From e05936b9cd13100db322e69881276ee0985caa3b Mon Sep 17 00:00:00 2001 From: Haby-Phael Mouko <130637379+phaelcg@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:38:30 +0200 Subject: [PATCH] =?UTF-8?q?Spsh=20543:=20Client=20f=C3=BCr=20Swagger=20mit?= =?UTF-8?q?=20l=C3=A4ngeren=20Timeouts=20(#572)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * SPSH-543: Added a test client into the KC Config * SPSH-543: Configured swagger to use the test client-id for KC in the dev environment, and updated some unit-tests * SPSH-543: Fixed the unit tests for health-controller * SPSH-543: Set the DEPLOY_STAGE value for local & dev environments & PR Review --- .../dbildungs-iam-server/config/config.json | 3 +- .../templates/configmap.yaml | 2 +- charts/dbildungs-iam-server/values.yaml | 2 +- config/config.json | 3 +- config/dev-realm-spsh.json | 112 +++++++++++++++++- src/modules/health/health.controller.spec.ts | 1 + .../keycloak-instance-config.ts | 2 + src/server/main.ts | 5 +- src/shared/config/config.loader.spec.ts | 3 + src/shared/config/keycloak.config.ts | 4 + test/config.test.json | 3 +- test/utils/keycloak-config-test.module.ts | 1 + 12 files changed, 133 insertions(+), 8 deletions(-) diff --git a/charts/dbildungs-iam-server/config/config.json b/charts/dbildungs-iam-server/config/config.json index 899e19b98..1eee0c494 100644 --- a/charts/dbildungs-iam-server/config/config.json +++ b/charts/dbildungs-iam-server/config/config.json @@ -19,7 +19,8 @@ "ADMIN_REALM_NAME": "SPSH", "REALM_NAME": "SPSH", "ADMIN_CLIENT_ID": "spsh-admin", - "CLIENT_ID": "spsh" + "CLIENT_ID": "spsh", + "TEST_CLIENT_ID": "spsh-test" }, "REDIS": { "HOST": "dbildungs-iam-server-redis", diff --git a/charts/dbildungs-iam-server/templates/configmap.yaml b/charts/dbildungs-iam-server/templates/configmap.yaml index 83b9bc354..6b8d8ac73 100644 --- a/charts/dbildungs-iam-server/templates/configmap.yaml +++ b/charts/dbildungs-iam-server/templates/configmap.yaml @@ -8,7 +8,7 @@ metadata: data: config-json: |- {{ .Files.Get "config/config.json" | nindent 4 }} - NODE_ENV: {{ .Values.environment | quote }} + NODE_ENV: "prod" DEPLOY_STAGE: {{ .Values.environment | quote }} DB_NAME: {{ .Values.database.name | quote }} KC_BASE_URL: "https://{{ .Values.keycloakHostname }}" diff --git a/charts/dbildungs-iam-server/values.yaml b/charts/dbildungs-iam-server/values.yaml index 9945b0cef..abc066a37 100644 --- a/charts/dbildungs-iam-server/values.yaml +++ b/charts/dbildungs-iam-server/values.yaml @@ -18,7 +18,7 @@ containerSecurityContext: type: "RuntimeDefault" restartPolicy: Always -environment: prod +environment: dev database: name: "dbildungs_iam_server" diff --git a/config/config.json b/config/config.json index d5a9447cb..ba36ea585 100644 --- a/config/config.json +++ b/config/config.json @@ -26,7 +26,8 @@ "REALM_NAME": "SPSH", "CLIENT_ID": "spsh", "CLIENT_SECRET": "YDp6fYkbUcj4ZkyAOnbAHGQ9O72htc5M", - "ADMIN_SECRET": "44abDqJk2qgwRbpGfO0VZx7DpXeFsm7R" + "ADMIN_SECRET": "44abDqJk2qgwRbpGfO0VZx7DpXeFsm7R", + "TEST_CLIENT_ID": "spsh-test" }, "REDIS": { "HOST": "localhost", diff --git a/config/dev-realm-spsh.json b/config/dev-realm-spsh.json index d9b8fc8d5..8796bee05 100644 --- a/config/dev-realm-spsh.json +++ b/config/dev-realm-spsh.json @@ -320,6 +320,7 @@ "admin-cli": [], "spsh-admin": [], "account-console": [], + "spsh-test": [], "broker": [ { "id": "e3b83cee-0556-4164-b94b-723f60f85a8c", @@ -1005,7 +1006,116 @@ "offline_access", "microprofile-jwt" ] - } + }, + { + "id": "4767cf23-bccc-4c71-b130-3d5a2aca2d08", + "clientId": "spsh-test", + "name": "Schulportal SH Test", + "description": "", + "rootUrl": "https://localhost:8099", + "adminUrl": "", + "baseUrl": "https://localhost:8099/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "YDp6fYkbUcj4ZkyAOnbAHGQ9O72htc5M", + "redirectUris": [ + "https://127.0.0.1:8099/*", + "http://127.0.0.1:9090/*", + "http://localhost:9090/*", + "/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "access.token.lifespan": "7200", + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1696586327", + "backchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "acr.loa.map": "{\"silver\":\"10\",\"gold\":\"20\"}", + "default.acr.values": "0" + }, + "authenticationFlowBindingOverrides": { + "browser": "2e19a392-6bf3-4ea4-a599-ac39bcdfd827" + }, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "435d1bfd-af68-4c12-ae0a-5f1d921ab30f", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "c5e3b59b-a130-4942-83ce-cd65f1c4e1b0", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "b62e15e5-8399-4cea-9be8-dd783eda45dc", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } ], "clientScopes": [ { diff --git a/src/modules/health/health.controller.spec.ts b/src/modules/health/health.controller.spec.ts index 7a3efb5a0..5cff16934 100644 --- a/src/modules/health/health.controller.spec.ts +++ b/src/modules/health/health.controller.spec.ts @@ -29,6 +29,7 @@ describe('HealthController', () => { REALM_NAME: '', CLIENT_ID: '', CLIENT_SECRET: '', + TEST_CLIENT_ID: '', }; let redisHealthIndicator: RedisHealthIndicator; let configService: DeepMocked; diff --git a/src/modules/keycloak-administration/keycloak-instance-config.ts b/src/modules/keycloak-administration/keycloak-instance-config.ts index af7cd2a3b..4460cacc7 100644 --- a/src/modules/keycloak-administration/keycloak-instance-config.ts +++ b/src/modules/keycloak-administration/keycloak-instance-config.ts @@ -12,6 +12,7 @@ export class KeycloakInstanceConfig implements KeycloakConfig { public REALM_NAME: string, public CLIENT_ID: string, public CLIENT_SECRET: string, + public TEST_CLIENT_ID: string, ) {} public static fromConfigService(): Provider { @@ -28,6 +29,7 @@ export class KeycloakInstanceConfig implements KeycloakConfig { keycloakConfig.REALM_NAME, keycloakConfig.CLIENT_ID, keycloakConfig.CLIENT_SECRET, + keycloakConfig.TEST_CLIENT_ID, ); }, inject: [ConfigService], diff --git a/src/server/main.ts b/src/server/main.ts index 9b6dbb32b..07ca1a5a5 100644 --- a/src/server/main.ts +++ b/src/server/main.ts @@ -51,12 +51,13 @@ async function bootstrap(): Promise { } else { redirectUrl = `http://localhost:${port}/docs/oauth2-redirect.html`; } - + console.log('Envi: ' + process.env['DEPLOY_STAGE']); SwaggerModule.setup('docs', app, SwaggerModule.createDocument(app, swagger), { swaggerOptions: { persistAuthorization: false, initOAuth: { - clientId: keycloakConfig.CLIENT_ID, + clientId: + process.env['DEPLOY_STAGE'] === 'dev' ? keycloakConfig.TEST_CLIENT_ID : keycloakConfig.CLIENT_ID, clientSecret: keycloakConfig.CLIENT_SECRET, realm: keycloakConfig.REALM_NAME, usePkceWithAuthorizationCodeGrant: true, diff --git a/src/shared/config/config.loader.spec.ts b/src/shared/config/config.loader.spec.ts index d4f548350..3ef951578 100644 --- a/src/shared/config/config.loader.spec.ts +++ b/src/shared/config/config.loader.spec.ts @@ -36,6 +36,7 @@ describe('configloader', () => { ADMIN_REALM_NAME: 'master', REALM_NAME: 'schulportal', CLIENT_ID: 'schulportal', + TEST_CLIENT_ID: 'schulportal-test', }, REDIS: { HOST: 'localhost', @@ -117,6 +118,7 @@ describe('configloader', () => { CLIENT_ID: 'schulportal', ADMIN_SECRET: 'geheimer Admin', CLIENT_SECRET: 'geheimer client', + TEST_CLIENT_ID: 'schulportal-test', }, REDIS: { HOST: 'localhost', @@ -178,6 +180,7 @@ describe('configloader', () => { ADMIN_REALM_NAME: '', REALM_NAME: '', CLIENT_ID: '', + TEST_CLIENT_ID: '', }, }; diff --git a/src/shared/config/keycloak.config.ts b/src/shared/config/keycloak.config.ts index 63c08e7b0..206f015ed 100644 --- a/src/shared/config/keycloak.config.ts +++ b/src/shared/config/keycloak.config.ts @@ -28,4 +28,8 @@ export class KeycloakConfig { @IsString() @IsNotEmpty() public readonly CLIENT_SECRET!: string; + + @IsString() + @IsNotEmpty() + public readonly TEST_CLIENT_ID!: string; } diff --git a/test/config.test.json b/test/config.test.json index 9ab345e65..d4e099cac 100644 --- a/test/config.test.json +++ b/test/config.test.json @@ -24,7 +24,8 @@ "REALM_NAME": "SPSH", "CLIENT_ID": "spsh", "ADMIN_SECRET": "44abDqJk2qgwRbpGfO0VZx7DpXeFsm7R", - "CLIENT_SECRET": "YDp6fYkbUcj4ZkyAOnbAHGQ9O72htc5M" + "CLIENT_SECRET": "YDp6fYkbUcj4ZkyAOnbAHGQ9O72htc5M", + "TEST_CLIENT_ID": "spsh-test" }, "REDIS": { "HOST": "localhost", diff --git a/test/utils/keycloak-config-test.module.ts b/test/utils/keycloak-config-test.module.ts index 87d0e9c76..87ef69129 100644 --- a/test/utils/keycloak-config-test.module.ts +++ b/test/utils/keycloak-config-test.module.ts @@ -46,6 +46,7 @@ export class KeycloakConfigTestModule implements OnModuleDestroy { keycloakConfig.REALM_NAME, keycloakConfig.CLIENT_ID, keycloakConfig.CLIENT_SECRET, + keycloakConfig.TEST_CLIENT_ID, ); }, inject: [ConfigService],