From 1c9f7a944a934e21baf1899e6cebff6f728759c4 Mon Sep 17 00:00:00 2001 From: Stanimir Penkov Date: Tue, 5 Feb 2019 14:02:55 +0200 Subject: [PATCH 01/24] NY-6895: Disable functionality for updating auth provider Signed-off-by: Stanimir Penkov --- .../account/services/AccountServiceImpl.java | 10 ++++++++ .../account/services/AccountServiceTests.java | 25 +++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/src/main/java/biz/nynja/account/services/AccountServiceImpl.java b/src/main/java/biz/nynja/account/services/AccountServiceImpl.java index c78dd22..4c2f0d2 100644 --- a/src/main/java/biz/nynja/account/services/AccountServiceImpl.java +++ b/src/main/java/biz/nynja/account/services/AccountServiceImpl.java @@ -1069,6 +1069,7 @@ public class AccountServiceImpl extends AccountServiceGrpc.AccountServiceImplBas return searchResultDetails.build(); } + //Currently not supported @Override @PerformPermissionCheck @Permitted(role = RoleConstants.ACCOUNT_ADMIN) @@ -1076,6 +1077,15 @@ public class AccountServiceImpl extends AccountServiceGrpc.AccountServiceImplBas @Permitted(role = RoleConstants.USER) public void updateAuthenticationProviderForProfile(UpdateAuthenticationProviderRequest request, StreamObserver responseObserver) { + + // This logic is used because the operation of updating authentication provider is currently not supported + if (true) { + logAndBuildGrpcStatusResponse(responseObserver, StatusResponse.newBuilder(), + "Not supported operation of updating authentication provider for profile: {}", + request.getProfileId(), Cause.ERROR_UPDATING_AUTH_PROVIDER, "Operation not supported"); + return; + } + logger.info("Updating auth provider for profile {} requested.", request.getProfileId()); logger.debug("Updating auth provider for profile requested: {}", request); diff --git a/src/test/java/biz/nynja/account/services/AccountServiceTests.java b/src/test/java/biz/nynja/account/services/AccountServiceTests.java index 6bd124f..0c54f00 100644 --- a/src/test/java/biz/nynja/account/services/AccountServiceTests.java +++ b/src/test/java/biz/nynja/account/services/AccountServiceTests.java @@ -19,6 +19,7 @@ import java.util.concurrent.ExecutionException; import java.util.stream.Collectors; import org.junit.Before; +import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.ArgumentCaptor; @@ -1721,6 +1722,8 @@ public class AccountServiceTests extends GrpcServerTestBase { reply.getError().getCause().equals(Cause.MISSING_PROFILE_ID)); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderPhoneForProfileOK() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1738,6 +1741,8 @@ public class AccountServiceTests extends GrpcServerTestBase { assertEquals("SUCCESS", reply.getStatus()); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderEmailForProfileOK() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1755,6 +1760,8 @@ public class AccountServiceTests extends GrpcServerTestBase { assertEquals("SUCCESS", reply.getStatus()); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderForProfileErrorUpdatingAuthProvider() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1774,6 +1781,8 @@ public class AccountServiceTests extends GrpcServerTestBase { reply.getError().getCause().equals(Cause.ERROR_UPDATING_AUTH_PROVIDER)); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderEmailForProfileAuthProviderUsed() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1798,6 +1807,8 @@ public class AccountServiceTests extends GrpcServerTestBase { reply.getError().getCause().equals(Cause.ERROR_UPDATING_AUTH_PROVIDER)); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderForProfileInvalidProfileId() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1813,6 +1824,8 @@ public class AccountServiceTests extends GrpcServerTestBase { reply.getError().getCause().equals(Cause.INVALID_PROFILE_ID)); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderForProfileMissingProfileId() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1827,6 +1840,8 @@ public class AccountServiceTests extends GrpcServerTestBase { reply.getError().getCause().equals(Cause.MISSING_PROFILE_ID)); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderForProfileMissingAuthProviderType() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1842,6 +1857,8 @@ public class AccountServiceTests extends GrpcServerTestBase { reply.getError().getCause().equals(Cause.MISSING_AUTH_PROVIDER_TYPE)); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderForProfileMissingAuthProviderIdentifier() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1857,6 +1874,8 @@ public class AccountServiceTests extends GrpcServerTestBase { reply.getError().getCause().equals(Cause.MISSING_AUTH_PROVIDER_ID)); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderForProfileInvalidPhone() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1873,6 +1892,8 @@ public class AccountServiceTests extends GrpcServerTestBase { reply.getError().getCause().equals(Cause.INVALID_PHONENUMBER)); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderForProfileInvalidEmail() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1889,6 +1910,8 @@ public class AccountServiceTests extends GrpcServerTestBase { reply.getError().getCause().equals(Cause.INVALID_EMAIL)); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderForProfileInvalidTypeFacebook() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() @@ -1906,6 +1929,8 @@ public class AccountServiceTests extends GrpcServerTestBase { reply.getError().getCause().equals(Cause.INVALID_ADDITIONAL_LOGIN_OPTION_TYPE)); } + // The test is disabled because update of auth provider is currently not supported + @Ignore @Test public void testUpdateAuthProviderForProfileInvalidTypeGoogleplus() { final UpdateAuthenticationProviderRequest request = UpdateAuthenticationProviderRequest.newBuilder() -- GitLab From b13d2680a87c824cdb57d6d560a8c677c007c4d0 Mon Sep 17 00:00:00 2001 From: Stoyan Tzenkov Date: Wed, 6 Feb 2019 13:00:57 +0200 Subject: [PATCH 02/24] NY-6899: updateAccount fixed to take only the requested parameters. Signed-off-by: Stoyan Tzenkov --- .../AccountRepositoryAdditionalImpl.java | 35 ++++++++++++++----- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java index b541a36..fd190af 100644 --- a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java +++ b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java @@ -290,7 +290,8 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio String accessToken = accessPoint.getAccessToken(); DecodedJWT decodedToken = JWT.decode(accessToken); List accesspointRoles = getRolesFromAccessToken(decodedToken); - if (accesspointRoles.contains(Role.ACCOUNT_ADMIN.name()) || accesspointRoles.contains(Role.AUTHENTICATION_ADMIN.name())) { + if (accesspointRoles.contains(Role.ACCOUNT_ADMIN.name()) + || accesspointRoles.contains(Role.AUTHENTICATION_ADMIN.name())) { if (!accessPointService.deleteAccessPoint(UUID.fromString(accountId), accessToken)) { logger.error("Error deleting accesspoint record from DB for account with id {} and role {}.", accountId, Role.ACCOUNT_ADMIN.name()); @@ -431,14 +432,29 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio private void updateAccountData(Transaction transaction, UpdateAccountRequest request, Account currentAccountState, Long lastUpdateTimestamp) { Account newAccountState = (Account) SerializationUtils.clone(currentAccountState); - newAccountState.setAvatar(request.getAvatar()); - newAccountState.setAccountMark(request.getAccountMark()); - newAccountState.setAccountName(request.getAccountName()); - newAccountState.setFirstName(request.getFirstName()); - newAccountState.setLastName(request.getLastName()); - newAccountState.setUsername(request.getUsername()); + if (request.getAvatar() != null && !request.getAvatar().isEmpty()) { + newAccountState.setAvatar(request.getAvatar()); + } + if (request.getAccountMark() != null && !request.getAccountMark().isEmpty()) { + newAccountState.setAccountMark(request.getAccountMark()); + } + if (request.getAccountName() != null && !request.getAccountName().isEmpty()) { + newAccountState.setAccountName(request.getAccountName()); + } + if (request.getFirstName() != null && !request.getFirstName().isEmpty()) { + newAccountState.setFirstName(request.getFirstName()); + } + if (request.getLastName() != null && !request.getLastName().isEmpty()) { + newAccountState.setLastName(request.getLastName()); + } + if (request.getUsername() != null && !request.getUsername().isEmpty()) { + newAccountState.setUsername(request.getUsername()); + } newAccountState.setLastUpdateTimestamp(lastUpdateTimestamp); - newAccountState.setAccessStatus(request.getAccessStatus().toString()); + if (request.getAccessStatus() != null + && !request.getAccessStatus().equals(AccessStatus.UNKNOWN_ACCESS_STATUS)) { + newAccountState.setAccessStatus(request.getAccessStatus().toString()); + } if (request.getRolesList() == null || request.getRolesList().isEmpty()) { newAccountState.setRoles(Set.of(Role.USER.toString())); } else { @@ -583,7 +599,8 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio Account existingAccount = accountRepository.findByAccountId(accountByProfileId.getAccountId()); deleteAccountData(batchOperations, existingAccount); if (!accessPointService.deleteAccessPointsForAccount(accountByProfileId.getAccountId())) { - logger.error("Error deleting accesspoints from the DB for account {}.", accountByProfileId.getAccountId()); + logger.error("Error deleting accesspoints from the DB for account {}.", + accountByProfileId.getAccountId()); } } -- GitLab From cb19c6edff249aa1c98ffc3a6aeab4efb2f44f28 Mon Sep 17 00:00:00 2001 From: Stoyan Tzenkov Date: Thu, 7 Feb 2019 12:13:09 +0200 Subject: [PATCH 03/24] NY-6899: Send error if requested account status is UNKNOWN_ACCESS_STATUS. Signed-off-by: Stoyan Tzenkov --- .../AccountRepositoryAdditionalImpl.java | 29 +++++-------------- .../account/services/AccountServiceImpl.java | 8 ++++- 2 files changed, 14 insertions(+), 23 deletions(-) diff --git a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java index fd190af..1b11b63 100644 --- a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java +++ b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java @@ -432,29 +432,14 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio private void updateAccountData(Transaction transaction, UpdateAccountRequest request, Account currentAccountState, Long lastUpdateTimestamp) { Account newAccountState = (Account) SerializationUtils.clone(currentAccountState); - if (request.getAvatar() != null && !request.getAvatar().isEmpty()) { - newAccountState.setAvatar(request.getAvatar()); - } - if (request.getAccountMark() != null && !request.getAccountMark().isEmpty()) { - newAccountState.setAccountMark(request.getAccountMark()); - } - if (request.getAccountName() != null && !request.getAccountName().isEmpty()) { - newAccountState.setAccountName(request.getAccountName()); - } - if (request.getFirstName() != null && !request.getFirstName().isEmpty()) { - newAccountState.setFirstName(request.getFirstName()); - } - if (request.getLastName() != null && !request.getLastName().isEmpty()) { - newAccountState.setLastName(request.getLastName()); - } - if (request.getUsername() != null && !request.getUsername().isEmpty()) { - newAccountState.setUsername(request.getUsername()); - } + newAccountState.setAvatar(request.getAvatar()); + newAccountState.setAccountMark(request.getAccountMark()); + newAccountState.setAccountName(request.getAccountName()); + newAccountState.setFirstName(request.getFirstName()); + newAccountState.setLastName(request.getLastName()); + newAccountState.setUsername(request.getUsername()); newAccountState.setLastUpdateTimestamp(lastUpdateTimestamp); - if (request.getAccessStatus() != null - && !request.getAccessStatus().equals(AccessStatus.UNKNOWN_ACCESS_STATUS)) { - newAccountState.setAccessStatus(request.getAccessStatus().toString()); - } + newAccountState.setAccessStatus(request.getAccessStatus().toString()); if (request.getRolesList() == null || request.getRolesList().isEmpty()) { newAccountState.setRoles(Set.of(Role.USER.toString())); } else { diff --git a/src/main/java/biz/nynja/account/services/AccountServiceImpl.java b/src/main/java/biz/nynja/account/services/AccountServiceImpl.java index 4c2f0d2..945176b 100644 --- a/src/main/java/biz/nynja/account/services/AccountServiceImpl.java +++ b/src/main/java/biz/nynja/account/services/AccountServiceImpl.java @@ -20,6 +20,7 @@ import org.slf4j.LoggerFactory; import biz.nynja.account.accesspoints.AccessPointService; import biz.nynja.account.configuration.ProfileDataConfiguration; +import biz.nynja.account.grpc.AccessStatus; import biz.nynja.account.grpc.AccountByAccountIdRequest; import biz.nynja.account.grpc.AccountResponse; import biz.nynja.account.grpc.AccountServiceGrpc; @@ -523,6 +524,11 @@ public class AccountServiceImpl extends AccountServiceGrpc.AccountServiceImplBas request.getAccountId(), Cause.INVALID_ACCOUNT_ID, "Invalid Account