feat: add role mapping for template import (#51)

docs/modules/onecx-permission-svc/pages/index.adoc

@@ -4,5 +4,7 @@ include::onecx-permission-svc-attributes.adoc[opts=optional]
 
 include::docs.adoc[opts=optional]
 
+=== Configuration
+include::onecx-permission-svc.adoc[opts=optional]
 
 include::onecx-permission-svc-docs.adoc[opts=optional]

docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc

@@ -24,7 +24,6 @@ onecx.permission.token.issuer.public-key-location.enabled=false
 onecx.permission.token.claim.path=realm_access/roles
 tkit.dataimport.enabled=false
 tkit.dataimport.configurations.template.file=import/template.json
-tkit.dataimport.configurations.template.metadata.tenants=default
 tkit.dataimport.configurations.template.class-path=true
 tkit.dataimport.configurations.template.enabled=false
 tkit.dataimport.configurations.template.stop-at-error=true

docs/modules/onecx-permission-svc/pages/onecx-permission-svc.adoc

@@ -0,0 +1,131 @@
+
+:summaryTableId: onecx-permission-svc
+[.configuration-legend]
+icon:lock[title=Fixed at build time] Configuration property fixed at build time - All other configuration properties are overridable at runtime
+[.configuration-reference.searchable, cols="80,.^10,.^10"]
+|===
+
+h|[[onecx-permission-svc_configuration]]link:#onecx-permission-svc_configuration[Configuration property]
+
+h|Type
+h|Default
+
+a| [[onecx-permission-svc_onecx-permission-template-tenants]]`link:#onecx-permission-svc_onecx-permission-template-tenants[onecx.permission.template.tenants]`
+
+
+[.description]
+--
+Template import tenants
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++ONECX_PERMISSION_TEMPLATE_TENANTS+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++ONECX_PERMISSION_TEMPLATE_TENANTS+++`
+endif::add-copy-button-to-env-var[]
+--|list of string 
+|`default`
+
+
+a| [[onecx-permission-svc_onecx-permission-template-role-mapping-role-mapping]]`link:#onecx-permission-svc_onecx-permission-template-role-mapping-role-mapping[onecx.permission.template.role-mapping]`
+
+
+[.description]
+--
+Role mapping for the template import
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++ONECX_PERMISSION_TEMPLATE_ROLE_MAPPING+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++ONECX_PERMISSION_TEMPLATE_ROLE_MAPPING+++`
+endif::add-copy-button-to-env-var[]
+--|`Map<String,String>` 
+|
+
+
+a| [[onecx-permission-svc_onecx-permission-token-verified]]`link:#onecx-permission-svc_onecx-permission-token-verified[onecx.permission.token.verified]`
+
+
+[.description]
+--
+Verified permission token
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++ONECX_PERMISSION_TOKEN_VERIFIED+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++ONECX_PERMISSION_TOKEN_VERIFIED+++`
+endif::add-copy-button-to-env-var[]
+--|boolean 
+|`false`
+
+
+a| [[onecx-permission-svc_onecx-permission-token-issuer-public-key-location-suffix]]`link:#onecx-permission-svc_onecx-permission-token-issuer-public-key-location-suffix[onecx.permission.token.issuer.public-key-location.suffix]`
+
+
+[.description]
+--
+Issuer public key location suffix.
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++ONECX_PERMISSION_TOKEN_ISSUER_PUBLIC_KEY_LOCATION_SUFFIX+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++ONECX_PERMISSION_TOKEN_ISSUER_PUBLIC_KEY_LOCATION_SUFFIX+++`
+endif::add-copy-button-to-env-var[]
+--|string 
+|`/protocol/openid-connect/certs`
+
+
+a| [[onecx-permission-svc_onecx-permission-token-issuer-public-key-location-enabled]]`link:#onecx-permission-svc_onecx-permission-token-issuer-public-key-location-enabled[onecx.permission.token.issuer.public-key-location.enabled]`
+
+
+[.description]
+--
+Issuer public key location enabled
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++ONECX_PERMISSION_TOKEN_ISSUER_PUBLIC_KEY_LOCATION_ENABLED+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++ONECX_PERMISSION_TOKEN_ISSUER_PUBLIC_KEY_LOCATION_ENABLED+++`
+endif::add-copy-button-to-env-var[]
+--|boolean 
+|`false`
+
+
+a| [[onecx-permission-svc_onecx-permission-token-claim-separator]]`link:#onecx-permission-svc_onecx-permission-token-claim-separator[onecx.permission.token.claim.separator]`
+
+
+[.description]
+--
+Claim separator
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++ONECX_PERMISSION_TOKEN_CLAIM_SEPARATOR+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++ONECX_PERMISSION_TOKEN_CLAIM_SEPARATOR+++`
+endif::add-copy-button-to-env-var[]
+--|string 
+|
+
+
+a| [[onecx-permission-svc_onecx-permission-token-claim-path]]`link:#onecx-permission-svc_onecx-permission-token-claim-path[onecx.permission.token.claim.path]`
+
+
+[.description]
+--
+Claim path
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++ONECX_PERMISSION_TOKEN_CLAIM_PATH+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++ONECX_PERMISSION_TOKEN_CLAIM_PATH+++`
+endif::add-copy-button-to-env-var[]
+--|string 
+|`realm_access/roles`
+
+|===

