Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: overture-stack/rollcall
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: kids-first/rollcall
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Can’t automatically merge. Don’t worry, you can still create the pull request.
8 contributors

Commits on Aug 9, 2019

  1. Fix the build to use java 11 and add quicksearch index

    jecos committed Aug 9, 2019
    Copy the full SHA
    89d13d8 View commit details

Commits on Sep 23, 2019

  1. Merge pull request #1 from kids-first/fix-java11 

    Fix the build to use java 11 and add quicksearch index
    Jeremy Costanza authored Sep 23, 2019
    Copy the full SHA
    2d733e0 View commit details

Commits on Oct 1, 2019

  1. 👷 Terraform 0.12 Upgrade

    @blackdenc
    blackdenc committed Oct 1, 2019
    Copy the full SHA
    da739fe View commit details

  2. Merge pull request #2 from kids-first/feature/0.12UPGRADE 

    Terraform 0.12 Upgrade
    @blackdenc
    blackdenc authored Oct 1, 2019
    Copy the full SHA
    940a0c9 View commit details

Commits on Oct 5, 2019

  1. Use auth0 instead of ego

    jecos committed Oct 5, 2019
    Copy the full SHA
    0a4cf20 View commit details

Commits on Oct 7, 2019

  1. Merge pull request #3 from kids-first/auth0 

    Use auth0 instead of ego
    Jeremy Costanza authored Oct 7, 2019
    Copy the full SHA
    bb5ff79 View commit details

Commits on Oct 28, 2019

  1. 👷 Consolidating Jenkinsfiles

    @blackdenc
    blackdenc committed Oct 28, 2019
    Copy the full SHA
    723d989 View commit details

Commits on Oct 30, 2019

  1. Remove quicksearch index

    jecos committed Oct 30, 2019
    Copy the full SHA
    3397cf2 View commit details

  2. Merge pull request #5 from kids-first/auth0 

    Remove quicksearch index
    Jeremy Costanza authored Oct 30, 2019
    Copy the full SHA
    52f5e42 View commit details

Commits on Nov 1, 2019

  1. Merge pull request #4 from kids-first/feature/jenkinsfile-change 

    Standardizing Jenkinsfiles
    @blackdenc
    blackdenc authored Nov 1, 2019
    Copy the full SHA
    82bda2d View commit details

Commits on Aug 4, 2020

  1. 🔧 Updated Jenkinsfile

    Alex Lubneuski committed Aug 4, 2020
    Copy the full SHA
    6cd56ff View commit details

  2. ✏️ Updated friendly name

    Alex Lubneuski committed Aug 4, 2020
    Copy the full SHA
    cf7444c View commit details

  3. 🚧 Added workdir path

    Alex Lubneuski committed Aug 4, 2020
    Copy the full SHA
    8dfa843 View commit details

  4. Updated scripts version

    Alex Lubneuski committed Aug 4, 2020
    Copy the full SHA
    76e227b View commit details

Commits on Aug 5, 2020

  1. Updated jenkinsfile with tagged version

    Alex Lubneuski committed Aug 5, 2020
    Copy the full SHA
    ce61430 View commit details

Commits on Aug 6, 2020

  1. Updated entrypoint

    Alex Lubneuski committed Aug 6, 2020
    Copy the full SHA
    330e8ca View commit details

Commits on Aug 12, 2020

  1. kids-first/kf-portal-ui#2650 : Use high level client

    @jecos
    jecos committed Aug 12, 2020
    Copy the full SHA
    88a62d3 View commit details

  2. Merge pull request #8 from kids-first/feat/hig-level-client 

     kids-first/kf-portal-ui#2650 : Use high level client
    @alubneuski
    alubneuski authored Aug 12, 2020
    Copy the full SHA
    c8fb5fd View commit details

  3. 🔧 Changed the healthcheck

    Alex Lubneuski committed Aug 12, 2020
    Copy the full SHA
    a563714 View commit details

  4. Merge pull request #7 from kids-first/feat/hig-level-client 

     kids-first/kf-portal-ui#2650 : Use high level client
    @jecos
    jecos authored Aug 12, 2020
    Copy the full SHA
    7298ce4 View commit details

Commits on Sep 5, 2020

  1. Merge pull request #9 from kids-first/feature/standard-deploy 

    Feature/standard deploy
    @alubneuski
    alubneuski authored Sep 5, 2020
    Copy the full SHA
    ee57886 View commit details

