feat(Apps): make default configuration secure

bpdm-cleaning-service-dummy/src/main/kotlin/org/eclipse/tractusx/bpdm/cleaning/config/OrchestratorClientConfig.kt

@@ -19,44 +19,34 @@
 
 package org.eclipse.tractusx.bpdm.cleaning.config
 
+import org.eclipse.tractusx.bpdm.common.util.BpdmClientProperties
 import org.eclipse.tractusx.bpdm.common.util.BpdmWebClientProvider
 import org.eclipse.tractusx.bpdm.common.util.ClientConfigurationProperties
-import org.eclipse.tractusx.bpdm.common.util.ConditionalOnBoundProperty
 import org.eclipse.tractusx.orchestrator.api.client.OrchestrationApiClient
 import org.eclipse.tractusx.orchestrator.api.client.OrchestrationApiClientImpl
+import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties
 import org.springframework.boot.context.properties.ConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
 
 @ConfigurationProperties(prefix = OrchestratorConfigProperties.PREFIX)
 data class OrchestratorConfigProperties(
     override val baseUrl: String = "http://localhost:8085",
     override val securityEnabled: Boolean = false,
-    override val oauth2ClientRegistration: String = "orchestrator-client"
-) : ClientConfigurationProperties {
+    override val registration: OAuth2ClientProperties.Registration,
+    override val provider: OAuth2ClientProperties.Provider
+) : BpdmClientProperties {
     companion object {
         const val PREFIX = "${ClientConfigurationProperties.PREFIX}.orchestrator"
     }
+
+    override fun getId() = PREFIX
 }
 
 @Configuration
-class OrchestratorClientConfiguration(
-    clientProperties: OrchestratorConfigProperties,
-) : BpdmWebClientProvider(
-    clientProperties
-) {
-    @Bean
-    @ConditionalOnBoundProperty(OrchestratorConfigProperties.PREFIX, OrchestratorConfigProperties::class, true)
-    fun authorizedOrchestratorClient(
-        clientRegistrationRepository: ClientRegistrationRepository,
-        oAuth2AuthorizedClientService: OAuth2AuthorizedClientService
-    ): OrchestrationApiClient =
-        OrchestrationApiClientImpl { provideAuthorizedClient(clientRegistrationRepository, oAuth2AuthorizedClientService) }
-
+class OrchestratorClientConfiguration{
     @Bean
-    @ConditionalOnBoundProperty(OrchestratorConfigProperties.PREFIX, OrchestratorConfigProperties::class, false)
-    fun unauthorizedOrchestratorClient(): OrchestrationApiClient =
-        OrchestrationApiClientImpl { provideUnauthorizedClient() }
+    fun orchestratorClient(clientProperties: OrchestratorConfigProperties, webClientProvider: BpdmWebClientProvider): OrchestrationApiClient{
+        return OrchestrationApiClientImpl { webClientProvider.builder(clientProperties).build() }
+    }
 }

bpdm-cleaning-service-dummy/src/main/resources/application.yml

@@ -17,34 +17,55 @@
 # SPDX-License-Identifier: Apache-2.0
 ################################################################################
 
-# BPDM application specific configuration
+#BPDM application specific configuration
 bpdm:
   # Name of this application (shown in Swagger) (on default set by maven resource filtering)
-    name: '@project.name@'
+  name: '@project.name@'
   # Version of this application (shown in Swagger) (on default set by maven resource filtering)
-    version: '@project.version@'
+  version: '@project.version@'
   # Description of this application (shown in Swagger) (on default set by maven resource filtering)
-    description: '@project.description@'
-  # Client connection configuration
-    client:
-      # Orchestrator connection configuration
-        orchestrator:
-          # The base-url of the Orchestrator-API
-          base-url: http://localhost:8085/
+  description: '@project.description@'
   # BPDM application specific logging configuration
-    logging:
-      # Default username logged if no user could be authenticated in the request
-      unknown-user: Anonymous
-    cleaningService:
-      # When and how often the cleaning service should poll for golden record tasks in the orchestrator
-      pollingCron: '-'
+  logging:
+    # Default username logged if no user could be authenticated in the request
+    unknown-user: Anonymous
+  # Client connection configuration
+  client:
+    # Orchestrator connection configuration
+    orchestrator:
+      # The base-url of the Orchestrator-API
+      base-url: http://localhost:8085/
+      # Whether to enable oauth2 authentication when connecting to the Orchestrator
+      security-enabled: true
+      provider:
+        # Create an oauth2 provider for the orchestrator and set default token issuer uri
+        issuer-uri: http://localhost:8180/realms/CX-Central
+      registration:
+        # The orchestrator client should use client credentials mechanism to request a token from the provider
+        authorization-grant-type: client_credentials
+        # Use a default client id for the client credentials request
+        client-id: DUMMY-ORCHESTRATOR-TASK_PROCESSOR
+        # Please provide client secret here
+        client-secret: ${BPDM_DUMMY_ORCH_CLIENT_SECRET}
+
+  cleaningService:
+    # When and how often the cleaning service should poll for golden record tasks in the orchestrator
+    pollingCron: "*/30 * * * * *"
+  security:
+    # Disable security as there is no API to secure
+    enabled: false
 #
 # From here on are framework and dependency configuration
 # More information about those properties can be taken from the respective documentation of Spring or the dependency
 #
 server:
   # The port this application runs on
   port: 8084
+spring:
+  profiles:
+    group:
+      # BPDM common shortcut to remove all authentication configuration
+      no-auth: no-orchestrator-auth
 logging:
   pattern:
     # Use BPDM custom log pattern
@@ -55,9 +76,8 @@ logging:
     org:
       eclipse:
         tractusx:
-          bpdm:
-            # Logs from this application's package should be DEBUG and above
-            cleaning: DEBUG
+          # Logs from the BPDM applications should be DEBUG and above
+          bpdm: DEBUG
 management:
   endpoint:
     health:
@@ -84,4 +104,3 @@ springdoc:
     path: /ui/swagger-ui
     # Show validation specific information for properties (pattern, minimum, maximum, etc...)
     show-common-extensions: true
-

