Skip to content

Commit

Permalink
feat: add technical user deletion logic and adjust exception handling…
Browse files Browse the repository at this point in the history
… for encryption (#50)

Reviewed-By: Evelyn Gurschler <evelyn.gurschler@bmw.de>
  • Loading branch information
Phil91 authored Jul 17, 2024
1 parent 3449107 commit a140a48
Show file tree
Hide file tree
Showing 35 changed files with 1,103 additions and 73 deletions.
2 changes: 1 addition & 1 deletion consortia/argocd-app-templates/appsetup-dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ spec:
server: 'https://kubernetes.default.svc'
source:
path: charts/dim
repoURL: 'https://github.com/sap/dim-client.git'
repoURL: 'https://github.com/sap/ssi-dim-middle-layer.git'
targetRevision: main
plugin:
env:
Expand Down
4 changes: 2 additions & 2 deletions consortia/argocd-app-templates/appsetup-int.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ spec:
server: 'https://kubernetes.default.svc'
source:
path: charts/dim
repoURL: 'https://github.com/sap/dim-client.git'
targetRevision: dim-1.1.0
repoURL: 'https://github.com/sap/ssi-dim-middle-layer.git'
targetRevision: dim-1.0.0
plugin:
env:
- name: AVP_SECRET
Expand Down
42 changes: 42 additions & 0 deletions consortia/argocd-app-templates/appsetup-rc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
###############################################################
# Copyright (c) 2024 BMW Group AG
# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors.
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
###############################################################

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dim
spec:
destination:
namespace: product-iam
server: 'https://kubernetes.default.svc'
source:
path: charts/dim
repoURL: 'https://github.com/sap/ssi-dim-middle-layer.git'
targetRevision: main
plugin:
env:
- name: AVP_SECRET
value: vault-secret
- name: helm_args
value: '-f values.yaml -f ../../consortia/environments/values-rc.yaml'
project: project-portal
syncPolicy:
automated:
prune: true
4 changes: 2 additions & 2 deletions consortia/environments/values-dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ dim:
tag: "main"
imagePullPolicy: "Always"
swaggerEnabled: true
rootDirectoryId: "27fee02a-e265-4cfc-af70-4f217a33840b"
rootDirectoryId: "ee464a81-fca4-431d-8315-5db5e49b4c3c"
operatorId: "27fee02a-e265-4cfc-af70-4f217a33840b"

migrations:
Expand All @@ -63,7 +63,7 @@ processesworker:
adminMail: "phil.schneider@digitalnativesolutions.de"
clientIdCisCentral: "<path:portal/data/dim/dev/dim#cisClientId>"
clientSecretCisCentral: "<path:portal/data/dim/dev/dim#cisClientSecret>"
authUrl: "https://catena-x-int-dim.authentication.eu10.hana.ondemand.com"
authUrl: "https://catena-x-dev-dim.authentication.eu10.hana.ondemand.com"
subaccount:
# -- Url to the subaccount service api
baseUrl: "https://accounts-service.cfapps.eu10.hana.ondemand.com"
Expand Down
105 changes: 105 additions & 0 deletions consortia/environments/values-rc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
###############################################################
# Copyright (c) 2024 BMW Group AG
# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors.
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
###############################################################

ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "8m"
nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000, https://*.dev.demo.catena-x.net"
tls:
- secretName: "tls-secret"
hosts:
- "dim-rc.dev.demo.catena-x.net"
hosts:
- host: "dim-rc.dev.demo.catena-x.net"
paths:
- path: "/api/dim"
pathType: "Prefix"
backend:
port: 8080

dim:
image:
tag: "main"
imagePullPolicy: "Always"
swaggerEnabled: true
rootDirectoryId: "ee464a81-fca4-431d-8315-5db5e49b4c3c"
operatorId: "27fee02a-e265-4cfc-af70-4f217a33840b"

migrations:
image:
tag: "main"
imagePullPolicy: "Always"
logging:
default: "Debug"

