Config: Make person and project services configurable per tenant

docker/example.env

@@ -5,7 +5,7 @@
 # Comma seperated profiles, defaults to prod if left empty
 QUARKUS_PROFILE=
 # Sets the HTML title of the frontend
-DAMAP_TITLE="DAMAP Tool"
+DAMAP_TENANT_AWARE_TITLE="DAMAP Tool"
 # Sets the frontends mode, should always be PROD for production environment
 # Allowed values:
 #   - DEV
@@ -15,20 +15,23 @@ DAMAP_ENV=DEV
 QUARKUS_HTTP_CORS_ORIGINS=http://localhost:8085
 # Sets the project service used, should be set to elsevier-pure only when pure integration is used
 # Allowed values:
-#   - default
+#   - default (mock service or custom, if provided)
 #   - elsevier-pure
-DAMAP_PROJECTS_SERVICE=default
-# Text shown  in the frontend to allow users to switch between person services
-DAMAP_PERSON_SERVICES_DISPLAY_TEXT=University
-# Sets which person service is used
-# Allowed values:
-#   - UNIVERSITY
-#   - PURE
-DAMAP_PERSON_SERVICES_QUERY_VALUE=UNIVERSITY
-# Which java class is to be used as person service
-# Set to org.damap.base.integration.pure.PurePersonService for PURE
-# Or to your custom class, if you do use a custom integration
-DAMAP_PERSON_SERVICES_CLASS_NAME=org.damap.base.integration.mock.MockUniversityPersonServiceImpl
+#   - disabled (no connected project service)
+DAMAP_TENANT_AWARE_PROJECT_SERVICE=disabled
+# DISPLAY_TEXT: Is the text shown in the frontend to allow users to switch between person services
+# QUERY_VALUE: Should uniquely identify the service
+# CLASS_NAME: Which java class should be used for the service implementation, set to
+# "org.damap.base.integration.orcid.ORCIDPersonServiceImpl" for ORCID, set to
+# "org.damap.base.integration.pure.PurePersonService" for Pure or to your custom class, if you use a custom integration
+# To add further mappings, copy the three environment variable group below and increment the indexes
+# Info: the  two underscores `0__` are on purpose - these are necessary due to how SmallRye processes env variables
+DAMAP_TENANT_AWARE_PERSON_SERVICES_0__DISPLAY_TEXT: University
+DAMAP_TENANT_AWARE_PERSON_SERVICES_0__QUERY_VALUE: UNIVERSITY
+DAMAP_TENANT_AWARE_PERSON_SERVICES_0__CLASS_NAME: org.damap.base.integration.mock.MockUniversityPersonServiceImpl
+DAMAP_TENANT_AWARE_PERSON_SERVICES_1__DISPLAY_TEXT: ORCID
+DAMAP_TENANT_AWARE_PERSON_SERVICES_1__QUERY_VALUE: ORCID
+DAMAP_TENANT_AWARE_PERSON_SERVICES_1__CLASS_NAME: org.damap.base.integration.orcid.ORCIDPersonServiceImpl
 
 ## =====================
 ## Authentication
@@ -93,7 +96,7 @@ REST_GOTENBERG_MP_REST_URL=http://gotenberg:3000
 ## =====================
 
 # Enables input field for short ethical report description
-DAMAP_FIELDS_ETHICAL_REPORT_ENABLED=true
+DAMAP_TENANT_AWARE_FIELDS_ETHICAL_REPORT_ENABLED=true
 
 ## =====================
 ## Elsevier PURE
@@ -103,21 +106,24 @@ DAMAP_FIELDS_ETHICAL_REPORT_ENABLED=true
 # /dk/atira/pure, but are otherwise specific to the institutional setup in Pure.
 
