From 54721a5b42b84e411deb902ae3f403cd36474c78 Mon Sep 17 00:00:00 2001
From: Andrej Petras <andrej@lorislab.org>
Date: Mon, 27 May 2024 12:15:00 +0200
Subject: [PATCH 1/2] feat: add orgId attribute for spec request

---
 ...onecx-data-orchestrator-operator-docs.adoc |   4 -
 ...data-orchestrator-operator-extensions.adoc |  12 +-
 .../onecx-data-orchestrator-operator.adoc     |  51 +++++++++
 .../pages/index.adoc                          |   8 --
 ...roduct-store-slot-operator-attributes.adoc |   5 -
 ...necx-product-store-slot-operator-docs.adoc |  55 ----------
 ...roduct-store-slot-operator-extensions.adoc | 103 ------------------
 pom.xml                                       |   2 +-
 .../helm/crds/datas.onecx.tkit.org-v1.yml     |   2 +
 .../orchestrator/operator/DataConfig.java     |  67 ++++++++++++
 .../data/orchestrator/operator/DataSpec.java  |  11 ++
 .../operator/client/DataConfigClient.java     |  38 -------
 .../operator/client/DataService.java          |  46 +++++++-
 .../operator/client/KeyFactory.java           |  28 +++++
 src/main/resources/application.properties     |   2 +-
 .../operator/DataControllerTest.java          |   1 +
 .../operator/client/KeyFactoryTest.java       |  24 ++++
 src/test/resources/mockserver/onecx-mock.json |   8 +-
 18 files changed, 236 insertions(+), 231 deletions(-)
 delete mode 100644 docs/modules/onecx-product-store-slot-operator/pages/index.adoc
 delete mode 100644 docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-attributes.adoc
 delete mode 100644 docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-docs.adoc
 delete mode 100644 docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-extensions.adoc
 delete mode 100644 src/main/java/org/tkit/onecx/data/orchestrator/operator/client/DataConfigClient.java
 create mode 100644 src/main/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactory.java
 create mode 100644 src/test/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactoryTest.java

diff --git a/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator-docs.adoc b/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator-docs.adoc
index 9f807d8..c8498fe 100644
--- a/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator-docs.adoc
+++ b/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator-docs.adoc
@@ -52,7 +52,3 @@ app:
 watchNamespaces: "JOSDK_WATCH_CURRENT"
 ----
 
-ACES or comma separated list of namespaces
-watchNamespaces: "JOSDK_WATCH_CURRENT"
-----
-
diff --git a/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator-extensions.adoc b/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator-extensions.adoc
index 8c675ec..0f9f94d 100644
--- a/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator-extensions.adoc
+++ b/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator-extensions.adoc
@@ -11,20 +11,20 @@ h| Version
 | tkit-quarkus-log-cdi
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
-| 2.22.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.23.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
+| 2.23.0
 
 | tkit-quarkus-log-rs
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
-| 2.22.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.23.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
+| 2.23.0
 
 | tkit-quarkus-log-json
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
-| 2.22.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.23.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
+| 2.23.0
 
 | quarkus-arc
 
diff --git a/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator.adoc b/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator.adoc
index b582168..3b90af1 100644
--- a/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator.adoc
+++ b/docs/modules/onecx-data-orchestrator-operator/pages/onecx-data-orchestrator-operator.adoc
@@ -27,6 +27,57 @@ endif::add-copy-button-to-env-var[]
 |`MD5`
 
