From edca030e961aa6b540ca14ccb1e3d00b376fcbc9 Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Thu, 2 Nov 2023 12:55:52 +0100 Subject: [PATCH 01/27] feat(impl):[TRI-244] keycloak removal --- .../BETA-xray-cucumber-integration.yaml | 2 +- .github/workflows/irs-load-test.yaml | 6 +++--- .github/workflows/tavern-integration.yml | 6 +++--- .github/workflows/tavern.yml | 6 +++--- .../workflows/xray-cucumber-integration.yaml | 8 ++++---- .../templates/configmap-spring-app-config.yaml | 14 +++++++------- charts/irs-helm/templates/deployment.yaml | 8 ++++---- charts/irs-helm/templates/secrets.yaml | 4 ++-- charts/irs-helm/values.yaml | 10 +++++----- .../src/docs/administration/configuration.adoc | 10 +++++----- .../arc42/cross-cutting/under-the-hood.adoc | 2 +- .../arc42/scope-context/technical-context.adoc | 4 ++-- .../building-block-view/whitebox_overall.puml | 2 +- .../whitebox_overall_decentral.puml | 2 +- .../deployment-view/level-0-dev.puml | 4 ++-- .../deployment-view/level-0-int.puml | 4 ++-- .../deployment-view/level-0-isolated.puml | 8 ++++---- .../irs-overall-decentral-system-view.puml | 6 +++--- .../scope-context/irs-overall-system-view.puml | 4 ++-- .../configuration/OpenApiConfiguration.java | 4 ++-- .../irs/configuration/RestTemplateConfig.java | 6 +++--- .../src/main/resources/application-local.yml | 2 +- irs-api/src/main/resources/application.yml | 18 +++++++++--------- .../irs/cucumber/AuthenticationProperties.java | 8 ++++---- .../irs/cucumber/E2ETestStepDefinitions.java | 12 ++++++------ .../configuration/SmokeTestConfiguration.java | 2 +- .../src/test/resources/application-dev.yml | 6 +++--- .../src/test/resources/application-int.yml | 6 +++--- .../src/test/resources/application-local.yml | 6 +++--- .../src/test/resources/application-prd.yml | 6 +++--- .../src/test/resources/application.yml | 6 +++--- .../tractusx/irs/IRSLoadTestSimulation.java | 8 ++++---- local/testing/IRS_TEMPLATE_environment.json | 2 +- local/testing/api-tests/README.md | 6 +++--- local/testing/api-tests/tavern_helpers.py | 6 +++--- 35 files changed, 107 insertions(+), 107 deletions(-) diff --git a/.github/workflows/BETA-xray-cucumber-integration.yaml b/.github/workflows/BETA-xray-cucumber-integration.yaml index f99f639906..af3e2c22d5 100644 --- a/.github/workflows/BETA-xray-cucumber-integration.yaml +++ b/.github/workflows/BETA-xray-cucumber-integration.yaml @@ -38,7 +38,7 @@ jobs: - name: Build with Maven if: ${{ steps.download.outputs.http_response == '200' }} env: - KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET_BETA }} + OAUTH2_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET_BETA }} run: | unzip -o features.zip -d irs-cucumber-tests/src/test/resources/features mvn --batch-mode clean install -pl irs-cucumber-tests,irs-models -D"cucumber.filter.tags"="not @Ignore and @INTEGRATION_TEST" diff --git a/.github/workflows/irs-load-test.yaml b/.github/workflows/irs-load-test.yaml index e6e931fc80..d69b260b6d 100644 --- a/.github/workflows/irs-load-test.yaml +++ b/.github/workflows/irs-load-test.yaml @@ -39,9 +39,9 @@ jobs: - name: Run Gatling tests env: - KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} - KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }} - KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }} + OAUTH2_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} + OAUTH2_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET }} + OAUTH2_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }} IRS_HOST: ${{ github.event.inputs.irs-host || 'https://irs-full.dev.demo.catena-x.net' }} TEST_CYCLES: ${{ github.event.inputs.test-cycles || '20' }} run: | diff --git a/.github/workflows/tavern-integration.yml b/.github/workflows/tavern-integration.yml index 0e243f3fdc..f51c65a41c 100644 --- a/.github/workflows/tavern-integration.yml +++ b/.github/workflows/tavern-integration.yml @@ -61,9 +61,9 @@ jobs: env: IRS_HOST: ${{ 'https://irs.int.demo.catena-x.net' }} IRS_ESS_HOST: ${{ github.event.inputs.irs-ess-host || 'https://irs-ess.int.demo.catena-x.net' }} - KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} - KEYCLOAK_CLIENT_ID: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_ID_INT }} - KEYCLOAK_CLIENT_SECRET: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_SECRET_INT }} + OAUTH2_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} + OAUTH2_CLIENT_ID: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_ID_INT }} + OAUTH2_CLIENT_SECRET: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_SECRET_INT }} GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }} BPN_AS_PLANNED: ${{ github.event.inputs.bpn-asPlanned || 'BPNL00000003AYRE' }} GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:1b17682e-5e2a-4913-aa1b-7d59a072a3cb' }} diff --git a/.github/workflows/tavern.yml b/.github/workflows/tavern.yml index d75a7a330d..da1e8876d5 100644 --- a/.github/workflows/tavern.yml +++ b/.github/workflows/tavern.yml @@ -63,9 +63,9 @@ jobs: env: IRS_HOST: ${{ 'https://irs.dev.demo.catena-x.net' }} IRS_ESS_HOST: ${{ github.event.inputs.irs-ess-host || 'https://irs-ess.int.demo.catena-x.net' }} - KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} - KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }} - KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET }} + OAUTH2_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} + OAUTH2_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }} + OAUTH2_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET }} GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }} BPN_AS_PLANNED: ${{ github.event.inputs.bpn-asPlanned || 'BPNL00000003AYRE' }} GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:6d505432-8b31-4966-9514-4b753372683f' }} diff --git a/.github/workflows/xray-cucumber-integration.yaml b/.github/workflows/xray-cucumber-integration.yaml index b08b96bf94..b7700a1caf 100644 --- a/.github/workflows/xray-cucumber-integration.yaml +++ b/.github/workflows/xray-cucumber-integration.yaml @@ -3,7 +3,7 @@ name: IRS Cucumber Integration test Xray execution on: workflow_call: # Trigger by another workflow secrets: - keycloakTokenUrl: + oauth2TokenUrl: required: true clientId: required: true @@ -57,9 +57,9 @@ jobs: - name: Build with Maven if: ${{ steps.download.outputs.http_response == '200' }} env: - KEYCLOAK_HOST: ${{ secrets.keycloakTokenUrl }} - KEYCLOAK_CLIENT_ID: ${{ secrets.clientId }} - KEYCLOAK_CLIENT_SECRET: ${{ secrets.clientSecret }} + OAUTH2_HOST: ${{ secrets.oauth2TokenUrl }} + OAUTH2_CLIENT_ID: ${{ secrets.clientId }} + OAUTH2_CLIENT_SECRET: ${{ secrets.clientSecret }} ISSUE_FILTER: ${{ inputs.executionFilter }} run: | unzip -o features.zip -d irs-cucumber-tests/src/test/resources/features diff --git a/charts/irs-helm/templates/configmap-spring-app-config.yaml b/charts/irs-helm/templates/configmap-spring-app-config.yaml index 362eb12cec..0ade09ec32 100644 --- a/charts/irs-helm/templates/configmap-spring-app-config.yaml +++ b/charts/irs-helm/templates/configmap-spring-app-config.yaml @@ -51,20 +51,20 @@ data: oauth2: client: registration: - keycloak: - client-id: "${KEYCLOAK_OAUTH2_CLIENT_ID}" # taken from secret ENV - client-secret: "${KEYCLOAK_OAUTH2_CLIENT_SECRET}" # taken from secret ENV + common: + client-id: "${COMMON_OAUTH2_CLIENT_ID}" # taken from secret ENV + client-secret: "${COMMON_OAUTH2_CLIENT_SECRET}" # taken from secret ENV portal: client-id: ${PORTAL_OAUTH2_CLIENT_ID} # taken from secret ENV client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # taken from secret ENV provider: - keycloak: - token-uri: {{ tpl (.Values.keycloak.oauth2.clientTokenUri | default "http://localhost") . | quote }} + common: + token-uri: {{ tpl (.Values.common.oauth2.clientTokenUri | default "http://localhost") . | quote }} portal: - token-uri: {{ tpl (.Values.keycloak.oauth2.clientTokenUri | default "http://localhost") . | quote }} + token-uri: {{ tpl (.Values.common.oauth2.clientTokenUri | default "http://localhost") . | quote }} resourceserver: jwt: - jwk-set-uri: {{ tpl (.Values.keycloak.oauth2.jwkSetUri | default "http://localhost") . | quote }} + jwk-set-uri: {{ tpl (.Values.common.oauth2.jwkSetUri | default "http://localhost") . | quote }} digitalTwinRegistry: descriptorEndpoint: {{ tpl (.Values.digitalTwinRegistry.descriptorEndpoint | default "") . | quote }} diff --git a/charts/irs-helm/templates/deployment.yaml b/charts/irs-helm/templates/deployment.yaml index 65406a45f0..fde671d1ee 100644 --- a/charts/irs-helm/templates/deployment.yaml +++ b/charts/irs-helm/templates/deployment.yaml @@ -81,16 +81,16 @@ spec: secretKeyRef: name: {{ template "irs.secretName" . }} key: minioPassword - - name: KEYCLOAK_OAUTH2_CLIENT_ID + - name: COMMON_OAUTH2_CLIENT_ID valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: keycloakClientId - - name: KEYCLOAK_OAUTH2_CLIENT_SECRET + key: commonClientId + - name: COMMON_OAUTH2_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: keycloakClientSecret + key: commonClientSecret - name: PORTAL_OAUTH2_CLIENT_ID valueFrom: secretKeyRef: diff --git a/charts/irs-helm/templates/secrets.yaml b/charts/irs-helm/templates/secrets.yaml index 599e17c129..7eb2d8239a 100644 --- a/charts/irs-helm/templates/secrets.yaml +++ b/charts/irs-helm/templates/secrets.yaml @@ -35,8 +35,8 @@ type: Opaque data: minioUser: {{ .Values.minioUser | default "minio" | b64enc | quote }} minioPassword: {{ .Values.minioPassword | default "minioPass" | b64enc | quote }} - keycloakClientId: {{ .Values.keycloak.oauth2.clientId | default "keycloakClientId" | b64enc | quote }} - keycloakClientSecret: {{ .Values.keycloak.oauth2.clientSecret | default "keycloakClientSecret" | b64enc | quote }} + commonClientId: {{ .Values.common.oauth2.clientId | default "commonClientId" | b64enc | quote }} + commonClientSecret: {{ .Values.common.oauth2.clientSecret | default "commonClientSecret" | b64enc | quote }} portalClientId: {{ .Values.portal.oauth2.clientId | default "portalClientId" | b64enc | quote }} portalClientSecret: {{ .Values.portal.oauth2.clientSecret | default "portalClientSecret" | b64enc | quote }} edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | toString | default "" | b64enc | quote }} diff --git a/charts/irs-helm/values.yaml b/charts/irs-helm/values.yaml index 4e94ddfc84..5ac11c1679 100644 --- a/charts/irs-helm/values.yaml +++ b/charts/irs-helm/values.yaml @@ -142,12 +142,12 @@ bpdm: minioUser: "minio" # minioPassword: # minioUrl: "http://{{ .Release.Name }}-minio:9000" -keycloak: +common: oauth2: - clientId: # - clientSecret: # - clientTokenUri: # - jwkSetUri: # + clientId: # + clientSecret: # + clientTokenUri: # + jwkSetUri: # portal: oauth2: clientId: # diff --git a/docs/src/docs/administration/configuration.adoc b/docs/src/docs/administration/configuration.adoc index 2e7a8d7adf..756509f9c5 100644 --- a/docs/src/docs/administration/configuration.adoc +++ b/docs/src/docs/administration/configuration.adoc @@ -6,7 +6,7 @@ Take the following template and adjust the configuration parameters ( mark the relevant spots). You can define the URLs as well as most of the secrets yourself. -The Keycloak, MIW and Vault configuration / secrets depend on your setup and might need to be provided externally. +The OAuth2, MIW and Vault configuration / secrets depend on your setup and might need to be provided externally. include::irs-spring-config.adoc[leveloffset=+1] @@ -61,11 +61,11 @@ The URL of the SemanticsHub. The IRS uses this service to fetch aspect schemas f ==== The URL of the BPDM service. The IRS uses this service to fetch business partner information based on BPNs. -==== -The URL of the Keycloak token API. Used by the IRS for token creation to authenticate with other services. +==== +The URL of the OAuth2 token API. Used by the IRS for token creation to authenticate with other services. -==== -The URL of the Keycloak JWK Set. Used by the IRS to validate tokens when the IRS API is called. +==== +The URL of the OAuth2 JWK Set. Used by the IRS to validate tokens when the IRS API is called. ==== The hostname where Grafana will be made available. diff --git a/docs/src/docs/arc42/cross-cutting/under-the-hood.adoc b/docs/src/docs/arc42/cross-cutting/under-the-hood.adoc index 63f3a3034c..b6c560ea99 100644 --- a/docs/src/docs/arc42/cross-cutting/under-the-hood.adoc +++ b/docs/src/docs/arc42/cross-cutting/under-the-hood.adoc @@ -20,7 +20,7 @@ There currently is no transaction management in the IRS. There is no session handling in the IRS, access is solely based on bearer tokens, the API is stateless. == Communication and integration -All interfaces to other systems are using RESTful calls over HTTP(S). Where central authentication is required, a common Keycloak instance is used. +All interfaces to other systems are using RESTful calls over HTTP(S). Where central authentication is required, a common OAuth2 provider is used. For outgoing calls, the Spring RestTemplate mechanism is used and separate RestTemplates are created for the different ways of authentication. diff --git a/docs/src/docs/arc42/scope-context/technical-context.adoc b/docs/src/docs/arc42/scope-context/technical-context.adoc index 0534735f02..c19adcb104 100644 --- a/docs/src/docs/arc42/scope-context/technical-context.adoc +++ b/docs/src/docs/arc42/scope-context/technical-context.adoc @@ -8,9 +8,9 @@ include::../../../uml-diagrams/scope-context/irs-overall-decentral-system-view.p == Component overview === IRS-API -We provide a REST API that can be consumed by any system registered in the Catena-X Keycloak, e.g. the Dismantler Dashboard. The development of such a consumer service is not part of the IRS application. Each system that acts as a client to the Restful application IRS can be used instead, if it supports any REST call of the designed REST endpoints in the REST Controller of the IRS application. For communication, the transport protocol HTTP(S) should be established. +We provide a REST API that can be consumed by any system registered in the