Skip to content

Commit

Permalink
feat: security integration and tests (#78)
Browse files Browse the repository at this point in the history
  • Loading branch information
@JordenReuter
JordenReuter authored Jul 5, 2024
1 parent c2b9433 commit 67f2730
Show file tree
Hide file tree
Showing 23 changed files with 355 additions and 54 deletions.
17 changes: 11 additions & 6 deletions docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ include::onecx-permission-svc-attributes.adoc[opts=optional]
quarkus.datasource.db-kind=postgresql
quarkus.datasource.jdbc.max-size=30
quarkus.datasource.jdbc.min-size=10
quarkus.http.auth.permission.health.paths=/q/*
quarkus.http.auth.permission.health.policy=permit
quarkus.http.auth.permission.default.paths=/*
quarkus.http.auth.permission.default.policy=authenticated
quarkus.native.resources.includes=import/template.json
quarkus.hibernate-orm.database.generation=validate
quarkus.hibernate-orm.multitenant=DISCRIMINATOR
Expand Down Expand Up @@ -57,12 +61,13 @@ app:
repository: "onecx/onecx-permission-svc"
db:
enabled: true
----

vc"
db:
enabled: true
operator:
keycloak:
client:
enabled: true
spec:
kcConfig:
defaultClientScopes: [ ocx-tn:read ]
----

81 changes: 41 additions & 40 deletions docs/modules/onecx-permission-svc/pages/onecx-permission-svc-extensions.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,157 +12,158 @@ h| Version

| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link]
|
| 0.20.0
| 0.22.0

| onecx-tenant

| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-tenant.html[Link]
| https://github.com/onecx/onecx-quarkus/blob/0.20.0/docs/modules/onecx-quarkus/pages/includes/onecx-tenant.adoc[Link]
| 0.20.0
| https://github.com/onecx/onecx-quarkus/blob/0.22.0/docs/modules/onecx-quarkus/pages/includes/onecx-tenant.adoc[Link]
| 0.22.0

| tkit-quarkus-data-import

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-data-import.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-data-import.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-data-import.adoc[Link]
| 2.27.0

| tkit-quarkus-rest-context

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest-context.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
| 2.27.0

| tkit-quarkus-jpa-tenant

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-jpa-tenant.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa-tenant.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa-tenant.adoc[Link]
| 2.27.0

| tkit-quarkus-jpa

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-jpa.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa.adoc[Link]
| 2.27.0

| tkit-quarkus-log-cdi

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
| 2.27.0

| tkit-quarkus-log-rs

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
| 2.27.0

| tkit-quarkus-log-json

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
| 2.27.0

| tkit-quarkus-rest

| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
| 2.25.0
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
| 2.27.0

| quarkus-arc

| https://quarkus.io/guides/cdi-reference[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-liquibase
| https://quarkus.io/guides/liquibase[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-liquibase.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-smallrye-health
| https://quarkus.io/guides/smallrye-health[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-micrometer-registry-prometheus
| https://quarkus.io/guides/telemetry-micrometer[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-hibernate-orm
| https://quarkus.io/guides/hibernate-orm[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-orm.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-rest
| https://quarkus.io/guides/rest[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-rest-jackson
| https://quarkus.io/guides/rest-json[Link]
|
| 3.11.1
| 3.12.0
| quarkus-jdbc-postgresql
| https://quarkus.io/guides/datasource[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-jdbc-postgresql.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-smallrye-openapi
| https://quarkus.io/guides/openapi-swaggerui[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-openapi.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-hibernate-validator
| https://quarkus.io/guides/validation[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-validator.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-opentelemetry
| https://quarkus.io/guides/opentelemetry[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-oidc
| https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc.adoc[Link]
| 3.11.1
| 3.12.0
| tkit-quarkus-security
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link]
| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link]
| 2.27.0
| quarkus-container-image-docker
| https://quarkus.io/guides/container-image[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link]
| 3.11.1
| 3.12.0
| quarkus-smallrye-context-propagation
| onecx-security
|
|
| 3.11.1
|===.adoc[Link]
| 3.9.4
| 0.22.0
| quarkus-smallrye-context-propagation
|
|
| 3.9.4
| 3.12.0
|===
12 changes: 11 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<parent>
<groupId>org.tkit.onecx</groupId>
<artifactId>onecx-quarkus3-parent</artifactId>
<version>0.53.0</version>
<version>0.54.0</version>
</parent>

<artifactId>onecx-permission-svc</artifactId>
Expand Down Expand Up @@ -55,6 +55,10 @@
<groupId>org.tkit.quarkus.lib</groupId>
<artifactId>tkit-quarkus-rest</artifactId>
</dependency>
<dependency>
<groupId>org.tkit.onecx.quarkus</groupId>
<artifactId>onecx-security</artifactId>
</dependency>

<!-- QUARKUS -->
<dependency>
Expand Down Expand Up @@ -150,6 +154,11 @@
<artifactId>quarkus-test-keycloak-server</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.tkit.quarkus.lib</groupId>
<artifactId>tkit-quarkus-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
Expand All @@ -167,6 +176,7 @@
<generateSupportingFiles>false</generateSupportingFiles>
<addCompileSourceRoot>true</addCompileSourceRoot>
<library>quarkus</library>
<additionalProperties>onecx-scopes=true</additionalProperties>
<configOptions>
<sourceFolder>/</sourceFolder>
<openApiNullable>false</openApiNullable>
Expand Down
2 changes: 1 addition & 1 deletion src/main/docker/Dockerfile.jvm
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ghcr.io/onecx/docker-quarkus-jvm:0.7.0
FROM ghcr.io/onecx/docker-quarkus-jvm:0.8.0

COPY --chown=185 target/quarkus-app/lib/ /deployments/lib/
COPY --chown=185 target/quarkus-app/*.jar /deployments/
Expand Down
2 changes: 1 addition & 1 deletion src/main/docker/Dockerfile.native
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
FROM ghcr.io/onecx/docker-quarkus-native:0.5.0
FROM ghcr.io/onecx/docker-quarkus-native:0.6.0

COPY --chown=1001:root target/*-runner /work/application
10 changes: 10 additions & 0 deletions src/main/openapi/onecx-permission-di-template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ servers:
paths:
/import/permission:
post:
security:
- oauth2: [ ocx-pm:write ]
operationId: importPermission
requestBody:
content:
Expand All @@ -18,6 +20,14 @@ paths:
200:
description: ok
components:
securitySchemes:
oauth2:
type: oauth2
flows:
clientCredentials:
tokenUrl: https://oauth.simple.api/token
scopes:
ocx-pm:write: Grants write access
schemas:
TemplateImport:
type: object
Expand Down
11 changes: 11 additions & 0 deletions src/main/openapi/onecx-permission-exim-v1-openapi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ tags:
paths:
/exim/v1/assignments/operator:
post:
security:
- oauth2: [ ocx-pm:write ]
tags:
- permissionExportImport
description: Operator import assignments
Expand All @@ -36,6 +38,15 @@ paths:
schema:
$ref: '#/components/schemas/EximProblemDetailResponse'
components:
securitySchemes:
oauth2:
type: oauth2
flows:
clientCredentials:
tokenUrl: https://oauth.simple.api/token
scopes:
ocx-pm:read: Grants read access
ocx-pm:write: Grants write access
schemas:
AssignmentSnapshot:
type: object
Expand Down
Loading

0 comments on commit 67f2730

Please sign in to comment.