Add device group configuration models

Jason · jbutler · commit 599b4c70060e · 2021-03-24T19:07:59.000-06:00
diff --git a/lombok.config b/lombok.config
@@ -0,0 +1 @@
+lombok.addLombokGeneratedAnnotation = true
diff --git a/pom.xml b/pom.xml
@@ -45,13 +45,13 @@
         <dependency>
             <groupId>com.aws.greengrass</groupId>
             <artifactId>nucleus</artifactId>
-            <version>2.0.0-SNAPSHOT</version>
+            <version>2.1.0-SNAPSHOT</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>com.aws.greengrass</groupId>
             <artifactId>nucleus</artifactId>
-            <version>2.0.0-SNAPSHOT</version>
+            <version>2.1.0-SNAPSHOT</version>
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>
@@ -70,7 +70,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-junit-jupiter</artifactId>
-            <version>3.2.4</version>
+            <version>3.5.13</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
diff --git a/src/main/java/com/aws/greengrass/device/DeviceSupportService.java b/src/main/java/com/aws/greengrass/device/DeviceSupportService.java
@@ -5,23 +5,60 @@
 
 package com.aws.greengrass.device;
 
+import com.aws.greengrass.config.Node;
 import com.aws.greengrass.config.Topics;
+import com.aws.greengrass.config.WhatHappened;
 import com.aws.greengrass.dependency.ImplementsService;
+import com.aws.greengrass.device.configuration.GroupConfiguration;
+import com.aws.greengrass.device.configuration.GroupManager;
 import com.aws.greengrass.lifecyclemanager.PluginService;
+import com.fasterxml.jackson.databind.MapperFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
 
 import javax.inject.Inject;
 
+import static com.aws.greengrass.componentmanager.KernelConfigResolver.CONFIGURATION_CONFIG_KEY;
+
 @ImplementsService(name = DeviceSupportService.DEVICE_SUPPORT_SERVICE_NAME)
+@SuppressWarnings("PMD.UnusedPrivateField")
 public class DeviceSupportService extends PluginService {
     public static final String DEVICE_SUPPORT_SERVICE_NAME = "aws.greengrass.DeviceSupport";
+    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper()
+            .enable(MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS, MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES);
+
+    private final GroupManager groupManager;
+
+    private final SessionManager sessionManager;
+
+    private final Topics configurationTopics;
 
