Merge branch 'feature/do-not-leak-user-ids' into feature/remove-user-…

…from-filepath
neicnordic · Dec 12, 2024 · a3330b7 · a3330b7
2 parents 1acdb43 + 556bca7
commit a3330b7
Show file tree

Hide file tree

Showing 32 changed files with 970 additions and 165 deletions.
diff --git a/.github/ISSUE_TEMPLATE/BUG_REPORT.md b/.github/ISSUE_TEMPLATE/BUG_REPORT.md
@@ -5,16 +5,18 @@ labels: bug
 
 ---
 
-**Describe the bug**
+## Describe the bug
 
-**Steps to reproduce**
+## Steps to reproduce
 
-**Expected behavior**
+## Expected behavior
 - [ ] <!-- Issue specific criteria -->
 - [ ] Tests verifying the fix are added
 
-**Additional context**
+## Additional context
 
-**Estimation of size**: small/medium/big
+## Estimation of size
+small/medium/big
 
-**Estimation of priority**: low/medium/high
+## Estimation of priority
+low/medium/high
diff --git a/.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md b/.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md
@@ -4,15 +4,21 @@ about: Suggest an idea for this project
 
 ---
 
-**Please describe the feature**
+## Please describe the feature
+
 As a [type of user], I want [an action] so that [a benefit/a value].
 
-**Acceptance criteria**
+## Acceptance criteria
+
 - [ ] <!--Placeholder for issue specific criterion-->
 - [ ] Tests verifying the changes are added
 
-**Additional context**
+## Additional context
+
+## Estimation of size
+
+small/medium/big
 
-**Estimation of size**: small/medium/big
+## Estimation of priority
 
-**Estimation of priority**: low/medium/high
+low/medium/high
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,8 +1,8 @@
-**Related issue(s) and PR(s)**  
+## Related issue(s) and PR(s)
 This PR closes [issue number].
 
 
-**Description**
+## Description
 
 
-**How to test**
+## How to test
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -101,4 +101,113 @@ updates:
       interval: weekly
     open-pull-requests-limit: 10
     reviewers:
-      - "neicnordic/sensitive-data-development-collaboration"
+      - "neicnordic/sensitive-data-development-collaboration"
+
+## release v1 branch
+### Docker
+  - package-ecosystem: docker
+    target-branch: release_v1
+    directory: "/postgresql"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+    reviewers:
+      - "neicnordic/sensitive-data-development-collaboration"
+
+  - package-ecosystem: docker
+    target-branch: release_v1
+    directory: "/rabbitmq"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+    reviewers:
+      - "neicnordic/sensitive-data-development-collaboration"
+
+  - package-ecosystem: docker
+    target-branch: release_v1
+    directory: "/sda"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+    reviewers:
+      - "neicnordic/sensitive-data-development-collaboration"
+
+  - package-ecosystem: docker
+    target-branch: release_v1
+    directory: "/sda-doa"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+    reviewers:
+      - "neicnordic/sensitive-data-development-collaboration"
+
+  - package-ecosystem: docker
+    target-branch: release_v1
+    directory: "/sda-download"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+    reviewers:
+      - "neicnordic/sensitive-data-development-collaboration"
+
+  - package-ecosystem: docker
+    target-branch: release_v1
+    directory: "/sda-sftp-inbox"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+    reviewers:
+      - "neicnordic/sensitive-data-development-collaboration"
+
+### JAVA
+  - package-ecosystem: maven
+    target-branch: release_v1
+    directory: "/sda-doa"
+    groups:
+      all-modules:
+        patterns:
+          - "*"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "neicnordic/sensitive-data-development-collaboration"
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    target-branch: release_v1
+    directory: "/sda-sftp-inbox"
+    groups:
+      all-modules:
+        patterns:
+          - "*"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "neicnordic/sensitive-data-development-collaboration"
+    schedule:
+      interval: daily
+### GO
+  - package-ecosystem: gomod
+    target-branch: release_v1
+    directory: "/sda-download"
+    groups:
+      all-modules:
+        patterns:
+          - "*"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "neicnordic/sensitive-data-development-collaboration"
+    schedule:
+      interval: daily
+
+  - package-ecosystem: gomod
+    target-branch: release_v1
+    directory: "/sda"
+    groups:
+      all-modules:
+        patterns:
+          - "*"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "neicnordic/sensitive-data-development-collaboration"
+    schedule:
+      interval: daily
diff --git a/.github/integration/sda-s3-integration.yml b/.github/integration/sda-s3-integration.yml
@@ -52,6 +52,7 @@ services:
     image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}-rabbitmq
     ports:
       - "15672:15672"
+      - "5672:5672"
     restart: always
     volumes:
       - rabbitmq_data:/var/lib/rabbitmq
@@ -220,6 +221,8 @@ services:
     depends_on:
       credentials:
         condition: service_completed_successfully
+    extra_hosts:
+      - "localhost:host-gateway"
     healthcheck:
       test: ["CMD", "python3", "-c", 'import requests; print(requests.get(url = "http://localhost:8080/jwk").text)']
       interval: 10s
@@ -330,8 +333,12 @@ services:
       - AUTH_RESIGNJWT=false
       - OIDC_ID=XC56EL11xx
       - OIDC_SECRET=wHPVQaYXmdDHg
+      - OIDC_PROVIDER=http://localhost:8080
+      - OIDC_REDIRECTURL=http://localhost:8889/oidc/login
       - DB_PASSWORD=auth
       - DB_USER=auth
+    extra_hosts:
+      - "localhost:host-gateway"
     image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}
     ports:
       - "8889:8080"
@@ -369,6 +376,8 @@ services:
          condition: service_started
       reencrypt:
          condition: service_started
+    extra_hosts:
+      - "localhost:host-gateway"
     environment:
       - PGPASSWORD=rootpasswd
       - STORAGETYPE=s3

