Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support appending sec-* headers as configured, resolved from authenticated user #12

Merged
merged 6 commits into from
Apr 19, 2022
Merged

Support appending sec-* headers as configured, resolved from authenticated user #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4f1e42e
Support appending sec-* headers as configured, resolved from authenti…
groldan Apr 7, 2022
aa6741f
Use georchestra-ldap-account-management dependency to get full LDAP u…
groldan Apr 13, 2022
9c56c1d
Add georchestra as a shallow-clone submodule
groldan Apr 13, 2022
56590fa
Relocate sources and build georchestra dependencies
groldan Apr 13, 2022
9cf8e55
Implement missing user sec- headers, and JSON header contributor for …
groldan Apr 14, 2022
096749f
Generate test covearge report with jacoco-maven-plugin
groldan Apr 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,14 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
submodules: 'true'

- name: "Setting up Java"
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: '17'
java-version: '11'
cache: 'maven'

- name: Initialize CodeQL
Expand All @@ -52,3 +54,4 @@ jobs:

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

13 changes: 9 additions & 4 deletions .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,24 +13,29 @@ jobs:
steps:
- name: "Checking out"
uses: actions/checkout@v3
with:
submodules: 'true'

- name: "Setting up Java"
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: '17'
java-version: '11'
cache: 'maven'

- name: mvn clean test verify
run: ./mvnw clean test verify -ntp -T1C
- name: Build georchestra dependencies
run: ./mvnw -f georchestra/ clean install -pl :georchestra-ldap-account-management -am -DskipTests -P-all -ntp

- name: Build gateway
run: ./mvnw verify -pl :georchestra-gateway -ntp -T1C

- name: Calculating docker image tag
id: version
run: echo ::set-output name=VERSION::$(echo $GITHUB_REF | cut -d / -f 3)

- name: "Building a docker image"
if: github.repository == 'georchestra/georchestra-gateway'
run: ./mvnw -DimageTag=${{ steps.version.outputs.VERSION }} spring-boot:build-image -ntp
run: ./mvnw -f gateway/ -DimageTag=${{ steps.version.outputs.VERSION }} spring-boot:build-image -ntp -DskipTests

- name: "Logging in to docker.io"
if: github.repository == 'georchestra/georchestra-gateway'
Expand Down
4 changes: 4 additions & 0 deletions .gitmodules
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
[submodule "georchestra"]
path = georchestra
url = https://github.com/georchestra/georchestra.git
shallow = true
6 changes: 6 additions & 0 deletions .mvn/jvm.config
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
--add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED
--add-exports jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED
--add-exports jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED
--add-exports jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED
--add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED

72 changes: 72 additions & 0 deletions configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@

# Configuration properties

## Configuration object model

```mermaid
classDiagram
GatewayConfigProperties *-- HeaderMappings : defaultHeaders
GatewayConfigProperties *-- "0..*" RoleBasedAccessRule : globalAccessRules
GatewayConfigProperties *-- "0..*" Service
Service *-- HeaderMappings : headers
Service *-- "0..*" RoleBasedAccessRule : accessRules
class GatewayConfigProperties{
Map<String, Service> services
}
class HeaderMappings{
boolean proxy
boolean username
boolean roles
boolean org
boolean orgname
boolean email
boolean firstname
boolean lastname
boolean tel
boolean jsonUser
boolean jsonOrganization
groldan marked this conversation as resolved.
Show resolved Hide resolved
}
class RoleBasedAccessRule{
List~String~ interceptUrl
boolean anonymous
List~String~ allowedRoles
}
class Service{
URL target
}
```

