Merge pull request #234 from Cosmo-Tech/JREY/add_spring_secu_run_runner

Jrey/add spring secu run runner

Author: jreynard-code

src/main/kotlin/com/cosmotech/api/security/AbstractSecurityConfiguration.kt

@@ -17,65 +17,128 @@ import org.springframework.web.cors.CorsConfiguration
 
 // Business roles
 const val ROLE_PLATFORM_ADMIN = "Platform.Admin"
-const val ROLE_CONNECTOR_DEVELOPER = "Connector.Developer"
-const val ROLE_ORGANIZATION_ADMIN = "Organization.Admin"
-const val ROLE_ORGANIZATION_COLLABORATOR = "Organization.Collaborator"
-const val ROLE_ORGANIZATION_MODELER = "Organization.Modeler"
 const val ROLE_ORGANIZATION_USER = "Organization.User"
 const val ROLE_ORGANIZATION_VIEWER = "Organization.Viewer"
 
-// Endpoints roles
-const val ROLE_CONNECTOR_READER = "Connector.Reader"
-const val ROLE_CONNECTOR_WRITER = "Connector.Writer"
-const val ROLE_DATASET_READER = "Dataset.Reader"
-const val ROLE_DATASET_WRITER = "Dataset.Writer"
-const val ROLE_ORGANIZATION_READER = "Organization.Reader"
-const val ROLE_ORGANIZATION_WRITER = "Organization.Writer"
-const val ROLE_SOLUTION_READER = "Solution.Reader"
-const val ROLE_SOLUTION_WRITER = "Solution.Writer"
-const val ROLE_WORKSPACE_READER = "Workspace.Reader"
-const val ROLE_WORKSPACE_WRITER = "Workspace.Writer"
-
 // Allowed read scopes
 const val SCOPE_CONNECTOR_READ = "SCOPE_csm.connector.read"
 const val SCOPE_ORGANIZATION_READ = "SCOPE_csm.organization.read"
 const val SCOPE_DATASET_READ = "SCOPE_csm.dataset.read"
 const val SCOPE_SOLUTION_READ = "SCOPE_csm.solution.read"
 const val SCOPE_WORKSPACE_READ = "SCOPE_csm.workspace.read"
+const val SCOPE_RUN_READ = "SCOPE_csm.run.read"
+const val SCOPE_RUNNER_READ = "SCOPE_csm.runner.read"
 
 // Allowed write scopes
 const val SCOPE_CONNECTOR_WRITE = "SCOPE_csm.connector.write"
 const val SCOPE_ORGANIZATION_WRITE = "SCOPE_csm.organization.write"
 const val SCOPE_DATASET_WRITE = "SCOPE_csm.dataset.write"
 const val SCOPE_SOLUTION_WRITE = "SCOPE_csm.solution.write"
 const val SCOPE_WORKSPACE_WRITE = "SCOPE_csm.workspace.write"
+const val SCOPE_RUN_WRITE = "SCOPE_csm.run.write"
+const val SCOPE_RUNNER_WRITE = "SCOPE_csm.runner.write"
+
+// Path Connectors
+val PATHS_CONNECTORS = listOf("/connectors", "/connectors/*")
+// Path Datasets
+val PATHS_DATASETS =
+    listOf(
+        "/organizations/*/datasets",
+        "/organizations/*/datasets/copy",
+        "/organizations/*/datasets/search",
+        "/organizations/*/datasets/twingraph/download/*",
+        "/organizations/*/datasets/*",
+        "/organizations/*/datasets/*/batch",
+        "/organizations/*/datasets/*/batch-query",
+        "/organizations/*/datasets/*/compatibility",
+        "/organizations/*/datasets/*/link",
+        "/organizations/*/datasets/*/refresh",
+        "/organizations/*/datasets/*/refresh/rollback",
+        "/organizations/*/datasets/*/security",
+        "/organizations/*/datasets/*/security/access",
+        "/organizations/*/datasets/*/security/access/*",
+        "/organizations/*/datasets/*/security/default",
+        "/organizations/*/datasets/*/security/users",
+        "/organizations/*/datasets/*/status",
+        "/organizations/*/datasets/*/subdataset",
+        "/organizations/*/datasets/*/twingraph",
+        "/organizations/*/datasets/*/twingraph/*",
+        "/organizations/*/datasets/*/unlink")
 
