Merge branch 'master' into bugfix/mongo-it-timing

Signed-off-by: Yufei Cai <yufei.cai@bosch.io>
eclipse-ditto · Dec 23, 2020 · 5adfe9a · 5adfe9a
2 parents cba015e + b7d5f5b
commit 5adfe9a
Show file tree

Hide file tree

Showing 39 changed files with 496 additions and 139 deletions.
diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml
@@ -0,0 +1,45 @@
+# Copyright (c) 2020 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License 2.0 which is available at
+# http://www.eclipse.org/legal/epl-2.0
+#
+# SPDX-License-Identifier: EPL-2.0
+name: license-check
+
+on:
+  # Run build for any PR
+  pull_request:
+
+jobs:
+  check-license-header-year:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: jitterbit/get-changed-files@v1
+        id: the-files
+      - name: Printing added files
+        run: |
+          echo "Added:"
+          echo "${{ steps.the-files.outputs.added }}"
+      - name: Ensure license year for added files is the file's creation year
+        shell: bash
+        run: |
+          included_file_endings=".*\.(java|xml|yml)"
+          current_year=$(date +'%Y')
+          missing_counter=0
+          for file in ${{ steps.the-files.outputs.added }}; do
+            if [[ $file =~ $included_file_endings ]]; then
+              file_creation_year=$(git log --format=%aD $file | tail -1 | awk '{print $4}')
+              if grep -q "Copyright (c) $file_creation_year Contributors to the Eclipse Foundation" $file; then
+                printf "\xE2\x9C\x94 $file\n"
+              else
+                printf "\xE2\x9D\x8C $file\n\tcopyright header with file creation year '$file_creation_year' is missing in added file\n"
+                missing_counter=$(expr $missing_counter + 1)
+              fi
+            fi
+          done
+          exit $missing_counter
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -1,3 +1,13 @@
+# Copyright (c) 2020 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License 2.0 which is available at
+# http://www.eclipse.org/legal/epl-2.0
+#
+# SPDX-License-Identifier: EPL-2.0
 name: build
 
 on:

diff --git a/.github/workflows/push-dockerhub.yml b/.github/workflows/push-dockerhub.yml
@@ -1,3 +1,13 @@
+# Copyright (c) 2020 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License 2.0 which is available at
+# http://www.eclipse.org/legal/epl-2.0
+#
+# SPDX-License-Identifier: EPL-2.0
 name: push-dockerhub
 
 on:

diff --git a/bom/pom.xml b/bom/pom.xml
@@ -88,7 +88,7 @@
         <!-- ### Testing dependencies versions -->
         <junit.version>4.13.1</junit.version>
         <assertj.version>3.12.0</assertj.version>
-        <mutability-detector.version>0.10.2</mutability-detector.version>
+        <mutability-detector.version>0.10.4</mutability-detector.version>
         <equals-verifier.version>3.1.10</equals-verifier.version>
         <mockito.version>3.1.0</mockito.version>
         <jsonassert.version>1.2.3</jsonassert.version>

diff --git a/deployment/docker/docker-compose.yml b/deployment/docker/docker-compose.yml
@@ -142,7 +142,7 @@ services:
     command: java -Dditto.gateway.authentication.devops.password=foobar -jar starter.jar
 
   swagger-ui:
-    image: docker.io/swaggerapi/swagger-ui:v3.20.5
+    image: docker.io/swaggerapi/swagger-ui:v3.38.0
     volumes:
        - ../../documentation/src/main/resources/openapi:/usr/share/nginx/html/openapi:ro
        - ../../documentation/src/main/resources/images:/usr/share/nginx/html/images:ro

diff --git a/deployment/docker/sandbox/docker-compose.yml b/deployment/docker/sandbox/docker-compose.yml
@@ -121,7 +121,7 @@ services:
       - OPENJ9_JAVA_OPTIONS=-XX:+ExitOnOutOfMemoryError -Xtune:virtualized -Xss512k -XX:MaxRAMPercentage=80 -Dakka.coordinated-shutdown.exit-jvm=on -Dakka.cluster.shutdown-after-unsuccessful-join-seed-nodes=120s
 