ID"); return; } + if (request.getAccessStatus().equals(AccessStatus.UNKNOWN_ACCESS_STATUS)) { + logAndBuildGrpcAccountResponse(responseObserver, AccountResponse.newBuilder(), "Invalid access status for account id: {}", + request.getAccountId(), Cause.INVALID_ACCESS_STATUS, "Invalid access status"); + return; + } if (!permissionsValidator.isRpcAllowed(request.getAccountId())) { logAndBuildGrpcAccountResponse(responseObserver, AccountResponse.newBuilder(), "Can not update account {}.", @@ -1069,7 +1075,7 @@ public class AccountServiceImpl extends AccountServiceGrpc.AccountServiceImplBas return searchResultDetails.build(); } - //Currently not supported + // Currently not supported @Override @PerformPermissionCheck @Permitted(role = RoleConstants.ACCOUNT_ADMIN) -- GitLab From c8b14a64efe225c297eb4e5a395f41ab63458b97 Mon Sep 17 00:00:00 2001 From: Stanimir Penkov Date: Thu, 7 Feb 2019 17:13:56 +0200 Subject: [PATCH 04/24] NY-6923: Fix: Missing check for state: permission denied when getting account by login option - check added; - removed outdated comments; Signed-off-by: Stanimir Penkov --- .../account/permissions/PermissionsValidator.java | 15 +++++++-------- .../account/services/AccountServiceImpl.java | 15 +++++++++++++++ 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java b/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java index 44edf68..e24cd67 100644 --- a/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java +++ b/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java @@ -20,10 +20,6 @@ public class PermissionsValidator { public boolean isRpcAllowed(String accountId) { - // WARNING: THe line bellow is to be removed and code following uncommented - // when Istio starts sending an access token with each and every request - // return true; - DecodedJWT decodedToken = retrieveDecodedToken(); String requestingAccountId = new String(Base64.getDecoder().decode(decodedToken.getSubject())); @@ -33,6 +29,13 @@ public class PermissionsValidator { return isAuthorizedRequestingRole(decodedToken); } + public boolean isRpcAllowedForCurrentRole() { + + DecodedJWT decodedToken = retrieveDecodedToken(); + + return isAuthorizedRequestingRole(decodedToken); + } + private DecodedJWT retrieveDecodedToken() { String accessToken = (String) PermissionsInterceptor.ACCESS_TOKEN_CTX.get(); // This check is for isAdminToken method @@ -45,10 +48,6 @@ public class PermissionsValidator { public boolean isRpcAllowed(List existingAccountsForProfile) { - // WARNING: The line bellow is to be removed and code following uncommented - // when Istio starts sending an access token with each and every request - // return true; - String accessToken = (String) PermissionsInterceptor.ACCESS_TOKEN_CTX.get(); DecodedJWT decodedToken = JWT.decode(accessToken); String requestingAccountId = new String(Base64.getDecoder().decode(decodedToken.getSubject())); diff --git a/src/main/java/biz/nynja/account/services/AccountServiceImpl.java b/src/main/java/biz/nynja/account/services/AccountServiceImpl.java index 4c2f0d2..4175987 100644 --- a/src/main/java/biz/nynja/account/services/AccountServiceImpl.java +++ b/src/main/java/biz/nynja/account/services/AccountServiceImpl.java @@ -1177,11 +1177,26 @@ public class AccountServiceImpl extends AccountServiceGrpc.AccountServiceImplBas Optional account = accountProvider.getAccountResponseByLoginOption( request.getAuthenticationType(), request.getAuthenticationIdentifier()); if (!account.isPresent()) { + // If account is not found the method isRpcAllowedForCurrentRole() is used to check the current role and + // if it is "USER" to return "ERROR_PERMISSION_DENIED" + if (!permissionsValidator.isRpcAllowedForCurrentRole()) { + logAndBuildGrpcAccountResponse(responseObserver, AccountResponse.newBuilder(), + "Account info can not be obtained for this account.", "", Cause.ERROR_PERMISSION_DENIED, + "Permission denied"); + return; + } logAndBuildGrpcAccountResponse(responseObserver, AccountResponse.newBuilder(), "Account not found for login option: " + request.getAuthenticationIdentifier() + ":" + request.getAuthenticationIdentifier(), "", Cause.ACCOUNT_NOT_FOUND, "Account not found"); } else { + + if (!permissionsValidator.isRpcAllowed(account.get().getAccountDetails().getAccountId())) { + logAndBuildGrpcAccountResponse(responseObserver, AccountResponse.newBuilder(), + "Account info can not be obtained for this account.", "", Cause.ERROR_PERMISSION_DENIED, + "Permission denied"); + return; + } AccountResponse response = account.get(); logger.info("SUCCESS: Found account by login option {}. Account Id={}.", request.getAuthenticationIdentifier(), response.getAccountDetails().getAccountId()); -- GitLab From f4a62261669bc3812f864a4671924fba56cb6add Mon Sep 17 00:00:00 2001 From: Stanimir Penkov Date: Fri, 8 Feb 2019 14:06:07 +0200 Subject: [PATCH 05/24] NY-6622: Disable script for creation of searchable column Signed-off-by: Stanimir Penkov --- .../nynja/account/StartupScriptsListener.java | 40 -------------- .../AccountRepositoryAdditional.java | 2 - .../AccountRepositoryAdditionalImpl.java | 55 ------------------- 3 files changed, 97 deletions(-) diff --git a/src/main/java/biz/nynja/account/StartupScriptsListener.java b/src/main/java/biz/nynja/account/StartupScriptsListener.java index 88f09f5..628bc54 100644 --- a/src/main/java/biz/nynja/account/StartupScriptsListener.java +++ b/src/main/java/biz/nynja/account/StartupScriptsListener.java @@ -6,8 +6,6 @@ package biz.nynja.account; import java.util.Arrays; import java.util.List; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.event.ContextRefreshedEvent; @@ -15,9 +13,7 @@ import org.springframework.context.event.EventListener; import org.springframework.stereotype.Component; import com.datastax.driver.core.Session; -import com.datastax.driver.core.exceptions.InvalidQueryException; -import biz.nynja.account.repositories.AccountRepositoryAdditional; /** * This acts as {@link CassandraAccountConfig} startupScripts executor but activated after the spring has setup the needed * tables though JPA @@ -28,45 +24,18 @@ import biz.nynja.account.repositories.AccountRepositoryAdditional; @Component public class StartupScriptsListener { - private static final Logger logger = LoggerFactory.getLogger(StartupScriptsListener.class); private String keyspace; @Autowired private Session session; - @Autowired - private AccountRepositoryAdditional accountRepositoryAdditional; - @EventListener(ContextRefreshedEvent.class) public void contextRefreshedEvent() { keyspace = session.getLoggedKeyspace(); - boolean searchableColumnAlreadyExists = false, searchableFeildAlreadyExists = false; for (String script : getStartupScripts()) { session.execute(script); } - - try { - // add searchable column - session.execute(getScriptsForSearchableOption().get(0)); - } catch (InvalidQueryException e) { - logger.warn("Exception while executing script for adding searchable column: {}", e.getMessage()); - // In the current case InvalidQueryException is used to confirm that the searchable column already exists. - searchableColumnAlreadyExists = true; - } - - try { - // add searchable field - session.execute(getScriptsForSearchableOption().get(1)); - } catch (InvalidQueryException e) { - logger.warn("Exception while executing script for adding searchable field: {}", e.getMessage()); - // In the current case InvalidQueryException is used to confirm that the searchable column already exists. - searchableFeildAlreadyExists = true; - } - - if (searchableColumnAlreadyExists && searchableFeildAlreadyExists) { - accountRepositoryAdditional.removeNullsForSearchableOption(); - } } private List getStartupScripts() { @@ -120,13 +89,4 @@ public class StartupScriptsListener { scriptAccountViewByFirstName, scriptAccountViewByLastName, scriptAccountViewByAccessStatus, scriptAccountViewByCreationTimestamp, scriptAccountViewByLastUpdateTimestamp); } - - private List getScriptsForSearchableOption() { - String addSearchableColumnScript = "ALTER TABLE " + keyspace - + ".profilebyauthenticationprovider ADD searchable boolean;"; - - String addSearchableToAuthenticationProviderType = "ALTER TYPE authenticationprovider add searchable boolean;"; - - return Arrays.asList(addSearchableColumnScript, addSearchableToAuthenticationProviderType); - } } diff --git a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditional.java b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditional.java index 800a1cd..4149a68 100644 --- a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditional.java +++ b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditional.java @@ -62,7 +62,5 @@ public interface AccountRepositoryAdditional { Optional searchAccountByLoginOption(AuthenticationProvider loginOption) throws IncorrectAccountCountException; - void removeNullsForSearchableOption(); - boolean updateSearchableOption(UUID profileId, String authProviderType, String authProvider, SearchableOption searchableOption); } diff --git a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java index 1b11b63..3b19c2f 100644 --- a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java +++ b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java @@ -1090,61 +1090,6 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio return pendingAccount; } - public void removeNullsForSearchableOption() { - List profilesByAuthenticationProvider = profileByAuthenticationProviderRepository - .findAll(); - for (int i = 0; i < profilesByAuthenticationProvider.size(); i++) { - if (profilesByAuthenticationProvider.get(i).getSearchable() == null) { - logger.error("Found null for searchable option for {}:{} in profile: {}", - profilesByAuthenticationProvider.get(i).getAuthenticationProviderType(), - profilesByAuthenticationProvider.get(i).getAuthenticationProvider(), - profilesByAuthenticationProvider.get(i).getProfileId()); - Profile profileToUpdate = profileRepository - .findByProfileId(profilesByAuthenticationProvider.get(i).getProfileId()); - if (profileToUpdate == null) { - logger.error( - "Error replacing null with default searchable option for auth provider {}:{} in profile {}. Profile not found.", - profilesByAuthenticationProvider.get(i).getAuthenticationProviderType(), - profilesByAuthenticationProvider.get(i).getAuthenticationProvider(), - profilesByAuthenticationProvider.get(i).getProfileId()); - continue; - } - - logger.info("Replacing null with default searchable option for profile {}", - profilesByAuthenticationProvider.get(i).getProfileId()); - - CassandraBatchOperations batchOperations = cassandraTemplate.batchOps(); - WriteResult wr; - try { - updateSearchableInProfileByAuthenticationProvider(batchOperations, - profilesByAuthenticationProvider.get(i), SearchableOption.SEARCH_ENABLED); - if (!updateSearchableInProfile(batchOperations, profileToUpdate, - profilesByAuthenticationProvider.get(i).getAuthenticationProviderType(), - profilesByAuthenticationProvider.get(i).getAuthenticationProvider(), - SearchableOption.SEARCH_ENABLED)) { - logger.error( - "Error replacing null with default searchable option for profile {}: auth provider {}:{}.", - profilesByAuthenticationProvider.get(i).getProfileId(), - profilesByAuthenticationProvider.get(i).getAuthenticationProviderType(), - profilesByAuthenticationProvider.get(i).getAuthenticationProvider()); - } - wr = batchOperations.execute(); - } catch (IllegalArgumentException | IllegalStateException e) { - logger.debug( - "Exception while replacing null with default searchable option for auth provider {}:{} in profile{}: {}.", - profilesByAuthenticationProvider.get(i).getAuthenticationProviderType(), - profilesByAuthenticationProvider.get(i).getAuthenticationProvider(), - profilesByAuthenticationProvider.get(i).getProfileId(), e.getMessage()); - continue; - } - if (wr != null && wr.wasApplied()) { - logger.info("Successfully replaced null with default searchable option in profile {}.", - profilesByAuthenticationProvider.get(i).getProfileId()); - } - } - } - } - private void updateSearchableInProfileByAuthenticationProvider(CassandraBatchOperations batchOps, ProfileByAuthenticationProvider profileByAuthenticationProvider, SearchableOption searchableOption) { profileByAuthenticationProvider.setSearchable(AuthenticationProvider.isSearchDisabled(searchableOption)); -- GitLab From b50f04bd59a8707be2962ca7553b1f625f58047f Mon Sep 17 00:00:00 2001 From: Stoyan Tzenkov Date: Mon, 28 Jan 2019 09:46:09 +0200 Subject: [PATCH 06/24] NY-6839: Performance testing using ghz. Initial setup. Signed-off-by: Stoyan Tzenkov --- src/main/performance/READ.ME | 52 +++++++++++++++++++ .../addAuthenticationProviderToProfile.json | 12 +++++ .../performance/addContactInfoToAccount.json | 12 +++++ .../completePendingAccountCreation.json | 13 +++++ .../performance/createPendingAccount.json | 12 +++++ src/main/performance/deleteAccount.json | 11 ++++ ...leteAuthenticationProviderFromProfile.json | 12 +++++ .../deleteContactInfoFromAccount.json | 12 +++++ src/main/performance/deleteProfile.json | 11 ++++ .../editContactInfoForAccount.json | 13 +++++ .../performance/getAccountByAccountId.json | 11 ++++ .../getAccountByCreationProvider.json | 12 +++++ .../performance/getAccountByLoginOption.json | 12 +++++ src/main/performance/getAccountByQrCode.json | 11 ++++ .../getAllAccountsByProfileId.json | 11 ++++ .../performance/getProfileByProfileId.json | 11 ++++ src/main/performance/searchByEmail.json | 11 ++++ src/main/performance/searchByPhoneNumber.json | 11 ++++ src/main/performance/searchByQrCode.json | 11 ++++ .../performance/searchBySocialProvider.json | 12 +++++ src/main/performance/searchByUsername.json | 11 ++++ src/main/performance/updateAccount.json | 13 +++++ ...pdateAuthenticationProviderForProfile.json | 13 +++++ .../performance/updateSearchableOption.json | 14 +++++ 24 files changed, 324 insertions(+) create mode 100644 src/main/performance/READ.ME create mode 100644 src/main/performance/addAuthenticationProviderToProfile.json create mode 100644 src/main/performance/addContactInfoToAccount.json create mode 100644 src/main/performance/completePendingAccountCreation.json create mode 100644 src/main/performance/createPendingAccount.json create mode 100644 src/main/performance/deleteAccount.json create mode 100644 src/main/performance/deleteAuthenticationProviderFromProfile.json create mode 100644 src/main/performance/deleteContactInfoFromAccount.json create mode 100644 src/main/performance/deleteProfile.json create mode 100644 src/main/performance/editContactInfoForAccount.json create mode 100644 src/main/performance/getAccountByAccountId.json create mode 100644 src/main/performance/getAccountByCreationProvider.json create mode 100644 src/main/performance/getAccountByLoginOption.json create mode 100644 src/main/performance/getAccountByQrCode.json create mode 100644 src/main/performance/getAllAccountsByProfileId.json create mode 100644 src/main/performance/getProfileByProfileId.json create mode 100644 src/main/performance/searchByEmail.json create mode 100644 src/main/performance/searchByPhoneNumber.json create mode 100644 src/main/performance/searchByQrCode.json create mode 100644 src/main/performance/searchBySocialProvider.json create mode 100644 src/main/performance/searchByUsername.json create mode 100644 src/main/performance/updateAccount.json create mode 100644 src/main/performance/updateAuthenticationProviderForProfile.json create mode 100644 src/main/performance/updateSearchableOption.json diff --git a/src/main/performance/READ.ME b/src/main/performance/READ.ME new file mode 100644 index 0000000..22bd419 --- /dev/null +++ b/src/main/performance/READ.ME @@ -0,0 +1,52 @@ +This file describes one approach of doing performance testing +of gRPC services. It uses a simple command line utility called ghz. + +ghz facilitates load testing and benchmarking of gRPC services. +It is intended to be used for testing and debugging services locally, +and in automated continous intergration environments for performance +regression testing. + +Instructions to install, configure and use ghz can be found using this link: +https://ghz.sh/docs/intro. + +For the purpose of testing the the NYNJA account services a number of +JSON config files are provided. Each file has the of the gRPC/endpoint +to be tested with extension .json. + +For example, updateSearchableOption gRPC/endpoint could be tested using +the config file updateSearchableOption.json. The file ocntains: + +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.updateSearchableOption", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "profileId": "47b50a3e-97d3-4b68-b63d-fb83bb9d2e06", + "authenticationType": "PHONE", + "authenticationIdentifier": "448873598834", + "searchOption": 1 + }, + "host": "127.0.0.1:6565" +} + +Configuration options can be found following the above link under +"Options Reference". The ones worth mentioning here are: +- call - the endpoint name - 'package/service/method' +- d - the call data as stringified JSON, i.e the parameters to be send +with the request. + +The way to test an endpoint is to call ghz from the command line like: + + >ghz -config ./updateSearchableOption.json + + +ghz produces some output showing a Summary, Response time histogram and +Latency distribution. + + +To achieve more realistic results it would be beneficial to: +1) runeach test multiple times and get the average results +2) configure each test with data existing in the DB and run it multiple times +3) configure each test with data non-existing in the DB and run it multiple times diff --git a/src/main/performance/addAuthenticationProviderToProfile.json b/src/main/performance/addAuthenticationProviderToProfile.json new file mode 100644 index 0000000..3756fbd --- /dev/null +++ b/src/main/performance/addAuthenticationProviderToProfile.json @@ -0,0 +1,12 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.addAuthenticationProviderToProfile", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "profileId": "123e4567-e89b-12d3-a456-426655440011", + "authenticationProvider":{"authenticationType": "PHONE", "authenticationProvider": "448873598834"} + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/addContactInfoToAccount.json b/src/main/performance/addContactInfoToAccount.json new file mode 100644 index 0000000..3af0cb3 --- /dev/null +++ b/src/main/performance/addContactInfoToAccount.json @@ -0,0 +1,12 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.addContactInfoToAccount", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "accountId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35", + "contactInfo":{"type": "PHONE_CONTACT", "value": "448873598834", "label": "The_Label"} + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/completePendingAccountCreation.json b/src/main/performance/completePendingAccountCreation.json new file mode 100644 index 0000000..b375a23 --- /dev/null +++ b/src/main/performance/completePendingAccountCreation.json @@ -0,0 +1,13 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.completePendingAccountCreation", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "accountId": "47b50a3e-97d3-4b68-b63d-fb83bb9d2e06", + "accountName": "Name of account", + "firstName": "Atanas" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/createPendingAccount.json b/src/main/performance/createPendingAccount.json new file mode 100644 index 0000000..e29cdd9 --- /dev/null +++ b/src/main/performance/createPendingAccount.json @@ -0,0 +1,12 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.createPendingAccount", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "authenticationType": "EMAIL", + "authenticationProvider": "pepi.toshev@msn.com" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/deleteAccount.json b/src/main/performance/deleteAccount.json new file mode 100644 index 0000000..f4b5ea1 --- /dev/null +++ b/src/main/performance/deleteAccount.json @@ -0,0 +1,11 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.deleteAccount", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "accountId": "47b50a3e-97d3-4b68-b63d-fb83bb9d2e06" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/deleteAuthenticationProviderFromProfile.json b/src/main/performance/deleteAuthenticationProviderFromProfile.json new file mode 100644 index 0000000..e0bc804 --- /dev/null +++ b/src/main/performance/deleteAuthenticationProviderFromProfile.json @@ -0,0 +1,12 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.deleteAuthenticationProviderFromProfile", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "profileId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35", + "authenticationProvider":{"authenticationType": "EMAIL", "authenticationProvider": "bill.gates@msn.com", "searchOption": "SEARCH_ENABLED"} + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/deleteContactInfoFromAccount.json b/src/main/performance/deleteContactInfoFromAccount.json new file mode 100644 index 0000000..8e531e8 --- /dev/null +++ b/src/main/performance/deleteContactInfoFromAccount.json @@ -0,0 +1,12 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.deleteContactInfoFromAccount", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "accountId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35", + "contactInfo":{"type": "PHONE_CONTACT", "value": "448873598834", "label": "The_Label"} + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/deleteProfile.json b/src/main/performance/deleteProfile.json new file mode 100644 index 0000000..51fe2e4 --- /dev/null +++ b/src/main/performance/deleteProfile.json @@ -0,0 +1,11 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.deleteProfile", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "profileId": "47b50a3e-97d3-4b68-b63d-fb83bb9d2e06" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/editContactInfoForAccount.json b/src/main/performance/editContactInfoForAccount.json new file mode 100644 index 0000000..05438c5 --- /dev/null +++ b/src/main/performance/editContactInfoForAccount.json @@ -0,0 +1,13 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.editContactInfoForAccount", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "accountId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35", + "oldContactInfo":{"type": "PHONE_CONTACT", "value": "448873598834", "label": "The_Label"}, + "editedContactInfo":{"type": "PHONE_CONTACT", "value": "448873598877", "label": "New_Label"} + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/getAccountByAccountId.json b/src/main/performance/getAccountByAccountId.json new file mode 100644 index 0000000..360677a --- /dev/null +++ b/src/main/performance/getAccountByAccountId.json @@ -0,0 +1,11 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.getAccountByAccountId", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "accountId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/getAccountByCreationProvider.json b/src/main/performance/getAccountByCreationProvider.json new file mode 100644 index 0000000..db53cdf --- /dev/null +++ b/src/main/performance/getAccountByCreationProvider.json @@ -0,0 +1,12 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.getAccountByCreationProvider", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "authenticationType": "EMAIL", + "authenticationIdentifier": "pepi.toshev@msn.com" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/getAccountByLoginOption.json b/src/main/performance/getAccountByLoginOption.json new file mode 100644 index 0000000..6d18fc1 --- /dev/null +++ b/src/main/performance/getAccountByLoginOption.json @@ -0,0 +1,12 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.getAccountByLoginOption", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "authenticationType": "PHONE", + "authenticationIdentifier": "448873598834" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/getAccountByQrCode.json b/src/main/performance/getAccountByQrCode.json new file mode 100644 index 0000000..43d2c2a --- /dev/null +++ b/src/main/performance/getAccountByQrCode.json @@ -0,0 +1,11 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.getAccountByQrCode", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "qrCode": "qrCoded" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/getAllAccountsByProfileId.json b/src/main/performance/getAllAccountsByProfileId.json new file mode 100644 index 0000000..5f25842 --- /dev/null +++ b/src/main/performance/getAllAccountsByProfileId.json @@ -0,0 +1,11 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.getAllAccountsByProfileId", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "profileId": "47b50a3e-97d3-4b68-b63d-fb83bb9d2e06" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/getProfileByProfileId.json b/src/main/performance/getProfileByProfileId.json new file mode 100644 index 0000000..53053c8 --- /dev/null +++ b/src/main/performance/getProfileByProfileId.json @@ -0,0 +1,11 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.getProfileByProfileId", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "profileId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/searchByEmail.json b/src/main/performance/searchByEmail.json new file mode 100644 index 0000000..7c49689 --- /dev/null +++ b/src/main/performance/searchByEmail.json @@ -0,0 +1,11 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.searchByEmail", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "email": "gogo@yahoo.com" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/searchByPhoneNumber.json b/src/main/performance/searchByPhoneNumber.json new file mode 100644 index 0000000..af51dad --- /dev/null +++ b/src/main/performance/searchByPhoneNumber.json @@ -0,0 +1,11 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.searchByPhoneNumber", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "phoneNumber": "359888777995" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/searchByQrCode.json b/src/main/performance/searchByQrCode.json new file mode 100644 index 0000000..c24fea7 --- /dev/null +++ b/src/main/performance/searchByQrCode.json @@ -0,0 +1,11 