Catena-X OAuth2 protocol provider, e.g. the Dismantler Dashboard. The development of such a consumer service is not part of the IRS application. Each system that acts as a client to the Restful application IRS can be used instead, if it supports any REST call of the designed REST endpoints in the REST Controller of the IRS application. For communication, the transport protocol HTTP(S) should be established. -In order to consume the Restful application IRS, the security aspect should be taken in consideration. IRS is a Spring Boot based application and is secured with the OpenID connector provider Keycloak and the OAuth2. This means for the consumers (users) that they need to authenticate themselves in order to be authorized to get access to the IRS. They generate a bearer token that they get from Keycloak and attach it to the HTTP header parameter Authorization. Certainly, both a consumer and the IRS should use the same configured Keycloak Realm. +In order to consume the Restful application IRS, the security aspect should be taken in consideration. IRS is a Spring Boot based application and is secured with the OpenID connector provider with OAuth2 protocol. This means for the consumers (users) that they need to authenticate themselves in order to be authorized to get access to the IRS. They generate a bearer token that they get from OAuth2 provider and attach it to the HTTP header parameter Authorization. === Registry API The IRS acts as a consumer of the component Asset Administration Shell Registry. The IRS contains a Restful client (REST template) that build a REST call to the mentioned Digital Twin Registry API based on its known URL (the AAS registry URL is configured in the IRS Restful API). The request contains the given "globalAssetId" by the consumer. Like described in the above section, the security aspect is required in order to achieve a REST call against the AAS Registry. As a response, the IRS gets the corresponding asset administration shell descriptor. The last one contains a list of submodel descriptors which can be filtered by the aspect type entered by the consumer. An aspect type like SingleLevelBomAsBuilt, SerialPart etc. And as mentioned above, the transport protocol HTTP(S) is used for the REST call communication. diff --git a/docs/src/uml-diagrams/building-block-view/whitebox_overall.puml b/docs/src/uml-diagrams/building-block-view/whitebox_overall.puml index 4e59979595..9789468118 100644 --- a/docs/src/uml-diagrams/building-block-view/whitebox_overall.puml +++ b/docs/src/uml-diagrams/building-block-view/whitebox_overall.puml @@ -13,7 +13,7 @@ component [**IRSApplication**] <> { } component [**CatenaX-Network**] <> { - component [**IAM/KeyCloak**] <> as IAM_IRS + component [**IAM/OAuth2**] <> as IAM_IRS component [**Digital Twin Registry**] <> as DT_REG component [**IAM/DAPS**] <> as IAM_DAPS IAM_IRS --[hidden]> DT_REG diff --git a/docs/src/uml-diagrams/building-block-view/whitebox_overall_decentral.puml b/docs/src/uml-diagrams/building-block-view/whitebox_overall_decentral.puml index 9c60001521..fb52eccddd 100644 --- a/docs/src/uml-diagrams/building-block-view/whitebox_overall_decentral.puml +++ b/docs/src/uml-diagrams/building-block-view/whitebox_overall_decentral.puml @@ -26,7 +26,7 @@ package [**OEM**] <> as consumer { package [**CatenaX-Network**] as network { component [**Managed Identity Wallet**] <> as miw component [**Portal Application**] <> as IAM_IRS - component [**Portal (IAM/IdP/KeyCloak)**] <> as Portal_IdP + component [**Portal (IAM/IdP/OAuth2)**] <> as Portal_IdP component [**EDC Discovery Service**] <> as edc_discovery component [**Discovery Finder**] <> as discovery_finder component [**Semantic Hub**] <> as semantic_hub diff --git a/docs/src/uml-diagrams/deployment-view/level-0-dev.puml b/docs/src/uml-diagrams/deployment-view/level-0-dev.puml index 7f6528a9c9..f3ed29d642 100644 --- a/docs/src/uml-diagrams/deployment-view/level-0-dev.puml +++ b/docs/src/uml-diagrams/deployment-view/level-0-dev.puml @@ -5,7 +5,7 @@ skinparam nodesep 100 skinparam ranksep 20 skinparam defaultFontName "Architects daughter" -cloud Keycloak +cloud OAuth2 node "Kubernetes Cluster" as k8s { @@ -28,6 +28,6 @@ node "Kubernetes Cluster" as k8s { } -IRS --> Keycloak +IRS --> OAuth2 @enduml \ No newline at end of file diff --git a/docs/src/uml-diagrams/deployment-view/level-0-int.puml b/docs/src/uml-diagrams/deployment-view/level-0-int.puml index 6062ac43e7..c00f9879b8 100644 --- a/docs/src/uml-diagrams/deployment-view/level-0-int.puml +++ b/docs/src/uml-diagrams/deployment-view/level-0-int.puml @@ -7,7 +7,7 @@ skinparam defaultFontName "Architects daughter" cloud "Digital Twin Registry" as dtr cloud "EDC Providers" as providers -cloud Keycloak +cloud OAuth2 cloud "HashiCorp Vault" as vault node "IRS Kubernetes Cluster" as k8s { @@ -23,7 +23,7 @@ node "IRS Kubernetes Cluster" as k8s { } -IRS -> Keycloak +IRS -> OAuth2 providers -- dtr consumer -- providers consumer -- vault diff --git a/docs/src/uml-diagrams/deployment-view/level-0-isolated.puml b/docs/src/uml-diagrams/deployment-view/level-0-isolated.puml index a746d88423..370162facd 100644 --- a/docs/src/uml-diagrams/deployment-view/level-0-isolated.puml +++ b/docs/src/uml-diagrams/deployment-view/level-0-isolated.puml @@ -21,7 +21,7 @@ node "Kubernetes Cluster" as k8s { component "Decentral Registry" as dtr } - component Keycloak + component OAuth2 component "Managed IdentityWallet" as MIW component "Discovery Service" as ds @@ -40,9 +40,9 @@ node "Kubernetes Cluster" as k8s { provider -- submodel provider -- dtr - Keycloak ---> ds - Keycloak ---> IRS - Keycloak ---> semHub + OAuth2 ---> ds + OAuth2 ---> IRS + OAuth2 ---> semHub IRS -> semHub IRS -> frontend diff --git a/docs/src/uml-diagrams/scope-context/irs-overall-decentral-system-view.puml b/docs/src/uml-diagrams/scope-context/irs-overall-decentral-system-view.puml index 8348b2990c..c43f98e064 100644 --- a/docs/src/uml-diagrams/scope-context/irs-overall-decentral-system-view.puml +++ b/docs/src/uml-diagrams/scope-context/irs-overall-decentral-system-view.puml @@ -18,7 +18,7 @@ node "Group of Submodel Endpoints" { } node "Central Services" { node "IAM" { - [**Keycloak**] <> as KIAM + [**OAuth2**] <> as OAuth2 } [**Discovery Service**] <> as DS interface "Discovery API" as DAPI @@ -35,10 +35,10 @@ interface "Submodel API" as ISubModelAPI Consumer -( IAPI IAPI - IRS IRS --( DAPI -IRS -- KIAM +IRS -- OAuth2 IRS -( IEDC -DS -- KIAM +DS -- OAuth2 DS - DAPI IEDC - EDC diff --git a/docs/src/uml-diagrams/scope-context/irs-overall-system-view.puml b/docs/src/uml-diagrams/scope-context/irs-overall-system-view.puml index 237acf9dce..9182f02196 100644 --- a/docs/src/uml-diagrams/scope-context/irs-overall-system-view.puml +++ b/docs/src/uml-diagrams/scope-context/irs-overall-system-view.puml @@ -17,7 +17,7 @@ node "Group of Submodel Endpoints" { [**Submodel-Server**] <> as SN } node "IAM" { - [**Keycloak**] <> as KIAM + [**OAuth2**] <> as