diff options
43 files changed, 2620 insertions, 0 deletions
diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..c8de995 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +# Ignore everything +* +# ... but the build jar +!/app/build/libs
\ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2d8e73e --- /dev/null +++ b/.gitignore @@ -0,0 +1,39 @@ +HELP.md +.gradle +build/ +!gradle/wrapper/gradle-wrapper.jar +!**/src/main/**/build/ +!**/src/test/**/build/ +gradle.properties + +### STS ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache +bin/ +!**/src/main/**/bin/ +!**/src/test/**/bin/ + +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr +out/ +!**/src/main/**/out/ +!**/src/test/**/out/ + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ + +### VS Code ### +.vscode/ +.attach_pid* diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..08ba08e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,5 @@ +FROM onap-repo/openjdk:17 +ARG JAR_FILE=/app/build/libs/app-*.jar +COPY ${JAR_FILE} app.jar +EXPOSE 9080 +ENTRYPOINT [ "java","-jar","app.jar" ]
\ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..15bc29d --- /dev/null +++ b/README.md @@ -0,0 +1,42 @@ +# Portal-prefs +This microservice manages the user specific config for the `portal-ui` frontend application. It is a Spring Boot application that is build upon a MongoDB and Webflux. + +## Build +```sh +./gradlew build +``` + +## Run +```sh +./gradlew bootRun +``` + +## Test +```sh +./gradlew test # run all tests +./gradlew test --tests GetTileIntegrationTest # run all tests in file +./gradlew test --tests GetTileIntegrationTest.thatTileCanBeRetrieved # run individual test in file +./gradlew test --tests GetTileIntegrationTest.thatTileCanBeRetrieved --debug # run individual test in file with debug enabled +``` + +## Development +You can run the service locally for evaluation or development purposes using the provided `docker-compose.yml` file in the development folder. This will launch a Keycloak, a Postgres and a Mongo db in the background. + +**Prerequisites:** Running local docker daemon and a docker cli + +To start the service execute the `run.sh` in the development folder: +```sh +development/run.sh +``` + +Example request against the portal-prefs service can be run in your preferred IDE with the `request.http` file from the development folder. + +You can access the Keycloak UI via browser. +URL: http://localhost:8080 +**username:** admin +**password:** password + +To stop the portal-prefs service, Keycloak and the databases run: +```sh +development/stop.sh +``` diff --git a/app/LICENSE b/app/LICENSE new file mode 100644 index 0000000..abe3069 --- /dev/null +++ b/app/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2021 TNAP / development / system-team + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/app/LICENSE_HEADER b/app/LICENSE_HEADER new file mode 100644 index 0000000..66e028a --- /dev/null +++ b/app/LICENSE_HEADER @@ -0,0 +1,20 @@ +/* + * + * Copyright (c) ${year}. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ diff --git a/app/build.gradle b/app/build.gradle new file mode 100644 index 0000000..1551d9e --- /dev/null +++ b/app/build.gradle @@ -0,0 +1,109 @@ +plugins { + id 'java' + id 'idea' + id 'application' + id 'io.spring.dependency-management' + id 'org.springframework.boot' + id 'jacoco' + id 'org.sonarqube' + id 'com.gorylenko.gradle-git-properties' +} + +group = 'org.onap' +version = '0.1.1' +sourceCompatibility = '17' +targetCompatibility = '17' + +application { + mainClass = 'org.onap.portal.prefs.PortalPrefsApplication' +} + +configurations { + compileOnly { + extendsFrom annotationProcessor + } + + // avoid "LoggerFactory is not a Logback LoggerContext but Logback is on the classpath" error + all*.exclude module : 'logback-classic' +} + +repositories { + mavenCentral() + maven { + url "https://plugins.gradle.org/m2/" + } +} + +ext { + vavrVersion = '0.10.4' + problemVersion = '0.27.1' + logstashLogbackVersion = '7.2' + embedMongoVersion = '3.2.8' + embedMongoIntegrationVersion = '1.1.0-spring27x' + springCloudWiremockVersion = '3.1.0' +} + +dependencies { + implementation project(':openapi') + implementation 'org.springframework.boot:spring-boot-starter-actuator' + implementation 'org.springframework.boot:spring-boot-starter-data-mongodb-reactive' + implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server' + implementation 'org.springframework.boot:spring-boot-starter-security' + implementation 'org.springframework.boot:spring-boot-starter-webflux' + implementation 'org.springframework.boot:spring-boot-starter-validation' + implementation "io.vavr:vavr:$vavrVersion" + implementation "org.zalando:problem:$problemVersion" + implementation "net.logstash.logback:logstash-logback-encoder:$logstashLogbackVersion" + + compileOnly 'org.projectlombok:lombok' + + developmentOnly 'org.springframework.boot:spring-boot-devtools' + + annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor' + annotationProcessor 'org.projectlombok:lombok' + + testImplementation 'org.springframework.boot:spring-boot-starter-test' + testImplementation 'io.projectreactor:reactor-test' + testImplementation 'io.rest-assured:rest-assured' + testImplementation "org.springframework.cloud:spring-cloud-contract-wiremock:$springCloudWiremockVersion" + testImplementation "de.flapdoodle.embed:de.flapdoodle.embed.mongo:$embedMongoVersion" + testImplementation "de.flapdoodle.embed:de.flapdoodle.embed.mongo.spring:$embedMongoIntegrationVersion" + testCompileOnly 'org.projectlombok:lombok' + testAnnotationProcessor 'org.projectlombok:lombok' +} + +test { + useJUnitPlatform() + finalizedBy(jacocoTestReport) +} + +jacocoTestReport { + reports { + xml.enabled true + } +} + +sonarqube { + properties { + property "sonar.projectKey", "tnap.SONAR.portal.portal-prefs" + property "sonar.projectName", "portal-prefs" + } +} + +configurations.implementation.setCanBeResolved(true) + +// avoid generating X.X.X-plain.jar +jar { + enabled = false +} + +springBoot { + buildInfo { + properties { + artifact = "onap-portal-prefs" + version = rootProject.file('version').text.trim() + group = "org.onap" + name = "Portal user preferences service" + } + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java