This is an automated email from the ASF dual-hosted git repository. dimuthuupe pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/airavata-mft.git
commit 8c8a8977cea4c493094d305108d597bea1e6799c Author: Dimuthu Wannipurage <[email protected]> AuthorDate: Thu Jul 8 05:52:28 2021 -0400 Securing resource manipulation apis --- .../apache/airavata/mft/agent/rpc/RPCParser.java | 23 +++++++++++----------- .../src/main/proto/resource/ResourceService.proto | 5 +++++ .../mft/transport/scp/SCPMetadataCollector.java | 20 +++++++++++++------ .../airavata/mft/transport/scp/SCPReceiver.java | 2 +- .../airavata/mft/transport/scp/SCPSender.java | 2 +- 5 files changed, 33 insertions(+), 19 deletions(-) diff --git a/agent/src/main/java/org/apache/airavata/mft/agent/rpc/RPCParser.java b/agent/src/main/java/org/apache/airavata/mft/agent/rpc/RPCParser.java index a58a89b..669d30f 100644 --- a/agent/src/main/java/org/apache/airavata/mft/agent/rpc/RPCParser.java +++ b/agent/src/main/java/org/apache/airavata/mft/agent/rpc/RPCParser.java @@ -162,17 +162,18 @@ public class RPCParser { Optional<Connector> connectorOp = ConnectorResolver.resolveConnector(storeType, "IN"); if (metadataCollectorOp.isPresent() && connectorOp.isPresent()) { - HttpTransferRequest transferRequest = new HttpTransferRequest(); - transferRequest.setConnectorParams(new ConnectorParams() - .setResourceServiceHost(resourceServiceHost) - .setResourceServicePort(resourceServicePort) - .setSecretServiceHost(secretServiceHost) - .setSecretServicePort(secretServicePort)); - transferRequest.setResourceId(resourceId); - transferRequest.setChildResourcePath(childResourcePath); - transferRequest.setCredentialToken(sourceToken); - transferRequest.setOtherMetadataCollector(metadataCollectorOp.get()); - transferRequest.setOtherConnector(connectorOp.get()); + HttpTransferRequest transferRequest = new HttpTransferRequest() + .setConnectorParams(new ConnectorParams() + .setResourceServiceHost(resourceServiceHost) + .setResourceServicePort(resourceServicePort) + .setSecretServiceHost(secretServiceHost) + .setSecretServicePort(secretServicePort)) + .setResourceId(resourceId) + .setChildResourcePath(childResourcePath) + .setCredentialToken(sourceToken) + .setOtherMetadataCollector(metadataCollectorOp.get()) + .setOtherConnector(connectorOp.get()) + .setAuthToken(mftAuthorizationToken); String url = httpTransferRequestsStore.addDownloadRequest(transferRequest); return (agentHttpsEnabled? "https": "http") + "://" + agentHost + ":" + agentHttpPort + "/" + url; } diff --git a/services/resource-service/stub/src/main/proto/resource/ResourceService.proto b/services/resource-service/stub/src/main/proto/resource/ResourceService.proto index 07b6b6d..10f0372 100644 --- a/services/resource-service/stub/src/main/proto/resource/ResourceService.proto +++ b/services/resource-service/stub/src/main/proto/resource/ResourceService.proto @@ -30,6 +30,7 @@ import "gcs/GCSStorage.proto"; import "local/LocalStorage.proto"; import "s3/S3Storage.proto"; import "scp/SCPStorage.proto"; +import "CredCommon.proto"; message FileResource { string resourcePath = 1; @@ -62,6 +63,7 @@ message GenericResource { message GenericResourceGetRequest { string resourceId = 1; + org.apache.airavata.mft.common.AuthToken authzToken = 2; } message GenericResourceCreateRequest { @@ -70,6 +72,7 @@ message GenericResourceCreateRequest { org.apache.airavata.mft.resource.stubs.common.FileResource file = 2; org.apache.airavata.mft.resource.stubs.common.DirectoryResource directory = 3; } + org.apache.airavata.mft.common.AuthToken authzToken = 4; } message GenericResourceUpdateRequest { @@ -79,10 +82,12 @@ message GenericResourceUpdateRequest { org.apache.airavata.mft.resource.stubs.common.FileResource file = 3; org.apache.airavata.mft.resource.stubs.common.DirectoryResource directory = 4; } + org.apache.airavata.mft.common.AuthToken authzToken = 5; } message GenericResourceDeleteRequest { string resourceId = 1; + org.apache.airavata.mft.common.AuthToken authzToken = 2; } service GenericResourceService { diff --git a/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPMetadataCollector.java b/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPMetadataCollector.java index 4f72151..a6e224b 100644 --- a/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPMetadataCollector.java +++ b/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPMetadataCollector.java @@ -121,7 +121,9 @@ public class SCPMetadataCollector implements MetadataCollector { checkInitialized(); ResourceServiceClient resourceClient = ResourceServiceClientBuilder.buildClient(resourceServiceHost, resourceServicePort); - GenericResource scpResource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder().setResourceId(resourceId).build()); + GenericResource scpResource = resourceClient.get() + .getGenericResource(GenericResourceGetRequest.newBuilder() + .setAuthzToken(authZToken).setResourceId(resourceId).build()); SecretServiceClient secretClient = SecretServiceClientBuilder.buildClient(secretServiceHost, secretServicePort); SCPSecret scpSecret = secretClient.scp().getSCPSecret(SCPSecretGetRequest.newBuilder() @@ -133,7 +135,9 @@ public class SCPMetadataCollector implements MetadataCollector { @Override public FileResourceMetadata getFileResourceMetadata(AuthToken authZToken, String parentResourceId, String