From ad7035d7cf4c3098d32a198633d9b782e7e0bf24 Mon Sep 17 00:00:00 2001 From: maverickstuder Date: Mon, 18 Nov 2024 16:04:17 +0100 Subject: [PATCH] RED-10196: Backend adaptions for RM/DM unification --- .../external/GeneralSettingsController.java | 7 +- .../controller/external/UserController.java | 7 +- .../initializer/MigrateOnlyHook.java | 4 +- .../properties/ApplicationTypeProperties.java | 25 ++ .../TenantUserManagementProperties.java | 27 +- .../repository/TenantRepository.java | 4 + .../service/GeneralConfigurationService.java | 27 +- .../service/KeyCloakRoleManagerService.java | 23 +- .../service/TenantApplicationTypeService.java | 54 ++++ .../service/TenantManagementService.java | 108 ++++---- .../service/UserListingService.java | 7 +- .../service/UserService.java | 24 +- src/main/resources/application-clarifynd.yaml | 128 --------- src/main/resources/application-dev.yaml | 91 ------- src/main/resources/application-dev.yml | 93 +++++++ src/main/resources/application-documine.yaml | 61 ----- src/main/resources/application-migration.yaml | 54 ---- src/main/resources/application-redaction.yaml | 63 ----- src/main/resources/application.yml | 246 +++++++++++++++++- .../tenantusermanagement/tests/UserTest.java | 14 +- .../utils/TenantSyncUtils.java | 18 +- .../utils/TokenService.java | 6 +- src/test/resources/application.yaml | 198 -------------- src/test/resources/application.yml | 203 +++++++++++++++ 24 files changed, 769 insertions(+), 723 deletions(-) create mode 100644 src/main/java/com/knecon/fforesight/tenantusermanagement/properties/ApplicationTypeProperties.java create mode 100644 src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantApplicationTypeService.java delete mode 100644 src/main/resources/application-clarifynd.yaml delete mode 100644 src/main/resources/application-dev.yaml create mode 100644 src/main/resources/application-dev.yml delete mode 100644 src/main/resources/application-documine.yaml delete mode 100644 src/main/resources/application-migration.yaml delete mode 100644 src/main/resources/application-redaction.yaml delete mode 100644 src/test/resources/application.yaml create mode 100644 src/test/resources/application.yml diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/GeneralSettingsController.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/GeneralSettingsController.java index 8d59875..aec3a53 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/GeneralSettingsController.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/GeneralSettingsController.java @@ -7,10 +7,12 @@ import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; +import com.knecon.fforesight.tenantcommons.TenantContext; import com.knecon.fforesight.tenantusermanagement.api.external.GeneralSettingsResource; import com.knecon.fforesight.tenantusermanagement.api.external.PublicResource; import com.knecon.fforesight.tenantusermanagement.model.GeneralConfigurationModel; import com.knecon.fforesight.tenantusermanagement.service.GeneralConfigurationService; +import com.knecon.fforesight.tenantusermanagement.service.TenantManagementService; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -21,13 +23,14 @@ import lombok.extern.slf4j.Slf4j; public class GeneralSettingsController implements GeneralSettingsResource, PublicResource { private final GeneralConfigurationService generalConfigurationService; + private final TenantManagementService tenantManagementService; @Override @PreAuthorize("hasAuthority('" + READ_GENERAL_CONFIGURATION + "')") public GeneralConfigurationModel getGeneralConfigurations() { - return generalConfigurationService.getGeneralConfigurations(); + return generalConfigurationService.getGeneralConfigurations(tenantManagementService.getTenantApplicationType(TenantContext.getTenantId())); } @@ -35,7 +38,7 @@ public class GeneralSettingsController implements GeneralSettingsResource, Publi @PreAuthorize("hasAuthority('" + WRITE_GENERAL_CONFIGURATION + "')") public void updateGeneralConfigurations(@RequestBody GeneralConfigurationModel generalConfigurationModel) { - generalConfigurationService.updateGeneralConfigurations(generalConfigurationModel); + generalConfigurationService.updateGeneralConfigurations(generalConfigurationModel, tenantManagementService.getTenantApplicationType(TenantContext.getTenantId())); } } diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java index c438815..bf3f6ea 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java @@ -8,7 +8,6 @@ import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagem import java.util.List; import java.util.Set; -import java.util.function.Predicate; import java.util.stream.Collectors; import org.apache.commons.lang3.StringUtils; @@ -28,7 +27,7 @@ import com.knecon.fforesight.tenantusermanagement.model.UpdateMyProfileRequest; import com.knecon.fforesight.tenantusermanagement.model.UpdateProfileRequest; import com.knecon.fforesight.tenantusermanagement.model.User; import com.knecon.fforesight.tenantusermanagement.permissions.ApplicationRoles; -import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties; +import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService; import com.knecon.fforesight.tenantusermanagement.service.UserService; import jakarta.validation.Valid; @@ -42,7 +41,7 @@ public class UserController implements UserResource, PublicResource { private final UserService userService; - private final TenantUserManagementProperties tenantUserManagementProperties; + private final TenantApplicationTypeService tenantApplicationTypeService; @Override @@ -52,7 +51,7 @@ public class UserController implements UserResource, PublicResource { if (bypassCache) { userService.evictUserCache(); } - var mappedRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles(); + var mappedRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles(); return userService.getAllUsers() .stream() diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/initializer/MigrateOnlyHook.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/initializer/MigrateOnlyHook.java index b3f2199..d95632d 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/initializer/MigrateOnlyHook.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/initializer/MigrateOnlyHook.java @@ -34,9 +34,7 @@ public class MigrateOnlyHook { @EventListener(ApplicationReadyEvent.class) public void migrate() { - tenantManagementService.getTenants().forEach(tenant -> { - keyCloakRoleManagerService.updateRoles(tenant.getTenantId()); - }); + tenantManagementService.getTenants().forEach(tenant -> keyCloakRoleManagerService.updateRoles(tenant.getTenantId(), tenant.getApplicationType())); // This should only run in post upgrade hook if (isMigrateOnly) { diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/properties/ApplicationTypeProperties.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/properties/ApplicationTypeProperties.java new file mode 100644 index 0000000..ef99eb5 --- /dev/null +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/properties/ApplicationTypeProperties.java @@ -0,0 +1,25 @@ +package com.knecon.fforesight.tenantusermanagement.properties; + +import java.util.ArrayList; +import java.util.List; + +import com.knecon.fforesight.tenantusermanagement.model.KCRoleMapping; + +import lombok.Data; + +@Data +public class ApplicationTypeProperties { + + private String applicationClientId; + private String applicationName; + private Integer tenantAccessTokenLifeSpan = 300; + private Integer accessTokenLifeSpan = 1800; + private Integer ssoSessionIdleTimeout = 86400; + private Integer refreshTokenMaxReuse; + private String defaultTheme = "redaction"; + private List validRedirectUris = new ArrayList<>(); + private KCRoleMapping kcRoleMapping = new KCRoleMapping(); + private String loginTheme; + private String appPrefix; + +} diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/properties/TenantUserManagementProperties.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/properties/TenantUserManagementProperties.java index ca79974..0f440cf 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/properties/TenantUserManagementProperties.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/properties/TenantUserManagementProperties.java @@ -1,11 +1,13 @@ package com.knecon.fforesight.tenantusermanagement.properties; -import java.util.ArrayList; -import java.util.List; +import java.util.HashMap; +import java.util.Locale; +import java.util.Map; import org.springframework.boot.context.properties.ConfigurationProperties; -import com.knecon.fforesight.tenantusermanagement.model.KCRoleMapping; +import com.knecon.fforesight.tenantcommons.TenantApplicationType; +import com.knecon.fforesight.tenantcommons.TenantContext; import lombok.Data; @@ -14,24 +16,17 @@ import lombok.Data; public class TenantUserManagementProperties { private String serverUrl; - private String publicServerUrl; - private String realm; - private String applicationClientId; - private String swaggerClientId ="swagger-ui-client"; + private String realm = "master"; + private String swaggerClientId = "swagger-ui-client"; private String swaggerClientSecret; private String clientId; private String clientSecret; + private String publicServerUrl; private String basePath = "/"; private String basePathV2 = "/api"; private int connectionPoolSize = 10; - private String applicationName; - private Integer accessTokenLifeSpan = 1800; - private Integer ssoSessionIdleTimeout = 86400; - private int refreshTokenMaxReuse; - private String defaultTheme = "redaction"; - private List validRedirectUris = new ArrayList<>(); - private KCRoleMapping kcRoleMapping = new KCRoleMapping(); - private String loginTheme; - private String appPrefix; + + private Map applicationTypes = new HashMap<>(); + } diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/repository/TenantRepository.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/repository/TenantRepository.java index 369bbb2..addda3f 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/repository/TenantRepository.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/repository/TenantRepository.java @@ -2,6 +2,8 @@ package com.knecon.fforesight.tenantusermanagement.repository; import java.util.Optional; +import org.springframework.cache.annotation.CacheEvict; +import org.springframework.cache.annotation.Cacheable; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; @@ -18,12 +20,14 @@ public interface TenantRepository extends JpaRepository { Optional findByTenantId(@Param("tenantId") String tenantId); + @CacheEvict(value = "tenantApplicationType", key = "#tenantId") @Transactional @Modifying(clearAutomatically = true, flushAutomatically = true) @Query("delete from TenantEntity t where t.id = :tenantId ") void deleteByQuery(String tenantId); + @Cacheable(value = "tenantApplicationType", key = "#tenantId") @Query("select t.applicationType from TenantEntity t where t.tenantId = :tenantId") Optional findApplicationTypeByTenantId(@Param("tenantId") String tenantId); diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/GeneralConfigurationService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/GeneralConfigurationService.java index 094e649..1bd2256 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/GeneralConfigurationService.