Merge branch 'main' into deleteCredentialService

client/java-armeria-legacy/src/main/java/com/linecorp/centraldogma/client/armeria/legacy/LegacyCentralDogma.java

@@ -513,7 +513,7 @@ public CompletableFuture<Void> whenEndpointReady() {
     }
 
     private static void validateProjectName(String projectName) {
-        Util.validateProjectName(projectName, "projectName");
+        Util.validateProjectName(projectName, "projectName", false);
     }
 
     private static void validateProjectAndRepositoryName(String projectName, String repositoryName) {

client/java-armeria-xds/src/test/java/com/linecorp/centraldogma/client/armeria/xds/AuthUpstreamTest.java

@@ -26,17 +26,20 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 
+import com.linecorp.armeria.client.WebClient;
 import com.linecorp.armeria.common.auth.OAuth2Token;
 import com.linecorp.armeria.server.ServerBuilder;
 import com.linecorp.armeria.server.auth.AuthService;
 import com.linecorp.armeria.server.auth.Authorizer;
 import com.linecorp.armeria.server.grpc.GrpcService;
 import com.linecorp.armeria.testing.junit5.server.ServerExtension;
 import com.linecorp.centraldogma.client.CentralDogma;
+import com.linecorp.centraldogma.client.armeria.ArmeriaCentralDogmaBuilder;
 import com.linecorp.centraldogma.common.Change;
 import com.linecorp.centraldogma.common.Entry;
 import com.linecorp.centraldogma.common.Query;
@@ -66,6 +69,18 @@ protected void configure(CentralDogmaBuilder builder) {
             builder.authProviderFactory(new TestAuthProviderFactory());
         }
 
+        @Override
+        protected void configureClient(ArmeriaCentralDogmaBuilder builder) {
+            try {
+                final String accessToken = getAccessToken(
+                        WebClient.of("http://127.0.0.1:" + dogma.serverAddress().getPort()),
+                        TestAuthMessageUtil.USERNAME, TestAuthMessageUtil.PASSWORD);
+                builder.accessToken(accessToken);
+            } catch (JsonProcessingException e) {
+                throw new RuntimeException(e);
+            }
+        }
+
         @Override
         protected void scaffold(CentralDogma client) {
             client.createProject("foo").join();

client/java-armeria/src/main/java/com/linecorp/centraldogma/internal/client/armeria/ArmeriaCentralDogma.java

@@ -91,6 +91,7 @@
 import com.linecorp.centraldogma.common.MergedEntry;
 import com.linecorp.centraldogma.common.MirrorException;
 import com.linecorp.centraldogma.common.PathPattern;
+import com.linecorp.centraldogma.common.PermissionException;
 import com.linecorp.centraldogma.common.ProjectExistsException;
 import com.linecorp.centraldogma.common.ProjectNotFoundException;
 import com.linecorp.centraldogma.common.PushResult;
@@ -135,6 +136,7 @@ public final class ArmeriaCentralDogma extends AbstractCentralDogma {
                         .put(InvalidPushException.class.getName(), InvalidPushException::new)
                         .put(ReadOnlyException.class.getName(), ReadOnlyException::new)
                         .put(MirrorException.class.getName(), MirrorException::new)
+                        .put(PermissionException.class.getName(), PermissionException::new)
                         .build();
 
     private final WebClient client;
@@ -904,7 +906,9 @@ private <T> CompletableFuture<T> watch(Revision lastKnownRevision, long timeoutM
     }
 
     private static void validateProjectName(String projectName) {
-        Util.validateProjectName(projectName, "projectName");
+        // We don't know if the token has the permission to access internal projects.
+        // The server will reject the request if the token does not have the permission.
+        Util.validateProjectName(projectName, "projectName", true);
     }
 
     private static void validateProjectAndRepositoryName(String projectName, String repositoryName) {