childResourcePath, String credentialToken) throws Exception { ResourceServiceClient resourceClient = ResourceServiceClientBuilder.buildClient(resourceServiceHost, resourceServicePort); - GenericResource resource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder().setResourceId(parentResourceId).build()); + GenericResource resource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder() + .setAuthzToken(authZToken) + .setResourceId(parentResourceId).build()); SecretServiceClient secretClient = SecretServiceClientBuilder.buildClient(secretServiceHost, secretServicePort); SCPSecret scpSecret = secretClient.scp().getSCPSecret(SCPSecretGetRequest.newBuilder().setSecretId(credentialToken).build()); @@ -221,7 +225,9 @@ public class SCPMetadataCollector implements MetadataCollector { public DirectoryResourceMetadata getDirectoryResourceMetadata(AuthToken authZToken, String resourceId, String credentialToken) throws Exception { ResourceServiceClient resourceClient = ResourceServiceClientBuilder.buildClient(resourceServiceHost, resourceServicePort); - GenericResource scpPResource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder().setResourceId(resourceId).build()); + GenericResource scpPResource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder() + .setAuthzToken(authZToken) + .setResourceId(resourceId).build()); SecretServiceClient secretClient = SecretServiceClientBuilder.buildClient(secretServiceHost, secretServicePort); SCPSecret scpSecret = secretClient.scp().getSCPSecret(SCPSecretGetRequest.newBuilder().setSecretId(credentialToken).build()); @@ -232,7 +238,8 @@ public class SCPMetadataCollector implements MetadataCollector { @Override public DirectoryResourceMetadata getDirectoryResourceMetadata(AuthToken authZToken, String parentResourceId, String childResourcePath, String credentialToken) throws Exception { ResourceServiceClient resourceClient = ResourceServiceClientBuilder.buildClient(resourceServiceHost, resourceServicePort); - GenericResource resource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder().setResourceId(parentResourceId).build()); + GenericResource resource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder() + .setAuthzToken(authZToken).setResourceId(parentResourceId).build()); SecretServiceClient secretClient = SecretServiceClientBuilder.buildClient(secretServiceHost, secretServicePort); SCPSecret scpSecret = secretClient.scp().getSCPSecret(SCPSecretGetRequest.newBuilder().setSecretId(credentialToken).build()); @@ -277,7 +284,8 @@ public class SCPMetadataCollector implements MetadataCollector { checkInitialized(); ResourceServiceClient resourceClient = ResourceServiceClientBuilder.buildClient(resourceServiceHost, resourceServicePort); - GenericResource scpResource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder().setResourceId(resourceId).build()); + GenericResource scpResource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder() + .setAuthzToken(authZToken).setResourceId(resourceId).build()); return isAvailable(authZToken, scpResource, credentialToken); } @@ -287,7 +295,7 @@ public class SCPMetadataCollector implements MetadataCollector { checkInitialized(); ResourceServiceClient resourceClient = ResourceServiceClientBuilder.buildClient(resourceServiceHost, resourceServicePort); GenericResource scpResource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder() - .setResourceId(parentResourceId).build()); + .setAuthzToken(authToken).setResourceId(parentResourceId).build()); validateParent(scpResource, resourcePath); diff --git a/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPReceiver.java b/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPReceiver.java index a7eed5b..b2c0ae8 100644 --- a/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPReceiver.java +++ b/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPReceiver.java @@ -91,7 +91,7 @@ public class SCPReceiver implements Connector { ResourceServiceClient resourceClient = ResourceServiceClientBuilder.buildClient(resourceServiceHost, resourceServicePort); GenericResource resource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder() - .setResourceId(resourceId).build()); + .setAuthzToken(authToken).setResourceId(resourceId).build()); if (resource.getStorageCase() != GenericResource.StorageCase.SCPSTORAGE) { logger.error("Invalid storage type {} specified for resource {}", resource.getStorageCase(), resourceId); diff --git a/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPSender.java b/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPSender.java index 291bfcd..9cb1a68 100644 --- a/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPSender.java +++ b/transport/scp-transport/src/main/java/org/apache/airavata/mft/transport/scp/SCPSender.java @@ -90,7 +90,7 @@ public class SCPSender implements Connector { ResourceServiceClient resourceClient = ResourceServiceClientBuilder.buildClient(resourceServiceHost, resourceServicePort); GenericResource resource = resourceClient.get().getGenericResource(GenericResourceGetRequest.newBuilder() - .setResourceId(resourceId).build()); + .setAuthzToken(authToken).setResourceId(resourceId).build()); if (resource.getStorageCase() != GenericResource.StorageCase.SCPSTORAGE) { logger.error("Invalid storage type {} specified for resource {}", resource.getStorageCase(), resourceId);
