Merge remote-tracking branch 'origin/master' into aruha-961-check-res…

…et-cursors

# Conflicts:
#	CHANGELOG.md
#	src/main/java/org/zalando/nakadi/service/CursorsService.java

CHANGELOG.md

@@ -6,11 +6,17 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+### Fixed
+- Added validation of offsets availability when resetting subscription cursors.
+
+## [2.0.0] - 2017-08-09
+
 ### Changed
 - Changed imports format to have the same structure
 
-### Fixed
-- Added validation of offsets availability when resetting subscription cursors.
+### Removed
+- Removed read_scopes and write_scopes from event types
+- Removed CHECK_APPLICATION_LEVEL_PERMISSIONS feature
 
 ## [1.1.3] - 2017-08-03
 

docs/_data/nakadi-event-bus-api.yaml

@@ -73,7 +73,7 @@ info:
     Other aspects of the Event Bus are at this moment to be defined and otherwise specified, not included
     in this version of this specification.
 
-  version: '0.8.0'
+  version: '0.9.0'
   contact:
     name: Team Aruha @ Zalando
     email: [email protected]
@@ -2262,28 +2262,6 @@ definitions:
       authorization:
         $ref: '#/definitions/EventTypeAuthorization'
 
-      write_scopes:
-        type: array
-        items:
-          type: string
-        description: |
-          This field is used for event publishing access control. Nakadi only authorises publishers whose session
-          contains at least one of the scopes in this list.
-          If no scopes provided then anyone can publish to this event type.
-
-          Usage of write_scopes is deprecated.
-
-      read_scopes:
-        type: array
-        items:
-          type: string
-        description: |
-          This field is used for event consuming access control. Nakadi only authorises consumers whose session
-          contains at least one of the scopes in this list.
-          If no scopes provided then anyone can consume from this event type.
-
-          Usage of read_scopes is deprecated.
-
       created_at:
         type: string
         pattern: date-time

src/main/java/org/zalando/nakadi/controller/CursorOperationsController.java

@@ -24,7 +24,6 @@
 import org.zalando.nakadi.exceptions.runtime.CursorConversionException;
 import org.zalando.nakadi.exceptions.runtime.InvalidCursorOperation;
 import org.zalando.nakadi.exceptions.runtime.MyNakadiRuntimeException1;
-import org.zalando.nakadi.exceptions.runtime.NoEventTypeException;
 import org.zalando.nakadi.repository.EventTypeRepository;
 import org.zalando.nakadi.security.Client;
 import org.zalando.nakadi.service.AuthorizationValidator;
@@ -72,8 +71,6 @@ public CursorOperationsController(final CursorOperationsService cursorOperations
     public ResponseEntity<?> getDistance(@PathVariable("eventTypeName") final String eventTypeName,
                                          @Valid @RequestBody final ValidListWrapper<CursorDistance> queries,
                                          final Client client) throws InternalNakadiException, NoSuchEventTypeException {
-        // TODO: remove once new authorization is in place
-        checkReadScopes(eventTypeName, client);
 
         final EventType eventType = eventTypeRepository.findByName(eventTypeName);
         authorizationValidator.authorizeStreamRead(eventType);
@@ -102,8 +99,6 @@ public ResponseEntity<?> getDistance(@PathVariable("eventTypeName") final String
     public ResponseEntity<?> moveCursors(@PathVariable("eventTypeName") final String eventTypeName,
                                          @Valid @RequestBody final ValidListWrapper<ShiftedCursor> cursors,
                                          final Client client) throws InternalNakadiException, NoSuchEventTypeException {
-        // TODO: remove once new authorization is in place
-        checkReadScopes(eventTypeName, client);
 
         final EventType eventType = eventTypeRepository.findByName(eventTypeName);
         authorizationValidator.authorizeStreamRead(eventType);
@@ -124,8 +119,6 @@ public ResponseEntity<?> moveCursors(@PathVariable("eventTypeName") final String
     public List<CursorLag> cursorsLag(@PathVariable("eventTypeName") final String eventTypeName,
                                         @Valid @RequestBody final ValidListWrapper<Cursor> cursors,
                                         final Client client) throws InternalNakadiException, NoSuchEventTypeException {
-        // TODO: remove once new authorization is in place
-        checkReadScopes(eventTypeName, client);
 
         final EventType eventType = eventTypeRepository.findByName(eventTypeName);
         authorizationValidator.authorizeStreamRead(eventType);
@@ -163,18 +156,6 @@ private String clientErrorMessage(final InvalidCursorOperation.Reason reason) {
         }
     }
 
