refactored extensions-authzforce-attribute

extensions-policy-decision-point-service updated velocity templates for generated files. Baton migration scripts for any files that need to be renamed. Baton migrations for any Objects that need to be renamed.
boozallen · Jul 29, 2024 · d6dec38 · d6dec38
1 parent d71cfd3
commit d6dec38
Show file tree

Hide file tree

Showing 59 changed files with 920 additions and 288 deletions.
diff --git a/...ns/extensions-docker/aissemble-policy-decision-point/src/main/resources/docker/Dockerfile b/...ns/extensions-docker/aissemble-policy-decision-point/src/main/resources/docker/Dockerfile
@@ -3,7 +3,7 @@ FROM ${docker.baseline.repo.id}/boozallen/aissemble-quarkus:${project.version}
 LABEL org.opencontainers.image.source="https://github.com/boozallen/aissemble"
 
 COPY --chown=default ./src/main/resources/truststore/aissemble-secure.jks $JAVA_APP_DIR/
-COPY --chown=default ./src/main/resources/krausening/base/aiops-security.properties $JAVA_APP_DIR/krausening/base/
+COPY --chown=default ./src/main/resources/krausening/base/aissemble-security.properties $JAVA_APP_DIR/krausening/base/
 COPY --chown=default ./src/main/resources/authorization/policies/test-policy.xml $JAVA_APP_DIR/
 COPY --chown=default ./src/main/resources/authorization/attributes/test-attributes.json $JAVA_APP_DIR/
 COPY --chown=default ./src/main/resources/authorization/pdp.xml $JAVA_APP_DIR/

diff --git a/...krausening/base/aiops-security.properties → ...sening/base/aissemble-security.properties b/...krausening/base/aiops-security.properties → ...sening/base/aissemble-security.properties
diff --git a/...-attribute/src/main/resources/com.github.boozallen.aissemble.authz.attribute.provider.xsd b/...-attribute/src/main/resources/com.github.boozallen.aissemble.authz.attribute.provider.xsd
@@ -8,10 +8,10 @@
    <xs:import namespace="http://authzforce.github.io/xmlns/pdp/ext/3" />
    <xs:annotation>
       <xs:documentation xml:lang="en">
-         Data Model for the Aiops  Attribute Extension
+         Data Model for the Aissemble Attribute Extension
       </xs:documentation>
    </xs:annotation>
-   <xs:complexType name="AiopsAttributeExtension">
+   <xs:complexType name="AissembleAttributeExtension">
       <xs:annotation>
          <xs:documentation>
             aiSSEMBLE Attribute Extensions. This extension provides easier attribute store configuration for aiSSEMBLE.

diff --git a/extensions/extensions-security/extensions-authzforce/README.md b/extensions/extensions-security/extensions-authzforce/README.md
@@ -9,14 +9,14 @@ The following tasks will help you add authentication to your module.
         -  ```keytool -import -file cacert.pem -keystore aissemble-secure.jks -storepass password```
 1. Add the jks file to your environment and set the following krausening property to point to your keystore location 
     - ```keystore.file.location=/path/to/my/keystore.jks```
-1. Use one of the authentication methods from com.boozallen.aiops.cookbook.authorization or create your own class that 
-imlements the AiopsSecureTokenServiceClient interface 
+1. Use one of the authentication methods from com.boozallen.aissemble.cookbook.authorization or create your own class that 
+imlements the AissembleSecureTokenServiceClient interface 
 (_currently we have one for Keycloak and one for simple JWT_) 
     - Add the following to your code
     - 
     ```         
-      AiopsSecureTokenServiceClient aiopsSecureTokenServiceClient = new AiopsSimpleSecureTokenServiceClient();
-      aiopsSecureTokenServiceClient.authenticate("aiops", "password");
-      String token = aiopsSecureTokenServiceClient.getJWTToken();
+      AissembleSecureTokenServiceClient aissembleSecureTokenServiceClient = new AissembleSimpleSecureTokenServiceClient();
+      aissembleSecureTokenServiceClient.authenticate("aissemble", "password");
+      String token = aissembleSecureTokenServiceClient.getJWTToken();
     ```
     - You can then use the information contained in the JWT token to allow/deny access
diff --git a/...ization/AbstractAuthorizationRequest.java → ...ization/AbstractAuthorizationRequest.java b/...ization/AbstractAuthorizationRequest.java → ...ization/AbstractAuthorizationRequest.java
@@ -1,4 +1,4 @@
-package com.boozallen.aiops.security.authorization;
+package com.boozallen.aissemble.security.authorization;
 
