Skip to content

Commit

Permalink
feat: added security and adjusted tests
Browse files Browse the repository at this point in the history
  • Loading branch information
JordenReuter committed Jul 4, 2024
1 parent ef068e9 commit 23e44af
Show file tree
Hide file tree
Showing 22 changed files with 337 additions and 39 deletions.
11 changes: 11 additions & 0 deletions docs/modules/onecx-theme-svc/pages/onecx-theme-svc-docs.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ include::onecx-theme-svc-attributes.adoc[opts=optional]
quarkus.datasource.db-kind=postgresql
quarkus.datasource.jdbc.max-size=30
quarkus.datasource.jdbc.min-size=10
quarkus.http.auth.permission.health.paths=/q/*
quarkus.http.auth.permission.health.policy=permit
quarkus.http.auth.permission.default.paths=/*
quarkus.http.auth.permission.default.policy=authenticated
quarkus.native.resources.includes=import/template.json
quarkus.hibernate-orm.database.generation=validate
quarkus.hibernate-orm.multitenant=DISCRIMINATOR
Expand Down Expand Up @@ -54,5 +58,12 @@ app:
repository: "onecx/onecx-theme-svc"
db:
enabled: true
operator:
keycloak:
client:
enabled: true
spec:
kcConfig:
defaultClientScopes: [ ocx-tn:read ]
----

82 changes: 50 additions & 32 deletions docs/modules/onecx-theme-svc/pages/onecx-theme-svc-extensions.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,140 +12,158 @@ h| Version

| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link]
|
| 0.20.0
| 0.22.0

| onecx-tenant

| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-tenant.html[Link]
| https://github.com/onecx/onecx-quarkus/blob/0.20.0/docs/modules/onecx-quarkus/pages/includes/onecx-tenant.adoc[Link]
| 0.20.0
| https://github.com/onecx/onecx-quarkus/blob/0.22.0/docs/modules/onecx-quarkus/pages/includes/onecx-tenant.adoc[Link]
| 0.22.0

| tkit-quarkus-rest-context

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest-context.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
| 2.27.0

| tkit-quarkus-jpa-tenant

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-jpa-tenant.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa-tenant.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa-tenant.adoc[Link]
| 2.27.0

| tkit-quarkus-data-import

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-data-import.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-data-import.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-data-import.adoc[Link]
| 2.27.0

| tkit-quarkus-jpa

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-jpa.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa.adoc[Link]
| 2.27.0

| tkit-quarkus-log-cdi

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
| 2.27.0

| tkit-quarkus-log-rs

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
| 2.27.0

| tkit-quarkus-log-json

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
| 2.27.0

| tkit-quarkus-rest

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
| 2.27.0

| quarkus-oidc

| https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc.adoc[Link]
| 3.12.0
| quarkus-arc
| https://quarkus.io/guides/cdi-reference[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-liquibase
| https://quarkus.io/guides/liquibase[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-liquibase.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-smallrye-health
| https://quarkus.io/guides/smallrye-health[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-micrometer-registry-prometheus
| https://quarkus.io/guides/telemetry-micrometer[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-hibernate-orm
| https://quarkus.io/guides/hibernate-orm[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-orm.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-rest
| https://quarkus.io/guides/rest[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-rest-jackson
| https://quarkus.io/guides/rest-json[Link]
|
| 3.11.1
| 3.12.0
| quarkus-jdbc-postgresql
| https://quarkus.io/guides/datasource[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-jdbc-postgresql.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-smallrye-openapi
| https://quarkus.io/guides/openapi-swaggerui[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-openapi.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-hibernate-validator
| https://quarkus.io/guides/validation[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-validator.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-opentelemetry
| https://quarkus.io/guides/opentelemetry[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link]
| 3.11.1
| 3.12.0
| tkit-quarkus-security
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link]
| 2.27.0
| quarkus-container-image-docker
| https://quarkus.io/guides/container-image[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link]
| 3.11.1
| 3.12.0
| onecx-security
|
|
| 0.22.0
| quarkus-smallrye-context-propagation
|
|
| 3.11.1
| 3.12.0
|===
16 changes: 15 additions & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<parent>
<groupId>org.tkit.onecx</groupId>
<artifactId>onecx-quarkus3-parent</artifactId>
<version>0.53.0</version>
<version>0.54.0</version>
</parent>

