From 046be9562783946a098f766cc14f60c3d9c82094 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Wed, 12 Aug 2020 18:54:34 +0800 Subject: [PATCH 01/21] Move GrpcMessageInterceptor into auth package to prevent circular dependency. --- .../feast/auth/config/CacheConfiguration.java | 5 +- .../interceptors/GrpcMessageInterceptor.java | 92 ------------------- .../feast/core/config/CoreSecurityConfig.java | 3 +- .../java/feast/core/grpc/CoreServiceImpl.java | 2 +- .../ServingServiceGRpcController.java | 2 +- 5 files changed, 7 insertions(+), 97 deletions(-) delete mode 100644 common/src/main/java/feast/common/interceptors/GrpcMessageInterceptor.java diff --git a/auth/src/main/java/feast/auth/config/CacheConfiguration.java b/auth/src/main/java/feast/auth/config/CacheConfiguration.java index e8c46b3613c..0674956e049 100644 --- a/auth/src/main/java/feast/auth/config/CacheConfiguration.java +++ b/auth/src/main/java/feast/auth/config/CacheConfiguration.java @@ -49,7 +49,7 @@ public class CacheConfiguration implements CachingConfigurer { public static final String AUTHORIZATION_CACHE = "authorization"; - @Autowired SecurityProperties secutiryProps; + @Autowired SecurityProperties securityProperties; @Bean public CacheManager cacheManager() { @@ -83,7 +83,8 @@ public KeyGenerator authKeyGenerator() { Authentication authentication = (Authentication) params[1]; String subject = AuthUtils.getSubjectFromAuth( - authentication, secutiryProps.getAuthorization().getOptions().get("subjectClaim")); + authentication, + securityProperties.getAuthorization().getOptions().get("subjectClaim")); return String.format("%s-%s-%s", method.getName(), projectId, subject); }; } diff --git a/common/src/main/java/feast/common/interceptors/GrpcMessageInterceptor.java b/common/src/main/java/feast/common/interceptors/GrpcMessageInterceptor.java deleted file mode 100644 index 53dec6a0294..00000000000 --- a/common/src/main/java/feast/common/interceptors/GrpcMessageInterceptor.java +++ /dev/null @@ -1,92 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * Copyright 2018-2019 The Feast Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package feast.common.interceptors; - -import com.google.protobuf.Empty; -import com.google.protobuf.Message; -import feast.common.logging.AuditLogger; -import feast.common.logging.entry.MessageAuditLogEntry; -import io.grpc.ForwardingServerCall.SimpleForwardingServerCall; -import io.grpc.ForwardingServerCallListener.SimpleForwardingServerCallListener; -import io.grpc.Metadata; -import io.grpc.ServerCall; -import io.grpc.ServerCall.Listener; -import io.grpc.ServerCallHandler; -import io.grpc.ServerInterceptor; -import io.grpc.Status; -import org.slf4j.event.Level; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; - -/** - * GrpcMessageInterceptor intercepts a GRPC calls to log handling of GRPC messages to the Audit Log. - * Intercepts the incoming and outgoing messages logs them to the audit log, together with method - * name and assumed authenticated identity (if authentication is enabled). NOTE: - * GrpcMessageInterceptor assumes that all service calls are unary (ie single request/response). - */ -public class GrpcMessageInterceptor implements ServerInterceptor { - @Override - public Listener interceptCall( - ServerCall call, Metadata headers, ServerCallHandler next) { - MessageAuditLogEntry.Builder entryBuilder = MessageAuditLogEntry.newBuilder(); - // default response message to empty proto in log entry. - entryBuilder.setResponse(Empty.newBuilder().build()); - - // Unpack service & method name from call - // full method name is in format ./ - String fullMethodName = call.getMethodDescriptor().getFullMethodName(); - entryBuilder.setService( - fullMethodName.substring(fullMethodName.lastIndexOf(".") + 1, fullMethodName.indexOf("/"))); - entryBuilder.setMethod(fullMethodName.substring(fullMethodName.indexOf("/") + 1)); - - // Attempt Extract current authenticated identity. - Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - String identity = (authentication == null) ? "" : authentication.getName(); - entryBuilder.setIdentity(identity); - - // Register forwarding call to intercept outgoing response and log to audit log - call = - new SimpleForwardingServerCall(call) { - @Override - public void sendMessage(RespT message) { - // 2. Track the response & Log entry to audit logger - super.sendMessage(message); - entryBuilder.setResponse((Message) message); - } - - @Override - public void close(Status status, Metadata trailers) { - super.close(status, trailers); - // 3. Log the message log entry to the audit log - Level logLevel = (status.isOk()) ? Level.INFO : Level.ERROR; - entryBuilder.setStatusCode(status.getCode()); - AuditLogger.logMessage(logLevel, entryBuilder); - } - }; - - ServerCall.Listener listener = next.startCall(call, headers); - return new SimpleForwardingServerCallListener(listener) { - @Override - // Register listener to intercept incoming request messages and log to audit log - public void onMessage(ReqT message) { - super.onMessage(message); - // 1. Track the request. - entryBuilder.setRequest((Message) message); - } - }; - } -} diff --git a/core/src/main/java/feast/core/config/CoreSecurityConfig.java b/core/src/main/java/feast/core/config/CoreSecurityConfig.java index ead6bcb18bc..f93431088bd 100644 --- a/core/src/main/java/feast/core/config/CoreSecurityConfig.java +++ b/core/src/main/java/feast/core/config/CoreSecurityConfig.java @@ -29,7 +29,8 @@ @Configuration @Slf4j -@ComponentScan(basePackages = {"feast.auth.config", "feast.auth.service"}) +@ComponentScan( + basePackages = {"feast.auth.config", "feast.auth.service", "feast.auth.interceptors"}) public class CoreSecurityConfig { /** diff --git a/core/src/main/java/feast/core/grpc/CoreServiceImpl.java b/core/src/main/java/feast/core/grpc/CoreServiceImpl.java index ea114005bca..8967a5af9f2 100644 --- a/core/src/main/java/feast/core/grpc/CoreServiceImpl.java +++ b/core/src/main/java/feast/core/grpc/CoreServiceImpl.java @@ -17,8 +17,8 @@ package feast.core.grpc; import com.google.protobuf.InvalidProtocolBufferException; +import feast.auth.interceptors.GrpcMessageInterceptor; import feast.auth.service.AuthorizationService; -import feast.common.interceptors.GrpcMessageInterceptor; import feast.core.config.FeastProperties; import feast.core.exception.RetrievalException; import feast.core.grpc.interceptors.MonitoringInterceptor; diff --git a/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java b/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java index e888f523164..c7307836233 100644 --- a/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java +++ b/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java @@ -16,8 +16,8 @@ */ package feast.serving.controller; +import feast.auth.interceptors.GrpcMessageInterceptor; import feast.auth.service.AuthorizationService; -import feast.common.interceptors.GrpcMessageInterceptor; import feast.proto.serving.ServingAPIProto.FeatureReference; import feast.proto.serving.ServingAPIProto.GetBatchFeaturesRequest; import feast.proto.serving.ServingAPIProto.GetBatchFeaturesResponse; From ab7dcf2f8269fd13cc1ef5a91833fee3045a07fe Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Wed, 12 Aug 2020 18:55:46 +0800 Subject: [PATCH 02/21] Update GrpcMessageInterceptor to output subject claim as identity instead of just id For the 'google' authentication provider this means that the email would be output as identity instead of just a user id --- .../interceptors/GrpcMessageInterceptor.java | 111 ++++++++++++++++++ .../serving/config/ServingSecurityConfig.java | 3 +- 2 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java diff --git a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java new file mode 100644 index 00000000000..6ea9a2de20e --- /dev/null +++ b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java @@ -0,0 +1,111 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * Copyright 2018-2019 The Feast Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package feast.auth.interceptors; + +import com.google.protobuf.Empty; +import com.google.protobuf.Message; +import feast.auth.config.SecurityProperties; +import feast.auth.utils.AuthUtils; +import feast.common.logging.AuditLogger; +import feast.common.logging.entry.MessageAuditLogEntry; +import io.grpc.ForwardingServerCall.SimpleForwardingServerCall; +import io.grpc.ForwardingServerCallListener.SimpleForwardingServerCallListener; +import io.grpc.Metadata; +import io.grpc.ServerCall; +import io.grpc.ServerCall.Listener; +import io.grpc.ServerCallHandler; +import io.grpc.ServerInterceptor; +import io.grpc.Status; +import org.slf4j.event.Level; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; + +/** + * GrpcMessageInterceptor intercepts a GRPC calls to log handling of GRPC messages to the Audit Log. + * Intercepts the incoming and outgoing messages logs them to the audit log, together with method + * name and assumed authenticated identity (if authentication is enabled). NOTE: + * GrpcMessageInterceptor assumes that all service calls are unary (ie single request/response). + */ +@Component +public class GrpcMessageInterceptor implements ServerInterceptor { + private SecurityProperties securityProperties; + + @Autowired + public GrpcMessageInterceptor(SecurityProperties securityProperties) { + this.securityProperties = securityProperties; + } + + @Override + public Listener interceptCall( + ServerCall call, Metadata headers, ServerCallHandler next) { + MessageAuditLogEntry.Builder entryBuilder = MessageAuditLogEntry.newBuilder(); + // default response message to empty proto in log entry. + entryBuilder.setResponse(Empty.newBuilder().build()); + + // Unpack service & method name from call + // full method name is in format ./ + String fullMethodName = call.getMethodDescriptor().getFullMethodName(); + entryBuilder.setService( + fullMethodName.substring(fullMethodName.lastIndexOf(".") + 1, fullMethodName.indexOf("/"))); + entryBuilder.setMethod(fullMethodName.substring(fullMethodName.indexOf("/") + 1)); + + // Attempt Extract current authenticated identity. + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + String identity = ""; + if (authentication != null) { + System.out.println(securityProperties); + identity = + AuthUtils.getSubjectFromAuth( + authentication, + securityProperties.getAuthorization().getOptions().get("subjectClaim")); + } + entryBuilder.setIdentity(identity); + + // Register forwarding call to intercept outgoing response and log to audit log + call = + new SimpleForwardingServerCall(call) { + @Override + public void sendMessage(RespT message) { + // 2. Track the response & Log entry to audit logger + super.sendMessage(message); + entryBuilder.setResponse((Message) message); + } + + @Override + public void close(Status status, Metadata trailers) { + super.close(status, trailers); + // 3. Log the message log entry to the audit log + Level logLevel = (status.isOk()) ? Level.INFO : Level.ERROR; + entryBuilder.setStatusCode(status.getCode()); + AuditLogger.logMessage(logLevel, entryBuilder); + } + }; + + ServerCall.Listener listener = next.startCall(call, headers); + return new SimpleForwardingServerCallListener(listener) { + @Override + // Register listener to intercept incoming request messages and log to audit log + public void onMessage(ReqT message) { + super.onMessage(message); + // 1. Track the request. + entryBuilder.setRequest((Message) message); + } + }; + } +} diff --git a/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java b/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java index 839c133387d..fc4c0260eca 100644 --- a/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java +++ b/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java @@ -47,7 +47,8 @@ */ @Configuration -@ComponentScan(basePackages = {"feast.auth.config", "feast.auth.service"}) +@ComponentScan( + basePackages = {"feast.auth.config", "feast.auth.service", "feast.auth.interceptors"}) public class ServingSecurityConfig { private final FeastProperties feastProperties; From a4e5af5b9167d10a9768ec323d44337e70a4ca98 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Wed, 12 Aug 2020 21:31:22 +0800 Subject: [PATCH 03/21] Remove print statement --- .../java/feast/auth/interceptors/GrpcMessageInterceptor.java | 1 - 1 file changed, 1 deletion(-) diff --git a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java index 6ea9a2de20e..4a927d131d1 100644 --- a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java +++ b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java @@ -69,7 +69,6 @@ public Listener interceptCall( Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); String identity = ""; if (authentication != null) { - System.out.println(securityProperties); identity = AuthUtils.getSubjectFromAuth( authentication, From bf6dfa5ffb96a33c3e6ae9427dafbd80e14e95e5 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Thu, 13 Aug 2020 12:55:58 +0800 Subject: [PATCH 04/21] Fix null in GrpcMessageInterceptor when subjectClaim not set. --- .../feast/auth/config/SecurityProperties.java | 2 +- .../interceptors/GrpcMessageInterceptor.java | 24 +++++++++++++------ .../http/HttpAuthorizationProvider.java | 3 ++- .../main/java/feast/auth/utils/AuthUtils.java | 1 - 4 files changed, 20 insertions(+), 10 deletions(-) diff --git a/auth/src/main/java/feast/auth/config/SecurityProperties.java b/auth/src/main/java/feast/auth/config/SecurityProperties.java index 2cc90f750bb..a4fd1ceb0c5 100644 --- a/auth/src/main/java/feast/auth/config/SecurityProperties.java +++ b/auth/src/main/java/feast/auth/config/SecurityProperties.java @@ -48,7 +48,6 @@ public static class AuthenticationProperties { @Getter @Setter public static class AuthorizationProperties { - // Enable authorization. Authentication must be enabled if authorization is enabled. private boolean enabled; @@ -57,6 +56,7 @@ public static class AuthorizationProperties { private String provider; // K/V options to initialize the provider with + public static final String SUBJECT_CLAIM = "subjectClaim"; private Map options; } } diff --git a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java index 4a927d131d1..caf48a357f0 100644 --- a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java +++ b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java @@ -19,6 +19,7 @@ import com.google.protobuf.Empty; import com.google.protobuf.Message; import feast.auth.config.SecurityProperties; +import feast.auth.config.SecurityProperties.AuthorizationProperties; import feast.auth.utils.AuthUtils; import feast.common.logging.AuditLogger; import feast.common.logging.entry.MessageAuditLogEntry; @@ -30,6 +31,7 @@ import io.grpc.ServerCallHandler; import io.grpc.ServerInterceptor; import io.grpc.Status; +import java.util.Map; import org.slf4j.event.Level; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; @@ -67,13 +69,7 @@ public Listener interceptCall( // Attempt Extract current authenticated identity. Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - String identity = ""; - if (authentication != null) { - identity = - AuthUtils.getSubjectFromAuth( - authentication, - securityProperties.getAuthorization().getOptions().get("subjectClaim")); - } + String identity = (authentication != null) ? getIdentity(authentication) : ""; entryBuilder.setIdentity(identity); // Register forwarding call to intercept outgoing response and log to audit log @@ -107,4 +103,18 @@ public void onMessage(ReqT message) { } }; } + + /** + * Extract current authenticated identity from given {@link Authentication}. Extracts subject + * claim if specified in AuthorizationProperties, otherwise returns authentication name + */ + private String getIdentity(Authentication authentication) { + Map options = securityProperties.getAuthorization().getOptions(); + // use subject claim as identity if set in authorization properties + if (options.containsKey(AuthorizationProperties.SUBJECT_CLAIM)) { + return AuthUtils.getSubjectFromAuth( + authentication, options.get(AuthorizationProperties.SUBJECT_CLAIM)); + } + return authentication.getName(); + } } diff --git a/auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java b/auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java index 96f64aea383..b023a96dc47 100644 --- a/auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java +++ b/auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java @@ -19,6 +19,7 @@ import feast.auth.authorization.AuthorizationProvider; import feast.auth.authorization.AuthorizationResult; import feast.auth.config.CacheConfiguration; +import feast.auth.config.SecurityProperties.AuthorizationProperties; import feast.auth.providers.http.client.api.DefaultApi; import feast.auth.providers.http.client.invoker.ApiClient; import feast.auth.providers.http.client.invoker.ApiException; @@ -62,7 +63,7 @@ public HttpAuthorizationProvider(Map options) { ApiClient apiClient = new ApiClient(); apiClient.setBasePath(options.get("authorizationUrl")); this.defaultApiClient = new DefaultApi(apiClient); - subjectClaim = options.get("subjectClaim"); + subjectClaim = options.get(AuthorizationProperties.SUBJECT_CLAIM); } /** diff --git a/auth/src/main/java/feast/auth/utils/AuthUtils.java b/auth/src/main/java/feast/auth/utils/AuthUtils.java index d211165c86e..a2e37803d48 100644 --- a/auth/src/main/java/feast/auth/utils/AuthUtils.java +++ b/auth/src/main/java/feast/auth/utils/AuthUtils.java @@ -22,7 +22,6 @@ import org.springframework.security.oauth2.jwt.Jwt; public class AuthUtils { - // Suppresses default constructor, ensuring non-instantiability. private AuthUtils() {} From efdb344ee3840c7ef64272b04e2a6605baeb9aec Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Mon, 17 Aug 2020 11:39:44 +0800 Subject: [PATCH 05/21] Add comment for SUBJECT_CLAIM constant in SecurityProperties --- auth/src/main/java/feast/auth/config/SecurityProperties.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth/src/main/java/feast/auth/config/SecurityProperties.java b/auth/src/main/java/feast/auth/config/SecurityProperties.java index a4fd1ceb0c5..52b73c4c045 100644 --- a/auth/src/main/java/feast/auth/config/SecurityProperties.java +++ b/auth/src/main/java/feast/auth/config/SecurityProperties.java @@ -33,7 +33,6 @@ public class SecurityProperties { @Getter @Setter public static class AuthenticationProperties { - // Enable authentication private boolean enabled; @@ -56,6 +55,7 @@ public static class AuthorizationProperties { private String provider; // K/V options to initialize the provider with + // Key for Subject Claim option which sets the name of the subject claim field in tokens. public static final String SUBJECT_CLAIM = "subjectClaim"; private Map options; } From c163d93cb6346f0bbf290fb1a264f9ee23629fc9 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Fri, 21 Aug 2020 11:06:34 +0800 Subject: [PATCH 06/21] Move subjectClaim option to authorization's options. * This is done as subjectClaim would be used even when only authentication is enabled. * For HttpAuthorizationProvider, which requires both authentication and authorization options, the options maps are merged together. --- auth/src/main/java/feast/auth/config/SecurityConfig.java | 2 ++ .../main/java/feast/auth/config/SecurityProperties.java | 4 ++-- .../feast/auth/interceptors/GrpcMessageInterceptor.java | 6 +++--- .../auth/providers/http/HttpAuthorizationProvider.java | 4 ++-- .../HttpAuthorizationProviderCachingTest.java | 9 +++++---- core/src/main/resources/application.yml | 2 +- .../feast/core/auth/CoreServiceAuthenticationIT.java | 2 +- .../java/feast/core/auth/CoreServiceAuthorizationIT.java | 2 +- .../serving/it/ServingServiceOauthAuthorizationIT.java | 2 +- 9 files changed, 18 insertions(+), 15 deletions(-) diff --git a/auth/src/main/java/feast/auth/config/SecurityConfig.java b/auth/src/main/java/feast/auth/config/SecurityConfig.java index 378deea1959..11e062120d0 100644 --- a/auth/src/main/java/feast/auth/config/SecurityConfig.java +++ b/auth/src/main/java/feast/auth/config/SecurityConfig.java @@ -109,7 +109,9 @@ AuthorizationProvider authorizationProvider() { && securityProperties.getAuthorization().isEnabled()) { switch (securityProperties.getAuthorization().getProvider()) { case "http": + // Merge authenticatoin and authorization options to create HttpAuthorizationProvider. Map options = securityProperties.getAuthorization().getOptions(); + options.putAll(securityProperties.getAuthentication().getOptions()); return new HttpAuthorizationProvider(options); default: throw new IllegalArgumentException( diff --git a/auth/src/main/java/feast/auth/config/SecurityProperties.java b/auth/src/main/java/feast/auth/config/SecurityProperties.java index 52b73c4c045..8d6efde2a7d 100644 --- a/auth/src/main/java/feast/auth/config/SecurityProperties.java +++ b/auth/src/main/java/feast/auth/config/SecurityProperties.java @@ -42,6 +42,8 @@ public static class AuthenticationProperties { // K/V options to initialize the provider with private Map options; + // Key for Subject Claim option which sets the name of the subject claim field in tokens. + public static final String SUBJECT_CLAIM = "subjectClaim"; } @Getter @@ -55,8 +57,6 @@ public static class AuthorizationProperties { private String provider; // K/V options to initialize the provider with - // Key for Subject Claim option which sets the name of the subject claim field in tokens. - public static final String SUBJECT_CLAIM = "subjectClaim"; private Map options; } } diff --git a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java index caf48a357f0..b36ae40cbd3 100644 --- a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java +++ b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java @@ -19,7 +19,7 @@ import com.google.protobuf.Empty; import com.google.protobuf.Message; import feast.auth.config.SecurityProperties; -import feast.auth.config.SecurityProperties.AuthorizationProperties; +import feast.auth.config.SecurityProperties.AuthenticationProperties; import feast.auth.utils.AuthUtils; import feast.common.logging.AuditLogger; import feast.common.logging.entry.MessageAuditLogEntry; @@ -111,9 +111,9 @@ public void onMessage(ReqT message) { private String getIdentity(Authentication authentication) { Map options = securityProperties.getAuthorization().getOptions(); // use subject claim as identity if set in authorization properties - if (options.containsKey(AuthorizationProperties.SUBJECT_CLAIM)) { + if (options.containsKey(AuthenticationProperties.SUBJECT_CLAIM)) { return AuthUtils.getSubjectFromAuth( - authentication, options.get(AuthorizationProperties.SUBJECT_CLAIM)); + authentication, options.get(AuthenticationProperties.SUBJECT_CLAIM)); } return authentication.getName(); } diff --git a/auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java b/auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java index