth service could not be established.
+ * @throws AuthServiceException The auth service responded with unexpected behavior.
+ * @throws AuthServiceConnectionException The connection with the auth service could not be established.
* @throws UserNotFoundException The user was not found in the auth database.
*/
- UserDto findByUsername(String username) throws ServiceException, ServiceConnectionException, UserNotFoundException;
+ UserDto findByUsername(String username) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException, CredentialsInvalidException;
- UserDto findById(UUID id) throws ServiceException, ServiceConnectionException, UserNotFoundException;
+ UserDto findById(UUID id) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException, CredentialsInvalidException;
- TokenDto obtainToken(LoginRequestDto data) throws ServiceConnectionException, CredentialsInvalidException, AccountNotSetupException;
+ TokenDto obtainToken(LoginRequestDto data) throws AuthServiceConnectionException, CredentialsInvalidException, AccountNotSetupException;
- TokenDto refreshToken(String refreshToken) throws ServiceConnectionException, CredentialsInvalidException;
+ TokenDto refreshToken(String refreshToken) throws AuthServiceConnectionException, CredentialsInvalidException;
/**
* Updates the password of a user with given id.
*
* @param user The user.
* @param data The new password.
- * @throws ServiceException The auth service responded with unexpected behavior.
- * @throws ServiceConnectionException The connection with the auth service could not be established.
+ * @throws AuthServiceException The auth service responded with unexpected behavior.
+ * @throws AuthServiceConnectionException The connection with the auth service could not be established.
*/
- void updatePassword(User user, UserPasswordDto data) throws ServiceException, ServiceConnectionException;
+ void updatePassword(User user, UserPasswordDto data) throws AuthServiceException, AuthServiceConnectionException, CredentialsInvalidException;
}
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/BrokerService.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/BrokerService.java
index 6a44fb516f7e7be2bf691aca005c76e96c7080e5..6c0021b4507a339dbc34415d668389ae16c380e8 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/BrokerService.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/BrokerService.java
@@ -1,7 +1,5 @@
package at.tuwien.service;
-import at.tuwien.api.amqp.ExchangeDto;
-import at.tuwien.api.amqp.QueueDto;
import at.tuwien.entities.user.User;
import at.tuwien.exception.*;
@@ -20,20 +18,4 @@ public interface BrokerService {
* @param user The user.
*/
void setTopicExchangePermissions(User user) throws ServiceException, ServiceConnectionException;
-
- /**
- * Finds a queue with a given name.
- *
- * @param name The queue name.
- * @return The queue.
- */
- QueueDto findQueue(String name) throws ServiceException, ServiceConnectionException, QueueNotFoundException;
-
- /**
- * Finds an exchange with given name.
- *
- * @param name The name.
- * @return The exchange.
- */
- ExchangeDto findExchange(String name) throws ServiceException, ServiceConnectionException, ExchangeNotFoundException;
}
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java
index 6fa8b250562dd89ade7dcecbe69a1a0d92b9fa66..460845e897c5f1c3c20e235c35d21535b539939d 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java
@@ -30,39 +30,49 @@ public class AuthenticationServiceImpl implements AuthenticationService {
}
@Override
- public void create(SignupRequestDto data) throws UserExistsException, ServiceException, ServiceConnectionException,
- EmailExistsException {
+ public UserDto create(SignupRequestDto data) throws UserExistsException, AuthServiceException,
+ AuthServiceConnectionException, EmailExistsException, CredentialsInvalidException {
keycloakGateway.createUser(metadataMapper.signupRequestDtoToUserCreateDto(data));
+ try {
+ return findByUsername(data.getUsername());
+ } catch (UserNotFoundException e) {
+ throw new AuthServiceException("Failed to find user in auth service", e);
+ }
}
@Override
- public void delete(User user) throws ServiceException, ServiceConnectionException, UserNotFoundException {
+ public void delete(User user) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException,
+ CredentialsInvalidException {
keycloakGateway.deleteUser(user.getId());
}
@Override
- public UserDto findByUsername(String username) throws ServiceException, ServiceConnectionException, UserNotFoundException {
+ public UserDto findByUsername(String username) throws AuthServiceException, AuthServiceConnectionException,
+ UserNotFoundException, CredentialsInvalidException {
return keycloakGateway.findByUsername(username);
}
@Override
- public UserDto findById(UUID id) throws ServiceException, ServiceConnectionException, UserNotFoundException {
+ public UserDto findById(UUID id) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException,
+ CredentialsInvalidException {
return keycloakGateway.findById(id);
}
@Override
- public TokenDto obtainToken(LoginRequestDto data) throws ServiceConnectionException, CredentialsInvalidException,
- AccountNotSetupException {
+ public TokenDto obtainToken(LoginRequestDto data) throws AuthServiceConnectionException,
+ CredentialsInvalidException, AccountNotSetupException {
return keycloakGateway.obtainUserToken(data.getUsername(), data.getPassword());
}
@Override
- public TokenDto refreshToken(String refreshToken) throws ServiceConnectionException, CredentialsInvalidException {
+ public TokenDto refreshToken(String refreshToken) throws AuthServiceConnectionException,
+ CredentialsInvalidException {
return keycloakGateway.refreshUserToken(refreshToken);
}
@Override
- public void updatePassword(User user, UserPasswordDto data) throws ServiceException, ServiceConnectionException {
+ public void updatePassword(User user, UserPasswordDto data) throws AuthServiceException,
+ AuthServiceConnectionException, CredentialsInvalidException {
keycloakGateway.updateUserCredentials(user.getId(), data);
}
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/BrokerServiceRabbitMqImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/BrokerServiceRabbitMqImpl.java
index cc4cef2ce49d22b1b2c6a41a6b911c0536521ff7..c0ce71c996dbff1ca4cd943261b9954f035f6e3e 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/BrokerServiceRabbitMqImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/BrokerServiceRabbitMqImpl.java
@@ -1,12 +1,9 @@
package at.tuwien.service.impl;
-import at.tuwien.api.amqp.ExchangeDto;
import at.tuwien.api.amqp.GrantExchangePermissionsDto;
import at.tuwien.api.amqp.GrantVirtualHostPermissionsDto;
-import at.tuwien.api.amqp.QueueDto;
import at.tuwien.config.RabbitConfig;
import at.tuwien.entities.database.AccessType;
-import at.tuwien.entities.database.table.Table;
import at.tuwien.entities.user.User;
import at.tuwien.exception.*;
import at.tuwien.gateway.BrokerServiceGateway;
@@ -94,14 +91,4 @@ public class BrokerServiceRabbitMqImpl implements BrokerService {
return permissions;
}
- @Override
- public QueueDto findQueue(String name) throws ServiceException, ServiceConnectionException, QueueNotFoundException {
- return brokerServiceGateway.findQueue(name);
- }
-
- @Override
- public ExchangeDto findExchange(String name) throws ServiceException, ServiceConnectionException, ExchangeNotFoundException {
- return brokerServiceGateway.findExchange(name);
- }
-
}
diff --git a/dbrepo-metadata-service/test/pom.xml b/dbrepo-metadata-service/test/pom.xml
index 902e9efdda890936801911f8d2a63e7d2a47980b..2c4091eace14d78e0a6323f8960be5ffa6f5cfb0 100644
--- a/dbrepo-metadata-service/test/pom.xml
+++ b/dbrepo-metadata-service/test/pom.xml
@@ -6,12 +6,12 @@
<parent>
<groupId>at.tuwien</groupId>
<artifactId>dbrepo-metadata-service</artifactId>
- <version>1.4.4</version>
+ <version>1.4.5</version>
</parent>
<artifactId>dbrepo-metadata-service-test</artifactId>
<name>dbrepo-metadata-service-test</name>
- <version>1.4.4</version>
+ <version>1.4.5</version>
<dependencies>
<dependency>
diff --git a/dbrepo-metadata-service/test/src/main/java/at/tuwien/test/BaseTest.java b/dbrepo-metadata-service/test/src/main/java/at/tuwien/test/BaseTest.java
index b823e1c996fa3587df0ab6b7458dce27f5651f73..4a8a66f729b06ac2c5287a48dccd42d9769c4acf 100644
--- a/dbrepo-metadata-service/test/src/main/java/at/tuwien/test/BaseTest.java
+++ b/dbrepo-metadata-service/test/src/main/java/at/tuwien/test/BaseTest.java
@@ -390,6 +390,7 @@ public abstract class BaseTest {
USER_LOCAL_ADMIN_PASSWORD, USER_LOCAL_ADMIN_DETAILS.getAuthorities());
public final static UUID USER_1_ID = UUID.fromString("cd5bab0d-7799-4069-85fb-c5d738572a0b");
+ public final static UUID USER_1_LDAP_ID = UUID.fromString("8e541e05-f45c-4d40-ba1b-0e62f04ba3f8");
public final static String USER_1_EMAIL = "john.doe@example.com";
public final static String USER_1_USERNAME = "junit1";
public final static String USER_1_PASSWORD = "junit1";
@@ -505,6 +506,10 @@ public abstract class BaseTest {
.emailVerified(USER_1_VERIFIED)
.notBefore(USER_1_NOT_BEFORE)
.totp(USER_1_TOTP)
+ .attributes(at.tuwien.api.keycloak.UserAttributesDto.builder()
+ .ldapEntryDn(new String[]{"cn=" + USER_1_USERNAME + ",dn=dbrepo,dn=at"})
+ .ldapId(new UUID[]{USER_1_LDAP_ID})
+ .build())
.build();
public final static UserBriefDto USER_1_BRIEF_DTO = UserBriefDto.builder()
diff --git a/dbrepo-search-service/Pipfile b/dbrepo-search-service/Pipfile
index 3daa275b49f44deced5816e589d71e6d7e6fd7e8..8d6cc6b220d0e6df9219aeca9b7d1ec571c2fde6 100644
--- a/dbrepo-search-service/Pipfile
+++ b/dbrepo-search-service/Pipfile
@@ -18,7 +18,7 @@ jwt = "~=1.3"
testcontainers-opensearch = "*"
pytest = "*"
rdflib = "*"
-dbrepo = {path = "./lib/dbrepo-1.4.4.tar.gz"}
+dbrepo = {path = "./lib/dbrepo-1.4.5.tar.gz"}
gunicorn = "*"
[dev-packages]
diff --git a/dbrepo-search-service/Pipfile.lock b/dbrepo-search-service/Pipfile.lock
index 0ffce7c2f6e2888f0e4810affeb0ef24ddccb584..8e2e1abc463a4f98a575e8acfe76194e74bbca74 100644
--- a/dbrepo-search-service/Pipfile.lock
+++ b/dbrepo-search-service/Pipfile.lock
@@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
- "sha256": "ece384cd1606901f3d2575f082692a5d5ce3164b4ba5187fc4b457757d3b0fce"
+ "sha256": "f4b77f12b6e64d95ba5e3df0cce6f3eeb8d9cb8e45a6a17b46088d7077d13595"
},
"pipfile-spec": 6,
"requires": {
@@ -341,10 +341,11 @@
"dbrepo": {
"hashes": [
"sha256:09a10584a44c952a7cf83852123c14bd2917ab009e50698c1f9d8c2690ec4bde",
- "sha256:2bdb48c70b4c99b5044fbfc12aa653c1e9281ca8913a433cc08a1e14cb4bd2ef"
+ "sha256:2bdb48c70b4c99b5044fbfc12aa653c1e9281ca8913a433cc08a1e14cb4bd2ef",
+ "sha256:dccfaec20a3972a578313206678a119db3d6f898604aab4b694aa2ac37a20629"
],
- "path": "./lib/dbrepo-1.4.4.tar.gz",
- "version": "==1.4.4"
+ "path": "./lib/dbrepo-1.4.5.tar.gz",
+ "version": "==1.4.5"
},
"docker": {
"hashes": [
@@ -1571,61 +1572,61 @@
"develop": {
"coverage": {
"hashes": [
- "sha256:015eddc5ccd5364dcb902eaecf9515636806fa1e0d5bef5769d06d0f31b54523",
- "sha256:04aefca5190d1dc7a53a4c1a5a7f8568811306d7a8ee231c42fb69215571944f",
- "sha256:05ac5f60faa0c704c0f7e6a5cbfd6f02101ed05e0aee4d2822637a9e672c998d",
- "sha256:0bbddc54bbacfc09b3edaec644d4ac90c08ee8ed4844b0f86227dcda2d428fcb",
- "sha256:1d2a830ade66d3563bb61d1e3c77c8def97b30ed91e166c67d0632c018f380f0",
- "sha256:239a4e75e09c2b12ea478d28815acf83334d32e722e7433471fbf641c606344c",
- "sha256:244f509f126dc71369393ce5fea17c0592c40ee44e607b6d855e9c4ac57aac98",
- "sha256:25a5caf742c6195e08002d3b6c2dd6947e50efc5fc2c2205f61ecb47592d2d83",
- "sha256:296a7d9bbc598e8744c00f7a6cecf1da9b30ae9ad51c566291ff1314e6cbbed8",
- "sha256:2e079c9ec772fedbade9d7ebc36202a1d9ef7291bc9b3a024ca395c4d52853d7",
- "sha256:33ca90a0eb29225f195e30684ba4a6db05dbef03c2ccd50b9077714c48153cac",
- "sha256:33fc65740267222fc02975c061eb7167185fef4cc8f2770267ee8bf7d6a42f84",
- "sha256:341dd8f61c26337c37988345ca5c8ccabeff33093a26953a1ac72e7d0103c4fb",
- "sha256:34d6d21d8795a97b14d503dcaf74226ae51eb1f2bd41015d3ef332a24d0a17b3",
- "sha256:3538d8fb1ee9bdd2e2692b3b18c22bb1c19ffbefd06880f5ac496e42d7bb3884",
- "sha256:38a3b98dae8a7c9057bd91fbf3415c05e700a5114c5f1b5b0ea5f8f429ba6614",
- "sha256:3d5a67f0da401e105753d474369ab034c7bae51a4c31c77d94030d59e41df5bd",
- "sha256:50084d3516aa263791198913a17354bd1dc627d3c1639209640b9cac3fef5807",
- "sha256:55f689f846661e3f26efa535071775d0483388a1ccfab899df72924805e9e7cd",
- "sha256:5bc5a8c87714b0c67cfeb4c7caa82b2d71e8864d1a46aa990b5588fa953673b8",
- "sha256:62bda40da1e68898186f274f832ef3e759ce929da9a9fd9fcf265956de269dbc",
- "sha256:705f3d7c2b098c40f5b81790a5fedb274113373d4d1a69e65f8b68b0cc26f6db",
- "sha256:75e3f4e86804023e991096b29e147e635f5e2568f77883a1e6eed74512659ab0",
- "sha256:7b2a19e13dfb5c8e145c7a6ea959485ee8e2204699903c88c7d25283584bfc08",
- "sha256:7cec2af81f9e7569280822be68bd57e51b86d42e59ea30d10ebdbb22d2cb7232",
- "sha256:8383a6c8cefba1b7cecc0149415046b6fc38836295bc4c84e820872eb5478b3d",
- "sha256:8c836309931839cca658a78a888dab9676b5c988d0dd34ca247f5f3e679f4e7a",
- "sha256:8e317953bb4c074c06c798a11dbdd2cf9979dbcaa8ccc0fa4701d80042d4ebf1",
- "sha256:923b7b1c717bd0f0f92d862d1ff51d9b2b55dbbd133e05680204465f454bb286",
- "sha256:990fb20b32990b2ce2c5f974c3e738c9358b2735bc05075d50a6f36721b8f303",
- "sha256:9aad68c3f2566dfae84bf46295a79e79d904e1c21ccfc66de88cd446f8686341",
- "sha256:a5812840d1d00eafae6585aba38021f90a705a25b8216ec7f66aebe5b619fb84",
- "sha256:a6519d917abb15e12380406d721e37613e2a67d166f9fb7e5a8ce0375744cd45",
- "sha256:ab0b028165eea880af12f66086694768f2c3139b2c31ad5e032c8edbafca6ffc",
- "sha256:aea7da970f1feccf48be7335f8b2ca64baf9b589d79e05b9397a06696ce1a1ec",
- "sha256:b1196e13c45e327d6cd0b6e471530a1882f1017eb83c6229fc613cd1a11b53cd",
- "sha256:b368e1aee1b9b75757942d44d7598dcd22a9dbb126affcbba82d15917f0cc155",
- "sha256:bde997cac85fcac227b27d4fb2c7608a2c5f6558469b0eb704c5726ae49e1c52",
- "sha256:c4c2872b3c91f9baa836147ca33650dc5c172e9273c808c3c3199c75490e709d",
- "sha256:c59d2ad092dc0551d9f79d9d44d005c945ba95832a6798f98f9216ede3d5f485",
- "sha256:d1da0a2e3b37b745a2b2a678a4c796462cf753aebf94edcc87dcc6b8641eae31",
- "sha256:d8b7339180d00de83e930358223c617cc343dd08e1aa5ec7b06c3a121aec4e1d",
- "sha256:dd4b3355b01273a56b20c219e74e7549e14370b31a4ffe42706a8cda91f19f6d",
- "sha256:e08c470c2eb01977d221fd87495b44867a56d4d594f43739a8028f8646a51e0d",
- "sha256:f5102a92855d518b0996eb197772f5ac2a527c0ec617124ad5242a3af5e25f85",
- "sha256:f542287b1489c7a860d43a7d8883e27ca62ab84ca53c965d11dac1d3a1fab7ce",
- "sha256:f78300789a708ac1f17e134593f577407d52d0417305435b134805c4fb135adb",
- "sha256:f81bc26d609bf0fbc622c7122ba6307993c83c795d2d6f6f6fd8c000a770d974",
- "sha256:f836c174c3a7f639bded48ec913f348c4761cbf49de4a20a956d3431a7c9cb24",
- "sha256:fa21a04112c59ad54f69d80e376f7f9d0f5f9123ab87ecd18fbb9ec3a2beed56",
- "sha256:fcf7d1d6f5da887ca04302db8e0e0cf56ce9a5e05f202720e49b3e8157ddb9a9",
- "sha256:fd27d8b49e574e50caa65196d908f80e4dff64d7e592d0c59788b45aad7e8b35"