processesworker:
image:
tag: "main"
imagePullPolicy: "Always"
logging:
default: "Debug"
dim:
adminMail: "phil.schneider@digitalnativesolutions.de"
clientIdCisCentral: "<path:portal/data/dim/dev/dim#cisClientId>"
clientSecretCisCentral: "<path:portal/data/dim/dev/dim#cisClientSecret>"
authUrl: "https://catena-x-dev-dim.authentication.eu10.hana.ondemand.com"
subaccount:
# -- Url to the subaccount service api
baseUrl: "https://accounts-service.cfapps.eu10.hana.ondemand.com"
entitlement:
# -- Url to the entitlement service api
baseUrl: "https://entitlements-service.cfapps.eu10.hana.ondemand.com"
cf:
clientId: "<path:portal/data/dim/dev/cf#clientId>"
clientSecret: "<path:portal/data/dim/dev/cf#clientSecret>"
tokenAddress: "https://login.cf.eu10.hana.ondemand.com/oauth/token"
# -- Url to the cf service api
baseUrl: "https://api.cf.eu10.hana.ondemand.com"
grantType: "client_credentials"
callback:
scope: "openid"
grantType: "client_credentials"
# -- Provide client-id for callback.
clientId: "<path:portal/data/dim/callback#clientId>"
# -- Client-secret for callback client-id. Secret-key 'callback-client-secret'.
clientSecret: "<path:portal/data/dim/dev/callback#clientSecret>"
tokenAddress: "http://centralidp-rc.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
# -- Url to the cf service api
baseAddress: "https://portal-backend-rc.dev.demo.catena-x.net"
technicalUserCreation:
encryptionConfigs:
index0:
encryptionKey: "<<path:portal/data/dim/dev/technicaluser#technicalusercreation-encryption-key0>"

idp:
address: "https://centralidp-rc.dev.demo.catena-x.net"
jwtBearerOptions:
tokenValidationParameters:
validAudience: "DIM-Middle-Layer"

postgresql:
auth:
postgrespassword: "<path:portal/data/dim/dev/postgres#postgres-password>"
password: "<path:portal/data/dim/dev/postgres#password>"
replicationPassword: "<path:portal/data/dim/dev/postgres#replication-password>"
11 changes: 9 additions & 2 deletions src/clients/Dim.Clients/Api/Cf/CfClient.cs
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,8 @@ private static async Task<Guid> GetEnvironmentId(string tenantName, Cancellation
.ReadFromJsonAsync<GetEnvironmentsResponse>(JsonSerializerExtensions.Options, cancellationToken)
.ConfigureAwait(false);

var tenantEnvironment = environments.Resources.Where(x => x.Name == tenantName);
if (tenantEnvironment.Count() > 1)
var tenantEnvironment = environments?.Resources.Where(x => x.Name == tenantName);
if (tenantEnvironment == null || tenantEnvironment.Count() > 1)
{
throw new ConflictException($"There should only be one cf environment for tenant {tenantName}");
}
Expand Down Expand Up @@ -277,4 +277,11 @@ public async Task<ServiceCredentialBindingDetailResponse> GetServiceBindingDetai
throw new ServiceException(je.Message);
}
}

public async Task DeleteServiceInstanceBindings(Guid serviceBindingId, CancellationToken cancellationToken)
{
var client = await _basicAuthTokenService.GetBasicAuthorizedLegacyClient<CfClient>(_settings, cancellationToken).ConfigureAwait(false);
await client.DeleteAsync($"/v3/service_credential_bindings/{serviceBindingId}", cancellationToken)
.CatchingIntoServiceExceptionFor("delete-si-bindings", HttpAsyncResponseMessageExtension.RecoverOptions.ALLWAYS);
}
}
1 change: 1 addition & 0 deletions src/clients/Dim.Clients/Api/Cf/ICfClient.cs
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,5 @@ public interface ICfClient
Task CreateServiceInstanceBindings(string tenantName, string? keyName, Guid spaceId, CancellationToken cancellationToken);
Task<Guid> GetServiceBinding(string tenantName, Guid spaceId, string bindingName, CancellationToken cancellationToken);
Task<ServiceCredentialBindingDetailResponse> GetServiceBindingDetails(Guid id, CancellationToken cancellationToken);
Task DeleteServiceInstanceBindings(Guid serviceBindingId, CancellationToken cancellationToken);
}
6 changes: 3 additions & 3 deletions src/clients/Dim.Clients/Dim.Clients.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@
<PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0" />
<PackageReference Include="Microsoft.Extensions.Options" Version="8.0.2" />
<PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.DependencyInjection" Version="2.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling" Version="2.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.HttpClientExtensions" Version="2.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.DependencyInjection" Version="2.3.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling" Version="2.3.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.HttpClientExtensions" Version="2.3.0" />
</ItemGroup>

</Project>
4 changes: 2 additions & 2 deletions src/database/Dim.DbAccess/Dim.DbAccess.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@