bpdm-cleaning-service-dummy/src/test/kotlin/org/eclipse/tractusx/bpdm/cleaning/ApplicationTests.kt

@@ -19,12 +19,14 @@
 
 package org.eclipse.tractusx.bpdm.cleaning
 
+import org.eclipse.tractusx.bpdm.cleaning.config.OrchestratorConfigProperties
 import org.junit.jupiter.api.Test
 import org.springframework.boot.test.context.SpringBootTest
-import org.springframework.test.context.ActiveProfiles
 
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
-@ActiveProfiles("test")
+@SpringBootTest(
+	webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
+	properties = ["${OrchestratorConfigProperties.PREFIX}.security-enabled=false"]
+)
 class ApplicationTests {
 
 	@Test

bpdm-cleaning-service-dummy/src/test/kotlin/org/eclipse/tractusx/bpdm/cleaning/service/CleaningServiceApiCallsTest.kt

@@ -24,6 +24,7 @@ import com.fasterxml.jackson.databind.ObjectMapper
 import com.github.tomakehurst.wiremock.client.WireMock.*
 import com.github.tomakehurst.wiremock.core.WireMockConfiguration
 import com.github.tomakehurst.wiremock.junit5.WireMockExtension
+import org.eclipse.tractusx.bpdm.cleaning.config.OrchestratorConfigProperties
 import org.eclipse.tractusx.bpdm.cleaning.testdata.CommonValues.businessPartnerWithBpnA
 import org.eclipse.tractusx.bpdm.cleaning.testdata.CommonValues.fixedTaskId
 import org.eclipse.tractusx.orchestrator.api.GoldenRecordTaskApi
@@ -35,13 +36,14 @@ import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.RegisterExtension
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.context.SpringBootTest
-import org.springframework.test.context.ActiveProfiles
 import org.springframework.test.context.DynamicPropertyRegistry
 import org.springframework.test.context.DynamicPropertySource
 import java.time.Instant
 
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
-@ActiveProfiles("test")
+@SpringBootTest(
+    webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
+    properties = ["${OrchestratorConfigProperties.PREFIX}.security-enabled=false"]
+)
 class CleaningServiceApiCallsTest @Autowired constructor(
     val cleaningServiceDummy: CleaningServiceDummy,
     val jacksonObjectMapper: ObjectMapper,

bpdm-cleaning-service-dummy/src/test/kotlin/org/eclipse/tractusx/bpdm/cleaning/service/CleaningServiceDummyTest.kt

@@ -19,6 +19,7 @@
 
 package org.eclipse.tractusx.bpdm.cleaning.service
 
+import org.eclipse.tractusx.bpdm.cleaning.config.OrchestratorConfigProperties
 import org.eclipse.tractusx.bpdm.cleaning.testdata.CommonValues.businessPartnerWithBpnA
 import org.eclipse.tractusx.bpdm.cleaning.testdata.CommonValues.businessPartnerWithBpnLAndBpnAAndLegalAddressType
 import org.eclipse.tractusx.bpdm.cleaning.testdata.CommonValues.businessPartnerWithBpnSAndBpnAAndLegalAndSiteMainAddressType
@@ -29,16 +30,16 @@ import org.eclipse.tractusx.bpdm.cleaning.testdata.CommonValues.expectedLogistic
 import org.eclipse.tractusx.bpdm.cleaning.testdata.CommonValues.expectedSiteDto
 import org.eclipse.tractusx.bpdm.test.util.AssertHelpers
 import org.eclipse.tractusx.orchestrator.api.model.*
-import org.junit.jupiter.api.Assertions.*
 import org.junit.jupiter.api.Test
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.context.SpringBootTest
-import org.springframework.test.context.ActiveProfiles
 import java.time.Instant
 import java.util.*
 
