Add authenticated annotation to endpoints that have actions

3 years ago · 5c96690241
8 changed files with 69 additions and 27 deletions
--- a/src/main/java/com/redhat/pctsec/model/BrewBuild.java
+++ b/src/main/java/com/redhat/pctsec/model/BrewBuild.java
@ -1,10 +1,12 @@
 package com.redhat.pctsec.model;
 import jakarta.persistence.Entity;
 import org.eclipse.microprofile.openapi.annotations.media.Schema;
 import java.net.URI;
 import java.net.URL;
@Entity
 public class BrewBuild extends BuildType {
--- a/src/main/java/com/redhat/pctsec/model/Git.java
+++ b/src/main/java/com/redhat/pctsec/model/Git.java
@ -4,6 +4,7 @@ import jakarta.persistence.Entity;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
 import org.eclipse.microprofile.openapi.annotations.media.Schema;
 import java.net.URI;
 import java.util.UUID;
--- a/src/main/java/com/redhat/pctsec/model/ScanRequest.java
+++ b/src/main/java/com/redhat/pctsec/model/ScanRequest.java
@ -43,21 +43,37 @@ public class ScanRequest {
    private RequestType type;
-    @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL)
+    @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL)
    @JoinColumn(name = "brew_build_id", referencedColumnName = "id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
    public BrewBuild brewBuild;
-    @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL)
+    @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL)
    @JoinColumn(name = "pnc_build_id", referencedColumnName = "id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
    public PNCBuild pncBuild;
-    @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL)
+    @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL)
    @JoinColumn(name = "git_id", referencedColumnName = "id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
    public Git git;
    public String getOshScanOptions() {
        return oshScanOptions;
    }
    public void setOshScanOptions(String oshScanOptions) {
        this.oshScanOptions = oshScanOptions;
    }
    public String getScanProperties() {
        return scanProperties;
    }
    public void setScanProperties(String scanProperties) {
        this.scanProperties = scanProperties;
    }
    @Column(name="scan_properties")
    public String scanProperties;
    public ScanRequest() {
--- a/src/main/java/com/redhat/pctsec/model/ScanRequests.java
+++ b/src/main/java/com/redhat/pctsec/model/ScanRequests.java
@ -9,7 +9,6 @@ import java.util.*;
 import java.util.stream.Collectors;
 import jakarta.persistence.*;
 import jakarta.transaction.Transactional;
@ApplicationScoped
@Entity
@ -26,7 +25,7 @@ public class ScanRequests {
    @Column(name="scan_properties")
-    private String scanProperties;
+    private String globalScanProperties;
    @Column(name="scan_metadata")
    private String scanMetadata;
@ -34,7 +33,7 @@ public class ScanRequests {
    public ScanRequests(){
        //Default to the Snyk scan
-        this.scanProperties = "-p snyk-only-unstable --tarball-build-script=\":\"";
+        this.globalScanProperties = "-p snyk-only-unstable --tarball-build-script=\":\"";
        this.scanRequests = new HashSet<>();
    }
@ -94,12 +93,12 @@ public class ScanRequests {
        this.scanRequests = scanRequests;
    }
-    public String getScanProperties() {
+    public String getGlobalScanProperties() {
-        return scanProperties;
+        return globalScanProperties;
    }
-    public void setScanProperties(String scanProperties) {
+    public void setGlobalScanProperties(String globalScanProperties) {
-        this.scanProperties = scanProperties;
+        this.globalScanProperties = globalScanProperties;
    }
    public String getScanMetadata() {
--- a/src/main/java/com/redhat/pctsec/model/ScanTask.java
+++ b/src/main/java/com/redhat/pctsec/model/ScanTask.java
@ -4,14 +4,23 @@ package com.redhat.pctsec.model;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import io.vertx.core.eventbus.impl.EventBusImpl;
 import io.vertx.mutiny.core.eventbus.EventBus;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.enterprise.context.Dependent;
 import jakarta.inject.Inject;
 import jakarta.persistence.*;
-//@ApplicationScoped
+import java.util.UUID;
-@Dependent
+
@Entity
@ApplicationScoped
 public class ScanTask {
    @Id
    @GeneratedValue
    protected UUID id;
    @JsonIgnore
    @Transient
    @Inject
    EventBus bus;
    public ScanTaskState state;
@ -22,6 +31,8 @@ public class ScanTask {
    public String tektonRunId;
    @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL)
    @JoinColumn(name = "scan_result_id", referencedColumnName = "id")
    public ScanRequest scanRequest;
--- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanRequestResource.java