Commits on Sep 10, 2020

  1. fix : kids-first/kf-portal-ui#2692 pass scheme in environment variable

    @jecos
    jecos authored Sep 10, 2020
    Copy the full SHA
    36b01ce View commit details

  2. Added Jenkisnfile for kidsfirst account

    Alex Lubneuski committed Sep 10, 2020
    Copy the full SHA
    8c04562 View commit details

  3. 🔧 Changed from internal/external to internal app

    Alex Lubneuski committed Sep 10, 2020
    Copy the full SHA
    0dada18 View commit details

  4. fix : kids-first/kf-portal-ui#2692 pass scheme in environment variabl… 

    …e (2)
    @jecos
    jecos committed Sep 10, 2020
    Copy the full SHA
    7e34d3e View commit details

Commits on Nov 20, 2020

  1. fix publish

    @adipaul1981
    adipaul1981 committed Nov 20, 2020
    Copy the full SHA
    c7ff552 View commit details

  2. Merge pull request #10 from kids-first/fix/2812_fix_index_alias_publish 

    fix publish
    @adipaul1981
    adipaul1981 authored Nov 20, 2020
    Copy the full SHA
    99b3ec2 View commit details

Commits on Nov 23, 2020

  1. remove empty spaces in method getAliasState

    @adipaul1981
    adipaul1981 committed Nov 23, 2020
    Copy the full SHA
    07d1af2 View commit details

  2. fix: consume cat api in JSON format vs List (to avoid manipulating va… 

    …lues)
    @evans-g-crsj
    evans-g-crsj committed Nov 23, 2020
    Copy the full SHA
    91a987a View commit details

Commits on Nov 24, 2020

  1. Merge pull request #11 from kids-first/fix/empty_spaces_ES 

    Fix/empty spaces es
    @adipaul1981
    adipaul1981 authored Nov 24, 2020
    Copy the full SHA
    3409156 View commit details

Commits on Jan 22, 2021

  1. add study_centric

    @adipaul1981
    adipaul1981 committed Jan 22, 2021
    Copy the full SHA
    b92711c View commit details

  2. Merge pull request #12 from kids-first/add_Study_centric_alias 

    add study_centric
    @adipaul1981
    adipaul1981 authored Jan 22, 2021
    Copy the full SHA
    bd4e8d4 View commit details

Commits on Mar 11, 2021

  1. 🔧 Added push to public ecr

    @alubneuski
    alubneuski committed Mar 11, 2021
    Copy the full SHA
    fa624ad View commit details

  2. Merge pull request #13 from kids-first/feature/add-public-ecr-push 

    Added push to public ECR
    @alubneuski
    alubneuski authored Mar 11, 2021
    Copy the full SHA
    df50924 View commit details

Commits on Nov 10, 2021

  1. force build

    @adipaul1981
    adipaul1981 committed Nov 10, 2021
    Copy the full SHA
    6b24cf0 View commit details

Commits on Dec 11, 2021

  1. fix: CVE-2021-44228 log4j vulnerability

    @jecos
    jecos committed Dec 11, 2021
    Copy the full SHA
    00c19d4 View commit details

Commits on Dec 14, 2021

  1. fix: CVE-2021-44228 log4j vulnerability

    @jecos
    jecos committed Dec 14, 2021
    Copy the full SHA
    79ee05f View commit details
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM openjdk:8u121-jdk-alpine
FROM openjdk:12-alpine

ARG MAVEN_VERSION=3.5.4
ARG SHA=ce50b1c91364cb77efe3776f756a6d92b76d9038b0a0782f7d53acf1e997a14d
22 changes: 20 additions & 2 deletions Jenkinsfile
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,20 @@
@Library(value="oicr", changelog=false) _
rollcall{}
@Library(value="kids-first/aws-infra-jenkins-shared-libraries", changelog=false) _
ecs_service_type_1_standard {
projectName = "rollcall"
environments = "dev,qa,prd"
docker_image_type = "alpine"
docker_workdir_path = "/srv/rollcall"
entrypoint_command = "/srv/rollcall/exec/run.sh"
quick_deploy = "true"
internal_app = "true"
external_config_repo = "false"
container_port = "9001"
vcpu_container = "2048"
memory_container = "4096"
vcpu_task = "2048"
memory_task = "4096"
health_check_path = "/swagger-ui.html"
dependencies = "ecr"
friendly_dns_name = "rollcall"
publish_to_public_repo = "true"
}
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -46,6 +46,7 @@ This problem is what Rollcall helps solve by introducing concepts like data rele

## Index Naming


The thing that Rollcall is opinionated about is the way indices are named. So opinionated in fact that it uses a grammer file to describe the index naming grammer.