src/main/java/org/tkit/onecx/permission/common/models/TokenConfig.java

@@ -2,27 +2,45 @@
 
 import java.util.Optional;
 
-import io.quarkus.runtime.annotations.StaticInitSafe;
+import io.quarkus.runtime.annotations.*;
 import io.smallrye.config.ConfigMapping;
 import io.smallrye.config.WithDefault;
 import io.smallrye.config.WithName;
 
 @StaticInitSafe
+@ConfigDocFilename("onecx-permission-svc.adoc")
 @ConfigMapping(prefix = "onecx.permission.token")
+@ConfigRoot(phase = ConfigPhase.RUN_TIME)
 public interface TokenConfig {
 
+    /**
+     * Verified permission token
+     */
     @WithName("verified")
     boolean verified();
 
+    /**
+     * Issuer public key location suffix.
+     */
     @WithName("issuer.public-key-location.suffix")
+    @WithDefault("/protocol/openid-connect/certs")
     String publicKeyLocationSuffix();
 
+    /**
+     * Issuer public key location enabled
+     */
     @WithName("issuer.public-key-location.enabled")
     boolean publicKeyEnabled();
 
+    /**
+     * Claim separator
+     */
     @WithName("claim.separator")
     Optional<String> claimSeparator();
 
+    /**
+     * Claim path
+     */
     @WithName("claim.path")
     @WithDefault("realm_access/roles")
     String claimPath();

src/main/java/org/tkit/onecx/permission/domain/di/TemplateConfig.java

@@ -0,0 +1,33 @@
+package org.tkit.onecx.permission.domain.di;
+
+import java.util.List;
+import java.util.Map;
+
+import io.quarkus.runtime.annotations.ConfigDocFilename;
+import io.quarkus.runtime.annotations.ConfigPhase;
+import io.quarkus.runtime.annotations.ConfigRoot;
+import io.quarkus.runtime.annotations.StaticInitSafe;
+import io.smallrye.config.ConfigMapping;
+import io.smallrye.config.WithDefault;
+import io.smallrye.config.WithName;
+
+@StaticInitSafe
+@ConfigDocFilename("onecx-permission-svc.adoc")
+@ConfigMapping(prefix = "onecx.permission.template")
+@ConfigRoot(phase = ConfigPhase.RUN_TIME)
+public interface TemplateConfig {
+
+    /**
+     * Role mapping for the template import
+     */
+    @WithName("role-mapping")
+    Map<String, String> roleMapping();
+
+    /**
+     * Template import tenants
+     */
+    @WithName("tenants")
+    @WithDefault("default")
+    List<String> tenants();
+
+}

src/main/java/org/tkit/onecx/permission/domain/di/TemplateDataImportService.java

@@ -38,6 +38,9 @@ public class TemplateDataImportService implements DataImportService {
     @Inject
     TemplateMapper mapper;
 
+    @Inject
+    TemplateConfig templateConfig;
+
     @Override
     public void importData(DataImportConfig config) {
         log.info("Import permissions from configuration {}", config);
@@ -47,17 +50,7 @@ public void importData(DataImportConfig config) {
 
             var existingData = importProducts(data.getProducts());
 
-            List<String> tenants = List.of();
-            var tmp = config.getMetadata().get("tenants");
-            if (tmp != null) {
-                tenants = List.of(tmp.split(","));
-            }
-
-            if (tenants.isEmpty()) {
-                log.warn("No tenants defined for the templates");
-                return;
-            }
-
+            List<String> tenants = templateConfig.tenants();
             importRoles(tenants, data.getRoles(), existingData);
 