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.searchByQrCode", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "qrCode": "qrCoded" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/searchBySocialProvider.json b/src/main/performance/searchBySocialProvider.json new file mode 100644 index 0000000..fcb19dd --- /dev/null +++ b/src/main/performance/searchBySocialProvider.json @@ -0,0 +1,12 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.searchBySocialProvider", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "authenticationType": "PHONE", + "authenticationIdentifier": "448873598834" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/searchByUsername.json b/src/main/performance/searchByUsername.json new file mode 100644 index 0000000..8dbf187 --- /dev/null +++ b/src/main/performance/searchByUsername.json @@ -0,0 +1,11 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.getAccountByUsername", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "username": "PetarPetrov" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/updateAccount.json b/src/main/performance/updateAccount.json new file mode 100644 index 0000000..b8de7df --- /dev/null +++ b/src/main/performance/updateAccount.json @@ -0,0 +1,13 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.updateAccount", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "accountId": "0994566e-ac7b-45b2-b6ef-36440e44a15a", + "username": "acctIvanv", + "firstName": "Neda" + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/updateAuthenticationProviderForProfile.json b/src/main/performance/updateAuthenticationProviderForProfile.json new file mode 100644 index 0000000..19a01aa --- /dev/null +++ b/src/main/performance/updateAuthenticationProviderForProfile.json @@ -0,0 +1,13 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.updateAuthenticationProviderForProfile", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "profileId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35", + "oldAuthProvider":{"authenticationType": "PHONE", "authenticationProvider": "448873598834", "searchOption": 1}, + "updatedAuthProvider":{"authenticationType": "PHONE", "authenticationProvider": "448873598877", "searchOption": 1} + }, + "host": "127.0.0.1:6565" +} diff --git a/src/main/performance/updateSearchableOption.json b/src/main/performance/updateSearchableOption.json new file mode 100644 index 0000000..816b32c --- /dev/null +++ b/src/main/performance/updateSearchableOption.json @@ -0,0 +1,14 @@ +{ + "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "call": "account.AccountService.updateSearchableOption", + "insecure": true, + "n": 2000, + "c": 50, + "d": { + "profileId": "47b50a3e-97d3-4b68-b63d-fb83bb9d2e06", + "authenticationType": "PHONE", + "authenticationIdentifier": "448873598834", + "searchOption": 1 + }, + "host": "127.0.0.1:6565" +} -- GitLab From 33ea8e534b2be1084ebbf0e203916133239bea61 Mon Sep 17 00:00:00 2001 From: Stoyan Tzenkov Date: Fri, 8 Feb 2019 15:00:47 +0200 Subject: [PATCH 07/24] NY-6839: SOme description added. Signed-off-by: Stoyan Tzenkov --- src/main/performance/READ.ME | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/performance/READ.ME b/src/main/performance/READ.ME index 22bd419..27fc452 100644 --- a/src/main/performance/READ.ME +++ b/src/main/performance/READ.ME @@ -17,7 +17,7 @@ For example, updateSearchableOption gRPC/endpoint could be tested using the config file updateSearchableOption.json. The file ocntains: { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.updateSearchableOption", "insecure": true, "n": 2000, @@ -28,7 +28,7 @@ the config file updateSearchableOption.json. The file ocntains: "authenticationIdentifier": "448873598834", "searchOption": 1 }, - "host": "127.0.0.1:6565" + "host": "" } Configuration options can be found following the above link under @@ -36,6 +36,9 @@ Configuration options can be found following the above link under - call - the endpoint name - 'package/service/method' - d - the call data as stringified JSON, i.e the parameters to be send with the request. + is the actual path to the account.proto file + is the address of the account service as IP address:port. +For example to test on your local machine use "127.0.0.1:6565". The way to test an endpoint is to call ghz from the command line like: -- GitLab From b11366e35825d732c5c16230b01f9eff8182df53 Mon Sep 17 00:00:00 2001 From: Stoyan Tzenkov Date: Fri, 8 Feb 2019 16:57:40 +0200 Subject: [PATCH 08/24] NY-6839: Path generalized. Signed-off-by: Stoyan Tzenkov --- src/main/performance/addAuthenticationProviderToProfile.json | 4 ++-- src/main/performance/addContactInfoToAccount.json | 4 ++-- src/main/performance/completePendingAccountCreation.json | 4 ++-- src/main/performance/createPendingAccount.json | 4 ++-- src/main/performance/deleteAccount.json | 4 ++-- .../performance/deleteAuthenticationProviderFromProfile.json | 4 ++-- src/main/performance/deleteContactInfoFromAccount.json | 4 ++-- src/main/performance/deleteProfile.json | 4 ++-- src/main/performance/editContactInfoForAccount.json | 4 ++-- src/main/performance/getAccountByAccountId.json | 2 +- src/main/performance/getAccountByCreationProvider.json | 4 ++-- src/main/performance/getAccountByLoginOption.json | 4 ++-- src/main/performance/getAccountByQrCode.json | 4 ++-- src/main/performance/getAllAccountsByProfileId.json | 4 ++-- src/main/performance/getProfileByProfileId.json | 4 ++-- src/main/performance/searchByEmail.json | 4 ++-- src/main/performance/searchByPhoneNumber.json | 4 ++-- src/main/performance/searchByQrCode.json | 4 ++-- src/main/performance/searchBySocialProvider.json | 4 ++-- src/main/performance/searchByUsername.json | 4 ++-- src/main/performance/updateAccount.json | 4 ++-- .../performance/updateAuthenticationProviderForProfile.json | 4 ++-- src/main/performance/updateSearchableOption.json | 4 ++-- 23 files changed, 45 insertions(+), 45 deletions(-) diff --git a/src/main/performance/addAuthenticationProviderToProfile.json b/src/main/performance/addAuthenticationProviderToProfile.json index 3756fbd..6b0e20c 100644 --- a/src/main/performance/addAuthenticationProviderToProfile.json +++ b/src/main/performance/addAuthenticationProviderToProfile.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.addAuthenticationProviderToProfile", "insecure": true, "n": 2000, @@ -8,5 +8,5 @@ "profileId": "123e4567-e89b-12d3-a456-426655440011", "authenticationProvider":{"authenticationType": "PHONE", "authenticationProvider": "448873598834"} }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/addContactInfoToAccount.json b/src/main/performance/addContactInfoToAccount.json index 3af0cb3..80543d2 100644 --- a/src/main/performance/addContactInfoToAccount.json +++ b/src/main/performance/addContactInfoToAccount.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.addContactInfoToAccount", "insecure": true, "n": 2000, @@ -8,5 +8,5 @@ "accountId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35", "contactInfo":{"type": "PHONE_CONTACT", "value": "448873598834", "label": "The_Label"} }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/completePendingAccountCreation.json b/src/main/performance/completePendingAccountCreation.json index b375a23..1302b4a 100644 --- a/src/main/performance/completePendingAccountCreation.json +++ b/src/main/performance/completePendingAccountCreation.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.completePendingAccountCreation", "insecure": true, "n": 2000, @@ -9,5 +9,5 @@ "accountName": "Name of account", "firstName": "Atanas" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/createPendingAccount.json b/src/main/performance/createPendingAccount.json index e29cdd9..b0b1a33 100644 --- a/src/main/performance/createPendingAccount.json +++ b/src/main/performance/createPendingAccount.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.createPendingAccount", "insecure": true, "n": 2000, @@ -8,5 +8,5 @@ "authenticationType": "EMAIL", "authenticationProvider": "pepi.toshev@msn.com" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/deleteAccount.json b/src/main/performance/deleteAccount.json index f4b5ea1..1904039 100644 --- a/src/main/performance/deleteAccount.json +++ b/src/main/performance/deleteAccount.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.deleteAccount", "insecure": true, "n": 2000, @@ -7,5 +7,5 @@ "d": { "accountId": "47b50a3e-97d3-4b68-b63d-fb83bb9d2e06" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/deleteAuthenticationProviderFromProfile.json b/src/main/performance/deleteAuthenticationProviderFromProfile.json index e0bc804..130b2df 100644 --- a/src/main/performance/deleteAuthenticationProviderFromProfile.json +++ b/src/main/performance/deleteAuthenticationProviderFromProfile.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.deleteAuthenticationProviderFromProfile", "insecure": true, "n": 2000, @@ -8,5 +8,5 @@ "profileId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35", "authenticationProvider":{"authenticationType": "EMAIL", "authenticationProvider": "bill.gates@msn.com", "searchOption": "SEARCH_ENABLED"} }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/deleteContactInfoFromAccount.json b/src/main/performance/deleteContactInfoFromAccount.json index 8e531e8..90a444a 100644 --- a/src/main/performance/deleteContactInfoFromAccount.json +++ b/src/main/performance/deleteContactInfoFromAccount.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.deleteContactInfoFromAccount", "insecure": true, "n": 2000, @@ -8,5 +8,5 @@ "accountId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35", "contactInfo":{"type": "PHONE_CONTACT", "value": "448873598834", "label": "The_Label"} }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/deleteProfile.json b/src/main/performance/deleteProfile.json index 51fe2e4..f1bf0d0 100644 --- a/src/main/performance/deleteProfile.json +++ b/src/main/performance/deleteProfile.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.deleteProfile", "insecure": true, "n": 2000, @@ -7,5 +7,5 @@ "d": { "profileId": "47b50a3e-97d3-4b68-b63d-fb83bb9d2e06" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/editContactInfoForAccount.json b/src/main/performance/editContactInfoForAccount.json index 05438c5..bed3095 100644 --- a/src/main/performance/editContactInfoForAccount.json +++ b/src/main/performance/editContactInfoForAccount.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.editContactInfoForAccount", "insecure": true, "n": 2000, @@ -9,5 +9,5 @@ "oldContactInfo":{"type": "PHONE_CONTACT", "value": "448873598834", "label": "The_Label"}, "editedContactInfo":{"type": "PHONE_CONTACT", "value": "448873598877", "label": "New_Label"} }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/getAccountByAccountId.json b/src/main/performance/getAccountByAccountId.json index 360677a..04f0809 100644 --- a/src/main/performance/getAccountByAccountId.json +++ b/src/main/performance/getAccountByAccountId.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.getAccountByAccountId", "insecure": true, "n": 2000, diff --git a/src/main/performance/getAccountByCreationProvider.json b/src/main/performance/getAccountByCreationProvider.json index db53cdf..1609cf6 100644 --- a/src/main/performance/getAccountByCreationProvider.json +++ b/src/main/performance/getAccountByCreationProvider.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.getAccountByCreationProvider", "insecure": true, "n": 2000, @@ -8,5 +8,5 @@ "authenticationType": "EMAIL", "authenticationIdentifier": "pepi.toshev@msn.com" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/getAccountByLoginOption.json b/src/main/performance/getAccountByLoginOption.json index 6d18fc1..77c6ad1 100644 --- a/src/main/performance/getAccountByLoginOption.json +++ b/src/main/performance/getAccountByLoginOption.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.getAccountByLoginOption", "insecure": true, "n": 2000, @@ -8,5 +8,5 @@ "authenticationType": "PHONE", "authenticationIdentifier": "448873598834" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/getAccountByQrCode.json b/src/main/performance/getAccountByQrCode.json index 43d2c2a..d516f44 100644 --- a/src/main/performance/getAccountByQrCode.json +++ b/src/main/performance/getAccountByQrCode.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.getAccountByQrCode", "insecure": true, "n": 2000, @@ -7,5 +7,5 @@ "d": { "qrCode": "qrCoded" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/getAllAccountsByProfileId.json b/src/main/performance/getAllAccountsByProfileId.json index 5f25842..b2992ec 100644 --- a/src/main/performance/getAllAccountsByProfileId.json +++ b/src/main/performance/getAllAccountsByProfileId.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.getAllAccountsByProfileId", "insecure": true, "n": 2000, @@ -7,5 +7,5 @@ "d": { "profileId": "47b50a3e-97d3-4b68-b63d-fb83bb9d2e06" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/getProfileByProfileId.json b/src/main/performance/getProfileByProfileId.json index 53053c8..c45a752 100644 --- a/src/main/performance/getProfileByProfileId.json +++ b/src/main/performance/getProfileByProfileId.