It can be found here: [IndexName.g4](src/main/antlr4/bio/overture/rollcall/antlr4/IndexName.g4)
6 changes: 6 additions & 0 deletions docker/scripts/run.sh
View file
Original file line number Diff line number Diff line change
@@ -26,11 +26,17 @@ if [ -z ${ES_CLUSTER_NAME+x} ]; then
exit 1
fi

if [ -z ${c+x} ]; then
echo "The env variable ES_SCHEME is undefined"
exit 1
fi

CONF_DIR=/conf
mkdir $CONF_DIR
CONFIG_FILE=${CONF_DIR}/application.properties
echo "elasticsearch.host=$ES_HOST" > $CONFIG_FILE
echo "elasticsearch.port=$ES_PORT" >> $CONFIG_FILE
echo "elasticsearch.scheme=$ES_SCHEME" >> $CONFIG_FILE
echo "elasticsearch.cluster-name=$ES_CLUSTER_NAME" >> $CONFIG_FILE

java -Dspring.config.location=classpath:/application.yml,file:${CONFIG_FILE} -jar $JAR_PATH
53 changes: 44 additions & 9 deletions pom.xml
View file
Original file line number Diff line number Diff line change
@@ -42,6 +42,8 @@
<java.version>11</java.version>
<antlr4.version>4.7</antlr4.version>
<antlr4-maven.version>4.7</antlr4-maven.version>
<jaxb-api.version>2.3.1</jaxb-api.version>
<log4j2.version>2.16.0</log4j2.version>
</properties>

<dependencies>
@@ -82,6 +84,16 @@
<artifactId>spring-security-jwt</artifactId>
<version>1.0.9.RELEASE</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>auth0-spring-security-api</artifactId>
<version>1.2.6</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.8.3</version>
</dependency>

<!-- Lombok -->
<dependency>
@@ -98,27 +110,32 @@
</dependency>

<!-- Elasticsearch -->
<!-- Dong go beyond : https://github.com/elastic/elasticsearch/issues/41647-->
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>6.3.1</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-high-level-client</artifactId>
<artifactId>elasticsearch-rest-client</artifactId>
<version>6.3.1</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>transport</artifactId>
<version>6.3.1</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.plugin</groupId>
<artifactId>transport-netty4-client</artifactId>
<artifactId>elasticsearch-rest-high-level-client</artifactId>
<version>6.3.1</version>
<exclusions>
<exclusion>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-client</artifactId>
</exclusion>
<exclusion>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
</exclusion>
</exclusions>
</dependency>

<!-- Swagger -->
<dependency>
<groupId>io.springfox</groupId>
@@ -135,7 +152,13 @@
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers</artifactId>
<version>1.8.2</version>
<version>1.14.3</version>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>elasticsearch</artifactId>
<version>1.14.3</version>
<scope>test</scope>
</dependency>

<dependency>
@@ -145,6 +168,18 @@
<scope>test</scope>
</dependency>


<!-- JAXB 2.3.for jdk11 -->
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>${jaxb-api.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>${jaxb-api.version}</version>
</dependency>
</dependencies>

<build>
3 changes: 2 additions & 1 deletion src/main/java/bio/overture/rollcall/RollcallApplication.java
View file
Original file line number Diff line number Diff line change
@@ -20,9 +20,10 @@

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.data.elasticsearch.ElasticsearchAutoConfiguration;
import org.springframework.boot.autoconfigure.elasticsearch.rest.RestClientAutoConfiguration;

@SpringBootApplication(exclude = {RestClientAutoConfiguration.class})
@SpringBootApplication(exclude = {ElasticsearchAutoConfiguration.class, RestClientAutoConfiguration.class})
public class RollcallApplication {

public static void main(String[] args) {
17 changes: 4 additions & 13 deletions src/main/java/bio/overture/rollcall/config/ElasticsearchConfig.java
View file
Original file line number Diff line number Diff line change
@@ -22,10 +22,6 @@
import org.apache.http.HttpHost;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.transport.client.PreBuiltTransportClient;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -43,6 +39,9 @@ public class ElasticsearchConfig {
@Value("${elasticsearch.port}")
private int port;

