From e049dbcb4d887f29198f2bfb534e4ab27a28929f Mon Sep 17 00:00:00 2001 From: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Date: Tue, 4 Jun 2024 11:08:29 -0700 Subject: [PATCH 01/22] Bump develop to 1.2.0-alpha0 (#37) * Update build.gradle * Update bumpver.toml --- build.gradle | 2 +- bumpver.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index a9fa08b..09788f8 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,7 @@ plugins { } group = 'gov.nasa.podaac.swodlr' -version = '1.1.0-alpha1' +version = '1.2.0-alpha0' sourceCompatibility = '17' repositories { diff --git a/bumpver.toml b/bumpver.toml index 3edb031..95cc76f 100644 --- a/bumpver.toml +++ b/bumpver.toml @@ -1,5 +1,5 @@ [bumpver] -current_version = "1.1.0-alpha1" +current_version = "1.2.0-alpha0" version_pattern = "MAJOR.MINOR.PATCH[-TAGNUM]" commit = true tag = true From 6479fea954f8620ac50e47057a60001407660860 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 4 Jun 2024 19:05:05 +0000 Subject: [PATCH 02/22] bump version to 1.2.0-alpha1 --- build.gradle | 2 +- bumpver.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 09788f8..8f1c90f 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,7 @@ plugins { } group = 'gov.nasa.podaac.swodlr' -version = '1.2.0-alpha0' +version = '1.2.0-alpha1' sourceCompatibility = '17' repositories { diff --git a/bumpver.toml b/bumpver.toml index 95cc76f..9816041 100644 --- a/bumpver.toml +++ b/bumpver.toml @@ -1,5 +1,5 @@ [bumpver] -current_version = "1.2.0-alpha0" +current_version = "1.2.0-alpha1" version_pattern = "MAJOR.MINOR.PATCH[-TAGNUM]" commit = true tag = true From fa782fb7ddcddda484b4b1cc02d77c043d2250b3 Mon Sep 17 00:00:00 2001 From: Josh Garde Date: Mon, 10 Jun 2024 14:47:08 -0700 Subject: [PATCH 03/22] Multiticket Update (#39) * Disable public stacktraces on 500 errors * Bump priority on SwodlrExceptionResolver * Move EdlProxyController to edl subpackage * Initial user roles implementation * Cache User result in UserReferences * Initial invalidation implementation * Enable cicd on all branches * Linting * Update changelog --- .github/workflows/build.yml | 8 -- CHANGELOG | 4 + .../exception/SwodlrExceptionResolver.java | 3 + .../L2RasterProductController.java | 34 ++++- .../L2RasterProductService.java | 20 +-- .../security/config/WebSecurityConfig.java | 13 +- .../{ => edl}/EdlProxyController.java | 3 +- .../edl/EdlReactiveAuthenticationManager.java | 122 ++++++++++++++++++ .../podaac/swodlr/user/UserReference.java | 16 ++- src/main/resources/application.properties | 8 ++ src/main/resources/graphql/mutation.graphqls | 3 + 11 files changed, 210 insertions(+), 24 deletions(-) rename src/main/java/gov/nasa/podaac/swodlr/security/{ => edl}/EdlProxyController.java (98%) create mode 100644 src/main/java/gov/nasa/podaac/swodlr/security/edl/EdlReactiveAuthenticationManager.java diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d5164d4..9bc9d7f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,14 +1,6 @@ name: Build 'n Deploy on: push: - branches: - - main - - develop - - 'release/**' - - 'feature/**' - - 'issue/**' - - 'issues/**' - - 'dependabot/**' tags-ignore: - '*' paths-ignore: diff --git a/CHANGELOG b/CHANGELOG index 7a71950..50e12f4 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + - Implement permissions model #92 + - As a user, I do not want to see stacktraces when errors occur #36 + ## [1.1.0] ### Added diff --git a/src/main/java/gov/nasa/podaac/swodlr/exception/SwodlrExceptionResolver.java b/src/main/java/gov/nasa/podaac/swodlr/exception/SwodlrExceptionResolver.java index 7b424f7..60724c6 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/exception/SwodlrExceptionResolver.java +++ b/src/main/java/gov/nasa/podaac/swodlr/exception/SwodlrExceptionResolver.java @@ -9,11 +9,14 @@ import java.util.List; import javax.validation.ConstraintViolationException; import org.apache.commons.lang3.exception.ExceptionUtils; +import org.springframework.core.Ordered; +import org.springframework.core.annotation.Order; import org.springframework.graphql.execution.DataFetcherExceptionResolverAdapter; import org.springframework.stereotype.Component; import org.springframework.transaction.TransactionSystemException; @Component +@Order(Ordered.HIGHEST_PRECEDENCE) public class SwodlrExceptionResolver extends DataFetcherExceptionResolverAdapter { @Override public List resolveToMultipleErrors(Throwable ex, DataFetchingEnvironment env) { diff --git a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java index 54969bc..2c3dad6 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java +++ b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java @@ -1,28 +1,39 @@ package gov.nasa.podaac.swodlr.l2rasterproduct; import gov.nasa.podaac.swodlr.rasterdefinition.GridType; +import gov.nasa.podaac.swodlr.status.State; import gov.nasa.podaac.swodlr.status.Status; +import gov.nasa.podaac.swodlr.status.StatusRepository; import gov.nasa.podaac.swodlr.user.User; import gov.nasa.podaac.swodlr.user.UserReference; import java.util.List; import java.util.UUID; import javax.validation.constraints.NotNull; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.graphql.data.method.annotation.Argument; import org.springframework.graphql.data.method.annotation.ContextValue; import org.springframework.graphql.data.method.annotation.MutationMapping; import org.springframework.graphql.data.method.annotation.QueryMapping; import org.springframework.graphql.data.method.annotation.SchemaMapping; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; +import