Initial release (#1) (#1)

* Initial release

.github/workflows/ci.yaml

@@ -0,0 +1,51 @@
+name: CI
+
+on: push
+
+jobs:
+  verify:
+    name: Verify Code
+    runs-on: ubuntu-latest
+
+    env:
+      COVERITY: coverity_tool
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Maven Central
+        uses: actions/setup-java@v4
+        with:
+          java-version: 11
+          distribution: 'adopt'
+
+      - name: Cache Local Maven Repository
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+
+      - name: Compile Test and Verify
+        run: mvn --batch-mode clean verify
+
+      - name: Cache Coverity
+        id: cache_coverity
+        uses: actions/cache@v2
+        with:
+          path: ${{ env.COVERITY }}
+          key: coverity
+
+      - name: Download Coverity
+        if: steps.cache_coverity.outputs.cache-hit != 'true'
+        run: |
+          wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=pth_05" -O ${{ env.COVERITY }}.tgz
+          mkdir -p ${{ env.COVERITY }}
+          tar zxvf ${{ env.COVERITY }}.tgz -C ${{ env.COVERITY }} --strip-components 1
+
+      - name: Compile Coverity
+        run: |
+          ${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -DskipTests=true --batch-mode clean compile
+          tar czvf pth_05.tgz cov-int
+
+      - name: Upload to Coverity
+        run: curl --silent --form token=${{ secrets.COVERITY_TOKEN }} --form email=${{ secrets.COVERITY_EMAIL }} --form file=@pth_05.tgz --form version="${GITHUB_REF##*/}" --form description="automated upload" https://scan.coverity.com/builds?project=pth_05

.github/workflows/release.yaml

@@ -0,0 +1,60 @@
+name: Publish
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  upload:
+    name: Upload
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v4
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        server-id: github
+        settings-path: ${{ github.workspace }}
+
+    - name: Build jar
+      run: mvn --batch-mode -Drevision=${{ github.event.release.tag_name }} -Dsha1= -Dchangelist= clean package
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build rpm
+      run: cd rpm/ && mvn --batch-mode -Drevision=${{ github.event.release.tag_name }} -Dsha1= -Dchangelist= -f rpm.pom.xml package
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Attach jar and rpm to release
+      uses: softprops/action-gh-release@v1
+      with:
+        files: |
+          rpm/target/rpm/com.teragrep-pth_05/RPMS/noarch/com.teragrep-pth_05-*.noarch.rpm
+          target/pth_05-jar-with-dependencies.jar
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2.5.0
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v2.1.0
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Lowercase repository name
+      run: echo "REPO_LC=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
+
+    - name: 'Build Image'
+      run: |
+        docker buildx build --output type=docker --tag ghcr.io/${{ env.REPO_LC }}:${{ github.event.release.tag_name }} --tag ghcr.io/${{ env.REPO_LC }}:latest .
+        docker push ghcr.io/${{ env.REPO_LC }} --all-tags

.gitignore

@@ -0,0 +1,3 @@
+/target/
+.idea
+rpm/target/

README.adoc

@@ -1,47 +1,114 @@
-// Before publishing your new repository:
-// 1. Write the readme file
-// 2. Update the issues link in Contributing section in the readme file
-// 3. Update the discussion link in config.yml file in .github/ISSUE_TEMPLATE directory
+= pth_05
 
-# repo-template
+== Functionality
 
-// Add a short description of your project. Tell what your project does and what it's used for. 
+pth_05 receives requests for OBJ-01 access via S3 protocol.
+Requests are authenticated using credentials.json gathered by tool provided in the HDP-01 package.
+Requested object path is then processed to determine host and tag parts of the object.
+Host and tag is used to resolve index by searching the CFE-12 lookup files.
+Request proceeds to authorization stage if index is found from the lookups.
+Requests are authorized using authorize.json (generated by pth_05 provided generate_index_mapping.py tool) which contains index to unix group mappings.
+Intersection is calculated by using the two sets of groups, one which are member of the index and the other which the identity is member of.
+Request is accepted if any groups intersect within the two sets.
 