@Value("${elasticsearch.scheme}")
private String scheme;

@Value("${elasticsearch.cluster-name}")
private String clusterName;

@@ -51,18 +50,10 @@ public class ElasticsearchConfig {
public RestHighLevelClient restClient() {
return new RestHighLevelClient(
RestClient.builder(
new HttpHost(InetAddress.getByName(host), port)
new HttpHost(InetAddress.getByName(host), port, scheme)
)
);
}

@Bean
@SneakyThrows
public TransportClient transportClient() {
return new PreBuiltTransportClient(Settings.builder()
.put(CLUSTER_NAME, clusterName)
.build())
.addTransportAddress(new TransportAddress(InetAddress.getByName(host), port));
}

}
136 changes: 43 additions & 93 deletions src/main/java/bio/overture/rollcall/config/WebSecurityConfig.java
View file
Original file line number Diff line number Diff line change
@@ -19,120 +19,70 @@
package bio.overture.rollcall.config;

import bio.overture.rollcall.jwt.JWTAuthorizationFilter;
import bio.overture.rollcall.jwt.JWTTokenConverter;
import com.auth0.spring.security.api.JwtWebSecurityConfigurer;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import lombok.val;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Profile;
import org.springframework.core.Ordered;
import org.springframework.core.io.ResourceLoader;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.Collections;

@Slf4j
@EnableWebSecurity
@EnableResourceServer
@Profile("!test")
public class WebSecurityConfig extends ResourceServerConfigurerAdapter {
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Value("${auth0.apiAudience}")
private String audience;

@Value("${auth0.issuer}")
private String issuer;

@Override
@SneakyThrows
public void configure(HttpSecurity http) {
JwtWebSecurityConfigurer
.forRS256(audience, issuer)
.configure(http)
.authorizeRequests()
.antMatchers("/swagger**", "/swagger-resources/**", "/v2/api**", "/webjars/**").permitAll()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST).authenticated()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.addFilterAfter(new JWTAuthorizationFilter(), BasicAuthenticationFilter.class);

}

@Bean
@SuppressWarnings("unchecked")
public FilterRegistrationBean simpleCorsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(Collections.singletonList("*"));
config.setAllowedMethods(Collections.singletonList("*"));
config.setAllowedHeaders(Collections.singletonList("*"));
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new org.springframework.web.filter.CorsFilter(source));
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
}

@Autowired // Field injection bad, but clean in this spot.
private ResourceLoader resourceLoader;

@Value("${auth.jwt.publicKeyUrl}")
private String publicKeyUrl;

@Override
@SneakyThrows
public void configure(HttpSecurity http) {
http
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/aliases/*").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/indices/*").permitAll()
.antMatchers("/health").permitAll()
.antMatchers("/isAlive").permitAll()
.antMatchers("/upload/**").permitAll()
.antMatchers("/download/**").permitAll()
.antMatchers("/entities/**").permitAll()
.antMatchers("/swagger**", "/swagger-resources/**", "/v2/api**", "/webjars/**").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.addFilterAfter(new JWTAuthorizationFilter(), BasicAuthenticationFilter.class);
}

@Bean
@SuppressWarnings("unchecked")
public FilterRegistrationBean simpleCorsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(Collections.singletonList("*"));
config.setAllowedMethods(Collections.singletonList("*"));
config.setAllowedHeaders(Collections.singletonList("*"));
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new org.springframework.web.filter.CorsFilter(source));
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
}

@Override
public void configure(ResourceServerSecurityConfigurer config) {
config.tokenServices(tokenServices());
}

@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}

@Bean
@SneakyThrows
public JwtAccessTokenConverter accessTokenConverter() {
return new JWTTokenConverter(fetchJWTPublicKey());
}


@Bean
public DefaultTokenServices tokenServices() {
val defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}

/**
* Call EGO server for public key to use when verifying JWTs
* Pass this value to the JWTTokenConverter
*/
@SneakyThrows
private String fetchJWTPublicKey() {
val publicKeyResource = resourceLoader.getResource(publicKeyUrl);

val stringBuilder = new StringBuilder();
val reader = new BufferedReader(
new InputStreamReader(publicKeyResource.getInputStream()));

reader.lines().forEach(stringBuilder::append);
return stringBuilder.toString();
}

}
Loading