diff --git a/docs/antora.yml b/docs/antora.yml
new file mode 100644
index 0000000..5d9cec4
--- /dev/null
+++ b/docs/antora.yml
@@ -0,0 +1,3 @@
+name: onecx-permission
+title: Permission Bff
+version: latest
\ No newline at end of file
diff --git a/docs/modules/onecx-permission-bff/nav.adoc b/docs/modules/onecx-permission-bff/nav.adoc
new file mode 100644
index 0000000..8fe7193
--- /dev/null
+++ b/docs/modules/onecx-permission-bff/nav.adoc
@@ -0,0 +1 @@
+* xref:onecx-permission-bff:index.adoc[Permission Bff]
\ No newline at end of file
diff --git a/docs/modules/onecx-permission-bff/pages/index.adoc b/docs/modules/onecx-permission-bff/pages/index.adoc
new file mode 100644
index 0000000..3265412
--- /dev/null
+++ b/docs/modules/onecx-permission-bff/pages/index.adoc
@@ -0,0 +1,8 @@
+include::onecx-permission-bff-attributes.adoc[opts=optional]
+
+== onecx-permission-bff
+
+include::docs.adoc[opts=optional]
+
+
+include::onecx-permission-bff-docs.adoc[opts=optional]
diff --git a/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-attributes.adoc b/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-attributes.adoc
new file mode 100644
index 0000000..1d131f6
--- /dev/null
+++ b/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-attributes.adoc
@@ -0,0 +1,5 @@
+
+:docker-registry: https://github.com/onecx/onecx-permission-bff/pkgs/container/onecx-permission-bff
+:helm-registry: https://github.com/onecx/onecx-permission-bff/pkgs/container/charts%2Fonecx-permission-bff
+:properties-file: src/main/resources/application.properties
+:helm-file: src/main/helm/values.yaml
\ No newline at end of file
diff --git a/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-docs.adoc b/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-docs.adoc
new file mode 100644
index 0000000..98bc296
--- /dev/null
+++ b/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-docs.adoc
@@ -0,0 +1,97 @@
+
+include::onecx-permission-bff-attributes.adoc[opts=optional]
+
+=== Default properties
+
+.{properties-file}
+[%collapsible%open]
+====
+[source,properties,subs=attributes+]
+----
+quarkus.http.auth.permission.health.paths=/q/*
+quarkus.http.auth.permission.health.policy=permit
+quarkus.http.auth.permission.default.paths=/*
+quarkus.http.auth.permission.default.policy=authenticated
+onecx.permissions.application-id=${quarkus.application.name}
+org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
+%prod.quarkus.rest-client.onecx_permission_svc.url=http://onecx-permission-svc:8080
+%prod.quarkus.rest-client.onecx_workspace_svc.url=http://onecx-workspace-svc:8080
+%prod.quarkus.rest-client.onecx_product_store_svc.url=http://onecx-product-store-svc:8080
+%prod.quarkus.rest-client.onecx_iam_svc.url=http://onecx-iam-kc-svc:8080
+%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
+quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
+quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.config-key=onecx_permission_svc
+quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.base-package=gen.org.tkit.onecx.permission.client
+quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.return-response=true
+quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
+quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.config-key=onecx_workspace_svc
+quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.base-package=gen.org.tkit.onecx.permission.client
+quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.return-response=true
+quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
+quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.config-key=onecx_product_store_svc
+quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.base-package=gen.org.tkit.onecx.product.store.client
+quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.return-response=true
+quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
+quarkus.openapi-generator.codegen.spec.onecx_product_store_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.config-key=onecx_iam_svc
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.base-package=gen.org.tkit.onecx.iam.client
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.return-response=true
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.model-name-suffix=IamV1
+quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+----
+====
+
+=== Extensions
+
+include::onecx-permission-bff-extensions.adoc[opts=optional]
+
+=== Container
+
+{docker-registry}[Docker registry]
+
+
+=== Helm
+
+{helm-registry}[Helm registry]
+
+Default values
+
+.{helm-file}
+[source,yaml]
+----
+app:
+ name: bff
+ image:
+ repository: "onecx/onecx-permission-bff"
+ operator:
+ # Permission
+ permission:
+ enabled: true
+ spec:
+ permissions:
+ permission:
+ read: permission on all GET requests and POST search
+ write: permission on PUT, POST, PATCH requests, where objects are saved or updated
+ delete: permission on all DELETE requests
+ role:
+ read: permission on all GET requests and POST search
+ write: permission on PUT, POST, PATCH requests, where objects are saved or updated
+ delete: permission on all DELETE requests
+ assignment:
+ read: permission on all GET requests and POST search
+ write: permission on PUT, POST, PATCH requests, where objects are saved or updated
+ delete: permission on all DELETE requests
+ application:
+ read: permission on all GET requests and POST search
+ write: permission on PUT, POST, PATCH requests, where objects are saved or updated
+ delete: permission on all DELETE requests
+ workspace:
+ read: permission on all GET requests and POST search
+ write: permission on PUT, POST, PATCH requests, where objects are saved or updated
+ delete: permission on all DELETE requests
+
+----
+
diff --git a/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-extensions.adoc b/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-extensions.adoc
new file mode 100644
index 0000000..43f3735
--- /dev/null
+++ b/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-extensions.adoc
@@ -0,0 +1,127 @@
+
+include::onecx-permission-bff-attributes.adoc[opts=optional]
+
+[.extension.table.searchable, cols="50,.^15,.^15,.^20"]
+|===
+h| Extensions
+h| Documentation
+h| Configuration
+h| Version
+
+| quarkus-resteasy-reactive
+
+| https://quarkus.io/guides/resteasy-reactive[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-resteasy-reactive.adoc[Link]
+| 3.9.3
+
+| quarkus-smallrye-openapi
+
+| https://quarkus.io/guides/openapi-swaggerui[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-openapi.adoc[Link]
+| 3.9.3
+
+| quarkus-resteasy-reactive-jackson
+
+| https://quarkus.io/guides/rest-json[Link]
+|
+| 3.9.3
+
+| quarkus-smallrye-health
+
+| https://quarkus.io/guides/smallrye-health[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link]
+| 3.9.3
+
+| quarkus-openapi-generator
+
+| https://docs.quarkiverse.io/quarkus-openapi-generator/dev/index.html[Link]
+| https://github.com/quarkiverse/quarkus-openapi-generator/blob/2.4.1/docs/modules/ROOT/pages/includes/quarkus-openapi-generator.adoc[Link]
+| 2.4.1
+
+| quarkus-rest-client-reactive-jackson
+
+| https://quarkus.io/guides/rest-client[Link]
+|
+| 3.9.3
+
+| tkit-quarkus-log-cdi
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
+| 2.21.0
+
+| tkit-quarkus-log-rs
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
+| 2.21.0
+
+| tkit-quarkus-log-json
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
+| 2.21.0
+
+| tkit-quarkus-rest
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
+| 2.21.0
+
+| tkit-quarkus-rest-context
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest-context.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
+| 2.21.0
+
+| tkit-quarkus-security
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.21.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link]
+| 2.21.0
+
+| quarkus-hibernate-validator
+
+| https://quarkus.io/guides/validation[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-validator.adoc[Link]
+| 3.9.3
+
+| onecx-permissions
+
+| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-permissions.html[Link]
+| https://github.com/onecx/onecx-quarkus/blob/0.16.0/docs/modules/onecx-quarkus/pages/includes/onecx-permissions.adoc[Link]
+| 0.16.0
+
+| quarkus-oidc
+
+| https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc.adoc[Link]
+| 3.9.3
+
+| quarkus-oidc-client-reactive-filter
+
+| https://quarkus.io/guides/security-openid-connect-client-reference[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc-client-reactive-filter.adoc[Link]
