Merge pull request #932 from tmobile/develop

Release v1.15 - Manage ACL for Jazz services

.travis.yml

@@ -2,6 +2,7 @@ language: node_js
 node_js:
  - "node"
 env:
+ - PLATFORM_SERVICE=core/jazz_acl
  - PLATFORM_SERVICE=core/jazz_admin
  - PLATFORM_SERVICE=core/jazz_asset-event-handler
  - PLATFORM_SERVICE=core/jazz_assets
@@ -18,9 +19,9 @@ env:
  - PLATFORM_SERVICE=core/jazz_is-service-available
  - PLATFORM_SERVICE=core/jazz_is-slack-channel-available
  - PLATFORM_SERVICE=core/jazz_login
- - PLATFORM_SERVICE=core/jazz_logout 
- - PLATFORM_SERVICE=core/jazz_logs 
- - PLATFORM_SERVICE=core/jazz_metrics 
+ - PLATFORM_SERVICE=core/jazz_logout
+ - PLATFORM_SERVICE=core/jazz_logs
+ - PLATFORM_SERVICE=core/jazz_metrics
  - PLATFORM_SERVICE=core/jazz_scm-webhook
  - PLATFORM_SERVICE=core/jazz_services
  - PLATFORM_SERVICE=core/jazz_services-handler
@@ -31,5 +32,5 @@ env:
 
 before_script:
   - npm prune
-  
+
 script: cd $PLATFORM_SERVICE && npm install && npm test

builds/delete-serverless-service-build-pack/Jenkinsfile

@@ -23,6 +23,7 @@ import groovy.json.JsonSlurperClassic
 @Field def sonarModule
 @Field def apigeeModule
 @Field def lambdaEvents
+@Field def aclModule
 
 @Field def g_base_url = ''
 @Field def g_svc_admin_cred_ID = 'SVC_ADMIN'
@@ -261,12 +262,24 @@ node {
 
 	if (is_service_deletion) {
 		stage('Cleanup SCM') {
+			events.sendStartedEvent('REMOVE_POLICIES_AND_REPO_PERMISSIONS', "Remove policies and repo write permission of service_id: " + service_config['service_id'] + " started", null, "prod")
+			deletePolicies(service_config['service_id'], auth_token, "${g_base_url}/jazz/acl/policies")
+			events.sendCompletedEvent('REMOVE_POLICIES_AND_REPO_PERMISSIONS', "Remove policies and repo write permission of service_id: " + service_config['service_id'] + " completed", null, "prod")
 			cleanup(repo_name)
 			events.sendCompletedEvent('DELETE_PROJECT', 'deletion completed', context_map)
 		}
 	}
 }
 
+def deletePolicies(serviceId, authToken, aclUrl) {
+	try {
+		aclModule.deletePolicies(serviceId, authToken, aclUrl)
+	} catch(ex) {
+		echo "ex: $ex"
+		events.sendFailureEvent('REMOVE_POLICIES_AND_REPO_PERMISSIONS', ex.getMessage(), context_map)
+	}
+}
+
 def cleanupEventSourceMapping(env) {
   def lambda_arn = "arn:aws:lambda:${configLoader.AWS.REGION}:${configLoader.AWS.ACCOUNTID}:function:${configLoader.INSTANCE_PREFIX}-${service_config['domain']}-${service_config['service']}-${env}"
   def assets_api = g_base_url + "/jazz/assets"
@@ -489,9 +502,8 @@ def updateSwaggerConfig() {
  * @return
  */
 def cleanup(repoName) {
-
 	try {
-		scmModule.deleteProject(repoName)
+    	scmModule.deleteProject(repoName)
 		send_status_email("COMPLETED")
 	} catch (ex) {
 		events.sendFailureEvent('DELETE_PROJECT', ex.getMessage(), context_map)
@@ -1232,6 +1244,8 @@ def loadBuildModules(buildModuleUrl){
     lambdaEvents.initialize(configLoader, utilModule)
     echo "Lambda event module loaded successfully."
 