 
+a| [[onecx-data-orchestrator-operator_onecx-data-orchestrator-token-user-name]]`link:#onecx-data-orchestrator-operator_onecx-data-orchestrator-token-user-name[onecx.data-orchestrator.token.user-name]`
+
+
+[.description]
+--
+Username for rest call.
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++ONECX_DATA_ORCHESTRATOR_TOKEN_USER_NAME+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++ONECX_DATA_ORCHESTRATOR_TOKEN_USER_NAME+++`
+endif::add-copy-button-to-env-var[]
+--|string 
+|`data-orchestrator-operator`
+
+
+a| [[onecx-data-orchestrator-operator_onecx-data-orchestrator-token-header-param]]`link:#onecx-data-orchestrator-operator_onecx-data-orchestrator-token-header-param[onecx.data-orchestrator.token.header-param]`
+
+
+[.description]
+--
+Token header parameter.
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++ONECX_DATA_ORCHESTRATOR_TOKEN_HEADER_PARAM+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++ONECX_DATA_ORCHESTRATOR_TOKEN_HEADER_PARAM+++`
+endif::add-copy-button-to-env-var[]
+--|string 
+|`apm-principal-token`
+
+
+a| [[onecx-data-orchestrator-operator_onecx-data-orchestrator-token-claim-organization-param]]`link:#onecx-data-orchestrator-operator_onecx-data-orchestrator-token-claim-organization-param[onecx.data-orchestrator.token.claim-organization-param]`
+
+
+[.description]
+--
+Token claim organization parameter.
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++ONECX_DATA_ORCHESTRATOR_TOKEN_CLAIM_ORGANIZATION_PARAM+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++ONECX_DATA_ORCHESTRATOR_TOKEN_CLAIM_ORGANIZATION_PARAM+++`
+endif::add-copy-button-to-env-var[]
+--|string 
+|`orgId`
+
+
 a| [[onecx-data-orchestrator-operator_onecx-data-orchestrator-client-shared]]`link:#onecx-data-orchestrator-operator_onecx-data-orchestrator-client-shared[onecx.data-orchestrator.client.shared]`
 