+| 3.9.3
+
+| onecx-core
+
+| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link]
+|
+| 0.16.0
+
+| quarkus-arc
+
+| https://quarkus.io/guides/cdi-reference[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link]
+| 3.9.3
+
+| quarkus-container-image-docker
+
+| https://quarkus.io/guides/container-image[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link]
+| 3.9.3
+
+
+
+|===
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 4553fec..311bf99 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
org.tkit.onecx
onecx-quarkus3-parent
- 0.38.0
+ 0.46.0
onecx-permission-bff
diff --git a/src/main/java/org/tkit/onecx/permission/bff/rs/controllers/WorkspaceRestController.java b/src/main/java/org/tkit/onecx/permission/bff/rs/controllers/WorkspaceRestController.java
index 3f6c783..4787b55 100644
--- a/src/main/java/org/tkit/onecx/permission/bff/rs/controllers/WorkspaceRestController.java
+++ b/src/main/java/org/tkit/onecx/permission/bff/rs/controllers/WorkspaceRestController.java
@@ -6,10 +6,10 @@
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.transaction.Transactional;
-import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import org.eclipse.microprofile.rest.client.inject.RestClient;
+import org.jboss.resteasy.reactive.ClientWebApplicationException;
import org.jboss.resteasy.reactive.server.ServerExceptionMapper;
import org.tkit.onecx.permission.bff.rs.mappers.ExceptionMapper;
import org.tkit.onecx.permission.bff.rs.mappers.WorkspaceMapper;
@@ -93,7 +93,7 @@ public Response getDetailsByWorkspaceName(String workspaceName) {
}
@ServerExceptionMapper
- public Response restException(WebApplicationException ex) {
- return Response.status(ex.getResponse().getStatus()).build();
+ public Response clientRestException(ClientWebApplicationException ex) {
+ return exceptionMapper.clientException(ex);
}
}
diff --git a/src/main/java/org/tkit/onecx/permission/bff/rs/mappers/ExceptionMapper.java b/src/main/java/org/tkit/onecx/permission/bff/rs/mappers/ExceptionMapper.java
index 4e53583..c7f7b5c 100644
--- a/src/main/java/org/tkit/onecx/permission/bff/rs/mappers/ExceptionMapper.java
+++ b/src/main/java/org/tkit/onecx/permission/bff/rs/mappers/ExceptionMapper.java
@@ -9,6 +9,7 @@
import jakarta.validation.Path;
import jakarta.ws.rs.core.Response;
+import org.jboss.resteasy.reactive.ClientWebApplicationException;
import org.jboss.resteasy.reactive.RestResponse;
import org.mapstruct.Mapper;
import org.mapstruct.Mapping;
@@ -57,4 +58,12 @@ List createErrorValidationResponse(
default String mapPath(Path path) {
return path.toString();
}
+
+ default Response clientException(ClientWebApplicationException ex) {
+ if (ex.getResponse().getStatus() == 500) {
+ return Response.status(400).build();
+ } else {
+ return Response.status(ex.getResponse().getStatus()).build();
+ }
+ }
}
diff --git a/src/test/java/org/tkit/onecx/permission/rs/WorkspaceRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/WorkspaceRestControllerTest.java
index 484707f..0b600e9 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/WorkspaceRestControllerTest.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/WorkspaceRestControllerTest.java
@@ -82,6 +82,34 @@ void searchWorkspacesTest() {
Assertions.assertEquals(2, output.getStream().size());
}
+ @Test
+ void searchWorkspaces_Internal_Server_Error_Test() {
+ WorkspaceSearchCriteria criteria = new WorkspaceSearchCriteria();
+ criteria.setPageNumber(0);
+ criteria.setPageSize(100);
+
+ // create mock rest endpoint
+ mockServerClient
+ .when(request().withPath("/v1/workspaces/search").withMethod(HttpMethod.POST)
+ .withBody(JsonBody.json(criteria))
+ .withContentType(MediaType.APPLICATION_JSON))
+ .withId(MOCKID)
+ .respond(httpRequest -> response().withStatusCode(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()));
+ var input = new WorkspaceSearchCriteriaDTO();
+ input.setPageSize(100);
+ input.setPageNumber(0);
+
+ given()
+ .when()
+ .auth().oauth2(keycloakClient.getAccessToken(ADMIN))
+ .header(APM_HEADER_PARAM, ADMIN)
+ .contentType(APPLICATION_JSON)
+ .body(input)
+ .post("/search")
+ .then()
+ .statusCode(Response.Status.BAD_REQUEST.getStatusCode());
+ }
+
@Test
void getAllProductsByWorkspaceNameTest() {
String workspaceName = "workspace1";