## Example YAML configuration

```yaml
georchestra:
gateway:
default-headers:
proxy: true
username: true
roles: true
org: true
orgname: true
global-access-rules:
- intercept-url: /**
anonymous: true
services:
analytics:
target: http://analytics:8080/analytics/
access-rules:
- intercept-url: /analytics/**
allowed-roles: SUPERUSER, ORGADMIN
atlas:
target: http://atlas:8080/atlas/
console:
target: http://console:8080/console/
access-rules:
- intercept-url:
- /console/public/**
- /console/manager/public/**
anonymous: true
- intercept-url:
- /console/private/**
- /console/manager/**
allowed-roles: SUPERUSER, ORGADMIN
```
241 changes: 241 additions & 0 deletions gateway/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,241 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.georchestra</groupId>
<artifactId>georchestra-gateway-parent</artifactId>
<version>${revision}</version>
</parent>
<artifactId>georchestra-gateway</artifactId>
<name>gateway</name>
<description>geOrchestra application gateway</description>
<properties>
<java.version>11</java.version>
groldan marked this conversation as resolved.
Show resolved Hide resolved
<imageTag>${project.version}</imageTag>
<spring-boot.build-image.imageName>georchestra/gateway:${imageTag}</spring-boot.build-image.imageName>
</properties>
<dependencies>
<dependency>
<groupId>org.georchestra</groupId>
<artifactId>georchestra-ldap-account-management</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<!-- Annotation processor that generates metadata about classes annotated with @ConfigurationProperties. -->
<!-- This metadata is used by IDEs to provide auto-completion and documentation for the properties when editing application.properties
and application.yaml -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<!-- Generates META-INF/spring-autoconfigure-metadata.properties for inclusion in the project's jar. -->
<!-- This file helps with startup time, but is not necessary for your app to function correctly. -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- <dependency> -->
<!-- <groupId>org.springframework.security</groupId> -->
<!-- <artifactId>spring-security-test</artifactId> -->
<!-- <scope>test</scope> -->
<!-- </dependency> -->
</dependencies>
<build>
<plugins>
<plugin>
<groupId>net.revelc.code.formatter</groupId>
<artifactId>formatter-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>${fmt.action}</goal>
</goals>
</execution>
</executions>
<inherited>true</inherited>
<configuration>
<skip>${fmt.skip}</skip>
<configFile>${maven.multiModuleProjectDirectory}/.mvn/formatter.xml</configFile>
<compilerSource>${java.version}</compilerSource>
<compilerCompliance>${java.version}</compilerCompliance>
<compilerTargetPlatform>${java.version}</compilerTargetPlatform>
<!-- Use Unix and Mac style line endings -->
<lineEnding>LF</lineEnding>
<encoding>UTF-8</encoding>
<skipJsFormatting>true</skipJsFormatting>
<skipCssFormatting>true</skipCssFormatting>
<skipHtmlFormatting>true</skipHtmlFormatting>
<skipJsonFormatting>true</skipJsonFormatting>
<skipXmlFormatting>true</skipXmlFormatting>
<skipJavaFormatting>false</skipJavaFormatting>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<id>enforce-maven-and-java</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireJavaVersion>
<version>[11,)</version>
groldan marked this conversation as resolved.
Show resolved Hide resolved
</requireJavaVersion>
<requireMavenVersion>
<version>[3.6.3,)</version>
</requireMavenVersion>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.ekryd.sortpom</groupId>
<artifactId>sortpom-maven-plugin</artifactId>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>${pom.fmt.action}</goal>
</goals>
</execution>
</executions>
<configuration>
<skip>${pom.fmt.skip}</skip>
<pomFile>pom.xml</pomFile>
<keepBlankLines>true</keepBlankLines>
<spaceBeforeCloseEmptyElement>false</spaceBeforeCloseEmptyElement>
<createBackupFile>false</createBackupFile>
<verifyFail>stop</verifyFail>
<verifyFailOn>strict</verifyFailOn>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>flatten-maven-plugin</artifactId>
<executions>
<execution>
<id>flatten</id>
<phase>process-resources</phase>
<goals>
<goal>flatten</goal>
</goals>
</execution>
<execution>
<id>flatten.clean</id>
<phase>clean</phase>
<goals>
<goal>clean</goal>
</goals>
</execution>
</executions>
<configuration>
<updatePomFile>true</updatePomFile>
<!--flattenMode>resolveCiFriendliesOnly</flattenMode -->
<flattenMode>oss</flattenMode>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<id>build-info</id>
<goals>
<goal>build-info</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.8</version>
<executions>
<execution>
<id>prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<phase>test</phase>
<goals>
<goal>report</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>

<profiles>
<profile>
<id>docker</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<id>build-image</id>
<goals>
<goal>build-image</goal>
</goals>
</execution>
</executions>
<configuration>
<image>
<pullPolicy>IF_NOT_PRESENT</pullPolicy>
</image>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
Loading