b/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java new file mode 100644 index 0000000..092c533 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java @@ -0,0 +1,37 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import org.onap.portal.prefs.configuration.PortalPrefsConfig; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.context.properties.EnableConfigurationProperties; + +@EnableConfigurationProperties(PortalPrefsConfig.class) +@SpringBootApplication +public class PortalPrefsApplication { + + public static void main(String[] args) { + SpringApplication.run(PortalPrefsApplication.class, args); + } + +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java new file mode 100644 index 0000000..77ef7f0 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java @@ -0,0 +1,35 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.time.Clock; + +@Configuration +public class BeansConfig { + @Bean + Clock clock() { + return Clock.systemUTC(); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java b/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java new file mode 100644 index 0000000..b653fe3 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java @@ -0,0 +1,59 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import org.onap.portal.prefs.util.Logger; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.reactive.ServerWebExchangeContextFilter; +import org.springframework.web.server.ServerWebExchange; +import org.springframework.web.server.WebFilter; +import org.springframework.web.server.WebFilterChain; +import reactor.core.publisher.Mono; + +import java.util.List; + +@Component +public class LogInterceptor implements WebFilter { + public static final String EXCHANGE_CONTEXT_ATTRIBUTE = + ServerWebExchangeContextFilter.class.getName() + ".EXCHANGE_CONTEXT"; + + public static final String X_REQUEST_ID = "X-Request-Id"; + + @Override + public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { + List<String> xRequestIdList = exchange.getRequest().getHeaders().get(X_REQUEST_ID); + if (xRequestIdList != null && !xRequestIdList.isEmpty()) { + String xRequestId = xRequestIdList.get(0); + Logger.requestLog( + xRequestId, exchange.getRequest().getMethod(), exchange.getRequest().getURI()); + exchange.getResponse().getHeaders().add(X_REQUEST_ID, xRequestId); + exchange.getResponse().beforeCommit(() -> { + Logger.responseLog(xRequestId,exchange.getResponse().getStatusCode()); + return Mono.empty(); + }); + } + + return chain + .filter(exchange) + .contextWrite(cxt -> cxt.put(EXCHANGE_CONTEXT_ATTRIBUTE, exchange)); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java new file mode 100644 index 0000000..3c03673 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java @@ -0,0 +1,39 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import javax.validation.constraints.NotBlank; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.boot.context.properties.ConstructorBinding; + +import lombok.Data; + +@Data +@ConstructorBinding +@ConfigurationProperties("portal-prefs") +public class PortalPrefsConfig { + + @NotBlank + private final String realm; + +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java new file mode 100644 index 0000000..531e90b --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java @@ -0,0 +1,53 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.web.server.SecurityWebFilterChain; + +/** + * Configures the access control of the API endpoints. + */ +// https://hantsy.github.io/spring-reactive-sample/security/config.html +@EnableWebFluxSecurity +@Configuration +public class SecurityConfig { + + @Bean + public SecurityWebFilterChain springSecurityWebFilterChain(ServerHttpSecurity http) { + return http.httpBasic().disable() + .formLogin().disable() + .csrf().disable() + .cors() + .and() + .authorizeExchange() + .pathMatchers(HttpMethod.GET, "/actuator/**").permitAll() + .anyExchange().authenticated() + .and() + .oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::jwt) + .build(); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java b/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java new file mode 100644 index 0000000..584b3b4 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java @@ -0,0 +1,88 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.controller; + + +import javax.validation.Valid; + +import org.onap.portal.prefs.exception.ProblemException; +import org.onap.portal.prefs.openapi.api.PreferencesApi; +import org.onap.portal.prefs.openapi.model.Preferences; +import org.onap.portal.prefs.services.PreferencesService; +import org.onap.portal.prefs.util.IdTokenExchange; +import org.onap.portal.prefs.util.Logger; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.server.ServerWebExchange; + +import reactor.core.publisher.Mono; + +@RestController +public class PreferencesController implements PreferencesApi { + + + private final PreferencesService preferencesService; + + public PreferencesController(PreferencesService getPreferences){ + this.preferencesService = getPreferences; + } + + @Override + public Mono<ResponseEntity<Preferences>> getPreferences(String xRequestId, ServerWebExchange exchange) { + return IdTokenExchange + .extractUserId(exchange) + .flatMap(userid -> + preferencesService.getPreferences(userid) + .map(ResponseEntity::ok)) + .onErrorResume(ProblemException.class, ex -> { + Logger.errorLog(xRequestId,"user preferences", null, "portal-prefs" ); + return Mono.error(ex); + }) + .onErrorReturn(new ResponseEntity<>(HttpStatus.BAD_REQUEST)); + + } + + @Override + public Mono<ResponseEntity<Preferences>> savePreferences(String xRequestId, @Valid Mono<Preferences> preferences, + ServerWebExchange exchange) { + return IdTokenExchange + .extractUserId(exchange) + .flatMap(userid -> + preferences + .flatMap( pref -> + preferencesService + .savePreferences(xRequestId, userid, pref))) + .map( ResponseEntity::ok) + .onErrorResume(ProblemException.class, ex -> { + Logger.errorLog(xRequestId,"user preferences", null, "portal-prefs" ); + return Mono.error(ex); + }) + .onErrorReturn(new ResponseEntity<>(HttpStatus.BAD_REQUEST)); + } + + @Override + public Mono<ResponseEntity<Preferences>> updatePreferences(String xRequestId, @Valid Mono<Preferences> preferences, ServerWebExchange exchange) { + return