b023a96dc47..27ee1fe7f30 100644 --- a/auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java +++ b/auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java @@ -19,7 +19,7 @@ import feast.auth.authorization.AuthorizationProvider; import feast.auth.authorization.AuthorizationResult; import feast.auth.config.CacheConfiguration; -import feast.auth.config.SecurityProperties.AuthorizationProperties; +import feast.auth.config.SecurityProperties.AuthenticationProperties; import feast.auth.providers.http.client.api.DefaultApi; import feast.auth.providers.http.client.invoker.ApiClient; import feast.auth.providers.http.client.invoker.ApiException; @@ -63,7 +63,7 @@ public HttpAuthorizationProvider(Map options) { ApiClient apiClient = new ApiClient(); apiClient.setBasePath(options.get("authorizationUrl")); this.defaultApiClient = new DefaultApi(apiClient); - subjectClaim = options.get(AuthorizationProperties.SUBJECT_CLAIM); + subjectClaim = options.get(AuthenticationProperties.SUBJECT_CLAIM); } /** diff --git a/auth/src/test/java/feast/auth/authorization/HttpAuthorizationProviderCachingTest.java b/auth/src/test/java/feast/auth/authorization/HttpAuthorizationProviderCachingTest.java index 5ca81ba277d..7940daa13fb 100644 --- a/auth/src/test/java/feast/auth/authorization/HttpAuthorizationProviderCachingTest.java +++ b/auth/src/test/java/feast/auth/authorization/HttpAuthorizationProviderCachingTest.java @@ -21,6 +21,7 @@ import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; +import com.google.common.collect.ImmutableMap; import feast.auth.config.CacheConfiguration; import feast.auth.config.SecurityProperties; import feast.auth.config.SecurityProperties.AuthenticationProperties; @@ -64,10 +65,10 @@ SecurityProperties securityProps() { AuthorizationProperties authorization = new AuthorizationProperties(); authorization.setEnabled(true); authorization.setProvider("http"); - Map options = new HashMap<>(); - options.put("authorizationUrl", "localhost"); - options.put("subjectClaim", "email"); - authorization.setOptions(options); + authorization.setOptions(ImmutableMap.of("authorizationUrl", "localhost")); + + authentication.setOptions(ImmutableMap.of("subjectClaim", "email")); + SecurityProperties sp = new SecurityProperties(); sp.setAuthentication(authentication); sp.setAuthorization(authorization); diff --git a/core/src/main/resources/application.yml b/core/src/main/resources/application.yml index 4f60c3cd03f..15d3b9bd3a5 100644 --- a/core/src/main/resources/application.yml +++ b/core/src/main/resources/application.yml @@ -37,13 +37,13 @@ feast: provider: jwt options: jwkEndpointURI: "https://www.googleapis.com/oauth2/v3/certs" + subjectClaim: email authorization: enabled: false provider: http options: authorizationUrl: http://localhost:8082 - subjectClaim: email # If set to true, HTTP REST endpoints at /api/v1 implemented by # CoreServiceRestController will be accessible in Feast Core WITHOUT diff --git a/core/src/test/java/feast/core/auth/CoreServiceAuthenticationIT.java b/core/src/test/java/feast/core/auth/CoreServiceAuthenticationIT.java index 93b5587051f..9ecea9a290d 100644 --- a/core/src/test/java/feast/core/auth/CoreServiceAuthenticationIT.java +++ b/core/src/test/java/feast/core/auth/CoreServiceAuthenticationIT.java @@ -87,7 +87,7 @@ static void initialize(DynamicPropertyRegistry registry) { String.format("http://localhost:%s/.well-known/jwks.json", wireMockRule.port()); // Initialize dynamic properties - registry.add("feast.security.authorization.options.subjectClaim", () -> subjectClaim); + registry.add("feast.security.authentication.options.subjectClaim", () -> subjectClaim); registry.add("feast.security.authentication.options.jwkEndpointURI", () -> jwkEndpointURI); } diff --git a/core/src/test/java/feast/core/auth/CoreServiceAuthorizationIT.java b/core/src/test/java/feast/core/auth/CoreServiceAuthorizationIT.java index d90296d99cf..0c430b0915d 100644 --- a/core/src/test/java/feast/core/auth/CoreServiceAuthorizationIT.java +++ b/core/src/test/java/feast/core/auth/CoreServiceAuthorizationIT.java @@ -133,7 +133,7 @@ static void initialize(DynamicPropertyRegistry registry) { String ketoAdaptorUrl = String.format("http://%s:%s", ketoAdaptorHost, ketoAdaptorPort); // Initialize dynamic properties - registry.add("feast.security.authorization.options.subjectClaim", () -> subjectClaim); + registry.add("feast.security.authentication.options.subjectClaim", () -> subjectClaim); registry.add("feast.security.authentication.options.jwkEndpointURI", () -> jwkEndpointURI); registry.add("feast.security.authorization.options.authorizationUrl", () -> ketoAdaptorUrl); } diff --git a/serving/src/test/java/feast/serving/it/ServingServiceOauthAuthorizationIT.java b/serving/src/test/java/feast/serving/it/ServingServiceOauthAuthorizationIT.java index aaee2321a5f..5f4b169d8d2 100644 --- a/serving/src/test/java/feast/serving/it/ServingServiceOauthAuthorizationIT.java +++ b/serving/src/test/java/feast/serving/it/ServingServiceOauthAuthorizationIT.java @@ -102,7 +102,7 @@ static void initialize(DynamicPropertyRegistry registry) { String ketoAdaptorUrl = String.format("http://%s:%s", ketoAdaptorHost, ketoAdaptorPort); // Initialize dynamic properties - registry.add("feast.security.authorization.options.subjectClaim", () -> subjectClaim); + registry.add("feast.security.authentication.options.subjectClaim", () -> subjectClaim); registry.add("feast.security.authentication.options.jwkEndpointURI", () -> JWK_URI); registry.add("feast.security.authorization.options.authorizationUrl", () -> ketoAdaptorUrl); registry.add("grpc.server.port", () -> FEAST_SERVING_PORT); From 99d93d672e6348405d1c86f50460b5e43d238969 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Fri, 21 Aug 2020 18:06:01 +0800 Subject: [PATCH 07/21] Fix bad import on JobControllerServiceImpl importing GrpcMessageInterceptor --- job-controller/pom.xml | 5 +++++ .../feast/jobcontroller/grpc/JobControllerServiceImpl.java | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/job-controller/pom.xml b/job-controller/pom.xml index b2fab14d84a..93ecd271c2b 100644 --- a/job-controller/pom.xml +++ b/job-controller/pom.xml @@ -81,6 +81,11 @@ feast-common ${project.version} + + dev.feast + feast-auth + ${project.version} + javax.inject diff --git a/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java b/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java index 8d4a6fc588f..7d8d17b46ad 100644 --- a/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java +++ b/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java @@ -17,7 +17,7 @@ package feast.jobcontroller.grpc; import com.google.api.gax.rpc.InvalidArgumentException; -import feast.common.interceptors.GrpcMessageInterceptor; +import feast.auth.interceptors.GrpcMessageInterceptor; import feast.jobcontroller.service.JobService; import feast.proto.core.CoreServiceProto.*; import feast.proto.core.JobControllerServiceGrpc.JobControllerServiceImplBase; From 2d79f5aeaddb2ff81a05eea358a3885102b6f43e Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Mon, 24 Aug 2020 09:26:16 +0800 Subject: [PATCH 08/21] Fix issue where jobcontroller's spring cannot find GrpcMessageInterceptor --- .../main/java/feast/jobcontroller/config/FeastProperties.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java b/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java index 6b917888fe4..924c82f76eb 100644 --- a/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java +++ b/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java @@ -39,7 +39,7 @@ @Getter @Setter @Configuration -@ComponentScan("feast.common.logging") +@ComponentScan(basePackages = {"feast.common.logging", "feast.auth.interceptors"}) @ConfigurationProperties(prefix = "feast", ignoreInvalidFields = true) public class FeastProperties { From f064e742d10c0dff072e13da6a65a9a9ee87695c Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Mon, 24 Aug 2020 10:21:36 +0800 Subject: [PATCH 09/21] Allow GrpcMessageInterceptor to function without securityProperties specified (ie in Job Controller). --- .../interceptors/GrpcMessageInterceptor.java | 23 ++++++++++++++----- 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java index b36ae40cbd3..3073e29f2d5 100644 --- a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java +++ b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java @@ -48,6 +48,15 @@ public class GrpcMessageInterceptor implements ServerInterceptor { private SecurityProperties securityProperties; + public GrpcMessageInterceptor() { + this.securityProperties = null; + } + + /** + * Configure GrpcMessageIntercetor with securityProperties. If provided with securityProperties, + * will output the subject claim specified in securityProperties as identity in {@link + * MessageAuditLogEntry} instead. + */ @Autowired public GrpcMessageInterceptor(SecurityProperties securityProperties) { this.securityProperties = securityProperties; @@ -106,14 +115,16 @@ public void onMessage(ReqT message) { /** * Extract current authenticated identity from given {@link Authentication}. Extracts subject - * claim if specified in AuthorizationProperties, otherwise returns authentication name + * claim if specified in AuthorizationProperties, otherwise returns authentication subject. */ private String getIdentity(Authentication authentication) { - Map options = securityProperties.getAuthorization().getOptions(); - // use subject claim as identity if set in authorization properties - if (options.containsKey(AuthenticationProperties.SUBJECT_CLAIM)) { - return AuthUtils.getSubjectFromAuth( - authentication, options.get(AuthenticationProperties.SUBJECT_CLAIM)); + // use subject claim as identity if set in security authorization properties + if (securityProperties != null) { + Map options = securityProperties.getAuthorization().getOptions(); + if (options.containsKey(AuthenticationProperties.SUBJECT_CLAIM)) { + return AuthUtils.getSubjectFromAuth( + authentication, options.get(AuthenticationProperties.SUBJECT_CLAIM)); + } } return authentication.getName(); } From fe18508adbc2d4a0d74a6d041325ece9e390cbae Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Mon, 24 Aug 2020 11:00:35 +0800 Subject: [PATCH 10/21] Fix wrong method used to make securityProperties param in GrpcMessageInterceptor optinal --- .../auth/interceptors/GrpcMessageInterceptor.java | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java index 3073e29f2d5..aeceb4f8a9a 100644 --- a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java +++ b/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java @@ -34,6 +34,7 @@ import java.util.Map; import org.slf4j.event.Level; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.Nullable; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; @@ -47,18 +48,12 @@ @Component public class GrpcMessageInterceptor implements ServerInterceptor { private SecurityProperties securityProperties; - - public GrpcMessageInterceptor() { - this.securityProperties = null; - } - /** - * Configure GrpcMessageIntercetor with securityProperties. If provided with securityProperties, - * will output the subject claim specified in securityProperties as identity in {@link - * MessageAuditLogEntry} instead. + * Construct GrpcMessageIntercetor. If provided securityProperties, will output the subject claim + * specified in securityProperties as identity in {@link MessageAuditLogEntry} instead. */ @Autowired - public GrpcMessageInterceptor(SecurityProperties