Merge branch 'develop'

.env

@@ -4,7 +4,7 @@ STELLIO_SEARCH_DB_DATABASE=stellio_search
 STELLIO_SUBSCRIPTION_DB_DATABASE=stellio_subscription
 POSTGRES_DBNAME=${STELLIO_SEARCH_DB_DATABASE},${STELLIO_SUBSCRIPTION_DB_DATABASE}
 
-STELLIO_DOCKER_TAG=2.0.0
+STELLIO_DOCKER_TAG=2.1.0
 
 STELLIO_AUTHENTICATION_ENABLED=false
 

.github/pr-labeler.yml

@@ -2,5 +2,3 @@ feature: ['feature/*', 'feat/*']
 fix: fix/*
 chore: chore/*
 refactoring: refactor/*
-fixed-branch: fixed-branch-name
-

.github/workflows/pr-labeler.yml

@@ -3,11 +3,16 @@ on:
   pull_request:
     types: [opened]
 
+permissions:
+  contents: read
+
 jobs:
   pr-labeler:
+    permissions:
+      contents: read # for TimonVS/pr-labeler-action to read config file
+      pull-requests: write # for TimonVS/pr-labeler-action to add labels in PR
     runs-on: ubuntu-latest
     steps:
-      - uses: TimonVS/pr-labeler-action@v3.1.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
+      - uses: TimonVS/pr-labeler-action@v4.1.1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -64,6 +64,18 @@ Please note that the environment and scripts are validated on Ubuntu and macOS.
 
 We also provide an experimental configuration to deploy Stellio in a k8s cluster (only tested in Minikube as of now). For more information, please look at [the README](kubernetes/README.md)
 
+## Docker images tagging
+
+Starting from version 2.0.0, a new scheme is used for tagging of Docker images:
+* Releases are tagged with the version number, e.g., `stellio/stellio-search-service:2.0.0`
+* `latest` tag is no longer used for releases as it can be dangerous (for instance, triggering an unwanted major
+  upgrade)
+* Developement versions (automatically produced when a commit is pushed on the `develop` branch) are tagged with a 
+  tag containing the `-dev` suffix, e.g., `stellio/stellio-search-service:2.1.0-dev`
+* On each commit on the `develop` branch, an image with the `latest-dev` tag is produced, e.g., `stellio/stellio-search-service:latest-dev`
+
+The version number is obtained during the build process by using the `version` information in the `build.gradle.kts` file.
+
 ## Development
 
 ### Developing on a service
@@ -186,4 +198,4 @@ It mainly makes use of the following libraries and frameworks (dependencies of d
 | WireMock            | APL v2       |
 | Testcontainers      | 	MIT         |
 
-© 2020 - 2022 EGM
+© 2020 - 2023 EGM

api-gateway/Dockerfile

@@ -1,7 +1,15 @@
-FROM adoptopenjdk/openjdk11:alpine-jre
-RUN addgroup -S stellio && adduser -S stellio -G stellio
-USER stellio:stellio
+# You can build a Docker image of the module with the following command:
+# docker build --build-arg JAR_FILE=build/libs/api-gateway-{version}.jar -t stellio-api-gateway:{version} .
+FROM eclipse-temurin:17-jre as builder
+WORKDIR application
 ARG JAR_FILE=build/libs/*.jar
-COPY ${JAR_FILE} app.jar
-ENTRYPOINT ["java","-jar","/app.jar"]
+COPY ${JAR_FILE} application.jar
+RUN java -Djarmode=layertools -jar application.jar extract
 
+FROM eclipse-temurin:17-jre
+WORKDIR application
+COPY --from=builder application/dependencies/ ./
+COPY --from=builder application/spring-boot-loader/ ./
+COPY --from=builder application/snapshot-dependencies/ ./
+COPY --from=builder application/application/ ./
+ENTRYPOINT ["java", "org.springframework.boot.loader.JarLauncher"]

api-gateway/build.gradle.kts

@@ -7,15 +7,14 @@ plugins {
 
 dependencies {
     implementation("org.springframework.cloud:spring-cloud-starter-gateway")
-    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
 
-    detektPlugins("io.gitlab.arturbosch.detekt:detekt-formatting:1.21.0")
+    detektPlugins("io.gitlab.arturbosch.detekt:detekt-formatting:1.22.0")
 }
 
 springBoot {
     buildInfo {
         properties {
-            name = "Stellio Context Broker"
+            name.set("Stellio Context Broker")
         }
     }
 }

api-gateway/src/main/kotlin/com/egm/stellio/apigateway/ApiGatewayApplication.kt

@@ -12,6 +12,7 @@ import reactor.netty.transport.logging.AdvancedByteBufFormat
 
 @SpringBootApplication
 class ApiGatewayApplication {
+
     @Value("\${application.search-service.url:search-service}")
     private val searchServiceUrl: String = ""
 