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.getProfileByProfileId", "insecure": true, "n": 2000, @@ -7,5 +7,5 @@ "d": { "profileId": "ac6d30c3-1e87-4932-ae0f-ebc9c9873b35" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/searchByEmail.json b/src/main/performance/searchByEmail.json index 7c49689..c1ce6cf 100644 --- a/src/main/performance/searchByEmail.json +++ b/src/main/performance/searchByEmail.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.searchByEmail", "insecure": true, "n": 2000, @@ -7,5 +7,5 @@ "d": { "email": "gogo@yahoo.com" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/searchByPhoneNumber.json b/src/main/performance/searchByPhoneNumber.json index af51dad..4ca967a 100644 --- a/src/main/performance/searchByPhoneNumber.json +++ b/src/main/performance/searchByPhoneNumber.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.searchByPhoneNumber", "insecure": true, "n": 2000, @@ -7,5 +7,5 @@ "d": { "phoneNumber": "359888777995" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/searchByQrCode.json b/src/main/performance/searchByQrCode.json index c24fea7..4103974 100644 --- a/src/main/performance/searchByQrCode.json +++ b/src/main/performance/searchByQrCode.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.searchByQrCode", "insecure": true, "n": 2000, @@ -7,5 +7,5 @@ "d": { "qrCode": "qrCoded" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/searchBySocialProvider.json b/src/main/performance/searchBySocialProvider.json index fcb19dd..9e1e782 100644 --- a/src/main/performance/searchBySocialProvider.json +++ b/src/main/performance/searchBySocialProvider.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.searchBySocialProvider", "insecure": true, "n": 2000, @@ -8,5 +8,5 @@ "authenticationType": "PHONE", "authenticationIdentifier": "448873598834" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/searchByUsername.json b/src/main/performance/searchByUsername.json index 8dbf187..5ef8f7a 100644 --- a/src/main/performance/searchByUsername.json +++ b/src/main/performance/searchByUsername.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.getAccountByUsername", "insecure": true, "n": 2000, @@ -7,5 +7,5 @@ "d": { "username": "PetarPetrov" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/updateAccount.json b/src/main/performance/updateAccount.json index b8de7df..d4bbe39 100644 --- a/src/main/performance/updateAccount.json +++ b/src/main/performance/updateAccount.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.updateAccount", "insecure": true, "n": 2000, @@ -9,5 +9,5 @@ "username": "acctIvanv", "firstName": "Neda" }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/updateAuthenticationProviderForProfile.json b/src/main/performance/updateAuthenticationProviderForProfile.json index 19a01aa..e8c132f 100644 --- a/src/main/performance/updateAuthenticationProviderForProfile.json +++ b/src/main/performance/updateAuthenticationProviderForProfile.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.updateAuthenticationProviderForProfile", "insecure": true, "n": 2000, @@ -9,5 +9,5 @@ "oldAuthProvider":{"authenticationType": "PHONE", "authenticationProvider": "448873598834", "searchOption": 1}, "updatedAuthProvider":{"authenticationType": "PHONE", "authenticationProvider": "448873598877", "searchOption": 1} }, - "host": "127.0.0.1:6565" + "host": "" } diff --git a/src/main/performance/updateSearchableOption.json b/src/main/performance/updateSearchableOption.json index 816b32c..1ee14d7 100644 --- a/src/main/performance/updateSearchableOption.json +++ b/src/main/performance/updateSearchableOption.json @@ -1,5 +1,5 @@ { - "proto": "C:/Users/STzenkov/NYNJA_Git/proto-repository/account-service/1.0/account.proto", + "proto": "/account.proto", "call": "account.AccountService.updateSearchableOption", "insecure": true, "n": 2000, @@ -10,5 +10,5 @@ "authenticationIdentifier": "448873598834", "searchOption": 1 }, - "host": "127.0.0.1:6565" + "host": "" } -- GitLab From 9f2777de5887851e7626ea28dbd4fcd68de9be06 Mon Sep 17 00:00:00 2001 From: Stoyan Tzenkov Date: Mon, 11 Feb 2019 12:47:53 +0200 Subject: [PATCH 09/24] NY-6897: USER role removed from createPendingAccount. Signed-off-by: Stoyan Tzenkov --- src/main/java/biz/nynja/account/services/AccountServiceImpl.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/biz/nynja/account/services/AccountServiceImpl.java b/src/main/java/biz/nynja/account/services/AccountServiceImpl.java index 6819fd8..457c784 100644 --- a/src/main/java/biz/nynja/account/services/AccountServiceImpl.java +++ b/src/main/java/biz/nynja/account/services/AccountServiceImpl.java @@ -468,7 +468,6 @@ public class AccountServiceImpl extends AccountServiceGrpc.AccountServiceImplBas @Override @Permitted(role = RoleConstants.ACCOUNT_ADMIN) @Permitted(role = RoleConstants.AUTH_SERVICE) - @Permitted(role = RoleConstants.USER) public void createPendingAccount(CreatePendingAccountRequest request, StreamObserver responseObserver) { CreatePendingAccountResponse response; -- GitLab From ed652e9623ebb72b706227ee0b039b8df8725229 Mon Sep 17 00:00:00 2001 From: Stoyan Tzenkov Date: Mon, 11 Feb 2019 16:43:42 +0200 Subject: [PATCH 10/24] NY-6885: Additional validation in the interceptor. Signed-off-by: Stoyan Tzenkov --- .../permissions/PermissionsInterceptor.java | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/src/main/java/biz/nynja/account/permissions/PermissionsInterceptor.java b/src/main/java/biz/nynja/account/permissions/PermissionsInterceptor.java index 9b731b2..63c7b1d 100644 --- a/src/main/java/biz/nynja/account/permissions/PermissionsInterceptor.java +++ b/src/main/java/biz/nynja/account/permissions/PermissionsInterceptor.java @@ -74,31 +74,47 @@ public class PermissionsInterceptor implements ServerInterceptor { * Expected metadata is "Authorization" : "Bearer --accessTokenValue--" so we can skip validation as istio won't * allow this request through */ - String accessToken = (headers.get(ACCESS_TOKEN_METADATA).split(" "))[1]; - String rpc = getRpcName(call); boolean permitted = false; Context ctx = null; String[] requestingRoles = null; + String rpc = getRpcName(call); + + String metadataEntry = headers.get(ACCESS_TOKEN_METADATA); + if (metadataEntry == null) { + permissionDenied(call, headers, "Permission denied for rpc {}. Access token not in headers", rpc ); + return NOOP_LISTENER; + } + String[] parts = metadataEntry.split(" "); + if (parts.length < 2) { + permissionDenied(call, headers, "Permission denied for rpc {}. Access token not in headers", rpc ); + return NOOP_LISTENER; + } + String accessToken = parts[1]; + if (accessToken == null && accessToken.isEmpty()) { permissionDenied(call, headers, "Permission denied for rpc {}. Access token not in headers", rpc ); + return NOOP_LISTENER; } ctx = Context.current().withValue(ACCESS_TOKEN_CTX, accessToken); DecodedJWT decodedToken = JWT.decode(accessToken); if (!accessPointAvailable(accessToken, decodedToken, rpc)) { permissionDenied(call, headers, "Permission denied for rpc {}. No access point available for this account and access token.", rpc ); + return NOOP_LISTENER; } requestingRoles = getRolesFromAccessToken(decodedToken); if (requestingRoles == null) { permissionDenied(call, headers, "Permission denied for rpc {}. No roles found for requesting account in access token.", rpc ); + return NOOP_LISTENER; } Method method = getMethod(rpc); if (method == null) { permissionDenied(call, headers, "Permission denied for rpc {}. Could not identify the method implementing this rpc.", rpc ); + return NOOP_LISTENER; } Permitted[] permittedRoles = method.getAnnotationsByType(Permitted.class); @@ -176,11 +192,10 @@ public class PermissionsInterceptor implements ServerInterceptor { return false; } - private ServerCall.Listener permissionDenied(ServerCall call, Metadata headers, String message, String rpc ) { + private void permissionDenied(ServerCall call, Metadata headers, String message, String rpc ) { logger.error(message, rpc); call.close(Status.PERMISSION_DENIED.withDescription("An unauthorized call was made to " + rpc + "."), headers); - return NOOP_LISTENER; } } -- GitLab From e70b83b9ad50f386e1e0cae64543044d758e71d2 Mon Sep 17 00:00:00 2001 From: Stanimir Penkov Date: Mon, 18 Feb 2019 14:29:29 +0200 Subject: [PATCH 11/24] NY-6784: Fix: updateAccount endpoint > Change Access Status - fixed changing of access status; - fixed unit tests. Signed-off-by: Stanimir Penkov --- .../permissions/PermissionsValidator.java | 24 ++++++++++++++++++- .../AccountRepositoryAdditionalImpl.java | 5 +++- .../account/services/AccountServiceTests.java | 17 +++++++------ .../java/biz/nynja/account/utils/Util.java | 1 + 4 files changed, 38 insertions(+), 9 deletions(-) diff --git a/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java b/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java index e24cd67..4c6c40c 100644 --- a/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java +++ b/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java @@ -73,6 +73,19 @@ public class PermissionsValidator { return false; } + private static boolean isAdminRole(DecodedJWT decodedToken) { + String[] requestingRoles = null; + Claim claim = decodedToken.getClaim("roles"); + + if (claim != null) { + requestingRoles = claim.asArray(String.class); + if (requestingRoles != null) { + return isAdmin(requestingRoles); + } + } + return false; + } + private static boolean isAuthorized(String[] requestingRoles) { for (String role : requestingRoles) { switch (role) { @@ -83,11 +96,20 @@ public class PermissionsValidator { } return false; } + + private static boolean isAdmin(String[] requestingRoles) { + for (String role : requestingRoles) { + if (role.equals(RoleConstants.ACCOUNT_ADMIN)) { + return true; + } + } + return false; + } public boolean isAdminToken() { DecodedJWT decodedToken = retrieveDecodedToken(); if(decodedToken != null) { - return isAuthorizedRequestingRole(decodedToken); + return isAdminRole(decodedToken); } else return false; } diff --git a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java index 3b19c2f..ca0b799 100644 --- a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java +++ b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java @@ -232,7 +232,10 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio Set existingRoles = existingAccount.getRoles().stream().map(Role::valueOf).collect(Collectors.toSet()); if (!permissionsValidator.isAdminToken()) { // No permission to update roles, load old ones - request = UpdateAccountRequest.newBuilder(request).clearRoles().addAllRoles(existingRoles).build(); + // No permission to update access status, load the old one + request = UpdateAccountRequest.newBuilder(request).clearRoles().addAllRoles(existingRoles) + .clearAccessStatus().setAccessStatus(AccessStatus.valueOf(existingAccount.getAccessStatus())) + .build(); } Long timeUpdated = Instant.now().toEpochMilli(); WriteResult wr = null; diff --git a/src/test/java/biz/nynja/account/services/AccountServiceTests.java b/src/test/java/biz/nynja/account/services/AccountServiceTests.java index 0c54f00..95148ec 100644 --- a/src/test/java/biz/nynja/account/services/AccountServiceTests.java +++ b/src/test/java/biz/nynja/account/services/AccountServiceTests.java @@ -37,6 +37,7 @@ import biz.nynja.account.accesspoints.AccessPointService; import biz.nynja.account.components.AccountServiceHelper; import biz.nynja.account.components.PreparedStatementsCache; import biz.nynja.account.configurations.CassandraTestsConfig; +import biz.nynja.account.grpc.AccessStatus; import biz.nynja.account.grpc.AccountByAccountIdRequest; import biz.nynja.account.grpc.AccountDetails; import biz.nynja.account.grpc.AccountResponse; @@ -416,7 +417,8 @@ public class AccountServiceTests extends GrpcServerTestBase { @Test public void testUpdateAccount() throws ExecutionException, InterruptedException { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setAccountId(Util.ACCOUNT_ID.toString()) - .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setFirstName(Util.FIRST_NAME).build(); + .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setFirstName(Util.FIRST_NAME) + .setAccessStatus(AccessStatus.ENABLED).build(); given(accountRepositoryAdditional.updateAccount(request)).willReturn(updatedAccount); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); @@ -428,7 +430,7 @@ public class AccountServiceTests extends GrpcServerTestBase { @Test public void testUpdateAccountMissingFirstName() { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setAccountId(Util.ACCOUNT_ID.toString()) - .setAccountMark(Util.UPDATED_ACCOUNT_MARK).build(); + .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setAccessStatus(AccessStatus.ENABLED).build(); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); assertNotNull("Reply should not be null", reply); @@ -439,7 +441,7 @@ public class AccountServiceTests extends GrpcServerTestBase { @Test public void testUpdateAccountMissingAccountId() { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setFirstName(Util.FIRST_NAME) - .setAccountMark(Util.UPDATED_ACCOUNT_MARK).build(); + .