Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implements a feature to support the Submodel-based RBAC rules backend for the remaining components #574

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

Implements a feature to support the Submodel-based RBAC rules backend for the remaining components #574

wants to merge 21 commits into from

Conversation

mdanish98
Copy link
Contributor

Description of Changes

Implements a feature to support the Submodel-based RBAC rules backend. This also includes the management of RBAC rules dynamically using the Submodel API. It separates the backend into InMemory and Submodel-based.

Similar to the already implemented module #407

The remaining modules except the AAS Discovery are implemented in this PR.

BaSyx Configuration for Testing

These extra configurations are required along with the current authorization configurations to configure the newly implemented feature:

basyx.feature.authorization.rules.backend=Submodel
basyx.feature.authorization.rules.backend.submodel.authorization.endpoint=<Endpoint of the Security Submodel>
basyx.feature.authorization.rules.backend.submodel.authorization.token-endpoint=<Token Endpoint>
basyx.feature.authorization.rules.backend.submodel.authorization.grant-type = <CLIENT_CREDENTIALS> or <PASSWORD>
basyx.feature.authorization.rules.backend.submodel.authorization.client-id=<client-id>
basyx.feature.authorization.rules.backend.submodel.authorization.client-secret=<client-secret>
basyx.feature.authorization.rules.backend.submodel.authorization.username=<username>
basyx.feature.authorization.rules.backend.submodel.authorization.password=<password>

@mdanish98
Adds dynamic RBAC to SM/CD Rep, SM Reg, and AAS Environment
f30ffaf 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Reverts GitHub CI
f0bb5d1 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Attempts CI fix
af3ebe8 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Reverts GitHub CI
8afbe17 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Reverts GitHub CI
10f6622 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Adds shading plugin
4f0819e 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Adds dependency to parent pom
a72c3d1 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Excludes SM dependencies
86c6675 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Fixes the TargetInfoAdapter Bean in Aas Env
2b14d93 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Adds filtering options in Authorization
76d8012 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Fixes Keycloak issues
9d3ab3c 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Reverts BaSyx Realm
b3c3deb 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Fixes import issues in SM Registry
6ac4276 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Fixes app.prop of aas env
a1eb3c8 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Fixes CI
1327e88 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Fixes AAS and SM Reg tests
934ae77 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Allows swagger ui api endpoint without auth
089dc40 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Allows swagger ui api endpoint without auth
5ff95bf 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Allows Swagger API without authorization
5c7836a 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98
Merge remote-tracking branch 'upstream/main' into feature/dyn-rbac-sm-cd
ea161c8
@mdanish98
Refactors classes
84f7be8 
Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>
@mdanish98 mdanish98 mentioned this pull request Dec 23, 2024
Open
@mdanish98 mdanish98 marked this pull request as ready for review January 8, 2025 10:15
@aaronzi aaronzi self-requested a review January 8, 2025 10:43
aaronzi
aaronzi requested changes Jan 8, 2025
View reviewed changes
Copy link
Member

@aaronzi aaronzi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the PR. I added some remarks and questions.

...ment/feature/authorization/rbac/backend/submodel/AasEnvironmentTargetInformationAdapter.java
@@ -0,0 +1,134 @@
/*******************************************************************************
* Copyright (C) 2024 the Eclipse BaSyx Authors
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright (C) 2024 the Eclipse BaSyx Authors
* Copyright (C) 2025 the Eclipse BaSyx Authors

...ment/feature/authorization/rbac/backend/submodel/AasEnvironmentTargetInformationAdapter.java
Comment on lines +59 to +84
public SubmodelElementCollection adapt(TargetInformation targetInformation) {

if (targetInformation instanceof AasTargetInformation)
return new AasTargetInformationAdapter().adapt(targetInformation);

if (targetInformation instanceof SubmodelTargetInformation)
return new SubmodelTargetInformationAdapter().adapt(targetInformation);

if (targetInformation instanceof ConceptDescriptionTargetInformation)
return new CDTargetInformationAdapter().adapt(targetInformation);

SubmodelElementCollection targetInformationSMC = new DefaultSubmodelElementCollection.Builder().idShort("targetInformation").build();