<artifactId>onecx-theme-svc</artifactId>
Expand Down Expand Up @@ -55,6 +55,14 @@
<groupId>org.tkit.quarkus.lib</groupId>
<artifactId>tkit-quarkus-rest</artifactId>
</dependency>
<dependency>
<groupId>org.tkit.onecx.quarkus</groupId>
<artifactId>onecx-security</artifactId>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-oidc</artifactId>
</dependency>

<!-- QUARKUS -->
<dependency>
Expand Down Expand Up @@ -141,6 +149,11 @@
<artifactId>tkit-quarkus-test-db-import</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.tkit.quarkus.lib</groupId>
<artifactId>tkit-quarkus-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
Expand All @@ -158,6 +171,7 @@
<generateSupportingFiles>false</generateSupportingFiles>
<addCompileSourceRoot>true</addCompileSourceRoot>
<library>quarkus</library>
<additionalProperties>onecx-scopes=true</additionalProperties>
<configOptions>
<sourceFolder>/</sourceFolder>
<openApiNullable>false</openApiNullable>
Expand Down
2 changes: 1 addition & 1 deletion src/main/docker/Dockerfile.jvm
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ghcr.io/onecx/docker-quarkus-jvm:0.7.0
FROM ghcr.io/onecx/docker-quarkus-jvm:0.8.0

COPY --chown=185 target/quarkus-app/lib/ /deployments/lib/
COPY --chown=185 target/quarkus-app/*.jar /deployments/
Expand Down
2 changes: 1 addition & 1 deletion src/main/docker/Dockerfile.native
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
FROM ghcr.io/onecx/docker-quarkus-native:0.5.0
FROM ghcr.io/onecx/docker-quarkus-native:0.6.0

COPY --chown=1001:root target/*-runner /work/application
21 changes: 21 additions & 0 deletions src/main/openapi/onecx-image-internal-openapi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ tags:
paths:
/internal/images/{refId}/{refType}:
post:
security:
- oauth2: [ ocx-th:all, ocx-th:write ]
tags:
- imagesInternal
description: Upload Images
Expand Down Expand Up @@ -51,6 +53,8 @@ paths:
"400":
description: Bad Request
get:
security:
- oauth2: [ ocx-th:all, ocx-th:read ]
tags:
- imagesInternal
description: Get Image by id
Expand Down Expand Up @@ -83,6 +87,8 @@ paths:
schema:
$ref: '#/components/schemas/ProblemDetailResponse'
put:
security:
- oauth2: [ ocx-th:all, ocx-th:write ]
tags:
- imagesInternal
description: update Images
Expand Down Expand Up @@ -127,6 +133,8 @@ paths:
schema:
$ref: '#/components/schemas/ProblemDetailResponse'
delete:
security:
- oauth2: [ ocx-th:all, ocx-th:delete ]
tags:
- imagesInternal
description: delete Image
Expand Down Expand Up @@ -157,6 +165,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/images/{refId}:
delete:
security:
- oauth2: [ ocx-th:all, ocx-th:delete ]
tags:
- imagesInternal
description: delete Image by id
Expand All @@ -181,6 +191,17 @@ paths:
schema:
$ref: '#/components/schemas/ProblemDetailResponse'
components:
securitySchemes:
oauth2:
type: oauth2
flows:
clientCredentials:
tokenUrl: https://oauth.simple.api/token
scopes:
ocx-th:all: Grants access to all operations
ocx-th:read: Grants read access
ocx-th:write: Grants write access
ocx-th:delete: Grants access to delete operations
schemas:
RefType:
type: string
Expand Down
10 changes: 10 additions & 0 deletions src/main/openapi/onecx-theme-di-template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ servers:
paths:
/import/theme:
post:
security:
- oauth2: [ ocx-th:write ]
operationId: importTheme
requestBody:
content:
Expand All @@ -18,6 +20,14 @@ paths:
200:
description: ok
components:
securitySchemes:
oauth2:
type: oauth2
flows:
clientCredentials:
tokenUrl: https://oauth.simple.api/token
scopes:
ocx-th:write: Grants write access
schemas:
TemplateImport:
type: object
Expand Down
Loading

0 comments on commit 23e44af

Please sign in to comment.