Fix the owner related features in kafka sql (#5731)

* Fix the owner related features in kafka sql

* Fix scope

* Fix owner only updates

* Make auth tests use keycloak container for better reproducibility

* Upgrade keycloak version

Author: carlesarnal

app/pom.xml

@@ -293,6 +293,11 @@
       <artifactId>strimzi-test-container</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>com.github.dasniko</groupId>
+      <artifactId>testcontainers-keycloak</artifactId>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>io.zonky.test</groupId>
       <artifactId>embedded-postgres</artifactId>

app/src/main/java/io/apicurio/registry/ccompat/rest/v7/impl/AbstractResource.java

@@ -32,6 +32,7 @@
 import io.apicurio.registry.types.VersionState;
 import io.apicurio.registry.types.provider.ArtifactTypeUtilProvider;
 import io.apicurio.registry.types.provider.ArtifactTypeUtilProviderFactory;
+import io.quarkus.security.identity.SecurityIdentity;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.BadRequestException;
 import org.apache.avro.AvroTypeException;
@@ -67,6 +68,9 @@ public abstract class AbstractResource {
     @Inject
     ArtifactTypeUtilProviderFactory factory;
 
+    @Inject
+    SecurityIdentity securityIdentity;
+
     protected String toSubjectWithGroupConcat(String groupId, String artifactId) {
         return (groupId == null ? "" : groupId) + cconfig.groupConcatSeparator + artifactId;
     }
@@ -107,6 +111,9 @@ protected ArtifactVersionMetaDataDto createOrUpdateArtifact(String artifactId, S
                 .collect(Collectors.toList());
         final Map<String, TypedContent> resolvedReferences = RegistryContentUtils
                 .recursivelyResolveReferences(parsedReferences, storage::getContentByReference);
+
+        String owner = securityIdentity.getPrincipal().getName();
+
         try {
             ContentHandle schemaContent;
             schemaContent = ContentHandle.create(schema);
@@ -126,16 +133,18 @@ protected ArtifactVersionMetaDataDto createOrUpdateArtifact(String artifactId, S
                 ContentWrapperDto firstVersionContent = ContentWrapperDto.builder().content(schemaContent)
                         .contentType(contentType).references(parsedReferences).build();
 
-                res = storage.createArtifact(groupId, artifactId, artifactType, artifactMetaData, null,
-                        firstVersionContent, firstVersionMetaData, null, false, false).getValue();
+                res = storage
+                        .createArtifact(groupId, artifactId, artifactType, artifactMetaData, null,
+                                firstVersionContent, firstVersionMetaData, null, false, false, owner)
+                        .getValue();
             } else {
                 TypedContent typedSchemaContent = TypedContent.create(schemaContent, contentType);
                 rulesService.applyRules(groupId, artifactId, artifactType, typedSchemaContent,
                         RuleApplicationType.UPDATE, artifactReferences, resolvedReferences);
                 ContentWrapperDto versionContent = ContentWrapperDto.builder().content(schemaContent)
                         .contentType(contentType).references(parsedReferences).build();
                 res = storage.createArtifactVersion(groupId, artifactId, null, artifactType, versionContent,
-                        EditableVersionMetaDataDto.builder().build(), List.of(), false, false);
+                        EditableVersionMetaDataDto.builder().build(), List.of(), false, false, owner);
             }
         } catch (RuleViolationException ex) {
             if (ex.getRuleType() == RuleType.VALIDITY) {

app/src/main/java/io/apicurio/registry/limits/RegistryStorageLimitsEnforcer.java

@@ -60,24 +60,26 @@ public int order() {
     public Pair<ArtifactMetaDataDto, ArtifactVersionMetaDataDto> createArtifact(String groupId,
             String artifactId, String artifactType, EditableArtifactMetaDataDto artifactMetaData,
             String version, ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
-            List<String> versionBranches, boolean versionIsDraft, boolean dryRun)
+            List<String> versionBranches, boolean versionIsDraft, boolean dryRun, String owner)
             throws RegistryStorageException {
         Pair<ArtifactMetaDataDto, ArtifactVersionMetaDataDto> rval = withLimitsCheck(
                 () -> limitsService.canCreateArtifact(artifactMetaData, versionContent, versionMetaData))
                 .execute(() -> super.createArtifact(groupId, artifactId, artifactType, artifactMetaData,
-                        version, versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun));
+                        version, versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun,
+                        owner));
         limitsService.artifactCreated();
         return rval;
     }
 