-    private void checkReadScopes(final String eventTypeName, final Client client) {
-        final EventType eventType;
-        try {
-            eventType = eventTypeRepository.findByName(eventTypeName);
-            client.checkScopes(eventType.getReadScopes());
-        } catch (final InternalNakadiException e) {
-            throw new MyNakadiRuntimeException1("failed to get event type", e);
-        } catch (final NoSuchEventTypeException e) {
-            throw new NoEventTypeException(e.getMessage(), e);
-        }
-    }
-
     private CursorLag toCursorLag(final NakadiCursorLag nakadiCursorLag) {
         return new CursorLag(
                 nakadiCursorLag.getPartition(),

src/main/java/org/zalando/nakadi/controller/EventStreamController.java

@@ -24,7 +24,6 @@
 import org.zalando.nakadi.domain.NakadiCursor;
 import org.zalando.nakadi.domain.PartitionStatistics;
 import org.zalando.nakadi.domain.Timeline;
-import org.zalando.nakadi.exceptions.IllegalScopeException;
 import org.zalando.nakadi.exceptions.InternalNakadiException;
 import org.zalando.nakadi.exceptions.InvalidCursorException;
 import org.zalando.nakadi.exceptions.NakadiException;
@@ -221,9 +220,6 @@ public StreamingResponseBody streamEvents(
                     Collections.singletonList(eventTypeName))) {
                 final EventType eventType = eventTypeRepository.findByName(eventTypeName);
 
-                // TODO: deprecate and remove previous authorization strategy
-                client.checkScopes(eventType.getReadScopes());
-
                 authorizeStreamRead(eventTypeName);
 
                 // validate parameters
@@ -287,9 +283,6 @@ public StreamingResponseBody streamEvents(
                 writeProblemResponse(response, outputStream, e.asProblem());
             } catch (final InvalidCursorException e) {
                 writeProblemResponse(response, outputStream, PRECONDITION_FAILED, e.getMessage());
-            } catch (final IllegalScopeException e) {
-                // TODO: deprecate and remove previous authorization strategy
-                writeProblemResponse(response, outputStream, FORBIDDEN, e.getMessage());
             } catch (final AccessDeniedException e) {
                 writeProblemResponse(response, outputStream, FORBIDDEN, e.explain());
             } catch (final Exception e) {

src/main/java/org/zalando/nakadi/controller/ExceptionHandling.java

@@ -11,7 +11,6 @@
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.context.request.NativeWebRequest;
 import org.zalando.nakadi.exceptions.IllegalClientIdException;
-import org.zalando.nakadi.exceptions.IllegalScopeException;
 import org.zalando.nakadi.exceptions.NakadiException;
 import org.zalando.nakadi.exceptions.NakadiRuntimeException;
 import org.zalando.nakadi.exceptions.TimelineException;
@@ -84,12 +83,6 @@ public ResponseEntity<Problem> accessDeniedException(final AccessDeniedException
         return Responses.create(Response.Status.FORBIDDEN, exception.explain(), request);
     }
 
-    @ExceptionHandler(IllegalScopeException.class)
-    public ResponseEntity<Problem> handleIllegalScopeException(final IllegalScopeException exception,
-                                                               final NativeWebRequest request) {
-        return Responses.create(Response.Status.FORBIDDEN, exception.getMessage(), request);
-    }
-
     @ExceptionHandler(IllegalClientIdException.class)
     public ResponseEntity<Problem> handleIllegalClientIdException(final IllegalClientIdException exception,
                                                                   final NativeWebRequest request) {

src/main/java/org/zalando/nakadi/domain/EventTypeBase.java

@@ -11,7 +11,6 @@
 import javax.validation.constraints.Size;
 import java.util.Collections;
 import java.util.List;
-import java.util.Set;
 
 import static java.util.Collections.unmodifiableList;
 
@@ -58,32 +57,25 @@ public class EventTypeBase {
     @Valid
     private EventTypeAuthorization authorization;
 
-    private Set<String> writeScopes;
-
-    private Set<String> readScopes;
-
     private CompatibilityMode compatibilityMode;
 
     public EventTypeBase() {
         this.validationStrategies = Collections.emptyList();
         this.enrichmentStrategies = Collections.emptyList();
         this.partitionStrategy = PartitionStrategy.RANDOM_STRATEGY;
         this.options = new EventTypeOptions();
-        this.writeScopes = Collections.emptySet();
-        this.readScopes = Collections.emptySet();
         this.compatibilityMode = CompatibilityMode.FORWARD;
     }
 
     public EventTypeBase(final String name, final String topic, final String owningApplication,
-                         final EventCategory category,
-                         final List<ValidationStrategyConfiguration> validationStrategies,
-                         final List<EnrichmentStrategyDescriptor> enrichmentStrategies,
-                         final String partitionStrategy,
-                         final List<String> partitionKeyFields, final EventTypeSchemaBase schema,
-                         final EventTypeStatistics defaultStatistic,
-                         final EventTypeOptions options, final Set<String> writeScopes,
-                         final Set<String> readScopes,
-                         final CompatibilityMode compatibilityMode) {
+                     final EventCategory category,
+                     final List<ValidationStrategyConfiguration> validationStrategies,
+                     final List<EnrichmentStrategyDescriptor> enrichmentStrategies,
+                     final String partitionStrategy,
+                     final List<String> partitionKeyFields, final EventTypeSchemaBase schema,
+                     final EventTypeStatistics defaultStatistic,
+                     final EventTypeOptions options,
+                     final CompatibilityMode compatibilityMode) {
         this.name = name;
         this.topic = topic;
         this.owningApplication = owningApplication;
@@ -95,8 +87,6 @@ public EventTypeBase(final String name, final String topic, final String owningA
         this.schema = schema;
         this.defaultStatistic = defaultStatistic;
         this.options = options;
-        this.writeScopes = writeScopes;
-        this.readScopes = readScopes;
         this.compatibilityMode = compatibilityMode;
     }
 