-// Endpoints paths
-const val PATH_CONNECTORS = "/connectors"
-const val PATH_DATASETS = "/organizations/*/datasets"
-const val PATH_ORGANIZATIONS = "/organizations"
-const val PATH_ORGANIZATIONS_USERS = "/organizations/*/users"
-const val PATH_ORGANIZATIONS_SERVICES = "/organizations/*/services"
+// Path Organizations
 val PATHS_ORGANIZATIONS =
-    listOf(PATH_ORGANIZATIONS, PATH_ORGANIZATIONS_USERS, PATH_ORGANIZATIONS_SERVICES)
+    listOf(
+        "/organizations",
+        "/organizations/permissions",
+        "/organizations/*",
+        "/organizations/*/permissions/*",
+        "/organizations/*/security",
+        "/organizations/*/security/access",
+        "/organizations/*/security/access/*",
+        "/organizations/*/security/default",
+        "/organizations/*/security/users")
+
+// Path Runs
+val PATHS_RUNS =
+    listOf(
+        "/organizations/*/workspaces/*/runners/*/runs",
+        "/organizations/*/workspaces/*/runners/*/runs/*",
+        "/organizations/*/workspaces/*/runners/*/runs/*/data/query",
+        "/organizations/*/workspaces/*/runners/*/runs/*/data/send",
+        "/organizations/*/workspaces/*/runners/*/runs/*/logs",
+        "/organizations/*/workspaces/*/runners/*/runs/*/status")
+
+// Path Runners
+val PATHS_RUNNERS =
+    listOf(
+        "/organizations/*/workspaces/*/runners",
+        "/organizations/*/workspaces/*/runners/*",
+        "/organizations/*/workspaces/*/runners/*/permissions/*",
+        "/organizations/*/workspaces/*/runners/*/security",
+        "/organizations/*/workspaces/*/runners/*/security/access",
+        "/organizations/*/workspaces/*/runners/*/security/access/*",
+        "/organizations/*/workspaces/*/runners/*/security/default",
+        "/organizations/*/workspaces/*/runners/*/security/users",
+        "/organizations/*/workspaces/*/runners/*/start",
+        "/organizations/*/workspaces/*/runners/*/stop")
 
 // Path Solutions
-const val PATH_SOLUTIONS = "/organizations/*/solutions"
-const val PATH_SOLUTIONS_PARAMETERS = "/organizations/*/solutions/*/parameters"
-const val PATH_SOLUTIONS_PARAMETERGROUPS = "/organizations/*/solutions/*/parameterGroups"
-const val PATH_SOLUTIONS_RUNTEMPLATES = "/organizations/*/solutions/*/runTemplates"
 val PATHS_SOLUTIONS =
     listOf(
-        PATH_SOLUTIONS,
-        PATH_SOLUTIONS_PARAMETERS,
-        PATH_SOLUTIONS_PARAMETERGROUPS,
-        PATH_SOLUTIONS_RUNTEMPLATES)
+        "/organizations/*/solutions",
+        "/organizations/*/solutions/*",
+        "/organizations/*/solutions/*/parameterGroups",
+        "/organizations/*/solutions/*/parameters",
+        "/organizations/*/solutions/*/runTemplates",
+        "/organizations/*/solutions/*/runTemplates/*",
+        "/organizations/*/solutions/*/security",
+        "/organizations/*/solutions/*/security/access",
+        "/organizations/*/solutions/*/security/access/*",
+        "/organizations/*/solutions/*/security/default",
+        "/organizations/*/solutions/*/security/users",
+    )
+
+// Path Workspaces files
+val PATHS_WORKSPACES_FILES =
+    listOf(
+        "/organizations/*/workspaces/*/files",
+        "/organizations/*/workspaces/*/files/delete",
+        "/organizations/*/workspaces/*/files/download")
 
 // Path Workspaces
-const val PATH_WORKSPACES = "/organizations/*/workspaces"
-const val PATH_WORKSPACES_USERS = "/organizations/*/workspaces/*/users"
-val PATHS_WORKSPACES = listOf(PATH_WORKSPACES, PATH_WORKSPACES_USERS)
-const val PATH_WORKSPACES_FILES = "/organizations/*/workspaces/*/files"
+val PATHS_WORKSPACES =
+    listOf(
+        "/organizations/*/workspaces",
+        "/organizations/*/workspaces/*",
+        "/organizations/*/workspaces/*/link",
+        "/organizations/*/workspaces/*/permissions/*",
+        "/organizations/*/workspaces/*/security",
+        "/organizations/*/workspaces/*/security/access",
+        "/organizations/*/workspaces/*/security/access/*",
+        "/organizations/*/workspaces/*/security/default",
+        "/organizations/*/workspaces/*/security/users",
+        "/organizations/*/workspaces/*/security/unlink",
+    )
 