         } catch (Exception ex) {
@@ -117,7 +110,8 @@ private void importRoles(List<String> tenants, Map<String, TemplateRoleValueDTO>
             for (var dr : dto.entrySet()) {
                 var role = data.getRole(dr.getKey());
                 if (role == null) {
-                    role = mapper.createRole(dr.getKey(), dr.getValue().getDescription());
+                    role = mapper.createRole(templateConfig.roleMapping().getOrDefault(dr.getKey(), dr.getKey()),
+                            dr.getValue().getDescription());
                     roles.add(role);
                 }
 

src/main/resources/application.properties

@@ -21,7 +21,6 @@ onecx.permission.token.claim.path=realm_access/roles
 
 tkit.dataimport.enabled=false
 tkit.dataimport.configurations.template.file=import/template.json
-tkit.dataimport.configurations.template.metadata.tenants=default
 tkit.dataimport.configurations.template.class-path=true
 tkit.dataimport.configurations.template.enabled=false
 tkit.dataimport.configurations.template.stop-at-error=true
@@ -57,9 +56,11 @@ quarkus.test.integration-test-profile=test
 %test.tkit.dataimport.enabled=true
 %test.tkit.dataimport.configurations.template.enabled=true
 %test.tkit.dataimport.configurations.template.file=./src/test/resources/import/template-import.json
-%test.tkit.dataimport.configurations.template.metadata.tenants=default,900
 %test.tkit.dataimport.configurations.template.class-path=false
 %test.tkit.dataimport.configurations.template.stop-at-error=true
 
+%test.onecx.permission.template.role-mapping.onecx-admin=onecx-test
+%test.onecx.permission.template.tenants=default,900
+
 # PIPE CONFIG
 

src/test/java/org/tkit/onecx/permission/AfterStartPermissionDataImportTest.java

@@ -2,11 +2,14 @@
 
 import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
 
+import java.util.stream.Collectors;
+
 import jakarta.inject.Inject;
 
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.tkit.onecx.permission.domain.daos.*;
+import org.tkit.onecx.permission.domain.models.Role;
 import org.tkit.onecx.permission.test.AbstractTest;
 import org.tkit.quarkus.context.ApplicationContext;
 import org.tkit.quarkus.context.Context;
@@ -48,6 +51,34 @@ void importDataFromFileTest() {
 
             var roles = roleDAO.findAll().toList();
             assertThat(roles).hasSize(1);
+            var roleNames = roles.stream().map(Role::getName).collect(Collectors.toSet());
+            assertThat(roleNames).containsOnly("onecx-test");
+
+            var assignments = assignmentDAO.findAll();
+            assertThat(assignments).hasSize(28);
+
+        } finally {
+            ApplicationContext.close();
+        }
+
+        try {
+            var ctx = Context.builder()
+                    .principal("data-import")
+                    .tenantId("900")
+                    .build();
+
+            ApplicationContext.start(ctx);
+
+            var applications = applicationDAO.findAll().toList();
+            assertThat(applications).hasSize(2);
+
+            var permissions = permissionDAO.findAll().toList();
+            assertThat(permissions).hasSize(28);
+
+            var roles = roleDAO.findAll().toList();
+            assertThat(roles).hasSize(1);
+            var roleNames = roles.stream().map(Role::getName).collect(Collectors.toSet());
+            assertThat(roleNames).containsOnly("onecx-test");
 
             var assignments = assignmentDAO.findAll();
             assertThat(assignments).hasSize(28);

src/test/java/org/tkit/onecx/permission/domain/di/TemplateImportTest.java

@@ -3,7 +3,6 @@
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
 
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -40,12 +39,10 @@ class TemplateImportTest extends AbstractTest {
     @Test
     void importDataNoDataTest() {
 
-        Map<String, String> metadata = new HashMap<>();
-        metadata.put("tenants", null);
         DataImportConfig config = new DataImportConfig() {
             @Override
             public Map<String, String> getMetadata() {
-                return metadata;
+                return Map.of();
             }
         };
 
@@ -59,12 +56,10 @@ public Map<String, String> getMetadata() {
     @Test
     void importDataNoTenantsTest() {
 
-        Map<String, String> metadata = new HashMap<>();
-        metadata.put("tenants", null);
         DataImportConfig config = new DataImportConfig() {
             @Override
             public Map<String, String> getMetadata() {
-                return metadata;
+                return Map.of();
             }
 
             @Override
@@ -97,7 +92,7 @@ void importDataExistTest() {
         DataImportConfig config = new DataImportConfig() {
             @Override
             public Map<String, String> getMetadata() {
-                return Map.of("tenants", "default");
+                return Map.of();
             }
 
             @Override