feat(#3074): Support OAuth login (#3075)

* feat(#3074): Support OAuth login * Fix checkstyle * Fix dependency * Add conditional loading * refactor(#3074): Refactor OAuthConfigurationParser (#3083) * refactor(#3074): Refactor OAuthConfigurationParser * refactor(#3074): Add logging to OAuthConfigurationParser * Add comments --------- Co-authored-by: Philipp Zehnder <[email protected]>
apache · Aug 2, 2024 · 3ef998b · 3ef998b
1 parent 076a89e
commit 3ef998b
Show file tree

Hide file tree

Showing 46 changed files with 1,684 additions and 47 deletions.
diff --git a/streampipes-commons/src/main/java/org/apache/streampipes/commons/constants/Envs.java b/streampipes-commons/src/main/java/org/apache/streampipes/commons/constants/Envs.java
@@ -42,6 +42,8 @@ public enum Envs {
   SP_CLIENT_USER("SP_CLIENT_USER", DefaultEnvValues.INITIAL_CLIENT_USER_DEFAULT),
   SP_CLIENT_SECRET("SP_CLIENT_SECRET", DefaultEnvValues.INITIAL_CLIENT_SECRET_DEFAULT),
   SP_ENCRYPTION_PASSCODE("SP_ENCRYPTION_PASSCODE", DefaultEnvValues.DEFAULT_ENCRYPTION_PASSCODE),
+  SP_OAUTH_ENABLED("SP_OAUTH_ENABLED", "false"),
+  SP_OAUTH_REDIRECT_URI("SP_OAUTH_REDIRECT_URI"),
   SP_DEBUG("SP_DEBUG", "false"),
   SP_MAX_WAIT_TIME_AT_SHUTDOWN("SP_MAX_WAIT_TIME_AT_SHUTDOWN"),
 

diff --git a/...-commons/src/main/java/org/apache/streampipes/commons/environment/DefaultEnvironment.java b/...-commons/src/main/java/org/apache/streampipes/commons/environment/DefaultEnvironment.java
@@ -19,10 +19,14 @@
 package org.apache.streampipes.commons.environment;
 
 import org.apache.streampipes.commons.constants.Envs;
+import org.apache.streampipes.commons.environment.model.OAuthConfiguration;
+import org.apache.streampipes.commons.environment.parser.OAuthConfigurationParser;
 import org.apache.streampipes.commons.environment.variable.BooleanEnvironmentVariable;
 import org.apache.streampipes.commons.environment.variable.IntEnvironmentVariable;
 import org.apache.streampipes.commons.environment.variable.StringEnvironmentVariable;
 
+import java.util.List;
+
 public class DefaultEnvironment implements Environment {
 
   @Override
@@ -174,6 +178,21 @@ public StringEnvironmentVariable getEncryptionPasscode() {
     return new StringEnvironmentVariable(Envs.SP_ENCRYPTION_PASSCODE);
   }
 
+  @Override
+  public BooleanEnvironmentVariable getOAuthEnabled() {
+    return new BooleanEnvironmentVariable(Envs.SP_OAUTH_ENABLED);
+  }
+
+  @Override
+  public StringEnvironmentVariable getOAuthRedirectUri() {
+    return new StringEnvironmentVariable(Envs.SP_OAUTH_REDIRECT_URI);
+  }
+
+  @Override
+  public List<OAuthConfiguration> getOAuthConfigurations() {
+    return new OAuthConfigurationParser().parse(System.getenv());
+  }
+
   @Override
   public StringEnvironmentVariable getKafkaRetentionTimeMs() {
     return new StringEnvironmentVariable(Envs.SP_KAFKA_RETENTION_MS);

diff --git a/...ampipes-commons/src/main/java/org/apache/streampipes/commons/environment/Environment.java b/...ampipes-commons/src/main/java/org/apache/streampipes/commons/environment/Environment.java
@@ -18,10 +18,13 @@
 
 package org.apache.streampipes.commons.environment;
 
+import org.apache.streampipes.commons.environment.model.OAuthConfiguration;
 import org.apache.streampipes.commons.environment.variable.BooleanEnvironmentVariable;
 import org.apache.streampipes.commons.environment.variable.IntEnvironmentVariable;
 import org.apache.streampipes.commons.environment.variable.StringEnvironmentVariable;
 
+import java.util.List;
+
 public interface Environment {
 
   BooleanEnvironmentVariable getSpDebug();
@@ -91,6 +94,12 @@ public interface Environment {
 
   StringEnvironmentVariable getEncryptionPasscode();
 