savePreferences(xRequestId, preferences, exchange); + } + +} diff --git a/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java b/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java new file mode 100644 index 0000000..45616a9 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java @@ -0,0 +1,39 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.entities; + +import lombok.Getter; +import lombok.Setter; +import org.springframework.data.annotation.Id; +import org.springframework.data.mongodb.core.mapping.Document; + +@Document +@Getter +@Setter +public class PreferencesDto { + @Id + private String userId; + + private Object properties; + +} + diff --git a/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java b/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java new file mode 100644 index 0000000..b9d2a3d --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java @@ -0,0 +1,53 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.exception; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.EqualsAndHashCode; +import lombok.NoArgsConstructor; +import org.zalando.problem.AbstractThrowableProblem; +import org.zalando.problem.Problem; +import org.zalando.problem.Status; +import org.zalando.problem.StatusType; + +import java.net.URI; + +/** The default portal-prefs exception */ +@Data +@Builder +@AllArgsConstructor +@NoArgsConstructor +@EqualsAndHashCode(callSuper = true) +public class ProblemException extends AbstractThrowableProblem { + @Builder.Default private final URI type = Problem.DEFAULT_TYPE; + + @Builder.Default private final String title = "Bad preferences error"; + + @Builder.Default private final StatusType status = Status.BAD_REQUEST; + + @Builder.Default private final String detail = "Please add more details here"; + + @Builder.Default private final URI instance = null; + +} diff --git a/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java b/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java new file mode 100644 index 0000000..461ee1d --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java @@ -0,0 +1,28 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.repository; + +import org.onap.portal.prefs.entities.PreferencesDto; +import org.springframework.data.mongodb.repository.ReactiveMongoRepository; + +public interface PreferencesRepository extends ReactiveMongoRepository<PreferencesDto, String> { +} diff --git a/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java b/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java new file mode 100644 index 0000000..f96dfea --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java @@ -0,0 +1,80 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.services; + +import org.onap.portal.prefs.entities.PreferencesDto; +import org.onap.portal.prefs.exception.ProblemException; +import org.onap.portal.prefs.openapi.model.Preferences; +import org.onap.portal.prefs.repository.PreferencesRepository; +import org.onap.portal.prefs.util.Logger; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import reactor.core.publisher.Mono; + +@Service +public class PreferencesService { + + @Autowired + private PreferencesRepository repository; + + public Mono<Preferences> getPreferences(String userId){ + return repository + .findById(userId) + .switchIfEmpty(defaultPreferences()) + .map(this::toPreferences); + } + + public Mono<Preferences> savePreferences( String xRequestId, String userId, Preferences preferences){ + + var preferencesDto = new PreferencesDto(); + preferencesDto.setUserId(userId); + preferencesDto.setProperties(preferences.getProperties()); + + return repository + .save(preferencesDto) + .map(this::toPreferences) + .onErrorResume(ProblemException.class, ex -> { + Logger.errorLog(xRequestId,"user prefrences", userId, "portal-prefs" ); + return Mono.error(ex); + }); + + } + + private Preferences toPreferences(PreferencesDto preferencesDto) { + var preferences = new Preferences(); + preferences.setProperties(preferencesDto.getProperties()); + return preferences; + } + + /** + * Get a Preferences object that is initialised with an empty string. + * This is a) for convenience to not handle 404 on the consuming side and + * b) for security reasons + * @return PreferencesDto + */ + private Mono<PreferencesDto> defaultPreferences() { + var preferencesDto = new PreferencesDto(); + preferencesDto.setProperties(""); + return Mono.just(preferencesDto); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java b/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java new file mode 100644 index 0000000..20f1581 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java @@ -0,0 +1,91 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.util; + +import com.nimbusds.jwt.JWTParser; +import io.vavr.control.Option; +import io.vavr.control.Try; +import org.springframework.web.server.ServerWebExchange; +import org.zalando.problem.Problem; +import org.zalando.problem.Status; +import reactor.core.publisher.Mono; + +/** + * Represents a function that handles the <a href="https://jwt.io/introduction">JWT</a> identity token. + * Use this to check if the incoming requests are authorized to call the given endpoint + */ + +public final class IdTokenExchange { + + public static final String X_AUTH_IDENTITY_HEADER = "X-Auth-Identity"; + public static final String JWT_CLAIM_USERID = "sub"; + + private IdTokenExchange(){ + + } + + /** + * Extract the identity header from the given {@link ServerWebExchange}. + * @param exchange the ServerWebExchange that contains information about the incoming request + * @return the identity header in the form of <code>Bearer {@literal <Token>}<c/ode> + */ + private static Mono<String> extractIdentityHeader(ServerWebExchange exchange) { + return io.vavr.collection.List.ofAll( + exchange.getRequest().getHeaders().getOrEmpty(X_AUTH_IDENTITY_HEADER)) + .headOption() + .map(Mono::just) + .getOrElse(Mono.error(Problem.valueOf(Status.FORBIDDEN, "ID token is missing"))); + } + + /** + * Extract the identity token from the given {@link ServerWebExchange}. + * @see <a href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">OpenId Connect ID Token</a> + * @param exchange the ServerWebExchange that contains information about the incoming request + * @return the identity