feat: improved exception mapping and added docs

docs/antora.yml

@@ -0,0 +1,3 @@
+name: onecx-permission
+title: Permission Bff
+version: latest

docs/modules/onecx-permission-bff/nav.adoc

@@ -0,0 +1 @@
+* xref:onecx-permission-bff:index.adoc[Permission Bff]

docs/modules/onecx-permission-bff/pages/index.adoc

@@ -0,0 +1,8 @@
+include::onecx-permission-bff-attributes.adoc[opts=optional]
+
+== onecx-permission-bff
+
+include::docs.adoc[opts=optional]
+
+
+include::onecx-permission-bff-docs.adoc[opts=optional]

docs/modules/onecx-permission-bff/pages/onecx-permission-bff-attributes.adoc

@@ -0,0 +1,5 @@
+
+:docker-registry: https://github.com/onecx/onecx-permission-bff/pkgs/container/onecx-permission-bff
+:helm-registry: https://github.com/onecx/onecx-permission-bff/pkgs/container/charts%2Fonecx-permission-bff
+:properties-file: src/main/resources/application.properties
+:helm-file: src/main/helm/values.yaml

docs/modules/onecx-permission-bff/pages/onecx-permission-bff-docs.adoc

@@ -0,0 +1,97 @@
+
+include::onecx-permission-bff-attributes.adoc[opts=optional]
+
+=== Default properties
+
+.{properties-file}
+[%collapsible%open]
+====
+[source,properties,subs=attributes+]
+----
+quarkus.http.auth.permission.health.paths=/q/*
+quarkus.http.auth.permission.health.policy=permit
+quarkus.http.auth.permission.default.paths=/*
+quarkus.http.auth.permission.default.policy=authenticated
+onecx.permissions.application-id=${quarkus.application.name}
+org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
+%prod.quarkus.rest-client.onecx_permission_svc.url=http://onecx-permission-svc:8080
+%prod.quarkus.rest-client.onecx_workspace_svc.url=http://onecx-workspace-svc:8080
+%prod.quarkus.rest-client.onecx_product_store_svc.url=http://onecx-product-store-svc:8080
+%prod.quarkus.rest-client.onecx_iam_svc.url=http://onecx-iam-kc-svc:8080
+%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
+quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
+quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.config-key=onecx_permission_svc
+quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.base-package=gen.org.tkit.onecx.permission.client
+quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.return-response=true
+quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
+quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.config-key=onecx_workspace_svc
+quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.base-package=gen.org.tkit.onecx.permission.client
+quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.return-response=true
+quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
+quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.config-key=onecx_product_store_svc
+quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.base-package=gen.org.tkit.onecx.product.store.client
+quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.return-response=true
+quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
+quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.config-key=onecx_iam_svc
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.base-package=gen.org.tkit.onecx.iam.client
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.return-response=true
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.model-name-suffix=IamV1
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+----
+====
+
+=== Extensions
+
+include::onecx-permission-bff-extensions.adoc[opts=optional]
+
+=== Container
+
+{docker-registry}[Docker registry]
+
+
+=== Helm
+
+{helm-registry}[Helm registry]
+
+Default values
+
+.{helm-file}
+[source,yaml]
+----
+app:
+  name: bff
+  image:
+    repository: "onecx/onecx-permission-bff"
+  operator:
+    # Permission
+    permission:
+      enabled: true
+      spec:
+        permissions:
+          permission:
+            read: permission on all GET requests and POST search
+            write: permission on PUT, POST, PATCH requests, where objects are saved or updated
+            delete: permission on all DELETE requests
+          role:
+            read: permission on all GET requests and POST search
+            write: permission on PUT, POST, PATCH requests, where objects are saved or updated
+            delete: permission on all DELETE requests
+          assignment:
+            read: permission on all GET requests and POST search
+            write: permission on PUT, POST, PATCH requests, where objects are saved or updated
+            delete: permission on all DELETE requests
+          application:
+            read: permission on all GET requests and POST search
+            write: permission on PUT, POST, PATCH requests, where objects are saved or updated
+            delete: permission on all DELETE requests
+          workspace:
+            read: permission on all GET requests and POST search
+            write: permission on PUT, POST, PATCH requests, where objects are saved or updated
+            delete: permission on all DELETE requests
+
+----
+

