Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update fcrepo3-s3-server and s3-url-protocol jars from v0.1 to v0.2 #453

Merged
merged 3 commits into from
Dec 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docker/fedora/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ COPY ./install.properties /opt/install.properties
COPY ./setup-and-start.sh /opt/setup-and-start.sh
COPY ./fedora.delegating-external.fcfg /opt/fedora.delegating-external.fcfg
COPY ./permit-all-s3-resolution.xml /opt/permit-all-s3-resolution.xml
COPY ./deny-unallowed-file-resolution.xml /opt/deny-unallowed-file-resolution.xml

RUN curl -L https://github.com/fcrepo3/fcrepo/releases/download/v3.8.1/fcrepo-installer-3.8.1.jar -o /opt/fcrepo-installer.jar

Expand Down
Binary file not shown.
Binary file removed docker/fedora/cul/s3-url-protocol-0.1.jar
Binary file not shown.
Binary file added docker/fedora/cul/s3-url-protocol-0.2.jar
Binary file not shown.
42 changes: 42 additions & 0 deletions docker/fedora/deny-unallowed-file-resolution.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
PolicyId="deny-file-resolve-if-not-allowed-dir"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
<Description>deny any file datastream resolution if not in FEDORA_HOME/demo/succeed</Description>
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:regexp-string-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^file:/.*$</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:resource:datastream:fileUri"
DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
</ResourceMatch>
</Resource>
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:fedora:names:fedora:2.1:action:id-retrieveFile</AttributeValue>
<ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:fedora:names:fedora:2.1:action:id"/>
</ActionMatch>
</Action>
</Actions>
</Target>
<Rule RuleId="1" Effect="Permit">
<Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:regexp-string-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^file:/opt/fixtures/.*$</AttributeValue>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">s
<ResourceAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:resource:datastream:fileUri"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
</Apply>
</Condition>
</Rule>
<Rule RuleId="2" Effect="Deny">
</Rule>
</Policy>
23 changes: 11 additions & 12 deletions docker/fedora/permit-all-s3-resolution.xml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,13 @@
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:regexp-string-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^s3://.*$</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:resource:datastream:fileUri"
DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
</ResourceMatch>
</Resource>
</Resources>
<Actions>
<Action>
Expand All @@ -20,21 +26,14 @@
</Action>
</Actions>
</Target>
<Rule RuleId="1" Effect="Permit">
<Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:regexp-string-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^s3://.*$</AttributeValue>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<ResourceAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:resource:datastream:fileUri"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
</Apply>
<Rule RuleId="1" Effect="Deny">
<Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">administrator</AttributeValue>
<SubjectAttributeDesignator AttributeId="fedoraRole" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
</Condition>
</Rule>
<Rule RuleId="2" Effect="Deny">
<Rule RuleId="2" Effect="Permit">
</Rule>
</Policy>
</Policy>
69 changes: 48 additions & 21 deletions docker/fedora/setup-and-start.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,27 +5,54 @@
if [ ! -f /opt/fedora/tomcat/bin/catalina.sh ]; then
java -jar /opt/fcrepo-installer.jar /opt/install.properties
echo 'Done running installer jar...'
fi

echo "Manually unpacking WAR to override libraries"
mkdir -p /opt/fedora/webapp-tmp/fedora
mv /opt/fedora/tomcat/webapps/fedora.war /opt/fedora/webapp-tmp/fedora/
cd /opt/fedora/webapp-tmp/fedora
jar -xvf fedora.war
cd /opt
mv /opt/fedora/webapp-tmp/fedora /opt/fedora/tomcat/webapps/

rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpclient-4*.jar
rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpcore-4*.jar
rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpclient-4*.jar
cp /opt/jars/apache-http/*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/s3-url-protocol-*.jar
cp /opt/jars/cul/s3-url-protocol-0.1.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
cp /opt/jars/awssdk/*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/fcrepo3-s3-server-*.jar
cp /opt/jars/cul/fcrepo3-s3-server-0.1.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
echo "Done overriding Fedora 3 libraries; setting new FCFG config"
cp /opt/fedora.delegating-external.fcfg /opt/fedora/server/config/fedora.fcfg
cp /opt/permit-all-s3-resolution.xml /opt/fedora/data/fedora-xacml-policies/repository-policies/default/permit-all-s3-resolution.xml
echo "Manually unpacking WAR to override libraries"
mkdir -p /opt/fedora/webapp-tmp/fedora
mv /opt/fedora/tomcat/webapps/fedora.war /opt/fedora/webapp-tmp/fedora/
cd /opt/fedora/webapp-tmp/fedora
jar -xvf fedora.war
cd /opt
mv /opt/fedora/webapp-tmp/fedora /opt/fedora/tomcat/webapps/

# # Temporarily switch Fedora port 8080 to 8081 so that the CI task process
# # monitoring Fedora startup doesn't think that Fedora is ready yet.
sed -i.bak 's/port="8080"/port="8081"/' /opt/fedora/tomcat/conf/server.xml