     @Override
     public ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
             String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
-            List<String> branches, boolean isDraft, boolean dryRun) throws RegistryStorageException {
+            List<String> branches, boolean isDraft, boolean dryRun, String owner)
+            throws RegistryStorageException {
         ArtifactVersionMetaDataDto dto = withLimitsCheck(
                 () -> limitsService.canCreateArtifactVersion(groupId, artifactId, null, content.getContent()))
                 .execute(() -> super.createArtifactVersion(groupId, artifactId, version, artifactType,
-                        content, metaData, branches, isDraft, dryRun));
+                        content, metaData, branches, isDraft, dryRun, owner));
         limitsService.artifactVersionCreated(groupId, artifactId);
         return dto;
     }

app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java

@@ -1098,6 +1098,8 @@ private ArtifactMetaData createArtifactWithRefs(String groupId, String xRegistry
 
         String ct = getContentType();
         try {
+
+            String owner = securityIdentity.getPrincipal().getName();
             String artifactId = xRegistryArtifactId;
 
             if (artifactId == null || artifactId.trim().isEmpty()) {
@@ -1140,7 +1142,7 @@ private ArtifactMetaData createArtifactWithRefs(String groupId, String xRegistry
 
             Pair<ArtifactMetaDataDto, ArtifactVersionMetaDataDto> createResult = storage.createArtifact(
                     defaultGroupIdToNull(groupId), artifactId, artifactType, metaData, xRegistryVersion,
-                    contentDto, versionMetaData, List.of(), false, false);
+                    contentDto, versionMetaData, List.of(), false, false, owner);
 
             return V2ApiUtil.dtoToMetaData(groupId, artifactId, artifactType, createResult.getRight());
         } catch (ArtifactAlreadyExistsException ex) {
@@ -1258,6 +1260,8 @@ private VersionMetaData createArtifactVersionWithRefs(String groupId, String art
         final Map<String, TypedContent> resolvedReferences = RegistryContentUtils
                 .recursivelyResolveReferences(referencesAsDtos, storage::getContentByReference);
 
+        final String owner = securityIdentity.getPrincipal().getName();
+
         String artifactType = lookupArtifactType(groupId, artifactId);
         TypedContent typedContent = TypedContent.create(content, ct);
         rulesService.applyRules(defaultGroupIdToNull(groupId), artifactId, artifactType, typedContent,
@@ -1266,7 +1270,8 @@ private VersionMetaData createArtifactVersionWithRefs(String groupId, String art
         ContentWrapperDto contentDto = ContentWrapperDto.builder().content(content).contentType(ct)
                 .references(referencesAsDtos).build();
         ArtifactVersionMetaDataDto vmdDto = storage.createArtifactVersion(defaultGroupIdToNull(groupId),
-                artifactId, xRegistryVersion, artifactType, contentDto, metaData, List.of(), false, false);
+                artifactId, xRegistryVersion, artifactType, contentDto, metaData, List.of(), false, false,
+                owner);
         return V2ApiUtil.dtoToVersionMetaData(defaultGroupIdToNull(groupId), artifactId, artifactType,
                 vmdDto);
     }
@@ -1366,7 +1371,8 @@ private ArtifactMetaData handleIfExistsReturnOrUpdate(String groupId, String art
                 content, contentType, references);
     }
 
-    private ArtifactMetaData updateArtifactInternal(String groupId, String artifactId, String version,
+    @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write)
+    protected ArtifactMetaData updateArtifactInternal(String groupId, String artifactId, String version,
             String name, String description, ContentHandle content, String contentType,
             List<ArtifactReference> references) {
 
@@ -1396,13 +1402,16 @@ private ArtifactMetaData updateArtifactInternal(String groupId, String artifactI
         if (description != null && description.trim().isEmpty()) {
             artifactMD.setDescription(description);
         }
+
+        final String owner = securityIdentity.getPrincipal().getName();
+
         EditableVersionMetaDataDto metaData = EditableVersionMetaDataDto.builder().name(artifactMD.getName())
                 .description(artifactMD.getDescription()).labels(artifactMD.getLabels()).build();
 
         ContentWrapperDto contentDto = ContentWrapperDto.builder().content(content).contentType(contentType)
                 .references(referencesAsDtos).build();
         ArtifactVersionMetaDataDto dto = storage.createArtifactVersion(defaultGroupIdToNull(groupId),
-                artifactId, version, artifactType, contentDto, metaData, List.of(), false, false);
+                artifactId, version, artifactType, contentDto, metaData, List.of(), false, false, owner);
 
