roleStageDiscovery: added security

used prance to resolve the yaml file (enables file-splitting) added global security definition to swagger.yml added token verification stubs added security jwtRegular to all endpoints

roleStageDiscovery: added security
used prance to resolve the yaml file (enables file-splitting) added global security definition to swagger.yml added token verification stubs added security jwtRegular to all endpoints
52f460c3 · Manuel · 82b4a802 · 52f460c3 · 52f460c3 · 52f460c3
Commit 52f460c3 authored Jul 21, 2020 by Manuel
5 changed files
--- a/src/data-hub/role-stage-discovery-microservice/app/configs/swagger.yml
+++ b/src/data-hub/role-stage-discovery-microservice/app/configs/swagger.yml
@@ -4,6 +4,10 @@ info:
  description: This is the documentation for the role stage discovery microservice.
  version: "1.0.0"
+# Import security definitions from global security definition
+securityDefinitions:
+  $ref: '../../../../modules/security/security.yml#securityDefinitions'
 consumes:
  - "application/json"
 produces:
@@ -26,13 +30,15 @@ paths:
          schema:
            type: object
      responses:
-        200:
+        '200':
          description: "Successful echo of request data"
 #region Layers
  /layers:
    post:
        operationId: "routes.layers.post"
+        security:
+          - JwtRegular: []
        tags:
          - "Layers"
        summary: "Add a new layer [TODO: or overwrite an existing one]"
@@ -44,18 +50,20 @@ paths:
            schema:
                $ref: "#/definitions/Layer-UpperCase"
        responses:
-            201:
+            '201':
                description: "Successful operation"
-            400:
+            '400':
                description: "Invalid input"
    get:
        operationId: "routes.layers.get"
+        security:
+          - JwtRegular: []
        tags:
            - "Layers"
        summary: "Get all layer data"
        parameters: []
        responses:
-            200:
+            '200':
                description: "Successful operation"
                schema:
                    $ref: "#/definitions/LayerCollection"
@@ -63,6 +71,8 @@ paths:
  /layers/{name}:
    get:
        operationId: "routes.layers.get_by_name"
+        security:
+          - JwtRegular: []
        tags:
            - "Layers"
        summary: "Get single layer data"
@@ -73,16 +83,18 @@ paths:
            required: true
            type: "string"
        responses:
-            200:
+            '200':
                description: "Successful operation"
                schema: 
                    $ref: "#/definitions/Layer"
-            404:
+            '404':
                description: "Layer not found"
  /layers/{name}/nodes:
    get:
        operationId: "routes.layers.get_nodes"
+        security:
+          - JwtRegular: []
        tags:
            - "Layers"
        summary: "Get all individual nodes for the layer"
@@ -93,14 +105,16 @@ paths:
            required: true
            type: "string"
        responses:
-            200:
+            '200':
                description: "Successful operation"
                schema: 
                    $ref: "#/definitions/NodeCollection"
-            404:
+            '404':
                description: "Layer not found"
    post:
        operationId: "routes.layers.post_nodes"
+        security:
+          - JwtRegular: []
        tags:
            - "Layers"
        summary: "Adds a single or multiple nodes to the layer"
@@ -117,14 +131,16 @@ paths:
            schema:
                $ref: "#/definitions/NodeCollection"
        responses:            
-            201:
+            '201':
                description: "Successful operation"
-            400:
+            '400':
                description: "Invalid input"
  /layers/{name}/clusters:
    get:
        operationId: "routes.clustersets.get_by_name"
+        security:
+          - JwtRegular: []
        tags:
            - "Layers"
        summary: "Get all clusters for the layer"
@@ -135,16 +151,18 @@ paths:
            required: true
            type: "string"
        responses:
-            200:
+            '200':
                description: "Successful operation"
                schema: 
                    $ref: "#/definitions/ClusterCollection"
-            404:
+            '404':
                description: "Layer not found"
  /layers/{name}/timeslices:
    get:
        operationId: "routes.timeslices.get_by_name"
+        security:
+          - JwtRegular: []
        tags:
            - "Layers"
        summary: "Get all timeslices for the layer"
@@ -155,11 +173,11 @@ paths:
            required: true
            type: "string"
        responses:
-            200:
+            '200':
                description: "Successful operation"
                schema: 
                    $ref: "#/definitions/TimeSliceCollection"
-            404:
+            '404':
                description: "Layer not found"
 #endregion 
@@ -168,12 +186,14 @@ paths:
  /rfc/run:
    post:
        operationId: "routes.functions.run_agi_clustering_and_graph_creation"
+        security:
+          - JwtRegular: []
        tags:
            - "Remote function calls"
        summary: "Insert locations from AGI, create clusters for starting time and location layers, create graphs for the location clusters"
        parameters: []
        responses:
-            204:
+            '204':
                description: "Successful operation"
 #endregion
@@ -182,12 +202,14 @@ paths:
  /connectedClusters:
    get:
      operationId: "routes.connClusters.get_conn_clusters"
+      security:
+        - JwtRegular: []
      tags:
          - "Connected"
      summary: "Get connected Clusters data"
      description: "Returns a dictionary of cluster. The clusters contain the associated connected clusters and connected nodes data."
      responses:
-        200:
+        '200':
          description: "Successful operation"
          schema:
            $ref: "#/definitions/ConnectedDict"
@@ -195,6 +217,8 @@ paths:
  /clusterSimilarity:
    get:
      operationId: "routes.similarity.get_similarity"
+      security:
+        - JwtRegular: []
      tags:
          - "Similarity"
      summary: "Get data of the similarity between clusters."
@@ -212,7 +236,7 @@ paths:
      description: "Data is returned in batches of size 1000. Returns a dictionary where the key is a tuple of cluster_labels (i.e. [0,319]) and the value is the computed similarity between 2 clusters in the tuple, in regard to each layer in the input. \n Note: the tuple clusters have the same layer and the computed similarity is in regard to clusters from OTHER layers."
      responses:
-        200:
+        '200':
          description: "Successful operation"
          schema:
            $ref: "#/definitions/ClusterSimilarityArray"
@@ -220,12 +244,14 @@ paths:
  /clusterRunArray:
    get:
      operationId: "routes.connRun.get_connected_run"
+      security:
+        - JwtRegular: []
      tags:
          - "RunId"
      summary: "Get RunId"
      description: "Returns the RunId and the associated datetime when a connection of clusters/simillarity of clusters was computed."
      responses:
-        200:
+        '200':
          description: "Successful operation"
          schema:
            $ref: "#/definitions/ClusterRunArray"

--- a/src/data-hub/role-stage-discovery-microservice/app/main.py
+++ b/src/data-hub/role-stage-discovery-microservice/app/main.py
@@ -13,10 +13,13 @@ LOGGER = logging.getLogger(__name__)
 #############################
 import connexion
+from security import swagger_util
+from pathlib import Path
 # load swagger config 
 app = connexion.App(__name__, specification_dir='configs/')
-app.add_api('swagger.yml')
+app.add_api(swagger_util.get_bundled_specs(Path("configs/swagger.yml")),
+            resolver = connexion.RestyResolver("cms_rest_api"))
 @app.route('/', methods=['GET'])
 def api_root():

--- a/src/data-hub/role-stage-discovery-microservice/app/requirements.txt
+++ b/src/data-hub/role-stage-discovery-microservice/app/requirements.txt
@@ -27,6 +27,7 @@ mccabe==0.6.1
 networkx==2.4
 numpy==1.18.1
 openapi-spec-validator==0.2.8
+prance==0.19.0
 pycodestyle==2.5.0
 pylint==2.4.4
 pymongo==3.10.1

--- a/src/data-hub/role-stage-discovery-microservice/app/services/token_service.py
+++ b/src/data-hub/role-stage-discovery-microservice/app/services/token_service.py
+def verifyTokenRegular(token, required_scopes):
+    # TODO call restGateway to verify the token
+    return {}
+def verifyTokenAdmin(token, required_scopes):
+    # TODO call restGateway to verify the token
+    return {}
--- a/src/modules/security/swagger_util.py
+++ b/src/modules/security/swagger_util.py
+from typing import Dict, Any
+from pathlib import Path
+import prance
+def get_bundled_specs(main_file: Path) -> Dict[str, Any]:
+    '''
+    parses the given swagger.yml file and resolves dependencies
+    from that file to enable the possibility to split the 
+    configuration into several files
+    '''
+    parser = prance.ResolvingParser(str(main_file.absolute()),
+                                    lazy = True, backend = 'openapi-spec-validator')
+    parser.parse()
+    return parser.specification
\ No newline at end of file