 # The project description field DAMAP should use:
-DAMAP_ELSEVIER_PURE_DESCRIPTION_CLASSIFICATION=/dk/atira/pure/projectdescription
-# How Pure project contributor classifications map to DAMAP:
-DAMAP_ELSEVIER_PURE_CONTRIBUTOR_ROLE_CLASSIFICATIONS='{"/dk/atira/pure/member":"PROJECT_MEMBER"}'
+DAMAP_TENANT_AWARE_ELSEVIER_PURE_DESCRIPTION_CLASSIFICATION: /dk/atira/pure/projectdescription
+# How Pure project contributor classifications map to DAMAP :
+# To add further mappings, copy the two environment variables below and increment the indexes from 0 to 1
+# Info: the  two underscores `0__` are on purpose - these are necessary due to how SmallRye processes env variables
+DAMAP_TENANT_AWARE_ELSEVIER_PURE_CONTRIBUTOR_ROLE_CLASSIFICATIONS_0__PURE_ROLE_URI: /dk/atira/pure/member
+DAMAP_TENANT_AWARE_ELSEVIER_PURE_CONTRIBUTOR_ROLE_CLASSIFICATIONS_0__CONTRIBUTOR_ROLE: PROJECT_MEMBER
 # Which Pure classification should be read as the project lead:
-DAMAP_ELSEVIER_PURE_PROJECT_LEAD_ROLE_CLASSIFICATION=/dk/atira/pure/projectlead
+DAMAP_TENANT_AWARE_ELSEVIER_PURE_PROJECT_LEAD_ROLE_CLASSIFICATION: /dk/atira/pure/projectlead
 # Configures if data should be fetched over http or from local files - should always be http for PROD:
 # Allowed values:
 #   - http
 #   - file
-DAMAP_ELSEVIER_PURE_BACKEND=http
+DAMAP_TENANT_AWARE_ELSEVIER_PURE_BACKEND: http
 # URL to fetch data from, only relevant when ELSEVIER_PURE_BACKEND is set to http
-DAMAP_ELSEVIER_PURE_ENDPOINT_URL="https://your-pure-instance.elsevierpure.com/ws/api"
+DAMAP_TENANT_AWARE_ELSEVIER_PURE_ENDPOINT_URL: "https://your-pure-instance.elsevierpure.com/ws/api"
 # API key used to authenticate over the PURE API, only relevant when ELSEVIER_PURE_BACKEND is set to http
-DAMAP_ELSEVIER_PURE_API_KEY="your API key here"
+DAMAP_TENANT_AWARE_ELSEVIER_PURE_API_KEY: "your API key here"
 # location of projects file, only relevant when ELSEVIER_PURE_BACKEND is set to file
-DAMAP_ELSEVIER_PURE_PROJECTS_FILE="file:///path/to/projects.json"
+DAMAP_TENANT_AWARE_ELSEVIER_PURE_PROJECTS_FILE: "file:///path/to/projects.json"
 # location of persons file, only relevant when ELSEVIER_PURE_BACKEND is set to file
-DAMAP_ELSEVIER_PURE_PERSONS_FILE="file:///path/to/persons.json"
+DAMAP_TENANT_AWARE_ELSEVIER_PURE_PERSONS_FILE: "file:///path/to/persons.json"