token that contains user roles + */ + private static Mono<String> extractIdToken(ServerWebExchange exchange) { + return extractIdentityHeader(exchange) + .map(identityHeader -> identityHeader.replace("Bearer ", "")); + } + + /** + * Extract the <code>userId</code> from the given {@link ServerWebExchange} + * @param exchange the ServerWebExchange that contains information about the incoming request + * @return the id of the user + */ + public static Mono<String> extractUserId(ServerWebExchange exchange) { + return extractIdToken(exchange) + .flatMap( + idToken -> + Try.of(() -> JWTParser.parse(idToken)) + .mapTry(jwt -> Option.of(jwt.getJWTClaimsSet())) + .map( + optionJwtClaimSet -> + optionJwtClaimSet + .flatMap( + jwtClaimSet -> + Option.of(jwtClaimSet.getClaim(JWT_CLAIM_USERID))) + .map(String.class::cast) + .map( Mono::just).get()) + .getOrElseGet(Mono::error)); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/util/Logger.java b/app/src/main/java/org/onap/portal/prefs/util/Logger.java new file mode 100644 index 0000000..4f4ac6c --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/util/Logger.java @@ -0,0 +1,58 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.util; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; + +import java.net.URI; + +@Slf4j +public class Logger { + + private Logger(){} + + public static void requestLog(String xRequestId, HttpMethod methode, URI path) { + log.info("Portal-prefs - request - X-Request-Id {} {} {}", xRequestId, methode, path); + } + + public static void responseLog(String xRequestId, HttpStatus code) { + log.info("Portal-prefs - response - X-Request-Id {} {}", xRequestId, code); + } + + public static void errorLog(String xRequestId, String msg, String id, String app) { + log.info( + "Portal-prefs - error - X-Request-Id {} {} {} not found in {}", xRequestId, msg, id, app); + } + + public static void errorLog( + String xRequestId, String msg, String id, String app, String errorDetails) { + log.info( + "Portal-prefs - error - X-Request-Id {} {} {} not found in {} error message: {}", + xRequestId, + msg, + id, + app, + errorDetails); + } +} diff --git a/app/src/main/resources/application-local.yml b/app/src/main/resources/application-local.yml new file mode 100644 index 0000000..71fe8db --- /dev/null +++ b/app/src/main/resources/application-local.yml @@ -0,0 +1,39 @@ +server: + port: 9001 + address: 0.0.0.0 + +spring: + jackson: + serialization: + # needed for serializing objects of type object + FAIL_ON_EMPTY_BEANS: false + security: + oauth2: + resourceserver: + jwt: + jwk-set-uri: http://localhost:8080/auth/realms/ONAP/protocol/openid-connect/certs #Keycloak Endpoint + data: + mongodb: + database: portal_prefs + host: localhost + port: 27017 + username: root + password: password + +portal-prefs: + realm: ONAP + +management: + endpoints: + web: + exposure: + include: "*" + info: + build: + enabled: true + env: + enabled: true + git: + enabled: true + java: + enabled: true diff --git a/app/src/main/resources/application.yml b/app/src/main/resources/application.yml new file mode 100644 index 0000000..eb5b313 --- /dev/null +++ b/app/src/main/resources/application.yml @@ -0,0 +1,39 @@ +server: + port: 9001 + address: 0.0.0.0 + +spring: + jackson: + serialization: + # needed for serializing objects of type object + FAIL_ON_EMPTY_BEANS: false + security: + oauth2: + resourceserver: + jwt: + jwk-set-uri: ${KEYCLOAK_URL}/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs #Keycloak Endpoint + data: + mongodb: + database: ${PORTALPREFS_DATABASE} + host: ${PORTALPREFS_HOST} + port: ${PORTALPREFS_PORT} + username: ${PORTALPREFS_USERNAME} + password: ${PORTALPREFS_PASSWORD} + +portal-prefs: + realm: ${KEYCLOAK_REALM} + +management: + endpoints: + web: + exposure: + include: "*" + info: + build: + enabled: true + env: + enabled: true + git: + enabled: true + java: + enabled: true diff --git a/app/src/main/resources/logback-spring.xml b/app/src/main/resources/logback-spring.xml new file mode 100644 index 0000000..05503bc --- /dev/null +++ b/app/src/main/resources/logback-spring.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration scan="true"> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>${LOGBACK_LEVEL:-info}</level> + </filter> + <encoder class="net.logstash.logback.encoder.LogstashEncoder"/> + </appender> + + <root level="all"> + <appender-ref ref="stdout"/> + </root> +</configuration> diff --git a/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java new file mode 100644 index 0000000..7852c41 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java @@ -0,0 +1,163 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.github.tomakehurst.wiremock.client.WireMock; +import com.nimbusds.jose.jwk.JWKSet; +import org.onap.portal.prefs.util.IdTokenExchange; +import org.onap.portal.prefs.configuration.PortalPrefsConfig; +import io.restassured.RestAssured; +import io.restassured.filter.log.RequestLoggingFilter; +import io.restassured.filter.log.ResponseLoggingFilter; +import io.restassured.specification.RequestSpecification; +import io.vavr.collection.List; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.web.server.LocalServerPort; +import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock; +import org.springframework.http.MediaType; + +import java.util.UUID; + +/** Base class for all tests that has the common config including port, realm, logging and auth. */ +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@AutoConfigureWireMock(port = 0) +public abstract class BaseIntegrationTest { + +// @TestConfiguration +// public static class Config { +// @Bean +// WireMockConfigurationCustomizer optionsCustomizer() { +// return options -> options.extensions(new ResponseTemplateTransformer(true)); +// } +// } + + @LocalServerPort protected int port; + @Value("${portal-prefs.realm}") + protected String realm; + + @Autowired protected ObjectMapper objectMapper; + @Autowired private TokenGenerator tokenGenerator; + @Autowired protected PortalPrefsConfig portalPrefsConfig; + + @BeforeAll + public static void setup() { + RestAssured.filters(new RequestLoggingFilter(), new ResponseLoggingFilter()); + } + + /** Mocks the OIDC auth flow. */ + @BeforeEach + public void mockAuth() { + WireMock.reset(); + + WireMock.stubFor( + WireMock.get( + WireMock.urlMatching( + String.format("/auth/realms/%s/protocol/openid-connect/certs", realm))) + .willReturn( + WireMock.aResponse() + .withHeader("Content-Type", JWKSet.MIME_TYPE) + .withBody(tokenGenerator.getJwkSet().toString()))); + + final TokenGenerator.TokenGeneratorConfig config = + TokenGenerator.TokenGeneratorConfig.builder().port(port).realm(realm).sub("test-user").build(); + + WireMock.stubFor( + WireMock.post( + WireMock.urlMatching( + String.format("/auth/realms/%s/protocol/openid-connect/token", realm))) + .withBasicAuth("test", "test") + .withRequestBody(WireMock.containing("grant_type=client_credentials")) + .willReturn( + WireMock.aResponse() + .