org.springframework.transaction.annotation.Transactional; import reactor.core.publisher.Mono; @Controller public class L2RasterProductController { + private Logger logger = LoggerFactory.getLogger(getClass()); + + @Autowired + private L2RasterProductService l2RasterProductService; + @Autowired - L2RasterProductService l2RasterProductService; + private L2RasterProductRepository l2RasterProductRepository; @Autowired - L2RasterProductRepository l2RasterProductRepository; + private StatusRepository statusRepository; @MutationMapping public Mono generateL2RasterProduct( @@ -64,6 +75,25 @@ public Mono generateL2RasterProduct( }); } + @PreAuthorize("hasRole(\"ROLE_Administrator\")") + @MutationMapping + @Transactional + public Mono invalidateProduct(@Argument UUID id) { + return Mono.defer(() -> { + var result = l2RasterProductRepository.findById(id); + if (result.isEmpty()) { + logger.debug("No products found with id: {}", id.toString()); + return Mono.empty(); + } + + L2RasterProduct product = result.get(); + Status invalidatedStatus = new Status(product, State.UNAVAILABLE); + statusRepository.save(invalidatedStatus); + + return l2RasterProductService.startProductGeneration(product); + }); + } + @QueryMapping public L2RasterProduct l2RasterProduct(@Argument UUID id) { var result = l2RasterProductRepository.findById(id); diff --git a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductService.java b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductService.java index 90a3e3b..3098c83 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductService.java +++ b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductService.java @@ -49,14 +49,11 @@ public Mono createL2RasterProduct( utmZoneAdjust, mgrsBandAdjust ); - Status status = new Status(product, State.NEW); ProductHistory history = new ProductHistory(user, product); - product = l2RasterProductRepository.save(product); - statusRepository.save(status); productHistoryRepository.save(history); - return productCreateQueue.queueProduct(product).thenReturn(product); + return startProductGeneration(product); } @Transactional @@ -82,7 +79,7 @@ public Mono getL2RasterProduct( mgrsBandAdjust ); - if (!productResult.isPresent()) { + if (productResult.isEmpty()) { return Mono.empty(); } @@ -91,11 +88,18 @@ public Mono getL2RasterProduct( productHistoryRepository.save(history); if (product.getStatuses().get(0).getState() == State.UNAVAILABLE) { - Status status = new Status(product, State.NEW); - statusRepository.save(status); - return productCreateQueue.queueProduct(product).thenReturn(product); + return startProductGeneration(product); } return Mono.just(product); } + + @Transactional + public Mono startProductGeneration(L2RasterProduct product) { + return Mono.defer(() -> { + Status status = new Status(product, State.NEW); + statusRepository.save(status); + return productCreateQueue.queueProduct(product).thenReturn(product); + }); + } } diff --git a/src/main/java/gov/nasa/podaac/swodlr/security/config/WebSecurityConfig.java b/src/main/java/gov/nasa/podaac/swodlr/security/config/WebSecurityConfig.java index 02189d8..54760c1 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/security/config/WebSecurityConfig.java +++ b/src/main/java/gov/nasa/podaac/swodlr/security/config/WebSecurityConfig.java @@ -2,12 +2,15 @@ import gov.nasa.podaac.swodlr.security.SwodlrSecurityProperties; import gov.nasa.podaac.swodlr.security.UserBootstrapWebFilter; +import gov.nasa.podaac.swodlr.security.edl.EdlReactiveAuthenticationManager; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.web.server.SecurityWebFiltersOrder; import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder; +import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder; import org.springframework.security.web.server.SecurityWebFilterChain; @EnableWebFluxSecurity @@ -32,7 +35,15 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { }) .oauth2ResourceServer((resourceServer) -> { resourceServer.jwt((jwt) -> { - jwt.jwkSetUri(securityProperties.edlBaseUrl() + "/export_edl_jwks"); + ReactiveJwtDecoder jwtDecoder = new NimbusReactiveJwtDecoder( + securityProperties.edlBaseUrl() + "/export_edl_jwks" + ); + + jwt + .jwtDecoder(jwtDecoder) + .authenticationManager( + new EdlReactiveAuthenticationManager(jwtDecoder, securityProperties) + ); }); }) .addFilterAfter(userBootstrapWebFilter, SecurityWebFiltersOrder.AUTHENTICATION); diff --git a/src/main/java/gov/nasa/podaac/swodlr/security/EdlProxyController.java b/src/main/java/gov/nasa/podaac/swodlr/security/edl/EdlProxyController.java similarity index 98% rename from src/main/java/gov/nasa/podaac/swodlr/security/EdlProxyController.java rename to src/main/java/gov/nasa/podaac/swodlr/security/edl/EdlProxyController.java index c09f5d7..a909935 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/security/EdlProxyController.java +++ b/src/main/java/gov/nasa/podaac/swodlr/security/edl/EdlProxyController.java @@ -1,5 +1,6 @@ -package gov.nasa.podaac.swodlr.security; +package gov.nasa.podaac.swodlr.security.edl; +import gov.nasa.podaac.swodlr.security.SwodlrSecurityProperties; import java.net.URI; import java.util.List; import java.util.Map; diff --git a/src/main/java/gov/nasa/podaac/swodlr/security/edl/EdlReactiveAuthenticationManager.java b/src/main/java/gov/nasa/podaac/swodlr/security/edl/EdlReactiveAuthenticationManager.java new file mode 100644 index 0000000..869bc0d --- /dev/null +++ b/src/main/java/gov/nasa/podaac/swodlr/security/edl/EdlReactiveAuthenticationManager.java @@ -0,0 +1,122 @@ +package gov.nasa.podaac.swodlr.security.edl; + + +import com.fasterxml.jackson.annotation.JsonProperty; +import gov.nasa.podaac.swodlr.security.SwodlrSecurityProperties; +import java.net.URI; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.authentication.ReactiveAuthenticationManager; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.oauth2.jwt.Jwt; +import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; +import org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager; +import org.springframework.web.reactive.function.client.WebClient; +import org.springframework.web.util.UriComponentsBuilder; +import reactor.core.publisher.Mono; + +public final class EdlReactiveAuthenticationManager implements ReactiveAuthenticationManager { + private static final String ROLE_PREFIX = "ROLE_"; + + private final Logger logger = LoggerFactory.getLogger(getClass()); + private final WebClient webClient = WebClient.create(); + private final ReactiveAuthenticationManager jwtAuthManager; + private final SwodlrSecurityProperties securityProperties; + + public EdlReactiveAuthenticationManager( + ReactiveJwtDecoder jwtDecoder, + SwodlrSecurityProperties securityProperties + ) { + this.jwtAuthManager = new JwtReactiveAuthenticationManager(jwtDecoder); + this.securityProperties = securityProperties; + } + + @Override + public Mono authenticate(Authentication authentication) { + return this.jwtAuthManager + .authenticate(authentication) + .filter(auth -> auth instanceof JwtAuthenticationToken) + .cast(JwtAuthenticationToken.class) + .flatMap(auth -> populateUserGroups(auth)) + .cast(Authentication.class); + } + + private Mono populateUserGroups(JwtAuthenticationToken auth) { + return retrieveUserGroups(auth.getToken()) + .map(groups -> { + List authorities = new ArrayList<>(auth.getAuthorities()); + + for (String group : groups) { + logger.debug("Adding user role: {}", group); + authorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + group)); + } + + return new JwtAuthenticationToken(auth.getToken(), authorities); + }) + .cast(Authentication.class) + .cache(); + } + + private Mono> retrieveUserGroups(Jwt token) { + return Mono.defer(() -> { + String username = token.getClaim("uid"); + + URI userGroupsUri = UriComponentsBuilder + .fromHttpUrl(securityProperties.edlBaseUrl()) + .replacePath("/api/user_groups/groups_for_user/" + username) + .queryParam("client_id", securityProperties.edlClientId()) + .build().toUri(); + + logger.debug("Constructed user groups uri: {}", userGroupsUri.toString()); + + return webClient + .get() + .uri(userGroupsUri) + .headers(headers -> headers.setBearerAuth(token.getTokenValue())) + .retrieve() + .bodyToMono(EdlUserGroupsResponse.class) + .flatMap(body -> processResponse(body)); + }); + } + + private Mono> processResponse(EdlUserGroupsResponse response) { + return Mono.defer(() -> { + logger.trace("Processing user groups response"); + + List userGroups = response.userGroups(); + List swodlrGroups = new ArrayList<>(); + + for (UserGroup group : userGroups) { + if (group.clientId().equals(securityProperties.edlClientId())) { + swodlrGroups.add(group.name()); + } else { + logger.debug( + "Group client id {} does not match application client id {}", + group.clientId(), securityProperties.edlClientId()); + } + } + + return Mono.just(Collections.unmodifiableList(swodlrGroups)); + }); + } + + private record EdlUserGroupsResponse( + @JsonProperty("user_groups") List userGroups + ) { } + + private record UserGroup( + @JsonProperty("group_id") String groupId, + @JsonProperty("name") String name, + @JsonProperty("tag") String tag, + @JsonProperty("shared_user_group") boolean sharedUserGroup, + @JsonProperty("created_by") String createdBy, + @JsonProperty("app_uid") String appUid, + @JsonProperty("client_id") String clientId + ) { } +} diff --git a/src/main/java/gov/nasa/podaac/swodlr/user/UserReference.java b/src/main/java/gov/nasa/podaac/swodlr/user/UserReference.java index 5747555..91137a0 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/user/UserReference.java +++ b/src/main/java/gov/nasa/podaac/swodlr/user/UserReference.java @@ -10,6 +10,9 @@ public class UserReference implements Serializable { private static UserRepository userRepository; private final UUID id; + + // Attempt to cache here so future lookups don't hit database + private transient User user; public UserReference(User user) { id = user.getId(); @@ -26,12 +29,17 @@ public UUID getId() { * is thrown */ public User fetch() { - Optional result = getUserRepository().findById(id); - if (result.isEmpty()) { - throw new SwodlrException("User cannot be found. Try clearing your cookies and try again."); + if (this.user == null) { + Optional result = getUserRepository().findById(id); + if (result.isEmpty()) { + throw new SwodlrException("User cannot be found. Try clearing your cookies and try again."); + } + + this.user = result.get(); } + - return result.get(); + return this.user; } private UserRepository getUserRepository() { diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 1873e46..399acf4 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -2,6 +2,10 @@ spring.application.name=swodlr spring.config.import=aws-parameterstore:/service/swodlr/app spring.main.web-application-type=reactive +server.error.include-stacktrace=never +server.error.include-message=never +server.error.include-binding-errors=never + server.forward-headers-strategy=framework spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL10Dialect @@ -29,5 +33,9 @@ swodlr.cmr.endpoint=https://graphql.uat.earthdata.nasa.gov/api swodlr.security.frontend-uri-pattern=https://swodlr\.podaac\.uat\.earthdatacloud\.nasa\.gov/.