rebase(bpdm) - Application YML's fixes

eclipse-tractusx · Dec 14, 2023 · 1c0ee1c · 1c0ee1c
1 parent cd02024
commit 1c0ee1c
Show file tree

Hide file tree

Showing 15 changed files with 76 additions and 99 deletions.
diff --git a/...bridge-dummy/src/main/kotlin/com/catenax/bpdm/bridge/dummy/config/BridgeAuthProperties.kt b/...bridge-dummy/src/main/kotlin/com/catenax/bpdm/bridge/dummy/config/BridgeAuthProperties.kt
@@ -23,7 +23,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties
 import org.springframework.context.annotation.Configuration
 
 @Configuration
-@ConfigurationProperties(prefix = "bpdm.bridge")
+@ConfigurationProperties(prefix = "bpdm.bridge.permissions")
 class BridgeAuthProperties {
     var syncAuthorities: List<String> = listOf()
 

diff --git a/bpdm-bridge-dummy/src/main/resources/application-auth.yml b/bpdm-bridge-dummy/src/main/resources/application-auth.yml
@@ -18,47 +18,38 @@
 ################################################################################
 
 bpdm:
-  # Security config (defined in common) for restricting access to the bridge dummy resource server
-  bridge:
-    syncAuthorities: sync_company_data
-
-  # OAuth2 authorized connection to Pool and Gate client
-  client:
-    gate:
-      oauth2-client-registration: bridge-client
-      security-enabled: true
-    pool:
-      oauth2-client-registration: bridge-client
-      security-enabled: true
+  permissions:
+    # Security config (defined in common) for restricting access to the bridge dummy resource server
+    bridge:
+      syncAuthorities: sync_company_data
 
   security:
-    permission:
-      # Security config (defined in common) for restricting access to the bridge dummy resource server
-      cors-origins: '*'
-      enabled: true
-      # OAuth configuration
-      auth-server-url: http://localhost:8180
-      auth-url: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/auth
-      client-id: BPDM_BRIDGE_DUMMY
-      realm: master
-      refresh-url: ${bpdm.security.permission.token-url}
-      token-url: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/token
+    # Security config (defined in common) for restricting access to the bridge dummy resource server
+    cors-origins: '*'
+    enabled: true
+    # OAuth configuration
+    auth-server-url: http://localhost:8180
+    auth-url: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/auth
+    client-id: BPDM_BRIDGE_DUMMY
+    realm: master
+    refresh-url: ${bpdm.security.token-url}
+    token-url: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/token
 
 spring:
   security:
     oauth2:
       client:
         provider:
           catena-keycloak-provider:
-            issuer-uri: ${bpdm.security.permission.auth-server-url:http://localhost:8180}/realms/${bpdm.security.permission.realm:master}
+            issuer-uri: ${bpdm.security.auth-server-url:http://localhost:8180}/realms/${bpdm.security.realm:master}
         registration:
           bridge-client:
             authorization-grant-type: client_credentials
-            client-id: ${bpdm.security.permission.client-id}
+            client-id: ${bpdm.security.client-id}
             client-secret: ${bpdm.security.credentials.secret}
             provider: catena-keycloak-provider
       resourceserver:
         # Spring security
         jwt:
-          issuer-uri: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}
-          jwk-set-uri: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/certs
+          issuer-uri: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}
+          jwk-set-uri: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/certs
diff --git a/bpdm-bridge-dummy/src/main/resources/application-gate-auth.yml b/bpdm-bridge-dummy/src/main/resources/application-gate-auth.yml
@@ -21,25 +21,21 @@
 bpdm:
   client:
     gate:
-      oauth2-client-registration: bridge-client
+      oauth2-client-registration: gate-client
       security-enabled: true
 
 spring:
   security:
     oauth2:
       client:
         provider:
-          catena-keycloak-provider:
-            issuer-uri: ${bpdm.security.permission.auth-server-url:http://localhost:8180}/realms/${bpdm.security.permission.realm:master}
+          gate-oauth2-provider:
+            issuer-uri: ${bpdm.security.auth-server-url:http://localhost:8180}/realms/${bpdm.security.realm:master}
         registration:
-          bridge-client:
+          gate-client:
             authorization-grant-type: client_credentials
             client-id: ${bpdm.security.permission.client-id}
             client-secret: ${bpdm.security.credentials.secret}
-            provider: catena-keycloak-provider
-      resourceserver:
-        # Spring security
-        jwt:
-          issuer-uri: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}
-          jwk-set-uri: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/certs
+            provider: gate-oauth2-provider
+
 
diff --git a/bpdm-bridge-dummy/src/main/resources/application-pool-auth.yml b/bpdm-bridge-dummy/src/main/resources/application-pool-auth.yml
@@ -20,24 +20,19 @@
 bpdm:
   client:
     pool:
-      oauth2-client-registration: bridge-client
+      oauth2-client-registration: pool-client
       security-enabled: true
 