 
diff --git a/docs/modules/onecx-product-store-slot-operator/pages/index.adoc b/docs/modules/onecx-product-store-slot-operator/pages/index.adoc
deleted file mode 100644
index b3ef51d..0000000
--- a/docs/modules/onecx-product-store-slot-operator/pages/index.adoc
+++ /dev/null
@@ -1,8 +0,0 @@
-include::onecx-product-store-slot-operator-attributes.adoc[opts=optional]
-
-== onecx-product-store-slot-operator
-
-include::docs.adoc[opts=optional]
-
-
-include::onecx-product-store-slot-operator-docs.adoc[opts=optional]
diff --git a/docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-attributes.adoc b/docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-attributes.adoc
deleted file mode 100644
index 254147a..0000000
--- a/docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-attributes.adoc
+++ /dev/null
@@ -1,5 +0,0 @@
-
-:docker-registry: https://github.com/onecx/onecx-product-store-slot-operator/pkgs/container/onecx-product-store-slot-operator
-:helm-registry: https://github.com/onecx/onecx-product-store-slot-operator/pkgs/container/charts%2Fonecx-product-store-slot-operator
-:properties-file: src/main/resources/application.properties
-:helm-file: src/main/helm/values.yaml
\ No newline at end of file
diff --git a/docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-docs.adoc b/docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-docs.adoc
deleted file mode 100644
index f2fa178..0000000
--- a/docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-docs.adoc
+++ /dev/null
@@ -1,55 +0,0 @@
-
-include::onecx-product-store-slot-operator-attributes.adoc[opts=optional]
-
-=== Default properties
-
-.{properties-file}
-[%collapsible%open]
-====
-[source,properties,subs=attributes+]
-----
-%prod.quarkus.rest-client.product_store_client.url=http://onecx-product-store-svc:8080
-quarkus.operator-sdk.controllers.microservice.namespaces=JOSDK_WATCH_CURRENT
-quarkus.operator-sdk.helm.enabled=true
-quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
-quarkus.openapi-generator.codegen.spec.onecx_product_store_operator_slot_v1_yaml.config-key=product_store_client
-quarkus.openapi-generator.codegen.spec.onecx_product_store_operator_slot_v1_yaml.base-package=gen.org.tkit.onecx.product.store.slot.v1
-quarkus.openapi-generator.codegen.spec.onecx_product_store_operator_slot_v1_yaml.return-response=true
-quarkus.kubernetes-client.devservices.override-kubeconfig=true
-----
-====
-
-=== Extensions
-
-include::onecx-product-store-slot-operator-extensions.adoc[opts=optional]
-
-=== Container
-
-{docker-registry}[Docker registry]
-
-
-=== Helm
-
-{helm-registry}[Helm registry]
-
-Default values
-
-.{helm-file}
-[source,yaml]
-----
-app:
-  name: slot-operator
-  image:
-    repository: "onecx/onecx-product-store-slot-operator"
-  envCustom:
-    - name: KUBERNETES_NAMESPACE
-      valueFrom:
-        fieldRef:
-          fieldPath: metadata.namespace
-  serviceAccount:
-    enabled: true
-
-# Values: JOSDK_WATCH_CURRENT, JOSDK_ALL_NAMESPACES or comma separated list of namespaces
-watchNamespaces: "JOSDK_WATCH_CURRENT"
-----
-
diff --git a/docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-extensions.adoc b/docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-extensions.adoc
deleted file mode 100644
index cf981eb..0000000
--- a/docs/modules/onecx-product-store-slot-operator/pages/onecx-product-store-slot-operator-extensions.adoc
+++ /dev/null
@@ -1,103 +0,0 @@
-
-include::onecx-product-store-slot-operator-attributes.adoc[opts=optional]
-
-[.extension.table.searchable, cols="50,.^15,.^15,.^20"]
-|===
-h| Extensions
-h| Documentation
-h| Configuration
-h| Version
-
-| tkit-quarkus-log-cdi
-
-| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
-| 2.22.0
-
-| tkit-quarkus-log-rs
-
-| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
-| 2.22.0
-
-| tkit-quarkus-log-json
-
-| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
-| 2.22.0
-
-| quarkus-arc
-
-| https://quarkus.io/guides/cdi-reference[Link]
-| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link]
-| 3.9.3
-
-| quarkus-micrometer-registry-prometheus
-
-| https://quarkus.io/guides/telemetry-micrometer[Link]
-| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link]
-| 3.9.3
-
-| quarkus-opentelemetry
-
-| https://quarkus.io/guides/opentelemetry[Link]
-| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link]
-| 3.9.3
-
-| quarkus-openapi-generator
-
-| https://docs.quarkiverse.io/quarkus-openapi-generator/dev/index.html[Link]
-| https://github.com/quarkiverse/quarkus-openapi-generator/blob/2.4.1/docs/modules/ROOT/pages/includes/quarkus-openapi-generator.adoc[Link]
-| 2.4.1
-
-| quarkus-rest-client
-
-| https://quarkus.io/guides/rest-client[Link]
-| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest-client.adoc[Link]
-| 3.9.3
-
-| quarkus-rest-client-jackson
-
-| https://quarkus.io/guides/rest-client[Link]
-| 
-| 3.9.3
-
-| onecx-core
-
-| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link]
-| 
-| 0.17.0
-
-| quarkus-container-image-docker
-
-| https://quarkus.io/guides/container-image[Link]
-| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link]
-| 3.9.3
-
-
-| quarkus-operator-sdk-bundle-generator
-
-| 
-| 
-| 6.6.7
-
-| quarkus-operator-sdk
-
-| 
-| 
-| 6.6.7
-
-| quarkus-oidc-client
-
-| 
-| 
-| 3.9.3
-
-| quarkus-rest-client-oidc-filter
-
-| 
-| 
-| 3.9.3
-
-
-|===
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 5ff9b6b..7fb0832 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.tkit.onecx</groupId>
         <artifactId>onecx-quarkus3-parent</artifactId>
-        <version>0.48.0</version>
+        <version>0.49.0</version>
     </parent>
 
     <artifactId>onecx-data-orchestrator-operator</artifactId>
diff --git a/src/main/helm/crds/datas.onecx.tkit.org-v1.yml b/src/main/helm/crds/datas.onecx.tkit.org-v1.yml
index 30ce946..b05ab1e 100644
--- a/src/main/helm/crds/datas.onecx.tkit.org-v1.yml
+++ b/src/main/helm/crds/datas.onecx.tkit.org-v1.yml
@@ -25,6 +25,8 @@ spec:
                 type: string
               key:
                 type: string
+              orgId:
+                type: string
               productName:
                 type: string
             type: object
diff --git a/src/main/java/org/tkit/onecx/data/orchestrator/operator/DataConfig.java b/src/main/java/org/tkit/onecx/data/orchestrator/operator/DataConfig.java
index 016840d..651d6bc 100644
--- a/src/main/java/org/tkit/onecx/data/orchestrator/operator/DataConfig.java
+++ b/src/main/java/org/tkit/onecx/data/orchestrator/operator/DataConfig.java
@@ -1,5 +1,7 @@
 package org.tkit.onecx.data.orchestrator.operator;
 