+ "sha256:018a12985185038a5b2bcafab04ab833a9a0f2c59995b3cec07e10074c78635f",
+ "sha256:02ff6e898197cc1e9fa375581382b72498eb2e6d5fc0b53f03e496cfee3fac6d",
+ "sha256:042183de01f8b6d531e10c197f7f0315a61e8d805ab29c5f7b51a01d62782747",
+ "sha256:1014fbf665fef86cdfd6cb5b7371496ce35e4d2a00cda501cf9f5b9e6fced69f",
+ "sha256:1137f46adb28e3813dec8c01fefadcb8c614f33576f672962e323b5128d9a68d",
+ "sha256:16852febd96acd953b0d55fc842ce2dac1710f26729b31c80b940b9afcd9896f",
+ "sha256:2174e7c23e0a454ffe12267a10732c273243b4f2d50d07544a91198f05c48f47",
+ "sha256:2214ee920787d85db1b6a0bd9da5f8503ccc8fcd5814d90796c2f2493a2f4d2e",
+ "sha256:3257fdd8e574805f27bb5342b77bc65578e98cbc004a92232106344053f319ba",
+ "sha256:3684bc2ff328f935981847082ba4fdc950d58906a40eafa93510d1b54c08a66c",
+ "sha256:3a6612c99081d8d6134005b1354191e103ec9705d7ba2754e848211ac8cacc6b",
+ "sha256:3d7564cc09dd91b5a6001754a5b3c6ecc4aba6323baf33a12bd751036c998be4",
+ "sha256:44da56a2589b684813f86d07597fdf8a9c6ce77f58976727329272f5a01f99f7",
+ "sha256:5013ed890dc917cef2c9f765c4c6a8ae9df983cd60dbb635df8ed9f4ebc9f555",
+ "sha256:54317c2b806354cbb2dc7ac27e2b93f97096912cc16b18289c5d4e44fc663233",
+ "sha256:56b4eafa21c6c175b3ede004ca12c653a88b6f922494b023aeb1e836df953ace",
+ "sha256:581ea96f92bf71a5ec0974001f900db495488434a6928a2ca7f01eee20c23805",
+ "sha256:5cd64adedf3be66f8ccee418473c2916492d53cbafbfcff851cbec5a8454b136",
+ "sha256:5df54843b88901fdc2f598ac06737f03d71168fd1175728054c8f5a2739ac3e4",
+ "sha256:65e528e2e921ba8fd67d9055e6b9f9e34b21ebd6768ae1c1723f4ea6ace1234d",
+ "sha256:6aae5cce399a0f065da65c7bb1e8abd5c7a3043da9dceb429ebe1b289bc07806",
+ "sha256:6cfb5a4f556bb51aba274588200a46e4dd6b505fb1a5f8c5ae408222eb416f99",
+ "sha256:7076b4b3a5f6d2b5d7f1185fde25b1e54eb66e647a1dfef0e2c2bfaf9b4c88c8",
+ "sha256:73ca8fbc5bc622e54627314c1a6f1dfdd8db69788f3443e752c215f29fa87a0b",
+ "sha256:79b356f3dd5b26f3ad23b35c75dbdaf1f9e2450b6bcefc6d0825ea0aa3f86ca5",
+ "sha256:7a892be37ca35eb5019ec85402c3371b0f7cda5ab5056023a7f13da0961e60da",
+ "sha256:8192794d120167e2a64721d88dbd688584675e86e15d0569599257566dec9bf0",
+ "sha256:820bc841faa502e727a48311948e0461132a9c8baa42f6b2b84a29ced24cc078",
+ "sha256:8f894208794b164e6bd4bba61fc98bf6b06be4d390cf2daacfa6eca0a6d2bb4f",
+ "sha256:a04e990a2a41740b02d6182b498ee9796cf60eefe40cf859b016650147908029",
+ "sha256:a44963520b069e12789d0faea4e9fdb1e410cdc4aab89d94f7f55cbb7fef0353",
+ "sha256:a6bb74ed465d5fb204b2ec41d79bcd28afccf817de721e8a807d5141c3426638",
+ "sha256:ab73b35e8d109bffbda9a3e91c64e29fe26e03e49addf5b43d85fc426dde11f9",
+ "sha256:aea072a941b033813f5e4814541fc265a5c12ed9720daef11ca516aeacd3bd7f",
+ "sha256:b1ccf5e728ccf83acd313c89f07c22d70d6c375a9c6f339233dcf792094bcbf7",
+ "sha256:b385d49609f8e9efc885790a5a0e89f2e3ae042cdf12958b6034cc442de428d3",
+ "sha256:b3d45ff86efb129c599a3b287ae2e44c1e281ae0f9a9bad0edc202179bcc3a2e",
+ "sha256:b4a474f799456e0eb46d78ab07303286a84a3140e9700b9e154cfebc8f527016",
+ "sha256:b95c3a8cb0463ba9f77383d0fa8c9194cf91f64445a63fc26fb2327e1e1eb088",
+ "sha256:c5986ee7ea0795a4095ac4d113cbb3448601efca7f158ec7f7087a6c705304e4",
+ "sha256:cdd31315fc20868c194130de9ee6bfd99755cc9565edff98ecc12585b90be882",
+ "sha256:cef4649ec906ea7ea5e9e796e68b987f83fa9a718514fe147f538cfeda76d7a7",
+ "sha256:d05c16cf4b4c2fc880cb12ba4c9b526e9e5d5bb1d81313d4d732a5b9fe2b9d53",
+ "sha256:d2e344d6adc8ef81c5a233d3a57b3c7d5181f40e79e05e1c143da143ccb6377d",
+ "sha256:d45d3cbd94159c468b9b8c5a556e3f6b81a8d1af2a92b77320e887c3e7a5d080",
+ "sha256:db14f552ac38f10758ad14dd7b983dbab424e731588d300c7db25b6f89e335b5",
+ "sha256:dbc5958cb471e5a5af41b0ddaea96a37e74ed289535e8deca404811f6cb0bc3d",
+ "sha256:ddbd2f9713a79e8e7242d7c51f1929611e991d855f414ca9996c20e44a895f7c",
+ "sha256:e16f3d6b491c48c5ae726308e6ab1e18ee830b4cdd6913f2d7f77354b33f91c8",
+ "sha256:e2afe743289273209c992075a5a4913e8d007d569a406ffed0bd080ea02b0633",
+ "sha256:e564c2cf45d2f44a9da56f4e3a26b2236504a496eb4cb0ca7221cd4cc7a9aca9",
+ "sha256:ed550e7442f278af76d9d65af48069f1fb84c9f745ae249c1a183c1e9d1b025c"
],
"index": "pypi",
- "version": "==7.5.3"
+ "version": "==7.5.4"
},
"iniconfig": {
"hashes": [
diff --git a/dbrepo-search-service/app.py b/dbrepo-search-service/app.py
index 460f0c7eba5932c57f62b129b184ed216ade6e98..47f1f0254caa7bc0f2446faffd9af98dd9630a45 100644
--- a/dbrepo-search-service/app.py
+++ b/dbrepo-search-service/app.py
@@ -165,7 +165,7 @@ template = {
"info": {
"title": "Database Repository Search Service API",
"description": "Service that searches the search database",
- "version": "1.4.4",
+ "version": "1.4.5",
"contact": {
"name": "Prof. Andreas Rauber",
"email": "andreas.rauber@tuwien.ac.at"
@@ -177,7 +177,7 @@ template = {
},
"externalDocs": {
"description": "Sourcecode Documentation",
- "url": "https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/"
+ "url": "https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.5/"
},
"servers": [
{
diff --git a/dbrepo-search-service/init/Pipfile.lock b/dbrepo-search-service/init/Pipfile.lock
index 37ffb270abdd1104ad58eb249b63b610bf88606f..3053d901cd7867d75f24a1012a84942e21e3ebcd 100644
--- a/dbrepo-search-service/init/Pipfile.lock
+++ b/dbrepo-search-service/init/Pipfile.lock
@@ -1044,61 +1044,61 @@
"develop": {
"coverage": {
"hashes": [
- "sha256:015eddc5ccd5364dcb902eaecf9515636806fa1e0d5bef5769d06d0f31b54523",
- "sha256:04aefca5190d1dc7a53a4c1a5a7f8568811306d7a8ee231c42fb69215571944f",
- "sha256:05ac5f60faa0c704c0f7e6a5cbfd6f02101ed05e0aee4d2822637a9e672c998d",
- "sha256:0bbddc54bbacfc09b3edaec644d4ac90c08ee8ed4844b0f86227dcda2d428fcb",
- "sha256:1d2a830ade66d3563bb61d1e3c77c8def97b30ed91e166c67d0632c018f380f0",
- "sha256:239a4e75e09c2b12ea478d28815acf83334d32e722e7433471fbf641c606344c",
- "sha256:244f509f126dc71369393ce5fea17c0592c40ee44e607b6d855e9c4ac57aac98",
- "sha256:25a5caf742c6195e08002d3b6c2dd6947e50efc5fc2c2205f61ecb47592d2d83",
- "sha256:296a7d9bbc598e8744c00f7a6cecf1da9b30ae9ad51c566291ff1314e6cbbed8",
- "sha256:2e079c9ec772fedbade9d7ebc36202a1d9ef7291bc9b3a024ca395c4d52853d7",
- "sha256:33ca90a0eb29225f195e30684ba4a6db05dbef03c2ccd50b9077714c48153cac",
- "sha256:33fc65740267222fc02975c061eb7167185fef4cc8f2770267ee8bf7d6a42f84",
- "sha256:341dd8f61c26337c37988345ca5c8ccabeff33093a26953a1ac72e7d0103c4fb",
- "sha256:34d6d21d8795a97b14d503dcaf74226ae51eb1f2bd41015d3ef332a24d0a17b3",
- "sha256:3538d8fb1ee9bdd2e2692b3b18c22bb1c19ffbefd06880f5ac496e42d7bb3884",
- "sha256:38a3b98dae8a7c9057bd91fbf3415c05e700a5114c5f1b5b0ea5f8f429ba6614",
- "sha256:3d5a67f0da401e105753d474369ab034c7bae51a4c31c77d94030d59e41df5bd",
- "sha256:50084d3516aa263791198913a17354bd1dc627d3c1639209640b9cac3fef5807",
- "sha256:55f689f846661e3f26efa535071775d0483388a1ccfab899df72924805e9e7cd",
- "sha256:5bc5a8c87714b0c67cfeb4c7caa82b2d71e8864d1a46aa990b5588fa953673b8",
- "sha256:62bda40da1e68898186f274f832ef3e759ce929da9a9fd9fcf265956de269dbc",
- "sha256:705f3d7c2b098c40f5b81790a5fedb274113373d4d1a69e65f8b68b0cc26f6db",
- "sha256:75e3f4e86804023e991096b29e147e635f5e2568f77883a1e6eed74512659ab0",
- "sha256:7b2a19e13dfb5c8e145c7a6ea959485ee8e2204699903c88c7d25283584bfc08",
- "sha256:7cec2af81f9e7569280822be68bd57e51b86d42e59ea30d10ebdbb22d2cb7232",
- "sha256:8383a6c8cefba1b7cecc0149415046b6fc38836295bc4c84e820872eb5478b3d",
- "sha256:8c836309931839cca658a78a888dab9676b5c988d0dd34ca247f5f3e679f4e7a",
- "sha256:8e317953bb4c074c06c798a11dbdd2cf9979dbcaa8ccc0fa4701d80042d4ebf1",
- "sha256:923b7b1c717bd0f0f92d862d1ff51d9b2b55dbbd133e05680204465f454bb286",
- "sha256:990fb20b32990b2ce2c5f974c3e738c9358b2735bc05075d50a6f36721b8f303",
- "sha256:9aad68c3f2566dfae84bf46295a79e79d904e1c21ccfc66de88cd446f8686341",
- "sha256:a5812840d1d00eafae6585aba38021f90a705a25b8216ec7f66aebe5b619fb84",
- "sha256:a6519d917abb15e12380406d721e37613e2a67d166f9fb7e5a8ce0375744cd45",
- "sha256:ab0b028165eea880af12f66086694768f2c3139b2c31ad5e032c8edbafca6ffc",
- "sha256:aea7da970f1feccf48be7335f8b2ca64baf9b589d79e05b9397a06696ce1a1ec",
- "sha256:b1196e13c45e327d6cd0b6e471530a1882f1017eb83c6229fc613cd1a11b53cd",
- "sha256:b368e1aee1b9b75757942d44d7598dcd22a9dbb126affcbba82d15917f0cc155",
- "sha256:bde997cac85fcac227b27d4fb2c7608a2c5f6558469b0eb704c5726ae49e1c52",
- "sha256:c4c2872b3c91f9baa836147ca33650dc5c172e9273c808c3c3199c75490e709d",
- "sha256:c59d2ad092dc0551d9f79d9d44d005c945ba95832a6798f98f9216ede3d5f485",
- "sha256:d1da0a2e3b37b745a2b2a678a4c796462cf753aebf94edcc87dcc6b8641eae31",
- "sha256:d8b7339180d00de83e930358223c617cc343dd08e1aa5ec7b06c3a121aec4e1d",
- "sha256:dd4b3355b01273a56b20c219e74e7549e14370b31a4ffe42706a8cda91f19f6d",
- "sha256:e08c470c2eb01977d221fd87495b44867a56d4d594f43739a8028f8646a51e0d",
- "sha256:f5102a92855d518b0996eb197772f5ac2a527c0ec617124ad5242a3af5e25f85",
- "sha256:f542287b1489c7a860d43a7d8883e27ca62ab84ca53c965d11dac1d3a1fab7ce",
- "sha256:f78300789a708ac1f17e134593f577407d52d0417305435b134805c4fb135adb",
- "sha256:f81bc26d609bf0fbc622c7122ba6307993c83c795d2d6f6f6fd8c000a770d974",
- "sha256:f836c174c3a7f639bded48ec913f348c4761cbf49de4a20a956d3431a7c9cb24",
- "sha256:fa21a04112c59ad54f69d80e376f7f9d0f5f9123ab87ecd18fbb9ec3a2beed56",
- "sha256:fcf7d1d6f5da887ca04302db8e0e0cf56ce9a5e05f202720e49b3e8157ddb9a9",
- "sha256:fd27d8b49e574e50caa65196d908f80e4dff64d7e592d0c59788b45aad7e8b35"
+ "sha256:018a12985185038a5b2bcafab04ab833a9a0f2c59995b3cec07e10074c78635f",
+ "sha256:02ff6e898197cc1e9fa375581382b72498eb2e6d5fc0b53f03e496cfee3fac6d",
+ "sha256:042183de01f8b6d531e10c197f7f0315a61e8d805ab29c5f7b51a01d62782747",
+ "sha256:1014fbf665fef86cdfd6cb5b7371496ce35e4d2a00cda501cf9f5b9e6fced69f",
+ "sha256:1137f46adb28e3813dec8c01fefadcb8c614f33576f672962e323b5128d9a68d",
+ "sha256:16852febd96acd953b0d55fc842ce2dac1710f26729b31c80b940b9afcd9896f",
+ "sha256:2174e7c23e0a454ffe12267a10732c273243b4f2d50d07544a91198f05c48f47",
+ "sha256:2214ee920787d85db1b6a0bd9da5f8503ccc8fcd5814d90796c2f2493a2f4d2e",
+ "sha256:3257fdd8e574805f27bb5342b77bc65578e98cbc004a92232106344053f319ba",
+ "sha256:3684bc2ff328f935981847082ba4fdc950d58906a40eafa93510d1b54c08a66c",
+ "sha256:3a6612c99081d8d6134005b1354191e103ec9705d7ba2754e848211ac8cacc6b",
+ "sha256:3d7564cc09dd91b5a6001754a5b3c6ecc4aba6323baf33a12bd751036c998be4",
+ "sha256:44da56a2589b684813f86d07597fdf8a9c6ce77f58976727329272f5a01f99f7",
+ "sha256:5013ed890dc917cef2c9f765c4c6a8ae9df983cd60dbb635df8ed9f4ebc9f555",
+ "sha256:54317c2b806354cbb2dc7ac27e2b93f97096912cc16b18289c5d4e44fc663233",
+ "sha256:56b4eafa21c6c175b3ede004ca12c653a88b6f922494b023aeb1e836df953ace",
+ "sha256:581ea96f92bf71a5ec0974001f900db495488434a6928a2ca7f01eee20c23805",
+ "sha256:5cd64adedf3be66f8ccee418473c2916492d53cbafbfcff851cbec5a8454b136",
+ "sha256:5df54843b88901fdc2f598ac06737f03d71168fd1175728054c8f5a2739ac3e4",
+ "sha256:65e528e2e921ba8fd67d9055e6b9f9e34b21ebd6768ae1c1723f4ea6ace1234d",
+ "sha256:6aae5cce399a0f065da65c7bb1e8abd5c7a3043da9dceb429ebe1b289bc07806",
+ "sha256:6cfb5a4f556bb51aba274588200a46e4dd6b505fb1a5f8c5ae408222eb416f99",
+ "sha256:7076b4b3a5f6d2b5d7f1185fde25b1e54eb66e647a1dfef0e2c2bfaf9b4c88c8",
+ "sha256:73ca8fbc5bc622e54627314c1a6f1dfdd8db69788f3443e752c215f29fa87a0b",
+ "sha256:79b356f3dd5b26f3ad23b35c75dbdaf1f9e2450b6bcefc6d0825ea0aa3f86ca5",
+ "sha256:7a892be37ca35eb5019ec85402c3371b0f7cda5ab5056023a7f13da0961e60da",
+ "sha256:8192794d120167e2a64721d88dbd688584675e86e15d0569599257566dec9bf0",
+ "sha256:820bc841faa502e727a48311948e0461132a9c8baa42f6b2b84a29ced24cc078",
+ "sha256:8f894208794b164e6bd4bba61fc98bf6b06be4d390cf2daacfa6eca0a6d2bb4f",
+ "sha256:a04e990a2a41740b02d6182b498ee9796cf60eefe40cf859b016650147908029",
+ "sha256:a44963520b069e12789d0faea4e9fdb1e410cdc4aab89d94f7f55cbb7fef0353",
+ "sha256:a6bb74ed465d5fb204b2ec41d79bcd28afccf817de721e8a807d5141c3426638",
+ "sha256:ab73b35e8d109bffbda9a3e91c64e29fe26e03e49addf5b43d85fc426dde11f9",
+ "sha256:aea072a941b033813f5e4814541fc265a5c12ed9720daef11ca516aeacd3bd7f",
+ "sha256:b1ccf5e728ccf83acd313c89f07c22d70d6c375a9c6f339233dcf792094bcbf7",
+ "sha256:b385d49609f8e9efc885790a5a0e89f2e3ae042cdf12958b6034cc442de428d3",
+ "sha256:b3d45ff86efb129c599a3b287ae2e44c1e281ae0f9a9bad0edc202179bcc3a2e",
+ "sha256:b4a474f799456e0eb46d78ab07303286a84a3140e9700b9e154cfebc8f527016",
+ "sha256:b95c3a8cb0463ba9f77383d0fa8c9194cf91f64445a63fc26fb2327e1e1eb088",
+ "sha256:c5986ee7ea0795a4095ac4d113cbb3448601efca7f158ec7f7087a6c705304e4",
+ "sha256:cdd31315fc20868c194130de9ee6bfd99755cc9565edff98ecc12585b90be882",
+ "sha256:cef4649ec906ea7ea5e9e796e68b987f83fa9a718514fe147f538cfeda76d7a7",
+ "sha256:d05c16cf4b4c2fc880cb12ba4c9b526e9e5d5bb1d81313d4d732a5b9fe2b9d53",
+ "sha256:d2e344d6adc8ef81c5a233d3a57b3c7d5181f40e79e05e1c143da143ccb6377d",
+ "sha256:d45d3cbd94159c468b9b8c5a556e3f6b81a8d1af2a92b77320e887c3e7a5d080",
+ "sha256:db14f552ac38f10758ad14dd7b983dbab424e731588d300c7db25b6f89e335b5",
+ "sha256:dbc5958cb471e5a5af41b0ddaea96a37e74ed289535e8deca404811f6cb0bc3d",
+ "sha256:ddbd2f9713a79e8e7242d7c51f1929611e991d855f414ca9996c20e44a895f7c",
+ "sha256:e16f3d6b491c48c5ae726308e6ab1e18ee830b4cdd6913f2d7f77354b33f91c8",
+ "sha256:e2afe743289273209c992075a5a4913e8d007d569a406ffed0bd080ea02b0633",
+ "sha256:e564c2cf45d2f44a9da56f4e3a26b2236504a496eb4cb0ca7221cd4cc7a9aca9",
+ "sha256:ed550e7442f278af76d9d65af48069f1fb84c9f745ae249c1a183c1e9d1b025c"
],
"index": "pypi",
- "version": "==7.5.3"
+ "version": "==7.5.4"
},
"iniconfig": {
"hashes": [
diff --git a/dbrepo-search-service/init/lib/dbrepo-1.4.5-py3-none-any.whl b/dbrepo-search-service/init/lib/dbrepo-1.4.5-py3-none-any.whl
new file mode 100644
index 0000000000000000000000000000000000000000..249fd5dc181271a3069745f5a6ef8a26de398037
Binary files /dev/null and b/dbrepo-search-service/init/lib/dbrepo-1.4.5-py3-none-any.whl differ
diff --git a/dbrepo-search-service/init/lib/dbrepo-1.4.5.tar.gz b/dbrepo-search-service/init/lib/dbrepo-1.4.5.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..2f21496bd2280550f4242bbc0fff4a47116d6ad5
Binary files /dev/null and b/dbrepo-search-service/init/lib/dbrepo-1.4.5.tar.gz differ
diff --git a/dbrepo-search-service/lib/dbrepo-1.4.5-py3-none-any.whl b/dbrepo-search-service/lib/dbrepo-1.4.5-py3-none-any.whl
new file mode 100644
index 0000000000000000000000000000000000000000..249fd5dc181271a3069745f5a6ef8a26de398037
Binary files /dev/null and b/dbrepo-search-service/lib/dbrepo-1.4.5-py3-none-any.whl differ
diff --git a/dbrepo-search-service/lib/dbrepo-1.4.5.tar.gz b/dbrepo-search-service/lib/dbrepo-1.4.5.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..2f21496bd2280550f4242bbc0fff4a47116d6ad5
Binary files /dev/null and b/dbrepo-search-service/lib/dbrepo-1.4.5.tar.gz differ
diff --git a/dbrepo-ui/composables/user-service.ts b/dbrepo-ui/composables/user-service.ts
index a8b98916139feabbd288a8dbde3aef7f569fdfdd..4bfedfd9ebdd5216eeb98751b823955828d1cb17 100644
--- a/dbrepo-ui/composables/user-service.ts
+++ b/dbrepo-ui/composables/user-service.ts
@@ -126,7 +126,7 @@ export const useUserService = (): any => {