 spring:
   security:
     oauth2:
       client:
         provider:
-          catena-keycloak-provider:
+          pool-oauth2-provider:
             issuer-uri: ${bpdm.security.permission.auth-server-url:http://localhost:8180}/realms/${bpdm.security.permission.realm:master}
         registration:
-          bridge-client:
+          pool-client:
             authorization-grant-type: client_credentials
             client-id: ${bpdm.security.permission.client-id}
             client-secret: ${bpdm.security.credentials.secret}
-            provider: catena-keycloak-provider
-      resourceserver:
-        # Spring security
-        jwt:
-          issuer-uri: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}
-          jwk-set-uri: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/certs
+            provider: pool-oauth2-provider
diff --git a/bpdm-common/src/main/kotlin/org/eclipse/tractusx/bpdm/common/config/SecurityConfig.kt b/bpdm-common/src/main/kotlin/org/eclipse/tractusx/bpdm/common/config/SecurityConfig.kt
@@ -36,7 +36,7 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 
 @EnableWebSecurity
 @ConditionalOnProperty(
-    value = ["bpdm.security.permission.enabled"],
+    value = ["bpdm.security.enabled"],
     havingValue = "false",
     matchIfMissing = true
 )

diff --git a/...ommon/src/main/kotlin/org/eclipse/tractusx/bpdm/common/config/SecurityConfigProperties.kt b/...ommon/src/main/kotlin/org/eclipse/tractusx/bpdm/common/config/SecurityConfigProperties.kt
@@ -21,7 +21,7 @@ package org.eclipse.tractusx.bpdm.common.config
 
 import org.springframework.boot.context.properties.ConfigurationProperties
 
-@ConfigurationProperties(prefix = "bpdm.security.permission")
+@ConfigurationProperties(prefix = "bpdm.security")
 data class SecurityConfigProperties(
     val enabled: Boolean = false,
     val clientId: String = "",

diff --git a/bpdm-gate/src/main/kotlin/org/eclipse/tractusx/bpdm/gate/service/OrchestratorMappings.kt b/bpdm-gate/src/main/kotlin/org/eclipse/tractusx/bpdm/gate/service/OrchestratorMappings.kt
@@ -74,7 +74,7 @@ class OrchestratorMappings(
             postalCode = entity.postalCode,
             city = entity.city,
             district = entity.district,
-            street = entity.street?.let(this::toStreetDto),
+            street = entity.street?.let(::toStreetDto),
             companyPostalCode = entity.companyPostalCode,
             industrialZone = entity.industrialZone,
             building = entity.building,

diff --git a/bpdm-gate/src/main/resources/application-auth.yml b/bpdm-gate/src/main/resources/application-auth.yml
@@ -31,16 +31,16 @@ bpdm:
     readCompanyOutputData: read_company_output_data
 
   security:
-    permission:
-      cors-origins: '*'
-      enabled: true
-      #Generic OAuth configuration
-      auth-server-url: http://localhost:8180
-      auth-url: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/auth
-      client-id: BPDM_GATE
-      realm: master
-      refresh-url: ${bpdm.security.permission.token-url}
-      token-url: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/token
+    cors-origins: '*'
+    enabled: true
+    #Generic OAuth configuration
+    auth-server-url: http://localhost:8180
+    auth-url: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/auth
+    client-id: BPDM_GATE
+    realm: master
+    refresh-url: ${bpdm.security.token-url}
+    token-url: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/token
+
 
 #Spring OAuth configuration
 spring:

diff --git a/bpdm-gate/src/main/resources/application-orchestrator-auth.yml b/bpdm-gate/src/main/resources/application-orchestrator-auth.yml
@@ -22,18 +22,18 @@ bpdm:
     orchestrator:
       security-enabled: true
   orchestrator-security:
-    oauth2-client-registration: ""
+    oauth2-client-registration: orchestrator-client
 
 spring:
   security:
     oauth2:
       client:
         provider:
-          catena-keycloak-provider:
+          orchestrator-oauth2-provider:
             issuer-uri: ${bpdm.security.permission.auth-server-url:http://localhost:8180}/realms/${bpdm.security.permission.realm:master}
         registration: # Note that the oauth2-client-registration property is NOT the client id of the gate in keycloak
-          gate-client:
+          orchestrator-client:
             authorization-grant-type: client_credentials
             client-id: ${bpdm.security.permission.client-id}
             client-secret: ${bpdm.security.credentials.secret}
-            provider: catena-keycloak-provider
+            provider: orchestrator-oauth2-provider
diff --git a/bpdm-gate/src/main/resources/application-pool-auth.yml b/bpdm-gate/src/main/resources/application-pool-auth.yml
@@ -22,18 +22,18 @@ bpdm:
     pool:
       security-enabled: true
   gate-security:
-    oauth2-client-registration: gate-client
+    oauth2-client-registration: pool-client
 