@@ -31,29 +32,15 @@ class ApiGatewayApplication {
                     "/ngsi-ld/v1/entityOperations/**",
                     "/ngsi-ld/v1/entityAccessControl/**",
                     "/ngsi-ld/v1/types/**",
-                    "/ngsi-ld/v1/attributes/**"
-                )
-                    .filters {
-                        it.tokenRelay()
-                    }
-                    .uri("http://$searchServiceUrl:8083")
-            }
-            .route { p ->
-                p.path(
+                    "/ngsi-ld/v1/attributes/**",
                     "/ngsi-ld/v1/temporal/entities/**",
                     "/ngsi-ld/v1/temporal/entityOperations/**"
-                )
-                    .filters {
-                        it.tokenRelay()
-                    }
-                    .uri("http://$searchServiceUrl:8083")
+                ).uri("http://$searchServiceUrl:8083")
             }
             .route { p ->
-                p.path("/ngsi-ld/v1/subscriptions/**")
-                    .filters {
-                        it.tokenRelay()
-                    }
-                    .uri("http://$subscriptionServiceUrl:8084")
+                p.path(
+                    "/ngsi-ld/v1/subscriptions/**"
+                ).uri("http://$subscriptionServiceUrl:8084")
             }
             .build()
 }

api-gateway/src/main/resources/application-docker.yml

@@ -0,0 +1,5 @@
+application:
+  search-service:
+    url: search-service
+  subscription-service:
+    url: subscription-service

api-gateway/src/main/resources/application.yml

@@ -1,22 +1,4 @@
 spring:
-  security:
-    oauth2:
-      client:
-        registration:
-          login-client:
-            provider: keycloak
-            client-id: api-gateway
-            client-secret: client-secret
-            authorization-grant-type: authorization_code
-            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
-            scope: openid,profile,email,resource.read
-        provider:
-          keycloak:
-            authorization-uri: http://127.0.0.1:8081/auth/realms/stellio/protocol/openid-connect/auth
-            token-uri: http://127.0.0.1:8081/auth/realms/stellio/protocol/openid-connect/token
-            user-info-uri: http://127.0.0.1:8081/auth/realms/stellio/protocol/openid-connect/userinfo
-            user-name-attribute: sub
-            jwk-set-uri: http://127.0.0.1:8081/auth/realms/stellio/protocol/openid-connect/certs
   cloud:
     gateway:
       routes:
@@ -25,14 +7,12 @@ spring:
           predicates:
             - Path=/search-service/actuator/**
           filters:
-            - TokenRelay=
             - RewritePath=/search-service/actuator, /actuator
         - id: subscription_service_actuator
           uri: http://subscription-service:8084
           predicates:
             - Path=/subscription-service/actuator/**
           filters:
-            - TokenRelay=
             - RewritePath=/subscription-service/actuator, /actuator
       globalcors:
         corsConfigurations:
@@ -45,6 +25,12 @@ spring:
               - DELETE
             allowedHeaders: "*"
 
+application:
+  search-service:
+    url: localhost
+  subscription-service:
+    url: localhost
+
 management:
   endpoints:
     enabled-by-default: false

build.gradle.kts

@@ -11,20 +11,22 @@ buildscript {
     }
 }
 
-extra["springCloudVersion"] = "2021.0.3"
+extra["springCloudVersion"] = "2022.0.0"
 extra["testcontainersVersion"] = "1.17.5"
 
 plugins {
-    java // why did I have to add that ?!
+    // https://docs.spring.io/spring-boot/docs/current/gradle-plugin/reference/htmlsingle/#reacting-to-other-plugins.java
+    java
     // only apply the plugin in the subprojects requiring it because it expects a Spring Boot app
     // and the shared lib is obviously not one
-    id("org.springframework.boot") version "2.7.5" apply false
+    id("org.springframework.boot") version "3.0.2" apply false
     id("io.spring.dependency-management") version "1.1.0" apply false
-    kotlin("jvm") version "1.6.21" apply false
-    kotlin("plugin.spring") version "1.6.21" apply false
-    id("org.jlleitschuh.gradle.ktlint") version "11.0.0"
+    id("org.graalvm.buildtools.native") version "0.9.19"
+    kotlin("jvm") version "1.8.10" apply false
+    kotlin("plugin.spring") version "1.8.10" apply false
+    id("org.jlleitschuh.gradle.ktlint") version "11.1.0"
     id("com.google.cloud.tools.jib") version "3.3.1" apply false
-    id("io.gitlab.arturbosch.detekt") version "1.21.0" apply false
+    id("io.gitlab.arturbosch.detekt") version "1.22.0" apply false
     id("org.sonarqube") version "3.5.0.2730"
     jacoco
 }
@@ -68,7 +70,7 @@ subprojects {
         implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
         implementation("com.github.jsonld-java:jsonld-java:0.13.4")
 