* #--- +server.error.include-stacktrace=always +server.error.include-message=always +server.error.include-binding-errors=always + spring.config.activate.on-profile=dev swodlr.security.frontend-uri-pattern=.* diff --git a/src/main/resources/graphql/mutation.graphqls b/src/main/resources/graphql/mutation.graphqls index 649b03d..80666c6 100644 --- a/src/main/resources/graphql/mutation.graphqls +++ b/src/main/resources/graphql/mutation.graphqls @@ -21,4 +21,7 @@ type Mutation { utmZoneAdjust: Int, mgrsBandAdjust: Int ): RasterDefinition! + + # -- Admin -- + invalidateProduct(id: ID!): L2RasterProduct } From e2c3dbfb80e182c074c6826bd31b068e01599fc9 Mon Sep 17 00:00:00 2001 From: Josh Garde Date: Wed, 12 Jun 2024 08:28:35 -0700 Subject: [PATCH 04/22] Cache Fix + Invalidate Change (#40) * Regenerate on ERROR or UNAVAILABLE * Change invalidate endpoint to only invalidate --- .../L2RasterProductController.java | 22 +++++++++---------- .../L2RasterProductService.java | 4 +++- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java index 2c3dad6..b00fd5e 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java +++ b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java @@ -78,20 +78,18 @@ public Mono generateL2RasterProduct( @PreAuthorize("hasRole(\"ROLE_Administrator\")") @MutationMapping @Transactional - public Mono invalidateProduct(@Argument UUID id) { - return Mono.defer(() -> { - var result = l2RasterProductRepository.findById(id); - if (result.isEmpty()) { - logger.debug("No products found with id: {}", id.toString()); - return Mono.empty(); - } + public L2RasterProduct invalidateProduct(@Argument UUID id) { + var result = l2RasterProductRepository.findById(id); + if (result.isEmpty()) { + logger.debug("No products found with id: {}", id.toString()); + return null; + } - L2RasterProduct product = result.get(); - Status invalidatedStatus = new Status(product, State.UNAVAILABLE); - statusRepository.save(invalidatedStatus); + L2RasterProduct product = result.get(); + Status invalidatedStatus = new Status(product, State.UNAVAILABLE); + statusRepository.save(invalidatedStatus); - return l2RasterProductService.startProductGeneration(product); - }); + return product; } @QueryMapping diff --git a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductService.java b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductService.java index 3098c83..79d4bd3 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductService.java +++ b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductService.java @@ -87,7 +87,9 @@ public Mono getL2RasterProduct( ProductHistory history = new ProductHistory(requestor, product); productHistoryRepository.save(history); - if (product.getStatuses().get(0).getState() == State.UNAVAILABLE) { + State currentState = product.getStatuses().get(0).getState(); + + if (currentState == State.UNAVAILABLE || currentState == State.ERROR) { return startProductGeneration(product); } From 2f4a939e8f910bd51065d590ca2845cedbab0aa6 Mon Sep 17 00:00:00 2001 From: Josh Garde Date: Wed, 12 Jun 2024 12:49:19 -0700 Subject: [PATCH 05/22] Initial filtering implementation (#41) --- .../L2RasterProductController.java | 49 ++++++++++++++++++- .../l2rasterproduct/L2RasterProductQuery.java | 18 ++++++- .../L2RasterProductQueryImpl.java | 42 +++++++++++++++- 3 files changed, 106 insertions(+), 3 deletions(-) diff --git a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java index b00fd5e..86ab8eb 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java +++ b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductController.java @@ -1,11 +1,15 @@ package gov.nasa.podaac.swodlr.l2rasterproduct; +import gov.nasa.podaac.swodlr.exception.SwodlrException; import gov.nasa.podaac.swodlr.rasterdefinition.GridType; import gov.nasa.podaac.swodlr.status.State; import gov.nasa.podaac.swodlr.status.Status; import gov.nasa.podaac.swodlr.status.StatusRepository; import gov.nasa.podaac.swodlr.user.User; import gov.nasa.podaac.swodlr.user.UserReference; +import java.time.DateTimeException; +import java.time.LocalDateTime; +import java.time.format.DateTimeParseException; import java.util.List; import java.util.UUID; import javax.validation.constraints.NotNull; @@ -110,9 +114,52 @@ public L2RasterProduct getProductForStatus(Status status) { @SchemaMapping(typeName = "User", field = "products") public List getProductsForUser( @ContextValue UserReference userRef, + @Argument Integer cycle, + @Argument Integer pass, + @Argument Integer scene, + @Argument Boolean outputGranuleExtentFlag, + @Argument GridType outputSamplingGridType, + @Argument Integer rasterResolution, + @Argument Integer utmZoneAdjust, + @Argument Integer mgrsBandAdjust, + @Argument String beforeTimestamp, + @Argument String afterTimestamp, @Argument UUID after, @Argument int limit ) { - return l2RasterProductRepository.findByUser(userRef.fetch(), after, limit); + LocalDateTime beforeDate = null; + LocalDateTime afterDate = null; + + if (beforeTimestamp != null) { + try { + beforeDate = LocalDateTime.parse(beforeTimestamp); + } catch (DateTimeParseException ex) { + throw new SwodlrException("Invalid \'beforeTimestamp\' - should be ISO8601"); + } + } + + if (afterTimestamp != null) { + try { + afterDate = LocalDateTime.parse(afterTimestamp); + } catch (DateTimeException ex) { + throw new