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/GeneralConfigurationService.java @@ -4,8 +4,10 @@ import org.apache.commons.lang3.StringUtils; import org.keycloak.representations.idm.RealmRepresentation; import org.springframework.stereotype.Service; +import com.knecon.fforesight.tenantcommons.TenantApplicationType; import com.knecon.fforesight.tenantcommons.TenantContext; import com.knecon.fforesight.tenantusermanagement.model.GeneralConfigurationModel; +import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties; import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties; import lombok.RequiredArgsConstructor; @@ -18,28 +20,30 @@ public class GeneralConfigurationService { private final RealmService realmService; private final TenantUserManagementProperties tenantUserManagementProperties; + private final TenantApplicationTypeService tenantApplicationTypeService; - public void initGeneralConfiguration(String tenantId) { + public void initGeneralConfiguration(String tenantId, TenantApplicationType tenantApplicationType) { TenantContext.setTenantId(tenantId); - var generalConfiguration = getGeneralConfigurations(); - log.info("Currently Configured Application Name: {}, default name: {}", generalConfiguration.getDisplayName(), tenantUserManagementProperties.getApplicationName()); - updateGeneralConfigurations(getGeneralConfigurations()); + var generalConfiguration = getGeneralConfigurations(tenantApplicationType); + log.info("Currently Configured Application Name: {}, default name: {}", generalConfiguration.getDisplayName(), tenantApplicationTypeService.getProperties(tenantApplicationType).getApplicationName()); + updateGeneralConfigurations(getGeneralConfigurations(tenantApplicationType), tenantApplicationType); TenantContext.clear(); } - public GeneralConfigurationModel getGeneralConfigurations() { + public GeneralConfigurationModel getGeneralConfigurations(TenantApplicationType tenantApplicationType) { var realm = realmService.realm(TenantContext.getTenantId()).toRepresentation(); var auxiliaryName = realm.getDisplayNameHtml(); String computedAuxiliaryName = null; - if (!tenantUserManagementProperties.getApplicationName().equals(auxiliaryName)) { + ApplicationTypeProperties currentAppTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType); + if (!currentAppTypeProperties.getApplicationName().equals(auxiliaryName)) { - auxiliaryName = StringUtils.replaceOnce(auxiliaryName, tenantUserManagementProperties.getApplicationName(), ""); + auxiliaryName = StringUtils.replaceOnce(auxiliaryName, currentAppTypeProperties.getApplicationName(), ""); auxiliaryName = StringUtils.replaceOnce(auxiliaryName, " (", ""); auxiliaryName = StringUtils.reverse(StringUtils.replaceOnce(StringUtils.reverse(auxiliaryName), ")", "")); @@ -54,7 +58,7 @@ public class GeneralConfigurationService { } - public void updateGeneralConfigurations(GeneralConfigurationModel generalConfigurationModel) { + public void updateGeneralConfigurations(GeneralConfigurationModel generalConfigurationModel, TenantApplicationType tenantApplicationType) { var realm = realmService.realm(TenantContext.getTenantId()); @@ -69,13 +73,14 @@ public class GeneralConfigurationService { realmRepresentation.setResetPasswordAllowed(generalConfigurationModel.isForgotPasswordFunctionEnabled()); realmRepresentation.setRevokeRefreshToken(true); - realmRepresentation.setRefreshTokenMaxReuse(tenantUserManagementProperties.getRefreshTokenMaxReuse()); + ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType); + realmRepresentation.setRefreshTokenMaxReuse(applicationTypeProperties.getRefreshTokenMaxReuse()); realmRepresentation.getAttributes().put("actionTokenGeneratedByUserLifespan.idp-verify-account-via-email", Integer.toString(86400)); if (!StringUtils.isEmpty(generalConfigurationModel.getAuxiliaryName())) { - setDisplayName(realmRepresentation, tenantUserManagementProperties.getApplicationName() + " (" + generalConfigurationModel.getAuxiliaryName() + ")"); + setDisplayName(realmRepresentation, applicationTypeProperties.getApplicationName() + " (" + generalConfigurationModel.getAuxiliaryName() + ")"); } else { - setDisplayName(realmRepresentation, tenantUserManagementProperties.getApplicationName()); + setDisplayName(realmRepresentation, applicationTypeProperties.getApplicationName()); } try { diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/KeyCloakRoleManagerService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/KeyCloakRoleManagerService.java index ec6596f..cd10871 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/KeyCloakRoleManagerService.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/KeyCloakRoleManagerService.java @@ -9,6 +9,8 @@ import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.springframework.stereotype.Component; +import com.knecon.fforesight.tenantcommons.TenantApplicationType; +import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties; import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties; import lombok.RequiredArgsConstructor; @@ -21,24 +23,26 @@ public class KeyCloakRoleManagerService { private final RealmService realmService; private final TenantUserManagementProperties tenantUserManagementProperties; + private final TenantApplicationTypeService tenantApplicationTypeService; - public void updateRoles(String tenantId) { + public void updateRoles(String tenantId, TenantApplicationType applicationType) { var realm = realmService.realm(tenantId); + ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType); log.info("Running KeyCloak Role Manager, managing client: {} with system client {}", - tenantUserManagementProperties.getApplicationClientId(), - tenantUserManagementProperties.getClientId()); + applicationTypeProperties.getApplicationClientId(), + tenantUserManagementProperties.getClientId()); var existingRoles = realm.roles().list().stream().map(RoleRepresentation::getName).collect(Collectors.toList()); log.info("Existing KC roles: {}", existingRoles); - var redactionClientRepresentation = getRedactionClientRepresentation(tenantId); + var redactionClientRepresentation = getRedactionClientRepresentation(tenantId, applicationTypeProperties.getApplicationClientId()); var redactionClient = realm.clients().get(redactionClientRepresentation.getId()); var clientRoles = redactionClient.roles().list().stream().map(RoleRepresentation::getName).collect(Collectors.toList()); - var allPermissions = tenantUserManagementProperties.getKcRoleMapping().getPermissions(); + var allPermissions = applicationTypeProperties.getKcRoleMapping().getPermissions(); log.info("Existing KC client roles: {}", clientRoles); log.info("Current Application KC client roles: {}", allPermissions); @@ -65,8 +69,8 @@ public class KeyCloakRoleManagerService { var allClientRoles = redactionClient.roles().list(); - var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles(); - var rolePermissionMappings = tenantUserManagementProperties.getKcRoleMapping().getRolePermissionMapping(); + var allRoles = applicationTypeProperties.getKcRoleMapping().getAllRoles(); + var rolePermissionMappings = applicationTypeProperties.getKcRoleMapping().getRolePermissionMapping(); // if an application-role doesn't exist, create it for (String applicationRole : allRoles) { @@ -93,7 +97,7 @@ public class KeyCloakRoleManagerService { log.info("Finished application role {}", applicationRole); } - var composites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites(); + var composites = applicationTypeProperties.getKcRoleMapping().getRoleComposites(); for (var key : composites.keySet()) { var realmRole = realm.roles().get(key).toRepresentation(); @@ -111,9 +115,8 @@ public class KeyCloakRoleManagerService { } - private ClientRepresentation getRedactionClientRepresentation(String tenantId) { + private ClientRepresentation getRedactionClientRepresentation(String tenantId, String applicationClientId) { - String applicationClientId = tenantUserManagementProperties.getApplicationClientId(); var clientRepresentationIterator = realmService.realm(tenantId).clients().findByClientId(applicationClientId).iterator(); if (clientRepresentationIterator.hasNext()) { diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantApplicationTypeService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantApplicationTypeService.java new file mode 100644 index 0000000..ddb4f7b --- /dev/null +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantApplicationTypeService.java @@ -0,0 +1,54 @@ +package com.knecon.fforesight.tenantusermanagement.service; + +import java.util.Locale; + +import org.springframework.http.HttpStatus; +import org.springframework.stereotype.Service; +import org.springframework.web.server.ResponseStatusException; + +import com.knecon.fforesight.tenantcommons.TenantApplicationType; +import com.knecon.fforesight.tenantcommons.TenantContext; +import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties; +import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties; +import com.knecon.fforesight.tenantusermanagement.repository.TenantRepository; + +import lombok.AccessLevel; +import lombok.RequiredArgsConstructor; +import lombok.experimental.FieldDefaults; + +@Service +@RequiredArgsConstructor +@FieldDefaults(level = AccessLevel.PRIVATE, makeFinal = true) +public class TenantApplicationTypeService { + + TenantUserManagementProperties tenantUserManagementProperties; + TenantRepository tenantRepository; + + + public TenantApplicationType getCurrent() { + + return get(TenantContext.getTenantId()); + } + + + public TenantApplicationType get(String tenantId) { + + return tenantRepository.findApplicationTypeByTenantId(tenantId) + .