-This is a template repository for Teragrep organization. 
+== Usage
+pth_05 is a micro-service which can be deployed via RPM or a container. Only RPM
+instructions are provided currently. However the Dockerfile shows what is to be
+configured in order to get the container up and running as well.
 
-## Features
+=== Installation
+pth_05 can be installed via the rpm package as follows:
+[source,bash]
+----
+yum install pth_05.rpm
+----
 
-// List your project's features 
+=== Configuration
 
-## Documentation
+==== Data files
+pth_05 requires following data available:
 
-See the official documentation on https://docs.teragrep.com[docs.teragrep.com].
+* lookup-files
+* authorize.json
+* credentials.json
 
-## Limitations
+Lookup-files are sourced from CFE-12. Authorize.json-file can be generated with
+the provided generate_index_mapping.py which ingests CFE-04 related
+authorize.conf format. Credentials.json-file is produced by HDP-01 version 1.2.0
+or greater.
 
-// If your project has limitations, please list them. Otherwise remove this section. 
+All of the files can be hand crafted and examples are provided within the RPM.
 
-## How to [compile/use/implement]
+==== Execution
 
-// add instructions how people can start to use your project 
+Properties file configures the execution of pth_05 and is located at path:
+/opt/teragrep/pth_05/etc/pth_05.properties
 
-## Contributing
+[source,properties]
+----
+pth_05.endpoint=http://127.0.0.1:8080
+pth_05.credentials.file=/opt/teragrep/pth_05/etc/credentials.json
+pth_05.authorize.file=/opt/teragrep/pth_05/etc/authorize.json
+pth_05.lookup.path=/opt/teragrep/pth_05/etc/lookup
+jclouds.provider=s3
+jclouds.identity=xxxxxxxxxxxxxxxxxxxx
+jclouds.credential=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+jclouds.endpoint=https://s3.domain.tld
+----
+Information about the variables
 
-// Change the repository name in the issues link to match with your project's name
+pth_05 specific:
 
-You can involve yourself with our project by https://github.com/teragrep/repo-template/issues/new/choose[opening an issue] or submitting a pull request. 
+* pth_05.endpoint configures the address which the pth_05 listens at.
+* pth_05.credentials.file is a path to the credentials.json-file.
+* pth_05.authorize.file is a path to the authorize.json-file.
+* pth_05.lookup.path is a path to the lookup directory.
 
-Contribution requirements:
+JClouds common:
 
-. *All changes must be accompanied by a new or changed test.* If you think testing is not required in your pull request, include a sufficient explanation as why you think so.
-. Security checks must pass
-. Pull requests must align with the principles and http://www.extremeprogramming.org/values.html[values] of extreme programming.
-. Pull requests must follow the principles of Object Thinking and Elegant Objects (EO).
+* jclouds.provider configures which type of a service is proxied to. Use "s3".
+* jclouds.identity configures the identity to the proxied target.
+* jclouds.credential configures the credential to the proxied target.
+* jclouds.endpoint configures the location to the proxied target.
 
-Read more in our https://github.com/teragrep/teragrep/blob/main/contributing.adoc[Contributing Guideline].
+==== Memory settings
 
-### Contributor License Agreement
+Run `systemctl edit --full pth_05` to edit the memory settings. Currently the default values are:
 
-Contributors must sign https://github.com/teragrep/teragrep/blob/main/cla.adoc[Teragrep Contributor License Agreement] before a pull request is accepted to organization's repositories. 
+`-Xms512m`
 