OAuth2 } actor Consumer @@ -37,5 +37,5 @@ IRS --( IRAPI IRAPI -- AASR IRS --down( IAMAPI AASR --( IAMAPI -KIAM -- IAMAPI +OAuth2 -- IAMAPI @enduml \ No newline at end of file diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java index 14eac06c63..64695989e4 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java @@ -69,12 +69,12 @@ public OpenAPI customOpenAPI() { /** * Generates example values in Swagger * - * @param tokenUri the keycloak token uri loaded from application.yaml + * @param tokenUri the OAuth2 token uri loaded from application.yaml * @return the customizer */ @Bean public OpenApiCustomizer customizer( - @Value("${spring.security.oauth2.client.provider.keycloak.token-uri}") final String tokenUri) { + @Value("${spring.security.oauth2.client.provider.common.token-uri}") final String tokenUri) { return openApi -> { final Components components = openApi.getComponents(); components.addSecuritySchemes("oAuth2", new SecurityScheme().type(SecurityScheme.Type.OAUTH2) diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/RestTemplateConfig.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/RestTemplateConfig.java index 9d5da4650a..6d0aa8dab1 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/RestTemplateConfig.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/RestTemplateConfig.java @@ -68,9 +68,9 @@ @SuppressWarnings("PMD.ExcessiveImports") public class RestTemplateConfig { - public static final String DTR_REST_TEMPLATE = "oAuthRestTemplate"; - public static final String BPDM_REST_TEMPLATE = "oAuthRestTemplate"; - public static final String SEMHUB_REST_TEMPLATE = "oAuthRestTemplate"; + public static final String DTR_REST_TEMPLATE = "dtrRestTemplate"; + public static final String BPDM_REST_TEMPLATE = "bpdmRestTemplate"; + public static final String SEMHUB_REST_TEMPLATE = "semhubRestTemplate"; public static final String NO_ERROR_REST_TEMPLATE = "noErrorRestTemplate"; public static final String DISCOVERY_REST_TEMPLATE = "discoveryRestTemplate"; public static final String EDC_REST_TEMPLATE = "edcClientRestTemplate"; diff --git a/irs-api/src/main/resources/application-local.yml b/irs-api/src/main/resources/application-local.yml index ccef9d1490..edf68dcfce 100644 --- a/irs-api/src/main/resources/application-local.yml +++ b/irs-api/src/main/resources/application-local.yml @@ -30,7 +30,7 @@ spring: jwk-set-uri: https://localhost client: provider: - keycloak: + common: token-uri: https://localhost # ESS Module specific properties diff --git a/irs-api/src/main/resources/application.yml b/irs-api/src/main/resources/application.yml index 476527e7c7..c82e91823b 100644 --- a/irs-api/src/main/resources/application.yml +++ b/irs-api/src/main/resources/application.yml @@ -9,22 +9,22 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM + client-id: ${COMMON_OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM + client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM portal: authorization-grant-type: client_credentials client-id: ${PORTAL_OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM provider: - keycloak: - token-uri: ${KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + common: + token-uri: ${COMMON_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials portal: token-uri: ${PORTAL_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials resourceserver: jwt: - jwk-set-uri: ${KEYCLOAK_OAUTH2_JWK_SET_URI:https://default} # OAuth2 endpoint to request the JWK set + jwk-set-uri: ${COMMON_OAUTH2_JWK_SET_URI:https://default} # OAuth2 endpoint to request the JWK set management: # Spring management API config, see https://spring.io/guides/gs/centralized-configuration/ endpoints: @@ -176,7 +176,7 @@ digitalTwinRegistry: shellLookupEndpoint: ${DIGITALTWINREGISTRY_SHELL_LOOKUP_URL:} # The endpoint to lookup shells from the DTR, must contain the placeholder {assetIds} shellDescriptorTemplate: ${DIGITALTWINREGISTRY_SHELL_DESCRIPTOR_TEMPLATE:/shell-descriptors/{aasIdentifier}} # The path to retrieve AAS descriptors from the decentral DTR, must contain the placeholder {aasIdentifier} lookupShellsTemplate: ${DIGITALTWINREGISTRY_QUERY_SHELLS_PATH:/lookup/shells?assetIds={assetIds}} # The path to lookup shells from the decentral DTR, must contain the placeholder {assetIds} - oAuthClientId: keycloak # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client discoveryFinderUrl: ${DIGITALTWINREGISTRY_DISCOVERY_FINDER_URL:} # The endpoint to discover EDC endpoints to a particular BPN. timeout: read: PT90S # HTTP read timeout for the digital twin registry client @@ -201,7 +201,7 @@ semanticshub: # │ │ │ │ │ │ scheduler: 0 0 23 * * * # How often to clear the semantic model cache defaultUrns: "${SEMANTICSHUB_DEFAULT_URNS:urn:bamm:io.catenax.serial_part:1.0.0#SerialPart}" # IDs of models to cache at IRS startup - oAuthClientId: keycloak # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the semantic hub client connect: PT90S # HTTP connect timeout for the semantic hub client @@ -209,7 +209,7 @@ semanticshub: bpdm: bpnEndpoint: "${BPDM_URL:}" # Endpoint to resolve BPNs, must contain the placeholders {partnerId} and {idType} - oAuthClientId: keycloak # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the bpdm client connect: PT90S # HTTP connect timeout for the bpdm client diff --git a/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/AuthenticationProperties.java b/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/AuthenticationProperties.java index 9696ae5477..585a058012 100644 --- a/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/AuthenticationProperties.java +++ b/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/AuthenticationProperties.java @@ -37,16 +37,16 @@ private final String uri; private final String clientId; private final String clientSecret; - private final String keycloakUrl; + private final String oauth2Url; private final String grantType; private final String tokenPath; /* package */ AuthenticationProperties(final String uri, final String clientId, final String clientSecret, - final String keycloakUrl, final String grantType, final String tokenPath) { + final String oauth2Url, final String grantType, final String tokenPath) { this.uri = uri; this.clientId = clientId; this.clientSecret = clientSecret; - this.keycloakUrl = keycloakUrl; + this.oauth2Url = oauth2Url; this.grantType = grantType; this.tokenPath = tokenPath; } @@ -57,7 +57,7 @@ private String obtainAccessToken() { oauth2Payload.put("client_id", clientId); oauth2Payload.put("client_secret", clientSecret); - return given().params(oauth2Payload).post(keycloakUrl).then().extract().jsonPath().getString(tokenPath); + return given().params(oauth2Payload).post(oauth2Url).then().extract().jsonPath().getString(tokenPath); } /* package */ RequestSpecification getNewAuthenticationRequestSpecification() { diff --git a/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/E2ETestStepDefinitions.java b/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/E2ETestStepDefinitions.java