+		aclModule = load "acl-module.groovy"
+		echo "ACL module loaded successfully."
 	}
 }
 

builds/jazz-build-module/acl-module.groovy

@@ -0,0 +1,81 @@
+#!groovy?
+import groovy.json.JsonSlurperClassic
+import groovy.json.JsonOutput
+
+def updateServiceACL(serviceId, auth_token, aclUrl, user) {
+	try {
+		def categoryList = ['manage','code', 'deploy']
+		def policiesList = []
+
+		for (category in categoryList) {
+			def permission = 'write';
+			if(category == 'manage') permission = 'admin'
+			def eachPolicy = [
+				userId: user,
+				permission: permission,
+				category: category
+			]
+			policiesList.add(eachPolicy)
+		}
+		echo "policiesList: $policiesList"
+
+		def body = JsonOutput.toJson([
+			serviceId: serviceId,
+			policies: policiesList
+		]);
+		def updatePermission = sh(script: "curl POST \
+					${aclUrl} \
+					-k -v -H \"Authorization: $auth_token\" \
+          -H \"Jazz-Service-ID: ${serviceId}\" \
+					-H \"Content-Type: application/json\" \
+					-d \'${body}\'", returnStdout: true).trim()
+		def responseJSON = parseJson(updatePermission)
+
+		if (responseJSON && responseJSON.data && responseJSON.data instanceof Object && responseJSON.data.success == true) {
+			echo "Successfully updated service policies."
+		} else {
+			echo "Something went wrong while updating service policies. Error: ${responseJSON.data}"
+			error responseJSON.data
+		}
+	} catch (ex) {
+    echo "ex: $ex"
+    error ex.getMessage()
+  }
+}
+
+
+def deletePolicies(serviceId, auth_token, aclUrl) {
+	try {
+		def body = JsonOutput.toJson([
+			serviceId: serviceId,
+			policies: []
+		]);
+		def updatePermission = sh(script: "curl POST \
+				${aclUrl} \
+				-k -v -H \"Authorization: $auth_token\" \
+        -H \"Jazz-Service-ID: ${serviceId}\" \
+				-H \"Content-Type: application/json\" \
+				-d \'${body}\'", returnStdout: true).trim()
+		def responseJSON = parseJson(updatePermission)
+
+		if (responseJSON && responseJSON.data && responseJSON.data instanceof Object && responseJSON.data.success == true) {
+			echo "Successfully deleted service policies."
+		} else {
+			echo "Something went wrong while deleting service policies. Error: ${responseJSON.data}"
+			error responseJSON.data
+		}
+	} catch(ex) {
+		echo "ex: $ex"
+		error ex.getMessage()
+	}
+}
+
+@NonCPS
+def parseJson(jsonString) {
+	def lazyMap = new groovy.json.JsonSlurperClassic().parseText(jsonString)
+	def m = [:]
+	m.putAll(lazyMap)
+	return m
+}
+
+return this

builds/jazz-build-module/aws-apigateway-module.groovy

@@ -1,49 +1,78 @@
 #!groovy
 import groovy.transform.Field
+import groovy.json.JsonSlurperClassic
 
 echo "aws-apigateway.groovy module loaded successfully"
 
 @Field def genericAmazonIntegration
 @Field def optionsAmazonIntegration
 
 def initialize() {
-    genericAmazonIntegration = readFile("aws/apigateway-lambda-integration-specs/amazon-swagger-spec-generic.txt");
-    optionsAmazonIntegration = readFile("aws/apigateway-lambda-integration-specs/amazon-swagger-spec-options.txt");
+  genericAmazonIntegration = readFile("aws/apigateway-lambda-integration-specs/amazon-swagger-spec-generic.txt");
+  optionsAmazonIntegration = readFile("aws/apigateway-lambda-integration-specs/amazon-swagger-spec-options.txt");
 }
 
 def writeTempFiles() {
-    writeFile file: 'optionsSpecTemp.txt', text: optionsAmazonIntegration;
-    writeFile file: 'genericSpecTemp.txt', text: genericAmazonIntegration;
+  writeFile file: 'optionsSpecTemp.txt', text: optionsAmazonIntegration;
+  writeFile file: 'genericSpecTemp.txt', text: genericAmazonIntegration;
 }
 