   swagger-ui:
-    image: docker.io/swaggerapi/swagger-ui:v3.20.5
+    image: docker.io/swaggerapi/swagger-ui:v3.38.0
     volumes:
        - ../../../documentation/src/main/resources/openapi:/usr/share/nginx/html/openapi:ro
        - ../../../documentation/src/main/resources/images:/usr/share/nginx/html/images:ro

diff --git a/deployment/docker/sandbox/html/index.html b/deployment/docker/sandbox/html/index.html
@@ -115,11 +115,7 @@ <h1><img src="./images/ditto.svg" class="ditto-logo" alt="Eclipse Ditto logo"> -
         <h2>Authentication</h2>
         <p>
             When using the <a href="/apidoc">HTTP API</a> you can authenticate with your Google account in order to use
-            an user ID belonging to only you.<br />
-            <strong>WARNING</strong>: This currently won't work due to a missing feature
-            in swagger-ui 3.x: <a href="https://github.com/swagger-api/swagger-ui/issues/4084">swagger-ui #4084</a> and
-            due to a missing feature in Ditto that Google 'accept_token' are not supported:
-            <a href="https://github.com/eclipse/ditto/issues/114">Ditto #114</a>.
+            an user ID belonging to only you.
         </p>
         <p>
             Alternatively (also in order to connect to the WebSocket API) you can use one of the pre-defined user/password

diff --git a/deployment/docker/swagger3-index.html b/deployment/docker/swagger3-index.html
@@ -44,13 +44,6 @@
 <script src="./swagger-ui-bundle.js"> </script>
 <script src="./swagger-ui-standalone-preset.js"> </script>
 <script>
-    // HACK in order to send id_token instead of access_token when authenticating via OAuth2.0
-    window.open = function (open) {
-        return function (url) {
-            return open.call(window, url.replace('response_type=token', 'response_type=id_token'));
-        };
-    }(window.open);
-
     window.onload = function() {
 
         const ui = SwaggerUIBundle({
@@ -71,20 +64,24 @@
                                            SwaggerUIBundle.plugins.DownloadUrl
                                        ],
                                        layout: "StandaloneLayout",
-                                       oauth2RedirectUrl: window.location.origin + "/apidoc/oauth2-redirect.html"
+                                       oauth2RedirectUrl: window.location.origin + "/apidoc/oauth2-redirect.html",
+                                       onComplete: function() {
+                                           ui.preauthorizeBasic("NginxBasic", "ditto", "ditto");
+                                       }
                                    });
 
         ui.initOAuth({
                          clientId: "853201765597-7nmcpg90krhogd9375dl44sse4tup0gj.apps.googleusercontent.com",
                          clientSecret: "<leave that empty>",
                          realm: "eclipse-ditto",
-                         appName: "Eclipse Ditto Sandbox",
+                         appName: "Eclipse Ditto :: Sandbox",
                          scopeSeparator: " ",
+                         scopes: "openid",
                          additionalQueryStringParams: {
                          }
                      });
 
-        window.ui = ui
+        window.ui = ui;
     }
 </script>
 </body>

diff --git a/deployment/kubernetes/swagger/swagger.yaml b/deployment/kubernetes/swagger/swagger.yaml
@@ -23,7 +23,7 @@ spec:
     spec:
       containers:
       - name: swagger-ui
-        image: docker.io/swaggerapi/swagger-ui:3.17.4  # old version v2.2.9
+        image: docker.io/swaggerapi/swagger-ui:3.38.0
         volumeMounts:
         - name: swagger-ui-api
           mountPath: /usr/share/nginx/html/openapi

