Merge pull request #197 from oracle/release_2020-02-25

Releasing version 1.13.1

Author: Nakshatra Sharma

CHANGELOG.md

@@ -3,6 +3,14 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
+## 1.13.1 - 2020-02-25
+### Added
+- Support for restarting autonomous databases in the Database service
+- Support for private endpoints on autonomous databases in the Database service
+- Support for IP-based policies in the Identity service
+- Support for management of OAuth 2.0 client credentials in the Identity service
+- Support for OCI Functions as a subscription protocol in the Notifications service
+
 ## 1.13.0 - 2020-02-18
 ### Added
 - Support for the NoSQL Database service

bmc-addons/bmc-apache-connector-provider/pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.oracle.oci.sdk</groupId>
     <artifactId>oci-java-sdk-addons</artifactId>
-    <version>1.13.0</version>
+    <version>1.13.1</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
@@ -43,7 +43,7 @@
     <dependency>
       <groupId>com.oracle.oci.sdk</groupId>
       <artifactId>oci-java-sdk-common</artifactId>
-      <version>1.13.0</version>
+      <version>1.13.1</version>
     </dependency>
 
     <!-- Explicitly pull in this version of httpclient and its httpcore dependency to address:

bmc-addons/bmc-resteasy-client-configurator/pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.oracle.oci.sdk</groupId>
     <artifactId>oci-java-sdk-addons</artifactId>
-    <version>1.13.0</version>
+    <version>1.13.1</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
@@ -36,7 +36,7 @@
     <dependency>
       <groupId>com.oracle.oci.sdk</groupId>
       <artifactId>oci-java-sdk-common</artifactId>
-      <version>1.13.0</version>
+      <version>1.13.1</version>
     </dependency>
   </dependencies>
 </project>

bmc-addons/bmc-sasl/pom.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <parent>
+    <artifactId>oci-java-sdk-addons</artifactId>
+    <groupId>com.oracle.oci.sdk</groupId>
+    <version>1.13.1</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+
+  <artifactId>oci-java-sdk-addons-sasl</artifactId>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>com.github.os72</groupId>
+        <artifactId>protoc-jar-maven-plugin</artifactId>
+        <version>3.11.1</version>
+        <executions>
+          <execution>
+            <phase>generate-sources</phase>
+            <goals>
+              <goal>run</goal>
+            </goals>
+            <configuration>
+              <inputDirectories>
+                <include>${project.basedir}/src/main/protobuf</include>
+              </inputDirectories>
+              <outputTargets>
+                <outputTarget>
+                  <type>java</type>
+                  <outputDirectory>${project.basedir}/target/generated-sources/protobuf</outputDirectory>
+                </outputTarget>
+              </outputTargets>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+
+  <dependencies>
+    <dependency>
+      <groupId>com.google.protobuf</groupId>
+      <artifactId>protobuf-java</artifactId>
+      <version>3.11.1</version>
+    </dependency>
+    <dependency>
+      <groupId>com.oracle.oci.sdk</groupId>
+      <artifactId>oci-java-sdk-common</artifactId>
+      <version>1.13.1</version>
+    </dependency>
+  </dependencies>
+
+</project>

bmc-addons/bmc-sasl/src/main/java/com/oracle/bmc/auth/sasl/InstancePrincipalsLoginModule.java

@@ -0,0 +1,21 @@
+/**
+ * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
+ */
+package com.oracle.bmc.auth.sasl;
+
+import com.oracle.bmc.auth.BasicAuthenticationDetailsProvider;
+import com.oracle.bmc.auth.InstancePrincipalsAuthenticationDetailsProvider;
+import java.util.Map;
+
+/**
+ * A {@link javax.security.auth.spi.LoginModule} that will use Instance Principals to fill the {@link javax.security.auth.Subject} credentials.
+ * An <i>intent</i> parameter has to be specified - this service specific and is documented on a per-service basis.
+ * <pre>{@code com.oracle.bmc.auth.sasl.InstancePrincipalsLoginModule required intent="<intent>";}</pre>
+ */
+public class InstancePrincipalsLoginModule extends OciLoginModule {
+    @Override
+    protected BasicAuthenticationDetailsProvider loadAuthenticationProvider(
+            Map<String, ?> options) {
+        return InstancePrincipalsAuthenticationDetailsProvider.builder().build();
+    }
+}

bmc-addons/bmc-sasl/src/main/java/com/oracle/bmc/auth/sasl/OciAuthProviderCallback.java