-You need to submit the CLA only once. After submitting the CLA you can contribute to all Teragrep's repositories. 
+`-Xmx1024m`
+
+==== JMX
+
+Run `systemctl edit --full pth_05` and add the following to enable JMX:
+
+[systemctl edit --full pth_05]
+----
+    -Dcom.sun.management.jmxremote \
+    -Dcom.sun.management.jmxremote.port=9996 \
+    -Dcom.sun.management.jmxremote.authenticate=false \
+    -Dcom.sun.management.jmxremote.ssl=false \
+----
+
+==== Logging
+
+pth_05 uses Logback to configure logging. Log configuration is at path:
+/opt/teragrep/pth_05/etc/logback.xml
+
+=== Running
+pth_05 is shipped with systemd service descriptor file and therefore is
+available as a systemd-unit.
+[source,bash]
+----
+systemctl enable pth_05.service
+systemctl start pth_05.service
+----
+
+=== Adding extra jars to classpath
+Simply drop extra jars that might be required by logback configuration to `/opt/teragrep/pth_05/share/`
+
+== Build Artifacts
+JAR
+RPM
+Container

docker/Dockerfile

@@ -0,0 +1,22 @@
+FROM centos:7
+
+RUN yum -y install java-11-openjdk \
+    && yum clean all
+
+COPY docker/target/pth_05.rpm /
+RUN yum install -y /pth_05.rpm
+
+ENV PTH_05_ENDPOINT="http://0.0.0.0:8080"
+ENV PTH_05_CREDENTIALS_FILE="/opt/teragrep/pth_05/etc/credentials.json"
+ENV PTH_05_AUTHORIZE_FILE="/opt/teragrep/pth_05/etc/authorize.json"
+ENV PTH_05_LOOKUP_PATH="/opt/teragrep/pth_05/etc/lookup"
+
+ENV PTH_05_PROVIDER="s3"
+ENV PTH_05_PROVIDER_IDENTITY="default-identity"
+ENV PTH_05_PROVIDER_CREDENTIAL="default-credential"
+ENV PTH_05_PROVIDER_ENDPOINT="https://s3.default.tld:443"
+
+COPY docker/docker-entrypoint.sh /docker-entrypoint.sh
+RUN chmod +x /docker-entrypoint.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]

docker/docker-entrypoint.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# S3 Authorization enabled object gateway service pth_05
+# Copyright (C) 2021  Suomen Kanuuna Oy
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://github.com/teragrep/teragrep/blob/main/LICENSE>.
+#
+#
+# Additional permission under GNU Affero General Public License version 3
+# section 7
+#
+# If you modify this Program, or any covered work, by linking or combining it
+# with other code, such other code is not for that reason alone subject to any
+# of the requirements of the GNU Affero GPL version 3 as long as this Program
+# is the same Program as licensed from Suomen Kanuuna Oy without any additional
+# modifications.
+#
+# Supplemented terms under GNU Affero General Public License version 3
+# section 7
+#
+# Origin of the software must be attributed to Suomen Kanuuna Oy. Any modified
+# versions must be marked as "Modified version of" The Program.
+#
+# Names of the licensors and authors may not be used for publicity purposes.
+#
+# No rights are granted for use of trade names, trademarks, or service marks
+# which are in The Program if any.
+#
+# Licensee must indemnify licensors and authors for any liability that these
+# contractual assumptions impose on licensors and authors.
+#
+# To the extent this program is licensed as part of the Commercial versions of
+# Teragrep, the applicable Commercial License may apply to this file if you as
+# a licensee so wish it.
+
+java $JAVA_OPTIONS \
+     -Dlogback.configurationFile=/opt/teragrep/pth_05/etc/logback.xml \
+     -Dpth_05.endpoint=${PTH_05_ENDPOINT} \
+     -Dpth_05.credentials.file=${PTH_05_CREDENTIALS_FILE} \
+     -Dpth_05.authorize.file=${PTH_05_AUTHORIZE_FILE} \
+     -Dpth_05.lookup.path=${PTH_05_LOOKUP_PATH} \
+     -Djclouds.provider=${PTH_05_PROVIDER} \
+     -Djclouds.identity=${PTH_05_PROVIDER_IDENTITY} \
+     -Djclouds.credential=${PTH_05_PROVIDER_CREDENTIAL} \
+     -Djclouds.endpoint=${PTH_05_PROVIDER_ENDPOINT} \
+     -jar /opt/teragrep/pth_05/share/pth_05-jar-with-dependencies.jar