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE) + .withBody( + objectMapper + .createObjectNode() + .put("token_type", "bearer") + .put("access_token", tokenGenerator.generateToken(config)) + .put("expires_in", config.getExpireIn().getSeconds()) + .put("refresh_token", tokenGenerator.generateToken(config)) + .put("refresh_expires_in", config.getExpireIn().getSeconds()) + .put("not-before-policy", 0) + .put("session_state", UUID.randomUUID().toString()) + .put("scope", "email profile") + .toString()))); + } + + /** + * Builds an OAuth2 configuration including the roles, port and realm. This config can be used to + * generate OAuth2 access tokens. + * + * @param sub the userId + * @param roles the roles used for RBAC + * @return the OAuth2 configuration + */ + protected TokenGenerator.TokenGeneratorConfig getTokenGeneratorConfig(String sub, List<String> roles) { + return TokenGenerator.TokenGeneratorConfig.builder() + .port(port) + .sub(sub) + .realm(realm) + .roles(roles) + .build(); + } + + /** Get a RequestSpecification that does not have an Identity header. */ + protected RequestSpecification unauthenticatedRequestSpecification() { + return RestAssured.given().port(port); + } + + /** + * Object to store common attributes of requests that are going to be made. Adds an Identity + * header for the <code>onap_admin</code> role to the request. + * @return the definition of the incoming request (northbound) + */ + protected RequestSpecification requestSpecification() { + final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig("test-user", List.of("foo"))); + + return unauthenticatedRequestSpecification() + .auth() + .preemptive() + .oauth2(idToken) + .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken); + } + + /** + * Object to store common attributes of requests that are going to be made. Adds an Identity + * header for the <code>onap_admin</code> role to the request. + * @param userId the userId that should be contained in the incoming request + * @return the definition of the incoming request (northbound) + */ + protected RequestSpecification requestSpecification(String userId) { + final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig(userId, List.of("foo"))); + + return unauthenticatedRequestSpecification() + .auth() + .preemptive() + .oauth2(idToken) + .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken); + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java new file mode 100644 index 0000000..6883064 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java @@ -0,0 +1,130 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import java.time.Clock; +import java.time.Duration; +import java.time.Instant; +import java.util.Date; +import java.util.UUID; + +import com.nimbusds.jose.JOSEObjectType; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.JWSSigner; +import com.nimbusds.jose.crypto.RSASSASigner; +import com.nimbusds.jose.jwk.JWKSet; +import com.nimbusds.jose.jwk.KeyUse; +import com.nimbusds.jose.jwk.RSAKey; +import com.nimbusds.jose.jwk.gen.RSAKeyGenerator; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.SignedJWT; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import io.vavr.collection.List; +import lombok.Builder; +import lombok.Getter; +import lombok.NonNull; + +@Component +public class TokenGenerator { + + private static final String ROLES_CLAIM = "roles"; + private static final String USERID_CLAIM = "sub"; + + private final Clock clock; + private final RSAKey jwk; + private final JWKSet jwkSet; + private final JWSSigner signer; + + @Autowired + public TokenGenerator(Clock clock) { + try { + this.clock = clock; + jwk = + new RSAKeyGenerator(2048) + .keyUse(KeyUse.SIGNATURE) + .keyID(UUID.randomUUID().toString()) + .generate(); + jwkSet = new JWKSet(jwk); + signer = new RSASSASigner(jwk); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + public JWKSet getJwkSet() { + return jwkSet; + } + + public String generateToken(TokenGeneratorConfig config) { + final Instant iat = clock.instant(); + final Instant exp = iat.plus(config.expireIn); + + final JWTClaimsSet claims = + new JWTClaimsSet.Builder() + .jwtID(UUID.randomUUID().toString()) + .subject(UUID.randomUUID().toString()) + .issuer(config.issuer()) + .issueTime(Date.from(iat)) + .expirationTime(Date.from(exp)) + .claim(ROLES_CLAIM, config.getRoles()) + .claim(USERID_CLAIM, config.getSub()) + .build(); + + final SignedJWT jwt = + new SignedJWT( + new JWSHeader.Builder(JWSAlgorithm.RS256) + .keyID(jwk.getKeyID()) + .type(JOSEObjectType.JWT) + .build(), + claims); + + try { + jwt.sign(signer); + } catch (Exception e) { + throw new RuntimeException(e); + } + + return jwt.serialize(); + } + + @Getter + @Builder + public static class TokenGeneratorConfig { + private final int port; + + @NonNull private final String sub; + + @NonNull private final String realm; + + @NonNull @Builder.Default private final Duration expireIn = Duration.ofMinutes(5); + + @Builder.Default private final List<String> roles = List.empty(); + + public String issuer() { + return String.format("http://localhost:%d/auth/realms/%s", port, realm); + } + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java new file mode 100644 index 0000000..95e9b2a --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java @@ -0,0 +1,48 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.actuator; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.onap.portal.prefs.BaseIntegrationTest; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.availability.ApplicationAvailability; +import org.springframework.boot.availability.LivenessState; +import org.springframework.boot.availability.ReadinessState; + +class ActuatorIntegrationTest extends BaseIntegrationTest { + + @Autowired private ApplicationAvailability applicationAvailability; + + @Test + void livenessProbeIsAvailable() { + assertThat(applicationAvailability.getLivenessState()).isEqualTo(LivenessState.CORRECT); + } + + @Test + void readinessProbeIsAvailable() { + + assertThat(applicationAvailability.getReadinessState()) + .isEqualTo(ReadinessState.ACCEPTING_TRAFFIC); + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java new file mode 100644 index 0000000..b5f4cf1 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java @@ -0,0 +1,198 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.preferences; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.junit.jupiter.api.Test; +import org.onap.portal.prefs.BaseIntegrationTest; +import org.onap.portal.prefs.openapi.model.Preferences; +import org.onap.portal.prefs.services.PreferencesService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; + +import io.restassured.http.ContentType; +import io.restassured.http.Header; + +class PreferencesControllerIntegrationTest extends BaseIntegrationTest { + + protected static final String X_REQUEST_ID = "addf6005-3075-4c80-b7bc-2c70b7d42b57"; + + @Autowired + PreferencesService preferencesService; + + @Test + void thatUserPreferencesCanBeRetrieved() { + // First save a user preference before a GET can run + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + preferencesService + .savePreferences(X_REQUEST_ID,"test-user", expectedResponse) + .block(); + + Preferences actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanNotBeRetrieved() { + unauthenticatedRequestSpecification() + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.UNAUTHORIZED.value()); + } + + @Test + void thatUserPreferencesCanBeSaved() { + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + Preferences actualResponse = requestSpecification() + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .body(expectedResponse) + .when() + .post("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanBeUpdated() { + // First save a user preference before a GET can run + Preferences initialPreferences = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + preferencesService + .savePreferences(X_REQUEST_ID,"test-user", initialPreferences) + .block(); + + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value3\",\n" + + " \"dashboard\": {\"key2:\" : \"value4\"}\n" + + " } \n" + + "}"); + Preferences actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .body(expectedResponse) + .when() + .put("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanNotBeFound() { + + Preferences actualResponse = requestSpecification("test-canNotBeFound") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(""); + } + + @Test + void thatUserPreferencesHasXRequestIdHeader() { + + String actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .header("X-Request-Id"); + + assertThat(actualResponse).isNotNull().isEqualTo(X_REQUEST_ID); + } + + @Test + void thatUserPreferencesHasNoXRequestIdHeader() { + + requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.BAD_REQUEST.value()); + + + } +} diff --git a/app/src/test/resources/application.yml b/app/src/test/resources/application.yml new file mode 100644 index 0000000..3316c0d --- /dev/null +++ b/app/src/test/resources/application.yml @@ -0,0 +1,35 @@ +server: + port: 9001 + address: 0.0.0.0 + +spring: + mongodb: + embedded: + version: 3.2.8 + jackson: + serialization: + # needed for serializing objects of type object + FAIL_ON_EMPTY_BEANS: false + security: + oauth2: + resourceserver: + jwt: + jwk-set-uri: http://localhost:${wiremock.server.port}/auth/realms/ONAP/protocol/openid-connect/certs #Keycloak Endpoint + +portal-prefs: + realm: ONAP + +management: + endpoints: + web: + exposure: + include: "*" + info: + build: + enabled: true + env: + enabled: true + git: + enabled: true + java: + enabled: true diff --git a/app/src/test/resources/logback-spring.xml b/app/src/test/resources/logback-spring.xml new file mode 100644 index 0000000..05503bc --- /dev/null +++ b/app/src/test/resources/logback-spring.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration scan="true"> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>${LOGBACK_LEVEL:-info}</level> + </filter> + <encoder class="net.logstash.logback.encoder.LogstashEncoder"/> + </appender> + + <root level="all"> + <appender-ref ref="stdout"/> + </root> +</configuration> diff --git a/development/.env b/development/.env new file mode 100644 index 0000000..ff65652 --- /dev/null +++ b/development/.env @@ -0,0 +1,15 @@ +KEYCLOAK_IMAGE=quay.io/keycloak/keycloak +KEYCLOAK_VERSION=18.0.2-legacy +KEYCLOAK_USER=admin +KEYCLOAK_PASSWORD=password +KEYCLOAK_DB=keycloak +KEYCLOAK_DB_USER=keycloak +KEYCLOAK_DB_PASSWORD=password +POSTGRES_IMAGE=postgres +POSTGRES_VERSION=15rc1 +MONGO_IMAGE=mongo +MONGO_VERSION=latest +MONGO_USER=root +MONGO_PASSWORD=password + + diff --git a/development/config/onap-realm.json b/development/config/onap-realm.json new file mode 100644 index 0000000..75bdb6a --- /dev/null +++ b/development/config/onap-realm.json @@ -0,0 +1,70 @@ +{ + "id": "ONAP", + "realm": "ONAP", + "enabled": true, + "clients": [ + { + "clientId": "portal-app", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "users": [ + { + "createdTimestamp": 1664965113698, + "username": "onap-admin", + "enabled": true, + "totp": false, + "emailVerified": false, + "credentials": [ + { + "type": "password", + "createdDate": 1664965134586, + "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-onap" + ], + "notBefore": 0, + "groups": [] + } + ] +}