-        implementation("io.arrow-kt:arrow-fx-coroutines:1.1.3")
+        implementation("io.arrow-kt:arrow-fx-coroutines:1.1.5")
 
         implementation("org.locationtech.jts.io:jts-io-common:1.19.0")
 
@@ -78,11 +80,10 @@ subprojects {
         runtimeOnly("io.micrometer:micrometer-registry-prometheus")
 
         testImplementation("org.springframework.boot:spring-boot-starter-test") {
-            // to ensure we are using mocks and spies from springmockk lib instead
+            // to ensure we are using mocks and spies from springmockk (and not from Mockito)
             exclude(module = "mockito-core")
         }
-        testImplementation("com.ninja-squad:springmockk:3.1.2")
-        testImplementation("io.mockk:mockk:1.13.3")
+        testImplementation("com.ninja-squad:springmockk:4.0.0")
         testImplementation("io.projectreactor:reactor-test")
         testImplementation("org.springframework.security:spring-security-test")
         testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test")
@@ -173,7 +174,7 @@ subprojects {
 
 allprojects {
     group = "com.egm.stellio"
-    version = "2.0.0"
+    version = "2.1.0"
 
     repositories {
         mavenCentral()

config/detekt/detekt.yml

@@ -14,6 +14,7 @@ complexity:
     excludes: ['**/src/test/**']
   LargeClass:
     excludes: ['**/src/test/**']
+    threshold: 1000
   NamedArguments:
     active: true
   ReplaceSafeCallChainWithRun:
@@ -79,11 +80,18 @@ style:
 #  DataClassShouldBeImmutable:
 #    active: true
   DestructuringDeclarationWithTooManyEntries:
-    active: false
+    active: true
   ExplicitCollectionElementAccessMethod:
     active: true
   ExpressionBodySyntax:
     active: true
+  ForbiddenSuppress:
+    active: true
+  MultilineLambdaItParameter:
+    active: true
+  MultilineRawStringIndentation:
+    active: true
+    indentSize: 0
   NoTabs:
     active: true
   OptionalWhenBraces:
@@ -94,9 +102,11 @@ style:
     active: true
   TrailingWhitespace:
     active: true
+  UnnecessaryLet:
+    active: true
   UnnecessaryParentheses:
     active: true
-  UnnecessaryLet:
+  UnusedImports:
     active: true
   UseDataClass:
     active: true

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

search-service/Dockerfile

@@ -1,7 +1,15 @@
-FROM adoptopenjdk/openjdk11:alpine-jre
-RUN addgroup -S stellio && adduser -S stellio -G stellio
-USER stellio:stellio
+# You can build a Docker image of the module with the following command:
+# docker build --build-arg JAR_FILE=build/libs/search-service-{version}.jar -t stellio-search-service:{version} .
+FROM eclipse-temurin:17-jre as builder
+WORKDIR application
 ARG JAR_FILE=build/libs/*.jar
-COPY ${JAR_FILE} app.jar
-ENTRYPOINT ["java","-jar","/app.jar"]
+COPY ${JAR_FILE} application.jar
+RUN java -Djarmode=layertools -jar application.jar extract
 
+FROM eclipse-temurin:17-jre
+WORKDIR application
+COPY --from=builder application/dependencies/ ./
+COPY --from=builder application/spring-boot-loader/ ./
+COPY --from=builder application/snapshot-dependencies/ ./
+COPY --from=builder application/application/ ./
+ENTRYPOINT ["java", "org.springframework.boot.loader.JarLauncher"]

search-service/build.gradle.kts

@@ -22,7 +22,7 @@ dependencies {
     implementation("com.savvasdalkitsis:json-merge:0.0.6")
     implementation(project(":shared"))
 
