Merge pull request #109 from icgc-argo/rc/2.5.0

Rc/2.5.0
icgc-argo · Nov 30, 2020 · e3127f7 · e3127f7
2 parents d22c920 + 0b00dbd
commit e3127f7
Show file tree

Hide file tree

Showing 10 changed files with 63 additions and 54 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -1,6 +1,6 @@
-def dockerHubRepo = "icgcargo/workflow-search"
+def dockerRepo = "ghcr.io/icgc-argo/workflow-search"
 def githubRepo = "icgc-argo/workflow-search"
-def chartVersion = "0.2.0"
+def chartVersion = "0.3.0"
 def commit = "UNKNOWN"
 def version = "UNKNOWN"
 
@@ -69,15 +69,15 @@ spec:
                 }
                 steps {
                     container('docker') {
-                        withCredentials([usernamePassword(credentialsId:'argoDockerHub', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
-                            sh 'docker login -u $USERNAME -p $PASSWORD'
+                        withCredentials([usernamePassword(credentialsId:'argoContainers', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
+                            sh 'docker login ghcr.io -u $USERNAME -p $PASSWORD'
                         }
 
                         // DNS error if --network is default
-                        sh "docker build --network=host . -t icgcargo/workflow-search:edge -t icgcargo/workflow-search:${version}-${commit}"
+                        sh "docker build --network=host . -t ${dockerRepo}:edge -t ${dockerRepo}:${version}-${commit}"
 
-                        sh "docker push icgcargo/workflow-search:${version}-${commit}"
-                        sh "docker push icgcargo/workflow-search:edge"
+                        sh "docker push ${dockerRepo}:${version}-${commit}"
+                        sh "docker push ${dockerRepo}:edge"
                     }
                 }
             }
@@ -93,10 +93,10 @@ spec:
                         [$class: 'StringParameterValue', name: 'AP_HELM_CHART_VERSION', value: "${chartVersion}"],
                         [$class: 'StringParameterValue', name: 'AP_ARGS_LINE', value: "--set-string image.tag=${version}-${commit}" ]
                     ])
-                    sleep(time:30,unit:"SECONDS")
-                    build(job: "/provision/rdpc-gateway-restart", parameters: [
-                        [$class: 'StringParameterValue', name: 'AP_RDPC_ENV', value: 'dev' ],
-                    ])
+                    // sleep(time:30,unit:"SECONDS")
+                    // build(job: "/provision/rdpc-gateway-restart", parameters: [
+                    //     [$class: 'StringParameterValue', name: 'AP_RDPC_ENV', value: 'dev' ],
+                    // ])
                 }
             }
             stage('Release & Tag') {
@@ -110,15 +110,15 @@ spec:
                           sh "git push https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/icgc-argo/workflow-search --tags"
                         }
 
-                        withCredentials([usernamePassword(credentialsId:'argoDockerHub', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
-                            sh 'docker login -u $USERNAME -p $PASSWORD'
+                        withCredentials([usernamePassword(credentialsId:'argoContainers', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
+                            sh 'docker login ghcr.io -u $USERNAME -p $PASSWORD'
                         }
 
                         // DNS error if --network is default
-                        sh "docker build --network=host . -t icgcargo/workflow-search:latest -t icgcargo/workflow-search:${version}"
+                        sh "docker build --network=host . -t ${dockerRepo}:latest -t ${dockerRepo}:${version}"
 
-                        sh "docker push icgcargo/workflow-search:${version}"
-                        sh "docker push icgcargo/workflow-search:latest"
+                        sh "docker push ${dockerRepo}:${version}"
+                        sh "docker push ${dockerRepo}:latest"
                     }
                 }
             }
@@ -134,10 +134,10 @@ spec:
                         [$class: 'StringParameterValue', name: 'AP_HELM_CHART_VERSION', value: "${chartVersion}"],
                         [$class: 'StringParameterValue', name: 'AP_ARGS_LINE', value: "--set-string image.tag=${version}" ]
                     ])
-                    sleep(time:30,unit:"SECONDS")
-                    build(job: "/provision/rdpc-gateway-restart", parameters: [
-                        [$class: 'StringParameterValue', name: 'AP_RDPC_ENV', value: 'qa' ],
-                    ])
+                    // sleep(time:30,unit:"SECONDS")
+                    // build(job: "/provision/rdpc-gateway-restart", parameters: [
+                    //     [$class: 'StringParameterValue', name: 'AP_RDPC_ENV', value: 'qa' ],
+                    // ])
                 }
             }
         }

diff --git a/pom.xml b/pom.xml
@@ -10,7 +10,7 @@
     </parent>
     <groupId>org.icgc_argo</groupId>
     <artifactId>workflow-search</artifactId>
-    <version>2.4.0</version>
+    <version>2.5.0</version>
     <name>workflow-search</name>
     <description>Demo project for Spring Boot</description>
 

diff --git a/src/main/java/org/icgc_argo/workflow/search/config/websecurity/AuthEnabledConfig.java b/src/main/java/org/icgc_argo/workflow/search/config/websecurity/AuthEnabledConfig.java
@@ -71,12 +71,19 @@ public AuthEnabledConfig(AuthProperties authProperties, ResourceLoader resourceL
     }
 
