OZG-3928 OZG-4396 adjust property handling for backwards compatibility

alfa-service/src/main/java/de/ozgcloud/alfa/EnvironmentController.java

@@ -36,19 +36,19 @@ import org.springframework.web.bind.annotation.RestController;
 public class EnvironmentController {
 
 	@Autowired
-	private KeycloakProperties keycloakProperties;
+	private OAuth2Properties oAuth2Properties;
 
 	@Value("${goofy.production}")
 	private boolean production = true;
 
 	@GetMapping
 	public FrontendEnvironment getFrontendEnvironment() {
-		return FrontendEnvironment.builder()//
-				.production(production)//
-				.remoteHost(linkTo(RootController.class).toUri().toString())//
-				.authServer(keycloakProperties.getAuthServerUrl())//
-				.clientId(keycloakProperties.getResource())//
-				.realm(keycloakProperties.getRealm())
+		return FrontendEnvironment.builder()
+				.production(production)
+				.remoteHost(linkTo(RootController.class).toUri().toString())
+				.authServer(oAuth2Properties.getAuthServerUrl())
+				.clientId(oAuth2Properties.getResource())
+				.realm(oAuth2Properties.getRealm())
 				.build();
 	}
 }
\ No newline at end of file

alfa-service/src/main/java/de/ozgcloud/alfa/JwtAuthConverter.java

@@ -32,7 +32,7 @@ public class JwtAuthConverter implements Converter<Jwt, AbstractAuthenticationTo
 	static final String ROLES_KEY = "roles";
 
 	@Autowired
-	private JwtAuthConverterProperties jwtAuthConverterProperties;
+	private OAuth2Properties oAuth2Properties;
 
 	@Override
 	public AbstractAuthenticationToken convert(@NonNull Jwt jwt) {
@@ -44,7 +44,7 @@ public class JwtAuthConverter implements Converter<Jwt, AbstractAuthenticationTo
 	}
 
 	private String getClaimName() {
-		return Optional.ofNullable(jwtAuthConverterProperties.getPrincipleAttribute()).orElse(JwtClaimNames.SUB);
+		return Optional.ofNullable(oAuth2Properties.getPrincipleAttribute()).orElse(JwtClaimNames.SUB);
 	}
 
 	Set<GrantedAuthority> getAuthorities(Jwt jwt) {
@@ -56,10 +56,10 @@ public class JwtAuthConverter implements Converter<Jwt, AbstractAuthenticationTo
 		if (resourceAccess.isEmpty()) {
 			return Collections.emptySet();
 		}
-		if (Objects.isNull(resourceAccess.get(jwtAuthConverterProperties.getResourceId()))) {
+		if (Objects.isNull(resourceAccess.get(oAuth2Properties.getResource()))) {
 			return Collections.emptySet();
 		}
-		return extractRoles(getClaimMapFromMap(resourceAccess, jwtAuthConverterProperties.getResourceId()));
+		return extractRoles(getClaimMapFromMap(resourceAccess, oAuth2Properties.getResource()));
 	}
 
 	private Map<String, Object> getResourceAccess(Jwt jwt) {

alfa-service/src/main/java/de/ozgcloud/alfa/JwtAuthConverterProperties.java

-package de.ozgcloud.alfa;
-
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Configuration;
-
-import lombok.Getter;
-import lombok.Setter;
-
-@Setter
-@Getter
-@Configuration
-@ConfigurationProperties(prefix = JwtAuthConverterProperties.PREFIX)
-public class JwtAuthConverterProperties {
-
-	static final String PREFIX = "ozgcloud.jwt.auth.converter";
-
-	/**
-	 * Jwt principle attribute
-	 */
-	private String principleAttribute = null;
-
-	/**
-	 * Jwt converter resourceId / keycloak clientId
-	 */
-	private String resourceId = null;
-}
\ No newline at end of file

alfa-service/src/main/java/de/ozgcloud/alfa/KeycloakProperties.java → alfa-service/src/main/java/de/ozgcloud/alfa/OAuth2Properties.java

@@ -9,23 +9,28 @@ import lombok.Setter;
 @Setter
 @Getter
 @Configuration
-@ConfigurationProperties(prefix = KeycloakProperties.PREFIX)
-public class KeycloakProperties {
+@ConfigurationProperties(prefix = OAuth2Properties.PREFIX)
+public class OAuth2Properties {
 
-	static final String PREFIX = "ozgcloud.keycloak";
+	static final String PREFIX = "ozgcloud.oauth2";
 
 	/**
-	 * Keycloak auth server url
+	 * OAuth2 auth server url
 	 */
 	private String authServerUrl;
 
