From 040781f958c1cb9521dbc822905a94e232ef22e5 Mon Sep 17 00:00:00 2001 From: Jorden_Reuter Date: Fri, 5 Jul 2024 10:46:50 +0200 Subject: [PATCH] feat: security integration and tests --- .../pages/onecx-welcome-svc-docs.adoc | 11 +++ .../pages/onecx-welcome-svc-extensions.adoc | 76 +++++++++------ pom.xml | 16 ++- src/main/docker/Dockerfile.jvm | 2 +- src/main/docker/Dockerfile.native | 2 +- src/main/helm/values.yaml | 9 +- .../onecx-welcome-internal-openapi.yaml | 27 ++++++ src/main/resources/application.properties | 97 ++++++++++--------- .../ImageInternalRestControllerTest.java | 25 +++++ .../tkit/onecx/welcome/test/SecurityTest.java | 19 ++++ .../onecx/welcome/test/SecurityTestIT.java | 7 ++ 11 files changed, 212 insertions(+), 79 deletions(-) create mode 100644 src/test/java/org/tkit/onecx/welcome/test/SecurityTest.java create mode 100644 src/test/java/org/tkit/onecx/welcome/test/SecurityTestIT.java diff --git a/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-docs.adoc b/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-docs.adoc index 5f1cddb..9d32008 100644 --- a/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-docs.adoc +++ b/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-docs.adoc @@ -12,6 +12,10 @@ quarkus.datasource.db-kind=postgresql quarkus.datasource.jdbc.max-size=30 quarkus.datasource.jdbc.min-size=10 quarkus.hibernate-orm.jdbc.timezone=UTC +quarkus.http.auth.permission.health.paths=/q/* +quarkus.http.auth.permission.health.policy=permit +quarkus.http.auth.permission.default.paths=/* +quarkus.http.auth.permission.default.policy=authenticated quarkus.banner.enabled=false quarkus.hibernate-orm.database.generation=validate quarkus.hibernate-orm.multitenant=DISCRIMINATOR @@ -49,5 +53,12 @@ app: repository: "onecx/onecx-welcome-svc" db: enabled: true + operator: + keycloak: + client: + enabled: true + spec: + kcConfig: + defaultClientScopes: [ ocx-wc:read ] ---- diff --git a/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-extensions.adoc b/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-extensions.adoc index 2397be8..b49f574 100644 --- a/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-extensions.adoc +++ b/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-extensions.adoc @@ -11,129 +11,147 @@ h| Version | tkit-quarkus-jpa | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-jpa.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa.adoc[Link] -| 2.22.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa.adoc[Link] +| 2.27.0 | tkit-quarkus-log-cdi | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] -| 2.22.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] +| 2.27.0 | tkit-quarkus-log-rs | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] -| 2.22.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] +| 2.27.0 | tkit-quarkus-log-json | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] -| 2.22.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] +| 2.27.0 | tkit-quarkus-rest | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link] -| 2.22.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link] +| 2.27.0 | onecx-tenant | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-tenant.html[Link] -| https://github.com/onecx/onecx-quarkus/blob/0.18.0/docs/modules/onecx-quarkus/pages/includes/onecx-tenant.adoc[Link] -| 0.18.0 +| https://github.com/onecx/onecx-quarkus/blob/0.22.0/docs/modules/onecx-quarkus/pages/includes/onecx-tenant.adoc[Link] +| 0.22.0 | tkit-quarkus-jpa-tenant | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-jpa-tenant.