diff --git a/.github/integration/sda/oidc.py b/.github/integration/sda/oidc.py
@@ -51,7 +51,7 @@ def _generate_token() -> Tuple:
     # See available claims here: http://www.iana.org/assignments/jwt/jwt.xhtml
     # the important claim is the "authorities"
     header = {
-        "jku": f"{HTTP_PROTOCOL}://oidc:8080/jwk",
+        "jku": f"{HTTP_PROTOCOL}://localhost:8080/jwk",
         "alg": "ES256",
         "typ": "JWT",
         "kid": ec_key1.thumbprint()
@@ -61,7 +61,7 @@ def _generate_token() -> Tuple:
         "aud": ["aud1", "aud2"],
         "azp": "azp",
         "scope": "openid ga4gh_passport_v1",
-        "iss": "https://oidc:8080/",
+        "iss": "https://localhost:8080/",
         "exp": 9999999999,
         "iat": 1561621913,
         "jti": "6ad7aa42-3e9c-4833-bd16-765cb80c2102",
@@ -71,21 +71,21 @@ def _generate_token() -> Tuple:
         "aud": ["aud2", "aud3"],
         "azp": "azp",
         "scope": "openid ga4gh_passport_v1",
-        "iss": "https://oidc:8080/",
+        "iss": "https://localhost:8080/",
         "exp": 9999999999,
         "iat": 1561621913,
         "jti": "6ad7aa42-3e9c-4833-bd16-765cb80c2102",
     }
     empty_payload = {
         "sub": "[email protected]",
-        "iss": "https://oidc:8080/",
+        "iss": "https://localhost:8080/",
         "exp": 99999999999,
         "iat": 1547794655,
         "jti": "6ad7aa42-3e9c-4833-bd16-765cb80c2102",
     }
     # Craft passports
     passport_terms = {
-        "iss": "https://oidc:8080/",
+        "iss": "https://localhost:8080/",
         "sub": "[email protected]",
         "ga4gh_visa_v1": {
             "type": "AcceptedTermsAndPolicies",
@@ -100,7 +100,7 @@ def _generate_token() -> Tuple:
     }
     # passport for dataset permissions 1
     passport_dataset1 = {
-        "iss": "https://oidc:8080/",
+        "iss": "https://localhost:8080/",
         "sub": "[email protected]",
         "ga4gh_visa_v1": {
             "type": "ControlledAccessGrants",
@@ -165,12 +165,12 @@ def _generate_token() -> Tuple:
 async def fixed_response(request: web.Request) -> web.Response:
     global HTTP_PROTOCOL
     WELL_KNOWN = {
-        "issuer": f"{HTTP_PROTOCOL}://oidc:8080",
-        "authorization_endpoint": f"{HTTP_PROTOCOL}://oidc:8080/authorize",
-        "registration_endpoint": f"{HTTP_PROTOCOL}://oidc:8080/register",
-        "token_endpoint": f"{HTTP_PROTOCOL}://oidc:8080/token",
-        "userinfo_endpoint": f"{HTTP_PROTOCOL}://oidc:8080/userinfo",
-        "jwks_uri": f"{HTTP_PROTOCOL}://oidc:8080/jwk",
+        "issuer": f"{HTTP_PROTOCOL}://localhost:8080",
+        "authorization_endpoint": f"{HTTP_PROTOCOL}://localhost:8080/authorize",
+        "registration_endpoint": f"{HTTP_PROTOCOL}://localhost:8080/register",
+        "token_endpoint": f"{HTTP_PROTOCOL}://localhost:8080/token",
+        "userinfo_endpoint": f"{HTTP_PROTOCOL}://localhost:8080/userinfo",
+        "jwks_uri": f"{HTTP_PROTOCOL}://localhost:8080/jwk",
         "response_types_supported": [
             "code",
             "id_token",

diff --git a/.github/integration/sda/rbac.json b/.github/integration/sda/rbac.json
@@ -30,6 +30,11 @@
           "path": "/file/accession",
           "action": "POST"
        },
+       {
+          "role": "submission",
+          "path": "/file/*",
+          "action": "DELETE"
+       },
        {
           "role": "submission",
           "path": "/users",