# # Start Fedora up for the first time (which sets up various files and directories)
/opt/fedora/tomcat/bin/catalina.sh start

# # Give Fedora some time to start up (and create various first-time startup files)
sleep 10

# Stop Fedora so that we can apply some overrides
/opt/fedora/tomcat/bin/catalina.sh stop

# Give Fedora some time to stop
sleep 10

# Revert server.xml change so that Fedora will run on port 8080 the next time we start it up.
rm /opt/fedora/tomcat/conf/server.xml
mv /opt/fedora/tomcat/conf/server.xml.bak /opt/fedora/tomcat/conf/server.xml

echo "Overriding Fedora 3 libraries"
rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpclient-4*.jar
rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpcore-4*.jar
rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpclient-4*.jar
cp /opt/jars/apache-http/*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/s3-url-protocol-*.jar
cp /opt/jars/cul/s3-url-protocol-*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
cp /opt/jars/awssdk/*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/fcrepo3-s3-server-*.jar
cp /opt/jars/cul/fcrepo3-s3-server-*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
echo "Done overriding Fedora 3 libraries; setting new FCFG config"
cp /opt/fedora.delegating-external.fcfg /opt/fedora/server/config/fedora.fcfg

# NOTE: The /opt/fedora/data/fedora-xacml-policies/repository-policies/ directory and the default content
# inside of it doesn't exist immediately after Fedora installation. This content is created only after
# Fedora starts up for the first time.
cp /opt/permit-all-s3-resolution.xml /opt/fedora/data/fedora-xacml-policies/repository-policies/default/permit-all-s3-resolution.xml
cp /opt/deny-unallowed-file-resolution.xml /opt/fedora/data/fedora-xacml-policies/repository-policies/default/deny-unallowed-file-resolution.xml
fi

# Start Fedora in the foreground
/opt/fedora/tomcat/bin/catalina.sh run
3 changes: 3 additions & 0 deletions docker/templates/docker-compose.test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ services:
- '9080:8080'
volumes:
- fedora-install-dir:/opt/fedora
- type: bind
source: ../spec/fixtures
target: /opt/fixtures
- type: bind
source: ./fedora/apache-http
target: /opt/jars/apache-http
Expand Down
2 changes: 1 addition & 1 deletion lib/tasks/hyacinth/docker.rake
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ namespace :hyacinth do
expected_port = docker_compose_config['services']['fedora']['ports'][0].split(':')[0]
url_to_check = "http://localhost:#{expected_port}/fedora/describe"
puts "Waiting for Fedora to become available (at #{url_to_check})..."
Timeout.timeout(20, Timeout::Error, 'Timed out during Fedora startup check.') do
Timeout.timeout(60, Timeout::Error, 'Timed out during Fedora startup check.') do
loop do
begin
sleep 0.25
Expand Down
4 changes: 2 additions & 2 deletions spec/features/digital_object_editor_ui_spec.rb
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
require 'rails_helper'

describe "Digital Object Editor UI" do

before(:each) do
feature_spec_sign_in_admin_user
wait_for_ajax
end

it "can create a new Digital Object", :js => true do
expect(page).to have_content 'New Digital Object'

end
end
40 changes: 40 additions & 0 deletions spec/integration/fedora_read_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
require 'rails_helper'

describe "Fedora content ds read tests" do
describe "creating an Asset and attempting to download the bytes directly from Fedora" do
let(:pid) { 'sample:123' }
let(:docker_mounted_fixture_file_location) { '/opt/fixtures/files/lincoln.jpg' }

it "works" do
generic_resource = GenericResource.new(pid: pid)
content_ds = generic_resource.create_datastream(
ActiveFedora::Datastream,
'content',
controlGroup: 'E',
mimeType: BestType.mime_type.for_file_name(docker_mounted_fixture_file_location),
dsLabel: File.basename(docker_mounted_fixture_file_location),
versionable: true
)
content_ds.dsLocation = "file://#{docker_mounted_fixture_file_location}"
generic_resource.add_datastream(content_ds)

generic_resource.save

expect(generic_resource.datastreams['content'].dsLocation).to eq("file://#{docker_mounted_fixture_file_location}")
expect(generic_resource.datastreams['content'].content.length).to be_positive
end

# Uncomment this "test" when debugging Fedora errors:
# it "reads the fedora log to find out what went wrong", focus: true do
# puts 'reading fedora log now...'
# sleep 20
# puts `docker container list`
# fedora_container_id = `docker container list | grep fedora | awk '{print $1}'`.strip
# puts "fedora_container_id: #{fedora_container_id}"
# puts `docker exec #{fedora_container_id} ls -la /opt/fedora/server/logs/fedora.log`
# fedora_log_content = `docker exec #{fedora_container_id} cat /opt/fedora/server/logs/fedora.log`
# puts "fedora_log_content: #{fedora_log_content}"
# expect(fedora_log_content).to eq('')
# end
end
end