docker/tenants.yaml

@@ -1,4 +1,53 @@
-tenants: ['tenant_1', 'tenant_2']
+damap:
+  tenants:
+    tenant-list: ['tenant_1', 'tenant_2']
+    # these configs exactly mirror the damap.tenant-aware configs in application.yaml
+    tenant-configs:
+      tenant_1:
+        title: Tenant 1 DAMAP Tool
+        fields:
+          ethical-report-enabled: false
+        project-service: default
+        elsevier-pure-description-classification: /dk/atira/pure/projectdescription
+        elsevier-pure-contributor-role-classifications:
+          - pure-role-uri: /dk/atira/pure/member
+            contributor-role: PROJECT_MEMBER
+        elsevier-pure-project-lead-role-classification: /dk/atira/pure/projectlead
+        elsevier-pure-backend: http
+        elsevier-pure-endpoint-url: "https://your-tenant1-pure-instance.elsevierpure.com/ws/api/"
+        elsevier-pure-api-key: "your API key here"
+        elsevier-pure-projects-file: "file:///path/to/projects.json"
+        elsevier-pure-persons-file: "file:///path/to/persons.json"
+        person-services:
+          - display-text: 'ORCID'
+            query-value: 'ORCID'
+            class-name: 'org.damap.base.integration.orcid.ORCIDPersonServiceImpl'
+          - display-text: 'University'
+            query-value: 'UNIVERSITY'
+            class-name: 'org.damap.base.integration.mock.MockUniversityPersonServiceImpl'
+      tenant_2:
+        title: Tenant 2 DAMAP Tool
+        fields:
+          ethical-report-enabled: false
+        project-service: disabled
+        elsevier-pure-description-classification: /dk/atira/pure/projectdescription
+        elsevier-pure-contributor-role-classifications:
+          - pure-role-uri: /dk/atira/pure/member
+            contributor-role: PROJECT_MEMBER
+        elsevier-pure-project-lead-role-classification: /dk/atira/pure/projectlead
+        elsevier-pure-backend: http
+        elsevier-pure-endpoint-url: "https://your-tenant2-pure-instance.elsevierpure.com/ws/api/GRAZ"
+        elsevier-pure-api-key: "your API key here"
+        elsevier-pure-projects-file: "file:///path/to/projects.json"
+        elsevier-pure-persons-file: "file:///path/to/persons.json"
+        person-services:
+          - display-text: 'ORCID'
+            query-value: 'ORCID'
+            class-name: 'org.damap.base.integration.orcid.ORCIDPersonServiceImpl'
+          - display-text: 'Pure'
+            query-value: 'PURE'
+            class-name: 'org.damap.base.integration.pure.PurePersonService'
+
 "%multitenant":
   quarkus:
     datasource:

helm/templates/00_multitenancy.yaml

@@ -9,7 +9,9 @@ metadata:
     app: damap
 stringData:
   tenants.yaml: |-
-    tenants: {{ .Values.damap.multitenancy.tenants | toJson }}
+    damap:
+      tenants:
+        tenant-list: {{ .Values.damap.multitenancy.tenants | toJson }}
     "%multitenant":
       quarkus:
         datasource:

helm/templates/03_damap.yaml

@@ -219,30 +219,30 @@ spec:
             {{- /*
             Additional integrations configuration
             */}}
-            - name: DAMAP_PERSON_SERVICES
+            - name: DAMAP_TENANT_AWARE_PERSON_SERVICES
               value: {{ .Values.damap.personServices | toJson | quote }}
-            - name: DAMAP_PROJECTS_SERVICE
-              value: {{ .Values.damap.projectsService }}
+            - name: DAMAP_TENANT_AWARE_PROJECT_SERVICE
+              value: {{ .Values.damap.projectService }}
 
             {{- /*
             Elsevier Pure integration
             */}}
             {{- if .Values.pure.enabled }}
-            - name: DAMAP_ELSEVIER_PURE_BACKEND
+            - name: DAMAP_TENANT_AWARE_ELSEVIER_PURE_BACKEND
               value: "{{ .Values.pure.backend }}"
-            - name: DAMAP_ELSEVIER_PURE_PROJECTS_FILE
+            - name: DAMAP_TENANT_AWARE_ELSEVIER_PURE_PROJECTS_FILE
               value: file:///data/projects.json
-            - name: DAMAP_ELSEVIER_PURE_PERSONS_FILE
+            - name: DAMAP_TENANT_AWARE_ELSEVIER_PURE_PERSONS_FILE
               value: file:///data/persons.json
-            - name: DAMAP_ELSEVIER_PURE_ENDPOINT_URL
+            - name: DAMAP_TENANT_AWARE_ELSEVIER_PURE_ENDPOINT_URL
               value: "{{ .Values.pure.endpoint }}"
-            - name: DAMAP_ELSEVIER_PURE_API_KEY
+            - name: DAMAP_TENANT_AWARE_ELSEVIER_PURE_API_KEY
               value: "{{ .Values.pure.apiKey }}"
-            - name: DAMAP_ELSEVIER_PURE_DESCRIPTION_CLASSIFICATION
+            - name: DAMAP_TENANT_AWARE_ELSEVIER_PURE_DESCRIPTION_CLASSIFICATION
               value: {{ .Values.pure.descriptionClassification | quote }}
-            - name: DAMAP_ELSEVIER_PURE_PROJECT_LEAD_ROLE_CLASSIFICATION
+            - name: DAMAP_TENANT_AWARE_ELSEVIER_PURE_PROJECT_LEAD_ROLE_CLASSIFICATION
               value: {{ .Values.pure.projectLeadClassification | quote }}
-            - name: DAMAP_ELSEVIER_PURE_CONTRIBUTOR_ROLE_CLASSIFICATIONS
+            - name: DAMAP_TENANT_AWARE_ELSEVIER_PURE_CONTRIBUTOR_ROLE_CLASSIFICATIONS
               value: {{ .Values.pure.roleClassifications | toJson | quote }}
             {{- end }}
           volumeMounts:

