feat: update oidc provider and helm values (#39)

* feat: update oidc provider and helm values

* feat: added pm:read

* fix: disable client secruity propagation

docs/modules/onecx-help-bff/pages/onecx-help-bff-docs.adoc

@@ -16,20 +16,24 @@ onecx.permissions.application-id=${quarkus.application.name}
 %prod.quarkus.rest-client.onecx_help_svc.url=http://onecx-help-svc:8080
 %prod.quarkus.rest-client.onecx_product_store.url=http://onecx-product-store-svc:8080
 org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
-%prod.quarkus.rest-client.onecx_help_svc_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
-%prod.quarkus.rest-client.onecx_product_store_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_help_svc.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_product_store.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
 %prod.quarkus.oidc-client.client-id=${quarkus.application.name}
+generator.codegen.enable-security-generation=false
 quarkus.openapi-generator.codegen.spec.onecx_help_svc_yaml.config-key=onecx_help_svc
 quarkus.openapi-generator.codegen.spec.onecx_help_svc_yaml.base-package=gen.org.tkit.onecx.help.client
 quarkus.openapi-generator.codegen.spec.onecx_help_svc_yaml.return-response=true
 quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
 quarkus.openapi-generator.codegen.spec.onecx_help_svc_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
 quarkus.openapi-generator.codegen.spec.onecx_help_svc_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+quarkus.openapi-generator.onecx_help_svc_yaml.auth.oauth2.token-propagation=false
+quarkus.openapi-generator.codegen.spec.onecx_help_svc_yaml.enable-security-generation=false
 quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.config-key=onecx_product_store
 quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.base-package=gen.org.tkit.onecx.product.store
 quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.return-response=true
 quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
 quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.enable-security-generation=false
 ----
 ====
 
@@ -70,6 +74,9 @@ app:
     keycloak:
       client:
         enabled: true
+        spec:
+          kcConfig:
+            defaultClientScopes: [ ocx-hp:all, ocx-ps:read ]
 
 ----
 

docs/modules/onecx-help-bff/pages/onecx-help-bff-extensions.adoc

@@ -12,19 +12,19 @@ h| Version
 
 | https://quarkus.io/guides/rest[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest.adoc[Link]
-| 3.11.1
+| 3.11.3
 
 | quarkus-smallrye-openapi
 
 | https://quarkus.io/guides/openapi-swaggerui[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-openapi.adoc[Link]
-| 3.11.1
+| 3.11.3
 
 | quarkus-rest-jackson
 
 | https://quarkus.io/guides/rest-json[Link]
 | 
-| 3.11.1
+| 3.11.3
 
 | quarkus-openapi-generator
 
@@ -36,110 +36,110 @@ h| Version
 
 | https://quarkus.io/guides/rest-client[Link]
 | 
-| 3.11.1
+| 3.11.3
 
 | tkit-quarkus-log-cdi
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.26.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
+| 2.26.0
 
 | tkit-quarkus-log-rs
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.26.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
+| 2.26.0
 
 | tkit-quarkus-log-json
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.26.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
+| 2.26.0
 
 | tkit-quarkus-rest
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.26.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
+| 2.26.0
 
 | tkit-quarkus-rest-context
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest-context.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.26.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
+| 2.26.0
 
 | quarkus-hibernate-validator
 
 | https://quarkus.io/guides/validation[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-validator.adoc[Link]
-| 3.11.1
+| 3.11.3
 
 | quarkus-smallrye-health
 
 | https://quarkus.io/guides/smallrye-health[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link]
-| 3.11.1
+| 3.11.3
 
 | quarkus-opentelemetry
 
 | https://quarkus.io/guides/opentelemetry[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link]
-| 3.11.1
+| 3.11.3
 
 | quarkus-micrometer-registry-prometheus
 
 | https://quarkus.io/guides/telemetry-micrometer[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link]
-| 3.11.1
+| 3.11.3
 
 | quarkus-oidc
 
 | https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc.adoc[Link]
-| 3.11.1
+| 3.11.3
 