function tokenToUserId(token: string): string {
const data: Token = jwtDecode<Token>(token)
- return data.sub
+ return data.uid
}
function userInfoToUser(data: UserDto) {
diff --git a/dbrepo-ui/dto/jwt.ts b/dbrepo-ui/dto/jwt.ts
index e9cc8ab00207875895eb65462cada7f5d639ec1b..a47085114e3c80c229e80b43fb27adc94fd9d3d3 100644
--- a/dbrepo-ui/dto/jwt.ts
+++ b/dbrepo-ui/dto/jwt.ts
@@ -11,7 +11,8 @@ interface Token {
realm_access: RealmAccess;
scope: string;
sid: string;
- client_id: string;
+ uid: string;
+ preferred_username: string;
}
interface RealmAccess {
diff --git a/dbrepo-ui/layouts/default.vue b/dbrepo-ui/layouts/default.vue
index 83c667ee08e5cc9923053ac3f217e9c98be27e59..41620761c58257affb380be4be741489c8f77ce8 100644
--- a/dbrepo-ui/layouts/default.vue
+++ b/dbrepo-ui/layouts/default.vue
@@ -177,6 +177,9 @@ export default {
}
},
computed: {
+ token () {
+ return this.userStore.getToken
+ },
user () {
return this.userStore.getUser
},
@@ -272,6 +275,10 @@ export default {
this.$router.push({ path: '/search', query: { q: this.search } })
},
initEnvironment () {
+ if (this.token && !this.user) {
+ console.error('Something went wrong with loading the user: reset user cache')
+ this.userStore.logout()
+ }
if (!this.locale) {
this.userStore.setLocale('en')
}
diff --git a/dbrepo-ui/locales/de-AT.json b/dbrepo-ui/locales/de-AT.json
index 263dbe62fc5ccdbd36d70a549bd8a433122c78ec..7c2b2a149f4cde28256e8a92410fd76527da4e96 100644
--- a/dbrepo-ui/locales/de-AT.json
+++ b/dbrepo-ui/locales/de-AT.json
@@ -1030,6 +1030,10 @@
}
},
"error": {
+ "auth": {
+ "connection": "Kontakt zum Authentifizierungsdienst fehlgeschlagen",
+ "invalid": "Authentifizierung im Authentifizierungsdienst fehlgeschlagen"
+ },
"access": {
"missing": "Der Zugriff in der Metadatendatenbank konnte nicht gefunden werden"
},
diff --git a/dbrepo-ui/locales/en-US.json b/dbrepo-ui/locales/en-US.json
index a345e0bec5362890064c770ccb96ec13eb431295..c914fd774cc3d552d6a721563774447abad279d1 100644
--- a/dbrepo-ui/locales/en-US.json
+++ b/dbrepo-ui/locales/en-US.json
@@ -1033,11 +1033,15 @@
}
},
"error": {
+ "auth": {
+ "connection": "Failed to contact auth service",
+ "invalid": "Failed to authenticate in auth service"
+ },
"access": {
"missing": "Failed to find access in metadata database"
},
"axios": {
- "connection": "Failed to establish connection",
+ "connection": "Failed to contact backend",
"timeout": "Connection timed out"
},
"concept": {
@@ -1048,17 +1052,17 @@
"missing": "Failed to find container in metadata database"
},
"data": {
+ "connection": "Failed to contact data service",
"invalid": "Failed to communicate with data service",
- "connection": "Failed to establish connection to data service",
"value": "Failed to set column value",
"drift": "Your browser clock is not synchronized with UTC and seems to be off by"
},
"database": {
- "connection": "Failed to establis connection to the database",
+ "connection": "Failed to contact database",
+ "create": "Failed to create database in data service",
"invalid": "Failed to perform action in database",
"querystore": "Failed to insert query into query store",
- "missing": "Failed to find database in metadata database",
- "create": "Failed to establish connection with metadata service"
+ "missing": "Failed to find database in metadata database"
},
"doi": {
"missing": "Failed to find DOI in metadata database"
@@ -1117,9 +1121,9 @@
"persist": "Failed to persist query in the database query store"
},
"metadata": {
- "privileged": "Failed to fetch privileged metadata in the data service",
- "connection": "Failed to establish connection to the metadata service",
- "invalid": "Failed to obtain authentication metadata in the data service"
+ "connection": "Failed to contact metadata service",
+ "invalid": "Failed to obtain authentication metadata in the data service",
+ "privileged": "Failed to fetch privileged metadata in the data service"
},
"sidecar": {
"export": "Failed to export dataset to the database sidecar",
@@ -1164,12 +1168,12 @@
"malformed": "Invalid pagination request"
},
"table": {
+ "connection": "Failed to contact database",
+ "create": "Failed to create table",
"missing": "Failed to find table in metadata database",
"exists": "Table with this name exists already",
"invalid": "Failed to parse columns in the data service",
- "malformed": "Failed to insert entry",
- "create": "Failed to create table",
- "connection": "Failed to load table data because database is not reachable"
+ "malformed": "Failed to insert entry"
},
"unit": {
"missing": "Failed to find semantic unit in metadata database"
diff --git a/dbrepo-ui/pages/user/authentication.vue b/dbrepo-ui/pages/user/authentication.vue
index a40fef51e5e8f6b690beffa65d605110384f1c7b..4cb3e11a02c34f38cf2a5a197e10c4d33762661f 100644
--- a/dbrepo-ui/pages/user/authentication.vue
+++ b/dbrepo-ui/pages/user/authentication.vue
@@ -112,10 +112,10 @@ export default {
changePassword () {
this.loadingUpdate = true
const userService = useUserService()
- userService.updatePassword(this.user.id, this.password)
+ userService.updatePassword(this.user.id, {'password': this.password})
.then(() => {
const toast = useToastInstance()
- toast.success('success.user.password')
+ toast.success(this.$t('success.user.password'))
this.loadingUpdate = false
})
.catch(() => {
diff --git a/dbrepo-ui/utils/index.ts b/dbrepo-ui/utils/index.ts
index 0cea2f14070f87dd62c9aeb872b3eadb8961c5db..66dbe9448329faab2b2c18b4801bb59d878d06bb 100644
--- a/dbrepo-ui/utils/index.ts
+++ b/dbrepo-ui/utils/index.ts
@@ -1048,15 +1048,6 @@ export function isActiveMessage(message: any) {
return false
}
-export function translate(t: any, code: string): string {
- if (t === null) {
- console.error('$t is null')
- return ''
- }
- console.debug('$t argument', code)
- return t(code)
-}
-
export function axiosErrorToApiError(error: AxiosError): ApiErrorDto {
if (error.code === 'ECONNABORTED') {
/* timeout */
diff --git a/docker-compose.yml b/docker-compose.yml
index 65d23f7e45b36a82df4cad73cccf6424b9413e61..43c3fbbfb133fe87b0d1138d2d7cbce46750a3c6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,6 +8,7 @@ volumes:
upload-service-data:
search-db-data:
storage-service-data:
+ identity-service-data:
services:
dbrepo-metadata-db:
@@ -38,8 +39,8 @@ services:
hostname: data-db
image: docker.io/bitnami/mariadb:11.1.3-debian-11-r6
volumes:
- - data-db-data:/bitnami/mariadb
- "${SHARED_VOLUME:-/tmp}:/tmp"
+ - data-db-data:/bitnami/mariadb
ports:
- "3307:3306"
environment:
@@ -91,9 +92,11 @@ services:
AUTH_DB: "${AUTH_DB:-keycloak}"
KC_DB_USERNAME: "${AUTH_USERNAME:-root}"
KC_DB_PASSWORD: "${AUTH_PASSWORD:-dbrepo}"
- KEYCLOAK_ADMIN: "${KEYCLOAK_ADMIN:-fda}"
- KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD:-fda}"
+ KEYCLOAK_ADMIN: "${KEYCLOAK_ADMIN:-admin}"
+ KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD:-admin}"
depends_on:
+ dbrepo-identity-service:
+ condition: service_healthy
dbrepo-auth-db:
condition: service_healthy
logging:
@@ -116,8 +119,8 @@ services:
ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}"
ADMIN_USERNAME: "${ADMIN_USERNAME:-admin}"
ANALYSE_SERVICE_ENDPOINT: "${ANALYSE_SERVICE_ENDPOINT:-http://gateway-service}"
- AUTH_SERVICE_ADMIN: ${AUTH_SERVICE_ADMIN:-fda}
- AUTH_SERVICE_ADMIN_PASSWORD: ${AUTH_SERVICE_ADMIN_PASSWORD:-fda}
+ AUTH_SERVICE_ADMIN: ${AUTH_SERVICE_ADMIN:-admin}
+ AUTH_SERVICE_ADMIN_PASSWORD: ${AUTH_SERVICE_ADMIN_PASSWORD:-admin}
AUTH_SERVICE_CLIENT: ${AUTH_SERVICE_CLIENT:-dbrepo-client}
AUTH_SERVICE_CLIENT_SECRET: ${AUTH_SERVICE_CLIENT:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}
AUTH_SERVICE_ENDPOINT: ${AUTH_SERVICE_ENDPOINT:-http://gateway-service/api/auth}
@@ -125,10 +128,10 @@ services:
BROKER_EXCHANGE_NAME: ${BROKER_EXCHANGE_NAME:-dbrepo}
BROKER_QUEUE_NAME: ${BROKER_QUEUE_NAME:-dbrepo}
BROKER_HOST: "${BROKER_ENDPOINT:-broker-service}"
- BROKER_PASSWORD: ${BROKER_PASSWORD:-fda}
+ BROKER_PASSWORD: ${BROKER_PASSWORD:-admin}
BROKER_PORT: ${BROKER_PORT:-5672}
BROKER_SERVICE_ENDPOINT: ${BROKER_SERVICE_ENDPOINT:-http://gateway-service/admin/broker}
- BROKER_USERNAME: ${BROKER_USERNAME:-fda}
+ BROKER_USERNAME: ${BROKER_USERNAME:-admin}
BROKER_VIRTUALHOST: "${BROKER_VIRTUALHOST:-dbrepo}"
DATA_SERVICE_ENDPOINT: ${DATA_SERVICE_ENDPOINT:-http://data-service:8080}
DELETED_RECORD: "${DELETED_RECORD:-persistent}"
@@ -204,15 +207,17 @@ services:
container_name: dbrepo-broker-service
hostname: broker-service
image: docker.io/bitnami/rabbitmq:3.12-debian-12
+ ports:
+ - 15672:15672
+ - 5672:5672
volumes:
- ./dbrepo-broker-service/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf
+ - ./dbrepo-broker-service/advanced.config:/etc/rabbitmq/advanced.config
- ./dbrepo-broker-service/enabled_plugins:/etc/rabbitmq/enabled_plugins
- - ./dbrepo-broker-service/cert.pem:/app/cert.pem
- - ./dbrepo-broker-service/pubkey.pem:/app/pubkey.pem
- ./dbrepo-broker-service/definitions.json:/app/definitions.json
- broker-service-data:/bitnami/rabbitmq/mnesia
depends_on:
- dbrepo-auth-service:
+ dbrepo-identity-service:
condition: service_healthy
healthcheck:
test: rabbitmq-diagnostics -q is_running | grep 'is fully booted and running'
@@ -366,6 +371,28 @@ services:
logging:
driver: json-file
+ dbrepo-identity-service:
+ restart: "no"
+ container_name: dbrepo-identity-service
+ hostname: identity-service
+ image: bitnami/openldap:2.6.8-debian-12-r1
+ ports:
+ - '1389:1389'
+ - '1636:1636'
+ environment:
+ LDAP_ADMIN_USERNAME: "${IDENTITY_SERVICE_ADMIN_USERNAME:-admin}"
+ LDAP_ADMIN_PASSWORD: "${IDENTITY_SERVICE_ADMIN_PASSWORD:-admin}"
+ LDAP_USERS: "${ADMIN_USERNAME:-admin}"
+ LDAP_PASSWORDS: "${ADMIN_PASSWORD:-admin}"
+ LDAP_GROUP: "${ADMIN_GROUP:-system}"
+ LDAP_ROOT: "${IDENTITY_SERVICE_ROOT:-dc=dbrepo,dc=at}"
+ LDAP_ADMIN_DN: "${IDENTITY_SERVICE_ADMIN_DN:-cn=admin,dc=dbrepo,dc=at}"
+ healthcheck:
+ test: "ldapwhoami -H ldap://localhost:1389 -D ${IDENTITY_SERVICE_ADMIN_DN:-cn=admin,dc=dbrepo,dc=at} -w ${IDENTITY_SERVICE_ADMIN_PASSWORD:-admin} || exit 1"
+ interval: 10s
+ timeout: 5s
+ retries: 12
+
dbrepo-search-service-init:
restart: "no"
container_name: dbrepo-search-service-init
@@ -461,18 +488,18 @@ services:
environment:
ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}"
ADMIN_USERNAME: "${ADMIN_USERNAME:-admin}"
- AUTH_SERVICE_ADMIN: ${AUTH_SERVICE_ADMIN:-fda}
- AUTH_SERVICE_ADMIN_PASSWORD: ${AUTH_SERVICE_ADMIN_PASSWORD:-fda}
+ AUTH_SERVICE_ADMIN: ${AUTH_SERVICE_ADMIN:-admin}
+ AUTH_SERVICE_ADMIN_PASSWORD: ${AUTH_SERVICE_ADMIN_PASSWORD:-admin}
AUTH_SERVICE_CLIENT: ${AUTH_SERVICE_CLIENT:-dbrepo-client}
AUTH_SERVICE_CLIENT_SECRET: ${AUTH_SERVICE_CLIENT:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}
AUTH_SERVICE_ENDPOINT: ${AUTH_SERVICE_ENDPOINT:-http://auth-service:8080}
BROKER_EXCHANGE_NAME: ${BROKER_EXCHANGE_NAME:-dbrepo}
BROKER_QUEUE_NAME: ${BROKER_QUEUE_NAME:-dbrepo}
BROKER_HOST: "${BROKER_ENDPOINT:-broker-service}"
- BROKER_PASSWORD: ${BROKER_PASSWORD:-fda}
+ BROKER_PASSWORD: ${BROKER_PASSWORD:-admin}
BROKER_PORT: ${BROKER_PORT:-5672}
BROKER_SERVICE_ENDPOINT: ${BROKER_SERVICE_ENDPOINT:-http://gateway-service/admin/broker}
- BROKER_USERNAME: ${BROKER_USERNAME:-fda}
+ BROKER_USERNAME: ${BROKER_USERNAME:-admin}
BROKER_VIRTUALHOST: "${BROKER_VIRTUALHOST:-dbrepo}"
CONNECTION_TIMEOUT: ${CONNECTION_TIMEOUT:-60000}
EXCHANGE_NAME: ${EXCHANGE_NAME:-dbrepo}
diff --git a/helm/dbrepo/Chart.lock b/helm/dbrepo/Chart.lock
index dd42ade0c3ffaa28c6d562fc46f30dafc81a7ecf..aa7d0b93cc0303567b1782ff85ce7b2ff6055341 100644
--- a/helm/dbrepo/Chart.lock
+++ b/helm/dbrepo/Chart.lock
@@ -20,5 +20,8 @@ dependencies:
- name: tusd
repository: https://charts.sagikazarmark.dev
version: 0.1.2
-digest: sha256:867a4a60bbccfaeb880d000eeb634db20554ef91523aa3b1331c53bdf48e8db4
-generated: "2024-06-14T15:12:25.44560113+02:00"
+- name: openldap-stack-ha
+ repository: https://jp-gouin.github.io/helm-openldap/
+ version: 4.2.5
+digest: sha256:148c7e81b148258da485bc471e36de0f52b8abb1811f26557b1c11e5756e88c7
+generated: "2024-06-26T07:56:42.532498605+02:00"
diff --git a/helm/dbrepo/Chart.yaml b/helm/dbrepo/Chart.yaml
index 4838a04ed0bbb9327b899097c22e01960760fee2..0e708f4669f6debdef8ee7df236c2654de8c832c 100644
--- a/helm/dbrepo/Chart.yaml
+++ b/helm/dbrepo/Chart.yaml
@@ -48,4 +48,9 @@ dependencies:
alias: uploadservice
version: 0.1.2
repository: https://charts.sagikazarmark.dev
- condition: uploadservice.enabled
\ No newline at end of file
+ condition: uploadservice.enabled
+ - name: openldap-stack-ha
+ alias: identityservice
+ version: 4.2.5
+ repository: https://jp-gouin.github.io/helm-openldap/
+ condition: identityservice.enabled
\ No newline at end of file
diff --git a/helm/dbrepo/README.md b/helm/dbrepo/README.md
index 41109de1140b2dd42dc1c42daf19f7cb350918bd..48848c588c1698d2f578a0b39543ba6610d0bc4e 100644
--- a/helm/dbrepo/README.md
+++ b/helm/dbrepo/README.md
@@ -55,13 +55,6 @@ The command removes all the Kubernetes components associated with the chart and
| `strategyType` | The image pull | `RollingUpdate` |
| `clusterDomain` | The cluster domain. | `cluster.local` |
-### Internal Admin User
-
-| Name | Description | Value |
-| ---------------- | ---------------------------- | ------- |
-| `admin.username` | The internal admin username. | `admin` |
-| `admin.password` | The internal admin password. | `admin` |
-
### Metadata Database
| Name | Description | Value |
@@ -107,7 +100,7 @@ The command removes all the Kubernetes components associated with the chart and
| Name | Description | Value |
| ---------------------- | ----------------------------------- | ----------- |
-| `searchdb.enabled` | Enable the Data Database. | `true.` |
+| `searchdb.enabled` | Enable the Data Database. | `true` |
| `searchdb.host` | The hostname for the microservices. | `search-db` |
| `searchdb.port` | The port for the microservices. | `9200` |
| `searchdb.clusterName` | The cluster name. | `search-db` |
@@ -121,24 +114,26 @@ The command removes all the Kubernetes components associated with the chart and
### Broker Service
-| Name | Description | Value |
-| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------ |
-| `brokerservice.enabled` | Enable the Broker Service. | `true` |
-| `brokerservice.image.debug` | Set the logging level to `trace`. Otherwise, set to `info`. | `true` |
-| `brokerservice.endpoint` | The management api endpoint for the microservices. | `http://broker-service:15672` |
-| `brokerservice.host` | The hostname for the microservices. | `broker-service` |
-| `brokerservice.port` | The port for the microservices. | `5672` |
-| `brokerservice.virtualHost` | The default virtual host name. | `dbrepo` |
-| `brokerservice.queueName` | The default queue name. | `dbrepo` |
-| `brokerservice.exchangeName` | The default exchange name. | `dbrepo` |
-| `brokerservice.routingKey` | The default routing key binding from the default queue to the default exchange. | `dbrepo.#` |
-| `brokerservice.connectionTimeout` | The connection timeout in ms. | `60000` |