index 78337b47ba..3f6e2597f2 100644 --- a/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/E2ETestStepDefinitions.java +++ b/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/E2ETestStepDefinitions.java @@ -103,18 +103,18 @@ public void theIRSURL(String irsUrl) { @And("the user {string} with authentication") public void theUser(String clientId) throws PropertyNotFoundException { authenticationPropertiesBuilder.clientId(clientId); - final String keycloakClientSecretKey = "KEYCLOAK_CLIENT_SECRET"; - String clientSecret = System.getenv(keycloakClientSecretKey); + final String oauth2UrlClientSecretKey = "OAUTH2_CLIENT_SECRET"; + String clientSecret = System.getenv(oauth2UrlClientSecretKey); if (clientSecret != null) { authenticationPropertiesBuilder.clientSecret(clientSecret); } else { - throw new PropertyNotFoundException("Environment Variable missing: " + keycloakClientSecretKey); + throw new PropertyNotFoundException("Environment Variable missing: " + oauth2UrlClientSecretKey); } } - @And("the keycloak token url {string}") - public void theKeycloakTokenUrl(String tokenUrl) { - authenticationPropertiesBuilder.keycloakUrl(tokenUrl); + @And("the OAuth2 token url {string}") + public void theOAuth2TokenUrl(String tokenUrl) { + authenticationPropertiesBuilder.oauth2Url(tokenUrl); } @Given("I register an IRS job for globalAssetId {string}") diff --git a/irs-integration-tests/src/test/java/org/eclipse/tractusx/irs/configuration/SmokeTestConfiguration.java b/irs-integration-tests/src/test/java/org/eclipse/tractusx/irs/configuration/SmokeTestConfiguration.java index 787348370e..4e4dfbc67f 100644 --- a/irs-integration-tests/src/test/java/org/eclipse/tractusx/irs/configuration/SmokeTestConfiguration.java +++ b/irs-integration-tests/src/test/java/org/eclipse/tractusx/irs/configuration/SmokeTestConfiguration.java @@ -39,7 +39,7 @@ public SmokeTestConnectionProperties connection() { } @Bean - @ConfigurationProperties(prefix = "spring.security.oauth2.client.registration.keycloak") + @ConfigurationProperties(prefix = "spring.security.oauth2.client.registration.common") public SmokeTestCredentialsProperties credentials() { return new SmokeTestCredentialsProperties(); } diff --git a/irs-integration-tests/src/test/resources/application-dev.yml b/irs-integration-tests/src/test/resources/application-dev.yml index a86399429a..5576ffe596 100644 --- a/irs-integration-tests/src/test/resources/application-dev.yml +++ b/irs-integration-tests/src/test/resources/application-dev.yml @@ -5,10 +5,10 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} + client-id: ${COMMON_OAUTH2_CLIENT_ID} + client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} config: activate: on-profile: dev diff --git a/irs-integration-tests/src/test/resources/application-int.yml b/irs-integration-tests/src/test/resources/application-int.yml index f9e69c315c..bfdcdca8d9 100644 --- a/irs-integration-tests/src/test/resources/application-int.yml +++ b/irs-integration-tests/src/test/resources/application-int.yml @@ -5,10 +5,10 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} + client-id: ${COMMON_OAUTH2_CLIENT_ID} + client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} config: activate: on-profile: int diff --git a/irs-integration-tests/src/test/resources/application-local.yml b/irs-integration-tests/src/test/resources/application-local.yml index 92e8f0273b..e7d2865b9f 100644 --- a/irs-integration-tests/src/test/resources/application-local.yml +++ b/irs-integration-tests/src/test/resources/application-local.yml @@ -5,10 +5,10 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} + client-id: ${COMMON_OAUTH2_CLIENT_ID} + client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} config: activate: on-profile: local diff --git a/irs-integration-tests/src/test/resources/application-prd.yml b/irs-integration-tests/src/test/resources/application-prd.yml index 451d50d1b4..83139b6bf8 100644 --- a/irs-integration-tests/src/test/resources/application-prd.yml +++ b/irs-integration-tests/src/test/resources/application-prd.yml @@ -5,10 +5,10 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} + client-id: ${COMMON_OAUTH2_CLIENT_ID} + client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} config: activate: on-profile: prd diff --git a/irs-integration-tests/src/test/resources/application.yml b/irs-integration-tests/src/test/resources/application.yml index a15afb8eb9..fbb5aaa44e 100644 --- a/irs-integration-tests/src/test/resources/application.yml +++ b/irs-integration-tests/src/test/resources/application.yml @@ -8,9 +8,9 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} + client-id: ${COMMON_OAUTH2_CLIENT_ID} + client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} profiles: active: ${SPRING_PROFILES_ACTIVE:dev} diff --git a/irs-load-tests/src/test/java/org/eclipse/tractusx/irs/IRSLoadTestSimulation.java b/irs-load-tests/src/test/java/org/eclipse/tractusx/irs/IRSLoadTestSimulation.java index 35edaab1ea..c31b6d4faa 100644 --- a/irs-load-tests/src/test/java/org/eclipse/tractusx/irs/IRSLoadTestSimulation.java +++ b/irs-load-tests/src/test/java/org/eclipse/tractusx/irs/IRSLoadTestSimulation.java @@ -17,9 +17,9 @@ public class IRSLoadTestSimulation extends Simulation { { - final String keycloak_host = System.getenv("KEYCLOAK_HOST"); - final String clientSecret = System.getenv("KEYCLOAK_CLIENT_SECRET"); - final String clientId = System.getenv("KEYCLOAK_CLIENT_ID"); + final String oauth2_host = System.getenv("OAUTH2_HOST"); + final String clientSecret = System.getenv("OAUTH2_CLIENT_SECRET"); + final String clientId = System.getenv("OAUTH2_CLIENT_ID"); String body = "grant_type=client_credentials&client_id=" + clientId + "&client_secret=" + clientSecret; final String irsUrl = System.getenv("IRS_HOST"); final int testCycles = Integer.parseInt(System.getenv("TEST_CYCLES")); @@ -36,7 +36,7 @@ public class IRSLoadTestSimulation extends Simulation { ScenarioBuilder scn = scenario("IRS Load Test") .exec(http("Get access token") - .post(keycloak_host) + .post(oauth2_host) .body(StringBody(body)) .asFormUrlEncoded() .headers(headers_0) diff --git a/local/testing/IRS_TEMPLATE_environment.json b/local/testing/IRS_TEMPLATE_environment.json index 89804e4d79..70a5ba5206 100644 --- a/local/testing/IRS_TEMPLATE_environment.json +++ b/local/testing/IRS_TEMPLATE_environment.json @@ -1,6 +1,6 @@ { "IRS_HOST": "http://localhost:8080", - "KEYCLOAK_TOKEN_URL": "", + "OAUTH2_TOKEN_URL": "", "CLIENT_ID": "", "CLIENT_SECRET": "", "DIGITAL_TWIN_REGISTRY": "", diff --git a/local/testing/api-tests/README.md b/local/testing/api-tests/README.md index 66812d7af9..8ea0c966b7 100644 --- a/local/testing/api-tests/README.md +++ b/local/testing/api-tests/README.md @@ -12,9 +12,9 @@ export IRS_HOST="http://localhost:8080" export GLOBAL_ASSET_ID=urn:uuid:a4a2ba57-1c50-48ad-8981-7a0ef032146b # cannot put secrets here, please set it manually -export KEYCLOAK_HOST="" -export KEYCLOAK_CLIENT_ID= -export