+  BooleanEnvironmentVariable getOAuthEnabled();
+
+  StringEnvironmentVariable getOAuthRedirectUri();
+
+  List<OAuthConfiguration> getOAuthConfigurations();
+
   // Messaging
   StringEnvironmentVariable getKafkaRetentionTimeMs();
 

diff --git a/...ns/src/main/java/org/apache/streampipes/commons/environment/model/OAuthConfiguration.java b/...ns/src/main/java/org/apache/streampipes/commons/environment/model/OAuthConfiguration.java
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.streampipes.commons.environment.model;
+
+public class OAuthConfiguration {
+
+  private String authorizationUri;
+  private String clientName;
+  private String clientId;
+  private String clientSecret;
+  private String fullNameAttributeName;
+  private String issuerUri;
+  private String jwkSetUri;
+  private String registrationId;
+  private String registrationName;
+  private String[] scopes;
+  private String tokenUri;
+  private String userInfoUri;
+  private String emailAttributeName;
+  private String userIdAttributeName;
+
+
+  public String getRegistrationId() {
+    return registrationId;
+  }
+
+  public void setRegistrationId(String registrationId) {
+    this.registrationId = registrationId;
+  }
+
+  public String[] getScopes() {
+    return scopes;
+  }
+
+  public void setScopes(String[] scopes) {
+    this.scopes = scopes;
+  }
+
+  public String getAuthorizationUri() {
+    return authorizationUri;
+  }
+
+  public void setAuthorizationUri(String authorizationUri) {
+    this.authorizationUri = authorizationUri;
+  }
+
+  public String getTokenUri() {
+    return tokenUri;
+  }
+
+  public void setTokenUri(String tokenUri) {
+    this.tokenUri = tokenUri;
+  }
+
+  public String getJwkSetUri() {
+    return jwkSetUri;
+  }
+
+  public void setJwkSetUri(String jwkSetUri) {
+    this.jwkSetUri = jwkSetUri;
+  }
+
+  public String getIssuerUri() {
+    return issuerUri;
+  }
+
+  public void setIssuerUri(String issuerUri) {
+    this.issuerUri = issuerUri;
+  }
+
+  public String getUserInfoUri() {
+    return userInfoUri;
+  }
+
+  public void setUserInfoUri(String userInfoUri) {
+    this.userInfoUri = userInfoUri;
+  }
+
+  public String getClientName() {
+    return clientName;
+  }
+
+  public void setClientName(String clientName) {
+    this.clientName = clientName;
+  }
+
+  public String getClientId() {
+    return clientId;
+  }
+
+  public void setClientId(String clientId) {
+    this.clientId = clientId;
+  }
+
+  public String getClientSecret() {
+    return clientSecret;
+  }
+
+  public void setClientSecret(String clientSecret) {
+    this.clientSecret = clientSecret;
+  }
+
+  public String getEmailAttributeName() {
+    return emailAttributeName;
+  }
+
+  public void setEmailAttributeName(String emailAttributeName) {
+    this.emailAttributeName = emailAttributeName;
+  }
+
+  public String getFullNameAttributeName() {
+    return fullNameAttributeName;
+  }
+
+  public void setFullNameAttributeName(String fullNameAttributeName) {
+    this.fullNameAttributeName = fullNameAttributeName;
+  }
+
+  public String getUserIdAttributeName() {
+    return userIdAttributeName;
+  }
+
+  public void setUserIdAttributeName(String userIdAttributeName) {
+    this.userIdAttributeName = userIdAttributeName;
+  }
+
+  public String getRegistrationName() {
+    return registrationName;
+  }
+
+  public void setRegistrationName(String registrationName) {
+    this.registrationName = registrationName;
+  }
+}
diff --git a/...main/java/org/apache/streampipes/commons/environment/parser/OAuthConfigurationParser.java b/...main/java/org/apache/streampipes/commons/environment/parser/OAuthConfigurationParser.java
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.streampipes.commons.environment.parser;
+
+import org.apache.streampipes.commons.environment.model.OAuthConfiguration;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * The {@code OAuthConfigurationParser} class is responsible for parsing OAuth provider configurations
+ * from environment variables and converting them into a list of {@link OAuthConfiguration} objects.
+ *
+ * <p>This class expects the environment variables to follow a specific naming convention:
+ * {@code SP_OAUTH_{provider}_{settings}}. The parser identifies each provider by its unique