\ No newline at end of file diff --git a/development/docker-compose.yml b/development/docker-compose.yml new file mode 100644 index 0000000..b08f7d5 --- /dev/null +++ b/development/docker-compose.yml @@ -0,0 +1,40 @@ +version: '3' + +volumes: + postgres_data: + driver: local + +services: + postgres: + image: "${POSTGRES_IMAGE}:${POSTGRES_VERSION}" + volumes: + - postgres_data:/var/lib/postgresql/data + environment: + POSTGRES_DB: ${KEYCLOAK_DB} + POSTGRES_USER: ${KEYCLOAK_DB_USER} + POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD} + keycloak: + image: "${KEYCLOAK_IMAGE}:${KEYCLOAK_VERSION}" + environment: + DB_VENDOR: POSTGRES + DB_ADDR: postgres + DB_DATABASE: ${KEYCLOAK_DB} + DB_USER: ${KEYCLOAK_DB_USER} + DB_SCHEMA: public + DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD} + KEYCLOAK_USER: ${KEYCLOAK_USER} + KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD} + KEYCLOAK_IMPORT: /config/onap-realm.json + ports: + - 8080:8080 + volumes: + - ./config:/config + depends_on: + - postgres + mongo: + image: "${MONGO_IMAGE}:${MONGO_VERSION}" + ports: + - 27017:27017 + environment: + MONGO_INITDB_ROOT_USERNAME: ${MONGO_USER} + MONGO_INITDB_ROOT_PASSWORD: ${MONGO_PASSWORD} diff --git a/development/request.http b/development/request.http new file mode 100644 index 0000000..403d4bc --- /dev/null +++ b/development/request.http @@ -0,0 +1,48 @@ +POST http://localhost:8080/auth/realms/ONAP/protocol/openid-connect/token +Content-Type: application/x-www-form-urlencoded + +client_id=portal-app&client_secret=&scope=openid&grant_type=password&username=onap-admin&password=password +> {% + client.global.set("access_token", response.body.access_token); + client.global.set("id_token", response.body.id_token); + %} + +### + +POST http://localhost:9001/v1/preferences +Accept: application/json +Content-Type: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} +X-Request-Id: {{$uuid}} + +{ + "properties": { + "dashboard": { + "apps": { + "availableTiles": [ + { + "type": "USER_LAST_ACTION_TILE", + "displayed": false + } + ], + "lastUserAction": { + "interval": "1H", + "filterType": "ALL" + } + } + } + } +} + +### + +GET http://localhost:9001/v1/preferences +Accept: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} +X-Request-Id: {{$uuid}} + +### + + diff --git a/development/run.sh b/development/run.sh new file mode 100755 index 0000000..4f90ee5 --- /dev/null +++ b/development/run.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +docker compose -f "$SCRIPT_DIR/docker-compose.yml" up -d + +cd $SCRIPT_DIR/.. +SPRING_PROFILES_ACTIVE=local ./gradlew bootRun
\ No newline at end of file diff --git a/development/stop.sh b/development/stop.sh new file mode 100755 index 0000000..9752a7f --- /dev/null +++ b/development/stop.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +# shutdown all docker container +docker compose -f "$SCRIPT_DIR/docker-compose.yml" down -v + +cd $SCRIPT_DIR/.. +./gradlew -stop
\ No newline at end of file diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar Binary files differnew file mode 100644 index 0000000..249e583 --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.jar diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..070cb70 --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,5 @@ +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists @@ -0,0 +1,240 @@ +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# +############################################################################## + +# Attempt to set APP_HOME + +# Resolve links: $0 may be a link +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit + +APP_NAME="Gradle" +APP_BASE_NAME=${0##*/} + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..53a6b23 --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,91 @@ +@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%"=="" @echo off
+@rem ##########################################################################
+@rem
+@rem Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%"=="" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if %ERRORLEVEL% equ 0 goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if %ERRORLEVEL% equ 0 goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/lombok.config b/lombok.config new file mode 100644 index 0000000..7a21e88 --- /dev/null +++ b/lombok.config @@ -0,0 +1 @@ +lombok.addLombokGeneratedAnnotation = true diff --git a/openapi/build.gradle b/openapi/build.gradle new file mode 100644 index 0000000..01664eb --- /dev/null +++ b/openapi/build.gradle @@ -0,0 +1,53 @@ +plugins { + id 'java' + id 'idea' + id 'org.openapi.generator' version '5.3.0' +} + +repositories { + mavenCentral() +} + +dependencies { + implementation 'org.openapitools:openapi-generator:5.3.0' + implementation 'org.springframework.boot:spring-boot-starter-webflux:2.5.5' + // NOTE(KE) needed to add these dependencies, check in next version whether its removable... + // https://github.com/OpenAPITools/openapi-generator/issues/8360 + compileOnly "io.springfox:springfox-swagger2:3.0.0" +} + +// https://github.com/OpenAPITools/openapi-generator/blob/master/modules/openapi-generator-gradle-plugin/README.adoc +openApiGenerate { + generatorName = "spring" + library = "spring-boot" + inputSpec = "$projectDir/src/main/resources/api/api.yml" + outputDir = "$buildDir/openapi" + configOptions = [ + openApiNullable: "false", + skipDefaultInterface: "true", + dateLibrary: "java8", + interfaceOnly: "true", + useTags: "true", + useOptional: "true", + reactive: "true" + ] + generateApiTests = false + generateApiDocumentation = false + generateModelTests = false + generateModelDocumentation = false + invokerPackage = "org.onap.portal.prefs.openapi" + apiPackage = "org.onap.portal.prefs.openapi.api" + modelPackage = "org.onap.portal.prefs.openapi.model" +} + +compileJava { + dependsOn tasks.openApiGenerate +} + +sourceSets { + main { + java { + srcDirs += file("$buildDir/openapi/src/main/java") + } + } +} diff --git a/openapi/src/main/resources/api/api.yml b/openapi/src/main/resources/api/api.yml new file mode 100644 index 0000000..e578911 --- /dev/null +++ b/openapi/src/main/resources/api/api.yml @@ -0,0 +1,240 @@ +openapi: 3.0.2 +info: + title: Config API + version: '1.0' +servers: + - url: 'http://localhost:9001/{base}' + variables: + base: + default: 'portal-prefs' + description: Basepath +paths: + /v1/preferences: + get: + description: Returns user preferences + summary: Get user preferences + operationId: getPreferences + parameters: + - $ref: '#/components/parameters/XRequestIdHeader' + tags: + - preferences + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Preferences' + '400': + $ref: '#/components/responses/BadRequest' + '401': + $ref: '#/components/responses/Unauthorized' + '403': + $ref: '#/components/responses/Forbidden' + '500': + $ref: '#/components/responses/InternalServerError' + '502': + $ref: '#/components/responses/BadGateway' + put: + description: Updates user preferences + summary: Update user preferences + operationId: updatePreferences + parameters: + - $ref: '#/components/parameters/XRequestIdHeader' + tags: + - preferences + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/Preferences' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Preferences' + '400': + $ref: '#/components/responses/BadRequest' + '401': + $ref: '#/components/responses/Unauthorized' + '403': + $ref: '#/components/responses/Forbidden' + '500': + $ref: '#/components/responses/InternalServerError' + '502': + $ref: '#/components/responses/BadGateway' + post: + description: Save user preferences + summary: Save user preferences + operationId: savePreferences + parameters: + - $ref: '#/components/parameters/XRequestIdHeader' + tags: + - preferences + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/Preferences' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Preferences' + '400': + $ref: '#/components/responses/BadRequest' + '401': + $ref: '#/components/responses/Unauthorized' + '403': + $ref: '#/components/responses/Forbidden' + '500': + $ref: '#/components/responses/InternalServerError' + '502': + $ref: '#/components/responses/BadGateway' +components: + parameters: + XRequestIdHeader: + name: X-Request-Id + in: header + description: The unique identifier of the request + required: true + schema: + type: string + schemas: + Preferences: + type: object + properties: + properties: + type: object + required: + - properties + Problem: + type: object + properties: + type: + type: string + format: uri-reference + description: | + A URI reference that uniquely identifies the problem type only in the context of the provided API. Opposed to the specification in RFC-7807, it is neither recommended to be dereferencable and point to a human-readable documentation nor globally unique for the problem type. + default: 'about:blank' + example: /problem/connection-error + title: + type: string + description: | + A short summary of the problem type. Written in English and readable for engineers, usually not suited for non technical stakeholders and not localized. + example: Service Unavailable + status: + type: integer + format: int32 + description: | + The HTTP status code generated by the origin server for this occurrence of the problem. + minimum: 100 + maximum: 600 + exclusiveMaximum: true + example: 503 + detail: + type: string + description: | + A human readable explanation specific to this occurrence of the problem that is helpful to locate the problem and give advice on how to proceed. Written in English and readable for engineers, usually not suited for non technical stakeholders and not localized. + example: Connection to database timed out + instance: + type: string + format: uri-reference + description: | + A URI reference that identifies the specific occurrence of the problem, e.g. by adding a fragment identifier or sub-path to the problem type. May be used to locate the root of this problem in the source code. + example: /problem/connection-error#token-info-read-timed-out + responses: + BadRequest: + description: '400: Bad Request' + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Problem' + headers: + X-Request-Id: + schema: + type: string + description: A <uuid4> in each response + Unauthorized: + description: '401: Unauthorized' + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Problem' + headers: + X-Request-Id: + schema: + type: string + description: A <uuid4> in each response + Forbidden: + description: '403: Forbidden' + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Problem' + headers: + X-Request-Id: + schema: + type: string + description: A <uuid4> in each response + NotFound: + description: '404: Not Found' + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Problem' + headers: + X-Request-Id: + schema: + type: string + description: A <uuid4> in each response + NotAllowed: + description: '405: Method Not Allowed' + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Problem' + headers: + X-Request-Id: + schema: + type: string + description: A <uuid4> in each response + Conflict: + description: '409: Conflict' + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Problem' + headers: + X-Request-Id: + schema: + type: string + description: A <uuid4> in each response + InternalServerError: + description: Internal Server Error + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Problem' + headers: + X-Request-Id: + schema: + type: string + description: A <uuid4> in each response + BadGateway: + description: Bad Gateway + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Problem' + headers: + X-Request-Id: + schema: + type: string + description: A <uuid4> in each response diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 0000000..dc99316 --- /dev/null +++ b/settings.gradle @@ -0,0 +1,43 @@ +// Centrally declare plugin versions here +pluginManagement { + // https://docs.gradle.org/current/userguide/plugins.html#sec:plugin_version_management + plugins { + id 'io.spring.dependency-management' version '1.0.13.RELEASE' + id 'org.springframework.boot' version '2.7.3' + id 'org.sonarqube' version '3.4.0.2513' + id 'com.github.hierynomus.license' version '0.16.1' + id 'com.gorylenko.gradle-git-properties' version '2.4.1' + } + // https://docs.gradle.org/current/userguide/plugins.html#sec:custom_plugin_repositories + repositories { + mavenCentral() + maven { + url "https://plugins.gradle.org/m2/" + } + } +} + +// This is a preview feature, enable in the future and remove repositories blocks from sub build.gradles +// https://docs.gradle.org/current/userguide/declaring_repositories.html#sub:centralized-repository-declaration +// dependencyResolutionManagement { +// maven { +// url "${maven_central_url}" +// credentials { +// username = "${artifactory_user}" +// password = "${artifactory_password}" +// } +// } +// maven { +// url "${gradle_plugins_url}" +// credentials { +// username = "${artifactory_user}" +// password = "${artifactory_password}" +// } +// } +// } + +rootProject.name = 'portal-prefs' + +include 'openapi' +include 'app' + @@ -0,0 +1 @@ +0.1.0 |