docs/modules/onecx-permission-bff/pages/onecx-permission-bff-extensions.adoc

@@ -0,0 +1,127 @@
+
+include::onecx-permission-bff-attributes.adoc[opts=optional]
+
+[.extension.table.searchable, cols="50,.^15,.^15,.^20"]
+|===
+h| Extensions
+h| Documentation
+h| Configuration
+h| Version
+
+| quarkus-resteasy-reactive
+
+| https://quarkus.io/guides/resteasy-reactive[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-resteasy-reactive.adoc[Link]
+| 3.9.3
+
+| quarkus-smallrye-openapi
+
+| https://quarkus.io/guides/openapi-swaggerui[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-openapi.adoc[Link]
+| 3.9.3
+
+| quarkus-resteasy-reactive-jackson
+
+| https://quarkus.io/guides/rest-json[Link]
+| 
+| 3.9.3
+
+| quarkus-smallrye-health
+
+| https://quarkus.io/guides/smallrye-health[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link]
+| 3.9.3
+
+| quarkus-openapi-generator
+
+| https://docs.quarkiverse.io/quarkus-openapi-generator/dev/index.html[Link]
+| https://github.com/quarkiverse/quarkus-openapi-generator/blob/2.4.1/docs/modules/ROOT/pages/includes/quarkus-openapi-generator.adoc[Link]
+| 2.4.1
+
+| quarkus-rest-client-reactive-jackson
+
+| https://quarkus.io/guides/rest-client[Link]
+| 
+| 3.9.3
+
+| tkit-quarkus-log-cdi
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
+| 2.21.0
+
+| tkit-quarkus-log-rs
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
+| 2.21.0
+
+| tkit-quarkus-log-json
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
+| 2.21.0
+
+| tkit-quarkus-rest
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
+| 2.21.0
+
+| tkit-quarkus-rest-context
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest-context.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
+| 2.21.0
+
+| tkit-quarkus-security
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link]
+| 2.21.0
+
+| quarkus-hibernate-validator
+
+| https://quarkus.io/guides/validation[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-validator.adoc[Link]
+| 3.9.3
+
+| onecx-permissions
+
+| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-permissions.html[Link]
+| https://github.com/onecx/onecx-quarkus/blob/0.16.0/docs/modules/onecx-quarkus/pages/includes/onecx-permissions.adoc[Link]
+| 0.16.0
+
+| quarkus-oidc
+
+| https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc.adoc[Link]
+| 3.9.3
+
+| quarkus-oidc-client-reactive-filter
+
+| https://quarkus.io/guides/security-openid-connect-client-reference[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc-client-reactive-filter.adoc[Link]
+| 3.9.3
+
+| onecx-core
+
+| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link]
+| 
+| 0.16.0
+
+| quarkus-arc
+
+| https://quarkus.io/guides/cdi-reference[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link]
+| 3.9.3
+
+| quarkus-container-image-docker
+
+| https://quarkus.io/guides/container-image[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link]
+| 3.9.3
+
+
+
+|===

pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.tkit.onecx</groupId>
         <artifactId>onecx-quarkus3-parent</artifactId>
-        <version>0.38.0</version>
+        <version>0.46.0</version>
     </parent>
 
     <artifactId>onecx-permission-bff</artifactId>

src/main/java/org/tkit/onecx/permission/bff/rs/controllers/WorkspaceRestController.java

@@ -6,10 +6,10 @@
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.transaction.Transactional;
-import jakarta.ws.rs.WebApplicationException;
 import jakarta.ws.rs.core.Response;
 
 import org.eclipse.microprofile.rest.client.inject.RestClient;
+import org.jboss.resteasy.reactive.ClientWebApplicationException;
 import org.jboss.resteasy.reactive.server.ServerExceptionMapper;
 import org.tkit.onecx.permission.bff.rs.mappers.ExceptionMapper;
 import org.tkit.onecx.permission.bff.rs.mappers.WorkspaceMapper;
@@ -93,7 +93,7 @@ public Response getDetailsByWorkspaceName(String workspaceName) {
     }
 
     @ServerExceptionMapper
-    public Response restException(WebApplicationException ex) {
-        return Response.status(ex.getResponse().getStatus()).build();
+    public Response clientRestException(ClientWebApplicationException ex) {
+        return exceptionMapper.clientException(ex);
     }
 }

src/main/java/org/tkit/onecx/permission/bff/rs/mappers/ExceptionMapper.java

@@ -9,6 +9,7 @@
 import jakarta.validation.Path;
 import jakarta.ws.rs.core.Response;
 
+import org.jboss.resteasy.reactive.ClientWebApplicationException;
 import org.jboss.resteasy.reactive.RestResponse;
 import org.mapstruct.Mapper;
 import org.mapstruct.Mapping;
@@ -57,4 +58,12 @@ List<ProblemDetailInvalidParamDTO> createErrorValidationResponse(
     default String mapPath(Path path) {
         return path.toString();
     }
+
+    default Response clientException(ClientWebApplicationException ex) {
+        if (ex.getResponse().getStatus() == 500) {
+            return Response.status(400).build();
+        } else {
+            return Response.status(ex.getResponse().getStatus()).build();
+        }
+    }
 }

src/test/java/org/tkit/onecx/permission/rs/WorkspaceRestControllerTest.java

@@ -82,6 +82,34 @@ void searchWorkspacesTest() {
         Assertions.assertEquals(2, output.getStream().size());
     }
 
+    @Test
+    void searchWorkspaces_Internal_Server_Error_Test() {
+        WorkspaceSearchCriteria criteria = new WorkspaceSearchCriteria();
+        criteria.setPageNumber(0);
+        criteria.setPageSize(100);
+
+        // create mock rest endpoint
+        mockServerClient
+                .when(request().withPath("/v1/workspaces/search").withMethod(HttpMethod.POST)
+                        .withBody(JsonBody.json(criteria))
+                        .withContentType(MediaType.APPLICATION_JSON))
+                .withId(MOCKID)
+                .respond(httpRequest -> response().withStatusCode(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()));
+        var input = new WorkspaceSearchCriteriaDTO();
+        input.setPageSize(100);
+        input.setPageNumber(0);
+
+        given()
+                .when()
+                .auth().oauth2(keycloakClient.getAccessToken(ADMIN))
+                .header(APM_HEADER_PARAM, ADMIN)
+                .contentType(APPLICATION_JSON)
+                .body(input)
+                .post("/search")
+                .then()
+                .statusCode(Response.Status.BAD_REQUEST.getStatusCode());
+    }
+
     @Test
     void getAllProductsByWorkspaceNameTest() {
         String workspaceName = "workspace1";