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa-tenant.adoc[Link] -| 2.22.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa-tenant.adoc[Link] +| 2.27.0 | tkit-quarkus-rest-context | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest-context.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link] -| 2.22.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link] +| 2.27.0 | quarkus-arc | https://quarkus.io/guides/cdi-reference[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link] -| 3.9.4 +| 3.12.0 | quarkus-liquibase | https://quarkus.io/guides/liquibase[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-liquibase.adoc[Link] -| 3.9.4 +| 3.12.0 | quarkus-smallrye-health | https://quarkus.io/guides/smallrye-health[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link] -| 3.9.4 +| 3.12.0 | quarkus-micrometer-registry-prometheus | https://quarkus.io/guides/telemetry-micrometer[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link] -| 3.9.4 +| 3.12.0 | quarkus-hibernate-orm | https://quarkus.io/guides/hibernate-orm[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-orm.adoc[Link] -| 3.9.4 +| 3.12.0 | quarkus-rest | https://quarkus.io/guides/rest[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest.adoc[Link] -| 3.9.4 +| 3.12.0 | quarkus-rest-jackson | https://quarkus.io/guides/rest-json[Link] | -| 3.9.4 +| 3.12.0 | quarkus-jdbc-postgresql | https://quarkus.io/guides/datasource[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-jdbc-postgresql.adoc[Link] -| 3.9.4 +| 3.12.0 | quarkus-smallrye-openapi | https://quarkus.io/guides/openapi-swaggerui[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-openapi.adoc[Link] -| 3.9.4 +| 3.12.0 | quarkus-hibernate-validator | https://quarkus.io/guides/validation[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-validator.adoc[Link] -| 3.9.4 +| 3.12.0 | quarkus-opentelemetry | https://quarkus.io/guides/opentelemetry[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link] -| 3.9.4 +| 3.12.0 + +| quarkus-oidc + +| https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial[Link] +| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc.adoc[Link] +| 3.12.0 + +| tkit-quarkus-security + +| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link] +| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link] +| 2.27.0 | onecx-core | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link] | -| 0.18.0 +| 0.22.0 | quarkus-container-image-docker | https://quarkus.io/guides/container-image[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link] -| 3.9.4 +| 3.12.0 +| onecx-security + +| +| +| 0.22.0 + |=== \ No newline at end of file diff --git a/pom.xml b/pom.xml index 2799b21..0c4d0bd 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ org.tkit.onecx onecx-quarkus3-parent - 0.53.0 + 0.54.0 onecx-welcome-svc @@ -35,6 +35,10 @@ org.tkit.quarkus.lib tkit-quarkus-rest + + org.tkit.onecx.quarkus + onecx-security + @@ -99,6 +103,10 @@ io.quarkus quarkus-opentelemetry + + io.quarkus + quarkus-oidc + @@ -131,6 +139,11 @@ tkit-quarkus-test-db-import test + + org.tkit.quarkus.lib + tkit-quarkus-security-test + test + @@ -148,6 +161,7 @@ false true quarkus + onecx-scopes=true / false diff --git a/src/main/docker/Dockerfile.jvm b/src/main/docker/Dockerfile.jvm index e768fd7..3f351f3 100644 --- a/src/main/docker/Dockerfile.jvm +++ b/src/main/docker/Dockerfile.jvm @@ -1,4 +1,4 @@ -FROM ghcr.io/onecx/docker-quarkus-jvm:0.7.0 +FROM ghcr.io/onecx/docker-quarkus-jvm:0.8.0 COPY --chown=185 target/quarkus-app/lib/ /deployments/lib/ COPY --chown=185 target/quarkus-app/*.jar /deployments/ diff --git a/src/main/docker/Dockerfile.native