KEYCLOAK_CLIENT_SECRET= +export OAUTH2_HOST="" +export OAUTH2_CLIENT_ID= +export OAUTH2_CLIENT_SECRET= ``` * Execute command ```console diff --git a/local/testing/api-tests/tavern_helpers.py b/local/testing/api-tests/tavern_helpers.py index f273182c1e..ad08bbfc2a 100644 --- a/local/testing/api-tests/tavern_helpers.py +++ b/local/testing/api-tests/tavern_helpers.py @@ -340,9 +340,9 @@ def job_parameter_are_as_requested(response): def create_bearer_token(): - url = os.getenv('KEYCLOAK_HOST') - client_id = os.getenv('KEYCLOAK_CLIENT_ID') - client_secret = os.getenv('KEYCLOAK_CLIENT_SECRET') + url = os.getenv('OAUTH2_HOST') + client_id = os.getenv('OAUTH2_CLIENT_ID') + client_secret = os.getenv('OAUTH2_CLIENT_SECRET') data = {"grant_type": "client_credentials", "client_id": client_id, "client_secret": client_secret} token = requests.post(url, data).json().get('access_token') From c7c0a7cc9a84d337dd6c0235d2ce0567b3bb9836 Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Mon, 6 Nov 2023 15:43:55 +0100 Subject: [PATCH 02/27] feat(impl):[TRI-244] update --- charts/irs-helm/values.yaml | 4 +- .../docs/administration/configuration.adoc | 12 +- irs-api/src/main/resources/application.yml | 4 +- local/testing/IRS_Request_Collection.json | 134 +++++++++--------- 4 files changed, 77 insertions(+), 77 deletions(-) diff --git a/charts/irs-helm/values.yaml b/charts/irs-helm/values.yaml index 5ac11c1679..8ed26dec53 100644 --- a/charts/irs-helm/values.yaml +++ b/charts/irs-helm/values.yaml @@ -146,8 +146,8 @@ common: oauth2: clientId: # clientSecret: # - clientTokenUri: # - jwkSetUri: # + clientTokenUri: # + jwkSetUri: # portal: oauth2: clientId: # diff --git a/docs/src/docs/administration/configuration.adoc b/docs/src/docs/administration/configuration.adoc index 756509f9c5..41af8b1142 100644 --- a/docs/src/docs/administration/configuration.adoc +++ b/docs/src/docs/administration/configuration.adoc @@ -61,10 +61,10 @@ The URL of the SemanticsHub. The IRS uses this service to fetch aspect schemas f ==== The URL of the BPDM service. The IRS uses this service to fetch business partner information based on BPNs. -==== +==== The URL of the OAuth2 token API. Used by the IRS for token creation to authenticate with other services. -==== +==== The URL of the OAuth2 JWK Set. Used by the IRS to validate tokens when the IRS API is called. ==== @@ -139,11 +139,11 @@ This is a list of all secrets used in the deployment. WARNING: Keep the values for these settings safe and do not publish them! -=== -Client ID for Keycloak. Request this from your Keycloak operator. +=== +Client ID for OAuth2 provider. Request this from your OAuth2 operator. -=== -Client secret for Keycloak. Request this from your Keycloak operator. +=== +Client secret for OAuth2 provider. Request this from your OAuth2 operator. === Login username for Minio. To be defined by you. diff --git a/irs-api/src/main/resources/application.yml b/irs-api/src/main/resources/application.yml index c82e91823b..c83501bf5a 100644 --- a/irs-api/src/main/resources/application.yml +++ b/irs-api/src/main/resources/application.yml @@ -19,12 +19,12 @@ spring: client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM provider: common: - token-uri: ${COMMON_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + token-uri: ${OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials portal: token-uri: ${PORTAL_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials resourceserver: jwt: - jwk-set-uri: ${COMMON_OAUTH2_JWK_SET_URI:https://default} # OAuth2 endpoint to request the JWK set + jwk-set-uri: ${OAUTH2_JWK_SET_URI:https://default} # OAuth2 endpoint to request the JWK set management: # Spring management API config, see https://spring.io/guides/gs/centralized-configuration/ endpoints: diff --git a/local/testing/IRS_Request_Collection.json b/local/testing/IRS_Request_Collection.json index 94d93b2f7c..4720b2e97a 100644 --- a/local/testing/IRS_Request_Collection.json +++ b/local/testing/IRS_Request_Collection.json @@ -19,7 +19,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.ADMIN_ID }}", "clientSecret": "{{ _.ADMIN_SECRET }}" }, @@ -82,7 +82,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.ADMIN_ID }}", "clientSecret": "{{ _.ADMIN_SECRET }}" }, @@ -119,7 +119,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.ADMIN_ID }}", "clientSecret": "{{ _.ADMIN_SECRET }}" }, @@ -156,7 +156,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.ADMIN_ID }}", "clientSecret": "{{ _.ADMIN_SECRET }}" }, @@ -193,7 +193,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "credentialsInBody": false @@ -243,7 +243,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "credentialsInBody": false @@ -323,7 +323,7 @@ "type": "oauth2", "grantType": "client_credentials", "credentialsInBody": false, - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -359,7 +359,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -395,7 +395,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -432,7 +432,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -469,7 +469,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -514,7 +514,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "credentialsInBody": false @@ -552,7 +552,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -601,7 +601,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -638,7 +638,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -675,7 +675,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -712,7 +712,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -749,7 +749,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -786,7 +786,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -823,7 +823,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -860,7 +860,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -897,7 +897,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -934,7 +934,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -971,7 +971,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1008,7 +1008,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1045,7 +1045,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1082,7 +1082,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1119,7 +1119,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1156,7 +1156,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1193,7 +1193,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1230,7 +1230,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1267,7 +1267,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1304,7 +1304,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1341,7 +1341,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1378,7 +1378,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1415,7 +1415,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1455,7 +1455,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1495,7 +1495,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1535,7 +1535,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1569,7 +1569,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1609,7 +1609,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1649,7 +1649,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1683,7 +1683,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1717,7 +1717,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1751,7 +1751,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1785,7 +1785,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1822,7 +1822,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "disabled": false @@ -1872,7 +1872,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "disabled": false @@ -1910,7 +1910,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "disabled": false @@ -1948,7 +1948,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1994,7 +1994,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2048,7 +2048,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2088,7 +2088,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2122,7 +2122,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2156,7 +2156,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2198,7 +2198,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2239,7 +2239,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2268,7 +2268,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2303,7 +2303,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2349,7 +2349,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2398,7 +2398,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2444,7 +2444,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2481,7 +2481,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2530,7 +2530,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2564,7 +2564,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2598,7 +2598,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2632,7 +2632,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, From 718b4c78318aa17d1a549f0b42c2356499bb66ac Mon Sep 17 00:00:00 2001 From: ds-mkanal <100209308+mkanal@users.noreply.github.com> Date: Tue, 7 Nov 2023 15:21:32 +0100 Subject: [PATCH 03/27] Remove Scope from PolicyStoreController.java --- .../irs/policystore/controllers/PolicyStoreController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java index 5f3069a397..f122a6831e 100644 --- a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java +++ b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java @@ -74,7 +74,7 @@ public class PolicyStoreController { @Operation(operationId = "registerAllowedPolicy", summary = "Register a policy that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Register a policy that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "201"), From ef33d325f8685f7b726d195df36d6a91bbec06b0 Mon Sep 17 00:00:00 2001 From: ds-mkanal <100209308+mkanal@users.noreply.github.com> Date: Tue, 7 Nov 2023 15:24:22 +0100 Subject: [PATCH 04/27] Update PolicyStoreController.java --- .../irs/policystore/controllers/PolicyStoreController.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java index f122a6831e..efad6f94d8 100644 --- a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java +++ b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java @@ -106,7 +106,7 @@ public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest @Operation(operationId = "getAllowedPolicies", summary = "Lists the registered policies that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Lists the registered policies that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns the policies.", @@ -135,7 +135,7 @@ public List getPolicies() { @Operation(operationId = "deleteAllowedPolicy", summary = "Removes a policy that should no longer be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Removes a policy that should no longer be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200"), @@ -166,7 +166,7 @@ public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) } @Operation(operationId = "updateAllowedPolicy", summary = "Updates an existing policy with new validUntil value.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Updates an existing policy with new validUntil value.") @ApiResponses(value = { @ApiResponse(responseCode = "200"), From 9370d33c7fa58e62c3717a5f308c2d8a6c509f1b Mon Sep 17 00:00:00 2001 From: mk Date: Wed, 8 Nov 2023 11:27:11 +0100 Subject: [PATCH 05/27] chore(controller):[#] remove scope "profile email" --- .../irs/configuration/OpenApiConfiguration.java | 6 ++---- .../tractusx/irs/controllers/BatchController.java | 10 +++++----- .../tractusx/irs/controllers/IrsController.java | 10 +++++----- .../tractusx/irs/ess/controller/EssController.java | 4 ++-- 4 files changed, 14 insertions(+), 16 deletions(-) diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java index 14eac06c63..a9c227ef9a 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java @@ -59,7 +59,7 @@ public class OpenApiConfiguration { @Bean public OpenAPI customOpenAPI() { return new OpenAPI().addServersItem(new Server().url(irsConfiguration.getApiUrl().toString())) - .addSecurityItem(new SecurityRequirement().addList("oAuth2", "profile email")) + .addSecurityItem(new SecurityRequirement().addList("oAuth2")) .info(new Info().title("IRS API") .version(IrsApplication.API_VERSION) .description( @@ -79,9 +79,7 @@ public OpenApiCustomizer customizer( final Components components = openApi.getComponents(); components.addSecuritySchemes("oAuth2", new SecurityScheme().type(SecurityScheme.Type.OAUTH2) .flows(new OAuthFlows().clientCredentials( - new OAuthFlow().scopes( - new Scopes().addString( - "profile email", "")) + new OAuthFlow() .tokenUrl(tokenUri)))); openApi.getComponents().getSchemas().values().forEach(s -> s.setAdditionalProperties(false)); new OpenApiExamples().createExamples(components); diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java index d1a3ebc20c..f638ac0bcb 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java @@ -84,7 +84,7 @@ public class BatchController { @Operation(operationId = "registerOrder", summary = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.") @@ -124,7 +124,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa @Operation(operationId = "registerESSInvestigationOrder", summary = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }, description = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns orderId of registered Batch order.", @@ -164,7 +164,7 @@ public BatchOrderCreated registerESSInvestigationOrder(final @Valid @RequestBody @Operation(description = "Get a batch order for a given orderId.", operationId = "getBatchOrder", summary = "Get a batch order for a given orderId.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch order for a given orderId.", @@ -210,7 +210,7 @@ public BatchOrderResponse getBatchOrder( @Operation(description = "Get a batch with a given batchId for a given orderId.", operationId = "getBatch", summary = "Get a batch with a given batchId for a given orderId.