common/src/main/java/com/linecorp/centraldogma/common/PermissionException.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2024 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.centraldogma.common;
+
+/**
+ * A {@link CentralDogmaException} that is raised when a client does not have the required permission
+ * for an operation.
+ */
+public final class PermissionException extends CentralDogmaException {
+    private static final long serialVersionUID = -1034292242865864558L;
+
+    /**
+     * Creates a new instance.
+     */
+    public PermissionException() {}
+
+    /**
+     * Creates a new instance.
+     */
+    public PermissionException(String message) {
+        super(message);
+    }
+
+    /**
+     * Creates a new instance.
+     */
+    public PermissionException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    /**
+     * Creates a new instance.
+     */
+    public PermissionException(Throwable cause) {
+        super(cause);
+    }
+}

common/src/main/java/com/linecorp/centraldogma/common/ProjectRole.java

@@ -29,8 +29,7 @@
 public enum ProjectRole {
     OWNER,
     MEMBER,
-    GUEST,
-    ANONYMOUS;
+    GUEST;
 
     /**
      * Returns a {@link ProjectRole} matched with the specified {@code str}.

common/src/main/java/com/linecorp/centraldogma/internal/Util.java

@@ -156,14 +156,29 @@ public static boolean isValidPathPattern(String pathPattern) {
         return PATH_PATTERN_PATTERN.matcher(pathPattern).matches();
     }
 
-    public static String validateProjectName(String projectName, String paramName) {
+    public static String validateProjectName(String projectName, String paramName, boolean allowInternal) {
         requireNonNull(projectName, paramName);
-        checkArgument(isValidProjectName(projectName),
-                      "%s: %s (expected: %s)", paramName, projectName,
-                      USER_INPUT_PROJECT_AND_REPO_NAME_PATTERN);
+        if (allowInternal) {
+            checkArgument(isValidProjectName(projectName, true),
+                          "%s: %s (expected: %s)", paramName, projectName,
+                          PROJECT_AND_REPO_NAME_PATTERN);
+        } else {
+            checkArgument(isValidProjectName(projectName, false),
+                          "%s: %s (expected: %s)", paramName, projectName,
+                          USER_INPUT_PROJECT_AND_REPO_NAME_PATTERN);
+        }
         return projectName;
     }
 
+    public static boolean isValidProjectName(String projectName, boolean allowInternal) {
+        requireNonNull(projectName, "projectName");
+        if (allowInternal) {
+            return PROJECT_AND_REPO_NAME_PATTERN.matcher(projectName).matches();
+        } else {
+            return USER_INPUT_PROJECT_AND_REPO_NAME_PATTERN.matcher(projectName).matches();
+        }
+    }
+
     public static boolean isValidProjectName(String projectName) {
         requireNonNull(projectName, "projectName");
         return USER_INPUT_PROJECT_AND_REPO_NAME_PATTERN.matcher(projectName).matches();

common/src/main/java/com/linecorp/centraldogma/internal/api/v1/CreateProjectRequest.java

@@ -40,7 +40,7 @@ public class CreateProjectRequest {
     public CreateProjectRequest(@JsonProperty("name") String name,
                                 @JsonProperty("owners") @Nullable Set<String> owners,
                                 @JsonProperty("members") @Nullable Set<String> members) {
-        this.name = validateProjectName(name, "name");
+        this.name = validateProjectName(name, "name", false);
         this.owners = owners != null ? ImmutableSet.copyOf(owners) : ImmutableSet.of();
         this.members = members != null ? ImmutableSet.copyOf(members) : ImmutableSet.of();
     }

dependencies.toml

@@ -42,6 +42,8 @@ jgit = "5.13.3.202401111512-r"
 jgit6 = "6.10.0.202406032230-r"
 junit4 = "4.13.2"
 junit5 = "5.11.0"
+# Don't upgrade junit-pioneer to 2.x.x that requires Java 11
+junit-pioneer = "1.9.1"
 jsch = "0.1.55"
 # Don't update `json-path` version
 json-path = "2.2.0"
@@ -299,6 +301,10 @@ module = "org.junit.platform:junit-platform-commons"
 [libraries.junit5-platform-launcher]
 module = "org.junit.platform:junit-platform-launcher"
 