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setAccessStatus(AccessStatus.ENABLED).build(); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); assertNotNull("Reply should not be null", reply); @@ -451,7 +453,7 @@ public class AccountServiceTests extends GrpcServerTestBase { public void testUpdateAccountAccountIdNotFound() { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder() .setAccountId(Util.ACCOUNT_ID_NOT_FOUND.toString()).setFirstName(Util.FIRST_NAME) - .setAccountMark(Util.UPDATED_ACCOUNT_MARK).build(); + .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setAccessStatus(AccessStatus.ENABLED).build(); given(accountRepositoryAdditional.updateAccount(request)).willReturn(null); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); @@ -464,7 +466,7 @@ public class AccountServiceTests extends GrpcServerTestBase { public void testUpdateAccountUsernameAlreadyUsed() { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setAccountId(Util.ACCOUNT_ID.toString()) .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setFirstName(Util.FIRST_NAME).setUsername(Util.USERNAME) - .build(); + .setAccessStatus(AccessStatus.ENABLED).build(); given(accountRepositoryAdditional.foundExistingNotOwnUsername(UUID.fromString(request.getAccountId()), request.getUsername())).willReturn(true); @@ -1447,7 +1449,7 @@ public class AccountServiceTests extends GrpcServerTestBase { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setAccountId(Util.ACCOUNT_ID.toString()) .setFirstName(Util.FIRST_NAME).setBirthday(Date.newBuilder().setYear(Util.BIRTHDAY.getYear()) .setMonth(Util.BIRTHDAY.getMonthValue()).setDay(Util.BIRTHDAY.getDayOfMonth()).build()) - .build(); + .setAccessStatus(AccessStatus.ENABLED).build(); given(accountRepositoryAdditional.updateAccount(request)).willReturn(updatedAccount); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); @@ -1463,7 +1465,8 @@ public class AccountServiceTests extends GrpcServerTestBase { public void testUpdateAccountInvalidBirthdayDate() { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setAccountId(Util.ACCOUNT_ID.toString()) .setFirstName(Util.FIRST_NAME) - .setBirthday(Date.newBuilder().setYear(1990).setMonth(9).setDay(32).build()).build(); + .setBirthday(Date.newBuilder().setYear(1990).setMonth(9).setDay(32).build()) + .setAccessStatus(AccessStatus.ENABLED).build(); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); diff --git a/src/test/java/biz/nynja/account/utils/Util.java b/src/test/java/biz/nynja/account/utils/Util.java index 7e0bf5b..e713889 100644 --- a/src/test/java/biz/nynja/account/utils/Util.java +++ b/src/test/java/biz/nynja/account/utils/Util.java @@ -230,6 +230,7 @@ public class Util { account.setLastName(LAST_NAME); account.setBirthday(BIRTHDAY); account.setAccountMark(UPDATED_ACCOUNT_MARK); + account.setAccessStatus(AccessStatus.ENABLED.toString()); return account; } -- GitLab From 482df840e4e0561c5adeb918f4ff01177d0348a0 Mon Sep 17 00:00:00 2001 From: Nicolas Berthet Date: Thu, 9 May 2019 13:04:36 +0800 Subject: [PATCH 12/24] Update the development release to use flux --- releases/dev/account-service.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/releases/dev/account-service.yaml b/releases/dev/account-service.yaml index 7a7aa88..2795ec4 100644 --- a/releases/dev/account-service.yaml +++ b/releases/dev/account-service.yaml @@ -1,10 +1,14 @@ +apiVersion: flux.weave.works/v1beta1 kind: HelmRelease metadata: name: account-service namespace: account spec: + releaseName: account-service chart: + repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: account-service + version: 0.1.0 values: replicaCount: 1 -- GitLab From 65415f055bb968649528a053dc4d5fa1395dc686 Mon Sep 17 00:00:00 2001 From: Nicolas Berthet Date: Thu, 9 May 2019 14:41:37 +0800 Subject: [PATCH 13/24] Disable per commit builds --- Jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 9c949e5..cff5afe 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -51,6 +51,7 @@ pipeline { } } } + /* stage('Build commits') { when { not { @@ -73,7 +74,7 @@ pipeline { } } } - + */ stage('Build Dev') { when { branch env.DEV_BRANCH -- GitLab From 0850ef656e0fef6574f037a5b925aff843982a17 Mon Sep 17 00:00:00 2001 From: mapuo Date: Wed, 22 May 2019 11:30:10 +0300 Subject: [PATCH 14/24] add the bridge connection options to deployment --- charts/account-service/Chart.yaml | 2 +- charts/account-service/templates/deployment.yaml | 6 ++++++ releases/dev/account-service.yaml | 7 ++++++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/account-service/Chart.yaml b/charts/account-service/Chart.yaml index 1564648..4881241 100644 --- a/charts/account-service/Chart.yaml +++ b/charts/account-service/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Deployment of the nynja account service. name: account-service -version: 0.1.0 +version: 0.1.1 diff --git a/charts/account-service/templates/deployment.yaml b/charts/account-service/templates/deployment.yaml index 05a885c..053c82a 100644 --- a/charts/account-service/templates/deployment.yaml +++ b/charts/account-service/templates/deployment.yaml @@ -58,6 +58,12 @@ spec: value: {{ .Values.ports.containerPort.http | quote }} - name: GRPC_SERVER_PORT value: {{ .Values.ports.containerPort.grpc | quote }} + - name: ERLANG_ENABLED + value: {{ .Values.bridge.enabled | quote }} + - name: ERLANG_IP + value: {{ .Values.bridge.host | quote }} + - name: ERLANG_PORT + value: {{ .Values.bridge.port | quote }} resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} diff --git a/releases/dev/account-service.yaml b/releases/dev/account-service.yaml index 2795ec4..4cc8656 100644 --- a/releases/dev/account-service.yaml +++ b/releases/dev/account-service.yaml @@ -8,7 +8,7 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: account-service - version: 0.1.0 + version: 0.1.1 values: replicaCount: 1 @@ -35,6 +35,11 @@ spec: http: 8080 grpc: 6565 + bridge: + enabled: true + host: bridge-service.bridge-service.svc.cluster.local + port: 6570 + # CORS policy corsPolicy: allowOrigin: -- GitLab From 04031aa2a951283b8a7202f032eb140de568d450 Mon Sep 17 00:00:00 2001 From: mapuo Date: Wed, 22 May 2019 14:58:55 +0300 Subject: [PATCH 15/24] show bridge configuration in the logs --- src/main/java/biz/nynja/account/Application.java | 11 ++++++++++- .../configuration/ErlangBridgeConfiguration.java | 12 ++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/main/java/biz/nynja/account/Application.java b/src/main/java/biz/nynja/account/Application.java index f19c3d1..cffdaaf 100644 --- a/src/main/java/biz/nynja/account/Application.java +++ b/src/main/java/biz/nynja/account/Application.java @@ -3,17 +3,26 @@ */ package biz.nynja.account; +import biz.nynja.account.configuration.ErlangBridgeConfiguration; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; /** * Main entry point class. - * */ @SpringBootApplication public class Application { + private static final Logger LOGGER = LogManager.getLogger(Application.class); + + public Application(ErlangBridgeConfiguration configuration) { + LOGGER.info("bridge configuration: " + configuration); + } + public static void main(String[] args) { SpringApplication.run(Application.class, args); } + } diff --git a/src/main/java/biz/nynja/account/configuration/ErlangBridgeConfiguration.java b/src/main/java/biz/nynja/account/configuration/ErlangBridgeConfiguration.java index 32f7914..0e74531 100644 --- a/src/main/java/biz/nynja/account/configuration/ErlangBridgeConfiguration.java +++ b/src/main/java/biz/nynja/account/configuration/ErlangBridgeConfiguration.java @@ -6,6 +6,8 @@ package biz.nynja.account.configuration; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Configuration; +import java.util.StringJoiner; + @Configuration @ConfigurationProperties(prefix = "erlang-bridge") public class ErlangBridgeConfiguration { @@ -37,4 +39,14 @@ public class ErlangBridgeConfiguration { public void setPort(String port) { this.port = port; } + + @Override + public String toString() { + return new StringJoiner(", ", ErlangBridgeConfiguration.class.getSimpleName() + "[", "]") + .add("enabled=" + enabled) + .add("host='" + host + "'") + .add("port='" + port + "'") + .toString(); + } + } -- GitLab From 98ec6b65b65ac574ce868f671881665e4aea5cc7 Mon Sep 17 00:00:00 2001 From: mapuo Date: Wed, 22 May 2019 15:22:09 +0300 Subject: [PATCH 16/24] fix bridge configuration --- charts/account-service/templates/deployment.yaml | 6 +++--- src/main/resources/application-production.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/account-service/templates/deployment.yaml b/charts/account-service/templates/deployment.yaml index 053c82a..342b9d6 100644 --- a/charts/account-service/templates/deployment.yaml +++ b/charts/account-service/templates/deployment.yaml @@ -58,11 +58,11 @@ spec: value: {{ .Values.ports.containerPort.http | quote }} - name: GRPC_SERVER_PORT value: {{ .Values.ports.containerPort.grpc | quote }} - - name: ERLANG_ENABLED + - name: BRIDGE_ENABLED value: {{ .Values.bridge.enabled | quote }} - - name: ERLANG_IP + - name: BRIDGE_HOST value: {{ .Values.bridge.host | quote }} - - name: ERLANG_PORT + - name: BRIDGE_PORT value: {{ .Values.bridge.port | quote }} resources: {{ toYaml .Values.resources | indent 12 }} diff --git a/src/main/resources/application-production.yml b/src/main/resources/application-production.yml index d875600..c76cc62 100644 --- a/src/main/resources/application-production.yml +++ b/src/main/resources/application-production.yml @@ -32,9 +32,9 @@ profile-data: max-authenticationproviders-per-profile: 3 erlang-bridge: - enabled: ${ERLANG_ENABLED:false} - ip: ${ERLANG_IP} - port: ${ERLANG_PORT} + enabled: ${BRIDGE_ENABLED:false} + host: ${BRIDGE_HOST} + port: ${BRIDGE_PORT} #Metrics related configurations management: -- GitLab From 171917f58b78bdc343db59a8a8f425c0f1f8a66c Mon Sep 17 00:00:00 2001 From: mapuo Date: Wed, 22 May 2019 15:46:17 +0300 Subject: [PATCH 17/24] bump chart version --- charts/account-service/Chart.yaml | 2 +- releases/dev/account-service.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/account-service/Chart.yaml b/charts/account-service/Chart.yaml index 4881241..1e6397e 100644 --- a/charts/account-service/Chart.yaml +++ b/charts/account-service/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Deployment of the nynja account service. name: account-service -version: 0.1.1 +version: 0.1.2 diff --git a/releases/dev/account-service.yaml b/releases/dev/account-service.yaml index 4cc8656..677022a 100644 --- a/releases/dev/account-service.yaml +++ b/releases/dev/account-service.yaml @@ -8,7 +8,7 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: account-service - version: 0.1.1 + version: 0.1.2 values: replicaCount: 1 -- GitLab From 779d5ae905673d5c5af789eecf1f427222506505 Mon Sep 17 00:00:00 2001 From: mapuo Date: Tue, 4 Jun 2019 09:58:26 +0300 Subject: [PATCH 18/24] send updated account to bridge --- .../AccountRepositoryAdditionalImpl.java | 41 ++++++------------- .../decomposition/AccountCreator.java | 2 +- .../services/erlang/ErlangAccountBridge.java | 3 +- 3 files changed, 16 insertions(+), 30 deletions(-) diff --git a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java index ca0b799..908f3d7 100644 --- a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java +++ b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java @@ -3,18 +3,13 @@ */ package biz.nynja.account.repositories; -import static biz.nynja.account.validation.Validators.util; - import java.time.DateTimeException; import java.time.Instant; -import java.time.LocalDate; import java.util.HashSet; import java.util.List; -import java.util.Map; import java.util.Optional; import java.util.Set; import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; import java.util.stream.Collectors; import javax.annotation.PostConstruct; @@ -26,7 +21,6 @@ import org.springframework.data.cassandra.core.CassandraBatchOperations; import org.springframework.data.cassandra.core.CassandraTemplate; import org.springframework.data.cassandra.core.UpdateOptions; import org.springframework.data.cassandra.core.WriteResult; -import org.springframework.data.cassandra.core.cql.CqlOperations; import org.springframework.stereotype.Service; import com.auth0.jwt.JWT; @@ -233,21 +227,25 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio if (!permissionsValidator.isAdminToken()) { // No permission to update roles, load old ones // No permission to update access status, load the old one - request = UpdateAccountRequest.newBuilder(request).clearRoles().addAllRoles(existingRoles) - .clearAccessStatus().setAccessStatus(AccessStatus.valueOf(existingAccount.getAccessStatus())) + request = UpdateAccountRequest.newBuilder(request) + .clearRoles() + .addAllRoles(existingRoles) + .clearAccessStatus() + .setAccessStatus(AccessStatus.valueOf(existingAccount.getAccessStatus())) .build(); } Long