 	/**
-	 * Keycloak realm
+	 * OAuth2 realm
 	 */
 	private String realm;
 
 	/**
-	 * Keycloak client
+	 * OAuth2 resource
 	 */
 	private String resource;
+
+	/**
+	 * OAuth2 principle attribute
+	 */
+	private String principleAttribute;
 }
\ No newline at end of file

alfa-service/src/test/java/de/ozgcloud/alfa/EnvironmentControllerTest.java

@@ -44,7 +44,7 @@ class EnvironmentControllerTest {
 	@InjectMocks
 	private EnvironmentController controller;
 	@Mock
-	private KeycloakProperties keycloakProperties;
+	private OAuth2Properties oAuth2Properties;
 
 	private MockMvc mockMvc;
 
@@ -70,7 +70,7 @@ class EnvironmentControllerTest {
 	@Test
 	void shouldHaveClientId() throws Exception {
 		var client = "goofy";
-		when(keycloakProperties.getResource()).thenReturn(client);
+		when(oAuth2Properties.getResource()).thenReturn(client);
 		var response = doRequest();
 
 		response.andExpect(jsonPath("$.clientId").value(client));

alfa-service/src/test/java/de/ozgcloud/alfa/JwtAuthConverterTest.java

@@ -30,7 +30,7 @@ class JwtAuthConverterTest {
 	@InjectMocks
 	private final JwtAuthConverter converter = new JwtAuthConverter();
 	@Mock
-	private JwtAuthConverterProperties properties;
+	private OAuth2Properties oAuth2Properties;
 
 	@DisplayName("Convert")
 	@Nested
@@ -83,7 +83,7 @@ class JwtAuthConverterTest {
 
 			@BeforeEach
 			void mock() {
-				when(properties.getPrincipleAttribute()).thenReturn(null);
+				when(oAuth2Properties.getPrincipleAttribute()).thenReturn(null);
 			}
 
 			@Test
@@ -100,7 +100,7 @@ class JwtAuthConverterTest {
 
 			@BeforeEach
 			void mock() {
-				when(properties.getPrincipleAttribute()).thenReturn(principleClaimKey);
+				when(oAuth2Properties.getPrincipleAttribute()).thenReturn(principleClaimKey);
 			}
 
 			@Test
@@ -166,12 +166,12 @@ class JwtAuthConverterTest {
 			void shouldCallProperties() {
 				converter.extractResourceRoles(jwt);
 
-				verify(properties).getResourceId();
+				verify(oAuth2Properties).getResource();
 			}
 
 			@Test
 			void shouldReturnEmptySetOnMissingResourceId() {
-				when(properties.getResourceId()).thenReturn(null);
+				when(oAuth2Properties.getResource()).thenReturn(null);
 
 				var resourceRoles = converter.extractResourceRoles(jwt);
 
@@ -190,7 +190,7 @@ class JwtAuthConverterTest {
 				@BeforeEach
 				void mock() {
 					doReturn(Collections.emptySet()).when(converter).extractRoles(any());
-					when(properties.getResourceId()).thenReturn(RESOURCE_ID);
+					when(oAuth2Properties.getResource()).thenReturn(RESOURCE_ID);
 				}
 
 				@Test

goofy-server/src/main/resources/application-dev.yml

 goofy:
   production: false
 
+keycloak:
+   auth-server-url: https://sso.dev.by.ozg-cloud.de		
+   realm: by-kiel-dev		
+   resource: alfa
+
 server:
   error:
     include-stacktrace: always
@@ -10,6 +15,3 @@ ozgcloud:
      vorgang-export: true
   stage:
     production: false
\ No newline at end of file
-  keycloak:
-    auth-server-url: https://sso.dev.by.ozg-cloud.de
-    realm: by-kiel-dev
\ No newline at end of file

goofy-server/src/main/resources/application-e2e.yml

+keycloak:
+  realm: by-e2e-local-dev
 kop:
   forwarding:
     lninfo:
@@ -12,5 +14,3 @@ ozgcloud:
   user-assistance:
      documentation:
         url: /assets/benutzerleitfaden/benutzerleitfaden.pdf
\ No newline at end of file
-  keycloak:
-    realm: by-e2e-local-dev
\ No newline at end of file

goofy-server/src/main/resources/application-local.yml

@@ -29,5 +29,8 @@ ozgcloud:
   user-assistance:
      documentation:
         url: /assets/benutzerleitfaden/benutzerleitfaden.pdf
+    
 keycloak:
   auth-server-url: http://localhost:8088
+  realm: sh-kiel-dev #TODO adjust
+  resource: sh-kiel-dev-goofy #TODO adjust
\ No newline at end of file

goofy-server/src/main/resources/application-remotekc.yml

-ozgcloud:
 keycloak:
   auth-server-url: https://sso.dev.by.ozg-cloud.de
   realm: by-kiel-dev
+  resource: alfa
\ No newline at end of file

goofy-server/src/main/resources/application.yml

@@ -5,13 +5,6 @@ logging:
     '[de.ozgcloud]': INFO,
     '[org.springframework.security]': WARN
 