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Tenant does not exist")); + } + + + public ApplicationTypeProperties getProperties(TenantApplicationType applicationType) { + + return tenantUserManagementProperties.getApplicationTypes() + .get(applicationType.name().toLowerCase(Locale.ROOT)); + } + + + public ApplicationTypeProperties getCurrentProperties() { + + TenantApplicationType applicationType = get(TenantContext.getTenantId()); + return getProperties(applicationType); + } + +} diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java index af0d821..c0563fe 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java @@ -67,6 +67,7 @@ import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest; import com.knecon.fforesight.tenantusermanagement.model.SearchConnectionRequest; import com.knecon.fforesight.tenantusermanagement.model.TenantUser; import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest; +import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties; import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties; import com.knecon.fforesight.tenantusermanagement.repository.TenantRepository; import com.knecon.fforesight.tenantusermanagement.utils.JDBCUtils; @@ -108,6 +109,7 @@ public class TenantManagementService implements TenantProvider { private final RabbitTemplate rabbitTemplate; private final StorageConfiguration storageConfiguration; private final SMTPService smtpService; + private final TenantApplicationTypeService tenantApplicationTypeService; @Value("${fforesight.tenant-exchange.name}") private String tenantExchangeName; @@ -117,8 +119,8 @@ public class TenantManagementService implements TenantProvider { public TenantResponse createTenant(CreateTenantRequest tenantRequest) { // For now we update the master realm theme whenever we create the tenant - updateMasterTheme(tenantUserManagementProperties.getLoginTheme()); - updateMasterDisplayName(tenantUserManagementProperties.getApplicationName()); + updateMasterTheme(tenantApplicationTypeService.getProperties(tenantRequest.getApplicationType()).getLoginTheme()); + updateMasterDisplayName(tenantApplicationTypeService.getProperties(tenantRequest.getApplicationType()).getApplicationName()); log.info("Tenants are: {}", tenantRepository.findAll() @@ -158,7 +160,7 @@ public class TenantManagementService implements TenantProvider { .password(encryptionService.encrypt(searchConnection.getPassword())) .numberOfShards(searchConnection.getNumberOfShards()) .numberOfReplicas(searchConnection.getNumberOfReplicas()) - .indexPrefix(buildIndexPrefix(tenantRequest.getTenantId())) + .indexPrefix(buildIndexPrefix(tenantRequest.getTenantId(), tenantRequest.getApplicationType())) .build()); MongoDBConnection mongoDBConnection = tenantRequest.getMongoDBConnection(); if (mongoDBConnection != null) { @@ -208,7 +210,7 @@ public class TenantManagementService implements TenantProvider { log.info("Skipping creation of mongo database for this tenant"); } - propagateTenantToKeyCloak(tenantRequest.getTenantId(), tenantRequest.getDefaultUsers()); + propagateTenantToKeyCloak(tenantRequest.getTenantId(), tenantRequest.getApplicationType(), tenantRequest.getDefaultUsers()); log.info("Updated roles for tenant: {}", tenantRequest.getTenantId()); @@ -300,21 +302,21 @@ public class TenantManagementService implements TenantProvider { log.info("Deleting mongodb database for tenant: {}", tenant.getTenantId()); deleteMongoDBDatabase(tenant); deleteRealm(tenantId); - tenantRepository.deleteById(tenant.getTenantId()); + tenantRepository.deleteByQuery(tenant.getTenantId()); } - private String buildIndexPrefix(String tenantId) { + private String buildIndexPrefix(String tenantId, TenantApplicationType applicationType) { - return tenantUserManagementProperties.getAppPrefix() + "_" + tenantId; + return tenantApplicationTypeService.getProperties(applicationType).getAppPrefix() + "_" + tenantId; } - private void propagateTenantToKeyCloak(String tenantId, List usersToCreate) throws InterruptedException { + private void propagateTenantToKeyCloak(String tenantId, TenantApplicationType applicationType, List usersToCreate) throws InterruptedException { log.info("Creating or updating realm for tenant: {}", tenantId); - createOrUpdateRealm(tenantId, usersToCreate); + createOrUpdateRealm(tenantId, applicationType, usersToCreate); var waitTime = 0; boolean realmReady; @@ -335,8 +337,8 @@ public class TenantManagementService implements TenantProvider { setPasswordPolicyForRealm(tenantId); - generalConfigurationService.initGeneralConfiguration(tenantId); - keyCloakRoleManagerService.updateRoles(tenantId); + generalConfigurationService.initGeneralConfiguration(tenantId, applicationType); + keyCloakRoleManagerService.updateRoles(tenantId, applicationType); } @@ -437,9 +439,9 @@ public class TenantManagementService implements TenantProvider { } - public void createOrUpdateRealm(String tenantId, List users) { + public void createOrUpdateRealm(String tenantId, TenantApplicationType applicationType, List users) { - if (syncRealmIfExists(tenantId, users)) { + if (syncRealmIfExists(tenantId, applicationType, users)) { log.info("Updated realm for tenant: {}", tenantId); return; } @@ -448,12 +450,12 @@ public class TenantManagementService implements TenantProvider { realm.setId(tenantId); realm.setRealm(tenantId); realm.setEnabled(true); - setRealmProperties(realm); + setRealmProperties(realm, applicationType); - var clients = getRealmClients(); + var clients = getRealmClients(applicationType); realm.setClients(clients); - realm.setRoles(getRealmRoles()); + realm.setRoles(getRealmRoles(applicationType)); if (users != null) { realm.setUsers(users.stream() @@ -480,18 +482,19 @@ public class TenantManagementService implements TenantProvider { } - private boolean syncRealmIfExists(String tenantId, List users) { + private boolean syncRealmIfExists(String tenantId, TenantApplicationType applicationType, List users) { try { var existingRealm = getRealmResource(tenantId).toRepresentation(); if (existingRealm != null) { log.info("Updating existing realm: {}", tenantId); - existingRealm.setLoginTheme(tenantUserManagementProperties.getDefaultTheme()); - existingRealm.setEmailTheme(tenantUserManagementProperties.getDefaultTheme()); - existingRealm.setAccountTheme(tenantUserManagementProperties.getDefaultTheme()); - existingRealm.setAccessTokenLifespan(tenantUserManagementProperties.getAccessTokenLifeSpan()); - existingRealm.setSsoSessionIdleTimeout(tenantUserManagementProperties.getSsoSessionIdleTimeout()); - var clients = getRealmClients(); + ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType); + existingRealm.setLoginTheme(applicationTypeProperties.getDefaultTheme()); + existingRealm.setEmailTheme(applicationTypeProperties.getDefaultTheme()); + existingRealm.setAccountTheme(applicationTypeProperties.getDefaultTheme()); + existingRealm.setAccessTokenLifespan(applicationTypeProperties.getAccessTokenLifeSpan()); + existingRealm.setSsoSessionIdleTimeout(applicationTypeProperties.getSsoSessionIdleTimeout()); + var clients = getRealmClients(applicationType); var relevantClientNames = clients.stream() .map(c -> c.getClientId().toLowerCase(Locale.getDefault())) .collect(Collectors.toSet()); @@ -507,7 +510,7 @@ public class TenantManagementService implements TenantProvider { clients.forEach(c -> getRealmResource(tenantId).clients().create(c)); existingRealm.setClients(clients); - existingRealm.setRoles(getRealmRoles()); + existingRealm.setRoles(getRealmRoles(applicationType)); if (users != null) { @@ -552,16 +555,17 @@ public class TenantManagementService implements TenantProvider { } - private RolesRepresentation getRealmRoles() { + private RolesRepresentation getRealmRoles(TenantApplicationType applicationType) { - var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles(); + ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType); + var allRoles = applicationTypeProperties.getKcRoleMapping().getAllRoles(); var roles = new ArrayList(); for (String applicationRole : allRoles) { var role = new RoleRepresentation(); role.setComposite(true); role.setName(applicationRole); - role.setContainerId(tenantUserManagementProperties.getApplicationClientId()); + role.setContainerId(applicationTypeProperties.getApplicationClientId()); roles.add(role); } @@ -571,16 +575,18 @@ public class TenantManagementService implements TenantProvider { } - private List getRealmClients() { + private List getRealmClients(TenantApplicationType applicationType) { + + ApplicationTypeProperties appTypeProperties = tenantApplicationTypeService.getProperties(applicationType); var applicationClient = new ClientRepresentation(); applicationClient.setEnabled(true); - applicationClient.setName(tenantUserManagementProperties.getApplicationClientId()); - applicationClient.setClientId(tenantUserManagementProperties.getApplicationClientId()); + applicationClient.setName(appTypeProperties.getApplicationClientId()); + applicationClient.setClientId(appTypeProperties.getApplicationClientId()); applicationClient.setStandardFlowEnabled(true); applicationClient.setImplicitFlowEnabled(true); applicationClient.setDirectAccessGrantsEnabled(true); - applicationClient.setRedirectUris(tenantUserManagementProperties.getValidRedirectUris()); + applicationClient.setRedirectUris(appTypeProperties.getValidRedirectUris()); applicationClient.setWebOrigins(List.of("+")); applicationClient.setPublicClient(true); setPostLogoutRedirectUriForClient(applicationClient); @@ -595,7 +601,7 @@ public class TenantManagementService implements TenantProvider { swaggerClient.setDirectAccessGrantsEnabled(false); swaggerClient.setServiceAccountsEnabled(true); swaggerClient.setAuthorizationServicesEnabled(true); - swaggerClient.setRedirectUris(tenantUserManagementProperties.getValidRedirectUris()); + swaggerClient.setRedirectUris(appTypeProperties.getValidRedirectUris()); swaggerClient.setWebOrigins(List.of("+")); setPostLogoutRedirectUriForClient(swaggerClient); @@ -603,15 +609,16 @@ public class TenantManagementService implements TenantProvider { } - private void setRealmProperties(RealmRepresentation realm) { + private void setRealmProperties(RealmRepresentation realm, TenantApplicationType tenantApplicationType) { - realm.setLoginTheme(tenantUserManagementProperties.getDefaultTheme()); - realm.setEmailTheme(tenantUserManagementProperties.getDefaultTheme()); - realm.setAccountTheme(tenantUserManagementProperties.getDefaultTheme()); - realm.setAccessTokenLifespan(tenantUserManagementProperties.getAccessTokenLifeSpan()); - realm.setSsoSessionIdleTimeout(tenantUserManagementProperties.getSsoSessionIdleTimeout()); + ApplicationTypeProperties currentAppTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType); + realm.setLoginTheme(currentAppTypeProperties.getDefaultTheme()); + realm.setEmailTheme(currentAppTypeProperties.getDefaultTheme()); + realm.setAccountTheme(currentAppTypeProperties.getDefaultTheme()); + realm.setAccessTokenLifespan(currentAppTypeProperties.getAccessTokenLifeSpan()); + realm.setSsoSessionIdleTimeout(currentAppTypeProperties.getSsoSessionIdleTimeout()); realm.setRevokeRefreshToken(true); - realm.setRefreshTokenMaxReuse(tenantUserManagementProperties.getRefreshTokenMaxReuse()); + realm.setRefreshTokenMaxReuse(currentAppTypeProperties.getRefreshTokenMaxReuse()); if (!ObjectUtils.isEmpty(tenantUserManagementProperties.getPublicServerUrl())) { Map attributes = new HashMap<>(); @@ -792,7 +799,7 @@ public class TenantManagementService implements TenantProvider { .build()); } - propagateTenantToKeyCloak(tenantId, null); + propagateTenantToKeyCloak(tenantId, tenantEntity.getApplicationType(), null); TenantResponse tenantResponse = convert(tenantRepository.save(tenantEntity)); @@ -821,10 +828,10 @@ public class TenantManagementService implements TenantProvider { } + @Override public TenantApplicationType getTenantApplicationType(String tenantId) { - return tenantRepository.findApplicationTypeByTenantId(tenantId) - .