 def addApigatewayLambdaIntegration(filePath) {
-    try {
-        writeTempFiles();
-        def httpVerbs = ['get', 'post', 'delete', 'put', 'connect', 'head', 'options', 'patch', 'trace'];
-        for (verb in httpVerbs) {
-            injectLambdaIntegration(verb, filePath);
-        }
-    } catch (ex) {
-        echo "error in lambda integration"
-        error ex.getMessage();
-    } finally {
-        if (fileExists('optionsSpecTemp.txt')) {
-            sh "rm -rf optionsSpecTemp.txt"
-        }
-        if (fileExists('genericSpecTemp.txt')) {
-            sh "rm -rf genericSpecTemp.txt"
+  try {
+    writeTempFiles();
+    FindUserDefinedIntegrationSpec(filePath)
+  } catch (ex) {
+    echo "error in lambda integration"
+    error ex.getMessage();
+  } finally {
+    if (fileExists('optionsSpecTemp.txt')) {
+      sh "rm -rf optionsSpecTemp.txt"
+    }
+    if (fileExists('genericSpecTemp.txt')) {
+      sh "rm -rf genericSpecTemp.txt"
+    }
+  }
+}
+
+// Find user defined 'x-amazon-apigateway-integration' for each method, if doesn't exist inject default one.
+def FindUserDefinedIntegrationSpec(filePath) {
+  try {
+    def swaggerStr = readFile(filePath).trim()
+    def parsed_json = parseJson(swaggerStr)
+    def keys = parsed_json.keySet() as String[];
+    def keys_of_paths = parsed_json.paths.keySet();
+
+    for (key_of_a_path in keys_of_paths) {
+      def methods_of_each_path = parsed_json.paths[key_of_a_path].keySet()
+      for (method in methods_of_each_path) {
+        def temp = parsed_json.paths[key_of_a_path][method]
+        if (!temp["x-amazon-apigateway-integration"]) {
+          echo "x-amazon-apigateway-integration does not exist."
+          injectLambdaIntegration(method, filePath);
         }
+      }
     }
+  } catch (ex) {
+    echo " FindUserDefinedIntegrationSpec :::: Error occurred " + ex.getMessage()
+    error " FindUserDefinedIntegrationSpec :::: Error occurred " + ex.getMessage()
+  }
+}
+
+@NonCPS
+def parseJson(jsonString) {
+  def lazyMap = new groovy.json.JsonSlurperClassic().parseText(jsonString)
+  def m = [: ]
+  m.putAll(lazyMap)
+  return m
 }
 
 def injectLambdaIntegration(method, filePath) {
-
-    echo "Injecting Amazon Api Gateway lambda integration spec"
-    if (method == 'options') {
-        sh  "sed -i '/\"$method\":.*{/ r optionsSpecTemp.txt' $filePath"
-    } else {
-        sh  "sed -i '/\"$method\":.*{/ r genericSpecTemp.txt' $filePath"
-    }
+  echo "Injecting Amazon Api Gateway lambda integration spec"
+  if (method == 'options') {
+    sh "sed -i '/\"$method\":.*{/ r optionsSpecTemp.txt' $filePath"
+  } else {
+    sh "sed -i '/\"$method\":.*{/ r genericSpecTemp.txt' $filePath"
+  }
 }
 
-return this;
+return this;

builds/jazz-build-module/environment-deployment-metadata-loader.groovy

@@ -39,8 +39,12 @@ def initialize(serviceConfig, configLoader, scmMdule, branch, buildUrl, buildId,
 
 def getEnvironmentLogicalId() {
 	if (g_environment_logical_id == null && g_service_config['domain'] != "jazz") {
-		def getEnvironments = sh(script: "curl -H \"Content-type: application/json\" -H \"Authorization:\"$g_login_token -X GET \"${g_environment_api}?service=${g_service_config['service']}&domain=${g_service_config['domain']}\" ", returnStdout: true).trim()
-		def environmentOutput
+		def getEnvironments = sh(script: "curl -H \"Content-type: application/json\" \
+     -H \"Jazz-Service-ID: ${g_service_config['service_id']}\" \
+     -H \"Authorization: $g_login_token \" \
+     -X GET \"${g_environment_api}?service=${g_service_config['service']}&domain=${g_service_config['domain']}\" ", returnStdout: true).trim()
+
+  	def environmentOutput
 		def environment_logical_id
 		if (getEnvironments != null) {
 			try {
@@ -68,8 +72,12 @@ def getEnvironmentLogicalId() {
 