securityProperties) { + public GrpcMessageInterceptor(@Nullable SecurityProperties securityProperties) { this.securityProperties = securityProperties; } From 39dcb39fa304442d15c66eac0a43ce3d2ef182e3 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Mon, 24 Aug 2020 12:51:21 +0800 Subject: [PATCH 11/21] Fix missing WebSecurityConfigurerAdapter on jobcontroller start by adding dummy WebSecurityConfig As GrpcMessageInterceptor is moved feast-auth package to prevent a circular dependency, jobcontroller has to import feast-auth to get GrpcMessageInterceptor. feast-auth also imports spring security, which automatically requires WebSecurityConfigurerAdapter to be present in the spring application context. Commit provides a dummy WebSecurityConfigurerAdapter required to statisfy spring. --- auth/pom.xml | 5 ++ .../config/WebSecurityConfig.java | 53 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 job-controller/src/main/java/feast/jobcontroller/config/WebSecurityConfig.java diff --git a/auth/pom.xml b/auth/pom.xml index 43abadb5081..14d1356ebd9 100644 --- a/auth/pom.xml +++ b/auth/pom.xml @@ -40,6 +40,11 @@ grpc-server-spring-boot-starter ${grpc.spring.boot.starter.version} + + org.springframework.security + spring-security-config + ${spring.security.version} + org.springframework.security spring-security-oauth2-resource-server diff --git a/job-controller/src/main/java/feast/jobcontroller/config/WebSecurityConfig.java b/job-controller/src/main/java/feast/jobcontroller/config/WebSecurityConfig.java new file mode 100644 index 00000000000..720067335b0 --- /dev/null +++ b/job-controller/src/main/java/feast/jobcontroller/config/WebSecurityConfig.java @@ -0,0 +1,53 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * Copyright 2018-2020 The Feast Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package feast.jobcontroller.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +/** + * WebSecurityConfig disables auto configuration of Spring HTTP Security and allows security methods + * to be overridden + */ +@Configuration +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + /** + * Allows for custom web security rules to be applied. + * + * @param http {@link HttpSecurity} for configuring web based security + * @throws Exception + */ + @Override + protected void configure(HttpSecurity http) throws Exception { + // Bypasses security/authentication for the following paths + http.authorizeRequests() + // TODO: Currently allows access to all endpoints as Security has not been implemented for + // JobController yet. + // When security is enabled, should only allow unauthenticated access to actuator and + // metrics endpoints. + .antMatchers("/") + // .antMatchers("/actuator/**", "/metrics/**") + .permitAll() + .anyRequest() + .authenticated() + .and() + .csrf() + .disable(); + } +} From e6d22d584a105b133f65d294d9ed5d264f1a6d51 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Tue, 25 Aug 2020 10:19:43 +0800 Subject: [PATCH 12/21] Merge feast-auth module into feast-common under feast.auth.common. --- auth/.openapi-generator-ignore | 20 -- auth/pom.xml | 222 ------------------ common/pom.xml | 212 +++++++++++++++-- .../DefaultJwtAuthenticationProvider.java | 2 +- .../authorization/AuthorizationProvider.java | 2 +- .../authorization/AuthorizationResult.java | 2 +- .../auth/config/CacheConfiguration.java | 4 +- .../common}/auth/config/SecurityConfig.java | 8 +- .../auth/config/SecurityProperties.java | 2 +- .../CoreAuthenticationProperties.java | 2 +- .../credentials/GoogleAuthCredentials.java | 2 +- .../auth/credentials/OAuthCredentials.java | 2 +- .../interceptors/GrpcMessageInterceptor.java | 8 +- .../http/HttpAuthorizationProvider.java | 22 +- .../auth/service/AuthorizationService.java | 8 +- .../feast/common}/auth/utils/AuthUtils.java | 2 +- {auth => common}/src/main/resources/api.yaml | 0 .../HttpAuthorizationProviderCachingTest.java | 18 +- core/pom.xml | 5 - .../feast/core/config/CoreSecurityConfig.java | 6 +- .../feast/core/config/FeastProperties.java | 6 +- .../java/feast/core/grpc/CoreServiceImpl.java | 4 +- .../feast/core/auth/CoreServiceAuthTest.java | 8 +- job-controller/pom.xml | 5 - .../grpc/JobControllerServiceImpl.java | 2 +- pom.xml | 3 +- serving/pom.xml | 6 - .../feast/serving/config/FeastProperties.java | 8 +- .../serving/config/ServingSecurityConfig.java | 10 +- .../ServingServiceGRpcController.java | 4 +- .../ServingServiceGRpcControllerTest.java | 12 +- .../java/feast/serving/it/AuthTestUtils.java | 2 +- 32 files changed, 268 insertions(+), 351 deletions(-) delete mode 100644 auth/.openapi-generator-ignore delete mode 100644 auth/pom.xml rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/authentication/DefaultJwtAuthenticationProvider.java (98%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/authorization/AuthorizationProvider.java (96%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/authorization/AuthorizationResult.java (98%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/config/CacheConfiguration.java (97%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/config/SecurityConfig.java (95%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/config/SecurityProperties.java (98%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/credentials/CoreAuthenticationProperties.java (97%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/credentials/GoogleAuthCredentials.java (98%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/credentials/OAuthCredentials.java (99%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/interceptors/GrpcMessageInterceptor.java (96%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/providers/http/HttpAuthorizationProvider.java (86%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/service/AuthorizationService.java (91%) rename {auth/src/main/java/feast => common/src/main/java/feast/common}/auth/utils/AuthUtils.java (98%) rename {auth => common}/src/main/resources/api.yaml (100%) rename {auth/src/test/java/feast => common/src/test/java/feast/common}/auth/authorization/HttpAuthorizationProviderCachingTest.java (88%) diff --git a/auth/.openapi-generator-ignore b/auth/.openapi-generator-ignore deleted file mode 100644 index 6b177032ba1..00000000000 --- a/auth/.openapi-generator-ignore +++ /dev/null @@ -1,20 +0,0 @@ -settings.gradle -README.md -pom.xml -gradle -git_push.sh -build.sbt -build.gradle -.travis* -.gitignore -src/main/resources/api.yaml -gradle* -gradle/* -gradle-wrapper.* -gradle** -gradle/ -src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java -src/main/java/feast/auth/providers/http/ketoadaptor/api/CheckAccessApiController.java -src/main/java/feast/auth/providers/http/ketoadaptor/api/KetoAuth.java -src/main/AndroidManifest.xml -.openapi-generator/ \ No newline at end of file diff --git a/auth/pom.xml b/auth/pom.xml deleted file mode 100644 index 14d1356ebd9..00000000000 --- a/auth/pom.xml +++ /dev/null @@ -1,222 +0,0 @@ - - 4.0.0 - - dev.feast - feast-parent - ${revision} - - - feast-auth - - Feast Authentication and Authorization - - - feast.auth.providers.http.client - - 1.8.4 - 1.5.24 - 3.14.7 - 2.8.6 - 3.10 - 1.3.2 - 4.13 - 2.8.0 - 0.20.0 - - - - dev.feast - feast-common - ${project.version} - - - org.springframework - spring-context-support - - - net.devh - grpc-server-spring-boot-starter - ${grpc.spring.boot.starter.version} - - - org.springframework.security - spring-security-config - ${spring.security.version} - - - org.springframework.security - spring-security-oauth2-resource-server - ${spring.security.version} - - - org.springframework.security - spring-security-oauth2-jose - ${spring.security.version} - - - org.projectlombok - lombok - - - org.hibernate.validator - hibernate-validator - 6.1.2.Final - - - com.fasterxml.jackson.core - jackson-databind - - - io.swagger - swagger-annotations - ${swagger-core-version} - - - com.squareup.okhttp3 - okhttp - ${okhttp-version} - - - com.squareup.okhttp3 - logging-interceptor - ${okhttp-version} - - - com.google.code.gson - gson - ${gson-version} - - - io.gsonfire - gson-fire - ${gson-fire-version} - - - - com.google.code.findbugs - jsr305 - 3.0.2 - - - org.springframework - spring-test - test - - - org.mockito - mockito-core - ${mockito.version} - test - - - org.springframework.boot - spring-boot-starter-web - - - io.springfox - springfox-swagger2 - ${springfox-version} - - - io.springfox - springfox-swagger-ui - ${springfox-version} - - - javax.xml.bind - jaxb-api - 2.2.11 - - - com.fasterxml.jackson.datatype - jackson-datatype-jsr310 - - - org.openapitools - jackson-databind-nullable - 0.1.0 - - - - javax.validation - validation-api - - - org.springframework.boot - spring-boot-starter-test - test - - - org.junit.vintage - junit-vintage-engine - - - - - junit - junit - 4.12 - - - com.google.auth - google-auth-library-oauth2-http - ${google-auth-library-oauth2-http-version} - - - - - - org.openapitools - openapi-generator-maven-plugin - 4.3.1 - - - client - - generate - - - ${project.basedir}/src/main/resources/api.yaml - java - ${feast.auth.providers.http.client.package.name} - ${feast.auth.providers.http.client.package.name}.model - ${feast.auth.providers.http.client.package.name}.api - ${feast.auth.providers.http.client.package.name}.invoker - - ${project.groupId} - ${project.artifactId} - ${project.version} - true - java8 - Apache 2.0 - https://www.apache.org/licenses/LICENSE-2.0 - ${project.build.directory}/generated-sources - - - - - - - org.apache.maven.plugins - maven-javadoc-plugin - - feast.auth.providers.http.client.* - - - - org.apache.maven.plugins - maven-surefire-plugin - 3.0.0-M4 - - -Xms2048m -Xmx2048m -Djdk.net.URLClassPath.disableClassPathURLCheck=true - - - - org.jacoco - jacoco-maven-plugin - - - - diff --git a/common/pom.xml b/common/pom.xml index 71d64f5f4c3..e6882047ff4 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -30,27 +30,27 @@ Feast common module with functionality that can be reused feast-common - - - - org.apache.maven.plugins - maven-surefire-plugin - 3.0.0-M4 - - -Xms2048m -Xmx2048m -Djdk.net.URLClassPath.disableClassPathURLCheck=true - - - - + + feast.common.auth.providers.http.client + + 1.8.4 + 1.5.24 + 3.14.7 + 3.10 + 1.3.2 + 4.13 + 2.8.0 + 0.20.0 + - + dev.feast datatypes-java ${project.version} compile - - + + com.google.protobuf protobuf-java-util @@ -60,10 +60,6 @@ lombok ${lombok.version} - - javax.validation - validation-api - com.google.auto.value auto-value-annotations @@ -72,6 +68,11 @@ com.google.code.gson gson + + io.gsonfire + gson-fire + ${gson-fire-version} + net.devh grpc-server-spring-boot-starter @@ -82,20 +83,111 @@ + + org.springframework.boot + spring-boot-starter-data-jpa + + + org.springframework + spring-context-support + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.security spring-security-core + + org.springframework.security + spring-security-config + ${spring.security.version} + - org.springframework.boot - spring-boot-starter-data-jpa + org.springframework.security + spring-security-oauth2-resource-server + ${spring.security.version} + + + org.springframework.security + spring-security-oauth2-jose + ${spring.security.version} + + + org.hibernate.validator + hibernate-validator + 6.1.2.Final + + + com.fasterxml.jackson.core + jackson-databind + + + com.fasterxml.jackson.datatype + jackson-datatype-jsr310 + + + org.openapitools + jackson-databind-nullable + 0.1.0 + + + io.swagger + swagger-annotations + ${swagger-core-version} + + + com.squareup.okhttp3 + okhttp + ${okhttp-version} + + + com.squareup.okhttp3 + logging-interceptor + ${okhttp-version} + + + + + io.springfox + springfox-swagger2 + ${springfox-version} + + + io.springfox + springfox-swagger-ui + ${springfox-version} + + + com.google.auth + google-auth-library-oauth2-http + ${google-auth-library-oauth2-http-version} + + + + + com.google.code.findbugs + jsr305 + 3.0.2 - org.slf4j slf4j-api + + + javax.xml.bind + jaxb-api + 2.2.11 + + + javax.validation + validation-api + @@ -114,5 +206,81 @@ 4.0 test + + org.springframework + spring-test + test + + + org.mockito + mockito-core + ${mockito.version} + test + + + org.springframework.boot + spring-boot-starter-test + test + + + org.junit.vintage + junit-vintage-engine + + + + + + + org.openapitools + openapi-generator-maven-plugin + 4.3.1 + + + client + + generate + + + ${project.basedir}/src/main/resources/api.yaml + java + ${feast.common.auth.providers.http.client.package.name} + ${feast.common.auth.providers.http.client.package.name}.model + ${feast.common.auth.providers.http.client.package.name}.api + ${feast.common.auth.providers.http.client.package.name}.invoker + + ${project.groupId} + ${project.artifactId} + ${project.version} + true + java8 + Apache 2.0 + https://www.apache.org/licenses/LICENSE-2.0 + ${project.build.directory}/generated-sources + + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + + feast.common.auth.providers.http.client.