         // Note: if the version was created, we need to update the artifact metadata as well, because
         // those are the semantics of the v2 API. :(

app/src/main/java/io/apicurio/registry/rest/v3/GroupsResourceImpl.java

@@ -913,6 +913,8 @@ public CreateArtifactResponse createArtifact(String groupId, IfArtifactExists if
             String artifactType = ArtifactTypeUtil.determineArtifactType(typedContent, data.getArtifactType(),
                     factory);
 
+            final String owner = securityIdentity.getPrincipal().getName();
+
             // Create the artifact (with optional first version)
             EditableArtifactMetaDataDto artifactMetaData = EditableArtifactMetaDataDto.builder()
                     .description(data.getDescription()).name(data.getName()).labels(data.getLabels()).build();
@@ -951,7 +953,7 @@ public CreateArtifactResponse createArtifact(String groupId, IfArtifactExists if
             Pair<ArtifactMetaDataDto, ArtifactVersionMetaDataDto> storageResult = storage.createArtifact(
                     new GroupId(groupId).getRawGroupIdWithNull(), artifactId, artifactType, artifactMetaData,
                     firstVersion, firstVersionContent, firstVersionMetaData, firstVersionBranches,
-                    firstVersionIsDraft, dryRun != null && dryRun);
+                    firstVersionIsDraft, dryRun != null && dryRun, owner);
 
             // Now return both the artifact metadata and (if available) the version metadata
             CreateArtifactResponse rval = CreateArtifactResponse.builder()
@@ -1035,14 +1037,17 @@ public VersionMetaData createArtifactVersion(String groupId, String artifactId,
                     typedContent, RuleApplicationType.UPDATE, data.getContent().getReferences(),
                     resolvedReferences);
         }
+
+        final String owner = securityIdentity.getPrincipal().getName();
+
         EditableVersionMetaDataDto metaDataDto = EditableVersionMetaDataDto.builder()
                 .description(data.getDescription()).name(data.getName()).labels(data.getLabels()).build();
         ContentWrapperDto contentDto = ContentWrapperDto.builder().contentType(ct).content(content)
                 .references(referencesAsDtos).build();
 
         ArtifactVersionMetaDataDto vmd = storage.createArtifactVersion(
                 new GroupId(groupId).getRawGroupIdWithNull(), artifactId, data.getVersion(), artifactType,
-                contentDto, metaDataDto, data.getBranches(), isDraft, dryRun != null && dryRun);
+                contentDto, metaDataDto, data.getBranches(), isDraft, dryRun != null && dryRun, owner);
 
         return V3ApiUtil.dtoToVersionMetaData(vmd);
     }
@@ -1275,7 +1280,8 @@ private CreateArtifactResponse handleIfExistsReturnOrUpdate(String groupId, Stri
         return updateArtifactInternal(groupId, artifactId, theVersion);
     }
 
-    private CreateArtifactResponse updateArtifactInternal(String groupId, String artifactId,
+    @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write)
+    protected CreateArtifactResponse updateArtifactInternal(String groupId, String artifactId,
             CreateVersion theVersion) {
         String version = theVersion.getVersion();
         String name = theVersion.getName();
@@ -1289,6 +1295,8 @@ private CreateArtifactResponse updateArtifactInternal(String groupId, String art
 
         String artifactType = lookupArtifactType(groupId, artifactId);
 
+        final String owner = securityIdentity.getPrincipal().getName();
+
         // Transform the given references into dtos and set the contentId, this will also detect if any of the
         // passed references does not exist.
         final List<ArtifactReferenceDto> referencesAsDtos = toReferenceDtos(references);
@@ -1307,7 +1315,7 @@ private CreateArtifactResponse updateArtifactInternal(String groupId, String art
         ContentWrapperDto contentDto = ContentWrapperDto.builder().contentType(contentType).content(content)
                 .references(referencesAsDtos).build();
         ArtifactVersionMetaDataDto vmdDto = storage.createArtifactVersion(groupId, artifactId, version,
-                artifactType, contentDto, metaData, branches, isDraftVersion, false);
+                artifactType, contentDto, metaData, branches, isDraftVersion, false, owner);
         VersionMetaData vmd = V3ApiUtil.dtoToVersionMetaData(vmdDto);
 
         // Need to also return the artifact metadata

app/src/main/java/io/apicurio/registry/storage/RegistryStorage.java

@@ -112,7 +112,7 @@ public interface RegistryStorage extends DynamicConfigStorage {
     Pair<ArtifactMetaDataDto, ArtifactVersionMetaDataDto> createArtifact(String groupId, String artifactId,
             String artifactType, EditableArtifactMetaDataDto artifactMetaData, String version,
             ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
-            List<String> versionBranches, boolean versionIsDraft, boolean dryRun)
+            List<String> versionBranches, boolean versionIsDraft, boolean dryRun, String owner)
             throws ArtifactAlreadyExistsException, RegistryStorageException;
 