b/src/main/docker/Dockerfile.native index 41637be..d89de71 100644 --- a/src/main/docker/Dockerfile.native +++ b/src/main/docker/Dockerfile.native @@ -1,3 +1,3 @@ -FROM ghcr.io/onecx/docker-quarkus-native:0.5.0 +FROM ghcr.io/onecx/docker-quarkus-native:0.6.0 COPY --chown=1001:root target/*-runner /work/application diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml index c9f034f..4f42af5 100644 --- a/src/main/helm/values.yaml +++ b/src/main/helm/values.yaml @@ -3,4 +3,11 @@ app: image: repository: "onecx/onecx-welcome-svc" db: - enabled: true \ No newline at end of file + enabled: true + operator: + keycloak: + client: + enabled: true + spec: + kcConfig: + defaultClientScopes: [ ocx-wc:read ] \ No newline at end of file diff --git a/src/main/openapi/onecx-welcome-internal-openapi.yaml b/src/main/openapi/onecx-welcome-internal-openapi.yaml index 9b81717..d0b1609 100644 --- a/src/main/openapi/onecx-welcome-internal-openapi.yaml +++ b/src/main/openapi/onecx-welcome-internal-openapi.yaml @@ -10,6 +10,8 @@ tags: paths: /internal/images/info/{id}: get: + security: + - oauth2: [ ocx-wc:all, ocx-wc:read ] tags: - imagesInternal description: get Image information by id @@ -26,6 +28,8 @@ paths: "404": description: NOT FOUND put: + security: + - oauth2: [ ocx-wc:all, ocx-wc:write ] tags: - imagesInternal description: update Image information @@ -52,6 +56,8 @@ paths: schema: $ref: '#/components/schemas/ProblemDetailResponse' delete: + security: + - oauth2: [ ocx-wc:all, ocx-wc:delete ] tags: - imagesInternal description: delete image information @@ -65,6 +71,8 @@ paths: description: NOT FOUND /internal/images/info: post: + security: + - oauth2: [ ocx-wc:all, ocx-wc:write ] tags: - imagesInternal description: create image info @@ -90,6 +98,8 @@ paths: $ref: '#/components/schemas/ProblemDetailResponse' /internal/images/{workspaceName}/info: get: + security: + - oauth2: [ ocx-wc:all, ocx-wc:read ] tags: - imagesInternal description: get all existing image-infos @@ -111,6 +121,8 @@ paths: $ref: '#/components/schemas/ImageInfo' /internal/images: post: + security: + - oauth2: [ ocx-wc:all, ocx-wc:write ] tags: - imagesInternal description: create image @@ -144,6 +156,8 @@ paths: $ref: '#/components/schemas/ProblemDetailResponse' /internal/images/{id}: get: + security: + - oauth2: [ ocx-wc:all, ocx-wc:read ] tags: - imagesInternal description: get Image by id @@ -160,6 +174,8 @@ paths: "404": description: NOT FOUND put: + security: + - oauth2: [ ocx-wc:all, ocx-wc:write ] tags: - imagesInternal description: update Image by id @@ -193,6 +209,17 @@ paths: schema: $ref: '#/components/schemas/ProblemDetailResponse' components: + securitySchemes: + oauth2: + type: oauth2 + flows: + clientCredentials: + tokenUrl: https://oauth.simple.api/token + scopes: + ocx-wc:all: Grants access to all operations + ocx-wc:read: Grants read access + ocx-wc:write: Grants write access + ocx-wc:delete: Grants access to delete operations schemas: ImageDataResponse: type: object diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index b96cde4..7d949ed 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,46 +1,51 @@ -# DEFAULT -quarkus.datasource.db-kind=postgresql -quarkus.datasource.jdbc.max-size=30 -quarkus.datasource.jdbc.min-size=10 -quarkus.hibernate-orm.jdbc.timezone=UTC - -quarkus.banner.enabled=false -quarkus.hibernate-orm.database.generation=validate -quarkus.hibernate-orm.multitenant=DISCRIMINATOR - -quarkus.liquibase.migrate-at-start=true -quarkus.liquibase.validate-on-migrate=true -tkit.log.json.enabled=true - -# enable or disable multi-tenancy support -tkit.rs.context.tenant-id.enabled=true - -# DEV -%dev.tkit.log.json.enabled=false -%dev.quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://postgresdb:5432/onecx-welcome?sslmode=disable} -%dev.quarkus.datasource.username=${DB_USER:onecx-welcome} -%dev.quarkus.datasource.password=${DB_PWD:onecx-welcome} - -# TEST -%test.tkit.log.json.enabled=false - -# Enable mocking for tenant service -%test.tkit.jpa.tenant.default=tenant-100 -%test.tkit.rs.context.tenant-id.mock.enabled=true -%test.tkit.rs.context.tenant-id.mock.default-tenant=tenant-100 -%test.tkit.rs.context.tenant-id.mock.claim-org-id=orgId -%test.tkit.rs.context.tenant-id.mock.data.org1=tenant-100 -%test.tkit.rs.context.tenant-id.mock.data.org2=tenant-200 -%test.tkit.rs.context.tenant-id.mock.data.org3=tenant-300 - -# TEST-IT (integration tests) -quarkus.test.integration-test-profile=test - -# PROD -%prod.quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://postgresdb:5432/onecx-welcome?sslmode=disable} -%prod.quarkus.datasource.username=${DB_USER:onecx-welcome} -%prod.quarkus.datasource.password=${DB_PWD:onecx-welcome} - -# PIPE CONFIG - - +# DEFAULT +quarkus.datasource.db-kind=postgresql +quarkus.datasource.jdbc.max-size=30 +quarkus.datasource.jdbc.min-size=10 +quarkus.hibernate-orm.jdbc.timezone=UTC + +quarkus.http.auth.permission.health.paths=/q/* +quarkus.http.auth.permission.health.policy=permit +quarkus.http.auth.permission.default.paths=/* +quarkus.http.auth.permission.default.policy=authenticated + +quarkus.banner.enabled=false +quarkus.hibernate-orm.database.generation=validate +quarkus.hibernate-orm.multitenant=DISCRIMINATOR + +quarkus.liquibase.migrate-at-start=true +quarkus.liquibase.validate-on-migrate=true +tkit.log.json.enabled=true + +# enable or disable multi-tenancy support +tkit.rs.context.tenant-id.enabled=true + +# DEV +%dev.tkit.log.json.enabled=false +%dev.quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://postgresdb:5432/onecx-welcome?sslmode=disable} +%dev.quarkus.datasource.username=${DB_USER:onecx-welcome} +%dev.quarkus.datasource.password=${DB_PWD:onecx-welcome} + +# TEST +%test.tkit.log.json.enabled=false + +# Enable mocking for tenant service +%test.tkit.jpa.tenant.default=tenant-100 +%test.tkit.rs.context.tenant-id.mock.enabled=true +%test.tkit.rs.context.tenant-id.mock.default-tenant=tenant-100 +%test.tkit.rs.context.tenant-id.mock.claim-org-id=orgId +%test.tkit.rs.context.tenant-id.mock.data.org1=tenant-100 +%test.tkit.rs.context.tenant-id.mock.data.org2=tenant-200 +%test.tkit.rs.context.tenant-id.mock.data.org3=tenant-300 + +# TEST-IT (integration tests) +quarkus.test.integration-test-profile=test +quarkus.test.enable-callbacks-for-integration-tests=true +# PROD +%prod.quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://postgresdb:5432/onecx-welcome?sslmode=disable} +%prod.quarkus.datasource.username=${DB_USER:onecx-welcome} +%prod.quarkus.datasource.password=${DB_PWD:onecx-welcome} + +# PIPE CONFIG + + diff --git a/src/test/java/org/tkit/onecx/welcome/rs/internal/controllers/ImageInternalRestControllerTest.java b/src/test/java/org/tkit/onecx/welcome/rs/internal/controllers/ImageInternalRestControllerTest.java index 29f1099..0be4893 100644 --- a/src/test/java/org/tkit/onecx/welcome/rs/internal/controllers/ImageInternalRestControllerTest.java +++ b/src/test/java/org/tkit/onecx/welcome/rs/internal/controllers/ImageInternalRestControllerTest.java @@ -5,6 +5,7 @@ import static jakarta.ws.rs.core.Response.Status.