helm/values.schema.json

@@ -613,37 +613,39 @@
         "roleClassifications": {
           "title": "Role classifications",
           "description": "Mappings from Pure classifications to DAMAP roles. The keys should be the Pure classifications used for roles in your Pure instance, and the values should be the corresponding DAMAP role values. This is used to determine which DAMAP role to assign to a person based on their classification in Pure. The DAMAP role values should be one of the following: DATA_COLLECTOR, DATA_CURATOR, DATA_MANAGER, DISTRIBUTOR, EDITOR, HOSTING_INSTITUTION, PRODUCER, PROJECT_LEADER, PROJECT_MANAGER, PROJECT_MEMBER, REGISTRATION_AGENCY, REGISTRATION_AUTHORITY, RELATED_PERSON, RESEARCHER, RESEARCH_GROUP, RIGHTS_HOLDER, SPONSOR, SUPERVISOR, WORK_PACKAGE_LEADER, PRINCIPAL_INVESTIGATOR, PROJECT_COORDINATOR, OTHER.",
-          "type": "object",
-          "patternProperties": {
-            "^/dk/atira/pure/": {
-              "type": "string",
-              "enum": [
-                "DATA_COLLECTOR",
-                "DATA_CURATOR",
-                "DATA_MANAGER",
-                "DISTRIBUTOR",
-                "EDITOR",
-                "HOSTING_INSTITUTION",
-                "PRODUCER",
-                "PROJECT_LEADER",
-                "PROJECT_MANAGER",
-                "PROJECT_MEMBER",
-                "REGISTRATION_AGENCY",
-                "REGISTRATION_AUTHORITY",
-                "RELATED_PERSON",
-                "RESEARCHER",
-                "RESEARCH_GROUP",
-                "RIGHTS_HOLDER",
-                "SPONSOR",
-                "SUPERVISOR",
-                "WORK_PACKAGE_LEADER",
-                "PRINCIPAL_INVESTIGATOR",
-                "PROJECT_COORDINATOR",
-                "OTHER"
-              ]
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["pure-role-uri", "contributor-role"],
+            "properties": {
+              "pure-role-uri": { "type": "string" },
+              "contributor-role": { "type": "string",
+                                    "enum": [
+                                      "DATA_COLLECTOR",
+                                      "DATA_CURATOR",
+                                      "DATA_MANAGER",
+                                      "DISTRIBUTOR",
+                                      "EDITOR",
+                                      "HOSTING_INSTITUTION",
+                                      "PRODUCER",
+                                      "PROJECT_LEADER",
+                                      "PROJECT_MANAGER",
+                                      "PROJECT_MEMBER",
+                                      "REGISTRATION_AGENCY",
+                                      "REGISTRATION_AUTHORITY",
+                                      "RELATED_PERSON",
+                                      "RESEARCHER",
+                                      "RESEARCH_GROUP",
+                                      "RIGHTS_HOLDER",
+                                      "SPONSOR",
+                                      "SUPERVISOR",
+                                      "WORK_PACKAGE_LEADER",
+                                      "PRINCIPAL_INVESTIGATOR",
+                                      "PROJECT_COORDINATOR",
+                                      "OTHER"
+                                    ]}
             }
           }
-
         }
       }
     }