@@ -0,0 +1,60 @@
+/**
+ * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
+ */
+package com.oracle.bmc.auth.sasl;
+
+import com.oracle.bmc.auth.BasicAuthenticationDetailsProvider;
+import java.io.IOException;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+/**
+ * Callback to handle in the SASL callback handler used when creating a {@link javax.security.sasl.SaslClient} using the OCI SASL mechanism.
+ * Here's the code for a possible {@link CallbackHandler}:
+ * <pre>{@code
+ * public class OciSaslClientCallBackHandler implements CallbackHandler {
+ *
+ *     private final Subject subject;
+ *
+ *     public OciSaslClientCallBackHandler(Subject subject) {
+ *         this.subject = subject;
+ *     }
+ *
+ *     @Override
+ *     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ *         for (Callback callback : callbacks) {
+ *             if (callback instanceof OciAuthProviderCallback) {
+ *                 BasicAuthenticationDetailsProvider authProvider =
+ *                         subject.getPrivateCredentials(BasicAuthenticationDetailsProvider.class).iterator().next();
+ *                 ((OciAuthProviderCallback) callback).authProvider(authProvider);
+ *             } else if (callback instanceof NameCallback) {
+ *                 String intent = subject.getPublicCredentials(String.class).iterator().next();
+ *                 ((NameCallback) callback).setName(intent);
+ *             } else {
+ *                 throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
+ *             }
+ *         }
+ *     }
+ * }
+ * }</pre>
+ */
+public class OciAuthProviderCallback implements Callback {
+    private BasicAuthenticationDetailsProvider authProvider;
+
+    /**
+     * Gets the associated {@link BasicAuthenticationDetailsProvider}
+     */
+    public BasicAuthenticationDetailsProvider authProvider() {
+        return authProvider;
+    }
+
+    /**
+     * Sets the provided {@link BasicAuthenticationDetailsProvider}
+     */
+    public void authProvider(BasicAuthenticationDetailsProvider authProvider) {
+        this.authProvider = authProvider;
+    }
+}

bmc-addons/bmc-sasl/src/main/java/com/oracle/bmc/auth/sasl/OciLoginModule.java

@@ -0,0 +1,69 @@
+/**
+ * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
+ */
+package com.oracle.bmc.auth.sasl;
+
+import com.oracle.bmc.auth.BasicAuthenticationDetailsProvider;
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.spi.LoginModule;
+
+abstract class OciLoginModule implements LoginModule {
+
+    private static final String INTENT_CONFIG = "intent";
+
+    static {
+        OciSaslClientProvider.initialize();
+    }
+
+    @Override
+    public void initialize(
+            Subject subject,
+            CallbackHandler callbackHandler,
+            Map<String, ?> sharedState,
+            Map<String, ?> options) {
+
+        final String intent = (String) options.get(INTENT_CONFIG);
+        if (intent == null) {
+            throw new IllegalArgumentException("Intent is required.");
+        }
+
+        // The intent is considered a public credential (use NameCallback to retrieve)
+        subject.getPublicCredentials().add(intent);
+
+        final BasicAuthenticationDetailsProvider authProvider = loadAuthenticationProvider(options);
+
+        // Because Kafka doesn't allow using a custom callback handler and requires the password to be a string
+        // we will map the auth provider to a UUID and use the cache key as a private credential.
+        // The SASL client will retrieve the auth provider using the key.
+        final String cacheKey = OciSaslClient.AuthProviderCache.cache(authProvider);
+        subject.getPrivateCredentials().add(cacheKey);
+        // We will also add it as the full instance for newer SASL clients that can control their callback handler.
+        // The callback handler will need to handle callback of type OciAuthProviderCallback.
+        subject.getPrivateCredentials().add(authProvider);
+    }
+
+    protected abstract BasicAuthenticationDetailsProvider loadAuthenticationProvider(
+            Map<String, ?> options);
+
+    @Override
+    public boolean login() {
+        return true;
+    }
+
+    @Override
+    public boolean commit() {
+        return true;
+    }
+
+    @Override
+    public boolean abort() {
+        return false;
+    }
+
+    @Override
+    public boolean logout() {
+        return true;
+    }
+}

bmc-addons/bmc-sasl/src/main/java/com/oracle/bmc/auth/sasl/OciMechanism.java

@@ -0,0 +1,55 @@
+/**
+ * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
+ */
+package com.oracle.bmc.auth.sasl;
+
+import com.oracle.bmc.http.signing.internal.Algorithm;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Defines all the supports OCI SASL mechanisms.
+ */
+public enum OciMechanism {
+    OCI_RSA_SHA256(Algorithm.RSAPSS256);
+
+    private final String mechanismName;
+    private final Algorithm algorithm;
+
+    private static final Map<String, OciMechanism> MECHANISMS_MAP;
+
+    static {
+        Map<String, OciMechanism> map = new HashMap<>();
+        for (OciMechanism mechanism : values()) {
+            map.put(mechanism.mechanismName, mechanism);
+        }
+        MECHANISMS_MAP = Collections.unmodifiableMap(map);
+    }
+
+    public static OciMechanism fromMechanismName(String mechanismName) {
+        return MECHANISMS_MAP.get(mechanismName);
+    }
+
+    public static Collection<String> mechanismNames() {
+        return MECHANISMS_MAP.keySet();
+    }
+
+    public static boolean isOci(String mechanismName) {
+        return MECHANISMS_MAP.containsKey(mechanismName);
+    }
+
+    OciMechanism(Algorithm algorithm) {
+        this.mechanismName = "OCI-" + algorithm.getSpecName().toUpperCase();
+        this.algorithm = algorithm;
+    }
+
+    public String mechanismName() {
+        return mechanismName;
+    }
+
+    public Algorithm algorithm() {
+        return algorithm;
+    }
+}