+++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanRequestResource.java
@ -1,14 +1,13 @@
 package com.redhat.pctsec.rest.v1alpha1;
 import com.redhat.pctsec.model.Scan;
 import com.redhat.pctsec.model.ScanRequest;
 import com.redhat.pctsec.model.ScanRequests;
 import com.redhat.pctsec.model.jpa.ScanRequestRepository;
 import com.redhat.pctsec.model.osh.paramMapper;
 import io.quarkus.security.Authenticated;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.transaction.Transactional;
 import jakarta.ws.rs.*;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 import picocli.CommandLine;
 import java.util.UUID;
@ -16,14 +15,14 @@ import java.util.UUID;
@Path("/api/v1a/ScanRequest/{id}")
 public class ScanRequestResource {
    @Inject
-    ScanRequestRepository sr;
+    ScanRequestRepository scanRequestRepository;
    @GET
    @Produces({"application/json"})
    public ScanRequest getScanRequest(String id)
    {
-        ScanRequest scanRequest = sr.findById(UUID.fromString(id));
+        ScanRequest scanRequest = scanRequestRepository.findById(UUID.fromString(id));
        return scanRequest;
    }
@ -31,18 +30,20 @@ public class ScanRequestResource {
    @Path("ScanProperties/{scanProperties}")
    @Consumes({"application/octet-stream"})
    @Produces({"application/json"})
    @Authenticated
    @Transactional
    public ScanRequest patchScanRequest(String id, String scanProperties)
    {
-        ScanRequest scanRequest = sr.findById(UUID.fromString(id));
+        ScanRequest scanRequest = scanRequestRepository.findById(UUID.fromString(id));
        try {
            paramMapper pm = new paramMapper(scanProperties);
-           } catch(CommandLine.UnmatchedArgumentException e)
+            }catch(CommandLine.UnmatchedArgumentException e)
            {
                throw new BadRequestException("Invalid OSH Parameter");
            }
-        scanRequest.scanProperties = scanProperties;
+        scanRequest.setScanProperties(scanProperties);
-        sr.persist(scanRequest);
+        scanRequestRepository.persist(scanRequest);
        return scanRequest;
    }
--- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanRequestsResource.java
+++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanRequestsResource.java
@ -5,16 +5,16 @@ import com.redhat.pctsec.model.ScanRequest;
 import com.redhat.pctsec.model.ScanRequests;
 import com.redhat.pctsec.model.jpa.ScanRepository;
 import com.redhat.pctsec.model.jpa.ScanRequestsRepository;
 import io.quarkus.security.Authenticated;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
-import jakarta.ws.rs.GET;
+import jakarta.ws.rs.*;
-import jakarta.ws.rs.Path;
+import org.jboss.resteasy.reactive.common.NotImplementedYet;
 import jakarta.ws.rs.Produces;
 import java.util.UUID;
@ApplicationScoped
-@Path("/api/v1a/ScanRequests")
+@Path("/api/v1a/ScanRequests/{id}")
 public class ScanRequestsResource {
    @Inject
@ -22,7 +22,6 @@ public class ScanRequestsResource {
    @GET
    @Path("{id}")
    @Produces({"application/json"})
    public ScanRequests getScanRequests(String id)
    {
@ -30,4 +29,13 @@ public class ScanRequestsResource {
        return scanRequests;
    }
    @POST
    @Produces({"application/json"})
    @Consumes({"application/json"})
    @Authenticated
    public ScanRequests addScanRequest(String id, ScanRequest scanRequest)
    {
        throw new NotImplementedYet();
    }
 }
--- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java
+++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java
@ -53,6 +53,7 @@ public class ScanResource {
    }
    @GET
    @Path("All")
    @Produces({"application/json"})
    public List<Scan> list()
    {
@ -70,11 +71,11 @@ public class ScanResource {
    @GET
    @Path("{id}/run")
    @Authenticated
    public List<ScanTask> scanRequestExe(String id)
    {
        Scan s = sr.findById(UUID.fromString(id));
        return s.scanRequests.execute(bus);
        //return "We'd normally have a json payload here, with pipeline UID";
    }
@ -82,6 +83,7 @@ public class ScanResource {
    @Path("single/git")
    @Produces({"application/json"})
    @Transactional
    @Authenticated
    public Scan singleGit(@RestQuery String repo, @RestQuery String ref)
    {
        Scan s = new Scan();
@ -95,6 +97,7 @@ public class ScanResource {
    @Path("single/brew")
    @Produces({"application/json"})
    @Transactional
    @Authenticated
    public Scan singleGit(@RestQuery String brewId)
    {
        Scan s = new Scan();
@ -107,6 +110,7 @@ public class ScanResource {
    @Path("single/pnc")
    @Produces({"application/json"})
    @Transactional
    @Authenticated
    public Scan singlePNC(@RestQuery String pncId)
    {
        Scan s = new Scan();