-    detektPlugins("io.gitlab.arturbosch.detekt:detekt-formatting:1.21.0")
+    detektPlugins("io.gitlab.arturbosch.detekt:detekt-formatting:1.22.0")
 
     developmentOnly("org.springframework.boot:spring-boot-devtools")
 

search-service/config/detekt/baseline.xml

@@ -6,7 +6,7 @@
     <ID>ClassNaming:V0_29__JsonLd_migration.kt$V0_29__JsonLd_migration : BaseJavaMigration</ID>
     <ID>ComplexCondition:EntityHandler.kt$EntityHandler$queryParams.ids.isEmpty() &amp;&amp; queryParams.q.isNullOrEmpty() &amp;&amp; queryParams.types.isEmpty() &amp;&amp; queryParams.attrs.isEmpty()</ID>
     <ID>ComplexCondition:EntityPayloadService.kt$EntityPayloadService$it &amp;&amp; !inverse || !it &amp;&amp; inverse</ID>
-    <ID>LargeClass:TemporalEntityAttributeService.kt$TemporalEntityAttributeService</ID>
+    <ID>Filename:db.migration.V0_29__JsonLd_migration.kt:1</ID>
     <ID>LongMethod:AttributeInstanceService.kt$AttributeInstanceService$@Transactional suspend fun create(attributeInstance: AttributeInstance): Either&lt;APIException, Unit&gt;</ID>
     <ID>LongMethod:EntityAccessControlHandler.kt$EntityAccessControlHandler$@PostMapping("/{subjectId}/attrs", consumes = [MediaType.APPLICATION_JSON_VALUE, JSON_LD_CONTENT_TYPE]) suspend fun addRightsOnEntities( @RequestHeader httpHeaders: HttpHeaders, @PathVariable subjectId: String, @RequestBody requestBody: Mono&lt;String&gt; ): ResponseEntity&lt;*&gt;</ID>
     <ID>LongMethod:EntityEventServiceTests.kt$EntityEventServiceTests$@Test fun `it should publish ATTRIBUTE_APPEND and ATTRIBUTE_REPLACE events if attributes were appended and replaced`()</ID>
@@ -25,7 +25,6 @@
     <ID>LongParameterList:TemporalEntityAttributeService.kt$TemporalEntityAttributeService$( entityId: URI, ngsiLdAttribute: NgsiLdAttribute, attributeMetadata: AttributeMetadata, createdAt: ZonedDateTime, attributePayload: ExpandedAttributePayloadEntry, sub: Sub? )</ID>
     <ID>LongParameterList:TemporalEntityAttributeService.kt$TemporalEntityAttributeService$( temporalEntityAttribute: TemporalEntityAttribute, ngsiLdAttribute: NgsiLdAttribute, attributeMetadata: AttributeMetadata, createdAt: ZonedDateTime, attributePayload: ExpandedAttributePayloadEntry, sub: Sub? )</ID>
     <ID>LongParameterList:V0_29__JsonLd_migration.kt$V0_29__JsonLd_migration$( entityId: URI, attributeName: ExpandedTerm, datasetId: URI?, attributePayload: ExpandedAttributePayloadEntry, ngsiLdAttributeInstance: NgsiLdAttributeInstance, defaultCreatedAt: ZonedDateTime )</ID>
-    <ID>MaxLineLength:TemporalEntityAttributeService.kt$TemporalEntityAttributeService$ (@.</ID>
     <ID>NestedBlockDepth:V0_29__JsonLd_migration.kt$V0_29__JsonLd_migration$override fun migrate(context: Context)</ID>
     <ID>SwallowedException:QueryUtils.kt$e: IllegalArgumentException</ID>
     <ID>ThrowsCount:QueryUtils.kt$fun buildTemporalQuery(params: MultiValueMap&lt;String, String&gt;, inQueryEntities: Boolean = false): TemporalQuery</ID>

search-service/src/main/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationService.kt

@@ -141,7 +141,6 @@ class EnabledAuthorizationService(
         limit: Int,
         sub: Option<Sub>
     ): Either<APIException, Pair<Int, List<JsonLdEntity>>> {
-
         return either {
             val groups =
                 when (userIsAdmin(sub)) {
@@ -180,15 +179,15 @@ class EnabledAuthorizationService(
                     } else {
                         {
                             """
-                        ( 
-                            (specific_access_policy = 'AUTH_READ' OR specific_access_policy = 'AUTH_WRITE')
-                            OR
-                            (tea.entity_id IN (
-                                SELECT entity_id
-                                FROM entity_access_rights
-                                WHERE subject_id IN (${it.toListOfString()})
-                            ))
-                        )
+                            ( 
+                                (specific_access_policy = 'AUTH_READ' OR specific_access_policy = 'AUTH_WRITE')
+                                OR
+                                (tea.entity_id IN (
+                                    SELECT entity_id
+                                    FROM entity_access_rights
+                                    WHERE subject_id IN (${it.toListOfString()})
+                                ))
+                            )
                             """.trimIndent()
                         }
                     }

search-service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsService.kt

@@ -80,7 +80,7 @@ class EntityAccessRightsService(
             .bind("entity_id", entityId)
             .bind("subject_id", sub)
             .executeExpected {
-                if (it == 0)
+                if (it == 0L)
                     ResourceNotFoundException("No right found for $sub on $entityId").left()
                 else Unit.right()
             }