+import java.util.Map;
+
 import io.quarkus.runtime.annotations.*;
 import io.smallrye.config.ConfigMapping;
 import io.smallrye.config.WithDefault;
@@ -18,4 +20,69 @@ public interface DataConfig {
     @WithDefault("MD5")
     String digest();
 
+    /**
+     * Token configuration.
+     */
+    @WithDefault("token")
+    TokenConfig token();
+
+    /**
+     * Client configuration.
+     */
+    @WithDefault("client")
+    ConfigClient client();
+
+    /**
+     * Client configuration.
+     */
+    interface ConfigClient {
+
+        /**
+         * Set to true to share the HTTP client between REST clients.
+         */
+        @WithName("shared")
+        @WithDefault("true")
+        boolean shared();
+
+        /**
+         * The size of the rest client connection pool.
+         */
+        @WithName("connection-pool-size")
+        @WithDefault("30")
+        int connectionPoolSize();
+
+        /**
+         * Clients key configuration
+         */
+        @WithName("key")
+        Map<String, String> keys();
+    }
+
+    /**
+     * Token configuration.
+     */
+    interface TokenConfig {
+
+        /**
+         * Username for rest call.
+         */
+        @WithName("user-name")
+        @WithDefault("data-orchestrator-operator")
+        String userName();
+
+        /**
+         * Token header parameter.
+         */
+        @WithName("header-param")
+        @WithDefault("apm-principal-token")
+        String headerParam();
+
+        /**
+         * Token claim organization parameter.
+         */
+        @WithName("claim-organization-param")
+        @WithDefault("orgId")
+        String claimOrganizationParam();
+
+    }
 }
diff --git a/src/main/java/org/tkit/onecx/data/orchestrator/operator/DataSpec.java b/src/main/java/org/tkit/onecx/data/orchestrator/operator/DataSpec.java
index 8cd2b3f..21185a4 100644
--- a/src/main/java/org/tkit/onecx/data/orchestrator/operator/DataSpec.java
+++ b/src/main/java/org/tkit/onecx/data/orchestrator/operator/DataSpec.java
@@ -6,6 +6,9 @@
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public class DataSpec {
 
+    @JsonProperty("orgId")
+    private String orgId;
+
     @JsonProperty("key")
     private String key;
 
@@ -21,6 +24,14 @@ public class DataSpec {
     @JsonProperty("data")
     private String data;
 
+    public String getOrgId() {
+        return orgId;
+    }
+
+    public void setOrgId(String orgId) {
+        this.orgId = orgId;
+    }
+
     public String getData() {
         return data;
     }
diff --git a/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/DataConfigClient.java b/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/DataConfigClient.java
deleted file mode 100644
index 50f801f..0000000
--- a/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/DataConfigClient.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package org.tkit.onecx.data.orchestrator.operator.client;
-
-import java.util.Map;
-
-import io.quarkus.runtime.annotations.ConfigDocFilename;
-import io.quarkus.runtime.annotations.ConfigPhase;
-import io.quarkus.runtime.annotations.ConfigRoot;
-import io.quarkus.runtime.annotations.StaticInitSafe;
-import io.smallrye.config.ConfigMapping;
-import io.smallrye.config.WithDefault;
-import io.smallrye.config.WithName;
-
-@StaticInitSafe
-@ConfigDocFilename("onecx-data-orchestrator-operator.adoc")
-@ConfigMapping(prefix = "onecx.data-orchestrator.client")
-@ConfigRoot(phase = ConfigPhase.RUN_TIME)
-public interface DataConfigClient {
-
-    /**
-     * Set to true to share the HTTP client between REST clients.
-     */
-    @WithName("shared")
-    @WithDefault("true")
-    boolean shared();
-
-    /**
-     * The size of the rest client connection pool.
-     */
-    @WithName("connection-pool-size")
-    @WithDefault("30")
-    int connectionPoolSize();
-
-    /**
-     * Clients key configuration
-     */
-    @WithName("key")
-    Map<String, String> keys();
-}
diff --git a/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/DataService.java b/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/DataService.java
index c11643b..c948844 100644
--- a/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/DataService.java
+++ b/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/DataService.java
@@ -4,35 +4,55 @@
 