     /**
      * Constructor.
      *
-     * @param topics             Root Configuration topic for this service
+     * @param topics         Root Configuration topic for this service
+     * @param groupManager   Group configuration management
+     * @param sessionManager Session management
      */
     @Inject
-    public DeviceSupportService(Topics topics) {
+    public DeviceSupportService(Topics topics, GroupManager groupManager, SessionManager sessionManager) {
         super(topics);
+        this.groupManager = groupManager;
+        this.sessionManager = sessionManager;
+
+        //handleConfiguration
+        this.configurationTopics = topics.lookupTopics(CONFIGURATION_CONFIG_KEY);
+        this.configurationTopics.subscribe(this::handleConfigurationChange);
+    }
+
+    @SuppressWarnings("PMD.UnusedFormalParameter")
+    private void handleConfigurationChange(WhatHappened whatHappened, Node childNode) {
+        try {
+            groupManager.setGroupConfiguration(
+                    OBJECT_MAPPER.convertValue(configurationTopics.toPOJO(), GroupConfiguration.class));
+        } catch (IllegalArgumentException e) {
+            logger.atError().kv("service", DEVICE_SUPPORT_SERVICE_NAME).kv("event", whatHappened)
+                    .kv("node", configurationTopics.getFullName()).kv("value", configurationTopics).setCause(e)
+                    .log("Unable to parse group configuration");
+        }
     }
 }
diff --git a/src/main/java/com/aws/greengrass/device/SessionManager.java b/src/main/java/com/aws/greengrass/device/SessionManager.java
@@ -0,0 +1,11 @@
+package com.aws.greengrass.device;
+
+/**
+ * Singleton class for managing AuthN and AuthZ session.
+ */
+public class SessionManager {
+
+    public Session getSession(String sessionId) {
+        return null;
+    }
+}
diff --git a/src/main/java/com/aws/greengrass/device/configuration/AuthorizationPolicy.java b/src/main/java/com/aws/greengrass/device/configuration/AuthorizationPolicy.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.aws.greengrass.device.configuration;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
+import lombok.Builder;
+import lombok.Value;
+
+import java.util.Collections;
+import java.util.Set;
+
+@Value
+@Builder
+@JsonDeserialize(builder = AuthorizationPolicy.AuthorizationPolicyBuilder.class)
+public class AuthorizationPolicy {
+
+    String policyId;
+
+    String policyDescription;
+
+    @Builder.Default
+    Effect effect = Effect.ALLOW;
+
+    @Builder.Default
+    Set<String> operations = Collections.emptySet();
+
+    @Builder.Default
+    Set<String> resources = Collections.emptySet();
+
+    @JsonPOJOBuilder(withPrefix = "")
+    public static class AuthorizationPolicyBuilder {
+    }
+
+    public enum Effect {
+        ALLOW, DENY
+    }
+}
diff --git a/src/main/java/com/aws/greengrass/device/configuration/ConfigurationFormatVersion.java b/src/main/java/com/aws/greengrass/device/configuration/ConfigurationFormatVersion.java
@@ -0,0 +1,12 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.aws.greengrass.device.configuration;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+public enum ConfigurationFormatVersion {
+    @JsonProperty("2021-03-05") MAR_05_2021
+}
diff --git a/src/main/java/com/aws/greengrass/device/configuration/GroupConfiguration.java b/src/main/java/com/aws/greengrass/device/configuration/GroupConfiguration.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.aws.greengrass.device.configuration;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
+import lombok.Builder;
+import lombok.Value;
+
+import java.util.Collections;
+import java.util.Map;
+
+@Value
+@Builder
+@JsonDeserialize(builder = GroupConfiguration.GroupConfigurationBuilder.class)
+public class GroupConfiguration {
+
+    @Builder.Default
+    ConfigurationFormatVersion version = ConfigurationFormatVersion.MAR_05_2021;
+
+    @Builder.Default
+    Map<String, GroupDefinition> groups = Collections.emptyMap();
+
+    @Builder.Default
+    Map<String, Map<String, AuthorizationPolicy>> roles = Collections.emptyMap();
+
+    @JsonPOJOBuilder(withPrefix = "")
+    public static class GroupConfigurationBuilder {
+    }
+
+}
diff --git a/src/main/java/com/aws/greengrass/device/configuration/GroupDefinition.java b/src/main/java/com/aws/greengrass/device/configuration/GroupDefinition.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.aws.greengrass.device.configuration;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
+import lombok.Builder;
+import lombok.NonNull;
+import lombok.Value;
+
+@Value
+@JsonDeserialize(builder = GroupDefinition.GroupDefinitionBuilder.class)
+public class GroupDefinition {
+
+    String selectionRule;
+
+    // RuleExpressionNode ruleExpressionTree;
+
+    String roleName;
+
+    @Builder
+    GroupDefinition(@NonNull String selectionRule, @NonNull String roleName) {
+        this.selectionRule = selectionRule;
+        //TODO build binary expression tree from rule string
+        // this.ruleExpressionTree = null;
+        this.roleName = roleName;
+    }
+
+    @JsonPOJOBuilder(withPrefix = "")
+    public static class GroupDefinitionBuilder {
+    }
+}
diff --git a/src/main/java/com/aws/greengrass/device/configuration/GroupManager.java b/src/main/java/com/aws/greengrass/device/configuration/GroupManager.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.aws.greengrass.device.configuration;
+
+import com.aws.greengrass.device.Session;
+import com.aws.greengrass.logging.api.Logger;
+import com.aws.greengrass.logging.impl.LogManager;
+
+import java.util.Collections;
+import java.util.Set;
+import java.util.concurrent.atomic.AtomicReference;
+
+/**
+ * a singleton manager class for managing device group roles.
+ * It listens to configuration update through nucleus, On the hand, for each request in a session, it iterate through
+ * the configurations to find match group(s), returning the authorization policies of group(s).
+ */
+@SuppressWarnings("PMD.UnusedPrivateField")
+public class GroupManager {
+    private static final Logger logger = LogManager.getLogger(GroupManager.class);
+
+    private final AtomicReference<GroupConfiguration> groupConfigurationRef = new AtomicReference<>();
+
+    public void setGroupConfiguration(GroupConfiguration groupConfiguration) {
+        groupConfigurationRef.set(groupConfiguration);
+    }
+
+    /**
+     * find applicable policies to evaluate for the given device request.
+     *
+     * @param session session used to retrieve cached device attributes
+     * @return set of applicable policy for the device
+     */
+    public Set<AuthorizationPolicy> getApplicablePolicies(Session session) {
+        // GroupConfiguration config = groupConfiguration.get();
+        //TODO iterate groups to find matching group(s), return the policies.
+
+        return Collections.emptySet();
+    }
+
+}
diff --git a/src/main/java/com/aws/greengrass/device/configuration/RuleExpressionNode.java b/src/main/java/com/aws/greengrass/device/configuration/RuleExpressionNode.java
@@ -0,0 +1,11 @@
+package com.aws.greengrass.device.configuration;
+
+
+import lombok.Value;
+
+// placeholder, replace with javaCC generated tree node
+@Value
+public class RuleExpressionNode {
+    RuleExpressionNode left;
+    RuleExpressionNode right;
+}
diff --git a/src/test/java/com/aws/greengrass/device/DeviceSupportServiceTest.java b/src/test/java/com/aws/greengrass/device/DeviceSupportServiceTest.java
diff --git a/src/test/resources/com/aws/greengrass/device/badGroupConfig.yaml b/src/test/resources/com/aws/greengrass/device/badGroupConfig.yaml
diff --git a/src/test/resources/com/aws/greengrass/device/emptyGroupConfig.yaml b/src/test/resources/com/aws/greengrass/device/emptyGroupConfig.yaml
diff --git a/src/test/resources/com/aws/greengrass/device/groupConfig.yaml b/src/test/resources/com/aws/greengrass/device/groupConfig.yaml

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+lombok.addLombokGeneratedAnnotation = true`