SwodlrException("Invalid \'afterTimestamp\' - should be ISO8601"); + } + } + + return l2RasterProductRepository.findByUser( + userRef.fetch(), + cycle, + pass, + scene, + outputGranuleExtentFlag, + outputSamplingGridType, + rasterResolution, + utmZoneAdjust, + mgrsBandAdjust, + beforeDate, + afterDate, + after, + limit + ); } } diff --git a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQuery.java b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQuery.java index b163989..c2db059 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQuery.java +++ b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQuery.java @@ -1,9 +1,25 @@ package gov.nasa.podaac.swodlr.l2rasterproduct; +import gov.nasa.podaac.swodlr.rasterdefinition.GridType; import gov.nasa.podaac.swodlr.user.User; +import java.time.LocalDateTime; import java.util.List; import java.util.UUID; public interface L2RasterProductQuery { - List findByUser(User user, UUID after, int limit); + List findByUser( + User user, + Integer cycle, + Integer pass, + Integer scene, + Boolean outputGranuleExtentFlag, + GridType outputSamplingGridType, + Integer rasterResolution, + Integer utmZoneAdjust, + Integer mgrsBandAdjust, + LocalDateTime beforeTimestamp, + LocalDateTime afterTimestamp, + UUID after, + int limit + ); } diff --git a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQueryImpl.java b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQueryImpl.java index 0e0a0f7..7c04217 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQueryImpl.java +++ b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQueryImpl.java @@ -1,13 +1,18 @@ package gov.nasa.podaac.swodlr.l2rasterproduct; +import gov.nasa.podaac.swodlr.rasterdefinition.GridType; import gov.nasa.podaac.swodlr.user.User; +import java.time.LocalDateTime; import java.util.List; import java.util.UUID; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import org.hibernate.Session; import org.hibernate.query.Query; +import org.hibernate.type.BooleanType; import org.hibernate.type.IntegerType; +import org.hibernate.type.LocalDateTimeType; +import org.hibernate.type.StringType; import org.hibernate.type.UUIDCharType; public class L2RasterProductQueryImpl implements L2RasterProductQuery { @@ -41,13 +46,37 @@ public class L2RasterProductQueryImpl implements L2RasterProductQuery { * - https://github.com/pgjdbc/pgjdbc/issues/247#issuecomment-78213991 */ @Override - public List findByUser(User user, UUID after, int limit) { + public List findByUser( + User user, + Integer cycle, + Integer pass, + Integer scene, + Boolean outputGranuleExtentFlag, + GridType outputSamplingGridType, + Integer rasterResolution, + Integer utmZoneAdjust, + Integer mgrsBandAdjust, + LocalDateTime beforeTimestamp, + LocalDateTime afterTimestamp, + UUID after, + int limit + ) { @SuppressWarnings("LineLength") String statement = """ SELECT \"L2RasterProducts\".* FROM \"L2RasterProducts\" JOIN \"ProductHistory\" ON \"ProductHistory\".\"rasterProductId\" = \"L2RasterProducts\".id WHERE + (:cycle is NULL OR \"cycle\" = :cycle) AND + (:pass is NULL OR \"cycle\" = :pass) AND + (:scene is NULL OR \"cycle\" = :scene) AND + (:outputGranuleExtentFlag is NULL OR \"outputGranuleExtentFlag\" = :outputGranuleExtentFlag) AND + (:outputSamplingGridType is NULL OR \"outputSamplingGridType\" = :outputSamplingGridType) AND + (:rasterResolution is NULL OR \"rasterResolution\" = :rasterResolution) AND + (:utmZoneAdjust is NULL OR \"utmZoneAdjust\" = :utmZoneAdjust) AND + (:mgrsBandAdjust is NULL OR \"mgrsBandAdjust\" = :mgrsBandAdjust) AND + (CAST(:beforeTimestamp as TIMESTAMP) is NULL OR \"L2RasterProducts\".timestamp <= :beforeTimestamp) AND + (CAST(:afterTimestamp as TIMESTAMP) is NULL OR \"L2RasterProducts\".timestamp >= :afterTimestamp) AND (\"ProductHistory\".\"requestedById\" = CAST(:userId as UUID)) AND ( (:after is NULL) @@ -60,6 +89,17 @@ public List findByUser(User user, UUID after, int limit) { Session session = entityManager.unwrap(Session.class); Query query = session.createNativeQuery(statement, L2RasterProduct.class); query.setParameter("userId", user.getId(), UUIDCharType.INSTANCE); + query.setParameter("cycle", cycle, IntegerType.INSTANCE); + query.setParameter("pass", pass, IntegerType.INSTANCE); + query.setParameter("scene", scene, IntegerType.INSTANCE); + query.setParameter("outputGranuleExtentFlag", outputGranuleExtentFlag, BooleanType.INSTANCE); + query.setParameter("outputSamplingGridType", outputSamplingGridType != null + ? outputSamplingGridType.toString() : null, StringType.INSTANCE); + query.setParameter("rasterResolution", rasterResolution, IntegerType.INSTANCE); + query.setParameter("utmZoneAdjust", utmZoneAdjust, IntegerType.INSTANCE); + query.setParameter("mgrsBandAdjust", mgrsBandAdjust, IntegerType.INSTANCE); + query.setParameter("beforeTimestamp", beforeTimestamp, LocalDateTimeType.INSTANCE); + query.setParameter("afterTimestamp", afterTimestamp, LocalDateTimeType.INSTANCE); query.setParameter("after", after, UUIDCharType.INSTANCE); query.setParameter("limit", limit, IntegerType.INSTANCE); From 40821b9cee31e656e39b7f4a0c7813f6ecbc5651 Mon Sep 17 00:00:00 2001 From: Vivian Tang Date: Sat, 15 Jun 2024 10:06:06 -0700 Subject: [PATCH 06/22] update changelog to add cache fix and filter performance improvement. --- CHANGELOG | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 50e12f4..d175746 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -9,6 +9,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - Implement permissions model #92 - As a user, I do not want to see stacktraces when errors occur #36 + - Cache Fix + Invalidate Change (#40) + - Initial filtering implementation (#41) +### Deprecated +### Removed +### Fixed +### Security ## [1.1.0] From 99c4f238210e54c07046e4fe611e6428782550ca Mon Sep 17 00:00:00 2001 From: Vivian Tang Date: Sat, 15 Jun 2024 10:08:12 -0700 Subject: [PATCH 07/22] revert Build 'n Deploy from push '*' wildcard to push branches in build.yml. --- .github/workflows/build.