 // Endpoints roles
 val endpointSecurityPublic =
@@ -100,15 +163,9 @@ internal fun endpointSecurityReaders(
 ) =
     listOf(
         CsmSecurityEndpointsRolesReader(
-            paths = listOf(PATH_CONNECTORS),
+            paths = PATHS_CONNECTORS,
             roles =
                 arrayOf(
-                    ROLE_CONNECTOR_READER,
-                    ROLE_CONNECTOR_WRITER,
-                    ROLE_CONNECTOR_DEVELOPER,
-                    ROLE_ORGANIZATION_ADMIN,
-                    ROLE_ORGANIZATION_COLLABORATOR,
-                    ROLE_ORGANIZATION_MODELER,
                     ROLE_ORGANIZATION_USER,
                     ROLE_ORGANIZATION_VIEWER,
                     SCOPE_CONNECTOR_READ,
@@ -117,15 +174,9 @@ internal fun endpointSecurityReaders(
                     customOrganizationViewer),
             customAdmin = customOrganizationAdmin),
         CsmSecurityEndpointsRolesReader(
-            paths = listOf(PATH_DATASETS),
+            paths = PATHS_DATASETS,
             roles =
                 arrayOf(
-                    ROLE_DATASET_READER,
-                    ROLE_DATASET_WRITER,
-                    ROLE_CONNECTOR_DEVELOPER,
-                    ROLE_ORGANIZATION_ADMIN,
-                    ROLE_ORGANIZATION_COLLABORATOR,
-                    ROLE_ORGANIZATION_MODELER,
                     ROLE_ORGANIZATION_USER,
                     ROLE_ORGANIZATION_VIEWER,
                     SCOPE_DATASET_READ,
@@ -137,12 +188,6 @@ internal fun endpointSecurityReaders(
             paths = PATHS_ORGANIZATIONS,
             roles =
                 arrayOf(
-                    ROLE_ORGANIZATION_READER,
-                    ROLE_ORGANIZATION_WRITER,
-                    ROLE_CONNECTOR_DEVELOPER,
-                    ROLE_ORGANIZATION_ADMIN,
-                    ROLE_ORGANIZATION_COLLABORATOR,
-                    ROLE_ORGANIZATION_MODELER,
                     ROLE_ORGANIZATION_USER,
                     ROLE_ORGANIZATION_VIEWER,
                     SCOPE_ORGANIZATION_READ,
@@ -154,12 +199,6 @@ internal fun endpointSecurityReaders(
             paths = PATHS_SOLUTIONS,
             roles =
                 arrayOf(
-                    ROLE_SOLUTION_READER,
-                    ROLE_SOLUTION_WRITER,
-                    ROLE_CONNECTOR_DEVELOPER,
-                    ROLE_ORGANIZATION_ADMIN,
-                    ROLE_ORGANIZATION_COLLABORATOR,
-                    ROLE_ORGANIZATION_MODELER,
                     ROLE_ORGANIZATION_USER,
                     ROLE_ORGANIZATION_VIEWER,
                     SCOPE_SOLUTION_READ,
@@ -171,18 +210,34 @@ internal fun endpointSecurityReaders(
             paths = PATHS_WORKSPACES,
             roles =
                 arrayOf(
-                    ROLE_WORKSPACE_READER,
-                    ROLE_WORKSPACE_WRITER,
-                    ROLE_CONNECTOR_DEVELOPER,
-                    ROLE_ORGANIZATION_ADMIN,
-                    ROLE_ORGANIZATION_COLLABORATOR,
-                    ROLE_ORGANIZATION_MODELER,
                     ROLE_ORGANIZATION_USER,
                     ROLE_ORGANIZATION_VIEWER,
                     SCOPE_WORKSPACE_READ,
                     SCOPE_WORKSPACE_WRITE,
                     customOrganizationUser,
                     customOrganizationViewer),
+            customAdmin = customOrganizationAdmin),
+        CsmSecurityEndpointsRolesReader(
+            paths = PATHS_RUNS,
+            roles =
+                arrayOf(
+                    ROLE_ORGANIZATION_USER,
+                    ROLE_ORGANIZATION_VIEWER,
+                    SCOPE_RUN_READ,
+                    SCOPE_RUN_WRITE,
+                    customOrganizationUser,
+                    customOrganizationViewer),
+            customAdmin = customOrganizationAdmin),
+        CsmSecurityEndpointsRolesReader(
+            paths = PATHS_RUNNERS,
+            roles =
+                arrayOf(
+                    ROLE_ORGANIZATION_USER,
+                    ROLE_ORGANIZATION_VIEWER,
+                    SCOPE_RUNNER_READ,
+                    SCOPE_RUNNER_WRITE,
+                    customOrganizationUser,
+                    customOrganizationViewer),
             customAdmin = customOrganizationAdmin))
 
 @Suppress("LongMethod")
@@ -192,58 +247,36 @@ internal fun endpointSecurityWriters(
 ) =
     listOf(
         CsmSecurityEndpointsRolesWriter(
-            paths = listOf(PATH_CONNECTORS),
-            roles = arrayOf(ROLE_CONNECTOR_WRITER, ROLE_CONNECTOR_DEVELOPER, SCOPE_CONNECTOR_WRITE),
+            paths = PATHS_CONNECTORS,
+            roles = arrayOf(SCOPE_CONNECTOR_WRITE),
             customAdmin = customOrganizationAdmin),
         CsmSecurityEndpointsRolesWriter(
-            paths = listOf(PATH_DATASETS),
-            roles =
-                arrayOf(
-                    ROLE_DATASET_WRITER,
-                    ROLE_CONNECTOR_DEVELOPER,
-                    ROLE_ORGANIZATION_ADMIN,
-                    ROLE_ORGANIZATION_COLLABORATOR,
-                    ROLE_ORGANIZATION_MODELER,
-                    ROLE_ORGANIZATION_USER,
-                    SCOPE_DATASET_WRITE,
-                    customOrganizationUser),
+            paths = PATHS_DATASETS,
+            roles = arrayOf(ROLE_ORGANIZATION_USER, SCOPE_DATASET_WRITE, customOrganizationUser),
             customAdmin = customOrganizationAdmin),
         CsmSecurityEndpointsRolesWriter(
             paths = PATHS_ORGANIZATIONS,
-            roles =
-                arrayOf(
-                    ROLE_ORGANIZATION_WRITER, ROLE_ORGANIZATION_ADMIN, SCOPE_ORGANIZATION_WRITE),
+            roles = arrayOf(SCOPE_ORGANIZATION_WRITE),
             customAdmin = customOrganizationAdmin),
         CsmSecurityEndpointsRolesWriter(
             paths = PATHS_SOLUTIONS,
-            roles =
-                arrayOf(
-                    ROLE_SOLUTION_WRITER,
-                    ROLE_ORGANIZATION_ADMIN,
-                    ROLE_ORGANIZATION_COLLABORATOR,
-                    ROLE_ORGANIZATION_MODELER,
-                    SCOPE_SOLUTION_WRITE),
+            roles = arrayOf(SCOPE_SOLUTION_WRITE),
             customAdmin = customOrganizationAdmin),
         CsmSecurityEndpointsRolesWriter(
             paths = PATHS_WORKSPACES,
-            roles =
-                arrayOf(
-                    ROLE_WORKSPACE_WRITER,
-                    ROLE_ORGANIZATION_ADMIN,
-                    ROLE_ORGANIZATION_COLLABORATOR,
-                    SCOPE_WORKSPACE_WRITE),
+            roles = arrayOf(SCOPE_WORKSPACE_WRITE),
             customAdmin = customOrganizationAdmin),
         CsmSecurityEndpointsRolesWriter(
-            paths = listOf(PATH_WORKSPACES_FILES),
-            roles =
-                arrayOf(
-                    ROLE_WORKSPACE_WRITER,
-                    ROLE_ORGANIZATION_ADMIN,
-                    ROLE_ORGANIZATION_COLLABORATOR,
-                    ROLE_ORGANIZATION_MODELER,
-                    ROLE_ORGANIZATION_USER,
-                    SCOPE_WORKSPACE_WRITE,
-                    customOrganizationUser),
+            paths = PATHS_RUNS,
+            roles = arrayOf(ROLE_ORGANIZATION_USER, SCOPE_RUN_WRITE, customOrganizationUser),
+            customAdmin = customOrganizationAdmin),
+        CsmSecurityEndpointsRolesWriter(
+            paths = PATHS_RUNNERS,
+            roles = arrayOf(ROLE_ORGANIZATION_USER, SCOPE_RUNNER_WRITE, customOrganizationUser),
+            customAdmin = customOrganizationAdmin),
+        CsmSecurityEndpointsRolesWriter(
+            paths = PATHS_WORKSPACES_FILES,
+            roles = arrayOf(ROLE_ORGANIZATION_USER, SCOPE_WORKSPACE_WRITE, customOrganizationUser),
             customAdmin = customOrganizationAdmin),
     )
 
@@ -322,11 +355,11 @@ internal class CsmSecurityEndpointsRolesWriter(
     val authoritiesList = addAdminRolesIfNotAlreadyDefined(this.roles)
     this.paths.forEach { path ->
       requests
-          .requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.POST, "$path/**"))
+          .requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.POST, path))
           .hasAnyAuthority(*authoritiesList.toTypedArray())
-          .requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.PATCH, "$path/**"))
+          .requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.PATCH, path))
           .hasAnyAuthority(*authoritiesList.toTypedArray())
-          .requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.DELETE, "$path/**"))
+          .requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.DELETE, path))
           .hasAnyAuthority(*authoritiesList.toTypedArray())
     }
   }
@@ -357,7 +390,7 @@ internal class CsmSecurityEndpointsRolesReader(
     val authoritiesList = addAdminRolesIfNotAlreadyDefined(this.roles)
     this.paths.forEach { path ->
       requests
-          .requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, "$path/**"))
+          .requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, path))
           .hasAnyAuthority(*authoritiesList.toTypedArray())
     }
   }