+ * identifier (e.g., "github" or "azure") and maps the settings (such as "CLIENT_ID", "CLIENT_SECRET")
+ * to their corresponding properties in the {@link OAuthConfiguration} object.</p>
+ *
+ * <p>Since environment variables cannot be structured as lists, the configuration for each provider
+ * is derived from prefixed variables. For example, settings for a provider "github" could be
+ * specified as:
+ * <ul>
+ *   <li>SP_OAUTH_GITHUB_CLIENT_ID=example-client-id</li>
+ *   <li>SP_OAUTH_GITHUB_CLIENT_SECRET=example-client-secret</li>
+ *   <li>...</li>
+ * </ul>
+ * The parser then groups these settings into a {@link OAuthConfiguration} object for "github".</p>
+ */
+public class OAuthConfigurationParser {
+
+  private static final Logger LOG = LoggerFactory.getLogger(OAuthConfigurationParser.class);
+
+
+  private static final String OAUTH_PREFIX = "SP_OAUTH_PROVIDER";
+
+  public List<OAuthConfiguration> parse(Map<String, String> env) {
+    Map<String, OAuthConfiguration> oAuthConfigurationsMap = new HashMap<>();
+
+
+    env.forEach((key, value) -> {
+      if (key.startsWith(OAUTH_PREFIX)) {
+        parseEnvironmentVariable(key, value, oAuthConfigurationsMap);
+      }
+    });
+
+    return new ArrayList<>(oAuthConfigurationsMap.values());
+  }
+
+  private void parseEnvironmentVariable(
+      String key,
+      String value,
+      Map<String, OAuthConfiguration> oAuthConfigurationsMap
+  ) {
+    var parts = getParts(key);
+    if (parts.length >= 5) {
+      // containst the identifier of the provider (e.g. azure, github, ...)
+      var registrationId = getRegistrationId(parts);
+      var settingName = getSettingName(parts);
+
+      var oAuthConfiguration = getOrCreateOAuthConfiguration(oAuthConfigurationsMap, registrationId);
+      oAuthConfiguration.setRegistrationId(registrationId);
+
+      switch (settingName) {
+        case "AUTHORIZATION_URI" -> oAuthConfiguration.setAuthorizationUri(value);
+        case "CLIENT_NAME" -> oAuthConfiguration.setClientName(value);
+        case "CLIENT_ID" -> oAuthConfiguration.setClientId(value);
+        case "CLIENT_SECRET" -> oAuthConfiguration.setClientSecret(value);
+        case "FULL_NAME_ATTRIBUTE_NAME" -> oAuthConfiguration.setFullNameAttributeName(value);
+        case "ISSUER_URI" -> oAuthConfiguration.setIssuerUri(value);
+        case "JWK_SET_URI" -> oAuthConfiguration.setJwkSetUri(value);
+        case "SCOPES" -> oAuthConfiguration.setScopes(value.split(","));
+        case "TOKEN_URI" -> oAuthConfiguration.setTokenUri(value);
+        case "USER_INFO_URI" -> oAuthConfiguration.setUserInfoUri(value);
+        case "EMAIL_ATTRIBUTE_NAME" -> oAuthConfiguration.setEmailAttributeName(value);
+        case "USER_ID_ATTRIBUTE_NAME" -> oAuthConfiguration.setUserIdAttributeName(value);
+        case "NAME" -> oAuthConfiguration.setRegistrationName(value);
+        default -> LOG.warn(
+            "Unknown setting {} for oauth configuration in environment variable {}",
+            settingName,
+            key
+        );
+      }
+    } else {
+      LOG.warn("Invalid environment variable for oauth configuration: {}", key);
+    }
+  }
+
+  private static String[] getParts(String key) {
+    return key.split("_");
+  }
+
+  private static String getSettingName(String[] parts) {
+    return String.join("_", Arrays.copyOfRange(parts, 4, parts.length));
+  }
+
+  private static String getRegistrationId(String[] parts) {
+    return parts[3].toLowerCase();
+  }
+
+  /**
+   * Retrieves an existing OAuthConfiguration for the given providerId or creates a new one if it does not exist.
+   *
+   * @param oAuthConfigurationsMap The map containing existing OAuthConfiguration objects.
+   * @param registrationId         The identifier of the OAuth provider.
+   * @return The existing or newly created OAuthConfiguration for the given providerId.
+   */
+  private OAuthConfiguration getOrCreateOAuthConfiguration(
+      Map<String, OAuthConfiguration> oAuthConfigurationsMap,
+      String registrationId
+  ) {
+    var oAuthConfiguration = oAuthConfigurationsMap.computeIfAbsent(registrationId, k -> new OAuthConfiguration());
+    oAuthConfiguration.setRegistrationId(registrationId);
+    return oAuthConfiguration;
+  }
+}