feat: activated client security (#39)

docs/modules/onecx-announcement-bff/pages/onecx-announcement-bff-docs.adoc

@@ -16,7 +16,6 @@ onecx.permissions.application-id=${quarkus.application.name}
 org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
 %prod.quarkus.rest-client.onecx_announcement_svc.url=http://onecx-announcement-svc:8080
 %prod.quarkus.rest-client.onecx_workspace_svc_v1.url=http://onecx-workspace-svc:8080
-%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
 quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
 quarkus.openapi-generator.codegen.spec.onecx_announcement_svc_yaml.config-key=onecx_announcement_svc
 quarkus.openapi-generator.codegen.spec.onecx_announcement_svc_yaml.base-package=gen.org.tkit.onecx.announcement.client
@@ -28,6 +27,9 @@ quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.base-package=
 quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.return-response=true
 quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
 quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+%prod.quarkus.rest-client.onecx_announcement_svc_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_workspace_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
 ----
 ====
 
@@ -63,8 +65,8 @@ app:
             read: permission on all GET requests and POST search
             write: permission on PUT, POST, PATCH requests, where objects are saved or updated
             delete: permission on all DELETE requests
-----
-
-e: permission on all DELETE requests
+    keycloak:
+      client:
+        enabled: true
 ----
 

src/main/helm/values.yaml

@@ -11,4 +11,7 @@ app:
           announcement:
             read: permission on all GET requests and POST search
             write: permission on PUT, POST, PATCH requests, where objects are saved or updated
-            delete: permission on all DELETE requests
+            delete: permission on all DELETE requests
+    keycloak:
+      client:
+        enabled: true

src/main/resources/application.properties

@@ -12,8 +12,6 @@ org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
 %prod.quarkus.rest-client.onecx_announcement_svc.url=http://onecx-announcement-svc:8080
 %prod.quarkus.rest-client.onecx_workspace_svc_v1.url=http://onecx-workspace-svc:8080
 
-%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
-
 # BUILD
 quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
 
@@ -31,6 +29,12 @@ quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.return-respon
 quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
 quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
 
+# OIDC
+%prod.quarkus.rest-client.onecx_announcement_svc_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_workspace_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
+
+
 # DEV
 %dev.quarkus.rest-client.onecx_announcement_svc.url=${quarkus.mockserver.endpoint}
 %dev.quarkus.rest-client.onecx_workspace_svc_v1.url=${quarkus.mockserver.endpoint}