HPCC-16311 Add feature level authentication to WsPackageProcess

A separate PR will be created on LN repo.

Signed-off-by: wangkx <kevin.wang@lexisnexis.com>

configuration/xsds_xmls/experimental.xml

@@ -167,6 +167,10 @@
                           path="FileIOAccess"
                           resource="FileIOAccess"
                           service="ws_fileio"/>
+     <AuthenticateFeature description="Access to package map"
+                          path="PackageMapAccess"
+                          resource="PackageMapAccess"
+                          service="ws_packageprocess"/>
      <AuthenticateFeature description="Access to permissions for file scopes"
                           path="FileScopeAccess"
                           resource="FileScopeAccess"
@@ -541,6 +545,11 @@
                          resource="FileIOAccess"
                          service="ws_fileio"/>
     <AuthenticateFeature authenticate="Yes"
+                         description="Access to package map"
+                         path="PackageMapAccess"
+                         resource="PackageMapAccess"
+                         service="ws_packageprocess"/>
+    <AuthenticateFeature authenticate="Yes"
                          description="Access to permissions for file scopes"
                          path="FileScopeAccess"
                          resource="FileScopeAccess"
@@ -707,6 +716,10 @@
                          path="FileIOAccess"
                          resource="FileIOAccess"
                          service="ws_fileio"/>
+    <AuthenticateFeature description="Access to package map"
+                         path="PackageMapAccess"
+                         resource="PackageMapAccess"
+                         service="ws_packageprocess"/>
     <AuthenticateFeature description="Access to permissions for file scopes"
                          path="FileScopeAccess"
                          resource="FileScopeAccess"

docs/Installing_and_RunningTheHPCCPlatform/Inst-Mods/UserSecurityMaint.xml

@@ -1404,6 +1404,32 @@
               </row>
 
               <row>
+                <entry>PackageMapAccess</entry>
+
+                <entry>Access to ListPackage, ListPackages, GetPackage, GetPackageMapById, ValidatePackage,
+                GetQueryFileMapping, GetPackageMapSelectOptions, GetPartFromPackageMap</entry>
+
+                <entry>Read</entry>
+              </row>
+
+              <row>
+                <entry></entry>
+
+                <entry>Access to AddPackage, CopyPackageMap, ActivatePackage,
+                DeActivatePackage, AddPartToPackageMap, RemovePartFromPackageMap</entry>
+
+                <entry>Write</entry>
+              </row>
+
+              <row>
+                <entry></entry>
+
+                <entry>DeletePackage</entry>
+
+                <entry>Full</entry>
+              </row>
+
+              <row>
                 <entry>FileScopeAccess</entry>
 