-| `brokerservice.auth.username` | The initial administrator username. | `broker` |
-| `brokerservice.auth.password` | The initial administrator user password. | `broker` |
-| `brokerservice.auth.passwordHash` | The initial administrator user password has generated with [`generate-rabbitmq-pw.sh`](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/blob/release-1.4.4/helm/dbrepo/hack/generate-rabbitmq-pw.sh). | `1gwjNNTBPKLgyzbsUykfR0JIFC6nNqbNJaxzZ14uPT8JGcTZ` |
-| `brokerservice.extraPlugins` | The list of plugins to be activated. | `rabbitmq_prometheus rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl` |
-| `brokerservice.persistence.enabled` | If set to true, a PVC will be created. | `false` |
-| `brokerservice.replicaCount` | The number of replicas. | `1` |
+| Name | Description | Value |
+| ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- |
+| `brokerservice.enabled` | Enable the Broker Service. | `true` |
+| `brokerservice.image.debug` | Set the logging level to `trace`. Otherwise, set to `info`. | `true` |
+| `brokerservice.endpoint` | The management api endpoint for the microservices. | `http://broker-service:15672` |
+| `brokerservice.host` | The hostname for the microservices. | `broker-service` |
+| `brokerservice.port` | The port for the microservices. | `5672` |
+| `brokerservice.virtualHost` | The default virtual host name. | `dbrepo` |
+| `brokerservice.queueName` | The default queue name. | `dbrepo` |
+| `brokerservice.exchangeName` | The default exchange name. | `dbrepo` |
+| `brokerservice.routingKey` | The default routing key binding from the default queue to the default exchange. | `dbrepo.#` |
+| `brokerservice.connectionTimeout` | The connection timeout in ms. | `60000` |
+| `brokerservice.ldap.binddn` | The domain name the broker service should bind to. In many cases this is the admin user from `identityservice.global.adminUser`. | `cn=admin,dc=dbrepo,dc=at` |
+| `brokerservice.ldap.bindpw` | The password to bind on the identity service. In many cases this value is equal to `identityservice.global.adminPassword`. | `admin` |
+| `brokerservice.ldap.uidField` | The field containing the user id. | `uid` |
+| `brokerservice.ldap.basedn` | The base domain name containing the users. | `ou=users,dc=dbrepo,dc=at` |
+| `brokerservice.ldap.userDnPattern` | The pattern to determine the user. | `${username}` |
+| `brokerservice.extraPlugins` | The list of plugins to be activated. | `rabbitmq_prometheus rabbitmq_auth_backend_ldap rabbitmq_auth_mechanism_ssl` |
+| `brokerservice.persistence.enabled` | If set to true, a PVC will be created. | `false` |
+| `brokerservice.replicaCount` | The number of replicas. | `1` |
### Analyse Service
@@ -174,21 +169,26 @@ The command removes all the Kubernetes components associated with the chart and
### Data Service
-| Name | Description | Value |
-| ------------------------------- | --------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
-| `dataservice.enabled` | Enable the Metadata Service. | `true` |
-| `dataservice.endpoint` | The endpoint for the microservices. | `http://data-service` |
-| `dataservice.image.debug` | Set the logging level to `trace`. Otherwise, set to `info`. | `false` |
-| `dataservice.grant.read` | The default database permissions for users with read access. | `SELECT` |
-| `dataservice.grant.write` | The default database permissions for users with write access. | `SELECT, CREATE, CREATE VIEW, CREATE ROUTINE, CREATE TEMPORARY TABLES, LOCK TABLES, INDEX, TRIGGER, INSERT, UPDATE, DELETE` |
-| `dataservice.default.date` | The default date format id for dates. Default: YYYY-MM-dd (e.g. 2024-06-15). | `3` |
-| `dataservice.default.time` | The default date format id for times. Default: HH:mm:ss (e.g. 14:23:42). | `4` |
-| `dataservice.default.timestamp` | The default date format id for timestamps. Default: YYYY-MM-dd HH:mm:ss (e.g. 2024-06-15 14:23:42). | `1` |
-| `dataservice.s3.endpoint` | The S3-capable endpoint the microservice connects to. | `http://storageservice-s3:9000` |
-| `dataservice.s3.auth.username` | The S3-capable endpoint username (or access key id). | `seaweedfsadmin` |
-| `dataservice.s3.auth.password` | The S3-capable endpoint user password (or access key secret). | `seaweedfsadmin` |
-| `dataservice.s3.filePath` | The local location to download/upload files from/to S3-capable endpoint. | `/s3` |
-| `dataservice.replicaCount` | The number of replicas. | `2` |
+| Name | Description | Value |
+| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------- |
+| `dataservice.enabled` | Enable the Metadata Service. | `true` |
+| `dataservice.endpoint` | The endpoint for the microservices. | `http://data-service` |
+| `dataservice.image.debug` | Set the logging level to `trace`. Otherwise, set to `info`. | `false` |
+| `dataservice.grant.read` | The default database permissions for users with read access. | `SELECT` |
+| `dataservice.grant.write` | The default database permissions for users with write access. | `SELECT, CREATE, CREATE VIEW, CREATE ROUTINE, CREATE TEMPORARY TABLES, LOCK TABLES, INDEX, TRIGGER, INSERT, UPDATE, DELETE` |
+| `dataservice.default.date` | The default date format id for dates. Default: YYYY-MM-dd (e.g. 2024-06-15). | `3` |
+| `dataservice.default.time` | The default date format id for times. Default: HH:mm:ss (e.g. 14:23:42). | `4` |
+| `dataservice.default.timestamp` | The default date format id for timestamps. Default: YYYY-MM-dd HH:mm:ss (e.g. 2024-06-15 14:23:42). | `1` |
+| `dataservice.rabbitmq.consumerConcurrentMin` | The minimal number of RabbitMQ consumers. | `2` |
+| `dataservice.rabbitmq.consumerConcurrentMax` | The maximal number of RabbitMQ consumers. | `6` |
+| `dataservice.rabbitmq.requeueRejected` | If set to true, rejected tuples will be re-queued. | `false` |
+| `dataservice.rabbitmq.consumer.username` | The username for the consumer to read tuples from the broker service. In many cases this value is equal to `identityservice.users`. | `admin` |
+| `dataservice.rabbitmq.consumer.password` | The user password for the consumer to read tuples from the broker service. In many cases this value is equal to `identityservice.userPasswords`. | `admin` |
+| `dataservice.s3.endpoint` | The S3-capable endpoint the microservice connects to. | `http://storageservice-s3:9000` |
+| `dataservice.s3.auth.username` | The S3-capable endpoint username (or access key id). | `seaweedfsadmin` |
+| `dataservice.s3.auth.password` | The S3-capable endpoint user password (or access key secret). | `seaweedfsadmin` |
+| `dataservice.s3.filePath` | The local location to download/upload files from/to S3-capable endpoint. | `/s3` |
+| `dataservice.replicaCount` | The number of replicas. | `2` |
### Search Service
@@ -205,6 +205,21 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------ | --------------------------- | ------ |
| `storageservice.enabled` | Enable the Storage Service. | `true` |
+### Identity Service
+
+| Name | Description | Value |
+| -------------------------------------- | ------------------------------------------------------------------------------------------------------------- | ----------------- |
+| `identityservice.enabled` | Enable the Identity Service. | `true` |
+| `identityservice.global.ldapDomain` | The LDAP domain name in domain "dbrepo.at" form or explicit in "dc=dbrepo,dc=at" form. | `dc=dbrepo,dc=at` |
+| `identityservice.global.adminUser` | The admin username that is used to bind. | `admin` |
+| `identityservice.global.adminPassword` | The admin user password that is used to bind. | `admin` |
+| `identityservice.users` | The admin username for internal authentication. | `admin` |
+| `identityservice.userPasswords` | The admin user password for internal authentication. | `admin` |
+| `identityservice.group` | The group that contains the administrators for the broker service. | `system` |
+| `identityservice.persistence.enabled` | If set to true, a PVC will be created. | `true` |
+| `identityservice.replication.enabled` | If set to true, the pods required a cluster. Needs `replicaCount` to be `3` or higher (of 2n+1). | `false` |
+| `identityservice.replicaCount` | The number of replicas. If `replicaCount` is set to more than 1, requires `replication.enabled` to be `true`. | `1` |
+
### User Interface
| Name | Description | Value |
diff --git a/helm/dbrepo/charts/openldap-stack-ha-4.2.5.tgz b/helm/dbrepo/charts/openldap-stack-ha-4.2.5.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..778db881acbb66e2e7b7061e8f3d931606101311
Binary files /dev/null and b/helm/dbrepo/charts/openldap-stack-ha-4.2.5.tgz differ
diff --git a/helm/dbrepo/templates/analyse-secret.yaml b/helm/dbrepo/templates/analyse-secret.yaml
index e995182e17823ad788472aa32e586fdaa21ef074..0f75fb143764bceaf2d5aeb3e35bff53d11c3843 100644
--- a/helm/dbrepo/templates/analyse-secret.yaml
+++ b/helm/dbrepo/templates/analyse-secret.yaml
@@ -6,8 +6,8 @@ metadata:
name: analyse-service-secret
namespace: {{ .Values.namespace }}
stringData:
- ADMIN_USERNAME: "{{ .Values.admin.username }}"
- ADMIN_PASSWORD: "{{ .Values.admin.password }}"
+ ADMIN_USERNAME: "{{ .Values.identityservice.users }}"
+ ADMIN_PASSWORD: "{{ .Values.identityservice.userPasswords }}"
AUTH_SERVICE_ADMIN: "{{ .Values.authservice.auth.adminUser }}"
AUTH_SERVICE_ADMIN_PASSWORD: "{{ .Values.authservice.auth.adminPassword }}"
AUTH_SERVICE_CLIENT: "{{ .Values.authservice.client.id }}"
diff --git a/helm/dbrepo/templates/auth-configmap.yaml b/helm/dbrepo/templates/auth-configmap.yaml
index 0732a8776716c751308d107e5f927c634c86669f..843916e90158599d42c8f4951ad4b7c225cd3981 100644
--- a/helm/dbrepo/templates/auth-configmap.yaml
+++ b/helm/dbrepo/templates/auth-configmap.yaml
@@ -136,11 +136,19 @@ data:
"description" : "${default-table-handling}",
"composite" : true,
"composites" : {
- "realm" : [ "modify-table-column-semantics", "list-tables", "find-table", "create-table", "delete-table" ]
+ "realm" : [ "modify-table-column-semantics", "list-tables", "update-table-statistic", "find-table", "create-table", "delete-table" ]
},
"clientRole" : false,
"containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
"attributes" : { }
+ }, {
+ "id" : "79534da1-4c85-409e-810e-a7ce6d632b09",
+ "name" : "system",
+ "description" : "${system}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
}, {
"id" : "b0d66d3d-59b4-4aae-aa66-e3d5a49f28e3",
"name" : "view-database-view-data",
@@ -176,6 +184,14 @@ data:
"clientRole" : false,
"containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
"attributes" : { }
+ }, {
+ "id" : "0e12eedf-545d-4d32-ac4d-2821dcb118b8",
+ "name" : "update-table-statistic",
+ "description" : "${update-table-statistic}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
}, {
"id" : "e63e61a2-d852-4ad3-bfb5-92d9ceafef6a",
"name" : "escalated-user-handling",
@@ -1297,60 +1313,46 @@ data:
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
- "id" : "6a8cae99-294f-4fc2-9561-5a52f3f6a1ba",
- "name" : "Audience",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-hardcoded-claim-mapper",
- "consentRequired" : false,
- "config" : {
- "claim.value" : "spring",
- "userinfo.token.claim" : "false",
- "id.token.claim" : "false",
- "access.token.claim" : "true",
- "claim.name" : "aud",
- "access.tokenResponse.claim" : "false"
- }
- }, {
- "id" : "8ae79e43-b2b7-4bb9-a420-b498690dd8c3",
- "name" : "given name",
+ "id" : "da0b27c1-ae2e-4baa-bf78-db233e15c78d",
+ "name" : "preferred_username",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
- "userinfo.token.claim" : "false",
- "user.attribute" : "firstName",
- "id.token.claim" : "false",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
"access.token.claim" : "true",
- "claim.name" : "user.firstname",
- "jsonType.label" : "String"
+ "claim.name" : "preferred_username",
+ "userinfo.token.claim" : "true"
}
}, {
- "id" : "ef081a47-f023-4056-958c-4194d3878d8c",
- "name" : "username",
+ "id" : "7c94de93-f60f-487b-b4b7-1891c67f74cc",
+ "name" : "aud",
"protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
+ "protocolMapper" : "oidc-hardcoded-claim-mapper",
"consentRequired" : false,
"config" : {
- "userinfo.token.claim" : "false",
- "user.attribute" : "username",
- "id.token.claim" : "false",
+ "claim.value" : "dbrepo",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
"access.token.claim" : "true",
- "claim.name" : "client_id",
- "jsonType.label" : "String"
+ "claim.name" : "aud",
+ "access.tokenResponse.claim" : "false"
}
}, {
- "id" : "99e3b48b-86ff-4e5b-8652-fcd2738b0ad1",
- "name" : "family name",
+ "id" : "030a1cd9-53d1-4a62-a375-94d50a2dc6fc",
+ "name" : "uid",
"protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
+ "aggregate.attrs" : "false",
+ "multivalued" : "false",
"userinfo.token.claim" : "true",
- "user.attribute" : "lastName",
+ "user.attribute" : "LDAP_ID",
"id.token.claim" : "true",
"access.token.claim" : "true",
- "claim.name" : "user.lastname",
- "jsonType.label" : "String"
+ "claim.name" : "uid"
}
} ],
"defaultClientScopes" : [ "roles", "attributes" ],
@@ -2080,23 +2082,6 @@ data:
"config" : {
"allow-default-scopes" : [ "true" ]
}
- }, {
- "id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1",
- "name" : "Trusted Hosts",
- "providerId" : "trusted-hosts",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : {
- "host-sending-registration-request-must-match" : [ "true" ],
- "client-uris-must-match" : [ "true" ]
- }
- }, {
- "id" : "f565cb47-3bcf-4078-8f94-eb4179c375b8",
- "name" : "Full Scope Disabled",
- "providerId" : "scope",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : { }
}, {
"id" : "0efa669d-1017-4b4a-82e1-c2eaf72de2c9",
"name" : "Allowed Client Scopes",
@@ -2114,25 +2099,185 @@ data:
"subComponents" : { },
"config" : { }
}, {
- "id" : "104ec5a9-025b-4c44-8ac0-82d22887ca3e",
+ "id" : "3ab11d74-5e76-408a-b85a-26bf8950f979",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
- "subType" : "authenticated",
+ "subType" : "anonymous",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper" ]
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper" ]
}
}, {
- "id" : "3ab11d74-5e76-408a-b85a-26bf8950f979",
+ "id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "f565cb47-3bcf-4078-8f94-eb4179c375b8",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "104ec5a9-025b-4c44-8ac0-82d22887ca3e",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
- "subType" : "anonymous",
+ "subType" : "authenticated",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper" ]
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-role-list-mapper" ]
+ }
+ } ],
+ "org.keycloak.storage.UserStorageProvider" : [ {
+ "id" : "c109d473-5ce1-4032-af7b-02e5442f5c07",
+ "name" : "openldap",
+ "providerId" : "ldap",
+ "subComponents" : {
+ "org.keycloak.storage.ldap.mappers.LDAPStorageMapper" : [ {
+ "id" : "db9963a3-03d1-468e-998c-9f3338fdb493",
