feat: added iam api + endpoint + test

pom.xml

@@ -206,6 +206,19 @@
                             <skipCache>true</skipCache>
                         </configuration>
                     </execution>
+                    <execution>
+                        <id>iam-svc-external-v1</id>
+                        <phase>generate-resources</phase>
+                        <goals>
+                            <goal>wget</goal>
+                        </goals>
+                        <configuration>
+                            <url>https://raw.githubusercontent.com/onecx/onecx-iam-kc-svc/main/src/main/openapi/onecx-iam-kc-svc-v1.yaml</url>
+                            <outputDirectory>target/tmp/openapi</outputDirectory>
+                            <outputFileName>onecx-iam-svc-v1.yaml</outputFileName>
+                            <skipCache>true</skipCache>
+                        </configuration>
+                    </execution>
                 </executions>
             </plugin>
         </plugins>

src/main/java/org/tkit/onecx/permission/bff/rs/controllers/RoleRestController.java

@@ -19,6 +19,8 @@
 import org.tkit.onecx.permission.bff.rs.mappers.RoleMapper;
 import org.tkit.quarkus.log.cdi.LogService;
 
+import gen.org.tkit.onecx.iam.client.api.AdminRoleControllerApi;
+import gen.org.tkit.onecx.iam.client.model.RolePageResultIamV1;
 import gen.org.tkit.onecx.permission.bff.rs.internal.RoleApiService;
 import gen.org.tkit.onecx.permission.bff.rs.internal.model.*;
 import gen.org.tkit.onecx.permission.client.api.RoleInternalApi;
@@ -34,6 +36,10 @@ public class RoleRestController implements RoleApiService {
     @Inject
     RoleInternalApi roleClient;
 
+    @RestClient
+    @Inject
+    AdminRoleControllerApi iamClient;
+
     @Inject
     RoleMapper mapper;
 
@@ -74,6 +80,15 @@ public Response getRoleById(String id) {
         }
     }
 
+    @Override
+    public Response searchAvailableRoles(IAMRoleSearchCriteriaDTO searchCriteriaDTO) {
+        try (Response response = iamClient.searchRolesByCriteria(mapper.map(searchCriteriaDTO))) {
+            IAMRolePageResultDTO responseDTO = mapper
+                    .map(response.readEntity(RolePageResultIamV1.class));
+            return Response.status(response.getStatus()).entity(responseDTO).build();
+        }
+    }
+
     @Override
     public Response searchRoles(RoleSearchCriteriaDTO roleSearchCriteriaDTO) {
         try (Response response = roleClient.searchRoles(mapper.map(roleSearchCriteriaDTO))) {

src/main/java/org/tkit/onecx/permission/bff/rs/mappers/RoleMapper.java

@@ -4,6 +4,8 @@
 import org.mapstruct.Mapping;
 import org.tkit.quarkus.rs.mappers.OffsetDateTimeMapper;
 
+import gen.org.tkit.onecx.iam.client.model.RolePageResultIamV1;
+import gen.org.tkit.onecx.iam.client.model.RoleSearchCriteriaIamV1;
 import gen.org.tkit.onecx.permission.bff.rs.internal.model.*;
 import gen.org.tkit.onecx.permission.client.model.*;
 
@@ -19,4 +21,9 @@ public interface RoleMapper {
     RolePageResultDTO map(RolePageResult pageResult);
 
     UpdateRoleRequest map(UpdateRoleRequestDTO updateRoleRequestDTO);
+
+    RoleSearchCriteriaIamV1 map(IAMRoleSearchCriteriaDTO searchCriteriaDTO);
+
+    @Mapping(target = "removeStreamItem", ignore = true)
+    IAMRolePageResultDTO map(RolePageResultIamV1 pageResultIamV1);
 }

src/main/openapi/openapi-bff.yaml

@@ -150,6 +150,35 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/ProblemDetailResponse'
+  /roles/iam/search:
+    post:
+      x-onecx:
+        permissions:
+          role:
+            - read
+      tags:
+        - role
+      description: Search for available roles in iam
+      operationId: searchAvailableRoles
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/IAMRoleSearchCriteria'
+      responses:
+        200:
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IAMRolePageResult'
+        400:
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProblemDetailResponse'
   /permissions/search:
     post:
       x-onecx:
@@ -488,6 +517,48 @@ components:
           type: string
         description:
           type: string
+    IAMRoleSearchCriteria:
+      type: object
+      properties:
+        name:
+          type: string
+        pageNumber:
+          format: int32
+          description: The number of page.
+          default: 0
+          type: integer
+        pageSize:
+          format: int32
+          description: The size of page
+          default: 100
+          type: integer
+    IAMRolePageResult:
+      type: object
+      properties:
+        totalElements:
+          format: int64
+          description: The total elements in the resource.
+          type: integer
+        number:
+          format: int32
+          type: integer
+        size:
+          format: int32
+          type: integer
+        totalPages:
+          format: int64
+          type: integer
+        stream:
+          type: array
+          items:
+            $ref: '#/components/schemas/IAMRole'
+    IAMRole:
+      type: object
+      properties:
+        name:
+          type: string
+        description:
+          type: string
     RoleSearchCriteria:
       type: object
       properties:

src/main/resources/application.properties

@@ -13,12 +13,16 @@ org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
 %prod.quarkus.rest-client.onecx_permission_svc.url=http://onecx-permission-svc:8080
 %prod.quarkus.rest-client.onecx_workspace_svc.url=http://onecx-workspace-svc:8080
 %prod.quarkus.rest-client.onecx_product_store_svc.url=http://onecx-product-store-svc:8080
+%prod.quarkus.rest-client.onecx_iam_svc.url=http://onecx-iam-kc-svc:8080
+
 %prod.quarkus.oidc-client.client-id=${quarkus.application.name}
 
 # DEV
 %dev.quarkus.rest-client.onecx_workspace_svc.url=${quarkus.mockserver.endpoint}
 %dev.quarkus.rest-client.onecx_permission_svc.url=${quarkus.mockserver.endpoint}
 %dev.quarkus.rest-client.onecx_product_store_svc.url=${quarkus.mockserver.endpoint}
+%dev.quarkus.rest-client.onecx_iam_svc.url=${quarkus.mockserver.endpoint}
+
 
 %dev.quarkus.oidc-client.auth-server-url=${quarkus.oidc.auth-server-url}
 %dev.quarkus.oidc-client.client-id=${quarkus.oidc.client-id}
@@ -44,6 +48,12 @@ quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.config-ke
 quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.base-package=gen.org.tkit.onecx.product.store.client
 quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.return-response=true
 quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
+# iam client
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.config-key=onecx_iam_svc
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.base-package=gen.org.tkit.onecx.iam.client
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.return-response=true
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.model-name-suffix=IamV1
 # INTEGRATION TEST
 quarkus.test.integration-test-profile=test
 
@@ -59,10 +69,13 @@ quarkus.test.integration-test-profile=test
 %test.quarkus.rest-client.onecx_permission_svc.url=${quarkus.mockserver.endpoint}
 %test.quarkus.rest-client.onecx_workspace_svc.url=${quarkus.mockserver.endpoint}
 %test.quarkus.rest-client.onecx_product_store_svc.url=${quarkus.mockserver.endpoint}
+%test.quarkus.rest-client.onecx_iam_svc.url=${quarkus.mockserver.endpoint}
+
 %test.tkit.rs.context.token.header-param=apm-principal-token
 %test.tkit.rs.context.token.enabled=false
 %test.quarkus.rest-client.onecx_permission_svc.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
 %test.quarkus.rest-client.onecx_workspace_svc.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%test.quarkus.rest-client.onecx_iam_svc.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
 %test.tkit.rs.context.tenant-id.mock.claim-org-id=orgId
 %test.quarkus.rest-client.onecx_permission.url=${quarkus.mockserver.endpoint}
 %test.quarkus.keycloak.devservices.roles.alice=role-admin

src/test/java/org/tkit/onecx/permission/rs/RoleRestControllerTest.java

@@ -17,6 +17,9 @@
 import org.mockserver.model.MediaType;
 import org.tkit.onecx.permission.bff.rs.controllers.RoleRestController;
 
+import gen.org.tkit.onecx.iam.client.model.RoleIamV1;
+import gen.org.tkit.onecx.iam.client.model.RolePageResultIamV1;
+import gen.org.tkit.onecx.iam.client.model.RoleSearchCriteriaIamV1;
 import gen.org.tkit.onecx.permission.bff.rs.internal.model.*;
 import gen.org.tkit.onecx.permission.client.model.*;
 import io.quarkiverse.mockserver.test.InjectMockServerClient;
@@ -146,6 +149,46 @@ void searchRoleByCriteriaTest() {
         mockServerClient.clear(MOCKID);
     }
 
+    @Test
+    void searchIAMRoleByCriteriaTest() {
+        RoleSearchCriteriaIamV1 criteria = new RoleSearchCriteriaIamV1();
+
+        RolePageResultIamV1 pageResult = new RolePageResultIamV1();
+        RoleIamV1 role = new RoleIamV1();
+        role.name("role1").description("desc1");
+        pageResult.stream(List.of(role)).size(1).number(1).totalElements(1L).totalPages(1L);
+
+        // create mock rest endpoint
+        mockServerClient.when(request().withPath("/v1/roles/search").withMethod(HttpMethod.POST)
+                .withBody(JsonBody.json(criteria)))
+                .withId(MOCKID)
+                .respond(httpRequest -> response().withStatusCode(Response.Status.OK.getStatusCode())
+                        .withContentType(MediaType.APPLICATION_JSON)
+                        .withBody(JsonBody.json(pageResult)));
+
+        IAMRoleSearchCriteriaDTO criteriaDTO = new IAMRoleSearchCriteriaDTO();
+
+        var output = given()
+                .when()
+                .auth().oauth2(keycloakClient.getAccessToken(ADMIN))
+                .header(APM_HEADER_PARAM, ADMIN)
+                .contentType(APPLICATION_JSON)
+                .body(criteriaDTO)
+                .post("/iam/search")
+                .then()
+                .statusCode(Response.Status.OK.getStatusCode())
+                .contentType(APPLICATION_JSON)
+                .extract().as(RolePageResultDTO.class);
+
+        Assertions.assertNotNull(output);
+        Assertions.assertEquals(pageResult.getSize(), output.getSize());
+        Assertions.assertEquals(pageResult.getStream().size(), output.getStream().size());
+        Assertions.assertEquals(pageResult.getStream().get(0).getName(), output.getStream().get(0).getName());
+        Assertions.assertEquals(pageResult.getStream().get(0).getDescription(), output.getStream().get(0).getDescription());
+
+        mockServerClient.clear(MOCKID);
+    }
+
     @Test
     void searchRolesByEmptyCriteriaTest() {