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
-@ActiveProfiles("test")
+@SpringBootTest(
+    webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
+    properties = ["${OrchestratorConfigProperties.PREFIX}.security-enabled=false"]
+)
 class CleaningServiceDummyTest @Autowired constructor(
     val cleaningServiceDummy: CleaningServiceDummy,
     val assertHelpers: AssertHelpers

bpdm-common-test/src/main/kotlin/org/eclipse/tractusx/bpdm/test/config/SelfClientConfiguration.kt → bpdm-common-test/src/main/kotlin/org/eclipse/tractusx/bpdm/test/config/SelfClientConfigProperties.kt

@@ -19,39 +19,21 @@
 
 package org.eclipse.tractusx.bpdm.test.config
 
+import org.eclipse.tractusx.bpdm.common.util.BpdmClientProperties
 import org.eclipse.tractusx.bpdm.common.util.ClientConfigurationProperties
-import org.eclipse.tractusx.bpdm.common.util.ConditionalOnBoundProperty
-import org.eclipse.tractusx.bpdm.common.util.HasEnablingProperty
-import org.eclipse.tractusx.bpdm.test.util.BpdmOAuth2ClientFactory
+import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties
 import org.springframework.boot.context.properties.ConfigurationProperties
-import org.springframework.context.annotation.Bean
-import org.springframework.context.annotation.Configuration
-import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
-
 
 @ConfigurationProperties(prefix = SelfClientConfigProperties.PREFIX)
 data class SelfClientConfigProperties(
-    val securityEnabled: Boolean = false,
-    val oauth2ClientRegistration: String = "self-client"
-) : HasEnablingProperty {
+    override val securityEnabled: Boolean = false,
+    override val baseUrl: String = "",
+    override val registration: OAuth2ClientProperties.Registration = OAuth2ClientProperties.Registration(),
+    override val provider: OAuth2ClientProperties.Provider = OAuth2ClientProperties.Provider()
+) :BpdmClientProperties {
     companion object {
         const val PREFIX = "${ClientConfigurationProperties.PREFIX}.self"
     }
 
-    override val enabled: Boolean
-        get() = securityEnabled
-}
-
-@Configuration
-class SelfClientConfiguration{
-
-    @Bean
-    @ConditionalOnBoundProperty(SelfClientConfigProperties.PREFIX, SelfClientConfigProperties::class, true)
-    fun createAuth2ClientFactory(clientRegistrationRepository: ClientRegistrationRepository,
-                                 oAuth2AuthorizedClientService: OAuth2AuthorizedClientService
-    ): BpdmOAuth2ClientFactory{
-        return BpdmOAuth2ClientFactory(clientRegistrationRepository, oAuth2AuthorizedClientService)
-    }
-
+    override fun getId(): String = PREFIX
 }

bpdm-common-test/src/main/kotlin/org/eclipse/tractusx/bpdm/test/containers/KeycloakContextInitializer.kt

@@ -57,12 +57,10 @@ abstract class SelfClientInitializer:  ApplicationContextInitializer<Configurabl
 
         TestPropertyValues.of(
             "${SelfClientConfigProperties.PREFIX}.security-enabled=true",
-            "${SelfClientConfigProperties.PREFIX}.oauth2-client-registration=self-client",
-            "spring.security.oauth2.client.provider.self-provider.issuer-uri=${authServerUrl}/realms/$realm",
-            "spring.security.oauth2.client.registration.self-client.authorization-grant-type=client_credentials",
-            "spring.security.oauth2.client.registration.self-client.client-id=$clientId",
-            "spring.security.oauth2.client.registration.self-client.client-secret=$clientSecret",
-            "spring.security.oauth2.client.registration.self-client.provider=self-provider",
+            "${SelfClientConfigProperties.PREFIX}.provider.issuer-uri=${authServerUrl}/realms/$realm",
+            "${SelfClientConfigProperties.PREFIX}.registration.authorization-grant-type=client_credentials",
+            "${SelfClientConfigProperties.PREFIX}.registration.client-id=$clientId",
+            "${SelfClientConfigProperties.PREFIX}.registration.client-secret=$clientSecret"
         ).applyTo(applicationContext)
     }
 }