Add RBAC on delete twin graph endpoint

Author: jreynard-code

doc/Apis/TwingraphApi.md

@@ -4,14 +4,14 @@ All URIs are relative to *https://dev.api.cosmotech.com*
 
 Method | HTTP request | Description
 ------------- | ------------- | -------------
-[**delete**](TwingraphApi.md#delete) | **DELETE** /delete/{graphId} | 
+[**delete**](TwingraphApi.md#delete) | **DELETE** /organizations/{organization_id}/delete/{graphId} | 
 [**importGraph**](TwingraphApi.md#importGraph) | **POST** /organizations/{organization_id}/import | 
 [**query**](TwingraphApi.md#query) | **POST** /organizations/{organization_id}/query | 
 
 
 <a name="delete"></a>
 # **delete**
-> delete(graphId)
+> delete(organization\_id, graphId)
 
 
 
@@ -21,6 +21,7 @@ Method | HTTP request | Description
 
 Name | Type | Description  | Notes
 ------------- | ------------- | ------------- | -------------
+ **organization\_id** | **String**| the Organization identifier | [default to null]
  **graphId** | **String**| the Graph Identifier | [default to null]
 
 ### Return type

doc/README.md

@@ -88,7 +88,7 @@ Class | Method | HTTP request | Description
 *SolutionApi* | [**updateSolution**](Apis/SolutionApi.md#updatesolution) | **PATCH** /organizations/{organization_id}/solutions/{solution_id} | Update a solution
 *SolutionApi* | [**updateSolutionRunTemplate**](Apis/SolutionApi.md#updatesolutionruntemplate) | **PATCH** /organizations/{organization_id}/solutions/{solution_id}/runTemplates/{run_template_id} | Update the specified Solution Run Template
 *SolutionApi* | [**uploadRunTemplateHandler**](Apis/SolutionApi.md#uploadruntemplatehandler) | **POST** /organizations/{organization_id}/solutions/{solution_id}/runtemplates/{run_template_id}/handlers/{handler_id}/upload | Upload a Run Template step handler zip file
-*TwingraphApi* | [**delete**](Apis/TwingraphApi.md#delete) | **DELETE** /delete/{graphId} | Launch a mass delete job
+*TwingraphApi* | [**delete**](Apis/TwingraphApi.md#delete) | **DELETE** /organizations/{organization_id}/delete/{graphId} | Launch a mass delete job
 *TwingraphApi* | [**importGraph**](Apis/TwingraphApi.md#importgraph) | **POST** /organizations/{organization_id}/import | Import a new version of a twin graph
 *TwingraphApi* | [**query**](Apis/TwingraphApi.md#query) | **POST** /organizations/{organization_id}/query | Run a query on a graph instance
 *UserApi* | [**authorizeUser**](Apis/UserApi.md#authorizeuser) | **GET** /oauth2/authorize | Authorize an User with OAuth2. Delegated to configured OAuth2 service

scenariorun/src/main/kotlin/com/cosmotech/scenariorun/ContainerFactory.kt

@@ -276,7 +276,7 @@ internal class ContainerFactory(
 
     var defaultSizing = BASIC_SIZING
 
-    if (nodeLabel != null) {
+    if (!nodeLabel.isNullOrBlank()) {
       defaultSizing = LABEL_SIZING[nodeLabel] ?: BASIC_SIZING
     }
 
@@ -353,7 +353,7 @@ internal class ContainerFactory(
 
     var defaultSizing = BASIC_SIZING
 
-    if (nodeLabel != null) {
+    if (!nodeLabel.isNullOrBlank()) {
       defaultSizing = LABEL_SIZING[nodeLabel] ?: BASIC_SIZING
     }
 

twingraph/src/main/kotlin/com/cosmotech/twingraph/api/TwingraphServiceImpl.kt

@@ -4,17 +4,15 @@ package com.cosmotech.twingraph.api
 
 import com.cosmotech.api.CsmPhoenixService
 import com.cosmotech.api.events.TwingraphImportEvent
+import com.cosmotech.api.exceptions.CsmResourceNotFoundException
 import com.cosmotech.api.rbac.CsmRbac
 import com.cosmotech.api.rbac.PERMISSION_READ
+import com.cosmotech.api.utils.objectMapper
 import com.cosmotech.organization.api.OrganizationApiService
 import com.cosmotech.organization.azure.getRbac
-import com.cosmotech.api.exceptions.CsmResourceNotFoundException
-import com.cosmotech.api.utils.objectMapper
 import com.cosmotech.twingraph.domain.TwinGraphImport
 import com.cosmotech.twingraph.domain.TwinGraphImportInfo
 import com.cosmotech.twingraph.domain.TwinGraphQuery
-import org.slf4j.Logger
-import org.slf4j.LoggerFactory
 import org.springframework.stereotype.Service
 import redis.clients.jedis.UnifiedJedis
 import redis.clients.jedis.graph.Record
@@ -31,8 +29,6 @@ class TwingraphServiceImpl(
     private val csmRbac: CsmRbac
 ) : CsmPhoenixService(), TwingraphApiService {
 
-  val logger: Logger = LoggerFactory.getLogger(TwingraphServiceImpl::class.java)
-
   override fun importGraph(
       organizationId: String,
       twinGraphImport: TwinGraphImport
@@ -52,8 +48,10 @@ class TwingraphServiceImpl(
     logger.debug("TwingraphImportEventResponse={}", graphImportEvent.response)
     return TwinGraphImportInfo(jobId = requestJobId, graphName = twinGraphImport.graphName)
   }
-
-  override fun delete(graphId: String) {
+  @Suppress("SpreadOperator")
+  override fun delete(organizationId: String, graphId: String) {
+    val organization = organizationService.findOrganizationById(organizationId)
+    csmRbac.verify(organization.getRbac(), PERMISSION_READ)
     val matchingKeys = mutableSetOf<String>()
     var nextCursor = SCAN_POINTER_START
     do {
@@ -62,12 +60,13 @@ class TwingraphServiceImpl(
       matchingKeys.addAll(scanResult.result)
     } while (!nextCursor.equals(SCAN_POINTER_START))
 
-    @Suppress("SpreadOperator") val count = jedis.del(*matchingKeys.toTypedArray())
+    val count = jedis.del(*matchingKeys.toTypedArray())
     logger.debug("$count keys are removed from Twingraph with prefix $graphId")
   }
 
   override fun query(organizationId: String, twinGraphQuery: TwinGraphQuery): String {
-
+    val organization = organizationService.findOrganizationById(organizationId)
+    csmRbac.verify(organization.getRbac(), PERMISSION_READ)
     if (twinGraphQuery.version.isNullOrEmpty()) {
       twinGraphQuery.version = jedis.hget("${twinGraphQuery.graphId}MetaData", "lastVersion")
       if (twinGraphQuery.version.isNullOrEmpty()) {

twingraph/src/main/openapi/twingraph.yaml

@@ -77,8 +77,14 @@ paths:
             application/json:
               schema:
                 type: string
-  /delete/{graphId}:
+  /organizations/{organization_id}/delete/{graphId}:
     parameters:
+      - name: organization_id
+        in: path
+        description: the Organization identifier
+        required: true
+        schema:
+          type: string
       - name: graphId
         in: path
         description: the Graph Identifier