 spring:
   security:
     oauth2:
       client:
         provider:
-          catena-keycloak-provider:
-            issuer-uri: ${bpdm.security.permission.auth-server-url:http://localhost:8180}/realms/${bpdm.security.permission.realm:master}
+          pool-oauth2-provider:
+            issuer-uri: ${bpdm.security.auth-server-url:http://localhost:8180}/realms/${bpdm.security.realm:master}
         registration: # Note that the oauth2-client-registration property is NOT the client id of the gate in keycloak
-          gate-client:
+          pool-client:
             authorization-grant-type: client_credentials
-            client-id: ${bpdm.security.permission.client-id}
+            client-id: ${bpdm.security.client-id}
             client-secret: ${bpdm.security.credentials.secret}
-            provider: catena-keycloak-provider
+            provider: pool-oauth2-provider
diff --git a/bpdm-gate/src/main/resources/application.yml b/bpdm-gate/src/main/resources/application.yml
@@ -54,8 +54,7 @@ bpdm:
 
     # No security on default
     security:
-        permission:
-            enabled: false
+        enabled: false
 
     # Datasource host
     datasource:

diff --git a/bpdm-orchestrator/src/main/resources/application-auth.yml b/bpdm-orchestrator/src/main/resources/application-auth.yml
@@ -26,22 +26,20 @@ bpdm:
 
   # OAuth configuration
   security:
-    permission:
-      cors-origins: '*'
-      enabled: true
-      auth-url: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/auth
-      client-id: BPDM_ORCHESTRATOR
-      refresh-url: ${bpdm.security.permission.token-url}
-      token-url: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/token
-      auth-server-url: http://localhost:8180
-      realm: master
-
+    cors-origins: '*'
+    enabled: true
+    auth-server-url: http://localhost:8180
+    auth-url: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/auth
+    client-id: BPDM_ORCHESTRATOR
+    realm: master
+    refresh-url: ${bpdm.security.token-url}
+    token-url: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/token
 
 # Spring security
 spring:
   security:
     oauth2:
       resourceserver:
         jwt:
-          issuer-uri: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}
-          jwk-set-uri: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/certs
+          issuer-uri: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}
+          jwk-set-uri: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/certs
diff --git a/bpdm-pool/src/main/resources/application-auth.yml b/bpdm-pool/src/main/resources/application-auth.yml
@@ -25,20 +25,19 @@ bpdm:
     readPoolPartnerData: read_pool_partner_data
 
   security:
-    permission:
-      auth-server-url: http://localhost:8180
-      auth-url: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/auth
-      client-id: BPDM_Client
-      cors-origins: '*'
-      enabled: true
-      realm: master
-      refresh-url: ${bpdm.security.permission.token-url}
-      token-url: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/token
+    auth-server-url: http://localhost:8180
+    auth-url: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/auth
+    client-id: BPDM_Client
+    cors-origins: '*'
+    enabled: true
+    realm: master
+    refresh-url: ${bpdm.security.token-url}
+    token-url: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/token
 
 spring:
   security:
     oauth2:
       resourceserver:
         jwt:
-          issuer-uri: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}
-          jwk-set-uri: ${bpdm.security.permission.auth-server-url}/realms/${bpdm.security.permission.realm}/protocol/openid-connect/certs
+          issuer-uri: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}
+          jwk-set-uri: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/certs
diff --git a/bpdm-pool/src/main/resources/application-orchestrator-auth.yml b/bpdm-pool/src/main/resources/application-orchestrator-auth.yml
@@ -27,11 +27,11 @@ spring:
     oauth2:
       client:
         provider:
-          catena-keycloak-provider:
+          orchestrator-oauth2-provider:
             issuer-uri: ${bpdm.security.permission.auth-server-url:http://localhost:8180}/realms/${bpdm.security.permission.realm:master}
         registration: # Note that the oauth2-client-registration property is NOT the client id of the gate in keycloak
           gate-client:
             authorization-grant-type: client_credentials
             client-id: ${bpdm.security.permission.client-id}
             client-secret: ${bpdm.security.credentials.secret}
-            provider: catena-keycloak-provider
+            provider: orchestrator-oauth2-provider
diff --git a/bpdm-pool/src/main/resources/application.yml b/bpdm-pool/src/main/resources/application.yml
@@ -54,8 +54,7 @@ bpdm:
 
   # Disable Security on default
   security:
-    permission:
-      enabled: false
+    enabled: false
 
   # Datasource Host
   datasource: