From 94aa4287ba3df1f2aa64f595fa3cb76a0a96c44c Mon Sep 17 00:00:00 2001 From: deiflaender Date: Fri, 24 Mar 2023 13:18:56 +0100 Subject: [PATCH] RED-4515: Rename master realm client to redaction as this make configuration much easier --- .../service/TenantManagementService.java | 1 - .../src/main/resources/application-dev.yml | 2 +- .../src/main/resources/application.yml | 2 +- .../AbstractPersistenceServerServiceTest.java | 3 +- .../utils/KeyCloakTestContainer.java | 74 ++----------------- .../src/test/resources/application.yml | 4 +- 6 files changed, 13 insertions(+), 73 deletions(-) diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/TenantManagementService.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/TenantManagementService.java index 6693f193f..aae64b511 100644 --- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/TenantManagementService.java +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/TenantManagementService.java @@ -238,7 +238,6 @@ public class TenantManagementService { swaggerClient.setDirectAccessGrantsEnabled(false); swaggerClient.setServiceAccountsEnabled(true); swaggerClient.setAuthorizationServicesEnabled(true); - swaggerClient.setSecret("OsloImWinter!23"); swaggerClient.setRedirectUris(List.of("/redaction-gateway-v1/*")); redaction.setClients(List.of(redactionClient, swaggerClient)); diff --git a/persistence-service-v1/persistence-service-server-v1/src/main/resources/application-dev.yml b/persistence-service-v1/persistence-service-server-v1/src/main/resources/application-dev.yml index 9ecfa872f..6132a6dda 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/main/resources/application-dev.yml +++ b/persistence-service-v1/persistence-service-server-v1/src/main/resources/application-dev.yml @@ -60,7 +60,7 @@ keycloak: commons: keycloak: applicationClientId: redaction - clientId: redaction-system + clientId: redaction clientSecret: G5E1qLU8ZNdDv7HY5BNLPdt5nXdeF7cU realm: redaction serverUrl: http://localhost:8080 diff --git a/persistence-service-v1/persistence-service-server-v1/src/main/resources/application.yml b/persistence-service-v1/persistence-service-server-v1/src/main/resources/application.yml index 21e41940f..b92394b2a 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/main/resources/application.yml +++ b/persistence-service-v1/persistence-service-server-v1/src/main/resources/application.yml @@ -132,7 +132,7 @@ keycloak: sslRequired: none auth-server-url: https://red-staging.iqser.cloud/auth realm: master - resource: redaction-system + resource: redaction disableTrustManager: true useResourceRoleMappings: true enabled: true diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/utils/AbstractPersistenceServerServiceTest.java b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/utils/AbstractPersistenceServerServiceTest.java index 15562307d..0b8e84f8e 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/utils/AbstractPersistenceServerServiceTest.java +++ b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/utils/AbstractPersistenceServerServiceTest.java @@ -238,8 +238,7 @@ public abstract class AbstractPersistenceServerServiceTest { userService.evictUserCache(); var allUsers = userService.getAllUsers(); - if (allUsers.isEmpty()) { - + if (allUsers.size() == 1) { var redactionSystemClient = new ClientRepresentation(); redactionSystemClient.setEnabled(true); diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/utils/KeyCloakTestContainer.java b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/utils/KeyCloakTestContainer.java index 028d37f12..844214775 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/utils/KeyCloakTestContainer.java +++ b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/utils/KeyCloakTestContainer.java @@ -3,7 +3,6 @@ package com.iqser.red.service.peristence.v1.server.integration.utils; import java.util.ArrayList; import java.util.List; -import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.UserResource; import org.keycloak.representations.idm.ClientRepresentation; @@ -33,89 +32,32 @@ public class KeyCloakTestContainer { var redaction = adminClient.realm("master"); var redactionClient = new ClientRepresentation(); + + redactionClient.setId("redaction"); redactionClient.setEnabled(true); redactionClient.setName("redaction"); + redactionClient.setSecret("redaction"); + redactionClient.setServiceAccountsEnabled(true); + redactionClient.setDirectAccessGrantsEnabled(true); redactionClient.setStandardFlowEnabled(true); redactionClient.setImplicitFlowEnabled(true); redactionClient.setDirectAccessGrantsEnabled(true); - - var