From 5fdce825a859c5b9c4fea3bcf820e2fa8135b238 Mon Sep 17 00:00:00 2001
From: JordenReuter <149687553+JordenReuter@users.noreply.github.com>
Date: Thu, 20 Jun 2024 12:20:28 +0200
Subject: [PATCH] feat: activated client security (#49)

---
 .../pages/onecx-permission-bff-docs.adoc               |  9 ++++++++-
 src/main/helm/values.yaml                              |  3 +++
 src/main/resources/application.properties              | 10 ++++++++--
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-docs.adoc b/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-docs.adoc
index 98bc296..aed09e0 100644
--- a/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-docs.adoc
+++ b/docs/modules/onecx-permission-bff/pages/onecx-permission-bff-docs.adoc
@@ -18,7 +18,6 @@ org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
 %prod.quarkus.rest-client.onecx_workspace_svc.url=http://onecx-workspace-svc:8080
 %prod.quarkus.rest-client.onecx_product_store_svc.url=http://onecx-product-store-svc:8080
 %prod.quarkus.rest-client.onecx_iam_svc.url=http://onecx-iam-kc-svc:8080
-%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
 quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
 quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.config-key=onecx_permission_svc
 quarkus.openapi-generator.codegen.spec.onecx_permission_svc_yaml.base-package=gen.org.tkit.onecx.permission.client
@@ -41,6 +40,11 @@ quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.return-response=tru
 quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
 quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.model-name-suffix=IamV1
 quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+%prod.quarkus.rest-client.onecx_permission_svc_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_workspace_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_product_store_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_iam_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
 ----
 ====
 
@@ -92,6 +96,9 @@ app:
             read: permission on all GET requests and POST search
             write: permission on PUT, POST, PATCH requests, where objects are saved or updated
             delete: permission on all DELETE requests
+    keycloak:
+      client:
+        enabled: true
 
 ----
 
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index 6e18689..3736a87 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -28,3 +28,6 @@ app:
             read: permission on all GET requests and POST search
             write: permission on PUT, POST, PATCH requests, where objects are saved or updated
             delete: permission on all DELETE requests
+    keycloak:
+      client:
+        enabled: true
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index d88abda..8664a9b 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -15,8 +15,6 @@ org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
 %prod.quarkus.rest-client.onecx_product_store_svc.url=http://onecx-product-store-svc:8080
 %prod.quarkus.rest-client.onecx_iam_svc.url=http://onecx-iam-kc-svc:8080
 
-%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
-
 # DEV
 %dev.quarkus.rest-client.onecx_workspace_svc.url=${quarkus.mockserver.endpoint}
 %dev.quarkus.rest-client.onecx_permission_svc.url=${quarkus.mockserver.endpoint}
@@ -59,6 +57,14 @@ quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-api-type
 quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.model-name-suffix=IamV1
 quarkus.openapi-generator.codegen.spec.onecx_iam_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
 
+# OIDC
+%prod.quarkus.rest-client.onecx_permission_svc_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_workspace_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_product_store_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_iam_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
+
+
 # INTEGRATION TEST
 quarkus.test.integration-test-profile=test