 | quarkus-oidc-client-reactive-filter
 
 | https://quarkus.io/guides/security-openid-connect-client-reference[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc-client-reactive-filter.adoc[Link]
-| 3.11.1
+| 3.11.3
 
 | onecx-permissions
 
 | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-permissions.html[Link]
-| https://github.com/onecx/onecx-quarkus/blob/0.20.0/docs/modules/onecx-quarkus/pages/includes/onecx-permissions.adoc[Link]
-| 0.20.0
+| https://github.com/onecx/onecx-quarkus/blob/0.21.0/docs/modules/onecx-quarkus/pages/includes/onecx-permissions.adoc[Link]
+| 0.21.0
 
 | tkit-quarkus-security
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.26.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link]
+| 2.26.0
 
 | onecx-core
 
 | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link]
 | 
-| 0.20.0
+| 0.21.0
 
 | quarkus-arc
 
 | https://quarkus.io/guides/cdi-reference[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link]
-| 3.11.1
+| 3.11.3
 
 | quarkus-container-image-docker
 
 | https://quarkus.io/guides/container-image[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link]
-| 3.11.1
+| 3.11.3
 
 
 | quarkus-oidc-client
 
 | 
 | 
-| 3.11.1
+| 3.11.3
 
 
 |===

pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.tkit.onecx</groupId>
         <artifactId>onecx-quarkus3-parent</artifactId>
-        <version>0.52.0</version>
+        <version>0.53.0</version>
     </parent>
 
     <artifactId>onecx-help-bff</artifactId>

src/main/helm/values.yaml

@@ -17,3 +17,6 @@ app:
     keycloak:
       client:
         enabled: true
+        spec:
+          kcConfig:
+            defaultClientScopes: [ ocx-hp:all, ocx-ps:read ]

src/main/resources/application.properties

@@ -27,7 +27,6 @@ org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
 %dev.quarkus.oidc-client.client-id=${quarkus.oidc.client-id}
 %dev.quarkus.oidc-client.credentials.secret=${quarkus.oidc.credentials.secret}
 %dev.quarkus.rest-client.onecx_permission.url=${quarkus.mockserver.endpoint}
-%dev.quarkus.rest-client.onecx-permission.url=${quarkus.mockserver.endpoint}
 %dev.quarkus.mockserver.devservices.config-file=src/test/resources/mockserver.properties
 %dev.quarkus.mockserver.devservices.config-dir=src/test/resources/mockserver
 
@@ -38,14 +37,16 @@ quarkus.openapi-generator.codegen.spec.onecx_help_svc_yaml.return-response=true
 quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
 quarkus.openapi-generator.codegen.spec.onecx_help_svc_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
 quarkus.openapi-generator.codegen.spec.onecx_help_svc_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+quarkus.openapi-generator.onecx_help_svc_yaml.auth.oauth2.token-propagation=false
+quarkus.openapi-generator.codegen.spec.onecx_help_svc_yaml.enable-security-generation=false
 
 # PRODUCT STORE V1
 quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.config-key=onecx_product_store
 quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.base-package=gen.org.tkit.onecx.product.store
 quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.return-response=true
 quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
 quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
-
+quarkus.openapi-generator.codegen.spec.onecx_product_store_v1_yaml.enable-security-generation=false
 
 # INTEGRATION TEST
 quarkus.test.integration-test-profile=test
@@ -65,7 +66,6 @@ quarkus.test.integration-test-profile=test
 %test.quarkus.rest-client.onecx_product_store.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
 %test.tkit.rs.context.tenant-id.mock.claim-org-id=orgId
 %test.quarkus.rest-client.onecx_permission.url=${quarkus.mockserver.endpoint}
-%test.quarkus.rest-client.onecx-permission.url=${quarkus.mockserver.endpoint}
 %test.quarkus.keycloak.devservices.roles.alice=role-admin
 %test.quarkus.keycloak.devservices.roles.bob=role-user
 %test.quarkus.oidc-client.auth-server-url=${quarkus.oidc.auth-server-url}