     @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    public void configure(HttpSecurity http) throws Exception {
         http
                 .csrf().disable()
                 .authorizeRequests()
                 .antMatchers("/graphql/**").permitAll()
                 .antMatchers("/actuator/**").permitAll()
+                .antMatchers("/runs/**").permitAll()
+                .antMatchers("/v2/api-docs",
+                "/configuration/ui",
+                "/swagger-resources/**",
+                "/configuration/security",
+                "/swagger-ui.html",
+                "/webjars/**").permitAll()
             .and()
                 .authorizeRequests()
                 .anyRequest().authenticated()
@@ -86,6 +93,27 @@ protected void configure(HttpSecurity http) throws Exception {
                 .jwtAuthenticationConverter(grantedAuthoritiesExtractor());
     }
 
+    @Bean
+    public Function<Authentication, Boolean> queryScopeChecker() {
+        val expectedScopes = Lists.newArrayList(
+                Iterables.concat(
+                        authProperties.getGraphqlScopes().getQueryOnly(),
+                        authProperties.getGraphqlScopes().getQueryAndMutation()
+                ));
+
+        return authentication -> {
+            val scopes =
+                    authentication.getAuthorities().stream()
+                            .map(Objects::toString)
+                            .collect(toUnmodifiableList());
+
+            val foundScopes =
+                    scopes.stream().filter(expectedScopes::contains).collect(toUnmodifiableList());
+
+            return foundScopes.size() > 0;
+        };
+    }
+
     private Converter<Jwt, AbstractAuthenticationToken> grantedAuthoritiesExtractor() {
         JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
         jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(this.jwtToGrantedAuthoritiesConverter);
@@ -151,25 +179,4 @@ private String fetchJWTPublicKey(String publicKeyUrl) {
         reader.lines().forEach(stringBuilder::append);
         return stringBuilder.toString();
     }
-
-    @Bean
-    public Function<Authentication, Boolean> queryScopeChecker() {
-        val expectedScopes = Lists.newArrayList(
-                Iterables.concat(
-                        authProperties.getGraphqlScopes().getQueryOnly(),
-                        authProperties.getGraphqlScopes().getQueryAndMutation()
-                ));
-
-        return authentication -> {
-            val scopes =
-                    authentication.getAuthorities().stream()
-                            .map(Objects::toString)
-                            .collect(toUnmodifiableList());
-
-            val foundScopes =
-                    scopes.stream().filter(expectedScopes::contains).collect(toUnmodifiableList());
-
-            return foundScopes.size() > 0;
-        };
-    }
 }
diff --git a/src/main/java/org/icgc_argo/workflow/search/graphql/EntityDataFetchers.java b/src/main/java/org/icgc_argo/workflow/search/graphql/EntityDataFetchers.java
@@ -34,7 +34,7 @@
 import org.icgc_argo.workflow.search.model.graphql.Analysis;
 import org.icgc_argo.workflow.search.model.graphql.Run;
 import org.icgc_argo.workflow.search.model.graphql.Workflow;
-import org.icgc_argo.workflow.search.service.RunService;
+import org.icgc_argo.workflow.search.service.graphql.RunService;
 import org.springframework.stereotype.Component;
 
 @Slf4j

diff --git a/src/main/java/org/icgc_argo/workflow/search/graphql/RunDataFetchers.java b/src/main/java/org/icgc_argo/workflow/search/graphql/RunDataFetchers.java
@@ -26,7 +26,7 @@
 import lombok.val;
 import org.icgc_argo.workflow.search.model.graphql.Run;
 import org.icgc_argo.workflow.search.model.graphql.Task;
-import org.icgc_argo.workflow.search.service.RunService;
+import org.icgc_argo.workflow.search.service.graphql.RunService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 

diff --git a/src/main/java/org/icgc_argo/workflow/search/graphql/TaskDataFetchers.java b/src/main/java/org/icgc_argo/workflow/search/graphql/TaskDataFetchers.java
@@ -24,7 +24,7 @@
 import lombok.val;
 import org.icgc_argo.workflow.search.model.graphql.Run;
 import org.icgc_argo.workflow.search.model.graphql.Task;
-import org.icgc_argo.workflow.search.service.TaskService;
+import org.icgc_argo.workflow.search.service.graphql.TaskService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 

diff --git a/...rkflow/search/service/HasQueryAccess.java → ...h/service/annotations/HasQueryAccess.java b/...rkflow/search/service/HasQueryAccess.java → ...h/service/annotations/HasQueryAccess.java
@@ -19,7 +19,7 @@
  *
  */
 