+ "name" : "creation date",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "createTimestamp" ],
+ "is.mandatory.in.ldap" : [ "false" ],
+ "read.only" : [ "true" ],
+ "always.read.value.from.ldap" : [ "true" ],
+ "user.model.attribute" : [ "createTimestamp" ]
+ }
+ }, {
+ "id" : "9d7b9abc-321e-4674-ba36-b104b9990641",
+ "name" : "last name",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "sn" ],
+ "is.mandatory.in.ldap" : [ "true" ],
+ "always.read.value.from.ldap" : [ "true" ],
+ "read.only" : [ "false" ],
+ "user.model.attribute" : [ "lastName" ]
+ }
+ }, {
+ "id" : "b5b7253b-984e-4aa3-b862-20dbe06e4cf9",
+ "name" : "first name",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "cn" ],
+ "is.mandatory.in.ldap" : [ "true" ],
+ "always.read.value.from.ldap" : [ "true" ],
+ "read.only" : [ "false" ],
+ "user.model.attribute" : [ "firstName" ]
+ }
+ }, {
+ "id" : "ea383c2f-3bfe-4117-a8fd-f012d6ebbf9e",
+ "name" : "email",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "mail" ],
+ "is.mandatory.in.ldap" : [ "false" ],
+ "always.read.value.from.ldap" : [ "false" ],
+ "read.only" : [ "false" ],
+ "user.model.attribute" : [ "email" ]
+ }
+ }, {
+ "id" : "5692d060-55b8-4cb1-b68f-0ae123cd9d02",
+ "name" : "system",
+ "providerId" : "group-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "membership.attribute.type" : [ "DN" ],
+ "group.name.ldap.attribute" : [ "cn" ],
+ "preserve.group.inheritance" : [ "false" ],
+ "membership.user.ldap.attribute" : [ "uid" ],
+ "groups.dn" : [ "cn=system,ou=users,{{ .Values.identityservice.global.ldapDomain }}" ],
+ "mode" : [ "LDAP_ONLY" ],
+ "user.roles.retrieve.strategy" : [ "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE" ],
+ "ignore.missing.groups" : [ "false" ],
+ "membership.ldap.attribute" : [ "member" ],
+ "memberof.ldap.attribute" : [ "memberOf" ],
+ "group.object.classes" : [ "groupOfNames" ],
+ "groups.path" : [ "/" ],
+ "drop.non.existing.groups.during.sync" : [ "false" ]
+ }
+ }, {
+ "id" : "b6ff3285-35af-4e86-8bb4-d94b8e0d70bb",
+ "name" : "modify date",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "modifyTimestamp" ],
+ "is.mandatory.in.ldap" : [ "false" ],
+ "always.read.value.from.ldap" : [ "true" ],
+ "read.only" : [ "true" ],
+ "user.model.attribute" : [ "modifyTimestamp" ]
+ }
+ }, {
+ "id" : "b5d08699-ba3a-4ffd-bf2e-36d1bcac48d9",
+ "name" : "username",
+ "providerId" : "user-attribute-ldap-mapper",
+ "subComponents" : { },
+ "config" : {
+ "ldap.attribute" : [ "uid" ],
+ "attribute.force.default" : [ "false" ],
+ "is.mandatory.in.ldap" : [ "true" ],
+ "is.binary.attribute" : [ "false" ],
+ "always.read.value.from.ldap" : [ "false" ],
+ "read.only" : [ "false" ],
+ "user.model.attribute" : [ "username" ]
+ }
+ } ]
+ },
+ "config" : {
+ "fullSyncPeriod" : [ "-1" ],
+ "pagination" : [ "false" ],
+ "startTls" : [ "false" ],
+ "usersDn" : [ "ou=users,{{ .Values.identityservice.global.ldapDomain }}" ],
+ "connectionPooling" : [ "true" ],
+ "cachePolicy" : [ "DEFAULT" ],
+ "useKerberosForPasswordAuthentication" : [ "false" ],
+ "importEnabled" : [ "true" ],
+ "enabled" : [ "true" ],
+ "usernameLDAPAttribute" : [ "uid" ],
+ "bindDn" : [ "cn={{ .Values.identityservice.global.adminUser }},{{ .Values.identityservice.global.ldapDomain }}" ],
+ "bindCredential" : [ "{{ .Values.identityservice.global.adminPassword }}" ],
+ "changedSyncPeriod" : [ "-1" ],
+ "lastSync" : [ "1719252666" ],
+ "vendor" : [ "other" ],
+ "uuidLDAPAttribute" : [ "entryUUID" ],
+ "allowKerberosAuthentication" : [ "false" ],
+ "connectionUrl" : [ "ldap://identity-service:389" ],
+ "syncRegistrations" : [ "true" ],
+ "authType" : [ "simple" ],
+ "useTruststoreSpi" : [ "ldapsOnly" ],
+ "usePasswordModifyExtendedOp" : [ "false" ],
+ "trustEmail" : [ "false" ],
+ "userObjectClasses" : [ "inetOrgPerson, organizationalPerson, person" ],
+ "rdnLDAPAttribute" : [ "uid" ],
+ "editMode" : [ "WRITABLE" ],
+ "validatePasswordPolicy" : [ "false" ]
}
} ],
"org.keycloak.keys.KeyProvider" : [ {
+ "id" : "2f53ccf3-37b0-4d34-83e7-ed497499ee51",
+ "name" : "rsa-enc-generated",
+ "providerId" : "rsa-enc-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEowIBAAKCAQEA3b1tNLfcjFLUw9UShVDNf+ZD8sQqb4YBaIXcSJTX/zDQUPiCp176BBGI3s4VplDArnOW+LumozmKogeoHEnGEIDW8ovgK5uMU9tSA2p0qqGBUMOdR8YATTIfCJe7qGiiuGa3WZy3sQLM70SuRzx02YU8gvUcvl2Js4KyqAziOUX/w3Wa59H9jjGNUXYyqaPWJp73eHzbVYWySzyLG22mVlcUtBx5siL5T2/Xu0p9z4l7/bapwwmOVi1ZrcHjbEAwdGEiSMGI/uWqAF+r1BRpmJLR7HNXcL3eK4/56VYLaiwSejfyYeRFMITEn/UxGYhcXZ5xMUUCG0TxjBhLYpTBuwIDAQABAoIBAA4dwebcxkrH99Poa8+WkiE7JgaS9sahx9OBI2xwJANoIU2TpzGuNLQZ76uLgB+rPWZTD9Xm5a1iJjwOyQ9/937TzPCk91D0tpgcusRikb8jx/6TGB9acL4kBjYUVCCHr3BA2G75MKKGtJ2OMvAbCQSosZj+r2VDwYFEPUkV2jheE5JHSBkwyIRrus3JCwu8gu5fyCg9z8ljcxJxI5HIsi4v8Z21aCw/cLj7h5cMt44wCjQz4rOfYNBEFeHDtlfR1QtWKgjm4ZHHJbKrzf9b2kQXclziceEbSM0tYbROEXKi+s0Zc+z3HEG89vv0vfN400clmzzIAijKY6gg3pPRWdECgYEA+lnWYbSlXDMNYx6RBXm1RnlMUYIm4oy4/9ljgnoGJ6WCn3SjFkgaDtiKfGIG1BSB85r04pAPANgcWHf5tWDnq0ARvBVG0BX2bKd++7B3D4d3CRYKCwm88SslJXv9dfHVhq4+zViFPiUWwT20A72jCuUCvL88y5fh/YBecfdh+jECgYEA4r5RD0NB9dMaeg5/jk/GEHIo4Z9KLc6FrSoOFo2xFkPOy1sgDpDOiNtypuWvniO7k7Ose3DS3hlfTMsKzIW/CgQJ20+Y4cvBWDaOsRxfjj7w3d+jH5OSJdKKSzTrgLKc9ZhlRzVXy0J0hipIA6HG5kdVdLXmh85ITmf1CbJhE6sCgYBjPVeBNbXTHZ2x6/z62aslO5IoQVqetb/kE82hfDOSZcao5Ph9Lam+ttH2ynkAevykj4mBgi+gWwqpey2uW7KaLPSaxShj9kDQA3mP1fzsV/u0y1rB02Nlin/YIxVvOqU1FT9p8SwoXVVu1sHUNck62VtDbN9xqUx5S/ikXrclEQKBgQCoTssOwEcK+Vty9KYcdfy4onTUHZBLdjxl8Iyqkxy7QTQUYRznkvesQPDXEDGO+kk3dyx2KKZt9Hl4IFNww2quPZcvcuMx4DQxjbXXpA8OIIxcta95NepLJwA+mRai3nKCH1A2TlNP7pFeMa5o+8IPly3Ix2lKr4Wepa4PN5i1pwKBgCZ1QP6XAOERl9NznNmU0rXVcvYNP4PIIfQWfvGsldZ4QKkmjjAGiS0/oYqdWs+UDRZyCRChaVjDXO9fk0PEG5OGKAj9nyiYCT/M8xtJ3UeP5ffZZvJ/vnye3QdDIo1e38ZzsWwJHmLYw7fRqY9W5Vxo0Vsy22U3CJY70KTxVdTy" ],
+ "keyUse" : [ "ENC" ],
+ "certificate" : [ "MIICmzCCAYMCBgGG3GWycDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdvW00t9yMUtTD1RKFUM1/5kPyxCpvhgFohdxIlNf/MNBQ+IKnXvoEEYjezhWmUMCuc5b4u6ajOYqiB6gcScYQgNbyi+Arm4xT21IDanSqoYFQw51HxgBNMh8Il7uoaKK4ZrdZnLexAszvRK5HPHTZhTyC9Ry+XYmzgrKoDOI5Rf/DdZrn0f2OMY1RdjKpo9Ymnvd4fNtVhbJLPIsbbaZWVxS0HHmyIvlPb9e7Sn3PiXv9tqnDCY5WLVmtweNsQDB0YSJIwYj+5aoAX6vUFGmYktHsc1dwvd4rj/npVgtqLBJ6N/Jh5EUwhMSf9TEZiFxdnnExRQIbRPGMGEtilMG7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAK3kQ1VkQrzvSWvmXmazmNoA1ZiPzRDs1XhGUWxgsxzgPylr3dGBuqQbKvgnLUBQLSqlJHpI4fZflHswu1qrvVZYtekPcGef4WhcKAu2i1RwxrKa6RJQ1tRbrLuVYCzPv5p/DWgltWVn88aoLnqQn0SK/0PB/o4a4Cm7Kq2ZzCr1dACBr06LvOHsc7249OySmbG4HH+pLK6jVURhZ9VaObqAHe2FJBVVoIzURbdiRRURqumrIvbnpeaU1aFyg6ED5wTnXvmMPmVPt9F79mcB33bASO5wyu00X8t1hyN2Show2l2vxLACGUzVkTQt15s7uDLKE7qLmKSR3EuSGXWv3wA=" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "RSA-OAEP" ]
+ }
+ }, {
"id" : "28ca0b6d-b2e2-4785-b04b-2391e6344e30",
"name" : "aes-generated",
"providerId" : "aes-generated",
@@ -2153,18 +2298,6 @@ data:
"priority" : [ "100" ],
"algorithm" : [ "HS256" ]
}
- }, {
- "id" : "2f53ccf3-37b0-4d34-83e7-ed497499ee51",
- "name" : "rsa-enc-generated",
- "providerId" : "rsa-enc-generated",
- "subComponents" : { },
- "config" : {
- "privateKey" : [ "MIIEowIBAAKCAQEA3b1tNLfcjFLUw9UShVDNf+ZD8sQqb4YBaIXcSJTX/zDQUPiCp176BBGI3s4VplDArnOW+LumozmKogeoHEnGEIDW8ovgK5uMU9tSA2p0qqGBUMOdR8YATTIfCJe7qGiiuGa3WZy3sQLM70SuRzx02YU8gvUcvl2Js4KyqAziOUX/w3Wa59H9jjGNUXYyqaPWJp73eHzbVYWySzyLG22mVlcUtBx5siL5T2/Xu0p9z4l7/bapwwmOVi1ZrcHjbEAwdGEiSMGI/uWqAF+r1BRpmJLR7HNXcL3eK4/56VYLaiwSejfyYeRFMITEn/UxGYhcXZ5xMUUCG0TxjBhLYpTBuwIDAQABAoIBAA4dwebcxkrH99Poa8+WkiE7JgaS9sahx9OBI2xwJANoIU2TpzGuNLQZ76uLgB+rPWZTD9Xm5a1iJjwOyQ9/937TzPCk91D0tpgcusRikb8jx/6TGB9acL4kBjYUVCCHr3BA2G75MKKGtJ2OMvAbCQSosZj+r2VDwYFEPUkV2jheE5JHSBkwyIRrus3JCwu8gu5fyCg9z8ljcxJxI5HIsi4v8Z21aCw/cLj7h5cMt44wCjQz4rOfYNBEFeHDtlfR1QtWKgjm4ZHHJbKrzf9b2kQXclziceEbSM0tYbROEXKi+s0Zc+z3HEG89vv0vfN400clmzzIAijKY6gg3pPRWdECgYEA+lnWYbSlXDMNYx6RBXm1RnlMUYIm4oy4/9ljgnoGJ6WCn3SjFkgaDtiKfGIG1BSB85r04pAPANgcWHf5tWDnq0ARvBVG0BX2bKd++7B3D4d3CRYKCwm88SslJXv9dfHVhq4+zViFPiUWwT20A72jCuUCvL88y5fh/YBecfdh+jECgYEA4r5RD0NB9dMaeg5/jk/GEHIo4Z9KLc6FrSoOFo2xFkPOy1sgDpDOiNtypuWvniO7k7Ose3DS3hlfTMsKzIW/CgQJ20+Y4cvBWDaOsRxfjj7w3d+jH5OSJdKKSzTrgLKc9ZhlRzVXy0J0hipIA6HG5kdVdLXmh85ITmf1CbJhE6sCgYBjPVeBNbXTHZ2x6/z62aslO5IoQVqetb/kE82hfDOSZcao5Ph9Lam+ttH2ynkAevykj4mBgi+gWwqpey2uW7KaLPSaxShj9kDQA3mP1fzsV/u0y1rB02Nlin/YIxVvOqU1FT9p8SwoXVVu1sHUNck62VtDbN9xqUx5S/ikXrclEQKBgQCoTssOwEcK+Vty9KYcdfy4onTUHZBLdjxl8Iyqkxy7QTQUYRznkvesQPDXEDGO+kk3dyx2KKZt9Hl4IFNww2quPZcvcuMx4DQxjbXXpA8OIIxcta95NepLJwA+mRai3nKCH1A2TlNP7pFeMa5o+8IPly3Ix2lKr4Wepa4PN5i1pwKBgCZ1QP6XAOERl9NznNmU0rXVcvYNP4PIIfQWfvGsldZ4QKkmjjAGiS0/oYqdWs+UDRZyCRChaVjDXO9fk0PEG5OGKAj9nyiYCT/M8xtJ3UeP5ffZZvJ/vnye3QdDIo1e38ZzsWwJHmLYw7fRqY9W5Vxo0Vsy22U3CJY70KTxVdTy" ],
- "keyUse" : [ "ENC" ],
- "certificate" : [ "MIICmzCCAYMCBgGG3GWycDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdvW00t9yMUtTD1RKFUM1/5kPyxCpvhgFohdxIlNf/MNBQ+IKnXvoEEYjezhWmUMCuc5b4u6ajOYqiB6gcScYQgNbyi+Arm4xT21IDanSqoYFQw51HxgBNMh8Il7uoaKK4ZrdZnLexAszvRK5HPHTZhTyC9Ry+XYmzgrKoDOI5Rf/DdZrn0f2OMY1RdjKpo9Ymnvd4fNtVhbJLPIsbbaZWVxS0HHmyIvlPb9e7Sn3PiXv9tqnDCY5WLVmtweNsQDB0YSJIwYj+5aoAX6vUFGmYktHsc1dwvd4rj/npVgtqLBJ6N/Jh5EUwhMSf9TEZiFxdnnExRQIbRPGMGEtilMG7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAK3kQ1VkQrzvSWvmXmazmNoA1ZiPzRDs1XhGUWxgsxzgPylr3dGBuqQbKvgnLUBQLSqlJHpI4fZflHswu1qrvVZYtekPcGef4WhcKAu2i1RwxrKa6RJQ1tRbrLuVYCzPv5p/DWgltWVn88aoLnqQn0SK/0PB/o4a4Cm7Kq2ZzCr1dACBr06LvOHsc7249OySmbG4HH+pLK6jVURhZ9VaObqAHe2FJBVVoIzURbdiRRURqumrIvbnpeaU1aFyg6ED5wTnXvmMPmVPt9F79mcB33bASO5wyu00X8t1hyN2Show2l2vxLACGUzVkTQt15s7uDLKE7qLmKSR3EuSGXWv3wA=" ],
- "priority" : [ "100" ],
- "algorithm" : [ "RSA-OAEP" ]
- }
}, {
"id" : "2293ff99-3c6d-46d1-8635-5e679d5b134a",
"name" : "rsa-generated",
@@ -2181,7 +2314,7 @@ data:
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
- "id" : "81aad346-5dea-4764-a97d-70fa27c7d4a0",
+ "id" : "df1ebc5f-2037-43f5-9915-71eb4cd0ed7e",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
@@ -2203,7 +2336,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "1677aaa5-9086-4d75-8f07-c76e25f90167",
+ "id" : "76ef2d26-2756-4ce1-904b-4be58e99b576",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
@@ -2232,7 +2365,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "04270a38-4dd9-4820-bccd-0eeab6d5e60b",
+ "id" : "b0d74a54-cea7-48f2-a4c9-f35204488da6",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -2254,7 +2387,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "82af3fdb-f93f-40cd-9a1b-5aaac3c99fc4",
+ "id" : "07b964c7-4527-4071-9f7a-e50d6321d951",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -2276,7 +2409,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "9f7a2dee-a00b-4ed0-a28d-aebd5b04c098",
+ "id" : "be69fd2d-1bf5-429e-9833-a76232a23904",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -2298,7 +2431,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "8bb2d6f7-095f-4be5-844e-aa7351be07a3",
+ "id" : "e9d23d2a-d857-4547-a419-2fd850ed58e5",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
@@ -2320,7 +2453,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "dc8b131c-6078-4730-9c89-0f6e523bd42e",
+ "id" : "75e1f120-8a28-4cc0-af60-26fa9d865975",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow",
@@ -2342,7 +2475,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "f308ac01-8dfa-4593-b19f-562c26d95bbd",
+ "id" : "eeb37a0b-2f2f-47f5-9ee6-3da2c8b48ec0",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
@@ -2365,7 +2498,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "12fe4a00-c0ee-4a21-929f-c9e510f7edd4",
+ "id" : "8637f64c-8b45-48b0-b3ba-c6e93225cce4",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
@@ -2387,7 +2520,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "4add5b6a-55d9-4d95-8d24-00e508039883",
+ "id" : "7ad56360-b344-4f26-9dea-1a718ed99d4e",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
@@ -2423,7 +2556,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "783c72d8-b771-45ff-9b94-facbc7fe7c33",
+ "id" : "c6817917-1d21-4693-9171-b2e3dfde9582",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
@@ -2459,7 +2592,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "55bed153-d2e3-44fa-9a42-4fe971325112",
+ "id" : "7cd02437-6d05-486d-a7fe-4d1762895ded",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
@@ -2488,7 +2621,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "8fc5834a-2853-47e5-9b0b-9af49ec8ae4f",
+ "id" : "eb1d9721-b4a0-40a5-9236-b4fd95ca9024",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
@@ -2503,7 +2636,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "34062276-646c-48d7-ab65-4f086c3575fb",
+ "id" : "219415d8-3bab-47a6-9d0c-8c1061ffb68a",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
@@ -2526,7 +2659,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "47f8b7df-bc03-43cd-ab0b-be6ca3320f1c",
+ "id" : "ccbf8944-bd32-4aa1-a6f8-93513a3fa5a4",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
@@ -2548,7 +2681,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "e975f4cf-3cad-458a-b0c5-1f6c5bb14d1b",
+ "id" : "805f972b-75ca-48c0-a390-752b32c0688a",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow",
@@ -2570,7 +2703,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "5a570e5c-22aa-4cb9-ba03-9729876a0f14",
+ "id" : "2b15383f-ded1-4fb6-afdc-0c19f65dacc7",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
@@ -2586,7 +2719,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "2a50f240-7f9c-4663-b922-bf141d8cecea",
+ "id" : "1c18c3c7-a191-426b-84a4-1ffec96562cc",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
@@ -2622,7 +2755,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "4136e336-cf46-444c-9aaa-77ec1b2eaec0",
+ "id" : "cab07ead-2a48-4b0c-8916-2f89abe55720",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
@@ -2658,7 +2791,7 @@ data:
"userSetupAllowed" : false
} ]
}, {
- "id" : "d1ba354a-8203-42d5-bf16-d850182f7336",
+ "id" : "6e158077-d221-4695-b0d3-9528c5ba6bfd",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
@@ -2674,13 +2807,13 @@ data:
} ]
} ],
"authenticatorConfig" : [ {
- "id" : "cea49223-ea27-4324-816c-b6a890548097",
+ "id" : "fcb6cb09-fec5-4390-800c-00a3d49525ec",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
- "id" : "3627d68d-6f05-45b2-835d-8127ab90a6b3",
+ "id" : "68f9e765-81d4-47cd-b111-94d6723883c5",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
diff --git a/helm/dbrepo/templates/broker-secret.yaml b/helm/dbrepo/templates/broker-secret.yaml
index 84a3088663e0eae7f937781f453fafa873437d10..4348be52896a8cb09672379ed10cf746803651e8 100644
--- a/helm/dbrepo/templates/broker-secret.yaml
+++ b/helm/dbrepo/templates/broker-secret.yaml
@@ -6,6 +6,24 @@ metadata:
name: broker-service-secret
namespace: {{ .Values.namespace }}
stringData:
+ advanced.config: |
+ [
+ {
+ rabbitmq_auth_backend_ldap,
+ [
+ {
+ tag_queries, [
+ {
+ administrator, {in_group_nested, "cn=system,ou=users,{{ .Values.identityservice.global.ldapDomain }}", "member"}
+ },
+ {
+ management, {constant, true}
+ }
+ ]
+ }
+ ]
+ }
+ ].