* + + + + org.jacoco + jacoco-maven-plugin + + + org.apache.maven.plugins + maven-surefire-plugin + 3.0.0-M4 + + -Xms2048m -Xmx2048m -Djdk.net.URLClassPath.disableClassPathURLCheck=true + + + + diff --git a/auth/src/main/java/feast/auth/authentication/DefaultJwtAuthenticationProvider.java b/common/src/main/java/feast/common/auth/authentication/DefaultJwtAuthenticationProvider.java similarity index 98% rename from auth/src/main/java/feast/auth/authentication/DefaultJwtAuthenticationProvider.java rename to common/src/main/java/feast/common/auth/authentication/DefaultJwtAuthenticationProvider.java index b64eccdccf1..2b5c89f66e6 100644 --- a/auth/src/main/java/feast/auth/authentication/DefaultJwtAuthenticationProvider.java +++ b/common/src/main/java/feast/common/auth/authentication/DefaultJwtAuthenticationProvider.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.authentication; +package feast.common.auth.authentication; import java.util.Map; import org.springframework.security.authentication.AuthenticationProvider; diff --git a/auth/src/main/java/feast/auth/authorization/AuthorizationProvider.java b/common/src/main/java/feast/common/auth/authorization/AuthorizationProvider.java similarity index 96% rename from auth/src/main/java/feast/auth/authorization/AuthorizationProvider.java rename to common/src/main/java/feast/common/auth/authorization/AuthorizationProvider.java index bf0e5797280..e4e398883ec 100644 --- a/auth/src/main/java/feast/auth/authorization/AuthorizationProvider.java +++ b/common/src/main/java/feast/common/auth/authorization/AuthorizationProvider.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.authorization; +package feast.common.auth.authorization; import org.springframework.security.core.Authentication; diff --git a/auth/src/main/java/feast/auth/authorization/AuthorizationResult.java b/common/src/main/java/feast/common/auth/authorization/AuthorizationResult.java similarity index 98% rename from auth/src/main/java/feast/auth/authorization/AuthorizationResult.java rename to common/src/main/java/feast/common/auth/authorization/AuthorizationResult.java index b365355162b..897cef6d37b 100644 --- a/auth/src/main/java/feast/auth/authorization/AuthorizationResult.java +++ b/common/src/main/java/feast/common/auth/authorization/AuthorizationResult.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.authorization; +package feast.common.auth.authorization; import java.util.Optional; import javax.annotation.Nullable; diff --git a/auth/src/main/java/feast/auth/config/CacheConfiguration.java b/common/src/main/java/feast/common/auth/config/CacheConfiguration.java similarity index 97% rename from auth/src/main/java/feast/auth/config/CacheConfiguration.java rename to common/src/main/java/feast/common/auth/config/CacheConfiguration.java index 0674956e049..7731906b88d 100644 --- a/auth/src/main/java/feast/auth/config/CacheConfiguration.java +++ b/common/src/main/java/feast/common/auth/config/CacheConfiguration.java @@ -14,10 +14,10 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.config; +package feast.common.auth.config; import com.google.common.cache.CacheBuilder; -import feast.auth.utils.AuthUtils; +import feast.common.auth.utils.AuthUtils; import java.lang.reflect.Method; import java.util.concurrent.TimeUnit; import lombok.Getter; diff --git a/auth/src/main/java/feast/auth/config/SecurityConfig.java b/common/src/main/java/feast/common/auth/config/SecurityConfig.java similarity index 95% rename from auth/src/main/java/feast/auth/config/SecurityConfig.java rename to common/src/main/java/feast/common/auth/config/SecurityConfig.java index 11e062120d0..aa7f8a2b353 100644 --- a/auth/src/main/java/feast/auth/config/SecurityConfig.java +++ b/common/src/main/java/feast/common/auth/config/SecurityConfig.java @@ -14,11 +14,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.config; +package feast.common.auth.config; -import feast.auth.authentication.DefaultJwtAuthenticationProvider; -import feast.auth.authorization.AuthorizationProvider; -import feast.auth.providers.http.HttpAuthorizationProvider; +import feast.common.auth.authentication.DefaultJwtAuthenticationProvider; +import feast.common.auth.authorization.AuthorizationProvider; +import feast.common.auth.providers.http.HttpAuthorizationProvider; import java.util.ArrayList; import java.util.List; import java.util.Map; diff --git a/auth/src/main/java/feast/auth/config/SecurityProperties.java b/common/src/main/java/feast/common/auth/config/SecurityProperties.java similarity index 98% rename from auth/src/main/java/feast/auth/config/SecurityProperties.java rename to common/src/main/java/feast/common/auth/config/SecurityProperties.java index 8d6efde2a7d..135cc4b5ed3 100644 --- a/auth/src/main/java/feast/auth/config/SecurityProperties.java +++ b/common/src/main/java/feast/common/auth/config/SecurityProperties.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.config; +package feast.common.auth.config; import feast.common.validators.OneOfStrings; import java.util.Map; diff --git a/auth/src/main/java/feast/auth/credentials/CoreAuthenticationProperties.java b/common/src/main/java/feast/common/auth/credentials/CoreAuthenticationProperties.java similarity index 97% rename from auth/src/main/java/feast/auth/credentials/CoreAuthenticationProperties.java rename to common/src/main/java/feast/common/auth/credentials/CoreAuthenticationProperties.java index e307dfb1c83..aa317cf8b15 100644 --- a/auth/src/main/java/feast/auth/credentials/CoreAuthenticationProperties.java +++ b/common/src/main/java/feast/common/auth/credentials/CoreAuthenticationProperties.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.credentials; +package feast.common.auth.credentials; import feast.common.validators.OneOfStrings; import java.util.Map; diff --git a/auth/src/main/java/feast/auth/credentials/GoogleAuthCredentials.java b/common/src/main/java/feast/common/auth/credentials/GoogleAuthCredentials.java similarity index 98% rename from auth/src/main/java/feast/auth/credentials/GoogleAuthCredentials.java rename to common/src/main/java/feast/common/auth/credentials/GoogleAuthCredentials.java index 709b803ce08..c8c2d846001 100644 --- a/auth/src/main/java/feast/auth/credentials/GoogleAuthCredentials.java +++ b/common/src/main/java/feast/common/auth/credentials/GoogleAuthCredentials.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.credentials; +package feast.common.auth.credentials; import static io.grpc.Metadata.ASCII_STRING_MARSHALLER; diff --git a/auth/src/main/java/feast/auth/credentials/OAuthCredentials.java b/common/src/main/java/feast/common/auth/credentials/OAuthCredentials.java similarity index 99% rename from auth/src/main/java/feast/auth/credentials/OAuthCredentials.java rename to common/src/main/java/feast/common/auth/credentials/OAuthCredentials.java index e7ad47f3778..58ab3cf868d 100644 --- a/auth/src/main/java/feast/auth/credentials/OAuthCredentials.java +++ b/common/src/main/java/feast/common/auth/credentials/OAuthCredentials.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.credentials; +package feast.common.auth.credentials; import static io.grpc.Metadata.ASCII_STRING_MARSHALLER; diff --git a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java b/common/src/main/java/feast/common/auth/interceptors/GrpcMessageInterceptor.java similarity index 96% rename from auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java rename to common/src/main/java/feast/common/auth/interceptors/GrpcMessageInterceptor.java index aeceb4f8a9a..861815d2500 100644 --- a/auth/src/main/java/feast/auth/interceptors/GrpcMessageInterceptor.java +++ b/common/src/main/java/feast/common/auth/interceptors/GrpcMessageInterceptor.java @@ -14,13 +14,13 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.interceptors; +package feast.common.auth.interceptors; import com.google.protobuf.Empty; import com.google.protobuf.Message; -import feast.auth.config.SecurityProperties; -import feast.auth.config.SecurityProperties.AuthenticationProperties; -import feast.auth.utils.AuthUtils; +import feast.common.auth.config.SecurityProperties; +import feast.common.auth.config.SecurityProperties.AuthenticationProperties; +import feast.common.auth.utils.AuthUtils; import feast.common.logging.AuditLogger; import feast.common.logging.entry.MessageAuditLogEntry; import io.grpc.ForwardingServerCall.SimpleForwardingServerCall; diff --git a/auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java b/common/src/main/java/feast/common/auth/providers/http/HttpAuthorizationProvider.java similarity index 86% rename from auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java rename to common/src/main/java/feast/common/auth/providers/http/HttpAuthorizationProvider.java index 27ee1fe7f30..041a6b8e1b0 100644 --- a/auth/src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java +++ b/common/src/main/java/feast/common/auth/providers/http/HttpAuthorizationProvider.java @@ -14,17 +14,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.providers.http; +package feast.common.auth.providers.http; -import feast.auth.authorization.AuthorizationProvider; -import feast.auth.authorization.AuthorizationResult; -import feast.auth.config.CacheConfiguration; -import feast.auth.config.SecurityProperties.AuthenticationProperties; -import feast.auth.providers.http.client.api.DefaultApi; -import feast.auth.providers.http.client.invoker.ApiClient; -import feast.auth.providers.http.client.invoker.ApiException; -import feast.auth.providers.http.client.model.CheckAccessRequest; -import feast.auth.utils.AuthUtils; +import feast.common.auth.authorization.AuthorizationProvider; +import feast.common.auth.authorization.AuthorizationResult; +import feast.common.auth.config.CacheConfiguration; +import feast.common.auth.config.SecurityProperties.AuthenticationProperties; +import feast.common.auth.providers.http.client.api.DefaultApi; +import feast.common.auth.providers.http.client.invoker.ApiClient; +import