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9bc9d7f..115e568 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,6 +1,14 @@ name: Build 'n Deploy on: push: + branches: + - main + - develop + - 'release/**' + - 'feature/**' + - 'issue/**' + - 'issues/**' + - 'dependabot/**' tags-ignore: - '*' paths-ignore: From 1fb5e8d03b6369c72f9e65d24b073f539269ff0f Mon Sep 17 00:00:00 2001 From: Vivian Tang Date: Sat, 15 Jun 2024 10:19:36 -0700 Subject: [PATCH 08/22] fix syntax --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 115e568..3ff96db 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,5 @@ name: Build 'n Deploy + on: push: branches: From 40950a8312372819bd395c87287f643bcc5f1800 Mon Sep 17 00:00:00 2001 From: Vivian Tang Date: Sat, 15 Jun 2024 10:24:25 -0700 Subject: [PATCH 09/22] fix syntax --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3ff96db..79ccc36 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,7 +2,7 @@ name: Build 'n Deploy on: push: - branches: + branches: - main - develop - 'release/**' From c344b546234fd7de027c07d5a0a3d0ea72faf1be Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 15 Jun 2024 17:24:46 +0000 Subject: [PATCH 10/22] bump version to 1.2.0-alpha2 --- build.gradle | 2 +- bumpver.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 8f1c90f..cb56df4 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,7 @@ plugins { } group = 'gov.nasa.podaac.swodlr' -version = '1.2.0-alpha1' +version = '1.2.0-alpha2' sourceCompatibility = '17' repositories { diff --git a/bumpver.toml b/bumpver.toml index 9816041..ed33c94 100644 --- a/bumpver.toml +++ b/bumpver.toml @@ -1,5 +1,5 @@ [bumpver] -current_version = "1.2.0-alpha1" +current_version = "1.2.0-alpha2" version_pattern = "MAJOR.MINOR.PATCH[-TAGNUM]" commit = true tag = true From 51c21b7c3e9ae734a2426185c467d56fab223209 Mon Sep 17 00:00:00 2001 From: Vivian Tang Date: Sat, 15 Jun 2024 11:13:58 -0700 Subject: [PATCH 11/22] bump develop to 1.3.0-alpha0 --- build.gradle | 2 +- bumpver.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index cb56df4..a8b4777 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,7 @@ plugins { } group = 'gov.nasa.podaac.swodlr' -version = '1.2.0-alpha2' +version = '1.3.0-alpha0' sourceCompatibility = '17' repositories { diff --git a/bumpver.toml b/bumpver.toml index ed33c94..f0dbcd8 100644 --- a/bumpver.toml +++ b/bumpver.toml @@ -1,5 +1,5 @@ [bumpver] -current_version = "1.2.0-alpha2" +current_version = "1.3.0-alpha0" version_pattern = "MAJOR.MINOR.PATCH[-TAGNUM]" commit = true tag = true From 716c144a66ae4674e38e4d95854c8b6e44b5f4c2 Mon Sep 17 00:00:00 2001 From: Joshua Garde Date: Mon, 17 Jun 2024 13:59:02 -0700 Subject: [PATCH 12/22] Update graphql schema with new filtering endpoint --- src/main/resources/graphql/user.graphqls | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/main/resources/graphql/user.graphqls b/src/main/resources/graphql/user.graphqls index a694315..a89916a 100644 --- a/src/main/resources/graphql/user.graphqls +++ b/src/main/resources/graphql/user.graphqls @@ -4,7 +4,23 @@ type User { firstName: String! lastName: String! - products(after: ID, limit: Int = 10): [L2RasterProduct!]! + products( + cycle: Int, + pass: Int, + scene: Int, + outputGranuleExtentFlag: Boolean, + outputSamplingGridType: GridType, + rasterResolution: Int, + utmZoneAdjust: Int, + mgrsBandAdjust: Int, + beforeTimestamp: String, + afterTimestamp: String, + + # Pagination + after: ID, + limit: Int = 10 + ): [L2RasterProduct!]! + rasterDefinitions( id: ID, outputGranuleExtentFlag: Boolean, From c6e8bd6ea508cbac1cce278217996c2744bcb509 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 20:59:25 +0000 Subject: [PATCH 13/22] bump version to 1.3.0-alpha1 --- build.gradle | 2 +- bumpver.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index a8b4777..7e422fb 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,7 @@ plugins { } group = 'gov.nasa.podaac.swodlr' -version = '1.3.0-alpha0' +version = '1.3.0-alpha1' sourceCompatibility = '17' repositories { diff --git a/bumpver.toml b/bumpver.toml index f0dbcd8..3d4db9f 100644 --- a/bumpver.toml +++ b/bumpver.toml @@ -1,5 +1,5 @@ [bumpver] -current_version = "1.3.0-alpha0" +current_version = "1.3.0-alpha1" version_pattern = "MAJOR.MINOR.PATCH[-TAGNUM]" commit = true tag = true From 790d182a5a8c5d3e9d1aa4fd42cc5be7a31b0f12 Mon Sep 17 00:00:00 2001 From: Vivian Tang Date: Tue, 18 Jun 2024 07:01:15 -0700 Subject: [PATCH 14/22] Update content and rename CHANGELOG to CHANGELOG.md. --- CHANGELOG => CHANGELOG.