load_definition.json: |
{
"bindings": [
@@ -30,15 +48,7 @@ stringData:
],
"global_parameters": [],
"parameters": [],
- "permissions": [
- {
- "configure": ".*",
- "read": ".*",
- "user": "{{ .Values.brokerservice.auth.username }}",
- "vhost": "dbrepo",
- "write": ".*"
- }
- ],
+ "permissions": [],
"policies": [],
"queues": [
{
@@ -56,17 +66,7 @@ stringData:
"rabbit_version": "3.10.25",
"rabbitmq_version": "3.10.25",
"topic_permissions": [],
- "users": [
- {
- "hashing_algorithm": "rabbit_password_hashing_sha256",
- "limits": {},
- "name": "{{ .Values.brokerservice.auth.username }}",
- "password_hash": "{{ .Values.brokerservice.auth.passwordHash }}",
- "tags": [
- "administrator"
- ]
- }
- ],
+ "users": [],
"vhosts": [
{
"limits": [],
@@ -78,12 +78,4 @@ stringData:
}
]
}
- cert.pem: |
- -----BEGIN CERTIFICATE-----
- MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk=
- -----END CERTIFICATE-----
- pubkey.pem: |
- -----BEGIN RSA PUBLIC KEY-----
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
- -----END RSA PUBLIC KEY-----
{{- end }}
diff --git a/helm/dbrepo/templates/data-secret.yaml b/helm/dbrepo/templates/data-secret.yaml
index 7797626672d1976564fcc8404f8f7651a4054120..0a8a4ec51a46638c7440a6615818f4afa343b869 100644
--- a/helm/dbrepo/templates/data-secret.yaml
+++ b/helm/dbrepo/templates/data-secret.yaml
@@ -6,8 +6,8 @@ metadata:
namespace: {{ .Values.namespace }}
stringData:
ADMIN_EMAIL: "{{ .Values.metadataservice.admin.email }}"
- ADMIN_USERNAME: "{{ .Values.admin.username }}"
- ADMIN_PASSWORD: "{{ .Values.admin.password }}"
+ ADMIN_USERNAME: "{{ .Values.identityservice.users }}"
+ ADMIN_PASSWORD: "{{ .Values.identityservice.userPasswords }}"
AUTH_SERVICE_ADMIN: "{{ .Values.authservice.auth.adminUser }}"
AUTH_SERVICE_ADMIN_PASSWORD: "{{ .Values.authservice.auth.adminPassword }}"
AUTH_SERVICE_CLIENT: "{{ .Values.authservice.client.id }}"
@@ -16,11 +16,11 @@ stringData:
BROKER_EXCHANGE_NAME: "{{ .Values.brokerservice.exchangeName }}"
BROKER_HOST: "{{ .Values.brokerservice.host }}"
BROKER_QUEUE_NAME: "{{ .Values.brokerservice.queueName }}"
- BROKER_PASSWORD: "{{ .Values.brokerservice.auth.password }}"
+ BROKER_PASSWORD: "{{ .Values.dataservice.rabbitmq.consumer.password }}"
BROKER_PORT: "{{ .Values.brokerservice.port }}"
BROKER_ROUTING_KEY: "{{ .Values.brokerservice.routingKey }}"
BROKER_SERVICE_ENDPOINT: "{{ .Values.brokerservice.url }}"
- BROKER_USERNAME: "{{ .Values.brokerservice.auth.username }}"
+ BROKER_USERNAME: "{{ .Values.dataservice.rabbitmq.consumer.username }}"
BROKER_VIRTUALHOST: "{{ .Values.brokerservice.virtualHost }}"
CONNECTION_TIMEOUT: "{{ .Values.brokerservice.connectionTimeout }}"
GATEWAY_SERVICE_ENDPOINT: "{{ .Values.gateway }}"
@@ -32,9 +32,9 @@ stringData:
JWT_PUBKEY: "{{ .Values.authservice.jwt.pubkey }}"
LOG_LEVEL: "{{ ternary "debug" "info" .Values.dataservice.image.debug }}"
METADATA_SERVICE_ENDPOINT: "{{ .Values.metadataservice.endpoint }}"
- MIN_CONCURRENT_CONSUMERS: "{{ .Values.dataservice.consumerConcurrentMin }}"
- MAX_CONCURRENT_CONSUMERS: "{{ .Values.dataservice.consumerConcurrentMax }}"
- REQUEUE_REJECTED: "{{ .Values.dataservice.requeueRejected }}"
+ MIN_CONCURRENT_CONSUMERS: "{{ .Values.dataservice.rabbitmq.consumerConcurrentMin }}"
+ MAX_CONCURRENT_CONSUMERS: "{{ .Values.dataservice.rabbitmq.consumerConcurrentMax }}"
+ REQUEUE_REJECTED: "{{ .Values.dataservice.rabbitmq.requeueRejected }}"
S3_ACCESS_KEY_ID: "{{ .Values.dataservice.s3.auth.username }}"
S3_ENDPOINT: "{{ .Values.dataservice.s3.endpoint }}"
S3_EXPORT_BUCKET: "{{ .Values.dataservice.s3.bucket.export }}"
diff --git a/helm/dbrepo/templates/metadata-secret.yaml b/helm/dbrepo/templates/metadata-secret.yaml
index fe48d381ea4495ff1bd4b0c927190ef53275919c..edf451c22ad38613107d79b00d87fc8e5d2d6bf2 100644
--- a/helm/dbrepo/templates/metadata-secret.yaml
+++ b/helm/dbrepo/templates/metadata-secret.yaml
@@ -7,8 +7,8 @@ metadata:
namespace: {{ .Values.namespace }}
stringData:
ADMIN_EMAIL: "{{ .Values.metadataservice.admin.email }}"
- ADMIN_PASSWORD: "{{ .Values.admin.password }}"
- ADMIN_USERNAME: "{{ .Values.admin.username }}"
+ ADMIN_USERNAME: "{{ .Values.identityservice.users }}"
+ ADMIN_PASSWORD: "{{ .Values.identityservice.userPasswords }}"
ANALYSE_SERVICE_ENDPOINT: "{{ .Values.analyseservice.endpoint }}"
AUTH_SERVICE_ADMIN: "{{ .Values.authservice.auth.adminUser }}"
AUTH_SERVICE_ADMIN_PASSWORD: "{{ .Values.authservice.auth.adminPassword }}"
diff --git a/helm/dbrepo/templates/search-secret.yaml b/helm/dbrepo/templates/search-secret.yaml
index 9bd98de98bfc4b8c50241689aed98145b1dd25c7..52f33a640c6e56e5cc82ae6073c35aaee841d17c 100644
--- a/helm/dbrepo/templates/search-secret.yaml
+++ b/helm/dbrepo/templates/search-secret.yaml
@@ -5,8 +5,8 @@ metadata:
name: search-service-secret
namespace: {{ .Values.namespace }}
stringData:
- ADMIN_USERNAME: "{{ .Values.admin.username }}"
- ADMIN_PASSWORD: "{{ .Values.admin.password }}"
+ ADMIN_USERNAME: "{{ .Values.identityservice.users }}"
+ ADMIN_PASSWORD: "{{ .Values.identityservice.userPasswords }}"
AUTH_SERVICE_ADMIN: "{{ .Values.authservice.auth.adminUser }}"
AUTH_SERVICE_ADMIN_PASSWORD: "{{ .Values.authservice.auth.adminPassword }}"
AUTH_SERVICE_CLIENT: "{{ .Values.authservice.client.id }}"
@@ -17,5 +17,5 @@ stringData:
LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.searchservice.image.debug }}"
OPENSEARCH_HOST: "{{ .Values.searchdb.host }}"
OPENSEARCH_PORT: "{{ .Values.searchdb.port }}"
- OPENSEARCH_USERNAME: "{{ .Values.searchdb.username }}"
- OPENSEARCH_PASSWORD: "{{ .Values.searchdb.password }}"
\ No newline at end of file
+ OPENSEARCH_USERNAME: "{{ .Values.searchdb.security.adminUsername }}"
+ OPENSEARCH_PASSWORD: "{{ .Values.searchdb.security.adminPassword }}"
\ No newline at end of file
diff --git a/helm/dbrepo/values.schema.json b/helm/dbrepo/values.schema.json
index 3f555c67054181b24d05054dc93fabc9dabb8d86..5872dd5e3a81b779cdf37c01cac04afa2d73e17a 100644
--- a/helm/dbrepo/values.schema.json
+++ b/helm/dbrepo/values.schema.json
@@ -1,22 +1,14 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"properties": {
- "admin": {
- "properties": {
- "password": {
- "type": "string"
- },
- "username": {
- "type": "string"
- }
- },
- "type": "object"
- },
"analyseservice": {
"properties": {
"enabled": {
"type": "boolean"
},
+ "endpoint": {
+ "type": "string"
+ },
"image": {
"properties": {
"debug": {
@@ -153,6 +145,9 @@
},
"enabled": {
"type": "boolean"
+ },
+ "fullnameOverride": {
+ "type": "string"
}
},
"type": "object"
@@ -179,11 +174,11 @@
},
"brokerservice": {
"properties": {
+ "advancedConfigurationExistingSecret": {
+ "type": "string"
+ },
"auth": {
"properties": {
- "password": {
- "type": "string"
- },
"tls": {
"properties": {
"enabled": {
@@ -200,9 +195,6 @@
}
},
"type": "object"
- },
- "username": {
- "type": "string"
}
},
"type": "object"
@@ -219,31 +211,9 @@
"exchangeName": {
"type": "string"
},
- "extraConfiguration": {
- "type": "string"
- },
"extraPlugins": {
"type": "string"
},
- "extraVolumes": {
- "items": {
- "properties": {
- "name": {
- "type": "string"
- },
- "secret": {
- "properties": {
- "secretName": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
"fullnameOverride": {
"type": "string"
},
@@ -258,6 +228,41 @@
},
"type": "object"
},
+ "ldap": {
+ "properties": {
+ "authorisationEnabled": {
+ "type": "boolean"
+ },
+ "basedn": {
+ "type": "string"
+ },
+ "binddn": {
+ "type": "string"
+ },
+ "bindpw": {
+ "type": "string"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "port": {
+ "type": "integer"
+ },
+ "servers": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "uidField": {
+ "type": "string"
+ },
+ "userDnPattern": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"loadDefinition": {
"properties": {
"enabled": {
@@ -311,60 +316,29 @@
},
"datadb": {
"properties": {
+ "auth": {
+ "properties": {
+ "replicationPassword": {
+ "type": "string"
+ },
+ "replicationUser": {
+ "type": "string"
+ },
+ "rootPassword": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"enabled": {
"type": "boolean"
},
"extraFlags": {
"type": "string"
},
- "extraVolumeMounts": {
- "items": {
- "properties": {
- "mountPath": {
- "type": "string"
- },
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "extraVolumes": {
- "items": {
- "properties": {
- "emptyDir": {
- "properties": {},
- "type": "object"
- },
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
"fullnameOverride": {
"type": "string"
},
- "galera": {
- "properties": {
- "mariabackup": {
- "properties": {
- "password": {
- "type": "string"
- },
- "user": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
"image": {
"properties": {
"debug": {
@@ -381,205 +355,230 @@
},
"type": "object"
},
- "persistence": {
+ "primary": {
"properties": {
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "replicaCount": {
- "type": "integer"
- },
- "rootUser": {
- "properties": {
- "password": {
- "type": "string"
- },
- "user": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "service": {
- "properties": {
- "extraPorts": {
+ "extraVolumeMounts": {
"items": {
"properties": {
- "name": {
+ "mountPath": {
"type": "string"
},
- "port": {
- "type": "integer"
- },
- "protocol": {
+ "name": {
"type": "string"
- },
- "targetPort": {
- "type": "integer"
}
},
"type": "object"
},
"type": "array"
- }
- },
- "type": "object"
- },
- "sidecars": {
- "items": {
- "properties": {
- "envFrom": {
- "items": {
- "properties": {
- "secretRef": {
- "properties": {
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "image": {
- "type": "string"
- },
- "livenessProbe": {
+ },
+ "extraVolumes": {
+ "items": {
"properties": {
- "exec": {
- "properties": {
- "command": {
- "items": {
- "type": "string"
- },
- "type": "array"
- }
- },
+ "emptyDir": {
+ "properties": {},
"type": "object"
},
- "initialDelaySeconds": {
- "type": "integer"
- },
- "periodSeconds": {
- "type": "integer"
+ "name": {
+ "type": "string"
}
},
"type": "object"
},
- "name": {
- "type": "string"
+ "type": "array"
+ },
+ "persistence": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ }
},
- "ports": {
- "items": {
- "properties": {
- "containerPort": {
- "type": "integer"
- },
- "name": {
- "type": "string"
+ "type": "object"
+ },
+ "service": {
+ "properties": {
+ "extraPorts": {
+ "items": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "port": {
+ "type": "integer"
+ },
+ "protocol": {
+ "type": "string"
+ },
+ "targetPort": {
+ "type": "integer"
+ }
},
- "protocol": {
- "type": "string"
- }
+ "type": "object"
},
- "type": "object"
- },
- "type": "array"
+ "type": "array"
+ }
},
- "readinessProbe": {
+ "type": "object"
+ },
+ "sidecars": {
+ "items": {
"properties": {
- "exec": {
+ "envFrom": {
+ "items": {
+ "properties": {
+ "secretRef": {
+ "properties": {
+ "name": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "image": {
+ "type": "string"
+ },
+ "imagePullPolicy": {
+ "type": "string"
+ },
+ "livenessProbe": {
"properties": {
- "command": {
- "items": {
- "type": "string"
+ "exec": {
+ "properties": {
+ "command": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
},
- "type": "array"
+ "type": "object"
+ },
+ "initialDelaySeconds": {
+ "type": "integer"
+ },
+ "periodSeconds": {
+ "type": "integer"
}
},
"type": "object"
},
- "initialDelaySeconds": {
- "type": "integer"
+ "name": {
+ "type": "string"
},
- "periodSeconds": {
- "type": "integer"
- }
- },
- "type": "object"
- },
- "securityContext": {
- "properties": {
- "allowPrivilegeEscalation": {
- "type": "boolean"
+ "ports": {
+ "items": {
+ "properties": {
+ "containerPort": {
+ "type": "integer"
+ },
+ "name": {
+ "type": "string"
+ },
+ "protocol": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
},
- "capabilities": {
+ "readinessProbe": {
"properties": {
- "drop": {
- "items": {
- "type": "string"
+ "exec": {
+ "properties": {
+ "command": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
},
- "type": "array"
+ "type": "object"
+ },
+ "initialDelaySeconds": {
+ "type": "integer"
+ },
+ "periodSeconds": {
+ "type": "integer"
}
},
"type": "object"
},
- "runAsGroup": {
- "type": "integer"
- },
- "runAsNonRoot": {
- "type": "boolean"
- },
- "runAsUser": {
- "type": "integer"
- },
- "seccompProfile": {
+ "securityContext": {
"properties": {
- "type": {
- "type": "string"
+ "allowPrivilegeEscalation": {
+ "type": "boolean"
+ },
+ "capabilities": {
+ "properties": {
+ "drop": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "runAsGroup": {
+ "type": "integer"
+ },
+ "runAsNonRoot": {
+ "type": "boolean"
+ },
+ "runAsUser": {
+ "type": "integer"
+ },
+ "seccompProfile": {
+ "properties": {
+ "type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
}
},
"type": "object"
+ },
+ "volumeMounts": {
+ "items": {
+ "properties": {
+ "mountPath": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
}
},
"type": "object"
},
- "volumeMounts": {
- "items": {
- "properties": {
- "mountPath": {
- "type": "string"
- },
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "type": "array"
- }
- },
- "type": "object"
+ "type": "array"
+ }
},
- "type": "array"
+ "type": "object"
+ },
+ "secondary": {
+ "properties": {
+ "replicaCount": {
+ "type": "integer"
+ }
+ },
+ "type": "object"
}
},
"type": "object"
},
"dataservice": {
"properties": {
- "consumerConcurrentMax": {
- "type": "integer"
- },
- "consumerConcurrentMin": {
- "type": "integer"
- },
"default": {
"properties": {
"date": {
@@ -616,11 +615,36 @@
"debug": {
"type": "boolean"
},
- "name": {
- "type": "string"
+ "name": {
+ "type": "string"
+ },
+ "pullPolicy": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "rabbitmq": {
+ "properties": {
+ "consumer": {
+ "properties": {
+ "password": {
+ "type": "string"
+ },
+ "username": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "consumerConcurrentMax": {
+ "type": "integer"
},
- "pullPolicy": {
- "type": "string"
+ "consumerConcurrentMin": {
+ "type": "integer"
+ },
+ "requeueRejected": {
+ "type": "boolean"
}
},
"type": "object"
@@ -628,9 +652,6 @@
"replicaCount": {
"type": "integer"
},
- "requeueRejected": {
- "type": "boolean"
- },
"s3": {
"properties": {
"auth": {
@@ -673,6 +694,91 @@
"hostname": {
"type": "string"
},
+ "identityservice": {
+ "properties": {
+ "customSchemaFiles": {
+ "properties": {
+ "00-memberof.ldif": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "fullnameOverride": {
+ "type": "string"
+ },
+ "global": {
+ "properties": {
+ "adminPassword": {
+ "type": "string"
+ },
+ "adminUser": {
+ "type": "string"
+ },
+ "configUserEnabled": {
+ "type": "boolean"
+ },
+ "ldapDomain": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "group": {
+ "type": "string"
+ },
+ "ltb-passwd": {
+ "properties": {
+ "ingress": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "persistence": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "phpldapadmin": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "replicaCount": {
+ "type": "integer"
+ },
+ "replication": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "userPasswords": {
+ "type": "string"
+ },
+ "users": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"ingress": {
"properties": {
"annotations": {
@@ -756,9 +862,21 @@
},
"metadatadb": {
"properties": {
- "db": {
+ "auth": {
"properties": {
- "name": {
+ "database": {
+ "type": "string"
+ },
+ "replicationPassword": {
+ "type": "string"
+ },
+ "replicationUser": {
+ "type": "string"
+ },
+ "root": {
+ "type": "string"
+ },
+ "rootPassword": {
"type": "string"
}
},
@@ -774,33 +892,9 @@