diff --git a/documentation/src/main/resources/http-api-doc.html b/documentation/src/main/resources/http-api-doc.html
@@ -14,7 +14,7 @@
         // Build a system
       window.ui = SwaggerUIBundle({
            urls: [
-             {url: "openapi/ditto-api-1.yml", name: "Ditto API v1- deprecated"},
+             {url: "openapi/ditto-api-1.yml", name:"Ditto API v1- deprecated"},
              {url: "openapi/ditto-api-2.yml", name:"Ditto API v2"}
            ],
            "urls.primaryName": "Ditto API v2",
@@ -29,7 +29,10 @@
            plugins: [
              SwaggerUIBundle.plugins.DownloadUrl
            ],
-           layout: "StandaloneLayout"
+           layout: "StandaloneLayout",
+           onComplete: function() {
+             ui.preauthorizeBasic("NginxBasic", "ditto", "ditto");
+           }
        });
     }
 </script>
diff --git a/documentation/src/main/resources/openapi/ditto-api-1.yml b/documentation/src/main/resources/openapi/ditto-api-1.yml
@@ -24,8 +24,10 @@ tags:
   - name: Messages
     description: Talk with your Things
 security:
-  - basicAuth: []
-  - bearerAuth: []
+  - Google:
+      - openid
+  - NginxBasic: []
+  - Bearer: []
 paths:
   /things:
     get:
@@ -2491,15 +2493,25 @@ components:
           * for an list, the JSON value is the list: `[ 1,2,3 ]`
       required: true
   securitySchemes:
-    basicAuth:
+    NginxBasic:
       type: http
       description: Eclipse Ditto sandbox demo user (demo1 ... demo9) + password (demo)
       scheme: basic
-    bearerAuth:
+    Bearer:
       type: http
       scheme: bearer
       bearerFormat: JWT
-      description: 'A JSON Web Token issued by a supported OAuth 2.0 Identity Provider, e.g. a Google "id_token"'
+      description: A JSON Web Token issued by a supported OAuth 2.0 Identity Provider.
+    Google:
+      type: oauth2
+      description: Allow Eclipse Ditto to perform OAuth2.0 based authentication accessing your Google-ID.
+      x-tokenName: id_token
+      flows:
+        authorizationCode:
+          authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth'
+          tokenUrl: /oauth2/google/token
+          scopes:
+            openid: Access your Google-ID
   schemas:
     Error:
       properties:

diff --git a/documentation/src/main/resources/openapi/ditto-api-2.yml b/documentation/src/main/resources/openapi/ditto-api-2.yml
@@ -28,8 +28,10 @@ tags:
   - name: CloudEvents
     description: Process CloudEvents in Ditto
 security:
-  - basicAuth: []
-  - bearerAuth: []
+  - Google:
+      - openid
+  - NginxBasic: []
+  - Bearer: []
 paths:
   /things:
     get:
@@ -5844,12 +5846,22 @@ components:
       type: string
       description: An auth subject that can be used to provide access for a caller (e.g. in subject entries of policies).
   securitySchemes:
-    basicAuth:
+    NginxBasic:
       type: http
       description: Eclipse Ditto sandbox demo user (demo1 ... demo9) + password (demo)
       scheme: basic
-    bearerAuth:
+    Bearer:
       type: http
       scheme: bearer
       bearerFormat: JWT
-      description: 'A JSON Web Token issued by a supported OAuth 2.0 Identity Provider, e.g. a Google "id_token"'
+      description: A JSON Web Token issued by a supported OAuth 2.0 Identity Provider.
+    Google:
+      type: oauth2
+      description: Allow Eclipse Ditto to perform OAuth2.0 based authentication accessing your Google-ID.
+      x-tokenName: id_token
+      flows:
+        authorizationCode:
+          authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth'
+          tokenUrl: /oauth2/google/token
+          scopes:
+            openid: Access your Google-ID
diff --git a/documentation/src/main/resources/openapi/sources/api-1-index.yml b/documentation/src/main/resources/openapi/sources/api-1-index.yml
@@ -34,10 +34,10 @@ tags:
   - name: Messages
     description: Talk with your Things
 security:
-#  - Google:
-#    - openid
-  - basicAuth: []
-  - bearerAuth: []
+  - Google:
+    - openid
+  - NginxBasic: []
+  - Bearer: []
 paths:
   /things:
     get:
@@ -2539,17 +2539,12 @@ components:
           * for an list, the JSON value is the list: `[ 1,2,3 ]`
       required: true
   securitySchemes:
-    basicAuth:
-      type: http
-      description: |-
-        Eclipse Ditto sandbox demo user (demo1 ... demo9) + password (demo)
-      scheme: basic
-    bearerAuth:
-      type: http
-      scheme: bearer
-      bearerFormat: JWT
-      description: |-
-        A JSON Web Token issued by a supported OAuth 2.0 Identity Provider, e.g. a Google "id_token"
+    NginxBasic:
+      $ref: './security/nginxBasic.yml'
+    Bearer:
+      $ref: './security/bearerAuth.yml'
+    Google:
+      $ref: './security/google.yml'
   schemas:
     Error:
       properties:

diff --git a/documentation/src/main/resources/openapi/sources/api-2-index.yml b/documentation/src/main/resources/openapi/sources/api-2-index.yml
@@ -41,10 +41,10 @@ tags:
     description: Process CloudEvents in Ditto
 
 security:
-  #  - Google:
-  #    - openid
-  - basicAuth: [ ]
-  - bearerAuth: [ ]
+  - Google:
+      - openid
+  - NginxBasic: [ ]
+  - Bearer: [ ]
 
 paths:
 
@@ -257,15 +257,9 @@ components:
       $ref: "./schemas/whoamiSubject.yml"
 
   securitySchemes:
-    basicAuth:
-      type: http
-      description: |-
-        Eclipse Ditto sandbox demo user (demo1 ... demo9) + password (demo)
-      scheme: basic
-    bearerAuth:
-      type: http
-      scheme: bearer
-      bearerFormat: JWT
-      description: |-
-        A JSON Web Token issued by a supported OAuth 2.0 Identity Provider, e.g. a Google "id_token"
-
+    NginxBasic:
+      $ref: './security/nginxBasic.yml'
+    Bearer:
+      $ref: './security/bearerAuth.yml'
+    Google:
+      $ref: './security/google.yml'
diff --git a/documentation/src/main/resources/openapi/sources/security/bearerAuth.yml b/documentation/src/main/resources/openapi/sources/security/bearerAuth.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License 2.0 which is available at
+# http://www.eclipse.org/legal/epl-2.0
+#
+# SPDX-License-Identifier: EPL-2.0
+type: http
+scheme: bearer
+bearerFormat: JWT
+description: |-
+  A JSON Web Token issued by a supported OAuth 2.0 Identity Provider.
diff --git a/documentation/src/main/resources/openapi/sources/security/google.yml b/documentation/src/main/resources/openapi/sources/security/google.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2020 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License 2.0 which is available at
+# http://www.eclipse.org/legal/epl-2.0
+#
+# SPDX-License-Identifier: EPL-2.0
+type: oauth2
+description: |-
+  Allow Eclipse Ditto to perform OAuth2.0 based authentication accessing your Google-ID.
+x-tokenName: id_token
+flows:
+  authorizationCode:
+    authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth'
+    tokenUrl: /oauth2/google/token
+    scopes:
+      openid: Access your Google-ID
diff --git a/documentation/src/main/resources/openapi/sources/security/nginxBasic.yml b/documentation/src/main/resources/openapi/sources/security/nginxBasic.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2020 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License 2.0 which is available at
+# http://www.eclipse.org/legal/epl-2.0
+#
+# SPDX-License-Identifier: EPL-2.0
+type: http
+description: |-
+  Eclipse Ditto sandbox demo user (demo1 ... demo9) + password (demo)
+scheme: basic