 /*-
  * #%L
@@ -10,7 +10,7 @@
  * #L%
  */
 
-import com.boozallen.aiops.security.authorization.policy.ClaimType;
+import com.boozallen.aissemble.security.authorization.policy.ClaimType;
 
 /**
  * Common aspect of a request for authorization information (e.g., a policy decision, attribute).

diff --git a/...rity/authorization/AissembleKeyStore.java → ...rity/authorization/AissembleKeyStore.java b/...rity/authorization/AissembleKeyStore.java → ...rity/authorization/AissembleKeyStore.java
@@ -1,4 +1,4 @@
-package com.boozallen.aiops.security.authorization;
+package com.boozallen.aissemble.security.authorization;
 
 /*-
  * #%L
@@ -18,15 +18,14 @@
 import java.security.UnrecoverableKeyException;
 import java.security.cert.X509Certificate;
 
+import com.boozallen.aissemble.security.config.SecurityConfiguration;
+import com.boozallen.aissemble.security.exception.AissembleSecurityException;
 import org.aeonbits.owner.KrauseningConfigFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.boozallen.aiops.security.config.SecurityConfiguration;
-import com.boozallen.aiops.security.exception.AiopsSecurityException;
-
 /**
- * Class to load and hold keystore information for AIOps security.
+ * Class to load and hold keystore information for aissemble security.
  */
 public class AissembleKeyStore {
 
@@ -63,7 +62,7 @@ private KeyStore loadKeyStore() {
             keyStore.load(new FileInputStream(KEYSTORE_LOCATION), KEYSTORE_PASSWORD.toCharArray());
         } catch (Exception e) {
             logger.error("Error loading keystore", e);
-            throw new AiopsSecurityException("Unable to load keystore!", e);
+            throw new AissembleSecurityException("Unable to load keystore!", e);
         }
 
         return keyStore;
@@ -76,7 +75,7 @@ private X509Certificate getCertificateFromKeyStore(KeyStore keyStore) {
             cert = (X509Certificate) keyStore.getCertificate(KEY_ALIAS);
         } catch (KeyStoreException e) {
             logger.error("Error getting certificate from keystore", e);
-            throw new AiopsSecurityException("Unable to get certificate from keystore!", e);
+            throw new AissembleSecurityException("Unable to get certificate from keystore!", e);
         }
 
         return cert;
@@ -89,7 +88,7 @@ private Key getKeyFromKeyStore(KeyStore keyStore) {
             key = keyStore.getKey(KEY_ALIAS, KEYSTORE_PASSWORD.toCharArray());
         } catch (UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException e) {
             logger.error("Error getting key from keystore", e);
-            throw new AiopsSecurityException("Unable to get key from keystore!", e);
+            throw new AissembleSecurityException("Unable to get key from keystore!", e);
         }
 
         return key;

diff --git a/...iopsKeycloakSecureTokenServiceClient.java → ...mbleKeycloakSecureTokenServiceClient.java b/...iopsKeycloakSecureTokenServiceClient.java → ...mbleKeycloakSecureTokenServiceClient.java
@@ -1,4 +1,4 @@
-package com.boozallen.aiops.security.authorization;
+package com.boozallen.aissemble.security.authorization;
 
 /*-
  * #%L
@@ -10,8 +10,8 @@
  * #L%
  */
 
-import com.boozallen.aiops.security.config.SecurityConfiguration;
-import com.boozallen.aiops.security.exception.AiopsSecurityException;
+import com.boozallen.aissemble.security.config.SecurityConfiguration;
+import com.boozallen.aissemble.security.exception.AissembleSecurityException;
 
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jws;
@@ -27,9 +27,9 @@
 /**
  * Client for authenticating via KeyCloak.
  */
-public class AiopsKeycloakSecureTokenServiceClient implements AiopsSecureTokenServiceClient {
+public class AissembleKeycloakSecureTokenServiceClient implements AissembleSecureTokenServiceClient {
 