@@ -112,8 +102,6 @@ public EventTypeBase(final EventTypeBase eventType) {
         this.setSchema(eventType.getSchema());
         this.setDefaultStatistic(eventType.getDefaultStatistic());
         this.setOptions(eventType.getOptions());
-        this.setWriteScopes(eventType.getWriteScopes());
-        this.setReadScopes(eventType.getReadScopes());
         this.setCompatibilityMode(eventType.getCompatibilityMode());
         this.setAuthorization(eventType.getAuthorization());
     }
@@ -202,22 +190,6 @@ public void setOptions(final EventTypeOptions options) {
         this.options = options;
     }
 
-    public Set<String> getWriteScopes() {
-        return Collections.unmodifiableSet(writeScopes);
-    }
-
-    public void setWriteScopes(final Set<String> writeScopes) {
-        this.writeScopes = writeScopes == null ? Collections.emptySet() : writeScopes;
-    }
-
-    public Set<String> getReadScopes() {
-        return Collections.unmodifiableSet(readScopes);
-    }
-
-    public void setReadScopes(final Set<String> readScopes) {
-        this.readScopes = readScopes == null ? Collections.emptySet() : readScopes;
-    }
-
     public CompatibilityMode getCompatibilityMode() {
         return compatibilityMode;
     }

src/main/java/org/zalando/nakadi/security/Client.java

@@ -1,9 +1,5 @@
 package org.zalando.nakadi.security;
 
-import org.zalando.nakadi.exceptions.IllegalScopeException;
-
-import java.util.Set;
-
 public abstract class Client {
 
     private final String clientId;
@@ -12,8 +8,6 @@ public Client(final String clientId) {
         this.clientId = clientId;
     }
 
-    public abstract void checkScopes(Set<String> allowedScopes) throws IllegalScopeException;
-
     public String getClientId() {
         return clientId;
     }

src/main/java/org/zalando/nakadi/security/ClientResolver.java

@@ -20,7 +20,6 @@
 import java.util.Set;
 
 import static org.zalando.nakadi.config.SecuritySettings.AuthMode.OFF;
-import static org.zalando.nakadi.util.FeatureToggleService.Feature.CHECK_APPLICATION_LEVEL_PERMISSIONS;
 
 @Component
 public class ClientResolver implements HandlerMethodArgumentResolver {
@@ -46,8 +45,7 @@ public Client resolveArgument(final MethodParameter parameter,
                                   final NativeWebRequest request,
                                   final WebDataBinderFactory binderFactory) throws Exception {
         final Optional<String> clientId = Optional.ofNullable(request.getUserPrincipal()).map(Principal::getName);
-        if (!featureToggleService.isFeatureEnabled(CHECK_APPLICATION_LEVEL_PERMISSIONS)
-                || clientId.filter(settings.getAdminClientId()::equals).isPresent()
+        if (clientId.filter(settings.getAdminClientId()::equals).isPresent()
                 || settings.getAuthMode() == OFF) {
             return new FullAccessClient(clientId.orElse(FULL_ACCESS_CLIENT_ID));
         }

src/main/java/org/zalando/nakadi/security/FullAccessClient.java

@@ -1,17 +1,9 @@
 package org.zalando.nakadi.security;
 
-import org.zalando.nakadi.exceptions.IllegalScopeException;
-
-import java.util.Set;
-
 public class FullAccessClient extends Client {
 
     public FullAccessClient(final String clientId) {
         super(clientId);
     }
 
-    @Override
-    public void checkScopes(final Set<String> allowedScopes) throws IllegalScopeException {
-
-    }
 }

src/main/java/org/zalando/nakadi/security/NakadiClient.java

@@ -1,7 +1,5 @@
 package org.zalando.nakadi.security;
 
-import org.zalando.nakadi.exceptions.IllegalScopeException;
-
 import java.util.Set;
 
 public class NakadiClient extends Client {
@@ -12,15 +10,4 @@ public NakadiClient(final String clientId, final Set<String> scopes) {
         super(clientId);
         this.scopes = scopes;
     }
-
-    @Override
-    public void checkScopes(final Set<String> allowedScopes) throws IllegalScopeException {
-        if (!allowedScopes.isEmpty()) {
-            allowedScopes.stream()
-                    .filter(scopes::contains)
-                    .findAny()
-                    .orElseThrow(() -> new IllegalScopeException(allowedScopes));
-        }
-    }
-
 }