Show the tenant group in the dqops cloud calls.

piotrczarnas · piotrczarnas · commit a8a2e7647f40 · 2024-05-07T20:34:19.000+02:00
diff --git a/dqops/src/main/java/com/dqops/core/dqocloud/accesskey/DqoCloudCredentialsProviderImpl.java b/dqops/src/main/java/com/dqops/core/dqocloud/accesskey/DqoCloudCredentialsProviderImpl.java
@@ -55,45 +55,46 @@ public DqoCloudCredentialsProviderImpl(DqoCloudApiClientFactory dqoCloudApiClien
     public TenantAccessTokenModel issueTenantAccessToken(DqoRoot rootType, UserDomainIdentity userIdentity) {
         ApiClient authenticatedClient = this.dqoCloudApiClientFactory.createAuthenticatedClient(userIdentity);
         AccessTokenIssueApi accessTokenIssueApi = new AccessTokenIssueApi(authenticatedClient);
+        String tenantIdFull = userIdentity.getTenantId() + "/" + userIdentity.getTenantGroupId();
         switch (rootType) {
             case data_sensor_readouts:
-                return accessTokenIssueApi.issueBucketSensorReadoutsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketSensorReadoutsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case data_check_results:
-                return accessTokenIssueApi.issueBucketCheckResultsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketCheckResultsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case data_errors:
-                return accessTokenIssueApi.issueBucketErrorsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketErrorsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case data_statistics:
-                return accessTokenIssueApi.issueBucketStatisticsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketStatisticsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case data_incidents:
-                return accessTokenIssueApi.issueBucketIncidentsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketIncidentsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case sources:
-                return accessTokenIssueApi.issueBucketSourcesRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketSourcesRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case sensors:
-                return accessTokenIssueApi.issueBucketSensorsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketSensorsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case rules:
-                return accessTokenIssueApi.issueBucketRulesRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketRulesRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case checks:
-                return accessTokenIssueApi.issueBucketChecksRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketChecksRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case settings:
-                return accessTokenIssueApi.issueBucketSettingsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketSettingsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case credentials:
-                return accessTokenIssueApi.issueBucketCredentialsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketCredentialsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case dictionaries:
-                return accessTokenIssueApi.issueBucketDictionariesRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketDictionariesRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             case patterns:
-                return accessTokenIssueApi.issueBucketPatternsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), userIdentity.getTenantId());
+                return accessTokenIssueApi.issueBucketPatternsRWAccessToken(userIdentity.getDataDomainCloud(), userIdentity.getTenantOwner(), tenantIdFull);
 
             default:
                 throw new RuntimeException("Unknown root: " + rootType);
diff --git a/dqops/src/main/java/com/dqops/core/principal/DqoUserPrincipal.java b/dqops/src/main/java/com/dqops/core/principal/DqoUserPrincipal.java
@@ -44,7 +44,7 @@ public class DqoUserPrincipal {
     public DqoUserPrincipal(String dataDomainFolder, String dataDomainCloud) {
         this.accountRole = DqoUserRole.NONE;
         this.privileges = Collections.unmodifiableList(new ArrayList<>());
-        this.dataDomainIdentity = new UserDomainIdentity(UNAUTHENTICATED_PRINCIPAL_NAME, DqoUserRole.NONE, dataDomainFolder, dataDomainCloud, null, null);
+        this.dataDomainIdentity = new UserDomainIdentity(UNAUTHENTICATED_PRINCIPAL_NAME, DqoUserRole.NONE, dataDomainFolder, dataDomainCloud, null, null, null);
     }
 
     /**
@@ -56,17 +56,19 @@ public DqoUserPrincipal(String dataDomainFolder, String dataDomainCloud) {
      * @param dataDomainCloud The real data domain on DQOps cloud that is mounted.
      * @param tenantOwner Tenant owner's email.
      * @param tenantId Tenant id.
+     * @param tenantGroupId Tenant group id.
      */
     public DqoUserPrincipal(String name,
                             DqoUserRole accountRole,
                             Collection<GrantedAuthority> privileges,
                             String dataDomainFolder,
                             String dataDomainCloud,
                             String tenantOwner,
-                            String tenantId) {
+                            String tenantId,
+                            Integer tenantGroupId) {
         this.accountRole = accountRole;
         this.privileges = privileges;
-        this.dataDomainIdentity = new UserDomainIdentity(name, accountRole, dataDomainFolder, dataDomainCloud, tenantOwner, tenantId);
+        this.dataDomainIdentity = new UserDomainIdentity(name, accountRole, dataDomainFolder, dataDomainCloud, tenantOwner, tenantId, tenantGroupId);
     }
 
     /**
@@ -82,7 +84,8 @@ public DqoUserPrincipal(String name, DqoUserRole accountRole, Collection<Granted
                             DqoCloudApiKeyPayload apiKeyPayload, String dataDomainFolder, String dataDomainCloud) {
         this(name, accountRole, privileges, dataDomainFolder, dataDomainCloud,
                 apiKeyPayload != null ? apiKeyPayload.getSubject() : null,
-                apiKeyPayload != null ? apiKeyPayload.getTenantId() : null);
+                apiKeyPayload != null ? apiKeyPayload.getTenantId() : null,
+                apiKeyPayload != null ? apiKeyPayload.getTenantGroup() : null);
         this.apiKeyPayload = apiKeyPayload;
     }
 