-    private static final Logger logger = LoggerFactory.getLogger(AiopsKeycloakSecureTokenServiceClient.class);
+    private static final Logger logger = LoggerFactory.getLogger(AissembleKeycloakSecureTokenServiceClient.class);
 
     private static final SecurityConfiguration configuration = KrauseningConfigFactory.create(SecurityConfiguration.class);
 
@@ -54,7 +54,7 @@ public String authenticate(String username, String password) {
             } else {
                 String error = "Authentication is enabled, but user is not authenticated!";
                 logger.error(error);
-                throw new AiopsSecurityException(error);
+                throw new AissembleSecurityException(error);
             }
         } else {
             // TODO: Once authentication and authorization are fully implemented we need to decide what to do if

diff --git a/...zation/AiopsSecureTokenServiceClient.java → ...on/AissembleSecureTokenServiceClient.java b/...zation/AiopsSecureTokenServiceClient.java → ...on/AissembleSecureTokenServiceClient.java
@@ -1,4 +1,4 @@
-package com.boozallen.aiops.security.authorization;
+package com.boozallen.aissemble.security.authorization;
 
 /*-
  * #%L
@@ -14,9 +14,9 @@
 import io.jsonwebtoken.Jws;
 
 /**
- * Interface for an AIOps token service client.
+ * Interface for an aissemble token service client.
  */
-public interface AiopsSecureTokenServiceClient {
+public interface AissembleSecureTokenServiceClient {
 
     /**
      * Authenticates a user.

diff --git a/.../AiopsSimpleSecureTokenServiceClient.java → ...sembleSimpleSecureTokenServiceClient.java b/.../AiopsSimpleSecureTokenServiceClient.java → ...sembleSimpleSecureTokenServiceClient.java
@@ -1,4 +1,4 @@
-package com.boozallen.aiops.security.authorization;
+package com.boozallen.aissemble.security.authorization;
 
 /*-
  * #%L
@@ -18,9 +18,9 @@
 /**
  * Client for authenticating via a simple JWT token.
  */
-public class AiopsSimpleSecureTokenServiceClient implements AiopsSecureTokenServiceClient {
+public class AissembleSimpleSecureTokenServiceClient implements AissembleSecureTokenServiceClient {
 
-    static final Logger logger = LoggerFactory.getLogger(AiopsSimpleSecureTokenServiceClient.class);
+    static final Logger logger = LoggerFactory.getLogger(AissembleSimpleSecureTokenServiceClient.class);
 
     /**
      * {@inheritDoc}

diff --git a/...urity/authorization/JsonWebTokenUtil.java → ...urity/authorization/JsonWebTokenUtil.java b/...urity/authorization/JsonWebTokenUtil.java → ...urity/authorization/JsonWebTokenUtil.java
@@ -1,4 +1,4 @@
-package com.boozallen.aiops.security.authorization;
+package com.boozallen.aissemble.security.authorization;
 
 /*-
  * #%L
@@ -10,14 +10,14 @@
  * #L%
  */
 
-import com.boozallen.aiops.security.authorization.policy.AttributeRequest;
-import com.boozallen.aiops.security.authorization.policy.AttributeValue;
-import com.boozallen.aiops.security.authorization.policy.ClaimType;
-import com.boozallen.aiops.security.authorization.policy.PolicyRequest;
-import com.boozallen.aiops.security.config.SecurityConfiguration;
-import com.boozallen.aiops.security.authorization.policy.PolicyDecision;
-import com.boozallen.aiops.security.authorization.policy.PolicyDecisionPoint;
-import com.boozallen.aiops.security.authorization.policy.AiopsAttributeProvider;
+import com.boozallen.aissemble.security.authorization.policy.AttributeRequest;
+import com.boozallen.aissemble.security.authorization.policy.AttributeValue;
+import com.boozallen.aissemble.security.authorization.policy.ClaimType;
+import com.boozallen.aissemble.security.authorization.policy.PolicyRequest;
+import com.boozallen.aissemble.security.config.SecurityConfiguration;
+import com.boozallen.aissemble.security.authorization.policy.PolicyDecision;
+import com.boozallen.aissemble.security.authorization.policy.PolicyDecisionPoint;
+import com.boozallen.aissemble.security.authorization.policy.AissembleAttributeProvider;
 
