From d3464a54567cff39f1c63b4673fe84d9b8d6652a Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Thu, 25 Jan 2024 11:47:18 +0100 Subject: [PATCH] feat(impl):[#372] fix OpenApi generation - use apiKey security instead oauth --- docs/src/api/irs-api.yaml | 46 +++++++++---------- .../configuration/OpenApiConfiguration.java | 21 ++++----- .../irs/controllers/BatchController.java | 10 ++-- .../irs/controllers/IrsController.java | 10 ++-- .../irs/ess/controller/EssController.java | 4 +- .../controllers/PolicyStoreController.java | 8 ++-- 6 files changed, 46 insertions(+), 53 deletions(-) diff --git a/docs/src/api/irs-api.yaml b/docs/src/api/irs-api.yaml index 67879e47ea..1655a04f7b 100644 --- a/docs/src/api/irs-api.yaml +++ b/docs/src/api/irs-api.yaml @@ -7,7 +7,7 @@ info: servers: - url: http://localhost:8080 security: - - oAuth2: [] + - api_key: [] paths: /ess/bpn/investigations: post: @@ -58,7 +58,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId. tags: @@ -123,7 +123,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - oAuth2: [] + - api_key: [] summary: Return job with additional supplyChainImpacted information. tags: - Environmental and Social Standards @@ -202,7 +202,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches." tags: @@ -292,7 +292,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Returns paginated jobs with state and execution times. tags: - Item Relationship Service @@ -343,7 +343,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: "Register an IRS job to retrieve an item graph for given {globalAssetId}." tags: - Item Relationship Service @@ -427,7 +427,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - oAuth2: [] + - api_key: [] summary: Return job with optional item graph result for requested id. tags: - Item Relationship Service @@ -492,7 +492,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job for requested jobId not found. security: - - oAuth2: [] + - api_key: [] summary: Cancel job for requested jobId. tags: - Item Relationship Service @@ -529,7 +529,7 @@ paths: $ref: "#/components/schemas/ErrorResponse" description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Get all available aspect models from semantic hub or local models. tags: - Aspect Models @@ -582,7 +582,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: "Registers an IRS order with an array of {globalAssetIds}.\ \ Each globalAssetId will be processed in an IRS Job, grouped in batches." tags: @@ -649,7 +649,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - oAuth2: [] + - api_key: [] summary: Get a batch order for a given orderId. tags: - Item Relationship Service @@ -714,7 +714,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - oAuth2: [] + - api_key: [] summary: Cancel a batch order for a given orderId. tags: - Item Relationship Service @@ -790,7 +790,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch with the requested orderId and batchId not found. security: - - oAuth2: [] + - api_key: [] summary: Get a batch with a given batchId for a given orderId. tags: - Item Relationship Service @@ -826,7 +826,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Lists the registered policies that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -870,7 +870,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Register a policy that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -915,7 +915,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Removes a policy that should no longer be accepted in EDC negotiation. tags: - Item Relationship Service @@ -965,7 +965,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Updates an existing policy with new validUntil value. tags: - Item Relationship Service @@ -2639,10 +2639,8 @@ components: required: - validUntil securitySchemes: - oAuth2: - flows: - clientCredentials: - scopes: - {} - tokenUrl: https://localhost - type: oauth2 + api_key: + description: Api Key access + in: header + name: X-API-KEY + type: apiKey diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java index 837d9d9810..991ab57564 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java @@ -26,16 +26,12 @@ import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; import io.swagger.v3.oas.models.info.Info; -import io.swagger.v3.oas.models.security.OAuthFlow; -import io.swagger.v3.oas.models.security.OAuthFlows; -import io.swagger.v3.oas.models.security.Scopes; import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; import io.swagger.v3.oas.models.servers.Server; import lombok.RequiredArgsConstructor; import org.eclipse.tractusx.irs.IrsApplication; import org.springdoc.core.customizers.OpenApiCustomizer; -import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -59,7 +55,7 @@ public class OpenApiConfiguration { @Bean public OpenAPI customOpenAPI() { return new OpenAPI().addServersItem(new Server().url(irsConfiguration.getApiUrl().toString())) - .addSecurityItem(new SecurityRequirement().addList("oAuth2")) + .addSecurityItem(new SecurityRequirement().addList("api_key")) .info(new Info().title("IRS API") .version(IrsApplication.API_VERSION) .description( @@ -69,20 +65,19 @@ public OpenAPI customOpenAPI() { /** * Generates example values in Swagger * - * @param tokenUri the OAuth2 token uri loaded from application.yaml * @return the customizer */ @Bean - public OpenApiCustomizer customizer( - @Value("${spring.security.oauth2.client.provider.common.token-uri}") final String tokenUri) { + public OpenApiCustomizer customizer() { return openApi -> { final Components components = openApi.getComponents(); - components.addSecuritySchemes("oAuth2", new SecurityScheme().type(SecurityScheme.Type.OAUTH2) - .flows(new OAuthFlows().clientCredentials( - new OAuthFlow().scopes( - new Scopes()) - .tokenUrl(tokenUri)))); + components.addSecuritySchemes("api_key", new SecurityScheme().type(SecurityScheme.Type.APIKEY) + .description("Api Key access") + .in(SecurityScheme.In.HEADER) + .name("X-API-KEY") + ); openApi.getComponents().getSchemas().values().forEach(s -> s.setAdditionalProperties(false)); + new OpenApiExamples().createExamples(components); }; } diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java index cfb85c6231..c8ff5c60f2 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java @@ -81,7 +81,7 @@ public class BatchController { @Operation(operationId = "registerOrder", summary = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.") @ApiResponses( @@ -121,7 +121,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa @Operation(operationId = "registerESSInvestigationOrder", summary = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }, + security = @SecurityRequirement(name = "api_key"), tags = { "Environmental and Social Standards" }, description = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.") @ApiResponses( value = { @ApiResponse(responseCode = "201", description = "Returns orderId of registered Batch order.", @@ -160,7 +160,7 @@ public BatchOrderCreated registerESSInvestigationOrder( } @Operation(description = "Get a batch order for a given orderId.", operationId = "getBatchOrder", - summary = "Get a batch order for a given orderId.", security = @SecurityRequirement(name = "oAuth2"), + summary = "Get a batch order for a given orderId.", security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch order for a given orderId.