timeUpdated = Instant.now().toEpochMilli(); WriteResult wr = null; try { + Account updatedAccount = updateAccountData(request, existingAccount, timeUpdated); try { - updateAccountData(sagaTransaction, request, existingAccount, timeUpdated); + sagaTransaction.update(updatedAccount, existingAccount); } catch (DateTimeException e) { logger.error("Exception with birthday date while updating account with id {}", request.getAccountId()); return null; } wr = sagaTransaction.execute(); - if (!erlangAccountBridge.updateAccount(existingAccount)) { + if (!erlangAccountBridge.updateAccount(updatedAccount)) { logger.error("Internal error with erlang"); sagaTransaction.rollBack(); return null; @@ -432,29 +430,16 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio return false; } - private void updateAccountData(Transaction transaction, UpdateAccountRequest request, Account currentAccountState, - Long lastUpdateTimestamp) { - Account newAccountState = (Account) SerializationUtils.clone(currentAccountState); - newAccountState.setAvatar(request.getAvatar()); - newAccountState.setAccountMark(request.getAccountMark()); - newAccountState.setAccountName(request.getAccountName()); - newAccountState.setFirstName(request.getFirstName()); - newAccountState.setLastName(request.getLastName()); - newAccountState.setUsername(request.getUsername()); - newAccountState.setLastUpdateTimestamp(lastUpdateTimestamp); - newAccountState.setAccessStatus(request.getAccessStatus().toString()); + private Account updateAccountData( + UpdateAccountRequest request, Account currentAccountState, Long lastUpdateTimestamp) { + + Account newAccountState = AccountBuilder.updateAccount(request, currentAccountState, lastUpdateTimestamp); if (request.getRolesList() == null || request.getRolesList().isEmpty()) { newAccountState.setRoles(Set.of(Role.USER.toString())); } else { newAccountState.setRoles(request.getRolesList().stream().map(Enum::toString).collect(Collectors.toSet())); } - if (util.validateBirthdayIsSet(request.getBirthday())) { - newAccountState.setBirthday(LocalDate.of(request.getBirthday().getYear(), request.getBirthday().getMonth(), - request.getBirthday().getDay())); - } else { - newAccountState.setBirthday(null); - } - transaction.update(newAccountState, currentAccountState); + return newAccountState; } private void updateAuthProvidersInProfileWhenDeletingAccount(Transaction transaction, Profile currentProfileState, diff --git a/src/main/java/biz/nynja/account/services/decomposition/AccountCreator.java b/src/main/java/biz/nynja/account/services/decomposition/AccountCreator.java index 8d31c91..59a3347 100644 --- a/src/main/java/biz/nynja/account/services/decomposition/AccountCreator.java +++ b/src/main/java/biz/nynja/account/services/decomposition/AccountCreator.java @@ -153,7 +153,7 @@ public class AccountCreator { if (createdAccount == null) { return logAndBuildGrpcAccountResponse(AccountResponse.newBuilder(), - "Error creating account with useraname: {}", request.getUsername(), Cause.ERROR_CREATING_ACCOUNT, + "Error creating account with username: {}", request.getUsername(), Cause.ERROR_CREATING_ACCOUNT, "Failed to create account"); } else { logger.debug("Account \"{}\" saved into the DB", createdAccount); diff --git a/src/main/java/biz/nynja/account/services/erlang/ErlangAccountBridge.java b/src/main/java/biz/nynja/account/services/erlang/ErlangAccountBridge.java index f30b96d..bd54908 100644 --- a/src/main/java/biz/nynja/account/services/erlang/ErlangAccountBridge.java +++ b/src/main/java/biz/nynja/account/services/erlang/ErlangAccountBridge.java @@ -1,5 +1,5 @@ /** - * Copyright (C) 2018 Nynja Inc. All rights reserved. + * Copyright (C) 2018 Nynja Inc. All rights reserved. */ package biz.nynja.account.services.erlang; @@ -10,6 +10,7 @@ import java.util.List; import java.util.UUID; public interface ErlangAccountBridge { + boolean createProfile(Profile profile, Account defaultAccount); boolean deleteProfile(UUID profileId, List accountsIds); -- GitLab From 1a396675b9cb3aa519e6d20ba55fd5cd598b1eee Mon Sep 17 00:00:00 2001 From: mapuo Date: Tue, 4 Jun 2019 10:58:59 +0300 Subject: [PATCH 19/24] revert ugly formatting as requested --- .../repositories/AccountRepositoryAdditionalImpl.java | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java index 908f3d7..e699d8a 100644 --- a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java +++ b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java @@ -227,11 +227,8 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio if (!permissionsValidator.isAdminToken()) { // No permission to update roles, load old ones // No permission to update access status, load the old one - request = UpdateAccountRequest.newBuilder(request) - .clearRoles() - .addAllRoles(existingRoles) - .clearAccessStatus() - .setAccessStatus(AccessStatus.valueOf(existingAccount.getAccessStatus())) + request = UpdateAccountRequest.newBuilder(request).clearRoles().addAllRoles(existingRoles) + .clearAccessStatus().setAccessStatus(AccessStatus.valueOf(existingAccount.getAccessStatus())) .build(); } Long timeUpdated = Instant.now().toEpochMilli(); -- GitLab From d30d850978e03d5318491d37dd6ea6e33d08e2fe Mon Sep 17 00:00:00 2001 From: mapuo Date: Tue, 4 Jun 2019 17:42:15 +0300 Subject: [PATCH 20/24] fix return value of updateAccount function --- src/main/java/biz/nynja/account/models/AccountBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/biz/nynja/account/models/AccountBuilder.java b/src/main/java/biz/nynja/account/models/AccountBuilder.java index 02720e1..1718ac1 100644 --- a/src/main/java/biz/nynja/account/models/AccountBuilder.java +++ b/src/main/java/biz/nynja/account/models/AccountBuilder.java @@ -51,7 +51,7 @@ public class AccountBuilder { updatedAccount.setBirthday(null); } - return account; + return updatedAccount; } } -- GitLab From aeebee3b0f83eb67e58704effbd96520c91ee69f Mon Sep 17 00:00:00 2001 From: Dimitar Ivanov Date: Mon, 10 Jun 2019 13:40:00 +0300 Subject: [PATCH 21/24] Enable JWT --- .../templates/authentication-policy.yaml | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/charts/account-service/templates/authentication-policy.yaml b/charts/account-service/templates/authentication-policy.yaml index 63aab21..389396f 100644 --- a/charts/account-service/templates/authentication-policy.yaml +++ b/charts/account-service/templates/authentication-policy.yaml @@ -1,19 +1,19 @@ -#apiVersion: "authentication.istio.io/v1alpha1" -#kind: "Policy" -#metadata: -# name: {{ template "account-service.fullname" . }} -# labels: -# app: {{ template "account-service.name" . }} -# chart: {{ template "account-service.chart" . }} -# release: {{ .Release.Name }} -# heritage: {{ .Release.Service }} -#spec: -# targets: -# - name: {{ template "account-service.name" . }} -# origins: -# - jwt: -# issuer: https://auth.nynja.biz/ -# jwksUri: http://auth-service.auth.svc.cluster.local:8008/keys/public -# audiences: -# - dGVzdEluc3RhbmNl:NynjaApp:NynjaOrg -# principalBinding: USE_ORIGIN +apiVersion: "authentication.istio.io/v1alpha1" +kind: "Policy" +metadata: + name: {{ template "account-service.fullname" . }} + labels: + app: {{ template "account-service.name" . }} + chart: {{ template "account-service.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + targets: + - name: {{ template "account-service.name" . }} + origins: + - jwt: + issuer: https://auth.nynja.biz/ + jwksUri: http://auth-service.auth.svc.cluster.local:8008/keys/public + audiences: + - dGVzdEluc3RhbmNl:NynjaApp:NynjaOrg + principalBinding: USE_ORIGIN -- GitLab From 55e50b562b4b588b392218315bc9f96bab8fdde8 Mon Sep 17 00:00:00 2001 From: Dimitar Ivanov Date: Thu, 13 Jun 2019 12:16:06 +0300 Subject: [PATCH 22/24] Revert "Enable JWT" This reverts commit aeebee3b0f83eb67e58704effbd96520c91ee69f. --- .../templates/authentication-policy.yaml | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/charts/account-service/templates/authentication-policy.yaml b/charts/account-service/templates/authentication-policy.yaml index 389396f..63aab21 100644 --- a/charts/account-service/templates/authentication-policy.yaml +++ b/charts/account-service/templates/authentication-policy.yaml @@ -1,19 +1,19 @@ -apiVersion: "authentication.istio.io/v1alpha1" -kind: "Policy" -metadata: - name: {{ template "account-service.fullname" . }} - labels: - app: {{ template "account-service.name" . }} - chart: {{ template "account-service.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - targets: - - name: {{ template "account-service.name" . }} - origins: - - jwt: - issuer: https://auth.nynja.biz/ - jwksUri: http://auth-service.auth.svc.cluster.local:8008/keys/public - audiences: - - dGVzdEluc3RhbmNl:NynjaApp:NynjaOrg - principalBinding: USE_ORIGIN +#apiVersion: "authentication.istio.io/v1alpha1" +#kind: "Policy" +#metadata: +# name: {{ template "account-service.fullname" . }} +# labels: +# app: {{ template "account-service.name" . }} +# chart: {{ template "account-service.chart" . }} +# release: {{ .Release.Name }} +# heritage: {{ .Release.Service }} +#spec: +# targets: +# - name: {{ template "account-service.name" . }} +# origins: +# - jwt: +# issuer: https://auth.nynja.biz/ +# jwksUri: http://auth-service.auth.svc.cluster.local:8008/keys/public +# audiences: +# - dGVzdEluc3RhbmNl:NynjaApp:NynjaOrg +# principalBinding: USE_ORIGIN -- GitLab From 376df4913503d3b3dfc08c0c5c09c321845a37a7 Mon Sep 17 00:00:00 2001 From: mapuo Date: Fri, 14 Jun 2019 00:21:38 +0300 Subject: [PATCH 23/24] [NY-7528] Pass phone number and email values from account microservice to the messaging server --- .../AccountRepositoryAdditionalImpl.java | 54 +++++-- .../services/erlang/ErlangAccountBridge.java | 4 +- .../erlang/ErlangAccountHttpBridge.java | 6 +- .../erlang/ErlangAccountMqttBridge.java | 142 ++++++++++++------ 4 files changed, 139 insertions(+), 67 deletions(-) diff --git a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java index e699d8a..277f72f 100644 --- a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java +++ b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java @@ -125,8 +125,10 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio public Account completePendingAccountCreation(CompletePendingAccountCreationRequest request) { Transaction sagaTransaction = new SagaTransaction(cassandraTemplate); - PendingAccount pendingAccount = pendingAccountRepository - .findByAccountId(UUID.fromString(request.getAccountId())); + + UUID accountId = UUID.fromString(request.getAccountId()); + + PendingAccount pendingAccount = pendingAccountRepository.findByAccountId(accountId); if (pendingAccount == null) { logger.info("Existing pending account with the provided id was not found or creation timeout expired."); logger.debug("Existing pending account with the provided id {} was not found or creation timeout expired.", @@ -174,21 +176,29 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio return null; } if (wr.wasApplied()) { - pendingAccountRepository.deleteById(UUID.fromString(request.getAccountId())); - return accountRepository.findByAccountId(UUID.fromString(request.getAccountId())); + pendingAccountRepository.deleteById(accountId); + return accountRepository.findByAccountId(accountId); } return null; } - private Account newAccountInsert(Transaction batchOps, CompletePendingAccountCreationRequest request, - PendingAccount pendingAccount, Long creationTimestamp) { + private Account newAccountInsert( + Transaction batchOps, + CompletePendingAccountCreationRequest request, + PendingAccount pendingAccount, + Long creationTimestamp) { + Account newAccount = AccountBuilder.buildNewAccount(request, pendingAccount, creationTimestamp); batchOps.insert(newAccount); return newAccount; } - private Profile newProfileInsert(Transaction batchOps, CompletePendingAccountCreationRequest request, - PendingAccount pendingAccount, Long creationTimestamp) { + private Profile newProfileInsert( + Transaction batchOps, + CompletePendingAccountCreationRequest request, + PendingAccount pendingAccount, + Long creationTimestamp) { + Profile newProfile = new Profile(); newProfile.setProfileId(pendingAccount.getProfileId()); Set authenticationProvidersSet = new HashSet(); @@ -202,7 +212,9 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio return newProfile; } - private void newProfileByAuthenticationProviderInsert(Transaction batchOps, PendingAccount pendingAccount) { + private void newProfileByAuthenticationProviderInsert( + Transaction batchOps, PendingAccount pendingAccount) { + ProfileByAuthenticationProvider newProfileByAuthenticationProvider = new ProfileByAuthenticationProvider(); newProfileByAuthenticationProvider.setAuthenticationProvider(pendingAccount.getAuthenticationProvider()); newProfileByAuthenticationProvider @@ -216,21 +228,31 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio public Account updateAccount(UpdateAccountRequest request) { Transaction sagaTransaction = new