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
+import jakarta.json.Json;
+import jakarta.json.JsonObjectBuilder;
+import jakarta.ws.rs.core.MultivaluedHashMap;
+import jakarta.ws.rs.core.MultivaluedMap;
 
-import org.eclipse.microprofile.rest.client.RestClientBuilder;
+import org.eclipse.microprofile.jwt.Claims;
 import org.jboss.resteasy.reactive.client.api.QuarkusRestClientProperties;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.tkit.onecx.data.orchestrator.operator.Data;
+import org.tkit.onecx.data.orchestrator.operator.DataConfig;
 import org.tkit.onecx.data.orchestrator.operator.DataSpec;
 
+import io.quarkus.rest.client.reactive.QuarkusRestClientBuilder;
+import io.quarkus.rest.client.reactive.ReactiveClientHeadersFactory;
+import io.smallrye.jwt.build.Jwt;
+import io.smallrye.mutiny.Uni;
+
 @ApplicationScoped
 public class DataService {
 
     private static final Logger log = LoggerFactory.getLogger(DataService.class);
 
     @Inject
-    DataConfigClient config;
+    DataConfig config;
 
     public int updateData(Data data) {
         DataSpec spec = data.getSpec();
-        var url = config.keys().get(spec.getKey());
+        var url = config.client().keys().get(spec.getKey());
         if (url == null) {
             log.warn("No URL defined for the key '{}', resource: {}", spec.getKey(), data.getMetadata().getName());
             throw new MissingKeyConfiguration(spec.getKey());
         }
 
-        var client = RestClientBuilder.newBuilder()
+        var token = createToken(data);
+        var client = QuarkusRestClientBuilder.newBuilder()
                 .baseUri(URI.create(url))
-                .property(QuarkusRestClientProperties.CONNECTION_POOL_SIZE, config.connectionPoolSize())
+                .property(QuarkusRestClientProperties.CONNECTION_POOL_SIZE, config.client().connectionPoolSize())
                 .property(QuarkusRestClientProperties.NAME, spec.getKey())
-                .property(QuarkusRestClientProperties.SHARED, config.shared())
+                .property(QuarkusRestClientProperties.SHARED, config.client().shared())
+                .clientHeadersFactory(new ReactiveClientHeadersFactory() {
+                    @Override
+                    public Uni<MultivaluedMap<String, String>> getHeaders(MultivaluedMap<String, String> incomingHeaders,
+                            MultivaluedMap<String, String> clientOutgoingHeaders) {
+                        MultivaluedMap<String, String> propagatedHeaders = new MultivaluedHashMap<>();
+                        propagatedHeaders.putSingle(config.token().headerParam(), token);
+                        return Uni.createFrom().item(propagatedHeaders);
+                    }
+                })
                 .build(DataClientApi.class);
 
         try (var response = client.updateDate(spec.getData())) {
@@ -41,6 +61,20 @@ public int updateData(Data data) {
         }
     }
 