                 <entry>Allows access to query, set, modify, and delete File

esp/scm/ws_packageprocess.ecm

@@ -316,21 +316,21 @@ ESPresponse [exceptions_inline] GetPartFromPackageMapResponse
 ESPservice [auth_feature("NONE"), version("1.03"), exceptions_inline("./smc_xslt/exceptions.xslt")] WsPackageProcess
 {
     ESPmethod Echo(EchoRequest, EchoResponse);
-    ESPmethod AddPackage(AddPackageRequest, AddPackageResponse);
-    ESPmethod CopyPackageMap(CopyPackageMapRequest, CopyPackageMapResponse);
-    ESPmethod DeletePackage(DeletePackageRequest, DeletePackageResponse);
-    ESPmethod ActivatePackage(ActivatePackageRequest, ActivatePackageResponse);
-    ESPmethod DeActivatePackage(DeActivatePackageRequest, DeActivatePackageResponse);
-    ESPmethod ListPackage(ListPackageRequest, ListPackageResponse);
-    ESPmethod ListPackages(ListPackagesRequest, ListPackagesResponse);
-    ESPmethod GetPackage(GetPackageRequest, GetPackageResponse);
-    ESPmethod GetPackageMapById(GetPackageMapByIdRequest, GetPackageMapByIdResponse);
-    ESPmethod ValidatePackage(ValidatePackageRequest, ValidatePackageResponse);
-    ESPmethod GetQueryFileMapping(GetQueryFileMappingRequest, GetQueryFileMappingResponse);
-    ESPmethod GetPackageMapSelectOptions(GetPackageMapSelectOptionsRequest, GetPackageMapSelectOptionsResponse);
-    ESPmethod AddPartToPackageMap(AddPartToPackageMapRequest, AddPartToPackageMapResponse);
-    ESPmethod RemovePartFromPackageMap(RemovePartFromPackageMapRequest, RemovePartFromPackageMapResponse);
-    ESPmethod GetPartFromPackageMap(GetPartFromPackageMapRequest, GetPartFromPackageMapResponse);
+    ESPmethod [auth_feature("PackageMapAccess:WRITE")] AddPackage(AddPackageRequest, AddPackageResponse);
+    ESPmethod [auth_feature("PackageMapAccess:WRITE")] CopyPackageMap(CopyPackageMapRequest, CopyPackageMapResponse);
+    ESPmethod [auth_feature("PackageMapAccess:FULL")] DeletePackage(DeletePackageRequest, DeletePackageResponse);
+    ESPmethod [auth_feature("PackageMapAccess:WRITE")] ActivatePackage(ActivatePackageRequest, ActivatePackageResponse);
+    ESPmethod [auth_feature("PackageMapAccess:WRITE")] DeActivatePackage(DeActivatePackageRequest, DeActivatePackageResponse);
+    ESPmethod [auth_feature("PackageMapAccess:READ")] ListPackage(ListPackageRequest, ListPackageResponse);
+    ESPmethod [auth_feature("PackageMapAccess:READ")] ListPackages(ListPackagesRequest, ListPackagesResponse);
+    ESPmethod [auth_feature("PackageMapAccess:READ")] GetPackage(GetPackageRequest, GetPackageResponse);
+    ESPmethod [auth_feature("PackageMapAccess:READ")] GetPackageMapById(GetPackageMapByIdRequest, GetPackageMapByIdResponse);
+    ESPmethod [auth_feature("PackageMapAccess:READ")] ValidatePackage(ValidatePackageRequest, ValidatePackageResponse);
+    ESPmethod [auth_feature("PackageMapAccess:READ")] GetQueryFileMapping(GetQueryFileMappingRequest, GetQueryFileMappingResponse);
+    ESPmethod [auth_feature("PackageMapAccess:READ")] GetPackageMapSelectOptions(GetPackageMapSelectOptionsRequest, GetPackageMapSelectOptionsResponse);
+    ESPmethod [auth_feature("PackageMapAccess:WRITE")] AddPartToPackageMap(AddPartToPackageMapRequest, AddPartToPackageMapResponse);
+    ESPmethod [auth_feature("PackageMapAccess:WRITE")] RemovePartFromPackageMap(RemovePartFromPackageMapRequest, RemovePartFromPackageMapResponse);
+    ESPmethod [auth_feature("PackageMapAccess:READ")] GetPartFromPackageMap(GetPartFromPackageMapRequest, GetPartFromPackageMapResponse);
 };
 
 SCMexportdef(WsPackageProcess);

esp/services/ws_smc/espsmc_permissions.txt

@@ -56,6 +56,14 @@ ws_fileio:
     FileIOAccess:
         Write - Access to files in dropzone... CreateFile, ReadFileData, WriteFileData
 