redactionSystemClient = new ClientRepresentation(); -// -// RoleRepresentation createRealm = new RoleRepresentation(); -// createRealm.setName("create-realm"); -// -// RoleRepresentation viewRealm = new RoleRepresentation(); -// viewRealm.setName("view-realm"); -// -// RoleRepresentation manageRealm = new RoleRepresentation(); -// manageRealm.setName("manage-realm"); -// -// RoleRepresentation manageUsers = new RoleRepresentation(); -// manageUsers.setName("manage-users"); -// -// RoleRepresentation manageClients = new RoleRepresentation(); -// manageClients.setName("manage-clients"); - -// RolesRepresentation rolesRepresentation = new RolesRepresentation(); -// rolesRepresentation.setRealm(List.of(createRealm)); -// redaction.setRoles(rolesRepresentation); - - redactionSystemClient.setId("redaction-system"); - redactionSystemClient.setEnabled(true); - redactionSystemClient.setName("redaction-system"); - redactionSystemClient.setSecret("redaction-system"); - redactionSystemClient.setServiceAccountsEnabled(true); - redactionSystemClient.setDirectAccessGrantsEnabled(true); - redactionSystemClient.setStandardFlowEnabled(true); - redactionSystemClient.setImplicitFlowEnabled(true); - redactionSystemClient.setDirectAccessGrantsEnabled(true); redaction.clients().create(redactionClient); - redaction.clients().create(redactionSystemClient); + redaction.clients().create(redactionClient); RealmResource myRealm = adminClient.realm("master"); - String userId = myRealm.clients().get("redaction-system").getServiceAccountUser().getId(); + String userId = myRealm.clients().get("redaction").getServiceAccountUser().getId(); UserResource serviceAccountUser = myRealm.users().get(userId); -// ClientRepresentation clientThatOwnsRole = myRealm.clients() -// .findByClientId("realm-management").get(0); - - ClientRepresentation clientThatOwnsRole = myRealm.clients() - .findByClientId("master-realm").get(0); + ClientRepresentation clientThatOwnsRole = myRealm.clients().findByClientId("master-realm").get(0); String clientIdOfRoleOwner = clientThatOwnsRole.getId(); - ClientResource clientResourceOfRoleOwner = myRealm.clients().get(clientIdOfRoleOwner); -// myRealm.clients().get(clientIdOfRoleOwner).roles().list(); -// List rolesToAssign = new ArrayList<>(); -// -// rolesToAssign.add(clientResourceOfRoleOwner.roles().get("view-users").toRepresentation()); -// rolesToAssign.add(clientResourceOfRoleOwner.roles().get("manage-realm").toRepresentation()); -// rolesToAssign.add(clientResourceOfRoleOwner.roles().get("create-realm").toRepresentation()); -// -// myRealm.clients().get(clientIdOfRoleOwner).roles().list().forEach(role -> { -// serviceAccountUser.roles().clientLevel(clientIdOfRoleOwner).add(role); -// }); List roles = new ArrayList<>(); roles.addAll(myRealm.clients().get(clientIdOfRoleOwner).roles().list()); -// roles.add(myRealm.roles().get("create-realm").toRepresentation()); serviceAccountUser.roles().clientLevel(clientIdOfRoleOwner).add(roles); serviceAccountUser.roles().realmLevel().add(List.of(myRealm.roles().get("create-realm").toRepresentation())); -// System.out.println(KeycloakBuilder.builder() -// .serverUrl(keycloak.getAuthServerUrl()) -// .realm("management") -// .clientId("redaction-system") -// .clientSecret("redaction-system") -// .grantType(OAuth2Constants.CLIENT_CREDENTIALS) -// .resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS) -// .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY) -// .connectionPoolSize(10) -// .disableTrustManager() -// .build()) -// .build() -// .realm("management") -// .toRepresentation()); - } return keycloak; diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/resources/application.yml b/persistence-service-v1/persistence-service-server-v1/src/test/resources/application.yml index 37310a6aa..564764660 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/test/resources/application.yml +++ b/persistence-service-v1/persistence-service-server-v1/src/test/resources/application.yml @@ -127,6 +127,6 @@ commons: keycloak: application-client-id: redaction realm: master - client-id: redaction-system - client-secret: redaction-system + client-id: redaction + client-secret: redaction