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) rename CHANGELOG => CHANGELOG.md (89%) diff --git a/CHANGELOG b/CHANGELOG.md similarity index 89% rename from CHANGELOG rename to CHANGELOG.md index d175746..ad70f45 100644 --- a/CHANGELOG +++ b/CHANGELOG.md @@ -7,15 +7,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ### Added - - Implement permissions model #92 - - As a user, I do not want to see stacktraces when errors occur #36 - - Cache Fix + Invalidate Change (#40) - - Initial filtering implementation (#41) + - Update graphql schema with new filtering endpoint ### Deprecated ### Removed ### Fixed ### Security +## [1.2.0] + +### Added + - Implement permissions model #92 + - As a user, I do not want to see stacktraces when errors occur #36 + - Cache Fix + Invalidate Change (#40) + - Initial filtering implementation (#41) + ## [1.1.0] ### Added From d4138ed430b444978debb473f3fde01789e4dd23 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 18 Jun 2024 14:01:36 +0000 Subject: [PATCH 15/22] bump version to 1.3.0-alpha2 --- build.gradle | 2 +- bumpver.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 7e422fb..ef1f47b 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,7 @@ plugins { } group = 'gov.nasa.podaac.swodlr' -version = '1.3.0-alpha1' +version = '1.3.0-alpha2' sourceCompatibility = '17' repositories { diff --git a/bumpver.toml b/bumpver.toml index 3d4db9f..cc21db1 100644 --- a/bumpver.toml +++ b/bumpver.toml @@ -1,5 +1,5 @@ [bumpver] -current_version = "1.3.0-alpha1" +current_version = "1.3.0-alpha2" version_pattern = "MAJOR.MINOR.PATCH[-TAGNUM]" commit = true tag = true From 450cd7f912ad87c72aa5bdd4ef07147b57f05b8c Mon Sep 17 00:00:00 2001 From: Joshua Garde Date: Thu, 20 Jun 2024 08:57:50 -0700 Subject: [PATCH 16/22] Hotfix product filtering --- .../swodlr/l2rasterproduct/L2RasterProductQueryImpl.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQueryImpl.java b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQueryImpl.java index 7c04217..ba6d604 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQueryImpl.java +++ b/src/main/java/gov/nasa/podaac/swodlr/l2rasterproduct/L2RasterProductQueryImpl.java @@ -68,8 +68,8 @@ public List findByUser( JOIN \"ProductHistory\" ON \"ProductHistory\".\"rasterProductId\" = \"L2RasterProducts\".id WHERE (:cycle is NULL OR \"cycle\" = :cycle) AND - (:pass is NULL OR \"cycle\" = :pass) AND - (:scene is NULL OR \"cycle\" = :scene) AND + (:pass is NULL OR \"pass\" = :pass) AND + (:scene is NULL OR \"scene\" = :scene) AND (:outputGranuleExtentFlag is NULL OR \"outputGranuleExtentFlag\" = :outputGranuleExtentFlag) AND (:outputSamplingGridType is NULL OR \"outputSamplingGridType\" = :outputSamplingGridType) AND (:rasterResolution is NULL OR \"rasterResolution\" = :rasterResolution) AND From 4a93a48efe64a7bc3ed8be51799b0cbd21c406de Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 20 Jun 2024 23:32:48 +0000 Subject: [PATCH 17/22] bump version to 1.3.0-alpha3 --- build.gradle | 2 +- bumpver.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index ef1f47b..37bc45f 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,7 @@ plugins { } group = 'gov.nasa.podaac.swodlr' -version = '1.3.0-alpha2' +version = '1.3.0-alpha3' sourceCompatibility = '17' repositories { diff --git a/bumpver.toml b/bumpver.toml index cc21db1..16895a1 100644 --- a/bumpver.toml +++ b/bumpver.toml @@ -1,5 +1,5 @@ [bumpver] -current_version = "1.3.0-alpha2" +current_version = "1.3.0-alpha3" version_pattern = "MAJOR.MINOR.PATCH[-TAGNUM]" commit = true tag = true From f47a697145824dc9fbf9b33350b965717f3f7359 Mon Sep 17 00:00:00 2001 From: Joshua Garde Date: Thu, 27 Jun 2024 13:55:13 -0700 Subject: [PATCH 18/22] Introduce per-environment JWKS paths --- .../podaac/swodlr/security/SwodlrSecurityProperties.java | 7 +++++++ .../podaac/swodlr/security/config/WebSecurityConfig.java | 2 +- terraform/app.tf | 8 +++++++- terraform/environments/ops.env | 3 ++- terraform/environments/sit.env | 1 + terraform/environments/uat.env | 1 + terraform/variables.tf | 4 ++++ 7 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/main/java/gov/nasa/podaac/swodlr/security/SwodlrSecurityProperties.java b/src/main/java/gov/nasa/podaac/swodlr/security/SwodlrSecurityProperties.java index ac4b190..86bf63b 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/security/SwodlrSecurityProperties.java +++ b/src/main/java/gov/nasa/podaac/swodlr/security/SwodlrSecurityProperties.java @@ -17,6 +17,7 @@ public class SwodlrSecurityProperties { private final JWEDecrypter decrypter; private final Duration sessionLength; private final String edlBaseUrl; + private final String edlJwksPath; private final String edlClientId; private final String edlClientSecret; @@ -31,6 +32,7 @@ public SwodlrSecurityProperties( String sessionEncryptionKey, Duration sessionLength, String edlBaseUrl, + String edlJwksPath, String edlClientId, String edlClientSecret ) { @@ -49,6 +51,7 @@ public SwodlrSecurityProperties( this.sessionLength = sessionLength; this.edlBaseUrl = edlBaseUrl; + this.edlJwksPath = edlJwksPath; this.edlClientId = edlClientId; this.edlClientSecret = edlClientSecret; } @@ -69,6 +72,10 @@ public String edlBaseUrl() { return edlBaseUrl; } + public String edlJwksPath() { + return edlJwksPath; + } + public String edlClientId() { return edlClientId; } diff --git a/src/main/java/gov/nasa/podaac/swodlr/security/config/WebSecurityConfig.java b/src/main/java/gov/nasa/podaac/swodlr/security/config/WebSecurityConfig.java index 54760c1..47be037 100644 --- a/src/main/java/gov/nasa/podaac/swodlr/security/config/WebSecurityConfig.java +++ b/src/main/java/gov/nasa/podaac/swodlr/security/config/WebSecurityConfig.java @@ -36,7 +36,7 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { .oauth2ResourceServer((resourceServer) -> { resourceServer.jwt((jwt) -> { ReactiveJwtDecoder jwtDecoder = new NimbusReactiveJwtDecoder( - securityProperties.edlBaseUrl() + "/export_edl_jwks" + securityProperties.edlBaseUrl() + securityProperties.edlJwksPath() ); jwt