feast.common.auth.providers.http.client.invoker.ApiException; +import feast.common.auth.providers.http.client.model.CheckAccessRequest; +import feast.common.auth.utils.AuthUtils; import java.util.Map; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -89,7 +89,7 @@ public AuthorizationResult checkAccessToProject(String projectId, Authentication try { Jwt credentials = ((Jwt) authentication.getCredentials()); // Make authorization request to external service - feast.auth.providers.http.client.model.AuthorizationResult authResult = + feast.common.auth.providers.http.client.model.AuthorizationResult authResult = this.defaultApiClient.checkAccessPost( checkAccessRequest, "Bearer " + credentials.getTokenValue()); if (authResult == null) { diff --git a/auth/src/main/java/feast/auth/service/AuthorizationService.java b/common/src/main/java/feast/common/auth/service/AuthorizationService.java similarity index 91% rename from auth/src/main/java/feast/auth/service/AuthorizationService.java rename to common/src/main/java/feast/common/auth/service/AuthorizationService.java index 24942611857..7d325e880d9 100644 --- a/auth/src/main/java/feast/auth/service/AuthorizationService.java +++ b/common/src/main/java/feast/common/auth/service/AuthorizationService.java @@ -14,11 +14,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.service; +package feast.common.auth.service; -import feast.auth.authorization.AuthorizationProvider; -import feast.auth.authorization.AuthorizationResult; -import feast.auth.config.SecurityProperties; +import feast.common.auth.authorization.AuthorizationProvider; +import feast.common.auth.authorization.AuthorizationResult; +import feast.common.auth.config.SecurityProperties; import lombok.AllArgsConstructor; import org.springframework.beans.factory.ObjectProvider; import org.springframework.beans.factory.annotation.Autowired; diff --git a/auth/src/main/java/feast/auth/utils/AuthUtils.java b/common/src/main/java/feast/common/auth/utils/AuthUtils.java similarity index 98% rename from auth/src/main/java/feast/auth/utils/AuthUtils.java rename to common/src/main/java/feast/common/auth/utils/AuthUtils.java index a2e37803d48..e05fc70a184 100644 --- a/auth/src/main/java/feast/auth/utils/AuthUtils.java +++ b/common/src/main/java/feast/common/auth/utils/AuthUtils.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.utils; +package feast.common.auth.utils; import java.util.Map; import org.hibernate.validator.internal.constraintvalidators.bv.EmailValidator; diff --git a/auth/src/main/resources/api.yaml b/common/src/main/resources/api.yaml similarity index 100% rename from auth/src/main/resources/api.yaml rename to common/src/main/resources/api.yaml diff --git a/auth/src/test/java/feast/auth/authorization/HttpAuthorizationProviderCachingTest.java b/common/src/test/java/feast/common/auth/authorization/HttpAuthorizationProviderCachingTest.java similarity index 88% rename from auth/src/test/java/feast/auth/authorization/HttpAuthorizationProviderCachingTest.java rename to common/src/test/java/feast/common/auth/authorization/HttpAuthorizationProviderCachingTest.java index 7940daa13fb..f303801c301 100644 --- a/auth/src/test/java/feast/auth/authorization/HttpAuthorizationProviderCachingTest.java +++ b/common/src/test/java/feast/common/auth/authorization/HttpAuthorizationProviderCachingTest.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.auth.authorization; +package feast.common.auth.authorization; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.doReturn; @@ -22,14 +22,14 @@ import static org.mockito.Mockito.verify; import com.google.common.collect.ImmutableMap; -import feast.auth.config.CacheConfiguration; -import feast.auth.config.SecurityProperties; -import feast.auth.config.SecurityProperties.AuthenticationProperties; -import feast.auth.config.SecurityProperties.AuthorizationProperties; -import feast.auth.providers.http.HttpAuthorizationProvider; -import feast.auth.providers.http.client.api.DefaultApi; -import feast.auth.providers.http.client.model.AuthorizationResult; -import feast.auth.providers.http.client.model.CheckAccessRequest; +import feast.common.auth.config.CacheConfiguration; +import feast.common.auth.config.SecurityProperties; +import feast.common.auth.config.SecurityProperties.AuthenticationProperties; +import feast.common.auth.config.SecurityProperties.AuthorizationProperties; +import feast.common.auth.providers.http.HttpAuthorizationProvider; +import feast.common.auth.providers.http.client.api.DefaultApi; +import feast.common.auth.providers.http.client.model.AuthorizationResult; +import feast.common.auth.providers.http.client.model.CheckAccessRequest; import java.util.HashMap; import java.util.Map; import org.junit.Test; diff --git a/core/pom.xml b/core/pom.xml index 483c23d550c..97d31268b36 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -74,11 +74,6 @@ feast-common ${project.version} - - dev.feast - feast-auth - ${project.version} - dev.feast feast-common-test diff --git a/core/src/main/java/feast/core/config/CoreSecurityConfig.java b/core/src/main/java/feast/core/config/CoreSecurityConfig.java index f93431088bd..8faa5b69800 100644 --- a/core/src/main/java/feast/core/config/CoreSecurityConfig.java +++ b/core/src/main/java/feast/core/config/CoreSecurityConfig.java @@ -30,7 +30,11 @@ @Configuration @Slf4j @ComponentScan( - basePackages = {"feast.auth.config", "feast.auth.service", "feast.auth.interceptors"}) + basePackages = { + "feast.common.auth.config", + "feast.common.auth.service", + "feast.common.auth.interceptors" + }) public class CoreSecurityConfig { /** diff --git a/core/src/main/java/feast/core/config/FeastProperties.java b/core/src/main/java/feast/core/config/FeastProperties.java index 70cc79f7f36..fd926ea5da4 100644 --- a/core/src/main/java/feast/core/config/FeastProperties.java +++ b/core/src/main/java/feast/core/config/FeastProperties.java @@ -16,9 +16,9 @@ */ package feast.core.config; -import feast.auth.config.SecurityProperties; -import feast.auth.config.SecurityProperties.AuthenticationProperties; -import feast.auth.config.SecurityProperties.AuthorizationProperties; +import feast.common.auth.config.SecurityProperties; +import feast.common.auth.config.SecurityProperties.AuthenticationProperties; +import feast.common.auth.config.SecurityProperties.AuthorizationProperties; import feast.common.logging.config.LoggingProperties; import feast.common.validators.OneOfStrings; import feast.core.config.FeastProperties.StreamProperties.FeatureStreamOptions; diff --git a/core/src/main/java/feast/core/grpc/CoreServiceImpl.java b/core/src/main/java/feast/core/grpc/CoreServiceImpl.java index 8967a5af9f2..0d03fc57f37 100644 --- a/core/src/main/java/feast/core/grpc/CoreServiceImpl.java +++ b/core/src/main/java/feast/core/grpc/CoreServiceImpl.java @@ -17,8 +17,8 @@ package feast.core.grpc; import com.google.protobuf.InvalidProtocolBufferException; -import feast.auth.interceptors.GrpcMessageInterceptor; -import feast.auth.service.AuthorizationService; +import feast.common.auth.interceptors.GrpcMessageInterceptor; +import feast.common.auth.service.AuthorizationService; import feast.core.config.FeastProperties; import feast.core.exception.RetrievalException; import feast.core.grpc.interceptors.MonitoringInterceptor; diff --git a/core/src/test/java/feast/core/auth/CoreServiceAuthTest.java b/core/src/test/java/feast/core/auth/CoreServiceAuthTest.java index 949881d5e62..24d313dcd3a 100644 --- a/core/src/test/java/feast/core/auth/CoreServiceAuthTest.java +++ b/core/src/test/java/feast/core/auth/CoreServiceAuthTest.java @@ -24,10 +24,10 @@ import static org.mockito.Mockito.when; import com.google.protobuf.InvalidProtocolBufferException; -import feast.auth.authorization.AuthorizationProvider; -import feast.auth.authorization.AuthorizationResult; -import feast.auth.config.SecurityProperties; -import feast.auth.service.AuthorizationService; +import feast.common.auth.authorization.AuthorizationProvider; +import feast.common.auth.authorization.AuthorizationResult; +import feast.common.auth.config.SecurityProperties; +import feast.common.auth.service.AuthorizationService; import feast.core.config.FeastProperties; import feast.core.dao.ProjectRepository; import feast.core.grpc.CoreServiceImpl; diff --git a/job-controller/pom.xml b/job-controller/pom.xml index 93ecd271c2b..b2fab14d84a 100644 --- a/job-controller/pom.xml +++ b/job-controller/pom.xml @@ -81,11 +81,6 @@ feast-common ${project.version} - - dev.feast - feast-auth - ${project.version} - javax.inject diff --git a/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java b/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java index 7d8d17b46ad..f7f3e1126b7 100644 --- a/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java +++ b/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java @@ -17,7 +17,7 @@ package feast.jobcontroller.grpc; import com.google.api.gax.rpc.InvalidArgumentException; -import feast.auth.interceptors.GrpcMessageInterceptor; +import feast.common.auth.interceptors.GrpcMessageInterceptor; import feast.jobcontroller.service.JobService; import feast.proto.core.CoreServiceProto.*; import feast.proto.core.JobControllerServiceGrpc.JobControllerServiceImplBase; diff --git a/pom.xml b/pom.xml index bc31a95425f..12d8c8be8e4 100644 --- a/pom.xml +++ b/pom.xml @@ -37,7 +37,6 @@ sdk/java docs/coverage/java common - auth job-controller common-test @@ -298,7 +297,7 @@ com.google.code.gson gson - 2.8.5 + 2.8.6 diff --git a/serving/pom.xml b/serving/pom.xml index d0edf6ade0f..100eed3d373 100644 --- a/serving/pom.xml +++ b/serving/pom.xml @@ -104,12 +104,6 @@ ${project.version} - - dev.feast - feast-auth - ${project.version} - - org.slf4j diff --git a/serving/src/main/java/feast/serving/config/FeastProperties.java b/serving/src/main/java/feast/serving/config/FeastProperties.java index 6a1d1a55171..f31f3aa32f7 100644 --- a/serving/src/main/java/feast/serving/config/FeastProperties.java +++ b/serving/src/main/java/feast/serving/config/FeastProperties.java @@ -25,10 +25,10 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.google.protobuf.InvalidProtocolBufferException; import com.google.protobuf.util.JsonFormat; -import feast.auth.config.SecurityProperties; -import feast.auth.config.SecurityProperties.AuthenticationProperties; -import feast.auth.config.SecurityProperties.AuthorizationProperties; -import feast.auth.credentials.CoreAuthenticationProperties; +import feast.common.auth.config.SecurityProperties; +import feast.common.auth.config.SecurityProperties.AuthenticationProperties; +import feast.common.auth.config.SecurityProperties.AuthorizationProperties; +import feast.common.auth.credentials.CoreAuthenticationProperties; import feast.common.logging.config.LoggingProperties; import feast.proto.core.StoreProto; import java.util.