SagaTransaction(cassandraTemplate); - Account existingAccount = accountRepository.findByAccountId(UUID.fromString(request.getAccountId())); + UUID accountId = UUID.fromString(request.getAccountId()); + + Account existingAccount = accountRepository.findByAccountId(accountId); if (existingAccount == null) { logger.error("Existing account with the provided id {} was not found.", request.getAccountId()); logger.debug("Existing account with the provided id {} was not found.", request.getAccountId()); return null; } - Set existingRoles = existingAccount.getRoles().stream().map(Role::valueOf).collect(Collectors.toSet()); + Profile existingProfile = profileRepository.findByProfileId(existingAccount.getProfileId()); + + Set existingRoles = existingAccount.getRoles().stream() + .map(Role::valueOf) + .collect(Collectors.toSet()); if (!permissionsValidator.isAdminToken()) { // No permission to update roles, load old ones // No permission to update access status, load the old one - request = UpdateAccountRequest.newBuilder(request).clearRoles().addAllRoles(existingRoles) - .clearAccessStatus().setAccessStatus(AccessStatus.valueOf(existingAccount.getAccessStatus())) + request = UpdateAccountRequest.newBuilder(request) + .clearRoles() + .addAllRoles(existingRoles) + .clearAccessStatus() + .setAccessStatus(AccessStatus.valueOf(existingAccount.getAccessStatus())) .build(); } + Long timeUpdated = Instant.now().toEpochMilli(); WriteResult wr = null; try { @@ -242,7 +264,7 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio return null; } wr = sagaTransaction.execute(); - if (!erlangAccountBridge.updateAccount(updatedAccount)) { + if (!erlangAccountBridge.updateAccount(existingProfile, updatedAccount)) { logger.error("Internal error with erlang"); sagaTransaction.rollBack(); return null; @@ -262,7 +284,7 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio if (applied) { if (request.getAccessStatus().equals(AccessStatus.DISABLED) || request.getAccessStatus().equals(AccessStatus.SUSPENDED)) { - if (!accessPointService.deleteAccessPointsForAccount(UUID.fromString(request.getAccountId()))) { + if (!accessPointService.deleteAccessPointsForAccount(accountId)) { logger.error("Error deleting accesspoints from the DB for account {}.", request.getAccountId()); return null; } @@ -273,7 +295,7 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio return null; } } - Account updatedAccount = accountRepository.findByAccountId(UUID.fromString(request.getAccountId())); + Account updatedAccount = accountRepository.findByAccountId(accountId); return updatedAccount; } } diff --git a/src/main/java/biz/nynja/account/services/erlang/ErlangAccountBridge.java b/src/main/java/biz/nynja/account/services/erlang/ErlangAccountBridge.java index bd54908..6a88a90 100644 --- a/src/main/java/biz/nynja/account/services/erlang/ErlangAccountBridge.java +++ b/src/main/java/biz/nynja/account/services/erlang/ErlangAccountBridge.java @@ -15,9 +15,9 @@ public interface ErlangAccountBridge { boolean deleteProfile(UUID profileId, List accountsIds); - boolean createAccount(Account account); + boolean createAccount(Profile profile, Account account); - boolean updateAccount(Account account); + boolean updateAccount(Profile profile, Account account); boolean deleteAccount(UUID profileId, UUID accountId); diff --git a/src/main/java/biz/nynja/account/services/erlang/ErlangAccountHttpBridge.java b/src/main/java/biz/nynja/account/services/erlang/ErlangAccountHttpBridge.java index 24574f3..17206e6 100644 --- a/src/main/java/biz/nynja/account/services/erlang/ErlangAccountHttpBridge.java +++ b/src/main/java/biz/nynja/account/services/erlang/ErlangAccountHttpBridge.java @@ -81,12 +81,12 @@ public class ErlangAccountHttpBridge implements ErlangAccountBridge { } @Override - public boolean createAccount(Account account) { - return updateAccount(account); + public boolean createAccount(Profile profile, Account account) { + return updateAccount(profile, account); } @Override - public boolean updateAccount(Account account) { + public boolean updateAccount(Profile profile, Account account) { if (!erlangBridgeConfiguration.isEnabled()) return true; JsonObject accountObject = prepareAccountJsonObject(account); diff --git a/src/main/java/biz/nynja/account/services/erlang/ErlangAccountMqttBridge.java b/src/main/java/biz/nynja/account/services/erlang/ErlangAccountMqttBridge.java index da3fdf5..310c27d 100644 --- a/src/main/java/biz/nynja/account/services/erlang/ErlangAccountMqttBridge.java +++ b/src/main/java/biz/nynja/account/services/erlang/ErlangAccountMqttBridge.java @@ -1,108 +1,157 @@ -/** - * Copyright (C) 2018 Nynja Inc. All rights reserved. +/* + * Copyright (C) 2018 Nynja Inc. All rights reserved. */ package biz.nynja.account.services.erlang; -import java.net.MalformedURLException; -import java.util.Arrays; -import java.util.List; -import java.util.Objects; -import java.util.UUID; -import java.util.stream.Collectors; - -import org.springframework.context.annotation.Primary; -import org.springframework.stereotype.Component; - import biz.nynja.account.configuration.ErlangBridgeConfiguration; import biz.nynja.account.models.Account; +import biz.nynja.account.models.AuthenticationProvider; import biz.nynja.account.models.Profile; import biz.nynja.account.services.erlang.interceptor.TokenInterceptorConstants; import biz.nynja.bridge.grpc.AccountBridgeGrpc; import biz.nynja.bridge.grpc.AccountData; -import biz.nynja.bridge.grpc.BridgeSuccessResponse; import biz.nynja.bridge.grpc.ProfileData; import io.grpc.ManagedChannel; import io.grpc.ManagedChannelBuilder; import io.grpc.Metadata; import io.grpc.stub.MetadataUtils; +import org.springframework.context.annotation.Primary; +import org.springframework.stereotype.Component; + +import java.util.*; +import java.util.stream.Collectors; @Component @Primary public class ErlangAccountMqttBridge implements ErlangAccountBridge { - private final ErlangBridgeConfiguration erlangBridgeConfiguration; + private static final String EMAIL_PROVIDER = "EMAIL"; + private static final String PHONE_PROVIDER = "PHONE"; + + private final ErlangBridgeConfiguration configuration; - public ErlangAccountMqttBridge(ErlangBridgeConfiguration erlangBridgeConfiguration) { - this.erlangBridgeConfiguration = erlangBridgeConfiguration; + public ErlangAccountMqttBridge(ErlangBridgeConfiguration configuration) { + this.configuration = configuration; } @Override public boolean createProfile(Profile profile, Account account) { - - if (!erlangBridgeConfiguration.isEnabled()) + if (!configuration.isEnabled()) return true; + ProfileData profileData = buildProfileData(profile, account); - return buildGrpcConnection().createProfile(profileData).getSuccess(); + return buildGrpcConnection() + .createProfile(profileData) + .getSuccess(); } @Override public boolean deleteProfile(UUID profileId, List accountsIds) { - if (!erlangBridgeConfiguration.isEnabled()) + if (!configuration.isEnabled()) return true; - return buildGrpcConnection().deleteProfile(buildDeleteProfileData(profileId, (UUID[]) accountsIds.toArray())).getSuccess(); + + return buildGrpcConnection() + .deleteProfile(buildDeleteProfileData(profileId, (UUID[]) accountsIds.toArray())) + .getSuccess(); } @Override - public boolean createAccount(Account account) { - if (!erlangBridgeConfiguration.isEnabled()) + public boolean createAccount(Profile profile, Account account) { + if (!configuration.isEnabled()) return true; - return buildGrpcConnection().createAccount(buildAccountData(account)).getSuccess(); + + Map providers = getAuthenticationProviders(profile); + + return buildGrpcConnection() + .createAccount(buildAccountData(account, providers.get(EMAIL_PROVIDER))) + .getSuccess(); } @Override - public boolean updateAccount(Account account) { - if (!erlangBridgeConfiguration.isEnabled()) + public boolean updateAccount(Profile profile, Account account) { + if (!configuration.isEnabled()) return true; - return buildGrpcConnection().updateAccount(buildAccountData(account)).getSuccess(); + + Map providers = getAuthenticationProviders(profile); + + return buildGrpcConnection() + .updateAccount(buildAccountData(account, providers.get(EMAIL_PROVIDER))) + .getSuccess(); } @Override public boolean deleteAccount(UUID profileId, UUID accountId) { - if (!erlangBridgeConfiguration.isEnabled()) + if (!configuration.isEnabled()) return true; - return buildGrpcConnection().deleteAccount(buildDeleteProfileData(profileId, accountId)).getSuccess(); + + return buildGrpcConnection() + .deleteAccount(buildDeleteProfileData(profileId, accountId)) + .getSuccess(); } private ProfileData buildProfileData(Profile profile, Account account) { - return ProfileData.newBuilder().setProfileId(profile.getProfileId().toString()) - .setDefaultAccount(buildAccountData(account)) - .setLastUpdateTimestamp(profile.getCreationTimestamp().toString()).build(); + Map providers = getAuthenticationProviders(profile); + + ProfileData.Builder builder = ProfileData.newBuilder() + .setProfileId(profile.getProfileId().toString()) + .setDefaultAccount(buildAccountData(account, providers.get(EMAIL_PROVIDER))) + .setLastUpdateTimestamp(profile.getCreationTimestamp().toString()); + + if (providers.get(PHONE_PROVIDER) != null) { + builder.setPhoneNumber(providers.get(PHONE_PROVIDER)); + } + + return builder.build(); + } + + private Map getAuthenticationProviders(Profile profile) { + return profile.getAuthenticationProviders().stream() + .filter(AuthenticationProvider::getSearchable) + .filter(auth -> auth.getType().equals(PHONE_PROVIDER) + || auth.getType().equals(EMAIL_PROVIDER)) + .collect(Collectors.toUnmodifiableMap(AuthenticationProvider::getType, AuthenticationProvider::getValue)); } - private AccountData buildAccountData(Account account) { - return AccountData.newBuilder().setAccountId(account.getAccountId().toString()) - .setFirstName(account.getFirstName()).setLastName(account.getLastName()) - .setProfileId(account.getProfileId().toString()).setUsername(account.getUsername()) + private AccountData buildAccountData(Account account, String email) { + AccountData.Builder builder = AccountData.newBuilder() + .setAccountId(account.getAccountId().toString()) + .setFirstName(account.getFirstName()) + .setLastName(account.getLastName()) + .setProfileId(account.getProfileId().toString()) + .setUsername(account.getUsername()) .setAvatar(account.getAvatar()) .setLastUpdateTimestamp( - Objects.isNull(account.getLastUpdateTimestamp()) ? Long.toString(System.currentTimeMillis()) - : account.getLastUpdateTimestamp().toString()) - .build(); + Objects.isNull(account.getLastUpdateTimestamp()) + ? Long.toString(System.currentTimeMillis()) + : account.getLastUpdateTimestamp().toString()); + + if (email != null) { + builder.setEmail(email); + } + + return builder.build(); } // Erlang protocol private ProfileData buildDeleteProfileData(UUID profileId, UUID... accountsId) { - return ProfileData.newBuilder().setProfileId(profileId.toString()) - .addAllAccountsIds(Arrays.stream(accountsId).map(UUID::toString).collect(Collectors.toList())).build(); + return ProfileData.newBuilder() + .setProfileId(profileId.toString()) + .addAllAccountsIds( + Arrays.stream(accountsId) + .map(UUID::toString) + .collect(Collectors.toList()) + ) + .build(); } private AccountBridgeGrpc.AccountBridgeBlockingStub buildGrpcConnection() { ManagedChannel managedChannel = ManagedChannelBuilder - .forAddress(erlangBridgeConfiguration.getHost(), Integer.parseInt(erlangBridgeConfiguration.getPort())) - .usePlaintext().build(); - AccountBridgeGrpc.AccountBridgeBlockingStub bridgeServiceBlockingStub = AccountBridgeGrpc - .newBlockingStub(managedChannel); - return MetadataUtils.attachHeaders(bridgeServiceBlockingStub, getHeaders()); + .forAddress(configuration.getHost(), Integer.parseInt(configuration.getPort())) + .usePlaintext() + .build(); + AccountBridgeGrpc.AccountBridgeBlockingStub bridgeService = + AccountBridgeGrpc.newBlockingStub(managedChannel); + return MetadataUtils.attachHeaders(bridgeService, getHeaders()); } /** @@ -117,4 +166,5 @@ public class ErlangAccountMqttBridge implements ErlangAccountBridge { headers.put(key, "Bearer " + TokenInterceptorConstants.ACCESS_TOKEN_CTX.get()); return headers; } + } -- GitLab From 7f81bbef0c3cd57ed84dda9d508b3fe05415c668 Mon Sep 17 00:00:00 2001 From: Nicolas Berthet Date: Wed, 19 Jun 2019 18:36:16 +0800 Subject: [PATCH 24/24] Update the staging deployment to flux --- releases/staging/account-service.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/releases/staging/account-service.yaml b/releases/staging/account-service.yaml index 6adc18a..17707c2 100644 --- a/releases/staging/account-service.yaml +++ b/releases/staging/account-service.yaml @@ -1,10 +1,14 @@ +apiVersion: flux.weave.works/v1beta1 kind: HelmRelease metadata: name: account-service namespace: account spec: + releaseName: account-service chart: + repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: account-service + version: 0.1.0 values: replicaCount: 2 -- GitLab