Make rbac excluded endpoints configurableHEADnewdelhimaster

- introduce bff.rbac.endpoints-excluded config
- add some performance improvements for role checking
- resolve compilation warning related to missing swagger dependency

Issue-ID: PORTALNG-100
Change-Id: I38ac942f0731a3297a797a09402f20aa6efc3b58
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>

7 files changed, 37 insertions, 72 deletions

diff --git a/app/src/main/resources/application-access-control.yml b/app/src/main/resources/application-access-control.yml
index 4da29f1..6fda781 100644
--- a/app/src/main/resources/application-access-control.yml
+++ b/app/src/main/resources/application-access-control.yml
@@ -1,21 +1,21 @@
-bff.access-control:
-  ACTIONS_CREATE: [ portal_admin, portal_designer, portal_operator ]
-  ACTIONS_GET: [ portal_admin, portal_designer, portal_operator ]
-  ACTIONS_LIST: [ portal_admin, portal_designer, portal_operator ]
-  ACTIVE_ALARM_LIST: [portal_admin, portal_designer, portal_operator]
-  KEY_ENCRYPT_BY_USER: [portal_admin, portal_designer, portal_operator]
-  KEY_ENCRYPT_BY_VALUE: [portal_admin, portal_designer, portal_operator]
-  PREFERENCES_CREATE: [portal_admin, portal_designer, portal_operator]
-  PREFERENCES_GET: [portal_admin, portal_designer, portal_operator]
-  PREFERENCES_UPDATE: [portal_admin, portal_designer, portal_operator]
-  ROLE_LIST: ["*"]
-  USER_CREATE: [portal_admin, portal_designer, portal_operator]
-  USER_DELETE: [portal_admin, portal_designer, portal_operator]
-  USER_GET: [portal_admin, portal_designer, portal_operator]
-  USER_LIST_AVAILABLE_ROLES: [portal_admin, portal_designer, portal_operator]
-  USER_LIST_ROLES: [portal_admin, portal_designer, portal_operator]
-  USER_LIST: [portal_admin, portal_designer, portal_operator]
-  USER_UPDATE_PASSWORD: [portal_admin, portal_designer, portal_operator]
-  USER_UPDATE_ROLES: [portal_admin, portal_designer, portal_operator]
-  USER_UPDATE: [portal_admin, portal_designer, portal_operator]
-
+bff:
+  access-control:
+    ACTIONS_CREATE: [ portal_admin, portal_designer, portal_operator ]
+    ACTIONS_GET: [ portal_admin, portal_designer, portal_operator ]
+    ACTIONS_LIST: [ portal_admin, portal_designer, portal_operator ]
+    ACTIVE_ALARM_LIST: [portal_admin, portal_designer, portal_operator]
+    KEY_ENCRYPT_BY_USER: [portal_admin, portal_designer, portal_operator]
+    KEY_ENCRYPT_BY_VALUE: [portal_admin, portal_designer, portal_operator]
+    PREFERENCES_CREATE: [portal_admin, portal_designer, portal_operator]
+    PREFERENCES_GET: [portal_admin, portal_designer, portal_operator]
+    PREFERENCES_UPDATE: [portal_admin, portal_designer, portal_operator]
+    ROLE_LIST: ["*"]
+    USER_CREATE: [portal_admin, portal_designer, portal_operator]
+    USER_DELETE: [portal_admin, portal_designer, portal_operator]
+    USER_GET: [portal_admin, portal_designer, portal_operator]
+    USER_LIST_AVAILABLE_ROLES: [portal_admin, portal_designer, portal_operator]
+    USER_LIST_ROLES: [portal_admin, portal_designer, portal_operator]
+    USER_LIST: [portal_admin, portal_designer, portal_operator]
+    USER_UPDATE_PASSWORD: [portal_admin, portal_designer, portal_operator]
+    USER_UPDATE_ROLES: [portal_admin, portal_designer, portal_operator]
+    USER_UPDATE: [portal_admin, portal_designer, portal_operator]
diff --git a/app/src/main/resources/application.yml b/app/src/main/resources/application.yml
index 367b33c..a99ff0b 100644
--- a/app/src/main/resources/application.yml
+++ b/app/src/main/resources/application.yml
@@ -52,4 +52,8 @@ bff:
   preferences-url: ${PREFERENCES_URL}
   history-url: ${HISTORY_URL}
   keycloak-url: ${KEYCLOAK_URL}
+  endpoints:
+    unauthenticated: /api-docs.html, /api.yaml, /webjars/**, /actuator/**
+  rbac:
+    endpoints-excluded: /actuator/**, **/actuator/**, */actuator/**, /**/actuator/**, /*/actuator/**
 
diff --git a/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java b/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java
index 1311ac7..528568d 100644
--- a/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java
+++ b/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java
@@ -52,8 +52,8 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.http.MediaType;
 
 /** Base class for all tests that has the common config including port, realm, logging and auth. */
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 @AutoConfigureWireMock(port = 0)
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 public abstract class BaseIntegrationTest {
 
