diff options
author | Fiete Ostkamp <Fiete.Ostkamp@telekom.de> | 2024-05-14 13:38:17 +0200 |
---|---|---|
committer | Fiete Ostkamp <Fiete.Ostkamp@telekom.de> | 2024-05-16 14:07:00 +0200 |
commit | 9ad020e36d7dba6e9e2fdd2e5b5276e728de4bd3 (patch) | |
tree | d35910bf26cd5d91e09d0431d5e6dd88d35c1682 /app/src | |
parent | f5a7f7daf927ee345cc60abd212771812dfae685 (diff) |
- introduce bff.rbac.endpoints-excluded config
- add some performance improvements for role checking
- resolve compilation warning related to missing swagger dependency
Issue-ID: PORTALNG-100
Change-Id: I38ac942f0731a3297a797a09402f20aa6efc3b58
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Diffstat (limited to 'app/src')
7 files changed, 37 insertions, 72 deletions
diff --git a/app/src/main/resources/application-access-control.yml b/app/src/main/resources/application-access-control.yml index 4da29f1..6fda781 100644 --- a/app/src/main/resources/application-access-control.yml +++ b/app/src/main/resources/application-access-control.yml @@ -1,21 +1,21 @@ -bff.access-control: - ACTIONS_CREATE: [ portal_admin, portal_designer, portal_operator ] - ACTIONS_GET: [ portal_admin, portal_designer, portal_operator ] - ACTIONS_LIST: [ portal_admin, portal_designer, portal_operator ] - ACTIVE_ALARM_LIST: [portal_admin, portal_designer, portal_operator] - KEY_ENCRYPT_BY_USER: [portal_admin, portal_designer, portal_operator] - KEY_ENCRYPT_BY_VALUE: [portal_admin, portal_designer, portal_operator] - PREFERENCES_CREATE: [portal_admin, portal_designer, portal_operator] - PREFERENCES_GET: [portal_admin, portal_designer, portal_operator] - PREFERENCES_UPDATE: [portal_admin, portal_designer, portal_operator] - ROLE_LIST: ["*"] - USER_CREATE: [portal_admin, portal_designer, portal_operator] - USER_DELETE: [portal_admin, portal_designer, portal_operator] - USER_GET: [portal_admin, portal_designer, portal_operator] - USER_LIST_AVAILABLE_ROLES: [portal_admin, portal_designer, portal_operator] - USER_LIST_ROLES: [portal_admin, portal_designer, portal_operator] - USER_LIST: [portal_admin, portal_designer, portal_operator] - USER_UPDATE_PASSWORD: [portal_admin, portal_designer, portal_operator] - USER_UPDATE_ROLES: [portal_admin, portal_designer, portal_operator] - USER_UPDATE: [portal_admin, portal_designer, portal_operator] - +bff: + access-control: + ACTIONS_CREATE: [ portal_admin, portal_designer, portal_operator ] + ACTIONS_GET: [ portal_admin, portal_designer, portal_operator ] + ACTIONS_LIST: [ portal_admin, portal_designer, portal_operator ] + ACTIVE_ALARM_LIST: [portal_admin, portal_designer, portal_operator] + KEY_ENCRYPT_BY_USER: [portal_admin, portal_designer, portal_operator] + KEY_ENCRYPT_BY_VALUE: [portal_admin, portal_designer, portal_operator] + PREFERENCES_CREATE: [portal_admin, portal_designer, portal_operator] + PREFERENCES_GET: [portal_admin, portal_designer, portal_operator] + PREFERENCES_UPDATE: [portal_admin, portal_designer, portal_operator] + ROLE_LIST: ["*"] + USER_CREATE: [portal_admin, portal_designer, portal_operator] + USER_DELETE: [portal_admin, portal_designer, portal_operator] + USER_GET: [portal_admin, portal_designer, portal_operator] + USER_LIST_AVAILABLE_ROLES: [portal_admin, portal_designer, portal_operator] + USER_LIST_ROLES: [portal_admin, portal_designer, portal_operator] + USER_LIST: [portal_admin, portal_designer, portal_operator] + USER_UPDATE_PASSWORD: [portal_admin, portal_designer, portal_operator] + USER_UPDATE_ROLES: [portal_admin, portal_designer, portal_operator] + USER_UPDATE: [portal_admin, portal_designer, portal_operator] diff --git a/app/src/main/resources/application.yml b/app/src/main/resources/application.yml index 367b33c..a99ff0b 100644 --- a/app/src/main/resources/application.yml +++ b/app/src/main/resources/application.yml @@ -52,4 +52,8 @@ bff: preferences-url: ${PREFERENCES_URL} history-url: ${HISTORY_URL} keycloak-url: ${KEYCLOAK_URL} + endpoints: + unauthenticated: /api-docs.html, /api.yaml, /webjars/**, /actuator/** + rbac: + endpoints-excluded: /actuator/**, **/actuator/**, */actuator/**, /**/actuator/**, /*/actuator/** diff --git a/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java b/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java index 1311ac7..528568d 100644 --- a/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java +++ b/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java @@ -52,8 +52,8 @@ import org.springframework.context.annotation.Bean; import org.springframework.http.MediaType; /** Base class for all tests that has the common config including port, realm, logging and auth. */ -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) @AutoConfigureWireMock(port = 0) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) public abstract class BaseIntegrationTest { @TestConfiguration diff --git a/app/src/test/java/org/onap/portalng/bff/idtoken/IdTokenExchangeFilterFunctionTest.java b/app/src/test/java/org/onap/portalng/bff/idtoken/IdTokenExchangeFilterFunctionTest.java index cb6694a..b7491f2 100644 --- a/app/src/test/java/org/onap/portalng/bff/idtoken/IdTokenExchangeFilterFunctionTest.java +++ b/app/src/test/java/org/onap/portalng/bff/idtoken/IdTokenExchangeFilterFunctionTest.java @@ -30,6 +30,7 @@ import java.util.UUID; import org.junit.jupiter.api.Test; import org.onap.portalng.bff.BaseIntegrationTest; import org.onap.portalng.bff.config.IdTokenExchangeFilterFunction; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpMethod; import org.springframework.mock.http.server.reactive.MockServerHttpRequest; import org.springframework.mock.web.server.MockServerWebExchange; @@ -41,10 +42,10 @@ import reactor.core.publisher.Mono; class IdTokenExchangeFilterFunctionTest extends BaseIntegrationTest { + @Autowired IdTokenExchangeFilterFunction filterFunction; + @Test void idTokenIsCorrectlyPropagated() { - final IdTokenExchangeFilterFunction filterFunction = new IdTokenExchangeFilterFunction(); - final String idToken = UUID.randomUUID().toString(); final ServerWebExchange serverWebExchange = MockServerWebExchange.builder( @@ -72,8 +73,6 @@ class IdTokenExchangeFilterFunctionTest extends BaseIntegrationTest { @Test void exceptionIsThrownWhenIdTokenIsMissingInRequest() { - final IdTokenExchangeFilterFunction filterFunction = new IdTokenExchangeFilterFunction(); - final ServerWebExchange serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.get("http://localhost:8000")).build(); diff --git a/app/src/test/resources/application-access-control.yml b/app/src/test/resources/application-access-control.yml deleted file mode 100644 index 6fda781..0000000 --- a/app/src/test/resources/application-access-control.yml +++ /dev/null @@ -1,21 +0,0 @@ -bff: - access-control: - ACTIONS_CREATE: [ portal_admin, portal_designer, portal_operator ] - ACTIONS_GET: [ portal_admin, portal_designer, portal_operator ] - ACTIONS_LIST: [ portal_admin, portal_designer, portal_operator ] - ACTIVE_ALARM_LIST: [portal_admin, portal_designer, portal_operator] - KEY_ENCRYPT_BY_USER: [portal_admin, portal_designer, portal_operator] - KEY_ENCRYPT_BY_VALUE: [portal_admin, portal_designer, portal_operator] - PREFERENCES_CREATE: [portal_admin, portal_designer, portal_operator] - PREFERENCES_GET: [portal_admin, portal_designer, portal_operator] - PREFERENCES_UPDATE: [portal_admin, portal_designer, portal_operator] - ROLE_LIST: ["*"] - USER_CREATE: [portal_admin, portal_designer, portal_operator] - USER_DELETE: [portal_admin, portal_designer, portal_operator] - USER_GET: [portal_admin, portal_designer, portal_operator] - USER_LIST_AVAILABLE_ROLES: [portal_admin, portal_designer, portal_operator] - USER_LIST_ROLES: [portal_admin, portal_designer, portal_operator] - USER_LIST: [portal_admin, portal_designer, portal_operator] - USER_UPDATE_PASSWORD: [portal_admin, portal_designer, portal_operator] - USER_UPDATE_ROLES: [portal_admin, portal_designer, portal_operator] - USER_UPDATE: [portal_admin, portal_designer, portal_operator] diff --git a/app/src/test/resources/application.yml b/app/src/test/resources/application.yml index 3e423e4..04e6a57 100644 --- a/app/src/test/resources/application.yml +++ b/app/src/test/resources/application.yml @@ -1,7 +1,6 @@ -logging: - level: - org.springframework.web: TRACE - +management: + tracing: + enabled: false spring: profiles: include: @@ -22,12 +21,14 @@ spring: resourceserver: jwt: jwk-set-uri: http://localhost:${wiremock.server.port}/realms/ONAP/protocol/openid-connect/certs - jackson: - serialization: - FAIL_ON_EMPTY_BEANS: false bff: realm: ONAP preferences-url: http://localhost:${wiremock.server.port} history-url: http://localhost:${wiremock.server.port} keycloak-url: http://localhost:${wiremock.server.port} + endpoints: + unauthenticated: /api-docs.html, /api.yaml, /webjars/**, /actuator/** + rbac: + endpoints-excluded: /actuator/**, **/actuator/**, */actuator/**, /**/actuator/**, /*/actuator/** + diff --git a/app/src/test/resources/logback-spring.xml b/app/src/test/resources/logback-spring.xml deleted file mode 100644 index 45bd7e2..0000000 --- a/app/src/test/resources/logback-spring.xml +++ /dev/null @@ -1,18 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration scan="true"> - <include resource="org/springframework/boot/logging/logback/defaults.xml"/> - - <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>${LOGBACK_LEVEL:-info}</level> - </filter> - <encoder> - <pattern>${CONSOLE_LOG_PATTERN}</pattern> - <charset>utf8</charset> - </encoder> - </appender> - - <root level="all"> - <appender-ref ref="stdout"/> - </root> -</configuration>
\ No newline at end of file |