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jws;
@@ -43,7 +43,7 @@ public final class JsonWebTokenUtil {
     private static final SecurityConfiguration config = KrauseningConfigFactory.create(SecurityConfiguration.class);
     private static final AissembleKeyStore keyStore = new AissembleKeyStore();
     private static PolicyDecisionPoint pdp = PolicyDecisionPoint.getInstance();
-    private static AiopsAttributeProvider attributeProvider = new AiopsAttributeProvider();
+    private static AissembleAttributeProvider attributeProvider = new AissembleAttributeProvider();
 
     private JsonWebTokenUtil() {
     }
@@ -70,7 +70,7 @@ public static String createToken(String subject, String audience, Collection<? e
                 } else {
                     AttributeRequest attributeClaim = (AttributeRequest) ruleClaim;
                     Collection<AttributeValue<?>> foundAttributes = attributeProvider
-                            .getAiopsAttributeByIdAndSubject(attributeClaim.getRequestedAttributeId(), subject);
+                            .getAissembleAttributeByIdAndSubject(attributeClaim.getRequestedAttributeId(), subject);
                     String attributeValue = null;
                     if (foundAttributes != null) {
                         attributeValue = foundAttributes.stream().map(AttributeValue::getValueAsString)

diff --git a/...ity/authorization/models/AuthRequest.java → ...ity/authorization/models/AuthRequest.java b/...ity/authorization/models/AuthRequest.java → ...ity/authorization/models/AuthRequest.java
@@ -1,4 +1,4 @@
-package com.boozallen.aiops.security.authorization.models;
+package com.boozallen.aissemble.security.authorization.models;
 
 /*-
  * #%L

diff --git a/...rity/authorization/models/PDPRequest.java → ...rity/authorization/models/PDPRequest.java b/...rity/authorization/models/PDPRequest.java → ...rity/authorization/models/PDPRequest.java
@@ -1,4 +1,4 @@
-package com.boozallen.aiops.security.authorization.models;
+package com.boozallen.aissemble.security.authorization.models;
 
 /*-
  * #%L

diff --git a/.../authorization/policy/AiopsAttribute.java → ...horization/policy/AissembleAttribute.java b/.../authorization/policy/AiopsAttribute.java → ...horization/policy/AissembleAttribute.java
@@ -1,4 +1,4 @@
-package com.boozallen.aiops.security.authorization.policy;
+package com.boozallen.aissemble.security.authorization.policy;
 
 /*-
  * #%L
@@ -15,7 +15,7 @@
 /**
  * Represents the structure of an attribute for policy decision.
  */
-public class AiopsAttribute {
+public class AissembleAttribute {
 
     private String id;
 

diff --git a/...orization/policy/AiopsAttributePoint.java → ...ation/policy/AissembleAttributePoint.java b/...orization/policy/AiopsAttributePoint.java → ...ation/policy/AissembleAttributePoint.java
@@ -1,4 +1,4 @@
-package com.boozallen.aiops.security.authorization.policy;
+package com.boozallen.aissemble.security.authorization.policy;
 
 /*-
  * #%L
@@ -14,16 +14,16 @@
 
 /**
  * The interface that defines the contract for looking up attribute values. This can be a local or remote source. It
- * should be specified in the aiops attribute definition json file for each attribute so that
- * {@link AiopsAttributeProvider} can find the value for a specified attribute.
+ * should be specified in the aissemble attribute definition json file for each attribute so that
+ * {@link AissembleAttributeProvider} can find the value for a specified attribute.
  * 
  * While any number of attributes can be used for lookups, almost all scenarios will revolve around look up
  * attributes for specific subjects. As such, the interface will focus on that until a demand signal arises for more
  * complicated scenarios.
  * 
  * Implementations MUST have a no-argument constructor.
  */
-public interface AiopsAttributePoint {
+public interface AissembleAttributePoint {
 
     /**
      * Returns the valid for a specific attribute id. For our purposes, we will just use id along to determine the value