diff --git a/terraform/app.tf b/terraform/app.tf index 2ad29b0..912524a 100644 --- a/terraform/app.tf +++ b/terraform/app.tf @@ -152,12 +152,18 @@ resource "aws_ssm_parameter" "app_db_password" { value = aws_ssm_parameter.db_app_password.value } -resource "aws_ssm_parameter" "app_edl_base_path" { +resource "aws_ssm_parameter" "app_edl_base_url" { name = "${local.app_path}/swodlr.security.edl-base-url" type = "String" value = var.edl_base_url } +resource "aws_ssm_parameter" "app_edl_jwks_path" { + name = "${local.app_path}/swodlr.security.edl-jwks-path" + type = "String" + value = var.edl_jwks_path +} + resource "aws_ssm_parameter" "app_edl_client_id" { name = "${local.app_path}/swodlr.security.edl-client-id" type = "String" diff --git a/terraform/environments/ops.env b/terraform/environments/ops.env index b383f5e..613b680 100644 --- a/terraform/environments/ops.env +++ b/terraform/environments/ops.env @@ -3,4 +3,5 @@ export BUCKET=podaac-services-ops-terraform export TF_VAR_container_image_tag=main export TF_VAR_active_profiles="[\"\"]" -export TF_VAR_tea_mapping="{\"podaac-swot-ops-swodlr-protected\"=\"archive.swot.podaac.earthdata.nasa.gov\"}" \ No newline at end of file +export TF_VAR_tea_mapping="{\"podaac-swot-ops-swodlr-protected\"=\"archive.swot.podaac.earthdata.nasa.gov\"}" +export TF_VAR_edl_jwks_path=".well-known/edl_ops_jwks.json" diff --git a/terraform/environments/sit.env b/terraform/environments/sit.env index 0cf1ed5..f3cf624 100644 --- a/terraform/environments/sit.env +++ b/terraform/environments/sit.env @@ -4,3 +4,4 @@ export BUCKET=podaac-services-sit-terraform export TF_VAR_container_image_tag=develop export TF_VAR_active_profiles="[\"dev\"]" export TF_VAR_tea_mapping="{\"podaac-swot-sit-swodlr-protected\"=\"archive.swot.podaac.sit.earthdata.nasa.gov\"}" +export TF_VAR_edl_jwks_path=".well-known/edl_sit_jwks.json" diff --git a/terraform/environments/uat.env b/terraform/environments/uat.env index dc48bb7..8bd65ff 100644 --- a/terraform/environments/uat.env +++ b/terraform/environments/uat.env @@ -4,3 +4,4 @@ export BUCKET=podaac-services-uat-terraform export TF_VAR_container_image_tag=develop export TF_VAR_active_profiles="[\"\"]" export TF_VAR_tea_mapping="{\"podaac-swot-uat-swodlr-protected\"=\"archive.swot.podaac.uat.earthdata.nasa.gov\"}" +export TF_VAR_edl_jwks_path=".well-known/edl_uat_jwks.json" diff --git a/terraform/variables.tf b/terraform/variables.tf index 82e35f8..3b98914 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -44,6 +44,10 @@ variable "edl_base_url" { type = string } +variable "edl_jwks_path" { + type = string +} + variable "edl_client_id" { type = string } From 213842b1cc7a52dae1fe6fd4b7e704b7dd181adb Mon Sep 17 00:00:00 2001 From: Joshua Garde Date: Thu, 27 Jun 2024 13:57:26 -0700 Subject: [PATCH 19/22] Switch all envs to use OPS keys --- terraform/environments/sit.env | 2 +- terraform/environments/uat.env | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/sit.env b/terraform/environments/sit.env index f3cf624..b029271 100644 --- a/terraform/environments/sit.env +++ b/terraform/environments/sit.env @@ -4,4 +4,4 @@ export BUCKET=podaac-services-sit-terraform export TF_VAR_container_image_tag=develop export TF_VAR_active_profiles="[\"dev\"]" export TF_VAR_tea_mapping="{\"podaac-swot-sit-swodlr-protected\"=\"archive.swot.podaac.sit.earthdata.nasa.gov\"}" -export TF_VAR_edl_jwks_path=".well-known/edl_sit_jwks.json" +export TF_VAR_edl_jwks_path=".well-known/edl_ops_jwks.json" diff --git a/terraform/environments/uat.env b/terraform/environments/uat.env index 8bd65ff..333d0b6 100644 --- a/terraform/environments/uat.env +++ b/terraform/environments/uat.env @@ -4,4 +4,4 @@ export BUCKET=podaac-services-uat-terraform export TF_VAR_container_image_tag=develop export TF_VAR_active_profiles="[\"\"]" export TF_VAR_tea_mapping="{\"podaac-swot-uat-swodlr-protected\"=\"archive.swot.podaac.uat.earthdata.nasa.gov\"}" -export TF_VAR_edl_jwks_path=".well-known/edl_uat_jwks.json" +export TF_VAR_edl_jwks_path=".well-known/edl_ops_jwks.json" From 02d97792e2d51a7cb418c1d4e2d6d9fbb3fd8963 Mon Sep 17 00:00:00 2001 From: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Date: Thu, 27 Jun 2024 15:03:54 -0700 Subject: [PATCH 20/22] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ec4e75..b1eb792 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed ### Security +## [1.2.1] +### Fixed + - [swodlr/issues/147](https://github.com/podaac/swodlr/issues/147) - Update EDL public JWKS endpoints + ## [1.2.0] From 703c11e69319fcf3b056eb8cdcb4d1f668a4b1d8 Mon Sep 17 00:00:00 2001 From: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Date: Thu, 27 Jun 2024 15:04:11 -0700 Subject: [PATCH 21/22] Update bumpver.toml --- bumpver.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bumpver.toml b/bumpver.toml index 16895a1..4db266a 100644 --- a/bumpver.toml +++ b/bumpver.toml @@ -1,5 +1,5 @@ [bumpver] -current_version = "1.3.0-alpha3" +current_version = "1.2.1-rc0" version_pattern = "MAJOR.MINOR.PATCH[-TAGNUM]" commit = true tag = true From 0180a0cd9e093c63e5dcb328fef99c04f609966a Mon Sep 17 00:00:00 2001 From: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Date: Thu, 27 Jun 2024 15:04:21 -0700 Subject: [PATCH 22/22] Update build.gradle --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 37bc45f..0689294 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,7 @@ plugins { } group = 'gov.nasa.podaac.swodlr' -version = '1.3.0-alpha3' +version = '1.2.1-rc0' sourceCompatibility = '17' repositories {