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, schema = @Schema( @@ -206,7 +206,7 @@ public BatchOrderResponse getBatchOrder( @Operation(description = "Get a batch with a given batchId for a given orderId.", operationId = "getBatch", summary = "Get a batch with a given batchId for a given orderId.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch with a given batchId for a given orderId.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -255,7 +255,7 @@ public BatchResponse getBatch( } @Operation(description = "Cancel a batch order for a given orderId.", operationId = "cancelBatchOrder", - summary = "Cancel a batch order for a given orderId.", security = @SecurityRequirement(name = "oAuth2"), + summary = "Cancel a batch order for a given orderId.", security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses( value = { @ApiResponse(responseCode = "200", description = "Cancel a batch order for a given orderId.", diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java index 60166e2c87..a8a23c11c4 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java @@ -93,7 +93,7 @@ public class IrsController { @Operation(operationId = "registerJobForGlobalAssetId", summary = "Register an IRS job to retrieve an item graph for given {globalAssetId}.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Register an IRS job to retrieve an item graph for given {globalAssetId}.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -131,7 +131,7 @@ public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJ @Operation(description = "Return job with optional item graph result for requested id.", operationId = "getJobForJobId", summary = "Return job with optional item graph result for requested id.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -190,7 +190,7 @@ public ResponseEntity getJobById( } @Operation(description = "Cancel job for requested jobId.", operationId = "cancelJobByJobId", - summary = "Cancel job for requested jobId.", security = @SecurityRequirement(name = "oAuth2"), + summary = "Cancel job for requested jobId.", security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Job with requested jobId canceled.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -236,7 +236,7 @@ public Job cancelJobByJobId( @Operation(description = "Returns paginated jobs with state and execution times.", operationId = "getJobsByJobStates", summary = "Returns paginated jobs with state and execution times.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Paginated list of jobs with state and execution times for requested job states.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -280,7 +280,7 @@ public PageResult getJobsByState( @Operation(operationId = "getAllAspectModels", summary = "Get all available aspect models from semantic hub or local models.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Aspect Models" }, + security = @SecurityRequirement(name = "api_key"), tags = { "Aspect Models" }, description = "Get all available aspect models from semantic hub or local models.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns all available aspect models.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java index 9414172ec8..ca6720b605 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java @@ -75,7 +75,7 @@ class EssController { @Operation(operationId = "registerBPNInvestigation", summary = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Environmental and Social Standards" }, description = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", @@ -114,7 +114,7 @@ public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnI @Operation(description = "Return job with additional supplyChainImpacted information.", operationId = "getBPNInvestigation", summary = "Return job with additional supplyChainImpacted information.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Environmental and Social Standards" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", diff --git a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java index 2c18570427..9365e0f13a 100644 --- a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java +++ b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java @@ -74,7 +74,7 @@ public class PolicyStoreController { @Operation(operationId = "registerAllowedPolicy", summary = "Register a policy that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Register a policy that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "201"), @@ -106,7 +106,7 @@ public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest @Operation(operationId = "getAllowedPolicies", summary = "Lists the registered policies that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Lists the registered policies that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns the policies.", @@ -135,7 +135,7 @@ public List getPolicies() { @Operation(operationId = "deleteAllowedPolicy", summary = "Removes a policy that should no longer be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Removes a policy that should no longer be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200"), @@ -166,7 +166,7 @@ public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) } @Operation(operationId = "updateAllowedPolicy", summary = "Updates an existing policy with new validUntil value.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Updates an existing policy with new validUntil value.") @ApiResponses(value = { @ApiResponse(responseCode = "200"),