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Tenant does not exist")); + return tenantApplicationTypeService.get(tenantId); } @@ -857,7 +864,7 @@ public class TenantManagementService implements TenantProvider { private TenantResponse convert(TenantEntity entity) { var authDetails = realmService.getOpenIdConnectDetails(entity.getTenantId()); - var roleMapping = tenantUserManagementProperties.getKcRoleMapping(); + var roleMapping = tenantApplicationTypeService.getProperties(entity.getApplicationType()).getKcRoleMapping(); authDetails.setClientRoles(roleMapping.getPermissions()); authDetails.setRealmRoles(roleMapping.getAllRoles()); @@ -962,14 +969,15 @@ public class TenantManagementService implements TenantProvider { public void syncTenant(String tenantId, JsonNode payload) { log.info("Syncing Realm: {}", tenantId); - syncRealmIfExists(tenantId, null); - setPasswordPolicyForRealm(tenantId); - generalConfigurationService.initGeneralConfiguration(tenantId); - keyCloakRoleManagerService.updateRoles(tenantId); - propagateTenantToKeyCloak(tenantId, null); - log.info("Realm: {} synced", tenantId); - TenantContext.setTenantId(tenantId); + TenantApplicationType tenantApplicationType = getTenantApplicationType(tenantId); + syncRealmIfExists(tenantId, tenantApplicationType, null); + setPasswordPolicyForRealm(tenantId); + generalConfigurationService.initGeneralConfiguration(tenantId, tenantApplicationType); + keyCloakRoleManagerService.updateRoles(tenantId, tenantApplicationType); + + propagateTenantToKeyCloak(tenantId, tenantApplicationType, null); + log.info("Realm: {} synced", tenantId); rabbitTemplate.convertAndSend(tenantExchangeName, "tenant.sync", new TenantSyncEvent(tenantId, payload)); TenantContext.clear(); diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserListingService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserListingService.java index 9b334f0..8062e50 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserListingService.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserListingService.java @@ -14,7 +14,6 @@ import org.springframework.retry.support.RetryTemplate; import org.springframework.stereotype.Service; import com.knecon.fforesight.tenantusermanagement.model.User; -import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -26,7 +25,7 @@ public class UserListingService { private final RealmService realmService; - private final TenantUserManagementProperties tenantUserManagementProperties; + private final TenantApplicationTypeService tenantApplicationTypeService; private final RetryTemplate retryTemplate = RetryTemplate.builder().maxAttempts(3).exponentialBackoff(1000, 2, 5000).build(); @@ -41,7 +40,7 @@ public class UserListingService { Map> usersByRole = new HashMap<>(); if (!allUsers.isEmpty()) { var realmRoles = realm.roles().list().stream().map(r -> r.getName().toUpperCase(Locale.ROOT)).collect(Collectors.toSet()); - var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles(); + var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles(); for (var role : allRoles) { if (realmRoles.contains(role)) { List users = realm.roles().get(role).getUserMembers(0, 500); @@ -71,7 +70,7 @@ public class UserListingService { users.add(user); } - var roleComposites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites(); + var roleComposites = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getRoleComposites(); users.forEach(user -> { for (var parentRole : roleComposites.keySet()) { if (user.getRoles().contains(parentRole)) { diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java index 1806e39..ca60b28 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java @@ -59,6 +59,7 @@ public class UserService { private final TenantUserManagementProperties tenantUserManagementProperties; private final UserListingService userListingService; private final RabbitTemplate rabbitTemplate; + private final TenantApplicationTypeService tenantApplicationTypeService; @Value("${fforesight.user-exchange.name}") private String userExchangeName; @@ -86,7 +87,7 @@ public class UserService { throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Email address format is not valid"); } - tenantUserManagementProperties.getKcRoleMapping().validateRoles(user.getRoles()); + tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().validateRoles(user.getRoles()); UserRepresentation userRepresentation = new UserRepresentation(); userRepresentation.setUsername(username); @@ -128,11 +129,12 @@ public class UserService { return getUserByUsername(username); } } + public void checkRankOrderForAssigningRole(Set newRoles, Set currentUserRoles) { - var roleMapping = tenantUserManagementProperties.getKcRoleMapping(); + var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping(); var maxRank = currentUserRoles.stream() .map(r -> roleMapping.getRole(r).getRank()) .max(Integer::compare) @@ -156,7 +158,7 @@ public class UserService { return userResource.roles().realmLevel().listEffective() .stream() .map(RoleRepresentation::getName) - .filter(r -> tenantUserManagementProperties.getKcRoleMapping().isValidRole(r)) + .filter(r -> tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().isValidRole(r)) .collect(Collectors.toSet()); } @@ -179,7 +181,7 @@ public class UserService { @CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true) public User setRoles(String userId, Set newRoles, Set currentUserRoles) { - var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles(); + var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles(); newRoles.forEach(role -> { if (!allRoles.contains(role) || ApplicationRoles.isKneconRole(role)) { @@ -215,7 +217,7 @@ public class UserService { @CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true) public void removeRolesForDeletion(String userId, Set roles) { - var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles(); + var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles(); roles.forEach(role -> { if (!allRoles.contains(role)) { @@ -236,7 +238,7 @@ public class UserService { @CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true) public void validateSufficientRoles(String userId, Set userRoles, Set newRoles, Set currentUserRoles) { - var roleMapping = tenantUserManagementProperties.getKcRoleMapping(); + var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping(); var maxRank = currentUserRoles.stream() .map(r -> roleMapping.getRole(r).getRank()) .max(Integer::compare) @@ -345,7 +347,7 @@ public class UserService { .realm(TenantContext.getTenantId()) .username(username) .password(password) - .clientId(tenantUserManagementProperties.getApplicationClientId()) + .clientId(tenantApplicationTypeService.getCurrentProperties().getApplicationClientId()) .grantType(OAuth2Constants.PASSWORD) .resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS) .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY) @@ -406,7 +408,7 @@ public class UserService { var user = userListingService.convertBasicUser(userRepresentation); user.setRoles(getRoles(user.getUserId())); - var roleComposites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites(); + var roleComposites = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getRoleComposites(); for (var parentRole : roleComposites.keySet()) { if (user.getRoles().contains(parentRole)) { user.getRoles().addAll(roleComposites.get(parentRole)); @@ -424,7 +426,7 @@ public class UserService { log.warn("User with id=" + id + " contains null role mappings."); return new TreeSet<>(); } - var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles(); + var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles(); return realmMappings.stream() .map(RoleRepresentation::getName) .filter(allRoles::contains) @@ -531,7 +533,7 @@ public class UserService { var currentRoles = getRoles(userId); if (isActive && currentRoles.isEmpty()) { // add RED_USER role - setRoles(userId, tenantUserManagementProperties.getKcRoleMapping().getDefaultRoles()); + setRoles(userId, tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getDefaultRoles()); } var toggledUser = getUserByUsername(userRepresentation.getUsername()); @@ -647,7 +649,7 @@ public class UserService { return ValidationResult.INVALID; } - var roleMapping = tenantUserManagementProperties.getKcRoleMapping(); + var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping(); var maxRank = currentRoles.stream() .map(r -> roleMapping.getRole(r).getRank()) .max(Integer::compare) diff --git a/src/main/resources/application-clarifynd.yaml b/src/main/resources/application-clarifynd.yaml deleted file mode 100644 index c6f0ae1..0000000 --- a/src/main/resources/application-clarifynd.yaml +++ /dev/null @@ -1,128 +0,0 @@ -fforesight: - tenant-user-management: - application-client-id: 'fforesight' - application-name: 'Clarifynd' - client-id: 'manager' - accessTokenLifeSpan: 3600 - ssoSessionIdleTimeout: 86400 - realm: master - default-theme: 'clarifynd' - valid-redirect-uris: [ '/search/*', '/bdr-connector/*', '/sdi/*', '/tenant-user-management/*','http://localhost:4200/*', 'http://localhost:4300/*', '/ui/*' ,'/auth/*','/persistence/*', '/audit/*', '/contextual-query/*' ] - kc-role-mapping: - roles: - - name: FF_USER - set-by-default: true - rank: 100 - permissions: - - 'fforesight-read-general-configuration' - - 'fforesight-manage-user-preferences' - - 'fforesight-read-users' - - 'fforesight-read-all-users' - - 'fforesight-update-my-profile' - - 'fforesight-get-tenants' - - 'fforesight-deployment-info' - - 'fforesight-read-smtp-configuration' - - 'fforesight-search' - - 'fforesight-view-document' - - 'fforesight-user-upload-files' - - 'fforesight-user-manage-files' - - 'fforesight-user-view-files' - - 'fforesight-user-manage-analysis' - - 'fforesight-user-view-analysis' - - 'fforesight-user-view-favourites' - - 'fforesight-user-add-to-favourites' - - 'fforesight-user-delete-from-favourites' - - 'fforesight-user-view-paragraph-tags' - - 'fforesight-user-add-to-paragraph-tags' - - 'fforesight-user-delete-from-paragraph-tags' - - 'fforesight-read-tag' - - 'fforesight-write-tag' - - 'fforesight-download-file' - - name: KNECON_ADMIN - set-by-default: false - rank: 1000 - permissions: - - "red-read-license" - - "red-update-license" - - "red-get-similiar-images" - - "fforesight-get-tenants" - - "fforesight-create-tenant" - - "fforesight-update-tenant" - - "fforesight-delete-tenant" - - "fforesight-read-users" - - "fforesight-read-all-users" - - "fforesight-write-users" - - "fforesight-read-smtp-configuration" - - "fforesight-write-smtp-configuration" - - "fforesight-read-identity-provider-config" - - "fforesight-write-identity-provider-config" - - "red-unarchive-dossier" - - name: KNECON_SUPPORT - set-by-default: false - rank: 1000 - permissions: - - "red-read-license" - - "red-update-license" - - "red-get-similiar-images" - - "fforesight-get-tenants" - - "fforesight-create-tenant" - - "fforesight-update-tenant" - - "fforesight-delete-tenant" - - "fforesight-read-users" - - "fforesight-read-all-users" - - "fforesight-write-users" - - "fforesight-read-smtp-configuration" - - "fforesight-write-smtp-configuration" - - "fforesight-read-identity-provider-config" - - "fforesight-write-identity-provider-config" - - "red-unarchive-dossier" - - name: FF_ADMIN - set-by-default: true - rank: 100 - permissions: - - 'fforesight-read-general-configuration' - - 'fforesight-write-general-configuration' - - 'fforesight-manage-user-preferences' - - 'fforesight-read-users' - - 'fforesight-read-all-users' - - 'fforesight-write-users' - - 'fforesight-update-my-profile' - - 'fforesight-update-tenant' - - 'fforesight-create-tenant' - - 'fforesight-get-tenants' - - 'fforesight-deployment-info' - - 'fforesight-read-smtp-configuration' - - 'fforesight-write-smtp-configuration' - - "fforesight-read-identity-provider-config" - - "fforesight-write-identity-provider-config" - - 'fforesight-search' - - 'fforesight-search-audit-log' - - 'fforesight-view-document' - - 'fforesight-user-upload-files' - - 'fforesight-user-manage-files' - - 'fforesight-user-view-files' - - 'fforesight-user-manage-analysis' - - 'fforesight-user-view-analysis' - - 'fforesight-user-view-favourites' - - 'fforesight-user-add-to-favourites' - - 'fforesight-user-view-paragraph-tags' - - 'fforesight-user-add-to-paragraph-tags' - - 'fforesight-user-delete-from-paragraph-tags' - - 'fforesight-user-delete-from-favourites' - - 'fforesight-system-upload-files' - - 'fforesight-system-manage-files' - - 'fforesight-system-view-files' - - 'fforesight-system-manage-analysis' - - 'fforesight-system-view-analysis' - - 'fforesight-download-file' - - 'fforesight-sdi-view-task' - - 'fforesight-sdi-start-task' - - 'fforesight-sdi-stop-task' - - 'fforesight-read-tag' - - 'fforesight-write-tag' - - 'taas-bdr-connector-view-task' - - 'taas-bdr-connector-start-task' - - 'taas-bdr-connector-stop-task' - springdoc: - default-tenant: 'fforesight' - diff --git a/src/main/resources/application-dev.yaml b/src/main/resources/application-dev.yaml deleted file mode 100644 index 288c733..0000000 --- a/src/main/resources/application-dev.yaml +++ /dev/null @@ -1,91 +0,0 @@ -server: - port: 8091 - - -fforesight: - tenant-user-management: - server-url: http://localhost:8080 - client-secret: p2InUtjQUDSlwsXyEUFuYrSWi1BeZD1P - client-id: manager - realm: master - kc-role-mapping: - roles: - - name: SUPER_USER - set-by-default: true - rank: 100 - permissions: - - 'fforesight-read-general-configuration' - - 'fforesight-write-general-configuration' - - 'fforesight-manage-user-preferences' - - 'fforesight-read-users' - - 'fforesight-read-all-users' - - 'fforesight-write-users' - - 'fforesight-update-my-profile' - - 'fforesight-create-tenant' - - 'fforesight-get-tenants' - - 'fforesight-delete-tenant' - - 'fforesight-update-tenant' - - 'fforesight-deployment-info' - - 'fforesight-read-smtp-configuration' - - 'fforesight-write-smtp-configuration' - - 'fforesight-read-identity-provider-config' - - 'fforesight-write-identity-provider-config' - - name: KNECON_ADMIN - set-by-default: true - rank: 1000 - permissions: - - 'fforesight-read-general-configuration' - - 'fforesight-write-general-configuration' - - 'fforesight-manage-user-preferences' - - 'fforesight-read-users' - - 'fforesight-read-all-users' - - 'fforesight-write-users' - - 'fforesight-update-my-profile' - - 'fforesight-create-tenant' - - 'fforesight-get-tenants' - - 'fforesight-update-tenant' - - 'fforesight-deployment-info' - - 'fforesight-read-smtp-configuration' - - 'fforesight-write-smtp-configuration' - - 'fforesight-read-identity-provider-config' - - 'fforesight-write-identity-provider-config' - - name: KNECON_SUPPORT - set-by-default: true - rank: 1000 - permissions: - - 'fforesight-read-general-configuration' - - 'fforesight-write-general-configuration' - - 'fforesight-manage-user-preferences' - - 'fforesight-read-users' - - 'fforesight-read-all-users' - - 'fforesight-write-users' - - 'fforesight-update-my-profile' - - 'fforesight-create-tenant' - - 'fforesight-get-tenants' - - 'fforesight-update-tenant' - - 'fforesight-deployment-info' - - 'fforesight-read-smtp-configuration' - - 'fforesight-write-smtp-configuration' - - 'fforesight-read-identity-provider-config' - - 'fforesight-write-identity-provider-config' - application-name: "redaction" - springdoc: - auth-server-url: http://localhost:8080 - -dev.tenant.storage: - mode: 'S3' - s3: - key: minioadmin - secret: minioadmin - bucket: redaction - endpoint: http://localhost:9000 - -dev.tenant.db: - port: 5432 - host: localhost - database: master - schema: public - username: fforesight - password: fforesight - -cors.enabled: true diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml new file mode 100644 index 0000000..ac522ba --- /dev/null +++ b/src/main/resources/application-dev.yml @@ -0,0 +1,93 @@ +server: + port: 8091 + + +fforesight: + tenant-user-management: + server-url: http://localhost:8080 + client-secret: p2InUtjQUDSlwsXyEUFuYrSWi1BeZD1P + client-id: manager + realm: master + application-types: + redactmanager: + kc-role-mapping: + roles: + - name: SUPER_USER + set-by-default: true + rank: 100 + permissions: + - 'fforesight-read-general-configuration' + - 'fforesight-write-general-configuration' + - 'fforesight-manage-user-preferences' + - 'fforesight-read-users' + - 'fforesight-read-all-users' + - 'fforesight-write-users' + - 'fforesight-update-my-profile' + - 'fforesight-create-tenant' + - 'fforesight-get-tenants' + - 'fforesight-delete-tenant' + - 'fforesight-update-tenant' + - 'fforesight-deployment-info' + - 'fforesight-read-smtp-configuration' + - 'fforesight-write-smtp-configuration' + - 'fforesight-read-identity-provider-config' + - 'fforesight-write-identity-provider-config' + - name: KNECON_ADMIN + set-by-default: true + rank: 1000 + permissions: + - 'fforesight-read-general-configuration' + - 'fforesight-write-general-configuration' + - 'fforesight-manage-user-preferences' + - 'fforesight-read-users' + - 'fforesight-read-all-users' + - 'fforesight-write-users' + - 'fforesight-update-my-profile' + - 'fforesight-create-tenant' + - 'fforesight-get-tenants' + - 'fforesight-update-tenant' + - 'fforesight-deployment-info' + - 'fforesight-read-smtp-configuration' + - 'fforesight-write-smtp-configuration' + - 'fforesight-read-identity-provider-config' + - 'fforesight-write-identity-provider-config' + - name: KNECON_SUPPORT + set-by-default: true + rank: 1000 + permissions: + - 'fforesight-read-general-configuration' + - 'fforesight-write-general-configuration' + - 'fforesight-manage-user-preferences' + - 'fforesight-read-users' + - 'fforesight-read-all-users' + - 'fforesight-write-users' + - 'fforesight-update-my-profile' + - 'fforesight-create-tenant' + - 'fforesight-get-tenants' + - 'fforesight-update-tenant' + - 'fforesight-deployment-info' + - 'fforesight-read-smtp-configuration' + - 'fforesight-write-smtp-configuration' + - 'fforesight-read-identity-provider-config' + - 'fforesight-write-identity-provider-config' + application-name: "redaction" + springdoc: + auth-server-url: http://localhost:8080 + +dev.tenant.storage: + mode: 'S3' + s3: + key: minioadmin + secret: minioadmin + bucket: redaction + endpoint: http://localhost:9000 + +dev.tenant.db: + port: 5432 + host: localhost + database: master + schema: public + username: fforesight + password: fforesight + +cors.enabled: true diff --git a/src/main/resources/application-documine.yaml b/src/main/resources/application-documine.yaml deleted file mode 100644 index 4dc9163..0000000 --- a/src/main/resources/application-documine.yaml +++ /dev/null @@ -1,61 +0,0 @@ -fforesight: - tenant-user-management: - application-client-id: 'redaction' - application-name: 'Documine' - client-id: 'manager' - tenant-access-token-life-span: 300 - realm: master - default-theme: 'scm' - valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ] - kc-role-mapping: - unmappedPermissions: [ "red-get-tables", "red-unarchive-dossier", "red-update-license", "fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ] - compositeRoles: - - name: RED_MANAGER - composites: - - name: RED_USER - - name: RED_ADMIN - composites: - - name: RED_USER_ADMIN - - - roles: - - name: KNECON_ADMIN - set-by-default: false - rank: 1000 - permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ] - - name: KNECON_SUPPORT - set-by-default: false - rank: 1000 - permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ] - - name: RED_USER - set-by-default: true - rank: 100 - permissions: [ "red-get-rss", "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type", - "red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file", - "red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file", - "red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request", - "red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config", - "red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis", - "red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-reanalyze-dossier", - "red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval", - "fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ] - - name: RED_ADMIN - set-by-default: false - rank: 800 - permissions: [ "red-add-dictionary-entry", "red-get-similar-images","red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type", - "red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types", - "red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config", - "red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config", - "red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ] - - name: RED_MANAGER - set-by-default: false - rank: 200 - permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ] - - name: RED_USER_ADMIN - set-by-default: false - rank: 400 - permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-dossier", "red-read-app-configuration", "fforesight-read-general-configuration", - "red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ] - - springdoc: - default-tenant: 'redaction' diff --git a/src/main/resources/application-migration.yaml b/src/main/resources/application-migration.yaml deleted file mode 100644 index c5f8550..0000000 --- a/src/main/resources/application-migration.yaml +++ /dev/null @@ -1,54 +0,0 @@ -server: - port: 8091 - - -fforesight: - tenant-user-management: - server-url: http://localhost:8080 - client-secret: muEZIuVsAr57KsjFi4WpGJuw54RiJE0q - client-id: manager - realm: master - springdoc: - auth-server-url: http://localhost:8080 - -spring: - datasource: - url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:25432}/${PSQL_DATABASE:tenantmanager}?ApplicationName=${spring.application.name:}&cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true - driverClassName: org.postgresql.Driver - username: ${PSQL_USERNAME:tenantmanager} - password: ${PSQL_PASSWORD:r3dact3d} - platform: org.hibernate.dialect.PostgreSQL95Dialect - -cors.enabled: true - - - -#dev.tenant.db: -# port: 15432 -# host: localhost -# database: red-tenant -# schema: public -# username: tenant -# password: r3dact3d - -dev.tenant.recreateTenant: true - -dev.tenant.db: - port: 5432 - host: syngenta-training-clone.postgres.database.azure.com - database: syngenta-training- - schema: syngentatraining - username: db_connection - password: - -dev.tenant.storage: - mode: 'S3' - s3: - key: minioadmin - secret: minioadmin - bucket: redaction - endpoint: http://localhost:9000 -# mode: 'AZURE' - azure: - containerName: syngenta-training- - connectionString: diff --git a/src/main/resources/application-redaction.yaml b/src/main/resources/application-redaction.yaml deleted file mode 100644 index e00e16d..0000000 --- a/src/main/resources/application-redaction.yaml +++ /dev/null @@ -1,63 +0,0 @@ -fforesight: - tenant-user-management: - application-client-id: 'redaction' - application-name: 'RedactManager' - client-id: 'manager' - tenant-access-token-life-span: 300 - realm: master - default-theme: 'redaction' - valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ] - kc-role-mapping: - unmappedPermissions: [ "red-get-similiar-images","red-unarchive-dossier", "red-update-license", "red-get-rss","fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ] - compositeRoles: - - name: RED_MANAGER - composites: - - name: RED_USER - - name: RED_ADMIN - composites: - - name: RED_USER_ADMIN - - - roles: - - name: RED_USER - set-by-default: true - rank: 100 - permissions: [ "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type", - "red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file", - "red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file", - "red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request", - "red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config", - "red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis", - "red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-read-watermark", "red-reanalyze-dossier", - "red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval", - "fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ] - - name: RED_ADMIN - set-by-default: false - rank: 800 - permissions: [ "red-add-dictionary-entry","red-get-similar-images", "red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type", - "red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types", - "red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config", - "red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-read-watermark", - "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config", - "red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config", - "red-write-watermark", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ] - - name: RED_MANAGER - set-by-default: false - rank: 200 - permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ] - - name: KNECON_ADMIN - set-by-default: false - rank: 1000 - permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ] - - name: KNECON_SUPPORT - set-by-default: false - rank: 1000 - permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ] - - name: RED_USER_ADMIN - set-by-default: false - rank: 400 - permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration", - "red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ] - - springdoc: - default-tenant: 'redaction' diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index ee60434..c27e7da 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -108,14 +108,252 @@ fforesight: auth-server-url: '/auth' enabled: true default-client-id: 'swagger-ui-client' - tenant-user-management: - base-path: '/tenant-user-management' - login-theme: 'redaction' - app-prefix: 'fforesight' + default-tenant: 'fforesight' tenant-exchange: name: 'tenants-exchange' user-exchange: name: 'users-exchange' + tenant-user-management: + base-path: '/tenant-user-management' + client-id: 'manager' + realm: master + application-types: + redactmanager: + application-client-id: 'redaction' + application-name: 'RedactManager' + login-theme: 'redaction' + default-theme: 'redaction' + app-prefix: 'redaction' + valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ] + kc-role-mapping: + unmappedPermissions: [ "red-get-similiar-images","red-unarchive-dossier", "red-update-license", "red-get-rss","fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ] + compositeRoles: + - name: RED_MANAGER + composites: + - name: RED_USER + - name: RED_ADMIN + composites: + - name: RED_USER_ADMIN + + + roles: + - name: RED_USER + set-by-default: true + rank: 100 + permissions: [ "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type", + "red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file", + "red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file", + "red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request", + "red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config", + "red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis", + "red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-read-watermark", "red-reanalyze-dossier", + "red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval", + "fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ] + - name: RED_ADMIN + set-by-default: false + rank: 800 + permissions: [ "red-add-dictionary-entry","red-get-similar-images", "red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type", + "red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types", + "red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config", + "red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-read-watermark", + "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config", + "red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config", + "red-write-watermark", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ] + - name: RED_MANAGER + set-by-default: false + rank: 200 + permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ] + - name: KNECON_ADMIN + set-by-default: false + rank: 1000 + permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ] + - name: KNECON_SUPPORT + set-by-default: false + rank: 1000 + permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ] + - name: RED_USER_ADMIN + set-by-default: false + rank: 400 + permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration", + "red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ] + documine: + application-client-id: 'redaction' + application-name: 'Documine' + login-theme: 'scm' + default-theme: 'scm' + app-prefix: 'documine' + valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ] + kc-role-mapping: + unmappedPermissions: [ "red-get-tables", "red-unarchive-dossier", "red-update-license", "fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ] + compositeRoles: + - name: RED_MANAGER + composites: + - name: RED_USER + - name: RED_ADMIN + composites: + - name: RED_USER_ADMIN + + + roles: + - name: KNECON_ADMIN + set-by-default: false + rank: 1000 + permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ] + - name: KNECON_SUPPORT + set-by-default: false + rank: 1000 + permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ] + - name: RED_USER + set-by-default: true + rank: 100 + permissions: [ "red-get-rss", "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type", + "red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file", + "red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file", + "red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request", + "red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config", + "red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis", + "red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-reanalyze-dossier", + "red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval", + "fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ] + - name: RED_ADMIN + set-by-default: false + rank: 800 + permissions: [ "red-add-dictionary-entry", "red-get-similar-images","red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type", + "red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types", + "red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config", + "red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config", + "red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ] + - name: RED_MANAGER + set-by-default: false + rank: 200 + permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ] + - name: RED_USER_ADMIN + set-by-default: false + rank: 400 + permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-dossier", "red-read-app-configuration", "fforesight-read-general-configuration", + "red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ] + clarifynd: + application-client-id: 'fforesight' + application-name: 'Clarifynd' + accessTokenLifeSpan: 3600 + ssoSessionIdleTimeout: 86400 + default-theme: 'clarifynd' + valid-redirect-uris: [ '/search/*', '/bdr-connector/*', '/sdi/*', '/tenant-user-management/*','http://localhost:4200/*', 'http://localhost:4300/*', '/ui/*' ,'/auth/*','/persistence/*', '/audit/*', '/contextual-query/*' ] + kc-role-mapping: + roles: + - name: FF_USER + set-by-default: true + rank: 100 + permissions: + - 'fforesight-read-general-configuration' + - 'fforesight-manage-user-preferences' + - 'fforesight-read-users' + - 'fforesight-read-all-users' + - 'fforesight-update-my-profile' + - 'fforesight-get-tenants' + - 'fforesight-deployment-info' + - 'fforesight-read-smtp-configuration' + - 'fforesight-search' + - 'fforesight-view-document' + - 'fforesight-user-upload-files' + - 'fforesight-user-manage-files' + - 'fforesight-user-view-files' + - 'fforesight-user-manage-analysis' + - 'fforesight-user-view-analysis' + - 'fforesight-user-view-favourites' + - 'fforesight-user-add-to-favourites' + - 'fforesight-user-delete-from-favourites' + - 'fforesight-user-view-paragraph-tags' + - 'fforesight-user-add-to-paragraph-tags' + - 'fforesight-user-delete-from-paragraph-tags' + - 'fforesight-read-tag' + - 'fforesight-write-tag' + - 'fforesight-download-file' + - name: KNECON_ADMIN + set-by-default: false + rank: 1000 + permissions: + - "red-read-license" + - "red-update-license" + - "red-get-similiar-images" + - "fforesight-get-tenants" + - "fforesight-create-tenant" + - "fforesight-update-tenant" + - "fforesight-delete-tenant" + - "fforesight-read-users" + - "fforesight-read-all-users" + - "fforesight-write-users" + - "fforesight-read-smtp-configuration" + - "fforesight-write-smtp-configuration" + - "fforesight-read-identity-provider-config" + - "fforesight-write-identity-provider-config" + - "red-unarchive-dossier" + - name: KNECON_SUPPORT + set-by-default: false + rank: 1000 + permissions: + - "red-read-license" + - "red-update-license" + - "red-get-similiar-images" + - "fforesight-get-tenants" + - "fforesight-create-tenant" + - "fforesight-update-tenant" + - "fforesight-delete-tenant" + - "fforesight-read-users" + - "fforesight-read-all-users" + - "fforesight-write-users" + - "fforesight-read-smtp-configuration" + - "fforesight-write-smtp-configuration" + - "fforesight-read-identity-provider-config" + - "fforesight-write-identity-provider-config" + - "red-unarchive-dossier" + - name: FF_ADMIN + set-by-default: true + rank: 100 + permissions: + - 'fforesight-read-general-configuration' + - 'fforesight-write-general-configuration' + - 'fforesight-manage-user-preferences' + - 'fforesight-read-users' + - 'fforesight-read-all-users' + - 'fforesight-write-users' + - 'fforesight-update-my-profile' + - 'fforesight-update-tenant' + - 'fforesight-create-tenant' + - 'fforesight-get-tenants' + - 'fforesight-deployment-info' + - 'fforesight-read-smtp-configuration' + - 'fforesight-write-smtp-configuration' + - "fforesight-read-identity-provider-config" + - "fforesight-write-identity-provider-config" + - 'fforesight-search' + - 'fforesight-search-audit-log' + - 'fforesight-view-document' + - 'fforesight-user-upload-files' + - 'fforesight-user-manage-files' + - 'fforesight-user-view-files' + - 'fforesight-user-manage-analysis' + - 'fforesight-user-view-analysis' + - 'fforesight-user-view-favourites' + - 'fforesight-user-add-to-favourites' + - 'fforesight-user-view-paragraph-tags' + - 'fforesight-user-add-to-paragraph-tags' + - 'fforesight-user-delete-from-paragraph-tags' + - 'fforesight-user-delete-from-favourites' + - 'fforesight-system-upload-files' + - 'fforesight-system-manage-files' + - 'fforesight-system-view-files' + - 'fforesight-system-manage-analysis' + - 'fforesight-system-view-analysis' + - 'fforesight-download-file' + - 'fforesight-sdi-view-task' + - 'fforesight-sdi-start-task' + - 'fforesight-sdi-stop-task' + - 'fforesight-read-tag' + - 'fforesight-write-tag' + - 'taas-bdr-connector-view-task' + - 'taas-bdr-connector-start-task' + - 'taas-bdr-connector-stop-task' springdoc: swagger-ui: path: ${fforesight.springdoc.base-path}/docs/swagger-ui diff --git a/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java b/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java index 8e93622..07dcd18 100644 --- a/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java +++ b/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java @@ -29,6 +29,7 @@ import com.knecon.fforesight.tenantusermanagement.model.User; import com.knecon.fforesight.tenantusermanagement.permissions.ApplicationRoles; import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties; import com.knecon.fforesight.tenantusermanagement.service.RealmService; +import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService; import feign.FeignException; import lombok.SneakyThrows; @@ -44,6 +45,9 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest { @Autowired private TenantUserManagementProperties tenantUserManagementProperties; + @Autowired + private TenantApplicationTypeService tenantApplicationTypeService; + @Test public void testUsers() { @@ -78,7 +82,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest { assertThat(testUser.getLastName()).isEqualTo("updateTestLastName"); assertThat(testUser.getFirstName()).isEqualTo("updateTestFirstName"); - Set allButKneconRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles() + Set allButKneconRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles() .stream() .filter(ApplicationRoles::isNoKneconRole) .collect(Collectors.toSet()); @@ -296,7 +300,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest { createUserRequest.setFirstName("Test"); createUserRequest.setLastName("New User"); createUserRequest.setUsername("TestUserName"); - createUserRequest.setRoles(tenantUserManagementProperties.getKcRoleMapping().getAllRoles()); + createUserRequest.setRoles(tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles()); FeignException e = assertThrows(FeignException.class, () -> userClient.createUser(createUserRequest)); assertEquals(400, e.status()); @@ -307,7 +311,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest { public void testCreateUserWithExistingUser() { TenantContext.setTenantId(AbstractTenantUserManagementIntegrationTest.TEST_TENANT_ID); - Set allButKneconRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles() + Set allButKneconRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles() .stream() .filter(ApplicationRoles::isNoKneconRole) .collect(Collectors.toSet()); @@ -377,7 +381,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest { tokenService.setUser("admin@knecon.com", "secret"); // different role sets and subsets - var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles(); + var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles(); Set allButKneconRoles = allRoles.stream() .filter(ApplicationRoles::isNoKneconRole) .collect(Collectors.toSet()); @@ -605,7 +609,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest { tokenService.setUser("admin@knecon.com", "secret"); // different role sets and subsets - var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles(); + var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles(); // create several users with different roles for testing var createUserRequest = new CreateUserRequest(); diff --git a/src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TenantSyncUtils.java b/src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TenantSyncUtils.java index f602ab0..726e327 100644 --- a/src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TenantSyncUtils.java +++ b/src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TenantSyncUtils.java @@ -4,6 +4,8 @@ import static org.mockito.Mockito.when; import java.util.concurrent.TimeUnit; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; import org.springframework.amqp.rabbit.core.RabbitTemplate; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; @@ -13,18 +15,21 @@ import org.springframework.context.annotation.Import; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.junit.jupiter.SpringExtension; +import com.knecon.fforesight.tenantcommons.TenantApplicationType; import com.knecon.fforesight.tenantusermanagement.AbstractTenantUserManagementIntegrationTest; import com.knecon.fforesight.tenantusermanagement.feigntestclients.external.TenantsClient; import com.knecon.fforesight.tenantusermanagement.feigntestclients.internal.InternalTenantsClient; import com.knecon.fforesight.tenantusermanagement.TenantUserManagementServiceApplication; import com.knecon.fforesight.tenantusermanagement.service.KeyCloakRoleManagerService; import com.knecon.fforesight.tenantusermanagement.service.RealmService; + import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; import org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl; import org.junit.jupiter.api.extension.ExtendWith; import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.KeycloakBuilder; +@Disabled @ActiveProfiles(profiles = "taas") @ExtendWith(SpringExtension.class) @EnableFeignClients(basePackageClasses = {TenantsClient.class, InternalTenantsClient.class}) @@ -47,8 +52,7 @@ public class TenantSyncUtils { KeyCloakRoleManagerService keyCloakRoleManagerService; - // @Test -// @Disabled + @Test public void syncTenant() { var adminClient = KeycloakBuilder.builder() @@ -58,17 +62,17 @@ public class TenantSyncUtils { .clientSecret(CLIENT_SECRET) .grantType(OAuth2Constants.CLIENT_CREDENTIALS) .resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS) - .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY) - .connectionPoolSize(10) - .disableTrustManager() - .build()) + .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY) + .connectionPoolSize(10) + .disableTrustManager() + .build()) .build(); var realm = adminClient.realm(REALM); when(realmService.realm(REALM)).thenReturn(realm); - keyCloakRoleManagerService.updateRoles(REALM); + keyCloakRoleManagerService.updateRoles(REALM, TenantApplicationType.RedactManager); } } diff --git a/src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TokenService.java b/src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TokenService.java index 067ad27..cd65ff9 100644 --- a/src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TokenService.java +++ b/src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TokenService.java @@ -9,6 +9,8 @@ import org.springframework.stereotype.Service; import com.knecon.fforesight.tenantcommons.TenantContext; import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties; +import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService; + import jakarta.ws.rs.BadRequestException; import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; @@ -24,6 +26,8 @@ public class TokenService { @Autowired private TenantUserManagementProperties tenantUserManagementProperties; + @Autowired + private TenantApplicationTypeService tenantApplicationTypeService; private String username; private String password; private String accessToken; @@ -54,7 +58,7 @@ public class TokenService { .realm(TenantContext.getTenantId()) .username(username) .password(password) - .clientId(tenantUserManagementProperties.getApplicationClientId()) + .clientId(tenantApplicationTypeService.getCurrentProperties().getApplicationClientId()) .grantType(OAuth2Constants.PASSWORD) .resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS) .