-package org.icgc_argo.workflow.search.service;
+package org.icgc_argo.workflow.search.service.annotations;
 
 import org.springframework.security.access.prepost.PreAuthorize;
 
@@ -28,5 +28,5 @@
 
 @Retention(RetentionPolicy.RUNTIME)
 @PreAuthorize("@queryScopeChecker.apply(authentication)")
-@interface HasQueryAccess {
+public @interface HasQueryAccess {
 }
diff --git a/...o/workflow/search/service/RunService.java → ...ow/search/service/graphql/RunService.java b/...o/workflow/search/service/RunService.java → ...ow/search/service/graphql/RunService.java
@@ -16,12 +16,13 @@
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-package org.icgc_argo.workflow.search.service;
+package org.icgc_argo.workflow.search.service.graphql;
 
 import lombok.val;
 import org.elasticsearch.search.SearchHit;
 import org.icgc_argo.workflow.search.model.graphql.Run;
 import org.icgc_argo.workflow.search.repository.RunRepository;
+import org.icgc_argo.workflow.search.service.annotations.HasQueryAccess;
 import org.springframework.stereotype.Service;
 
 import java.util.Arrays;
@@ -33,6 +34,7 @@
 import static org.icgc_argo.workflow.search.model.SearchFields.RUN_ID;
 
 @Service
+@HasQueryAccess
 public class RunService {
 
   private final RunRepository runRepository;
@@ -46,21 +48,18 @@ private static Run hitToRun(SearchHit hit) {
     return Run.parse(sourceMap);
   }
 
-  @HasQueryAccess
   public List<Run> getRuns(Map<String, Object> filter, Map<String, Integer> page) {
     val response = runRepository.getRuns(filter, page);
     val hitStream = Arrays.stream(response.getHits().getHits());
     return hitStream.map(RunService::hitToRun).collect(toUnmodifiableList());
   }
 
-  @HasQueryAccess
   public Run getRunByRunId(String runId) {
     val response = runRepository.getRuns(Map.of(RUN_ID, runId), null);
     val runOpt = Arrays.stream(response.getHits().getHits()).map(RunService::hitToRun).findFirst();
     return runOpt.orElse(null);
   }
 
-  @HasQueryAccess
   public List<Run> getRunByAnalysisId(String analysisId) {
     val response = runRepository.getRuns(Map.of(ANALYSIS_ID, analysisId), null);
     val hitStream = Arrays.stream(response.getHits().getHits());

diff --git a/.../workflow/search/service/TaskService.java → ...w/search/service/graphql/TaskService.java b/.../workflow/search/service/TaskService.java → ...w/search/service/graphql/TaskService.java
@@ -16,7 +16,7 @@
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-package org.icgc_argo.workflow.search.service;
+package org.icgc_argo.workflow.search.service.graphql;
 
 import static java.util.stream.Collectors.toUnmodifiableList;
 
@@ -28,9 +28,11 @@
 import org.elasticsearch.search.SearchHit;
 import org.icgc_argo.workflow.search.model.graphql.Task;
 import org.icgc_argo.workflow.search.repository.TaskRepository;
+import org.icgc_argo.workflow.search.service.annotations.HasQueryAccess;
 import org.springframework.stereotype.Service;
 
 @Service
+@HasQueryAccess
 public class TaskService {
 
   private final TaskRepository taskRepository;
@@ -39,7 +41,6 @@ public TaskService(TaskRepository taskRepository) {
     this.taskRepository = taskRepository;
   }
 
-  @HasQueryAccess
   public List<Task> getTasks(String runId, Map<String, Object> filter, Map<String, Integer> page) {
     val mergedBuilder = ImmutableMap.<String, Object>builder();
     if (runId != null) {

diff --git a/src/main/java/org/icgc_argo/workflow/search/service/wes/WesRunService.java b/src/main/java/org/icgc_argo/workflow/search/service/wes/WesRunService.java
@@ -43,6 +43,7 @@
 import org.icgc_argo.workflow.search.index.model.WorkflowDocument;
 import org.icgc_argo.workflow.search.model.exceptions.NotFoundException;
 import org.icgc_argo.workflow.search.model.wes.*;
+import org.icgc_argo.workflow.search.service.annotations.HasQueryAccess;
 import org.icgc_argo.workflow.search.util.Converter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
@@ -63,6 +64,7 @@
 
 @Slf4j
 @Service
+@HasQueryAccess
 public class WesRunService {
 
   private final RestHighLevelClient client;