@@ -95,10 +98,11 @@ public DqoUserPrincipal(String name, DqoUserRole accountRole, Collection<Granted
      * @param dataDomainFolder The data domain folder name.
      * @param dataDomainCloud The real data domain on DQOps cloud that is mounted.
      * @param tenantId Tenant id.
+     * @param tenantGroupId Tenant group id.
      */
     public DqoUserPrincipal(String name, DqoUserRole accountRole, Collection<GrantedAuthority> privileges, DqoUserTokenPayload userTokenPayload,
-                            String dataDomainFolder, String dataDomainCloud, String tenantId) {
-        this(name, accountRole, privileges, dataDomainFolder, dataDomainCloud, name, tenantId);
+                            String dataDomainFolder, String dataDomainCloud, String tenantId, Integer tenantGroupId) {
+        this(name, accountRole, privileges, dataDomainFolder, dataDomainCloud, name, tenantId, tenantGroupId);
         this.userTokenPayload = userTokenPayload;
     }
 
diff --git a/dqops/src/main/java/com/dqops/core/principal/DqoUserPrincipalProviderImpl.java b/dqops/src/main/java/com/dqops/core/principal/DqoUserPrincipalProviderImpl.java
@@ -79,7 +79,7 @@ public DqoUserPrincipal createUserPrincipalForAdministrator() {
             // user not authenticated to DQOps Cloud, so we use a default token
             List<GrantedAuthority> adminPrivileges = DqoPermissionGrantedAuthorities.getPrivilegesForRole(DqoUserRole.ADMIN);
             DqoUserPrincipal dqoUserPrincipalLocal = new DqoUserPrincipal("", DqoUserRole.ADMIN, adminPrivileges,
-                    UserDomainIdentity.DEFAULT_DATA_DOMAIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null);
+                    UserDomainIdentity.DEFAULT_DATA_DOMAIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null, null);
             return dqoUserPrincipalLocal;
         }
 
@@ -104,7 +104,7 @@ public DqoUserPrincipal getLocalUserPrincipal() {
             // user not authenticated to DQOps Cloud, so we use a default token
             List<GrantedAuthority> adminPrivileges = DqoPermissionGrantedAuthorities.getPrivilegesForRole(DqoUserRole.ADMIN);
             DqoUserPrincipal dqoUserPrincipalLocal = new DqoUserPrincipal("", DqoUserRole.ADMIN, adminPrivileges,
-                    UserDomainIdentity.DEFAULT_DATA_DOMAIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null);
+                    UserDomainIdentity.DEFAULT_DATA_DOMAIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null, null);
             return dqoUserPrincipalLocal;
         }
 
diff --git a/dqops/src/main/java/com/dqops/core/principal/UserDomainIdentity.java b/dqops/src/main/java/com/dqops/core/principal/UserDomainIdentity.java
@@ -44,14 +44,16 @@ public class UserDomainIdentity {
     /**
      * The default identity of the local instance, a user who manages the root data domain on this DQOps instance.
      */
-    public static final UserDomainIdentity LOCAL_INSTANCE_ADMIN_IDENTITY = new UserDomainIdentity(SYSTEM_USER, DqoUserRole.ADMIN, DEFAULT_DATA_DOMAIN, DEFAULT_DATA_DOMAIN, null, null);
+    public static final UserDomainIdentity LOCAL_INSTANCE_ADMIN_IDENTITY = new UserDomainIdentity(SYSTEM_USER, DqoUserRole.ADMIN, DEFAULT_DATA_DOMAIN,
+            DEFAULT_DATA_DOMAIN, null, null, null);
 
     private final String userName;
     private final DqoUserRole domainRole;
     private final String dataDomainFolder;
     private final String dataDomainCloud;
     private final String tenantOwner;
     private final String tenantId;
+    private final Integer tenantGroupId;
 
     /**
      * Creates a user identity object.
@@ -61,19 +63,22 @@ public class UserDomainIdentity {
      * @param dataDomainCloud The real data domain on DQOps cloud that is mounted.
      * @param tenantOwner The email of the tenant owner.
      * @param tenantId The tenant id.
+     * @param tenantGroupId Tenant group id.
      */
     public UserDomainIdentity(String userName,
                               DqoUserRole domainRole,
                               String dataDomainFolder,
                               String dataDomainCloud,
                               String tenantOwner,
-                              String tenantId) {
+                              String tenantId,
+                              Integer tenantGroupId) {
         this.userName = userName;
         this.domainRole = domainRole;
         this.dataDomainFolder = !Strings.isNullOrEmpty(dataDomainFolder) ? dataDomainFolder : DEFAULT_DATA_DOMAIN;
         this.dataDomainCloud = dataDomainCloud;
         this.tenantOwner = tenantOwner;
         this.tenantId = tenantId;
+        this.tenantGroupId = tenantGroupId;
     }
 