"fullnameOverride": {
"type": "string"
},
- "galera": {
- "properties": {
- "mariabackup": {
- "properties": {
- "password": {
- "type": "string"
- },
- "user": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
"host": {
"type": "string"
},
- "image": {
- "properties": {
- "debug": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
"initdbScriptsConfigMap": {
"type": "string"
},
@@ -815,42 +909,10 @@
},
"type": "object"
},
- "persistence": {
- "properties": {
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "replicaCount": {
- "type": "integer"
- },
- "rootUser": {
- "properties": {
- "password": {
- "type": "string"
- },
- "user": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "service": {
+ "secondary": {
"properties": {
- "annotations": {
- "properties": {},
- "type": "object"
- },
- "loadBalancerIP": {
- "type": "string"
- },
- "loadBalancerSourceRanges": {
- "type": "array"
- },
- "type": {
- "type": "string"
+ "replicaCount": {
+ "type": "integer"
}
},
"type": "object"
@@ -894,6 +956,9 @@
"enabled": {
"type": "boolean"
},
+ "endpoint": {
+ "type": "string"
+ },
"granularity": {
"type": "string"
},
@@ -966,120 +1031,33 @@
"clusterName": {
"type": "string"
},
- "config": {
- "properties": {
- "opensearch.yml": {
- "type": "string"
- }
- },
- "type": "object"
- },
"enabled": {
"type": "boolean"
},
- "extraEnvs": {
- "items": {
- "properties": {
- "name": {
- "type": "string"
- },
- "value": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "extraVolumeMounts": {
- "items": {
- "properties": {
- "mountPath": {
- "type": "string"
- },
- "name": {
- "type": "string"
- },
- "readOnly": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "extraVolumes": {
- "items": {
- "properties": {
- "name": {
- "type": "string"
- },
- "secret": {
- "properties": {
- "secretName": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
"fullnameOverride": {
"type": "string"
},
"host": {
"type": "string"
},
- "masterService": {
- "type": "string"
- },
- "password": {
- "type": "string"
- },
- "persistence": {
- "properties": {
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
"port": {
"type": "integer"
},
- "protocol": {
- "type": "string"
- },
- "replicas": {
- "type": "integer"
- },
- "service": {
+ "security": {
"properties": {
- "annotations": {
- "properties": {},
- "type": "object"
- },
- "loadBalancerSourceRanges": {
- "type": "array"
+ "adminPassword": {
+ "type": "string"
},
- "type": {
+ "adminUsername": {
"type": "string"
- }
- },
- "type": "object"
- },
- "sysctlInit": {
- "properties": {
+ },
"enabled": {
"type": "boolean"
}
},
"type": "object"
},
- "username": {
+ "servicenameOverride": {
"type": "string"
}
},
@@ -1441,6 +1419,42 @@
},
"replicaCount": {
"type": "integer"
+ },
+ "securityContext": {
+ "properties": {
+ "allowPrivilegeEscalation": {
+ "type": "boolean"
+ },
+ "capabilities": {
+ "properties": {
+ "drop": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "runAsGroup": {
+ "type": "integer"
+ },
+ "runAsNonRoot": {
+ "type": "boolean"
+ },
+ "runAsUser": {
+ "type": "integer"
+ },
+ "seccompProfile": {
+ "properties": {
+ "type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
}
},
"type": "object"
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index b45f832b3a56b3f72a533ef221dfa1a755da8ddd..ba86f30cb74b8fa1acb4105b90ba66ff75559f1a 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -20,14 +20,6 @@ strategyType: RollingUpdate
##
clusterDomain: cluster.local
-## @section Internal Admin User
-
-admin:
- ## @param admin.username The internal admin username.
- username: admin
- ## @param admin.password The internal admin password.
- password: admin
-
## @section Metadata Database
metadatadb:
@@ -86,6 +78,7 @@ authservice:
## @skip authservice.postgresql
postgresql:
enabled: true
+ fullnameOverride: auth-db
auth:
postgresPassword: postgres
## @skip authservice.extraStartupArgs
@@ -125,8 +118,6 @@ authservice:
## @section Data Database
datadb:
- global:
- storageClass: test
## @param datadb.enabled Enable the Data Database.
enabled: true
## @skip datadb.fullnameOverride
@@ -222,6 +213,7 @@ searchdb:
## @skip searchdb.security
security:
enabled: false
+ adminUsername: admin
adminPassword: admin
## @param searchdb.clusterName The cluster name.
clusterName: search-db
@@ -286,6 +278,26 @@ brokerservice:
routingKey: dbrepo.#
## @param brokerservice.connectionTimeout The connection timeout in ms.
connectionTimeout: 60000
+ ldap:
+ ## @skip brokerservice.ldap.enabled
+ enabled: true
+ ## @skip brokerservice.ldap.authorisationEnabled
+ authorisationEnabled: true
+ ## @skip brokerservice.ldap.servers
+ servers:
+ - identity-service
+ ## @skip brokerservice.ldap.port
+ port: 389
+ ## @param brokerservice.ldap.binddn The domain name the broker service should bind to. In many cases this is the admin user from `identityservice.global.adminUser`.
+ binddn: cn=admin,dc=dbrepo,dc=at
+ ## @param brokerservice.ldap.bindpw The password to bind on the identity service. In many cases this value is equal to `identityservice.global.adminPassword`.
+ bindpw: admin
+ ## @param brokerservice.ldap.uidField The field containing the user id.
+ uidField: uid
+ ## @param brokerservice.ldap.basedn The base domain name containing the users.
+ basedn: ou=users,dc=dbrepo,dc=at
+ ## @param brokerservice.ldap.userDnPattern The pattern to determine the user.
+ userDnPattern: ${username}
auth:
## @skip brokerservice.auth.tls
tls:
@@ -293,47 +305,14 @@ brokerservice:
sslOptionsVerify: true
failIfNoPeerCert: true
existingSecret: ingress-cert
- ## @param brokerservice.auth.username The initial administrator username.
- username: broker
- ## @param brokerservice.auth.password The initial administrator user password.
- password: broker
- ## @param brokerservice.auth.passwordHash The initial administrator user password has generated with [`generate-rabbitmq-pw.sh`](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/blob/release-1.4.4/helm/dbrepo/hack/generate-rabbitmq-pw.sh).
- passwordHash: 1gwjNNTBPKLgyzbsUykfR0JIFC6nNqbNJaxzZ14uPT8JGcTZ
- ## @skip brokerservice.extraConfiguration
- extraConfiguration: |-
- default_vhost = dbrepo
- default_user_tags.administrator = true
- default_permissions.configure = .*
- default_permissions.read = .*
- default_permissions.write = .*
- load_definitions = /app/load_definition.json
- log.console = true
- listeners.tcp.1 = 0.0.0.0:5672
- auth_backends.1 = rabbit_auth_backend_oauth2
- auth_backends.2 = rabbit_auth_backend_internal
- auth_oauth2.resource_server_id = rabbitmq
- auth_oauth2.preferred_username_claims.1 = client_id
- auth_oauth2.default_key = t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM
- auth_oauth2.signing_keys.t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM = /app/cert.pem
- auth_oauth2.signing_keys.id2 = /app/pubkey.pem
- auth_oauth2.algorithms.1 = HS256
- auth_oauth2.algorithms.2 = RS256
- management.oauth_enabled = true
- management.oauth_client_id = rabbitmq-client
- management.oauth_client_secret = JEC2FexxrX4N65fLeDGukAl6R3Lc9y0u
- management.oauth_scopes = openid
- management.oauth_provider_url = https://example.com/api/auth/realms/dbrepo
+ ## @skip brokerservice.advancedConfigurationExistingSecret
+ advancedConfigurationExistingSecret: broker-service-secret
## @skip brokerservice.loadDefinition
loadDefinition:
enabled: true
existingSecret: broker-service-secret
- ## @skip brokerservice.extraVolumes
- extraVolumes:
- - name: secret-map
- secret:
- secretName: broker-service-secret
## @param brokerservice.extraPlugins The list of plugins to be activated.
- extraPlugins: rabbitmq_prometheus rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl
+ extraPlugins: rabbitmq_prometheus rabbitmq_auth_backend_ldap rabbitmq_auth_mechanism_ssl
persistence:
## @param brokerservice.persistence.enabled If set to true, a PVC will be created.
enabled: false
@@ -443,6 +422,18 @@ dataservice:
time: 4
## @param dataservice.default.timestamp The default date format id for timestamps. Default: YYYY-MM-dd HH:mm:ss (e.g. 2024-06-15 14:23:42).
timestamp: 1
+ rabbitmq:
+ ## @param dataservice.rabbitmq.consumerConcurrentMin The minimal number of RabbitMQ consumers.
+ consumerConcurrentMin: 2
+ ## @param dataservice.rabbitmq.consumerConcurrentMax The maximal number of RabbitMQ consumers.
+ consumerConcurrentMax: 6
+ ## @param dataservice.rabbitmq.requeueRejected If set to true, rejected tuples will be re-queued.
+ requeueRejected: false
+ consumer:
+ ## @param dataservice.rabbitmq.consumer.username The username for the consumer to read tuples from the broker service. In many cases this value is equal to `identityservice.users`.
+ username: admin
+ ## @param dataservice.rabbitmq.consumer.password The user password for the consumer to read tuples from the broker service. In many cases this value is equal to `identityservice.userPasswords`.
+ password: admin
s3:
## @param dataservice.s3.endpoint The S3-capable endpoint the microservice connects to.
endpoint: http://storageservice-s3:9000
@@ -527,6 +518,59 @@ storageservice:
image: registry.datalab.tuwien.ac.at/dbrepo/storage-service-init:1.4.4
pullPolicy: Always
+## @section Identity Service
+
+identityservice:
+ ## @param identityservice.enabled Enable the Identity Service.
+ enabled: true
+ ## @skip identityservice.fullnameOverride
+ fullnameOverride: identity-service
+ global:
+ ## @param identityservice.global.ldapDomain The LDAP domain name in domain "dbrepo.at" form or explicit in "dc=dbrepo,dc=at" form.
+ ldapDomain: dc=dbrepo,dc=at
+ ## @param identityservice.global.adminUser The admin username that is used to bind.
+ adminUser: admin
+ ## @param identityservice.global.adminPassword The admin user password that is used to bind.
+ adminPassword: admin
+ ## @skip identityservice.global.configUserEnabled
+ configUserEnabled: false
+ ## @param identityservice.users The admin username for internal authentication.
+ users: admin
+ ## @param identityservice.userPasswords The admin user password for internal authentication.
+ userPasswords: admin
+ ## @param identityservice.group The group that contains the administrators for the broker service.
+ group: system
+ ## @skip identityservice.ltb-passwd
+ ltb-passwd:
+ ingress:
+ enabled: false
+ ## @skip identityservice.phpldapadmin
+ phpldapadmin:
+ enabled: false
+ ## @skip identityservice.customSchemaFiles
+ customSchemaFiles:
+ 00-memberof.ldif: |-
+ dn: cn=module,cn=config
+ cn: module
+ objectClass: olcModuleList
+ olcModuleLoad: memberof
+ olcModulePath: /opt/bitnami/openldap/lib/openldap
+
+ dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
+ changetype: add
+ objectClass: olcOverlayConfig
+ objectClass: olcMemberOf
+ olcOverlay: memberof
+ olcMemberOfRefint: TRUE
+ persistence:
+ ## @param identityservice.persistence.enabled If set to true, a PVC will be created.
+ enabled: true
+ replication:
+ ## @param identityservice.replication.enabled If set to true, the pods required a cluster. Needs `replicaCount` to be `3` or higher (of 2n+1).
+ enabled: false
+ ## @param identityservice.replicaCount The number of replicas. If `replicaCount` is set to more than 1, requires `replication.enabled` to be `true`.
+ replicaCount: 1
+
## @section User Interface
ui:
diff --git a/install.sh b/install.sh
index fb976beb2178badc492302debf67b660787e32a6..32d30096f8a2cfc9c098bd76e26f0080468ca7ca 100644
--- a/install.sh
+++ b/install.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# preset
-VERSION="1.4.4"
+VERSION="1.4.5"
MIN_CPU=8
MIN_RAM=8
MIN_MAP_COUNT=262144
@@ -63,8 +63,6 @@ curl -sSL -o ./dist/1_setup-schema.sql "https://gitlab.phaidra.org/fair-data-aus
curl -sSL -o ./dist/2_setup-data.sql "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-${VERSION}/dbrepo-metadata-db/setup-data.sql"
curl -sSL -o ./dist/rabbitmq.conf "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-${VERSION}/dbrepo-broker-service/rabbitmq.conf"
curl -sSL -o ./dist/enabled_plugins "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-${VERSION}/dbrepo-broker-service/enabled_plugins"
-curl -sSL -o ./dist/cert.pem "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-${VERSION}/dbrepo-broker-service/cert.pem"
-curl -sSL -o ./dist/pubkey.pem "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-${VERSION}/dbrepo-broker-service/pubkey.pem"
curl -sSL -o ./dist/definitions.json "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-${VERSION}/dbrepo-broker-service/definitions.json"
curl -sSL -o ./dist/dbrepo.conf "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-${VERSION}/dbrepo-gateway-service/dbrepo.conf"
curl -sSL -o ./dist/opensearch_dashboards.yml "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-${VERSION}/dbrepo-search-db/opensearch_dashboards.yml"
diff --git a/lib/python/README.md b/lib/python/README.md
index 35fec904439b74e2d1f91d04a19f15615a0ca372..96166554a7f5cf5a1c3cb1d3fa76650f970eb8bf 100644
--- a/lib/python/README.md
+++ b/lib/python/README.md
@@ -48,17 +48,17 @@ client.import_table_data(database_id=7, table_id=13, file_name_or_data_frame=df)
## Supported Features & Best-Practices
- Manage user
- account ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/api/#create-user-account))
+ account ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.5/api/#create-user-account))
- Manage
databases ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo//usage-overview/#create-database))
- Manage database access &
- visibility ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/api/#create-database))
+ visibility ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.5/api/#create-database))
- Import
- dataset ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/api/#import-dataset))
+ dataset ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.5/api/#import-dataset))
- Create persistent
- identifiers ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/api/#assign-database-pid))
+ identifiers ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.5/api/#assign-database-pid))
- Execute
- queries ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/api/#export-subset))
+ queries ([docs](https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.5/api/#export-subset))
- Get data from tables/views/subsets
## Configure
diff --git a/lib/python/dbrepo/AmqpClient.py b/lib/python/dbrepo/AmqpClient.py
index f570c5d4cc103dda211e1a74839687b9a3f1a6a3..1cc0e0319c03e46935a5ea9a21a963b609242726 100644
--- a/lib/python/dbrepo/AmqpClient.py
+++ b/lib/python/dbrepo/AmqpClient.py
@@ -60,5 +60,5 @@ class AmqpClient:
connection = pika.BlockingConnection(parameters)
channel = connection.channel()
channel.basic_publish(exchange=exchange, routing_key=routing_key,
- body=CreateData(data=data).model_dump_json())
+ body=json.dumps(data))
connection.close()
diff --git a/lib/python/dbrepo/RestClient.py b/lib/python/dbrepo/RestClient.py
index a2687862da671ffdc2ab451299bfb3faa4d92097..365239b783828a19e0f8336eb613c60012f9101b 100644
--- a/lib/python/dbrepo/RestClient.py
+++ b/lib/python/dbrepo/RestClient.py
@@ -238,6 +238,7 @@ class RestClient:
:returns: The user, if successful.
:raises MalformedError: If the payload was rejected by the service.
+ :raises ForbiddenError: If the internal authentication to the auth service is invalid.
:raises UsernameExistsError: The username exists already.
:raises ForbiddenError: If something went wrong with the authorization.
:raises NotExistsError: If the created user was not found in the auth service.