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY) diff --git a/src/test/resources/application.yaml b/src/test/resources/application.yaml deleted file mode 100644 index cf9e2c8..0000000 --- a/src/test/resources/application.yaml +++ /dev/null @@ -1,198 +0,0 @@ -server: - port: 28181 - -persistence-service.url: "http://persistence-service-v1:8090" - -management: - endpoint: - metrics.enabled: ${monitoring.enabled:false} - prometheus.enabled: ${monitoring.enabled:false} - health.enabled: true - endpoints.web.exposure.include: prometheus, health, metrics - metrics.export.prometheus.enabled: ${monitoring.enabled:false} - -info: - description: Tenant User Management Service - - -spring: - datasource: - url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:5432}/${PSQL_DATABASE:master}?cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true - driverClassName: org.postgresql.Driver - username: ${PSQL_USERNAME:fforesight} - password: ${PSQL_PASSWORD:fforesight} - platform: org.hibernate.dialect.PostgreSQL95Dialect - hikari: - maximumPoolSize: 10 - minimum-idle: 2 - data-source-properties: - cachePrepStmts: true - prepStmtCacheSize: 1000 - prepStmtCacheSqlLimit: 2048 - jackson: - serialization: - write-dates-as-timestamps: false - deserialization: - accept-single-value-as-array: true - main: - allow-bean-definition-overriding: true - allow-circular-references: true - jpa: - open-in-view: true - database-platform: org.hibernate.dialect.PostgreSQL95Dialect - hibernate: - ddl-auto: none - naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy - properties: - hibernate: - jdbc: - batch_size: 1000 - order_inserts: true - order_updates: true - cache: - type: redis - mvc: - pathmatch: - matching-strategy: ant-path-matcher - redis: - host: ${REDIS_HOST:localhost} - port: ${REDIS_PORT:6379} - password: ${REDIS_PASSWORD:} - - - rabbitmq: - host: ${RABBITMQ_HOST:localhost} - port: ${RABBITMQ_PORT:5672} - username: ${RABBITMQ_USERNAME:user} - password: ${RABBITMQ_PASSWORD:rabbitmq} - listener: - simple: - acknowledge-mode: AUTO - concurrency: 5 - retry: - enabled: true - max-attempts: 3 - max-interval: 15000 - prefetch: 1 - - liquibase: - change-log: classpath:/db/changelog/db.changelog-master.yaml - enabled: true - application: - name: tenant-user-management - data: - redis: - host: ${REDIS_HOST:localhost} - port: ${REDIS_PORT:6379} - password: ${REDIS_PASSWORD:} -fforesight: - keycloak: - ignored-endpoints: [ '/actuator/health', '/tenant-user-management','/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs','/tenant-user-management/tenants/simple' ] - enabled: true - springdoc: - base-path: '/tenant-user-management' - auth-server-url: '/auth' - enabled: true - default-client-id: 'swagger-ui-client' - default-tenant: 'fforesight' - tenant-exchange: - name: 'tenants-exchange' - user-exchange: - name: 'users-exchange' - tenant-user-management: - base-path: '/tenant-user-management' - realm: master - server-url: http://localhost:28181 - client-secret: adminClientSecret - client-id: adminClient - login-theme: redaction - kc-role-mapping: - roles: - - name: SUPER_USER - set-by-default: true - rank: 100 - permissions: - - 'fforesight-read-general-configuration' - - 'fforesight-write-general-configuration' - - 'fforesight-manage-user-preferences' - - 'fforesight-read-users' - - 'fforesight-read-all-users' - - 'fforesight-write-users' - - 'fforesight-update-my-profile' - - 'fforesight-create-tenant' - - 'fforesight-get-tenants' - - 'fforesight-update-tenant' - - 'fforesight-deployment-info' - - 'fforesight-read-smtp-configuration' - - 'fforesight-write-smtp-configuration' - - 'fforesight-read-identity-provider-config' - - 'fforesight-write-identity-provider-config' - - name: LESS_SUPER_USER - set-by-default: true - rank: 10 - permissions: - - 'fforesight-read-general-configuration' - - 'fforesight-write-general-configuration' - - 'fforesight-manage-user-preferences' - - 'fforesight-read-users' - - 'fforesight-read-all-users' - - 'fforesight-write-users' - - 'fforesight-update-my-profile' - - 'fforesight-create-tenant' - - 'fforesight-get-tenants' - - 'fforesight-update-tenant' - - 'fforesight-deployment-info' - - 'fforesight-read-smtp-configuration' - - 'fforesight-write-smtp-configuration' - - 'fforesight-read-identity-provider-config' - - 'fforesight-write-identity-provider-config' - - name: KNECON_ADMIN - set-by-default: true - rank: 1000 - permissions: - - 'fforesight-read-general-configuration' - - 'fforesight-write-general-configuration' - - 'fforesight-manage-user-preferences' - - 'fforesight-read-users' - - 'fforesight-read-all-users' - - 'fforesight-write-users' - - 'fforesight-update-my-profile' - - 'fforesight-create-tenant' - - 'fforesight-get-tenants' - - 'fforesight-update-tenant' - - 'fforesight-deployment-info' - - 'fforesight-read-smtp-configuration' - - 'fforesight-write-smtp-configuration' - - 'fforesight-read-identity-provider-config' - - 'fforesight-write-identity-provider-config' - - name: KNECON_SUPPORT - set-by-default: true - rank: 1000 - permissions: - - 'fforesight-read-general-configuration' - - 'fforesight-write-general-configuration' - - 'fforesight-manage-user-preferences' - - 'fforesight-read-users' - - 'fforesight-read-all-users' - - 'fforesight-write-users' - - 'fforesight-update-my-profile' - - 'fforesight-create-tenant' - - 'fforesight-get-tenants' - - 'fforesight-update-tenant' - - 'fforesight-deployment-info' - - 'fforesight-read-smtp-configuration' - - 'fforesight-write-smtp-configuration' - - 'fforesight-read-identity-provider-config' - - 'fforesight-write-identity-provider-config' - access-token-life-span: 86400 - application-name: tenant-user-management - application-client-id: tenant-user-management - swagger-client-secret: 'testSecret123!' - app-prefix: 'fforesight' - -storage: - backend: both - -cors.enabled: true -springdoc: - packages-to-scan: [ 'com.knecon.fforesight.tenantusermanagement.controller.external' ] diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml new file mode 100644 index 0000000..52cf20d --- /dev/null +++ b/src/test/resources/application.yml @@ -0,0 +1,203 @@ +server: + port: 28181 + +persistence-service.url: "http://persistence-service-v1:8090" + +management: + endpoint: + metrics.enabled: ${monitoring.enabled:false} + prometheus.enabled: ${monitoring.enabled:false} + health.enabled: true + endpoints.web.exposure.include: prometheus, health, metrics + metrics.export.prometheus.enabled: ${monitoring.enabled:false} + +info: + description: Tenant User Management Service + +lifecycle: + base-package: com.knecon.fforesight.tenantusermanagement + +spring: + datasource: + url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:5432}/${PSQL_DATABASE:master}?cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true + driverClassName: org.postgresql.Driver + username: ${PSQL_USERNAME:fforesight} + password: ${PSQL_PASSWORD:fforesight} + platform: org.hibernate.dialect.PostgreSQL10Dialect + hikari: + maximumPoolSize: 10 + minimum-idle: 2 + data-source-properties: + cachePrepStmts: true + prepStmtCacheSize: 1000 + prepStmtCacheSqlLimit: 2048 + jackson: + serialization: + write-dates-as-timestamps: false + deserialization: + accept-single-value-as-array: true + main: + allow-bean-definition-overriding: true + allow-circular-references: true + jpa: + open-in-view: true + database-platform: org.hibernate.dialect.PostgreSQL10Dialect + hibernate: + ddl-auto: none + naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy + properties: + hibernate: + jdbc: + batch_size: 1000 + order_inserts: true + order_updates: true + cache: + type: redis + mvc: + pathmatch: + matching-strategy: ant-path-matcher + redis: + host: ${REDIS_HOST:localhost} + port: ${REDIS_PORT:6379} + password: ${REDIS_PASSWORD:} + + + rabbitmq: + host: ${RABBITMQ_HOST:localhost} + port: ${RABBITMQ_PORT:5672} + username: ${RABBITMQ_USERNAME:user} + password: ${RABBITMQ_PASSWORD:rabbitmq} + listener: + simple: + acknowledge-mode: AUTO + concurrency: 5 + retry: + enabled: true + max-attempts: 3 + max-interval: 15000 + prefetch: 1 + + liquibase: + change-log: classpath:/db/changelog/db.changelog-master.yaml + enabled: true + application: + name: tenant-user-management + data: + redis: + host: ${REDIS_HOST:localhost} + port: ${REDIS_PORT:6379} + password: ${REDIS_PASSWORD:} + +fforesight: + keycloak: + ignored-endpoints: [ '/actuator/health', '/tenant-user-management','/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs','/tenant-user-management/tenants/simple' ] + enabled: true + springdoc: + base-path: '/tenant-user-management' + auth-server-url: '/auth' + enabled: true + default-client-id: 'swagger-ui-client' + default-tenant: 'fforesight' + tenant-exchange: + name: 'tenants-exchange' + user-exchange: + name: 'users-exchange' + tenant-user-management: + base-path: '/tenant-user-management' + server-url: http://localhost:28181 + realm: master + client-secret: adminClientSecret + client-id: adminClient + swagger-client-secret: 'testSecret123!' + application-types: + redactmanager: + login-theme: redaction + kc-role-mapping: + roles: + - name: SUPER_USER + set-by-default: true + rank: 100 + permissions: + - 'fforesight-read-general-configuration' + - 'fforesight-write-general-configuration' + - 'fforesight-manage-user-preferences' + - 'fforesight-read-users' + - 'fforesight-read-all-users' + - 'fforesight-write-users' + - 'fforesight-update-my-profile' + - 'fforesight-create-tenant' + - 'fforesight-get-tenants' + - 'fforesight-update-tenant' + - 'fforesight-deployment-info' + - 'fforesight-read-smtp-configuration' + - 'fforesight-write-smtp-configuration' + - 'fforesight-read-identity-provider-config' + - 'fforesight-write-identity-provider-config' + - name: LESS_SUPER_USER + set-by-default: true + rank: 10 + permissions: + - 'fforesight-read-general-configuration' + - 'fforesight-write-general-configuration' + - 'fforesight-manage-user-preferences' + - 'fforesight-read-users' + - 'fforesight-read-all-users' + - 'fforesight-write-users' + - 'fforesight-update-my-profile' + - 'fforesight-create-tenant' + - 'fforesight-get-tenants' + - 'fforesight-update-tenant' + - 'fforesight-deployment-info' + - 'fforesight-read-smtp-configuration' + - 'fforesight-write-smtp-configuration' + - 'fforesight-read-identity-provider-config' + - 'fforesight-write-identity-provider-config' + - name: KNECON_ADMIN + set-by-default: true + rank: 1000 + permissions: + - 'fforesight-read-general-configuration' + - 'fforesight-write-general-configuration' + - 'fforesight-manage-user-preferences' + - 'fforesight-read-users' + - 'fforesight-read-all-users' + - 'fforesight-write-users' + - 'fforesight-update-my-profile' + - 'fforesight-create-tenant' + - 'fforesight-get-tenants' + - 'fforesight-update-tenant' + - 'fforesight-deployment-info' + - 'fforesight-read-smtp-configuration' + - 'fforesight-write-smtp-configuration' + - 'fforesight-read-identity-provider-config' + - 'fforesight-write-identity-provider-config' + - name: KNECON_SUPPORT + set-by-default: true + rank: 1000 + permissions: + - 'fforesight-read-general-configuration' + - 'fforesight-write-general-configuration' + - 'fforesight-manage-user-preferences' + - 'fforesight-read-users' + - 'fforesight-read-all-users' + - 'fforesight-write-users' + - 'fforesight-update-my-profile' + - 'fforesight-create-tenant' + - 'fforesight-get-tenants' + - 'fforesight-update-tenant' + - 'fforesight-deployment-info' + - 'fforesight-read-smtp-configuration' + - 'fforesight-write-smtp-configuration' + - 'fforesight-read-identity-provider-config' + - 'fforesight-write-identity-provider-config' + access-token-life-span: 86400 + application-name: tenant-user-management + application-client-id: tenant-user-management + app-prefix: 'fforesight' + +storage: + backend: both + +cors.enabled: true +springdoc: + packages-to-scan: [ 'com.knecon.fforesight.tenantusermanagement.controller.external' ]