*; diff --git a/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java b/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java index fc4c0260eca..a9fc459f37d 100644 --- a/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java +++ b/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java @@ -16,8 +16,8 @@ */ package feast.serving.config; -import feast.auth.credentials.GoogleAuthCredentials; -import feast.auth.credentials.OAuthCredentials; +import feast.common.auth.credentials.GoogleAuthCredentials; +import feast.common.auth.credentials.OAuthCredentials; import feast.proto.serving.ServingServiceGrpc; import io.grpc.CallCredentials; import io.grpc.health.v1.HealthGrpc; @@ -48,7 +48,11 @@ @Configuration @ComponentScan( - basePackages = {"feast.auth.config", "feast.auth.service", "feast.auth.interceptors"}) + basePackages = { + "feast.common.auth.config", + "feast.common.auth.service", + "feast.common.auth.interceptors" + }) public class ServingSecurityConfig { private final FeastProperties feastProperties; diff --git a/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java b/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java index c7307836233..40199cec26e 100644 --- a/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java +++ b/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java @@ -16,8 +16,8 @@ */ package feast.serving.controller; -import feast.auth.interceptors.GrpcMessageInterceptor; -import feast.auth.service.AuthorizationService; +import feast.common.auth.interceptors.GrpcMessageInterceptor; +import feast.common.auth.service.AuthorizationService; import feast.proto.serving.ServingAPIProto.FeatureReference; import feast.proto.serving.ServingAPIProto.GetBatchFeaturesRequest; import feast.proto.serving.ServingAPIProto.GetBatchFeaturesResponse; diff --git a/serving/src/test/java/feast/serving/controller/ServingServiceGRpcControllerTest.java b/serving/src/test/java/feast/serving/controller/ServingServiceGRpcControllerTest.java index 3577f098c1e..8e5068264dc 100644 --- a/serving/src/test/java/feast/serving/controller/ServingServiceGRpcControllerTest.java +++ b/serving/src/test/java/feast/serving/controller/ServingServiceGRpcControllerTest.java @@ -24,12 +24,12 @@ import static org.mockito.MockitoAnnotations.initMocks; import com.google.protobuf.Timestamp; -import feast.auth.authorization.AuthorizationProvider; -import feast.auth.authorization.AuthorizationResult; -import feast.auth.config.SecurityProperties; -import feast.auth.config.SecurityProperties.AuthenticationProperties; -import feast.auth.config.SecurityProperties.AuthorizationProperties; -import feast.auth.service.AuthorizationService; +import feast.common.auth.authorization.AuthorizationProvider; +import feast.common.auth.authorization.AuthorizationResult; +import feast.common.auth.config.SecurityProperties; +import feast.common.auth.config.SecurityProperties.AuthenticationProperties; +import feast.common.auth.config.SecurityProperties.AuthorizationProperties; +import feast.common.auth.service.AuthorizationService; import feast.proto.serving.ServingAPIProto.FeatureReference; import feast.proto.serving.ServingAPIProto.GetOnlineFeaturesRequest; import feast.proto.serving.ServingAPIProto.GetOnlineFeaturesRequest.EntityRow; diff --git a/serving/src/test/java/feast/serving/it/AuthTestUtils.java b/serving/src/test/java/feast/serving/it/AuthTestUtils.java index 5ec7298e988..e5e0def8018 100644 --- a/serving/src/test/java/feast/serving/it/AuthTestUtils.java +++ b/serving/src/test/java/feast/serving/it/AuthTestUtils.java @@ -24,7 +24,7 @@ import com.google.gson.JsonArray; import com.google.gson.JsonObject; import com.google.protobuf.Timestamp; -import feast.auth.credentials.OAuthCredentials; +import feast.common.auth.credentials.OAuthCredentials; import feast.proto.core.CoreServiceGrpc; import feast.proto.core.FeatureSetProto; import feast.proto.core.FeatureSetProto.FeatureSetStatus; From 0ad04f8b6f6160ee86242dc7a4074eca54d1605a Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Tue, 25 Aug 2020 11:09:43 +0800 Subject: [PATCH 13/21] Move version specification to parent pom.xml instead of feast-common pom.xml --- common/pom.xml | 92 ++++++++++++++++++++++-------------------------- pom.xml | 94 +++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 131 insertions(+), 55 deletions(-) diff --git a/common/pom.xml b/common/pom.xml index e6882047ff4..ff002806a53 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -33,14 +33,6 @@ feast.common.auth.providers.http.client - 1.8.4 - 1.5.24 - 3.14.7 - 3.10 - 1.3.2 - 4.13 - 2.8.0 - 0.20.0 @@ -54,16 +46,24 @@ com.google.protobuf protobuf-java-util - + + + org.apache.commons + commons-lang3 + 3.6 + + + org.projectlombok lombok - ${lombok.version} com.google.auto.value auto-value-annotations + + com.google.code.gson gson @@ -71,7 +71,20 @@ io.gsonfire gson-fire - ${gson-fire-version} + + + com.fasterxml.jackson.core + jackson-databind + + + com.fasterxml.jackson.datatype + jackson-datatype-jsr310 + + + + + org.springframework + spring-context-support net.devh @@ -87,16 +100,16 @@ org.springframework.boot spring-boot-starter-data-jpa - - org.springframework - spring-context-support - org.springframework.boot spring-boot-starter-web + + org.hibernate.validator + hibernate-validator + - + org.springframework.security spring-security-core @@ -104,31 +117,21 @@ org.springframework.security spring-security-config - ${spring.security.version} org.springframework.security spring-security-oauth2-resource-server - ${spring.security.version} org.springframework.security spring-security-oauth2-jose - ${spring.security.version} - org.hibernate.validator - hibernate-validator - 6.1.2.Final - - - com.fasterxml.jackson.core - jackson-databind - - - com.fasterxml.jackson.datatype - jackson-datatype-jsr310 + com.google.auth + google-auth-library-oauth2-http + + org.openapitools jackson-databind-nullable @@ -137,58 +140,47 @@ io.swagger swagger-annotations - ${swagger-core-version} com.squareup.okhttp3 okhttp - ${okhttp-version} com.squareup.okhttp3 logging-interceptor - ${okhttp-version} - - io.springfox springfox-swagger2 - ${springfox-version} io.springfox springfox-swagger-ui - ${springfox-version} - - - com.google.auth - google-auth-library-oauth2-http - ${google-auth-library-oauth2-http-version} - - - - - com.google.code.findbugs - jsr305 - 3.0.2 + org.slf4j slf4j-api + javax.xml.bind jaxb-api - 2.2.11 javax.validation validation-api + + + com.google.code.findbugs + jsr305 + 3.0.2 + + org.hamcrest diff --git a/pom.xml b/pom.xml index 12d8c8be8e4..244e056576d 100644 --- a/pom.xml +++ b/pom.xml @@ -72,6 +72,17 @@ 2.0.2 2.5.0.RELEASE 1.18.12 + 1.8.4 + 2.8.6 + 1.5.24 + 3.14.7 + 3.10 + 2.3.1 + 1.3.2 + 2.0.1.Final + 2.8.0 + 0.20.0 + 6.1.2.Final false 1.6.6 @@ -125,6 +136,12 @@ + + org.apache.commons + commons-lang3 + ${commons.lang3.version} + + com.google.cloud @@ -232,6 +249,33 @@ ${grpc.version} test + + + + io.swagger + swagger-annotations + ${swagger.core.version} + + + com.squareup.okhttp3 + okhttp + ${okhttp.version} + + + com.squareup.okhttp3 + logging-interceptor + ${okhttp.version} + + + io.springfox + springfox-swagger2 + ${springfox.version} + + + io.springfox + springfox-swagger-ui + ${springfox.version} + @@ -252,6 +296,33 @@ ${io.prometheus.version} + + + org.springframework.security + spring-security-core + ${spring.security.version} + + + org.springframework.security + spring-security-config + ${spring.security.version} + + + org.springframework.security + spring-security-oauth2-resource-server + ${spring.security.version} + + + org.springframework.security + spring-security-oauth2-jose + ${spring.security.version} + + + com.google.auth + google-auth-library-oauth2-http + ${google.auth.library.oauth2.http.version} + + joda-time @@ -297,9 +368,13 @@ com.google.code.gson gson - 2.8.6 + ${gson.version} + + + io.gsonfire + gson-fire + ${gson.fire.version} - com.github.kstyrc @@ -324,6 +399,11 @@ hibernate-core ${hibernate.version} + + org.hibernate.validator + hibernate-validator + ${org.hibernate.validator.version} + net.bytebuddy byte-buddy @@ -390,14 +470,18 @@ javax.xml.bind jaxb-api - 2.3.1 + ${javax.xml.bind.version} javax.annotation javax.annotation-api - 1.3.2 + ${javax.annotation.version} + + + javax.validation + validation-api + ${javax.validation.version} - From ffa6fa91e93f3ea2bc31ea235cb49d75790cc7d7 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Tue, 25 Aug 2020 11:43:27 +0800 Subject: [PATCH 14/21] Revert GrpcMessageInterceptor back to feast.common.logging.interceptors package --- .../{auth => logging}/interceptors/GrpcMessageInterceptor.java | 2 +- core/src/main/java/feast/core/config/CoreSecurityConfig.java | 2 +- core/src/main/java/feast/core/grpc/CoreServiceImpl.java | 2 +- .../java/feast/jobcontroller/grpc/JobControllerServiceImpl.java | 2 +- .../main/java/feast/serving/config/ServingSecurityConfig.java | 2 +- .../feast/serving/controller/ServingServiceGRpcController.java | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) rename common/src/main/java/feast/common/{auth => logging}/interceptors/GrpcMessageInterceptor.java (99%) diff --git a/common/src/main/java/feast/common/auth/interceptors/GrpcMessageInterceptor.java b/common/src/main/java/feast/common/logging/interceptors/GrpcMessageInterceptor.java similarity index 99% rename from common/src/main/java/feast/common/auth/interceptors/GrpcMessageInterceptor.java rename to common/src/main/java/feast/common/logging/interceptors/GrpcMessageInterceptor.java index 861815d2500..da43a372d73 100644 --- a/common/src/main/java/feast/common/auth/interceptors/GrpcMessageInterceptor.java +++ b/common/src/main/java/feast/common/logging/interceptors/GrpcMessageInterceptor.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package feast.common.auth.interceptors; +package feast.common.logging.interceptors; import com.google.protobuf.Empty; import com.google.protobuf.Message; diff --git a/core/src/main/java/feast/core/config/CoreSecurityConfig.java b/core/src/main/java/feast/core/config/CoreSecurityConfig.java index 8faa5b69800..52911c3b223 100644 --- a/core/src/main/java/feast/core/config/CoreSecurityConfig.java +++ b/core/src/main/java/feast/core/config/CoreSecurityConfig.java @@ -33,7 +33,7 @@ basePackages = { "feast.common.auth.config", "feast.common.auth.service", - "feast.common.auth.interceptors" + "feast.common.logging.interceptors" }) public class CoreSecurityConfig { diff --git a/core/src/main/java/feast/core/grpc/CoreServiceImpl.java b/core/src/main/java/feast/core/grpc/CoreServiceImpl.java index 0d03fc57f37..59abf24fdf5 100644 --- a/core/src/main/java/feast/core/grpc/CoreServiceImpl.java +++ b/core/src/main/java/feast/core/grpc/CoreServiceImpl.java @@ -17,8 +17,8 @@ package feast.core.grpc; import com.google.protobuf.InvalidProtocolBufferException; -import feast.common.auth.interceptors.GrpcMessageInterceptor; import feast.common.auth.service.AuthorizationService; +import feast.common.logging.interceptors.GrpcMessageInterceptor; import feast.core.config.FeastProperties; import feast.core.exception.RetrievalException; import feast.core.grpc.interceptors.MonitoringInterceptor; diff --git a/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java b/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java index f7f3e1126b7..f24afe8506b 100644 --- a/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java +++ b/job-controller/src/main/java/feast/jobcontroller/grpc/JobControllerServiceImpl.java @@ -17,7 +17,7 @@ package feast.jobcontroller.grpc; import com.google.api.gax.rpc.InvalidArgumentException; -import feast.common.auth.interceptors.GrpcMessageInterceptor; +import feast.common.logging.interceptors.GrpcMessageInterceptor; import feast.jobcontroller.service.JobService; import feast.proto.core.CoreServiceProto.