@@ -253,8 +254,10 @@ class RestClient:
return UserBrief.model_validate(body)
if response.status_code == 400:
raise MalformedError(f'Failed to create user: {response.text}')
+ if response.status_code == 403:
+ raise ForbiddenError(f'Failed to create user: internal authentication to the auth service is invalid')
if response.status_code == 404:
- raise NotExistsError(f'Failed to create user: failed to find created user in auth service')
+ raise NotExistsError(f'Failed to create user: created user not found in auth service')
if response.status_code == 409:
raise UsernameExistsError(f'Failed to create user: user with username exists')
if response.status_code == 417:
diff --git a/lib/python/docs/index.rst b/lib/python/docs/index.rst
index 08ee924d833dc2543b932861cd110c27d57c85af..688a62683170012b263ffc1df234c881323ab9fb 100644
--- a/lib/python/docs/index.rst
+++ b/lib/python/docs/index.rst
@@ -12,7 +12,7 @@ Quickstart
----------
Find numerous quickstart examples on
-the `DBRepo website <https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/api/>`_.
+the `DBRepo website <https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.5/api/>`_.
AMQP API Client
-----------
diff --git a/lib/python/pyproject.toml b/lib/python/pyproject.toml
index e8de41883d8bd20d26997934c3de288ec9b218e5..99d20acc30f636a2089ec0379c7247827dd6a32f 100644
--- a/lib/python/pyproject.toml
+++ b/lib/python/pyproject.toml
@@ -1,6 +1,6 @@
[project]
name = "dbrepo"
-version = "1.4.4"
+version = "1.4.5"
description = "DBRepo Python Library"
keywords = [
"DBRepo",
@@ -12,7 +12,7 @@ authors = [
readme = "README.md"
license = { file = "LICENSE" }
classifiers = [
- "Development Status :: 3 - Alpha",
+ "Development Status :: 4 - Beta",
"Topic :: Software Development :: Libraries",
"Programming Language :: Python :: 3.11",
"Operating System :: OS Independent",
@@ -34,7 +34,7 @@ requires = [
build-backend = "setuptools.build_meta"
[project.urls]
-Homepage = "https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.3/"
-Documentation = "https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.3/sphinx/"
+Homepage = "https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/"
+Documentation = "https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/python/"
Issues = "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/issues"
Source = "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/"
\ No newline at end of file
diff --git a/lib/python/setup.py b/lib/python/setup.py
index 4d5b26206dee68602d6b09fdaf3723956919e4ae..8785f71036fb3b888b278b48c3be9cff68f85eff 100644
--- a/lib/python/setup.py
+++ b/lib/python/setup.py
@@ -2,9 +2,9 @@
from distutils.core import setup
setup(name="dbrepo",
- version="1.4.4",
+ version="1.4.5",
description="A library for communicating with DBRepo",
- url="https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.3/",
+ url="https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.5/",
author="Martin Weise",
license="Apache-2.0",
author_email="martin.weise@tuwien.ac.at",
diff --git a/make/gen.mk b/make/gen.mk
index dac662c136387af1f5b2ffa78cb54019bf18ff94..1f8e6fd45d1bc1b7451599bcd4722633038c17eb 100644
--- a/make/gen.mk
+++ b/make/gen.mk
@@ -9,7 +9,7 @@ gen-swagger-doc: build-images ## Generate Swagger documentation and fetch.
.PHONY: gen-helm-doc
gen-helm-doc: build-helm ## Generate Helm documentation and schema
- helm schema -input ./helm/dbrepo/values.yaml
+ helm schema -input ./helm/dbrepo/values.yaml -output ./helm/dbrepo/values.schema.json
readme-generator-for-helm --readme ./helm/dbrepo/README.md --values ./helm/dbrepo/values.yaml
.PHONY: gen-dbrepo-doc
diff --git a/mkdocs.yml b/mkdocs.yml
index 8939c5fa446d9921fe20b21f9ca51d9713287e2d..7c5b7e7a6988aea67a866b9d5b2949cdb3584a4e 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -1,5 +1,5 @@
site_name: Database Repository
-site_url: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.4/
+site_url: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.4.5/
repo_url: https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services
repo_name: fda-services
site_author: Research Unit Data Science, Technische Universität Wien
@@ -38,6 +38,7 @@ nav:
- Broker Service: api/broker-service.md
- Data Service: api/data-service.md
- Gateway Service: api/gateway-service.md
+ - Identity Service: api/identity-service.md
- Metadata Service: api/metadata-service.md
- Search Service: api/search-service.md
- Storage Service: api/storage-service.md
diff --git a/values.schema.json b/values.schema.json
deleted file mode 100644
index 0e02517ab5ff9516cda74c7459dc8b587c6fa805..0000000000000000000000000000000000000000
--- a/values.schema.json
+++ /dev/null
@@ -1,1352 +0,0 @@
-{
- "$schema": "https://json-schema.org/draft/2020-12/schema",
- "properties": {
- "admin": {
- "properties": {
- "password": {
- "type": "string"
- },
- "username": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "analyseservice": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "endpoint": {
- "type": "string"
- },
- "image": {
- "properties": {
- "debug": {
- "type": "boolean"
- },
- "name": {
- "type": "string"
- },
- "pullPolicy": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "replicaCount": {
- "type": "integer"
- },
- "s3": {
- "properties": {
- "endpoint": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "authservice": {
- "properties": {
- "auth": {
- "properties": {
- "adminPassword": {
- "type": "string"
- },
- "adminUser": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "client": {
- "properties": {
- "id": {
- "type": "string"
- },
- "secret": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "enabled": {
- "type": "boolean"
- },
- "endpoint": {
- "type": "string"
- },
- "extraEnvVarsCM": {
- "type": "string"
- },
- "extraStartupArgs": {
- "type": "string"
- },
- "extraVolumeMounts": {
- "items": {
- "properties": {
- "mountPath": {
- "type": "string"
- },
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "extraVolumes": {
- "items": {
- "properties": {
- "configMap": {
- "properties": {
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "fullnameOverride": {
- "type": "string"
- },
- "image": {
- "properties": {
- "debug": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "jwt": {
- "properties": {
- "pubkey": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "metrics": {
- "properties": {
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "postgresql": {
- "properties": {
- "auth": {
- "properties": {
- "postgresPassword": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "replicaCount": {
- "type": "integer"
- },
- "tls": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "existingSecret": {
- "type": "string"
- },
- "usePem": {
- "type": "boolean"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "brokerservice": {
- "properties": {
- "auth": {
- "properties": {
- "password": {
- "type": "string"
- },
- "passwordHash": {
- "type": "string"
- },
- "tls": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "existingSecret": {
- "type": "string"
- },
- "failIfNoPeerCert": {
- "type": "boolean"
- },
- "sslOptionsVerify": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "username": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "connectionTimeout": {
- "type": "integer"
- },
- "enabled": {
- "type": "boolean"
- },
- "endpoint": {
- "type": "string"
- },
- "exchangeName": {
- "type": "string"
- },
- "extraConfiguration": {
- "type": "string"
- },
- "extraPlugins": {
- "type": "string"
- },
- "extraVolumes": {
- "items": {
- "properties": {
- "name": {
- "type": "string"
- },
- "secret": {
- "properties": {
- "secretName": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "fullnameOverride": {
- "type": "string"
- },
- "host": {
- "type": "string"
- },
- "image": {
- "properties": {
- "debug": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "loadDefinition": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "existingSecret": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "persistence": {
- "properties": {
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "port": {
- "type": "integer"
- },
- "queueName": {
- "type": "string"
- },
- "replicaCount": {
- "type": "integer"
- },
- "routingKey": {
- "type": "string"
- },
- "service": {
- "properties": {
- "managerPortEnabled": {
- "type": "boolean"
- },
- "type": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "virtualHost": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "clusterDomain": {
- "type": "string"
- },
- "datadb": {
- "properties": {
- "auth": {
- "properties": {
- "replicationPassword": {
- "type": "string"
- },
- "replicationUser": {
- "type": "string"
- },
- "rootPassword": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "enabled": {
- "type": "boolean"
- },
- "extraFlags": {
- "type": "string"
- },
- "fullnameOverride": {
- "type": "string"
- },
- "image": {
- "properties": {
- "debug": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "metrics": {
- "properties": {
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "primary": {
- "properties": {
- "extraVolumeMounts": {
- "items": {
- "properties": {
- "mountPath": {
- "type": "string"
- },
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "extraVolumes": {
- "items": {
- "properties": {
- "emptyDir": {
- "properties": {},
- "type": "object"
- },
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "persistence": {
- "properties": {
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "service": {
- "properties": {
- "extraPorts": {
- "items": {
- "properties": {
- "name": {
- "type": "string"
- },
- "port": {
- "type": "integer"
- },
- "protocol": {
- "type": "string"
- },
- "targetPort": {
- "type": "integer"
- }
- },
- "type": "object"
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "sidecars": {
- "items": {
- "properties": {
- "envFrom": {
- "items": {
- "properties": {
- "secretRef": {
- "properties": {
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "image": {
- "type": "string"
- },
- "imagePullPolicy": {
- "type": "string"
- },
- "livenessProbe": {
- "properties": {
- "exec": {
- "properties": {
- "command": {
- "items": {
- "type": "string"
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "initialDelaySeconds": {
- "type": "integer"
- },
- "periodSeconds": {
- "type": "integer"
- }
- },
- "type": "object"
- },
- "name": {
- "type": "string"
- },
- "ports": {
- "items": {
- "properties": {
- "containerPort": {
- "type": "integer"
- },
- "name": {
- "type": "string"
- },
- "protocol": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "readinessProbe": {
- "properties": {
- "exec": {
- "properties": {
- "command": {
- "items": {
- "type": "string"
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "initialDelaySeconds": {
- "type": "integer"
- },
- "periodSeconds": {
- "type": "integer"
- }
- },
- "type": "object"
- },
- "securityContext": {
- "properties": {
- "allowPrivilegeEscalation": {
- "type": "boolean"
- },
- "capabilities": {
- "properties": {
- "drop": {
- "items": {
- "type": "string"
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "runAsGroup": {
- "type": "integer"
- },
- "runAsNonRoot": {
- "type": "boolean"
- },
- "runAsUser": {
- "type": "integer"
- },
- "seccompProfile": {
- "properties": {
- "type": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "volumeMounts": {
- "items": {
- "properties": {
- "mountPath": {
- "type": "string"
- },
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "secondary": {
- "properties": {
- "replicaCount": {
- "type": "integer"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "dataservice": {
- "properties": {
- "default": {
- "properties": {
- "date": {
- "type": "integer"
- },
- "time": {
- "type": "integer"
- },
- "timestamp": {
- "type": "integer"
- }
- },
- "type": "object"
- },
- "enabled": {
- "type": "boolean"
- },
- "endpoint": {
- "type": "string"
- },
- "grant": {
- "properties": {
- "read": {
- "type": "string"
- },
- "write": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "image": {
- "properties": {
- "debug": {
- "type": "boolean"
- },
- "name": {
- "type": "string"
- },
- "pullPolicy": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "replicaCount": {
- "type": "integer"
- },
- "s3": {
- "properties": {
- "auth": {
- "properties": {
- "password": {
- "type": "string"
- },
- "username": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "bucket": {
- "properties": {
- "export": {
- "type": "string"
- },
- "import": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "endpoint": {
- "type": "string"
- },
- "filePath": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "gateway": {
- "type": "string"
- },
- "hostname": {
- "type": "string"
- },
- "ingress": {
- "properties": {
- "annotations": {
- "properties": {
- "basic": {
- "properties": {},
- "type": "object"
- },
- "rewriteApi": {
- "properties": {
- "nginx.ingress.kubernetes.io/rewrite-target": {
- "type": "string"
- },
- "nginx.ingress.kubernetes.io/use-regex": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "rewritePid": {
- "properties": {
- "nginx.ingress.kubernetes.io/rewrite-target": {
- "type": "string"
- },
- "nginx.ingress.kubernetes.io/use-regex": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "rewriteRoot": {
- "properties": {
- "nginx.ingress.kubernetes.io/rewrite-target": {
- "type": "string"
- },
- "nginx.ingress.kubernetes.io/use-regex": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "rewriteRootSecure": {
- "properties": {
- "nginx.ingress.kubernetes.io/backend-protocol": {
- "type": "string"
- },
- "nginx.ingress.kubernetes.io/force-ssl-redirect": {
- "type": "string"
- },
- "nginx.ingress.kubernetes.io/rewrite-target": {
- "type": "string"
- },
- "nginx.ingress.kubernetes.io/use-regex": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "className": {
- "type": "string"
- },
- "enabled": {
- "type": "boolean"
- },
- "tls": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "secretName": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "metadatadb": {
- "properties": {
- "auth": {
- "properties": {
- "database": {
- "type": "string"
- },
- "replicationPassword": {
- "type": "string"
- },
- "replicationUser": {
- "type": "string"
- },
- "root": {
- "type": "string"
- },
- "rootPassword": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "enabled": {
- "type": "boolean"
- },
- "extraInitDbScripts": {
- "properties": {},
- "type": "object"
- },
- "fullnameOverride": {
- "type": "string"
- },
- "host": {
- "type": "string"
- },
- "initdbScriptsConfigMap": {
- "type": "string"
- },
- "jdbcExtraArgs": {
- "type": "string"
- },
- "metrics": {
- "properties": {
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "secondary": {
- "properties": {
- "replicaCount": {
- "type": "integer"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "metadataservice": {
- "properties": {
- "admin": {
- "properties": {
- "email": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "datacite": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "password": {
- "type": "string"
- },
- "prefix": {
- "type": "string"
- },
- "url": {
- "type": "string"
- },
- "username": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "deletedRecord": {
- "type": "string"
- },
- "enabled": {
- "type": "boolean"
- },
- "endpoint": {
- "type": "string"
- },
- "granularity": {
- "type": "string"
- },
- "image": {
- "properties": {
- "debug": {
- "type": "boolean"
- },
- "name": {
- "type": "string"
- },
- "pullPolicy": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "replicaCount": {
- "type": "integer"
- },
- "repositoryName": {
- "type": "string"
- },
- "s3": {
- "properties": {
- "auth": {
- "properties": {
- "password": {
- "type": "string"
- },
- "username": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "bucket": {
- "properties": {
- "export": {
- "type": "string"
- },
- "import": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "endpoint": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "sparql": {
- "properties": {
- "connectionTimeout": {
- "type": "integer"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "namespace": {
- "type": "string"
- },
- "searchdb": {
- "properties": {
- "clusterName": {
- "type": "string"
- },
- "enabled": {
- "type": "string"
- },
- "fullnameOverride": {
- "type": "string"
- },
- "host": {
- "type": "string"
- },
- "port": {
- "type": "integer"
- },
- "security": {
- "properties": {
- "adminPassword": {
- "type": "string"
- },
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "servicenameOverride": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "searchservice": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "endpoint": {
- "type": "string"
- },
- "image": {
- "properties": {
- "debug": {
- "type": "boolean"
- },
- "name": {
- "type": "string"
- },
- "pullPolicy": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "init": {
- "properties": {
- "image": {
- "properties": {
- "name": {
- "type": "string"
- },
- "pullPolicy": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "replicaCount": {
- "type": "integer"
- }
- },
- "type": "object"
- },
- "storageservice": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "filer": {
- "properties": {
- "enablePVC": {
- "type": "boolean"
- },
- "enabled": {
- "type": "boolean"
- },
- "replicas": {
- "type": "integer"
- },
- "s3": {
- "properties": {
- "allowEmptyFolder": {
- "type": "boolean"
- },
- "enableAuth": {
- "type": "boolean"
- },
- "enabled": {
- "type": "boolean"
- },
- "existingConfigSecret": {
- "type": "string"
- },
- "port": {
- "type": "integer"
- },
- "skipAuthSecretCreation": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "storage": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "init": {
- "properties": {
- "image": {
- "type": "string"
- },
- "pullPolicy": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "master": {
- "properties": {
- "enabled": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "s3": {
- "properties": {
- "auth": {
- "properties": {
- "password": {
- "type": "string"
- },
- "username": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "bucket": {
- "properties": {
- "export": {
- "type": "string"
- },
- "import": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "enableAuth": {
- "type": "boolean"
- },
- "enabled": {
- "type": "boolean"
- },
- "existingConfigSecret": {
- "type": "string"
- },
- "metricsPort": {
- "type": "integer"
- },
- "port": {
- "type": "integer"
- },
- "replicas": {
- "type": "integer"
- },
- "skipAuthSecretCreation": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "volume": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "replicas": {
- "type": "integer"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "strategyType": {
- "type": "string"
- },
- "ui": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "extraVolumeMounts": {
- "type": "array"
- },
- "extraVolumes": {
- "type": "array"
- },
- "image": {
- "properties": {
- "debug": {
- "type": "boolean"
- },
- "name": {
- "type": "string"
- },
- "pullPolicy": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "public": {
- "properties": {
- "api": {
- "properties": {
- "client": {
- "type": "string"
- },
- "server": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "broker": {
- "properties": {
- "extra": {
- "type": "string"
- },
- "host": {
- "type": "string"
- },
- "port": {
- "properties": {
- "5671": {
- "type": "boolean"
- },
- "5672": {
- "type": "boolean"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "database": {
- "properties": {
- "extra": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "doi": {
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "endpoint": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "icon": {
- "type": "string"
- },
- "links": {
- "properties": {
- "keycloak": {
- "properties": {
- "href": {
- "type": "string"
- },
- "text": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "rabbitmq": {
- "properties": {
- "href": {
- "type": "string"
- },
- "text": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "logo": {
- "type": "string"
- },
- "pid": {
- "properties": {
- "default": {
- "properties": {
- "publisher": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "title": {
- "type": "string"
- },
- "touch": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "replicaCount": {
- "type": "integer"
- }
- },
- "type": "object"
- },
- "uploadservice": {
- "properties": {
- "containerArgs": {
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "enabled": {
- "type": "boolean"
- },
- "envFrom": {
- "items": {
- "properties": {
- "secretRef": {
- "properties": {
- "name": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "type": "array"
- },
- "fullnameOverride": {
- "type": "string"
- },
- "image": {
- "properties": {
- "repository": {
- "type": "string"
- },
- "tag": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "replicaCount": {
- "type": "integer"
- },
- "securityContext": {
- "properties": {
- "allowPrivilegeEscalation": {
- "type": "boolean"
- },
- "capabilities": {
- "properties": {
- "drop": {
- "items": {
- "type": "string"
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "runAsGroup": {
- "type": "integer"
- },
- "runAsNonRoot": {
- "type": "boolean"
- },
- "runAsUser": {
- "type": "integer"
- },
- "seccompProfile": {
- "properties": {
- "type": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
-}
diff --git a/versions.json b/versions.json
index ecd7dd1b937003a9c5bf34579d16d8965310e284..b17c2c59962f34c3f0fc4693ae0c6088212f6eb6 100644
--- a/versions.json
+++ b/versions.json
@@ -1,8 +1,13 @@
[
+ {
+ "version": "1.4.5",
+ "title": "1.4.5",
+ "aliases": ["latest"]
+ },
{
"version": "1.4.4",
"title": "1.4.4",
- "aliases": ["latest"]
+ "aliases": []
},
{
"version": "1.4.3",