     /**
@@ -190,7 +190,7 @@ ContentWrapperDto getContentByHash(String contentHash)
      */
     ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
             String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
-            List<String> branches, boolean isDraft, boolean dryRun)
+            List<String> branches, boolean isDraft, boolean dryRun, String owner)
             throws ArtifactNotFoundException, VersionAlreadyExistsException, RegistryStorageException;
 
     /**

app/src/main/java/io/apicurio/registry/storage/decorator/ReadOnlyRegistryStorageDecorator.java

@@ -76,11 +76,11 @@ public boolean isReadOnly() {
     public Pair<ArtifactMetaDataDto, ArtifactVersionMetaDataDto> createArtifact(String groupId,
             String artifactId, String artifactType, EditableArtifactMetaDataDto artifactMetaData,
             String version, ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
-            List<String> versionBranches, boolean isVersionDraft, boolean dryRun)
+            List<String> versionBranches, boolean isVersionDraft, boolean dryRun, String owner)
             throws RegistryStorageException {
         checkReadOnly();
         return delegate.createArtifact(groupId, artifactId, artifactType, artifactMetaData, version,
-                versionContent, versionMetaData, versionBranches, isVersionDraft, dryRun);
+                versionContent, versionMetaData, versionBranches, isVersionDraft, dryRun, owner);
     }
 
     @Override
@@ -99,10 +99,11 @@ public void deleteArtifacts(String groupId) throws RegistryStorageException {
     @Override
     public ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
             String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
-            List<String> branches, boolean isDraft, boolean dryRun) throws RegistryStorageException {
+            List<String> branches, boolean isDraft, boolean dryRun, String owner)
+            throws RegistryStorageException {
         checkReadOnly();
         return delegate.createArtifactVersion(groupId, artifactId, version, artifactType, content, metaData,
-                branches, isDraft, dryRun);
+                branches, isDraft, dryRun, owner);
     }
 
     @Override

app/src/main/java/io/apicurio/registry/storage/decorator/RegistryStorageDecoratorBase.java

@@ -42,10 +42,10 @@ protected RegistryStorageDecoratorBase() {
     public Pair<ArtifactMetaDataDto, ArtifactVersionMetaDataDto> createArtifact(String groupId,
             String artifactId, String artifactType, EditableArtifactMetaDataDto artifactMetaData,
             String version, ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
-            List<String> versionBranches, boolean versionIsDraft, boolean dryRun)
+            List<String> versionBranches, boolean versionIsDraft, boolean dryRun, String owner)
             throws RegistryStorageException {
         return delegate.createArtifact(groupId, artifactId, artifactType, artifactMetaData, version,
-                versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun);
+                versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun, owner);
     }
 
     @Override
@@ -62,9 +62,10 @@ public void deleteArtifacts(String groupId) throws RegistryStorageException {
     @Override
     public ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
             String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
-            List<String> branches, boolean isDraft, boolean dryRun) throws RegistryStorageException {
+            List<String> branches, boolean isDraft, boolean dryRun, String owner)
+            throws RegistryStorageException {
         return delegate.createArtifactVersion(groupId, artifactId, version, artifactType, content, metaData,
-                branches, isDraft, dryRun);
+                branches, isDraft, dryRun, owner);
     }
 
     @Override

app/src/main/java/io/apicurio/registry/storage/impl/gitops/AbstractReadOnlyRegistryStorage.java

@@ -52,7 +52,7 @@ public boolean isReadOnly() {
     public Pair<ArtifactMetaDataDto, ArtifactVersionMetaDataDto> createArtifact(String groupId,
             String artifactId, String artifactType, EditableArtifactMetaDataDto artifactMetaData,
             String version, ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
-            List<String> versionBranches, boolean versionIsDraft, boolean dryRun)
+            List<String> versionBranches, boolean versionIsDraft, boolean dryRun, String owner)
             throws RegistryStorageException {
         readOnlyViolation();
         return null;
@@ -61,7 +61,8 @@ public Pair<ArtifactMetaDataDto, ArtifactVersionMetaDataDto> createArtifact(Stri
     @Override
     public ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
             String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
-            List<String> branches, boolean isDraft, boolean dryRun) throws RegistryStorageException {
+            List<String> branches, boolean isDraft, boolean dryRun, String owner)
+            throws RegistryStorageException {
         readOnlyViolation();
         return null;
     }