 def getEnvironmentInfo() {
 	if (g_service_config['domain'] != "jazz") {
-		def getEnvironments = sh(script: "curl -H \"Content-type: application/json\" -H \"Authorization:\"$g_login_token -X GET \"${g_environment_api}?service=${g_service_config['service']}&domain=${g_service_config['domain']}\" ", returnStdout: true).trim()
-		def environmentOutput
+		def getEnvironments = sh(script: "curl -H \"Content-type: application/json\" \
+     -H \"Jazz-Service-ID: ${g_service_config['service_id']}\" \
+     -H \"Authorization: $g_login_token \" \
+     -X GET  \"${g_environment_api}?service=${g_service_config['service']}&domain=${g_service_config['domain']}\" ", returnStdout: true).trim()
+
+    def environmentOutput
 		def environment_logical_id
 		if (getEnvironments != null) {
 			try {
@@ -106,6 +114,7 @@ def createPromotedEnvironment(environment_logical_id, created_by) {
 			def payload = JsonOutput.toJson(params)
 			def res = sh(script: "curl -X POST \
 						${g_environment_api} \
+            -H \"Jazz-Service-ID: ${g_service_config['service_id']}\" \
 						-H 'authorization: $g_login_token' \
 						-H 'Content-type: application/json' \
 						-d '$payload'", returnStdout: true)
@@ -136,8 +145,12 @@ def checkIfEnvironmentAvailable(environment_logical_id) {
 	def isAvailable = false
 	try {
 		if (environment_logical_id && g_service_config['domain'] != "jazz") {
-			def getEnvironments = sh(script: "curl -H \"Content-type: application/json\" -H \"Authorization:\"$g_login_token -X GET \"${g_environment_api}?service=$s{ervice_config['service']}&domain=${g_service_config['domain']}\" ", returnStdout: true).trim()
-			def environmentOutput
+			def getEnvironments = sh(script: "curl -H \"Content-type: application/json\" \
+      -H \"Authorization:$g_login_token\" \
+      -H \"Jazz-Service-ID: ${g_service_config['service_id']}\" \
+      -X GET \"${g_environment_api}?service=${g_service_config['service']}&domain=${g_service_config['domain']}\" ", returnStdout: true).trim()
+
+      def environmentOutput
 			if (getEnvironments) {
 				environmentOutput = parseJson(getEnvironments)
 				if (environmentOutput && environmentOutput.data && environmentOutput.data.environment) {
@@ -161,11 +174,13 @@ def getEnvironmentLogicalIds() {
 	def env_logical_ids = []
 	try {
 		if (g_service_config['domain'] != "jazz") {
-			def environment_data = sh(script: "curl GET  \
+			def environment_data = sh(script: "curl \
 			-H \"Content-Type: application/json\" \
+      -H \"Jazz-Service-ID: ${g_service_config['service_id']}\" \
 			-H \"Authorization: $g_login_token\" \
-			\"${g_environment_api}?domain=${g_service_config['domain']}&service=${g_service_config['service']}\"", returnStdout: true)
-			if (environment_data) {
+			GET \"${g_environment_api}?domain=${g_service_config['domain']}&service=${g_service_config['service']}\"", returnStdout: true)
+
+    	if (environment_data) {
 				def environment_dataObj = parseJson(environment_data)
 				if (environment_dataObj && environment_dataObj.data && environment_dataObj.data.environment) {
 					def env_collection = environment_dataObj.data.environment
@@ -193,9 +208,11 @@ def getEnvironmentBranchName(logical_id) {
 		if (g_service_config['domain'] != "jazz") {
 			def environment_data = sh(script: "curl GET  \
 			-H \"Content-Type: application/json\" \
+      -H \"Jazz-Service-ID: ${g_service_config['service_id']}\" \
 			-H \"Authorization: $g_login_token\" \
 			\"${g_environment_api}?domain=${g_service_config['domain']}&service=${g_service_config['service']}\"", returnStdout: true)
-			if (environment_data) {
+
+      if (environment_data) {
 				def environment_dataObj = parseJson(environment_data)
 				if (environment_dataObj && environment_dataObj.data && environment_dataObj.data.environment) {
 					def env_collection = environment_dataObj.data.environment