-ozgcloud:
-  jwt:
-    auth:
-      converter:
-        resource-id: alfa
-        principle-attribute: preferred_username  
-
 spring:
   mvc:
     pathmatch:
@@ -29,7 +22,7 @@ spring:
     oauth2:
       resourceserver:
         jwt:
-          issuer-uri: ${ozgcloud.keycloak.auth-server-url}/realms/${ozgcloud.keycloak.realm}
+          issuer-uri: ${ozgcloud.oauth2.issuer-uri}
           jwk-set-uri: ${spring.security.oauth2.resourceserver.jwt.issuer-uri}/protocol/openid-connect/certs
 
 server:
@@ -85,3 +78,11 @@ kop:
   user-manager:
     profile-template: /api/userProfiles/%s
     search-template: /api/userProfiles/?searchBy={searchBy}
+
+ozgcloud:
+  oauth2:
+    auth-server-url: ${keycloak.auth-server-url}
+    realm: ${keycloak.realm}
+    resource: ${keycloak.resource}
+    principle-attribute: preferred_username
+    issuer-uri: ${ozgcloud.oauth2.auth-server-url}/realms/${ozgcloud.oauth2.realm}
\ No newline at end of file

src/main/helm/templates/deployment.yaml

@@ -73,11 +73,11 @@ spec:
           value: {{ include "app.grpc_client_user-manager_address" . }}
         - name: spring_profiles_active
           value: {{ include "app.envSpringProfiles" . }}
-        - name: ozgcloud_keycloak_realm
+        - name: keycloak_realm
           value: {{ include "app.ssoRealm" . }}
-        - name: ozgcloud_keycloak_resource
+        - name: keycloak_resource
           value: {{ include "app.ssoClientName" . }}
-        - name: ozgcloud_keycloak_auth-server-url
+        - name: keycloak_auth-server-url
           value: {{ include "app.ssoServerUrl" . }}
         - name: kop_user-manager_url
           value: {{ include "app.kop_user-manager_url" . }}
@@ -85,8 +85,6 @@ spec:
         - name: ozgcloud_user-assistance_documentation_url
           value: {{ .Values.ozgcloud.user_assistance.documentation.url }}
         {{- end }}
-        - name: ozgcloud_jwt_auth_converter_resource-id
-          value: {{ include "app.ssoClientName" . }}
         {{- with (.Values.env).customList }}
 {{ toYaml . | indent 8 }}
         {{- end }}

src/test/helm/deployment_defaults_sso_test.yaml

@@ -36,17 +36,17 @@ tests:
       - contains:
           path: spec.template.spec.containers[0].env
           content:
-            name: ozgcloud_keycloak_realm
+            name: keycloak_realm
             value: sh-helm-test
       - contains:
           path: spec.template.spec.containers[0].env
           content:
-            name: ozgcloud_keycloak_resource
+            name: keycloak_resource
             value: alfa
       - contains:
           path: spec.template.spec.containers[0].env
           content:
-            name: ozgcloud_keycloak_auth-server-url
+            name: keycloak_auth-server-url
             value: https://sso.sh.ozg-cloud.de
 
   - it: check realm with long namespace
@@ -58,7 +58,7 @@ tests:
       - contains:
           path: spec.template.spec.containers[0].env
           content:
-            name: ozgcloud_keycloak_realm
+            name: keycloak_realm
             value: sh-eins-zwei-drei-test
 
   - it: check different client name
@@ -71,18 +71,5 @@ tests:
       - contains:
           path: spec.template.spec.containers[0].env
           content:
-            name: ozgcloud_keycloak_resource
-            value: different-client
-            
-  - it: should have jwt auth converter resourceId
-    set:
-      sso:
-        client_name: different-client
-    asserts:
-      - isKind:
-          of: Deployment
-      - contains:
-          path: spec.template.spec.containers[0].env
-          content:
-            name: ozgcloud_jwt_auth_converter_resource-id
+            name: keycloak_resource
             value: different-client
\ No newline at end of file