+[libraries.junit-pioneer]
+module = "org.junit-pioneer:junit-pioneer"
+version.ref = "junit-pioneer"
+
 [libraries.kubernetes-client-api]
 module = "io.fabric8:kubernetes-client-api"
 version.ref = "kubernetes-client"

dist/build.gradle

@@ -35,6 +35,8 @@ dependencies {
     implementation project(':server-auth:shiro')
     implementation project(':server-mirror-git')
     implementation project(':xds')
+    // Add the optionalImplementation in the server module to copy the JAR into the distribution directory.
+    runtimeOnly libs.jcommander
 
     // Logging
     runtimeOnly libs.logback12

it/mirror/src/test/java/com/linecorp/centraldogma/it/mirror/git/MirrorRunnerTest.java

@@ -27,6 +27,7 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.google.common.io.Resources;
 
 import com.linecorp.armeria.client.BlockingWebClient;
@@ -35,6 +36,7 @@
 import com.linecorp.armeria.common.ResponseEntity;
 import com.linecorp.armeria.common.auth.AuthToken;
 import com.linecorp.centraldogma.client.CentralDogma;
+import com.linecorp.centraldogma.client.armeria.ArmeriaCentralDogmaBuilder;
 import com.linecorp.centraldogma.internal.api.v1.MirrorDto;
 import com.linecorp.centraldogma.internal.api.v1.PushResultDto;
 import com.linecorp.centraldogma.server.CentralDogmaBuilder;
@@ -60,6 +62,18 @@ protected void configure(CentralDogmaBuilder builder) {
             builder.administrators(USERNAME);
         }
 
+        @Override
+        protected void configureClient(ArmeriaCentralDogmaBuilder builder) {
+            try {
+                final String accessToken = getAccessToken(
+                        WebClient.of("http://127.0.0.1:" + dogma.serverAddress().getPort()),
+                        USERNAME, PASSWORD);
+                builder.accessToken(accessToken);
+            } catch (JsonProcessingException e) {
+                throw new RuntimeException(e);
+            }
+        }
+
         @Override
         protected void scaffold(CentralDogma client) {
             client.createProject(FOO_PROJ).join();

it/server/build.gradle

@@ -4,3 +4,10 @@ dependencies {
 
     testImplementation libs.curator.test
 }
+
+// To use @SetEnvironmentVariable
+if (project.ext.testJavaVersion >= 16) {
+    tasks.withType(Test) {
+        jvmArgs '--add-opens=java.base/java.lang=ALL-UNNAMED', '--add-opens=java.base/java.util=ALL-UNNAMED'
+    }
+}

it/server/src/test/java/com/linecorp/centraldogma/it/ConfigValueConverterTest.java

@@ -18,6 +18,7 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 import org.junit.jupiter.api.Test;
+import org.junitpioneer.jupiter.SetEnvironmentVariable;
 
 import com.linecorp.centraldogma.server.CentralDogmaConfig;
 
@@ -30,4 +31,12 @@ void convert() {
         assertThat(CentralDogmaConfig.convertValue("valid_prefix:value", "property"))
                 .isEqualTo("valid_value");
     }
+
+    @SetEnvironmentVariable(key = "ZONE", value = "ZONE_A")
+    @SetEnvironmentVariable(key = "MY_ZONE", value = "ZONE_B")
+    @Test
+    void environmentVariable() {
+        assertThat(CentralDogmaConfig.convertValue("env:ZONE", "zone")).isEqualTo("ZONE_A");
+        assertThat(CentralDogmaConfig.convertValue("env:MY_ZONE", "zone")).isEqualTo("ZONE_B");
+    }
 }

it/xds-member-permission/build.gradle

@@ -0,0 +1,6 @@
+dependencies {
+    testImplementation(project(':server'))
+    testImplementation(project(":server-auth:shiro"))
+    testImplementation libs.shiro.core
+    testImplementation(project(':xds'))
+}