   @TestConfiguration
diff --git a/app/src/test/java/org/onap/portalng/bff/idtoken/IdTokenExchangeFilterFunctionTest.java b/app/src/test/java/org/onap/portalng/bff/idtoken/IdTokenExchangeFilterFunctionTest.java
index cb6694a..b7491f2 100644
--- a/app/src/test/java/org/onap/portalng/bff/idtoken/IdTokenExchangeFilterFunctionTest.java
+++ b/app/src/test/java/org/onap/portalng/bff/idtoken/IdTokenExchangeFilterFunctionTest.java
@@ -30,6 +30,7 @@ import java.util.UUID;
 import org.junit.jupiter.api.Test;
 import org.onap.portalng.bff.BaseIntegrationTest;
 import org.onap.portalng.bff.config.IdTokenExchangeFilterFunction;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
@@ -41,10 +42,10 @@ import reactor.core.publisher.Mono;
 
 class IdTokenExchangeFilterFunctionTest extends BaseIntegrationTest {
 
+  @Autowired IdTokenExchangeFilterFunction filterFunction;
+
   @Test
   void idTokenIsCorrectlyPropagated() {
-    final IdTokenExchangeFilterFunction filterFunction = new IdTokenExchangeFilterFunction();
-
     final String idToken = UUID.randomUUID().toString();
     final ServerWebExchange serverWebExchange =
         MockServerWebExchange.builder(
@@ -72,8 +73,6 @@ class IdTokenExchangeFilterFunctionTest extends BaseIntegrationTest {
 
   @Test
   void exceptionIsThrownWhenIdTokenIsMissingInRequest() {
-    final IdTokenExchangeFilterFunction filterFunction = new IdTokenExchangeFilterFunction();
-
     final ServerWebExchange serverWebExchange =
         MockServerWebExchange.builder(MockServerHttpRequest.get("http://localhost:8000")).build();
 
diff --git a/app/src/test/resources/application-access-control.yml b/app/src/test/resources/application-access-control.yml
deleted file mode 100644
index 6fda781..0000000
--- a/app/src/test/resources/application-access-control.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-bff:
-  access-control:
-    ACTIONS_CREATE: [ portal_admin, portal_designer, portal_operator ]
-    ACTIONS_GET: [ portal_admin, portal_designer, portal_operator ]
-    ACTIONS_LIST: [ portal_admin, portal_designer, portal_operator ]
-    ACTIVE_ALARM_LIST: [portal_admin, portal_designer, portal_operator]
-    KEY_ENCRYPT_BY_USER: [portal_admin, portal_designer, portal_operator]
-    KEY_ENCRYPT_BY_VALUE: [portal_admin, portal_designer, portal_operator]
-    PREFERENCES_CREATE: [portal_admin, portal_designer, portal_operator]
-    PREFERENCES_GET: [portal_admin, portal_designer, portal_operator]
-    PREFERENCES_UPDATE: [portal_admin, portal_designer, portal_operator]
-    ROLE_LIST: ["*"]
-    USER_CREATE: [portal_admin, portal_designer, portal_operator]
-    USER_DELETE: [portal_admin, portal_designer, portal_operator]
-    USER_GET: [portal_admin, portal_designer, portal_operator]
-    USER_LIST_AVAILABLE_ROLES: [portal_admin, portal_designer, portal_operator]
-    USER_LIST_ROLES: [portal_admin, portal_designer, portal_operator]
-    USER_LIST: [portal_admin, portal_designer, portal_operator]
-    USER_UPDATE_PASSWORD: [portal_admin, portal_designer, portal_operator]
-    USER_UPDATE_ROLES: [portal_admin, portal_designer, portal_operator]
-    USER_UPDATE: [portal_admin, portal_designer, portal_operator]
diff --git a/app/src/test/resources/application.yml b/app/src/test/resources/application.yml
index 3e423e4..04e6a57 100644
--- a/app/src/test/resources/application.yml
+++ b/app/src/test/resources/application.yml
@@ -1,7 +1,6 @@
-logging:
-  level:
-    org.springframework.web: TRACE
-
+management:
+  tracing:
+    enabled: false
 spring:
   profiles:
     include:
@@ -22,12 +21,14 @@ spring:
       resourceserver:
         jwt:
           jwk-set-uri: http://localhost:${wiremock.server.port}/realms/ONAP/protocol/openid-connect/certs
-  jackson:
-    serialization:
-      FAIL_ON_EMPTY_BEANS: false
 
 bff:
   realm: ONAP
   preferences-url: http://localhost:${wiremock.server.port}
   history-url: http://localhost:${wiremock.server.port}
   keycloak-url: http://localhost:${wiremock.server.port}
+  endpoints:
+    unauthenticated: /api-docs.html, /api.yaml, /webjars/**, /actuator/**
+  rbac:
+    endpoints-excluded: /actuator/**, **/actuator/**, */actuator/**, /**/actuator/**, /*/actuator/**
+
diff --git a/app/src/test/resources/logback-spring.xml b/app/src/test/resources/logback-spring.xml
deleted file mode 100644
index 45bd7e2..0000000
--- a/app/src/test/resources/logback-spring.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration scan="true">
-    <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
-
-    <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-            <level>${LOGBACK_LEVEL:-info}</level>
-        </filter>
-        <encoder>
-            <pattern>${CONSOLE_LOG_PATTERN}</pattern>
-            <charset>utf8</charset>
-        </encoder>
-    </appender>
-
-    <root level="all">
-        <appender-ref ref="stdout"/>
-    </root>
-</configuration>
\ No newline at end of file