helm/values.yaml

@@ -45,7 +45,7 @@ damap:
     - display-text: "ORCID"
       query-value: "ORCID"
       class-name: "org.damap.base.integration.orcid.ORCIDPersonServiceImpl"
-  projectsService: elsevier-pure
+  projectService: elsevier-pure
   protocol: http
   storageClassName: ""
   tlsClusterIssuer: ""
@@ -335,4 +335,5 @@ pure:
   # RESEARCH_GROUP, RIGHTS_HOLDER, SPONSOR, SUPERVISOR, WORK_PACKAGE_LEADER, PRINCIPAL_INVESTIGATOR,
   # PROJECT_COORDINATOR, OTHER
   roleClassifications:
-    /dk/atira/pure/...: PROJECT_MEMBER
+    - pure-role-uri: /dk/atira/pure/member
+      contributor-role: PROJECT_MEMBER

src/main/java/org/damap/base/hibernate/CustomTenantResolver.java

@@ -18,7 +18,7 @@ public class CustomTenantResolver implements TenantResolver {
 
   private static final Logger LOG = Logger.getLogger(CustomTenantResolver.class);
 
-  @ConfigProperty(name = "tenants", defaultValue = "default")
+  @ConfigProperty(name = "damap.tenants.tenant-list", defaultValue = "default")
   List<String> tenantIds;
 
   @Inject SecurityService securityService;
@@ -33,7 +33,7 @@ public String getDefaultTenantId() {
   public String resolveTenantId() {
     String tenantId = securityService.getAffiliation();
     if (!tenantIds.contains(tenantId)) {
-      throw new ForbiddenException("TenantId mismatch");
+      throw new ForbiddenException("TenantId mismatch for tenantId: " + tenantId);
     }
     LOG.debug("TenantId = " + tenantId);
     return tenantId;

src/main/java/org/damap/base/integration/disabled/DisabledProjectServiceImpl.java

@@ -0,0 +1,68 @@
+package org.damap.base.integration.disabled;
+
+import jakarta.enterprise.context.ApplicationScoped;
+import java.util.ArrayList;
+import java.util.List;
+import org.damap.base.integration.ProjectServiceProvider;
+import org.damap.base.rest.base.ResultList;
+import org.damap.base.rest.base.Search;
+import org.damap.base.rest.dmp.domain.ContributorDO;
+import org.damap.base.rest.dmp.domain.ProjectDO;
+import org.damap.base.rest.dmp.domain.ProjectSupplementDO;
+
+/**
+ * This class is meant to express the state of project services being explicitly disabled.
+ *
+ * <p>Note: DAMAP was coded in a way, where it was assumed that a project service would always
+ * exist. This husk is meant to represent the state of no service being registered. This should be
+ * refactored in the future, if time permits.
+ */
+@ApplicationScoped
+public class DisabledProjectServiceImpl implements ProjectServiceProvider {
+  @Override
+  public String getConfigID() {
+    return "disabled";
+  }
+
+  @Override
+  public List<ContributorDO> getProjectStaff(String projectId) {
+    return new ArrayList<>();
+  }
+
+  @Override
+  public ProjectSupplementDO getProjectSupplement(String projectId) {
+    return null;
+  }
+
+  @Override
+  public ContributorDO getProjectLeader(String projectId) {
+    return null;
+  }
+
+  @Override
+  public ResultList<ProjectDO> getRecommended(Search search) {
+    return getMockResultList();
+  }
+
+  @Override
+  public ProjectDO read(String id) {
+    return null;
+  }
+
+  @Override
+  public ResultList<ProjectDO> search(Search query) {
+    return getMockResultList();
+  }
+
+  /**
+   * Helper method. Returns an empty ResultList that won't crash methods which use the result, since
+   * they expect empty lists and not null.
+   *
+   * @return Empty result list
+   */
+  private ResultList<ProjectDO> getMockResultList() {
+    ResultList<ProjectDO> res = new ResultList<>();
+    res.setItems(new ArrayList<>());
+    return res;
+  }
+}