SubmodelElementList aasId = new DefaultSubmodelElementList.Builder().idShort("aasIds").build();
SubmodelElementList submodelId = new DefaultSubmodelElementList.Builder().idShort("submodelIds").build();
Property typeProperty = new DefaultProperty.Builder().idShort("@type").value("aas-environment").build();

List<SubmodelElement> aasIds = ((AasEnvironmentTargetInformation) targetInformation).getAasIds().stream().map(this::transform).collect(Collectors.toList());
List<SubmodelElement> submodelIds = ((AasEnvironmentTargetInformation) targetInformation).getSubmodelIds().stream().map(this::transform).collect(Collectors.toList());
aasId.setValue(aasIds);
submodelId.setValue(submodelIds);

targetInformationSMC.setValue(Arrays.asList(aasId, submodelId, typeProperty));

return targetInformationSMC;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are handling ConceptDescriptionTargetInformation in L67-68 but in L72-73 you are only creating lists for aasIds and submodelIds. Are conceptDescriptionIds missing here?

...n/basyx/aasenvironment/feature/authorization/AasEnvironmentTargetInformationAdapterTest.java
@@ -0,0 +1,184 @@
/*******************************************************************************
* Copyright (C) 2024 the Eclipse BaSyx Authors
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright (C) 2024 the Eclipse BaSyx Authors
* Copyright (C) 2025 the Eclipse BaSyx Authors

...iptionrepository/feature/authorization/rbac/backend/submodel/CDTargetInformationAdapter.java
@@ -0,0 +1,114 @@
/*******************************************************************************
* Copyright (C) 2024 the Eclipse BaSyx Authors
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright (C) 2024 the Eclipse BaSyx Authors
* Copyright (C) 2025 the Eclipse BaSyx Authors

...iptionrepository/feature/authorization/rbac/backend/submodel/CDTargetInformationAdapter.java
SubmodelElementList aasId = new DefaultSubmodelElementList.Builder().idShort("conceptDescriptionIds").build();
Property typeProperty = new DefaultProperty.Builder().idShort("@type").value("concept-description").build();

List<SubmodelElement> aasIds = ((ConceptDescriptionTargetInformation) targetInformation)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
List<SubmodelElement> aasIds = ((ConceptDescriptionTargetInformation) targetInformation)
List<SubmodelElement> cdIds = ((ConceptDescriptionTargetInformation) targetInformation)

...basyx/conceptdescriptionrepository/feature/authorization/CDTargetInformationAdapterTest.java
@@ -0,0 +1,161 @@
/*******************************************************************************
* Copyright (C) 2024 the Eclipse BaSyx Authors
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright (C) 2024 the Eclipse BaSyx Authors
* Copyright (C) 2025 the Eclipse BaSyx Authors

...ry/feature/authorization/rbac/backend/submodel/SubmodelRegistryTargetInformationAdapter.java
@@ -0,0 +1,101 @@
/*******************************************************************************
* Copyright (C) 2024 the Eclipse BaSyx Authors
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright (C) 2024 the Eclipse BaSyx Authors
* Copyright (C) 2025 the Eclipse BaSyx Authors

...lregistry/regression/feature/authorization/SubmodelRegistryTargetInformationAdapterTest.java
@@ -0,0 +1,155 @@
/*******************************************************************************
* Copyright (C) 2024 the Eclipse BaSyx Authors
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright (C) 2024 the Eclipse BaSyx Authors
* Copyright (C) 2025 the Eclipse BaSyx Authors

...repository/feature/authorization/rbac/backend/submodel/SubmodelTargetInformationAdapter.java
@@ -0,0 +1,109 @@
/*******************************************************************************
* Copyright (C) 2024 the Eclipse BaSyx Authors
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright (C) 2024 the Eclipse BaSyx Authors
* Copyright (C) 2025 the Eclipse BaSyx Authors

...win/basyx/submodelrepository/feature/authorization/SubmodelTargetInformationAdapterTest.java
@@ -0,0 +1,173 @@
/*******************************************************************************
* Copyright (C) 2024 the Eclipse BaSyx Authors
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright (C) 2024 the Eclipse BaSyx Authors
* Copyright (C) 2025 the Eclipse BaSyx Authors

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaronzi aaronzi aaronzi requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mdanish98 @aaronzi