<ItemGroup>
<PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore" Version="8.0.3" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.DependencyInjection" Version="2.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling" Version="2.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.DependencyInjection" Version="2.3.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling" Version="2.3.0" />
</ItemGroup>

<ItemGroup>
Expand Down
3 changes: 3 additions & 0 deletions src/database/Dim.DbAccess/Repositories/ITenantRepository.cs
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,7 @@ public interface ITenantRepository
Task<(Guid? spaceId, string technicalUserName)> GetSpaceIdAndTechnicalUserName(Guid technicalUserId);
Task<(Guid ExternalId, string? TokenAddress, string? ClientId, byte[]? ClientSecret, byte[]? InitializationVector, int? EncryptionMode)> GetTechnicalUserCallbackData(Guid technicalUserId);
Task<(Guid? DimInstanceId, Guid? CompanyId)> GetDimInstanceIdAndDid(Guid tenantId);
Task<(bool Exists, Guid TechnicalUserId, Guid ProcessId)> GetTechnicalUserForBpn(string bpn, string technicalUserName);
Task<Guid> GetExternalIdForTechnicalUser(Guid technicalUserId);
void RemoveTechnicalUser(Guid technicalUserId);
}
16 changes: 16 additions & 0 deletions src/database/Dim.DbAccess/Repositories/TenantRepository.cs
Original file line number Diff line number Diff line change
Expand Up @@ -145,4 +145,20 @@ public void AttachAndModifyTechnicalUser(Guid technicalUserId, Action<TechnicalU
.Where(x => x.Id == tenantId)
.Select(x => new ValueTuple<Guid?, Guid?>(x.DimInstanceId, x.CompanyId))
.SingleOrDefaultAsync();

public Task<(bool Exists, Guid TechnicalUserId, Guid ProcessId)> GetTechnicalUserForBpn(string bpn, string technicalUserName) =>
context.TechnicalUsers
.Where(x => x.TechnicalUserName == technicalUserName && x.Tenant!.Bpn == bpn)
.Select(x => new ValueTuple<bool, Guid, Guid>(true, x.Id, x.ProcessId))
.SingleOrDefaultAsync();

public Task<Guid> GetExternalIdForTechnicalUser(Guid technicalUserId) =>
context.TechnicalUsers
.Where(x => x.Id == technicalUserId)
.Select(x => x.ExternalId)
.SingleOrDefaultAsync();

public void RemoveTechnicalUser(Guid technicalUserId) =>
context.TechnicalUsers
.Remove(new TechnicalUser(technicalUserId, default, default, null!, default));
}
2 changes: 1 addition & 1 deletion src/database/Dim.Entities/Dim.Entities.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,6 @@
<PrivateAssets>all</PrivateAssets>
</PackageReference>
<PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="8.0.4" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.DBAccess" Version="2.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.DBAccess" Version="2.3.0" />
</ItemGroup>
</Project>
6 changes: 5 additions & 1 deletion src/database/Dim.Entities/Enums/ProcessStepTypeId.cs
Original file line number Diff line number Diff line change
Expand Up @@ -45,5 +45,9 @@ public enum ProcessStepTypeId
// Create Technical User
CREATE_TECHNICAL_USER = 100,
GET_TECHNICAL_USER_DATA = 101,
SEND_TECHNICAL_USER_CALLBACK = 102,
SEND_TECHNICAL_USER_CREATION_CALLBACK = 102,

// Delete Technical User
DELETE_TECHNICAL_USER = 200,
SEND_TECHNICAL_USER_DELETION_CALLBACK = 201
}
2 changes: 1 addition & 1 deletion src/database/Dim.Entities/Enums/ProcessTypeId.cs
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,5 @@ namespace Dim.Entities.Enums;
public enum ProcessTypeId
{
SETUP_DIM = 1,
CREATE_TECHNICAL_USER = 2
TECHNICAL_USER = 2,
}
6 changes: 3 additions & 3 deletions src/database/Dim.Migrations/Dim.Migrations.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,9 @@
<PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="8.0.0" />
<PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0" />
<PackageReference Include="Serilog.Extensions.Logging" Version="8.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Models" Version="2.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Logging" Version="2.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Seeding" Version="2.0.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Models" Version="2.3.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Logging" Version="2.3.0" />
<PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Seeding" Version="2.3.0" />
</ItemGroup>

<ItemGroup>
Expand Down
Loading

0 comments on commit a140a48

Please sign in to comment.