+ws_packageprocess:
+    PackageMapAccess:
+        Read  - ListPackage, ListPackages, GetPackage, GetPackageMapById, ValidatePackage,
+                  GetQueryFileMapping, GetPackageMapSelectOptions, GetPartFromPackageMap
+        Write - AddPackage, CopyPackageMap, ActivatePackage, DeActivatePackage,
+                  AddPartToPackageMap, RemovePartFromPackageMap
+        Full  - DeletePackage
+
 ws_topology:
     ClusterTopologyAccess: 
         Read - TpLogFile, TpClusterQuery, TpLogicalClusterQuery, TpGroupQuery,

initfiles/componentfiles/configxml/buildsetCC.xml.in

@@ -167,6 +167,10 @@
                           path="FileIOAccess"
                           resource="FileIOAccess"
                           service="ws_fileio"/>
+     <AuthenticateFeature description="Access to package map"
+                          path="PackageMapAccess"
+                          resource="PackageMapAccess"
+                          service="ws_packageprocess"/>
      <AuthenticateFeature description="Access to permissions for file scopes"
                           path="FileScopeAccess"
                           resource="FileScopeAccess"

initfiles/etc/DIR_NAME/environment.xml.in

@@ -369,6 +369,11 @@
                          resource="FileIOAccess"
                          service="ws_fileio"/>
     <AuthenticateFeature authenticate="Yes"
+                         description="Access to package map"
+                         path="PackageMapAccess"
+                         resource="PackageMapAccess"
+                         service="ws_packageprocess"/>
+    <AuthenticateFeature authenticate="Yes"
                          description="Access to permissions for file scopes"
                          path="FileScopeAccess"
                          resource="FileScopeAccess"
@@ -628,6 +633,10 @@
                          path="FileIOAccess"
                          resource="FileIOAccess"
                          service="ws_fileio"/>
+    <AuthenticateFeature description="Access to package map"
+                         path="PackageMapAccess"
+                         resource="PackageMapAccess"
+                         service="ws_packageprocess"/>
     <AuthenticateFeature description="Access to permissions for file scopes"
                          path="FileScopeAccess"
                          resource="FileScopeAccess"
@@ -923,6 +932,10 @@
                           path="FileIOAccess"
                           resource="FileIOAccess"
                           service="ws_fileio"/>
+     <AuthenticateFeature description="Access to package map"
+                          path="PackageMapAccess"
+                          resource="PackageMapAccess"
+                          service="ws_packageprocess"/>
      <AuthenticateFeature description="Access to permissions for file scopes"
                           path="FileScopeAccess"
                           resource="FileScopeAccess"

system/jlib/jptree-attrvalues.hpp

@@ -475,6 +475,7 @@
     "ou=workunits,ou=ecl",
     "ou=WsEcl,ou=EspServices,ou=ecl",
     "OwnWorkunitsAccess",
+    "PackageMapAccess",
     "parallel",
     "Parameters",
     "_parentActivity",

testing/regress/environment.xml.in

@@ -360,6 +360,11 @@
                          resource="FileIOAccess"
                          service="ws_fileio"/>
     <AuthenticateFeature authenticate="Yes"
+                         description="Access to package map"
+                         path="PackageMapAccess"
+                         resource="PackageMapAccess"
+                         service="ws_packageprocess"/>
+    <AuthenticateFeature authenticate="Yes"
                          description="Access to permissions for file scopes"
                          path="FileScopeAccess"
                          resource="FileScopeAccess"
@@ -596,6 +601,10 @@
                          path="FileIOAccess"
                          resource="FileIOAccess"
                          service="ws_fileio"/>
+    <AuthenticateFeature description="Access to package map"
+                         path="PackageMapAccess"
+                         resource="PackageMapAccess"
+                         service="ws_packageprocess"/>
     <AuthenticateFeature description="Access to permissions for file scopes"
                          path="FileScopeAccess"
                          resource="FileScopeAccess"
@@ -887,6 +896,10 @@
                           path="FileIOAccess"
                           resource="FileIOAccess"
                           service="ws_fileio"/>
+     <AuthenticateFeature description="Access to package map"
+                          path="PackageMapAccess"
+                          resource="PackageMapAccess"
+                          service="ws_packageprocess"/>
      <AuthenticateFeature description="Access to permissions for file scopes"
                           path="FileScopeAccess"
                           resource="FileScopeAccess"