*; import feast.proto.core.JobControllerServiceGrpc.JobControllerServiceImplBase; diff --git a/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java b/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java index a9fc459f37d..f51e06292da 100644 --- a/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java +++ b/serving/src/main/java/feast/serving/config/ServingSecurityConfig.java @@ -51,7 +51,7 @@ basePackages = { "feast.common.auth.config", "feast.common.auth.service", - "feast.common.auth.interceptors" + "feast.common.logging.interceptors" }) public class ServingSecurityConfig { diff --git a/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java b/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java index 40199cec26e..01702d9f3eb 100644 --- a/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java +++ b/serving/src/main/java/feast/serving/controller/ServingServiceGRpcController.java @@ -16,8 +16,8 @@ */ package feast.serving.controller; -import feast.common.auth.interceptors.GrpcMessageInterceptor; import feast.common.auth.service.AuthorizationService; +import feast.common.logging.interceptors.GrpcMessageInterceptor; import feast.proto.serving.ServingAPIProto.FeatureReference; import feast.proto.serving.ServingAPIProto.GetBatchFeaturesRequest; import feast.proto.serving.ServingAPIProto.GetBatchFeaturesResponse; From 799db8290fadd5bef3ce6ef44614ab1bc4dcd300 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Tue, 25 Aug 2020 13:23:18 +0800 Subject: [PATCH 15/21] Add missing openapi generator ignore file. --- common/.openapi-generator-ignore | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 common/.openapi-generator-ignore diff --git a/common/.openapi-generator-ignore b/common/.openapi-generator-ignore new file mode 100644 index 00000000000..6b177032ba1 --- /dev/null +++ b/common/.openapi-generator-ignore @@ -0,0 +1,20 @@ +settings.gradle +README.md +pom.xml +gradle +git_push.sh +build.sbt +build.gradle +.travis* +.gitignore +src/main/resources/api.yaml +gradle* +gradle/* +gradle-wrapper.* +gradle** +gradle/ +src/main/java/feast/auth/providers/http/HttpAuthorizationProvider.java +src/main/java/feast/auth/providers/http/ketoadaptor/api/CheckAccessApiController.java +src/main/java/feast/auth/providers/http/ketoadaptor/api/KetoAuth.java +src/main/AndroidManifest.xml +.openapi-generator/ \ No newline at end of file From 79b7935ff82bccf4e26621ead44fca83150577e9 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Tue, 25 Aug 2020 16:24:01 +0800 Subject: [PATCH 16/21] Fix compile issue by disabling doclint. --- common/pom.xml | 14 +++++++------- .../jobcontroller/config/FeastProperties.java | 2 +- pom.xml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/common/pom.xml b/common/pom.xml index ff002806a53..1ea32c653a7 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -31,8 +31,8 @@ feast-common - feast.common.auth.providers.http.client - + feast.common.auth.providers.http.client + @@ -236,10 +236,10 @@ ${project.basedir}/src/main/resources/api.yaml java - ${feast.common.auth.providers.http.client.package.name} - ${feast.common.auth.providers.http.client.package.name}.model - ${feast.common.auth.providers.http.client.package.name}.api - ${feast.common.auth.providers.http.client.package.name}.invoker + ${feast.auth.providers.http.client.package.name} + ${feast.auth.providers.http.client.package.name}.model + ${feast.auth.providers.http.client.package.name}.api + ${feast.auth.providers.http.client.package.name}.invoker ${project.groupId} ${project.artifactId} @@ -258,7 +258,7 @@ org.apache.maven.plugins maven-javadoc-plugin - feast.common.auth.providers.http.client.* + ${feast.auth.providers.http.client.package.name}.* diff --git a/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java b/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java index 924c82f76eb..27e9a9cbcd4 100644 --- a/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java +++ b/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java @@ -39,7 +39,7 @@ @Getter @Setter @Configuration -@ComponentScan(basePackages = {"feast.common.logging", "feast.auth.interceptors"}) +@ComponentScan("feast.common.logging.interceptors") @ConfigurationProperties(prefix = "feast", ignoreInvalidFields = true) public class FeastProperties { diff --git a/pom.xml b/pom.xml index 244e056576d..3bd88a8c93c 100644 --- a/pom.xml +++ b/pom.xml @@ -792,7 +792,7 @@ -Xlint:all - -Xdoclint:all + -Xdoclint:none From 9404045cce90cc040b85f3cb406ab8d28b1892d0 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Tue, 25 Aug 2020 17:17:41 +0800 Subject: [PATCH 17/21] Fix junit class not being able to be use in integration test --- common/pom.xml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/common/pom.xml b/common/pom.xml index 1ea32c653a7..2bde8e8a514 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -195,8 +195,7 @@ junit junit - 4.0 - test + 4.12 org.springframework From 056867f56d1659e538112d71f873e0c7bedd40ee Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Wed, 26 Aug 2020 08:50:31 +0800 Subject: [PATCH 18/21] Remove copy of auth/pom.xml since merge of auth into feast-common. --- infra/docker/core/Dockerfile | 1 - infra/docker/jobcontroller/Dockerfile | 1 - infra/docker/serving/Dockerfile | 1 - 3 files changed, 3 deletions(-) diff --git a/infra/docker/core/Dockerfile b/infra/docker/core/Dockerfile index f19eb89eae1..bf2e17cf076 100644 --- a/infra/docker/core/Dockerfile +++ b/infra/docker/core/Dockerfile @@ -9,7 +9,6 @@ WORKDIR /build COPY pom.xml . COPY datatypes/java/pom.xml datatypes/java/pom.xml COPY common/pom.xml common/pom.xml -COPY auth/pom.xml auth/pom.xml COPY ingestion/pom.xml ingestion/pom.xml COPY core/pom.xml core/pom.xml COPY serving/pom.xml serving/pom.xml diff --git a/infra/docker/jobcontroller/Dockerfile b/infra/docker/jobcontroller/Dockerfile index 95ad415fbaf..b4115c3930a 100644 --- a/infra/docker/jobcontroller/Dockerfile +++ b/infra/docker/jobcontroller/Dockerfile @@ -9,7 +9,6 @@ WORKDIR /build COPY pom.xml . COPY datatypes/java/pom.xml datatypes/java/pom.xml COPY common/pom.xml common/pom.xml -COPY auth/pom.xml auth/pom.xml COPY ingestion/pom.xml ingestion/pom.xml COPY core/pom.xml core/pom.xml COPY serving/pom.xml serving/pom.xml diff --git a/infra/docker/serving/Dockerfile b/infra/docker/serving/Dockerfile index 48b3a44b645..960e2848906 100644 --- a/infra/docker/serving/Dockerfile +++ b/infra/docker/serving/Dockerfile @@ -9,7 +9,6 @@ WORKDIR /build COPY pom.xml . COPY datatypes/java/pom.xml datatypes/java/pom.xml COPY common/pom.xml common/pom.xml -COPY auth/pom.xml auth/pom.xml COPY ingestion/pom.xml ingestion/pom.xml COPY core/pom.xml core/pom.xml COPY serving/pom.xml serving/pom.xml From 1e411c494404150317a94910441186aae392d8fc Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Wed, 26 Aug 2020 09:33:14 +0800 Subject: [PATCH 19/21] Renable doclint but disable javadocs for openapi auth client package. --- common/pom.xml | 5 ----- pom.xml | 7 +++++-- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/common/pom.xml b/common/pom.xml index 2bde8e8a514..cb50dae68cb 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -30,11 +30,6 @@ Feast common module with functionality that can be reused feast-common - - feast.common.auth.providers.http.client - - - dev.feast diff --git a/pom.xml b/pom.xml index 3bd88a8c93c..b8a9fe9b7b9 100644 --- a/pom.xml +++ b/pom.xml @@ -83,9 +83,10 @@ 2.8.0 0.20.0 6.1.2.Final + 1.6.6 false - 1.6.6 + feast.common.auth.providers.http.client @@ -792,7 +793,6 @@ -Xlint:all - -Xdoclint:none @@ -814,6 +814,9 @@ org.apache.maven.plugins maven-javadoc-plugin 3.1.1 + + all + org.codehaus.mojo From 59fa2c9f402dcc5749d3a0afe418e71ed0180b03 Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Wed, 26 Aug 2020 11:51:34 +0800 Subject: [PATCH 20/21] Fixed issue where AuditLogger was not picked up as a spring component in JobController --- .../main/java/feast/jobcontroller/config/FeastProperties.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java b/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java index 27e9a9cbcd4..6b917888fe4 100644 --- a/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java +++ b/job-controller/src/main/java/feast/jobcontroller/config/FeastProperties.java @@ -39,7 +39,7 @@ @Getter @Setter @Configuration -@ComponentScan("feast.common.logging.interceptors") +@ComponentScan("feast.common.logging") @ConfigurationProperties(prefix = "feast", ignoreInvalidFields = true) public class FeastProperties { From 10d74cdeb65ac158109ab4f86349733c64f23bbc Mon Sep 17 00:00:00 2001 From: Zhu Zhanyan Date: Thu, 27 Aug 2020 10:12:00 +0800 Subject: [PATCH 21/21] Disable Spring Security for JobController by excluding autoconfigure bean instead of WebSecurityConfig --- .../JobControllerApplication.java | 7 ++- .../config/WebSecurityConfig.java | 53 ------------------- 2 files changed, 6 insertions(+), 54 deletions(-) delete mode 100644 job-controller/src/main/java/feast/jobcontroller/config/WebSecurityConfig.java diff --git a/job-controller/src/main/java/feast/jobcontroller/JobControllerApplication.java b/job-controller/src/main/java/feast/jobcontroller/JobControllerApplication.java index e90e3e2caa8..d3e6e311ec2 100644 --- a/job-controller/src/main/java/feast/jobcontroller/JobControllerApplication.java +++ b/job-controller/src/main/java/feast/jobcontroller/JobControllerApplication.java @@ -19,10 +19,12 @@ import feast.jobcontroller.config.FeastProperties; import lombok.extern.slf4j.Slf4j; import org.springframework.boot.SpringApplication; +import org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration; import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration; +import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.scheduling.annotation.EnableScheduling; @@ -31,7 +33,10 @@ exclude = { DataSourceAutoConfiguration.class, DataSourceTransactionManagerAutoConfiguration.class, - HibernateJpaAutoConfiguration.class + HibernateJpaAutoConfiguration.class, + // TODO: Disables spring security. Remove when implementing security for JobController. + SecurityAutoConfiguration.class, + ManagementWebSecurityAutoConfiguration.class, }) @EnableConfigurationProperties(FeastProperties.class) @Slf4j diff --git a/job-controller/src/main/java/feast/jobcontroller/config/WebSecurityConfig.java b/job-controller/src/main/java/feast/jobcontroller/config/WebSecurityConfig.java deleted file mode 100644 index 720067335b0..00000000000 --- a/job-controller/src/main/java/feast/jobcontroller/config/WebSecurityConfig.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * Copyright 2018-2020 The Feast Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package feast.jobcontroller.config; - -import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; - -/** - * WebSecurityConfig disables auto configuration of Spring HTTP Security and allows security methods - * to be overridden - */ -@Configuration -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { - - /** - * Allows for custom web security rules to be applied. - * - * @param http {@link HttpSecurity} for configuring web based security - * @throws Exception - */ - @Override - protected void configure(HttpSecurity http) throws Exception { - // Bypasses security/authentication for the following paths - http.authorizeRequests() - // TODO: Currently allows access to all endpoints as Security has not been implemented for - // JobController yet. - // When security is enabled, should only allow unauthenticated access to actuator and - // metrics endpoints. - .antMatchers("/") - // .antMatchers("/actuator/**", "/metrics/**") - .permitAll() - .anyRequest() - .authenticated() - .and() - .csrf() - .disable(); - } -}