*; import static org.assertj.core.api.Assertions.assertThat; import static org.tkit.onecx.welcome.rs.internal.mappers.ExceptionMapper.ErrorKeys.CONSTRAINT_VIOLATIONS; +import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken; import java.io.File; import java.util.Objects; @@ -12,6 +13,7 @@ import org.junit.jupiter.api.Test; import org.tkit.onecx.welcome.test.AbstractTest; +import org.tkit.quarkus.security.test.GenerateKeycloakClient; import org.tkit.quarkus.test.WithDBData; import gen.org.tkit.onecx.welcome.rs.internal.model.ImageDataResponseDTO; @@ -23,6 +25,7 @@ @QuarkusTest @TestHTTPEndpoint(ImageInternalRestController.class) @WithDBData(value = "data/testdata-internal.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true) +@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-wc:read", "ocx-wc:write", "ocx-wc:delete", "ocx-wc:all" }) class ImageInternalRestControllerTest extends AbstractTest { private static final String MEDIA_TYPE_IMAGE_PNG = "image/png"; @@ -33,6 +36,7 @@ class ImageInternalRestControllerTest extends AbstractTest { @Test void getImageDataByIdTest() { var data = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .contentType(APPLICATION_JSON) .pathParam("id", "d-11-111") .get("/{id}") @@ -47,6 +51,7 @@ void getImageDataByIdTest() { @Test void getImageInfoByIdTest() { var data = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .contentType(APPLICATION_JSON) .pathParam("id", "11-111") .get("/info/{id}") @@ -63,6 +68,7 @@ void getImageInfoByIdTest() { @Test void createImageDataTest() { var data = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .when() .body(FILE) .contentType(MEDIA_TYPE_IMAGE_PNG) @@ -77,6 +83,7 @@ void createImageDataTest() { @Test void createImageDataEmptyBodyTest() { given() + .auth().oauth2(getKeycloakClientToken("testClient")) .when() .contentType(MEDIA_TYPE_IMAGE_PNG) .post() @@ -90,6 +97,7 @@ void createImageInfoTest() { //first create image data var imageData = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .when() .body(FILE) .contentType(MEDIA_TYPE_IMAGE_PNG) @@ -103,6 +111,7 @@ void createImageInfoTest() { body.imageId(imageData.getImageId()).position("2").visible(true).workspaceName("w1"); given() + .auth().oauth2(getKeycloakClientToken("testClient")) .when() .body(body) .contentType(APPLICATION_JSON) @@ -116,6 +125,7 @@ void createImageInfoExternalURLTest() { ImageInfoDTO body = new ImageInfoDTO(); body.url("randomURl").position("2").visible(true).workspaceName("w1"); given() + .auth().oauth2(getKeycloakClientToken("testClient")) .when() .body(body) .contentType(APPLICATION_JSON) @@ -128,6 +138,7 @@ void createImageInfoExternalURLTest() { void updateImageDataByIdTest() { // first get existing image var data = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .contentType(APPLICATION_JSON) .pathParam("id", "d-11-111") .get("/{id}") @@ -140,6 +151,7 @@ void updateImageDataByIdTest() { //update the image var updatedImage = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .when() .body(FILE) .contentType(MEDIA_TYPE_IMAGE_PNG) @@ -155,6 +167,7 @@ void updateImageDataByIdTest() { //update not-existing image given() + .auth().oauth2(getKeycloakClientToken("testClient")) .when() .body(FILE) .contentType(MEDIA_TYPE_IMAGE_PNG) @@ -168,6 +181,7 @@ void updateImageDataByIdTest() { void updateImageInfoByIdTest() { // get image info var data = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .contentType(APPLICATION_JSON) .pathParam("id", "22-222") .get("/info/{id}") @@ -183,6 +197,7 @@ void updateImageInfoByIdTest() { updateBody.workspaceName("w1"); var updatedInfo = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .contentType(APPLICATION_JSON) .body(updateBody) .pathParam("id", "22-222") @@ -196,6 +211,7 @@ void updateImageInfoByIdTest() { //update second time, optimistic lock exception given() + .auth().oauth2(getKeycloakClientToken("testClient")) .contentType(APPLICATION_JSON) .body(updateBody) .pathParam("id", "22-222") @@ -206,6 +222,7 @@ void updateImageInfoByIdTest() { //update not-existing image-info given() + .auth().oauth2(getKeycloakClientToken("testClient")) .contentType(APPLICATION_JSON) .body(updateBody) .pathParam("id", "not-existing") @@ -219,6 +236,7 @@ void updateImageInfoAssignedImageDataByIdTest() { //create new imageData first var data = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .when() .body(FILE) .contentType(MEDIA_TYPE_IMAGE_PNG) @@ -235,6 +253,7 @@ void updateImageInfoAssignedImageDataByIdTest() { updateBody.workspaceName("w1"); var updatedInfo = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .contentType(APPLICATION_JSON) .body(updateBody) .pathParam("id", "11-111") @@ -251,6 +270,7 @@ void updateImageInfoAssignedImageDataByIdTest() { updateBody.setImageId("not-existing"); given() + .auth().oauth2(getKeycloakClientToken("testClient")) .contentType(APPLICATION_JSON) .body(updateBody) .pathParam("id", "11-111") @@ -264,6 +284,7 @@ void updateImageInfoAssignedImageDataByIdTest() { @Test void deleteImageInfoByIdTest() { given() + .auth().oauth2(getKeycloakClientToken("testClient")) .pathParam("id", "11-111") .delete("/info/{id}") .then() @@ -272,6 +293,7 @@ void deleteImageInfoByIdTest() { //assigned image data should be gone too given() + .auth().oauth2(getKeycloakClientToken("testClient")) .pathParam("id", "d-11-111") .get("/{id}") .then() @@ -279,6 +301,7 @@ void deleteImageInfoByIdTest() { //delete not-existing image-info given() + .auth().oauth2(getKeycloakClientToken("testClient")) .pathParam("id", "not-existing") .delete("/info/{id}") .then() @@ -288,6 +311,7 @@ void deleteImageInfoByIdTest() { @Test void getAllImageInfosByWorkspaceNameTest() { var output = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .pathParam("workspaceName", "w1") .get("/{workspaceName}/info") .then() @@ -304,6 +328,7 @@ void testMaxUploadSize() { new Random().nextBytes(body); var exception = given() + .auth().oauth2(getKeycloakClientToken("testClient")) .when() .body(body) .contentType(MEDIA_TYPE_IMAGE_PNG) diff --git a/src/test/java/org/tkit/onecx/welcome/test/SecurityTest.java b/src/test/java/org/tkit/onecx/welcome/test/SecurityTest.java new file mode 100644 index 0000000..e4a2992 --- /dev/null +++ b/src/test/java/org/tkit/onecx/welcome/test/SecurityTest.java @@ -0,0 +1,19 @@ +package org.tkit.onecx.welcome.test; + +import java.util.List; + +import org.tkit.quarkus.security.test.AbstractSecurityTest; +import org.tkit.quarkus.security.test.SecurityTestConfig; + +import io.quarkus.test.junit.QuarkusTest; + +@QuarkusTest +public class SecurityTest extends AbstractSecurityTest { + @Override + public SecurityTestConfig getConfig() { + SecurityTestConfig config = new SecurityTestConfig(); + config.addConfig("read", "/internal/images/id", 404, List.of("ocx-wc:read"), "get"); + config.addConfig("write", "/internal/images/info", 400, List.of("ocx-wc:write"), "post"); + return config; + } +} diff --git a/src/test/java/org/tkit/onecx/welcome/test/SecurityTestIT.java b/src/test/java/org/tkit/onecx/welcome/test/SecurityTestIT.java new file mode 100644 index 0000000..4cf4f0a --- /dev/null +++ b/src/test/java/org/tkit/onecx/welcome/test/SecurityTestIT.java @@ -0,0 +1,7 @@ +package org.tkit.onecx.welcome.test; + +import io.quarkus.test.junit.QuarkusIntegrationTest; + +@QuarkusIntegrationTest +public class SecurityTestIT extends SecurityTest { +}