Adding protected-path support

Miguel Rodriguez · Miguel Rodriguez · commit 69d5ef0264dd · 2017-09-11T15:04:07.000+02:00
diff --git a/src/main/java/com/marklogic/appdeployer/ConfigDir.java b/src/main/java/com/marklogic/appdeployer/ConfigDir.java
@@ -9,7 +9,7 @@
 /**
  * Defines all of the directories where configuration files can be found.
  *
- * TODO Eventually turn this into an interface. 
+ * TODO Eventually turn this into an interface.
  */
 public class ConfigDir {
 
@@ -92,6 +92,10 @@ public File getUsersDir() {
 		return new File(getSecurityDir(), "users");
 	}
 
+	public File getProtectedPathsDir() { return new File(getSecurityDir(), "protected-paths"); }
+
+	public File getQueryRoleSetsDir() { return new File(getSecurityDir(), "query-rolesets"); }
+
 	public File getServersDir() {
 		return new File(baseDir, "servers");
 	}
diff --git a/src/main/java/com/marklogic/appdeployer/command/SortOrderConstants.java b/src/main/java/com/marklogic/appdeployer/command/SortOrderConstants.java
@@ -13,6 +13,7 @@ public abstract class SortOrderConstants {
     public static Integer DEPLOY_EXTERNAL_SECURITY = 70;
     public static Integer DEPLOY_PROTECTED_COLLECTIONS = 80;
     public static Integer DEPLOY_MIMETYPES = 90;
+	public static Integer DEPLOY_PROTECTED_PATHS = 95;
 
     public static Integer DEPLOY_TRIGGERS_DATABASE = 100;
     public static Integer DEPLOY_SCHEMAS_DATABASE = 100;
@@ -75,6 +76,8 @@ public abstract class SortOrderConstants {
     // Roles can reference privileges, so must delete roles first
     public static Integer DELETE_ROLES = 9060;
     public static Integer DELETE_PRIVILEGES = 9070;
+    // Protected paths reference roles
+	public static Integer DELETE_PROTECTED_PATHS = 9080;
 