+    private String createToken(Data data) {
+
+        var userName = config.token().userName();
+        var orgId = data.getSpec().getOrgId();
+
+        JsonObjectBuilder claims = Json.createObjectBuilder();
+        claims.add(Claims.preferred_username.name(), userName);
+        claims.add(Claims.sub.name(), userName);
+        if (orgId != null) {
+            claims.add(config.token().claimOrganizationParam(), orgId);
+        }
+        return Jwt.claims(claims.build()).sign(KeyFactory.PRIVATE_KEY);
+    }
+
     public static class MissingKeyConfiguration extends RuntimeException {
 
         public MissingKeyConfiguration(String key) {
diff --git a/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactory.java b/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactory.java
new file mode 100644
index 0000000..5963fd1
--- /dev/null
+++ b/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactory.java
@@ -0,0 +1,28 @@
+package org.tkit.onecx.data.orchestrator.operator.client;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+
+import io.smallrye.jwt.util.KeyUtils;
+
+class KeyFactory {
+
+    static PrivateKey PRIVATE_KEY = createKey();
+
+    static PrivateKey createKey() {
+        return createKey(new KeyFactory());
+    }
+
+    static PrivateKey createKey(KeyFactory kf) {
+        try {
+            return kf.createPrivateKey();
+        } catch (NoSuchAlgorithmException ex) {
+            throw new RuntimeException(ex);
+        }
+    }
+
+    PrivateKey createPrivateKey() throws NoSuchAlgorithmException {
+        return KeyUtils.generateKeyPair(2048).getPrivate();
+    }
+
+}
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 047d5f1..e0f7061 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -21,7 +21,7 @@ quarkus.kubernetes-client.devservices.override-kubeconfig=true
 %test.quarkus.mockserver.devservices.config-class-path=true
 %test.quarkus.mockserver.devservices.config-file=/mockserver.properties
 %test.quarkus.mockserver.devservices.config-dir=/mockserver
-%test.quarkus.mockserver.devservices.log=false
+%test.quarkus.mockserver.devservices.log=true
 %test.quarkus.mockserver.devservices.reuse=true
 
 %test.onecx.data-orchestrator.client.key.workspace=${quarkus.mockserver.endpoint}/workspace
diff --git a/src/test/java/org/tkit/onecx/data/orchestrator/operator/DataControllerTest.java b/src/test/java/org/tkit/onecx/data/orchestrator/operator/DataControllerTest.java
index 42e57fc..9106960 100644
--- a/src/test/java/org/tkit/onecx/data/orchestrator/operator/DataControllerTest.java
+++ b/src/test/java/org/tkit/onecx/data/orchestrator/operator/DataControllerTest.java
@@ -72,6 +72,7 @@ private static DataSpec createSpec(String key, String data) {
         spec.setKey(key);
         spec.setDescription("description");
         spec.setData(data);
+        spec.setOrgId("default");
         return spec;
     }
 
diff --git a/src/test/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactoryTest.java b/src/test/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactoryTest.java
new file mode 100644
index 0000000..33ab25f
--- /dev/null
+++ b/src/test/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactoryTest.java
@@ -0,0 +1,24 @@
+package org.tkit.onecx.data.orchestrator.operator.client;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.catchThrowableOfType;
+
+import java.security.NoSuchAlgorithmException;
+
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+import org.tkit.onecx.data.orchestrator.operator.AbstractTest;
+
+import io.quarkus.test.junit.QuarkusTest;
+
+@QuarkusTest
+class KeyFactoryTest extends AbstractTest {
+
+    @Test
+    void createKeyFailedTest() throws NoSuchAlgorithmException {
+        var mock = Mockito.mock(KeyFactory.class);
+        Mockito.when(mock.createPrivateKey()).thenThrow(new NoSuchAlgorithmException());
+        RuntimeException throwable = catchThrowableOfType(() -> KeyFactory.createKey(mock), RuntimeException.class);
+        assertThat(throwable).isNotNull();
+    }
+}
diff --git a/src/test/resources/mockserver/onecx-mock.json b/src/test/resources/mockserver/onecx-mock.json
index 570e20f..e408f8f 100644
--- a/src/test/resources/mockserver/onecx-mock.json
+++ b/src/test/resources/mockserver/onecx-mock.json
@@ -1,22 +1,22 @@
 [
   {
     "id": "1",
-    "httpRequest": { "method" : "POST", "path": "/workspace" },
+    "httpRequest": { "method" : "POST", "path": "/workspace", "headers": { "apm-principal-token": [ ".*" ] } },
     "httpResponse": { "statusCode": 201 }
   },
   {
     "id": "2",
-    "httpRequest": { "method" : "POST", "path": "/permission" },
+    "httpRequest": { "method" : "POST", "path": "/permission", "headers": { "apm-principal-token": [ ".*" ] } },
     "httpResponse": { "statusCode": 200 }
   },
   {
     "id": "3",
-    "httpRequest": { "method" : "POST", "path": "/tenant" },
+    "httpRequest": { "method" : "POST", "path": "/tenant", "headers": { "apm-principal-token": [ ".*" ] } },
     "httpResponse": { "statusCode": 500 }
   },
   {
     "id": "4",
-    "httpRequest": { "method" : "POST", "path": "/theme" },
+    "httpRequest": { "method" : "POST", "path": "/theme", "headers": { "apm-principal-token": [ ".*" ] } },
     "httpResponse": { "statusCode": 400 }
   }
 ]
\ No newline at end of file

