feat: activated client security (#49)

docs/modules/onecx-permission-bff/pages/onecx-permission-bff-docs.adoc

@@ -18,7 +18,6 @@ org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
 %prod.quarkus.rest-client.onecx_workspace_svc.url=http://onecx-workspace-svc:8080
 %prod.quarkus.rest-client.onecx_product_store_svc.url=http://onecx-product-store-svc:8080
 %prod.quarkus.rest-client.onecx_iam_svc.url=http://onecx-iam-kc-svc:8080
-%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
 quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
 quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.config-key=onecx_permission_svc
 quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.base-package=gen.org.tkit.onecx.permission.client
@@ -41,6 +40,11 @@ quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.return-response=tru
 quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
 quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.model-name-suffix=IamV1
 quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+%prod.quarkus.rest-client.onecx_permission_svc_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_workspace_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_product_store_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_iam_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
 ----
 ====
 
@@ -92,6 +96,9 @@ app:
             read: permission on all GET requests and POST search
             write: permission on PUT, POST, PATCH requests, where objects are saved or updated
             delete: permission on all DELETE requests
+    keycloak:
+      client:
+        enabled: true
 
 ----
 

src/main/helm/values.yaml

@@ -28,3 +28,6 @@ app:
             read: permission on all GET requests and POST search
             write: permission on PUT, POST, PATCH requests, where objects are saved or updated
             delete: permission on all DELETE requests
+    keycloak:
+      client:
+        enabled: true

src/main/resources/application.properties

@@ -15,8 +15,6 @@ org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
 %prod.quarkus.rest-client.onecx_product_store_svc.url=http://onecx-product-store-svc:8080
 %prod.quarkus.rest-client.onecx_iam_svc.url=http://onecx-iam-kc-svc:8080
 
-%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
-
 # DEV
 %dev.quarkus.rest-client.onecx_workspace_svc.url=${quarkus.mockserver.endpoint}
 %dev.quarkus.rest-client.onecx_permission_svc.url=${quarkus.mockserver.endpoint}
@@ -59,6 +57,14 @@ quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-api-type
 quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.model-name-suffix=IamV1
 quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
 
+# OIDC
+%prod.quarkus.rest-client.onecx_permission_svc_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_workspace_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_product_store_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_iam_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
+
+
 # INTEGRATION TEST
 quarkus.test.integration-test-profile=test