     /*
      * This executes before databases are deleted, as deleting databases normally deletes the primary forests, so we
diff --git a/src/main/java/com/marklogic/appdeployer/command/security/DeployProtectedPathCommand.java b/src/main/java/com/marklogic/appdeployer/command/security/DeployProtectedPathCommand.java
@@ -0,0 +1,28 @@
+package com.marklogic.appdeployer.command.security;
+
+import com.marklogic.appdeployer.command.AbstractResourceCommand;
+import com.marklogic.appdeployer.command.CommandContext;
+import com.marklogic.appdeployer.command.SortOrderConstants;
+import com.marklogic.mgmt.resource.ResourceManager;
+import com.marklogic.mgmt.resource.security.ProtectedPathManager;
+import com.marklogic.mgmt.resource.security.UserManager;
+
+import java.io.File;
+
+public class DeployProtectedPathCommand extends AbstractResourceCommand{
+
+	public DeployProtectedPathCommand() {
+		setExecuteSortOrder(SortOrderConstants.DEPLOY_PROTECTED_PATHS);
+		setUndoSortOrder(SortOrderConstants.DELETE_PROTECTED_PATHS);
+	}
+
+	@Override
+	protected File[] getResourceDirs(CommandContext context) {
+		return new File[] { context.getAppConfig().getConfigDir().getProtectedPathsDir() };
+	}
+
+	@Override
+	protected ResourceManager getResourceManager(CommandContext context) {
+		return new ProtectedPathManager(context.getManageClient());
+	}
+}
diff --git a/src/main/java/com/marklogic/mgmt/resource/security/ProtectedPathManager.java b/src/main/java/com/marklogic/mgmt/resource/security/ProtectedPathManager.java
@@ -0,0 +1,68 @@
+package com.marklogic.mgmt.resource.security;
+
+import com.marklogic.mgmt.ManageClient;
+import com.marklogic.mgmt.resource.AbstractResourceManager;
+import com.marklogic.rest.util.Fragment;
+
+import java.util.List;
+
+public class ProtectedPathManager extends AbstractResourceManager {
+	public ProtectedPathManager(ManageClient client) {
+		super(client);
+	}
+
+	@Override
+	public String getResourcesPath() {
+		return "/manage/v2/protected-paths";
+	}
+
+	@Override
+	protected String getResourceName() {
+		return "protected-path";
+	}
+
+	@Override
+	protected String getIdFieldName() {
+		return "path-expression";
+	}
+
+	@Override
+	public String getPropertiesPath(String resourceNameOrId, String... resourceUrlParams) {
+		return getResourcesPath()  + "/" + getIdForPathExpression(resourceNameOrId) + "/properties";
+	}
+
+	@Override
+	public String getResourcePath(String resourceNameOrId, String... resourceUrlParams) {
+		return getResourcesPath() + "/" + getIdForPathExpression(resourceNameOrId);
+	}
+
+	@Override
+	protected String[] getDeleteResourceParams(String payload) {
+		// We need to unprotect the path before deleting it
+		// Otherwise we'll get a SEC-MUSTUNPROTECTPATH error
+		return new String[]{"force", "true"};
+	}
+
+	@Override
+	public boolean exists(String resourceNameOrId, String... resourceUrlParams) {
+		Fragment f = getAsXml();
+		return f.elementExists(format(
+			"/node()/*[local-name(.) = 'list-items']/node()[*[local-name(.) = 'nameref'] = '%s']",
+			resourceNameOrId));
+	}
+
+	public String getIdForPathExpression(String pathExpression) {
+		Fragment f = getAsXml();
+		String xpath = "/node()/*[local-name(.) = 'list-items']/node()"
+			+ "[*[local-name(.) = 'nameref'] = '%s']/*[local-name(.) = 'idref']";
+		xpath = String.format(xpath, pathExpression);
+		String id = f.getElementValue(xpath);
+		if (id == null) {
+			throw new RuntimeException("Could not find a protected path with a path-expression of: " + pathExpression);
+		}
+		return id;
+	}
+
+	@Override
+	protected boolean useAdminUser() { return true; }
+}
diff --git a/src/test/java/com/marklogic/appdeployer/command/security/ManageProtectedPathsTest.java b/src/test/java/com/marklogic/appdeployer/command/security/ManageProtectedPathsTest.java
@@ -0,0 +1,34 @@
+package com.marklogic.appdeployer.command.security;
+
+import com.marklogic.appdeployer.command.AbstractManageResourceTest;
+import com.marklogic.appdeployer.command.Command;
+import com.marklogic.mgmt.resource.ResourceManager;
+import com.marklogic.mgmt.resource.security.ProtectedPathManager;
+
+public class ManageProtectedPathsTest extends AbstractManageResourceTest {
+	@Override
+	protected ResourceManager newResourceManager() {
+        return new ProtectedPathManager(manageClient);
+	}
+
+	@Override
+	protected Command newCommand() {
+		return new DeployProtectedPathCommand();
+	}
+
+	@Override
+	protected String[] getResourceNames() {
+		return new String[] { "/test:element" };
+	}
+
+	/*
+	@Override
+	protected void afterResourcesCreatedAgain() {
+		try {
+			Thread.sleep(5000);
+		} catch (InterruptedException e) {
+			e.printStackTrace();
+		}
+	}
+	*/
+}
diff --git a/src/test/resources/sample-app/src/main/ml-config/security/protected-paths/path-1.json b/src/test/resources/sample-app/src/main/ml-config/security/protected-paths/path-1.json
@@ -0,0 +1,9 @@
+{
+	"path-expression":"/test:element",
+	"path-namespace":[
+		{"prefix":"test", "namespace-uri":"http://marklogic.com"}
+	],
+	"permission": [
+		{"role-name":"view-admin", "capability":"read"}
+	]
+}

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`	`/**`
`10`	`10`	`* Defines all of the directories where configuration files can be found.`
`11`	`11`	`*`
`12`		`- * TODO Eventually turn this into an interface.`
	`12`	`+ * TODO Eventually turn this into an interface.`
`13`	`13`	`*/`
`14`	`14`	`public class ConfigDir {`
`15`	`15`
`@@ -92,6 +92,10 @@ public File getUsersDir() {`
`92`	`92`	`return new File(getSecurityDir(), "users");`
`93`	`93`	`}`
`94`	`94`
	`95`	`+ public File getProtectedPathsDir() { return new File(getSecurityDir(), "protected-paths"); }`
	`96`	`+`
	`97`	`+ public File getQueryRoleSetsDir() { return new File(getSecurityDir(), "query-rolesets"); }`
	`98`	`+`
`95`	`99`	`public File getServersDir() {`
`96`	`100`	`return new File(baseDir, "servers");`
`97`	`101`	`}`