From 48c306deb8fbb137d61dfb70e6471a2ebc7aa5cf Mon Sep 17 00:00:00 2001
From: Andrej Petras <andrej@lorislab.org>
Date: Mon, 27 May 2024 13:07:52 +0200
Subject: [PATCH 2/2] fix: sonar issues

---
 .../data/orchestrator/operator/client/KeyFactory.java | 11 +++++++++--
 src/main/resources/application.properties             |  2 +-
 .../orchestrator/operator/client/KeyFactoryTest.java  |  3 ++-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactory.java b/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactory.java
index 5963fd1..3be0af2 100644
--- a/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactory.java
+++ b/src/main/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactory.java
@@ -7,7 +7,7 @@
 
 class KeyFactory {
 
-    static PrivateKey PRIVATE_KEY = createKey();
+    static final PrivateKey PRIVATE_KEY = createKey();
 
     static PrivateKey createKey() {
         return createKey(new KeyFactory());
@@ -17,7 +17,7 @@ static PrivateKey createKey(KeyFactory kf) {
         try {
             return kf.createPrivateKey();
         } catch (NoSuchAlgorithmException ex) {
-            throw new RuntimeException(ex);
+            throw new KeyFactoryException(ex);
         }
     }
 
@@ -25,4 +25,11 @@ PrivateKey createPrivateKey() throws NoSuchAlgorithmException {
         return KeyUtils.generateKeyPair(2048).getPrivate();
     }
 
+    public static class KeyFactoryException extends RuntimeException {
+
+        public KeyFactoryException(Throwable ex) {
+            super(ex);
+        }
+    }
+
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index e0f7061..047d5f1 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -21,7 +21,7 @@ quarkus.kubernetes-client.devservices.override-kubeconfig=true
 %test.quarkus.mockserver.devservices.config-class-path=true
 %test.quarkus.mockserver.devservices.config-file=/mockserver.properties
 %test.quarkus.mockserver.devservices.config-dir=/mockserver
-%test.quarkus.mockserver.devservices.log=true
+%test.quarkus.mockserver.devservices.log=false
 %test.quarkus.mockserver.devservices.reuse=true
 
 %test.onecx.data-orchestrator.client.key.workspace=${quarkus.mockserver.endpoint}/workspace
diff --git a/src/test/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactoryTest.java b/src/test/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactoryTest.java
index 33ab25f..f55ecfb 100644
--- a/src/test/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactoryTest.java
+++ b/src/test/java/org/tkit/onecx/data/orchestrator/operator/client/KeyFactoryTest.java
@@ -18,7 +18,8 @@ class KeyFactoryTest extends AbstractTest {
     void createKeyFailedTest() throws NoSuchAlgorithmException {
         var mock = Mockito.mock(KeyFactory.class);
         Mockito.when(mock.createPrivateKey()).thenThrow(new NoSuchAlgorithmException());
-        RuntimeException throwable = catchThrowableOfType(() -> KeyFactory.createKey(mock), RuntimeException.class);
+        KeyFactory.KeyFactoryException throwable = catchThrowableOfType(() -> KeyFactory.createKey(mock),
+                KeyFactory.KeyFactoryException.class);
         assertThat(throwable).isNotNull();
     }
 }