     /**
@@ -83,7 +88,7 @@ public UserDomainIdentity(String userName,
      * @return System user identity for the given data domain.
      */
     public static UserDomainIdentity createDataDomainAdminIdentity(String dataDomainFolder, String dataDomainCloud) {
-        return  new UserDomainIdentity(SYSTEM_USER, DqoUserRole.ADMIN, dataDomainFolder, dataDomainCloud, null, null);
+        return  new UserDomainIdentity(SYSTEM_USER, DqoUserRole.ADMIN, dataDomainFolder, dataDomainCloud, null, null, null);
     }
 
     /**
@@ -135,6 +140,14 @@ public String getTenantId() {
         return tenantId;
     }
 
+    /**
+     * Returns the tenant group id.
+     * @return Tenant group id.
+     */
+    public Integer getTenantGroupId() {
+        return tenantGroupId;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;
diff --git a/dqops/src/main/java/com/dqops/rest/server/authentication/DqoAuthenticationTokenFactoryImpl.java b/dqops/src/main/java/com/dqops/rest/server/authentication/DqoAuthenticationTokenFactoryImpl.java
@@ -98,7 +98,7 @@ public Authentication createAuthenticatedWithUserToken(DqoUserTokenPayload userT
 
         List<GrantedAuthority> grantedPrivileges = DqoPermissionGrantedAuthorities.getPrivilegesForRole(effectiveRole);
         DqoUserPrincipal dqoUserPrincipal = new DqoUserPrincipal(userTokenPayload.getUser(), userTokenPayload.getAccountRole(),
-                grantedPrivileges, userTokenPayload, dataDomainFolderName, effectiveCloudDataDomainName, userTokenPayload.getTenantId());
+                grantedPrivileges, userTokenPayload, dataDomainFolderName, effectiveCloudDataDomainName, userTokenPayload.getTenantId(), userTokenPayload.getTenantGroup());
 
         UsernamePasswordAuthenticationToken apiKeyAuthenticationToken = new UsernamePasswordAuthenticationToken(
                 dqoUserPrincipal, userTokenPayload, dqoUserPrincipal.getPrivileges());
diff --git a/dqops/src/test/java/com/dqops/core/principal/DqoUserPrincipalObjectMother.java b/dqops/src/test/java/com/dqops/core/principal/DqoUserPrincipalObjectMother.java
@@ -32,7 +32,7 @@ public class DqoUserPrincipalObjectMother {
     public static DqoUserPrincipal createStandaloneAdmin() {
         List<GrantedAuthority> privileges = DqoPermissionGrantedAuthorities.getPrivilegesForRole(DqoUserRole.ADMIN);
         DqoUserPrincipal dqoUserPrincipal = new DqoUserPrincipal("test", DqoUserRole.ADMIN, privileges,
-                UserDomainIdentity.DEFAULT_DATA_DOMAIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null);
+                UserDomainIdentity.DEFAULT_DATA_DOMAIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null, null);
         return dqoUserPrincipal;
     }
 }
diff --git a/dqops/src/test/java/com/dqops/core/principal/UserDomainIdentityObjectMother.java b/dqops/src/test/java/com/dqops/core/principal/UserDomainIdentityObjectMother.java
@@ -27,6 +27,7 @@ public class UserDomainIdentityObjectMother {
      * @return Admin user identity.
      */
     public static UserDomainIdentity createAdminIdentity() {
-        return new UserDomainIdentity("test", DqoUserRole.ADMIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null);
+        return new UserDomainIdentity("test", DqoUserRole.ADMIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN,
+                UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null, null);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ public class DqoUserPrincipalObjectMother {`
`32`	`32`	`public static DqoUserPrincipal createStandaloneAdmin() {`
`33`	`33`	`List<GrantedAuthority> privileges = DqoPermissionGrantedAuthorities.getPrivilegesForRole(DqoUserRole.ADMIN);`
`34`	`34`	`DqoUserPrincipal dqoUserPrincipal = new DqoUserPrincipal("test", DqoUserRole.ADMIN, privileges,`
`35`		`- UserDomainIdentity.DEFAULT_DATA_DOMAIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null);`
	`35`	`+ UserDomainIdentity.DEFAULT_DATA_DOMAIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null, null);`
`36`	`36`	`return dqoUserPrincipal;`
`37`	`37`	`}`
`38`	`38`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ public class UserDomainIdentityObjectMother {`
`27`	`27`	`* @return Admin user identity.`
`28`	`28`	`*/`
`29`	`29`	`public static UserDomainIdentity createAdminIdentity() {`
`30`		`- return new UserDomainIdentity("test", DqoUserRole.ADMIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null);`
	`30`	`+ return new UserDomainIdentity("test", DqoUserRole.ADMIN, UserDomainIdentity.DEFAULT_DATA_DOMAIN,`
	`31`	`+ UserDomainIdentity.DEFAULT_DATA_DOMAIN, null, null, null);`
`31`	`32`	`}`
`32`	`33`	`}`