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch with a given batchId for a given orderId.", @@ -259,7 +259,7 @@ public BatchResponse getBatch( @Operation(description = "Cancel a batch order for a given orderId.", operationId = "cancelBatchOrder", summary = "Cancel a batch order for a given orderId.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Cancel a batch order for a given orderId.", diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java index 129b733c30..4c89914ed7 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java @@ -95,7 +95,7 @@ public class IrsController { @Operation(operationId = "registerJobForGlobalAssetId", summary = "Register an IRS job to retrieve an item graph for given {globalAssetId}.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Register an IRS job to retrieve an item graph for given {globalAssetId}.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", @@ -135,7 +135,7 @@ public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJ @Operation(description = "Return job with optional item graph result for requested id.", operationId = "getJobForJobId", summary = "Return job with optional item graph result for requested id.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", @@ -192,7 +192,7 @@ public Jobs getJobById( @Operation(description = "Cancel job for requested jobId.", operationId = "cancelJobByJobId", summary = "Cancel job for requested jobId.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Job with requested jobId canceled.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -238,7 +238,7 @@ public Job cancelJobByJobId( @Operation(description = "Returns paginated jobs with state and execution times.", operationId = "getJobsByJobStates", summary = "Returns paginated jobs with state and execution times.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Paginated list of jobs with state and execution times for requested job states.", @@ -281,7 +281,7 @@ public PageResult getJobsByState( @Operation(operationId = "getAllAspectModels", summary = "Get all available aspect models from semantic hub or local models.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), tags = { "Aspect Models" }, + security = @SecurityRequirement(name = "oAuth2"), tags = { "Aspect Models" }, description = "Get all available aspect models from semantic hub or local models.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns all available aspect models.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java index 9c33044fb8..2ba3374983 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java @@ -77,7 +77,7 @@ class EssController { @Operation(operationId = "registerBPNInvestigation", summary = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }, description = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", @@ -116,7 +116,7 @@ public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnI @Operation(description = "Return job with additional supplyChainImpacted information.", operationId = "getBPNInvestigation", summary = "Return job with additional supplyChainImpacted information.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", From 9858e700c1be4b9e184b46b70c1b0a870069055b Mon Sep 17 00:00:00 2001 From: mk Date: Wed, 8 Nov 2023 14:05:40 +0100 Subject: [PATCH 06/27] fix(controller):[#] add empty scope --- .../tractusx/irs/configuration/OpenApiConfiguration.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java index a9c227ef9a..1541e01352 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java @@ -79,7 +79,8 @@ public OpenApiCustomizer customizer( final Components components = openApi.getComponents(); components.addSecuritySchemes("oAuth2", new SecurityScheme().type(SecurityScheme.Type.OAUTH2) .flows(new OAuthFlows().clientCredentials( - new OAuthFlow() + new OAuthFlow().scopes( + new Scopes()) .tokenUrl(tokenUri)))); openApi.getComponents().getSchemas().values().forEach(s -> s.setAdditionalProperties(false)); new OpenApiExamples().createExamples(components); From c2e963bff6fc40a95b2f41b1c05ba10248e52c29 Mon Sep 17 00:00:00 2001 From: mk Date: Wed, 8 Nov 2023 14:23:09 +0100 Subject: [PATCH 07/27] fix(api):[#] add array to oAuth2 --- docs/src/api/irs-api.yaml | 52 +++++++++++++-------------------------- 1 file changed, 17 insertions(+), 35 deletions(-) diff --git a/docs/src/api/irs-api.yaml b/docs/src/api/irs-api.yaml index 388c7b345d..83f49e5273 100644 --- a/docs/src/api/irs-api.yaml +++ b/docs/src/api/irs-api.yaml @@ -7,8 +7,7 @@ info: servers: - url: http://localhost:8080 security: - - oAuth2: - - profile email + - oAuth2: [] paths: /ess/bpn/investigations: post: @@ -59,8 +58,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId. tags: @@ -125,8 +123,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Return job with additional supplyChainImpacted information. tags: - Environmental and Social Standards @@ -205,8 +202,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches." tags: @@ -296,8 +292,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Returns paginated jobs with state and execution times. tags: - Item Relationship Service @@ -348,8 +343,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: "Register an IRS job to retrieve an item graph for given {globalAssetId}." tags: - Item Relationship Service @@ -433,8 +427,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Return job with optional item graph result for requested id. tags: - Item Relationship Service @@ -499,8 +492,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job for requested jobId not found. security: - - oAuth2: - - profile email + - oAuth2:[] summary: Cancel job for requested jobId. tags: - Item Relationship Service @@ -537,8 +529,7 @@ paths: $ref: "#/components/schemas/ErrorResponse" description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2:[] summary: Get all available aspect models from semantic hub or local models. tags: - Aspect Models @@ -591,8 +582,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2:[] summary: "Registers an IRS order with an array of {globalAssetIds}.\ \ Each globalAssetId will be processed in an IRS Job, grouped in batches." tags: @@ -659,8 +649,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - oAuth2: - - profile email + - oAuth2:[] summary: Get a batch order for a given orderId. tags: - Item Relationship Service @@ -725,8 +714,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - oAuth2: - - profile email + - oAuth2:[] summary: Cancel a batch order for a given orderId. tags: - Item Relationship Service @@ -802,8 +790,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch with the requested orderId and batchId not found. security: - - oAuth2: - - profile email + - oAuth2:[] summary: Get a batch with a given batchId for a given orderId. tags: - Item Relationship Service @@ -839,8 +826,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2:[] summary: Lists the registered policies that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -884,8 +870,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2:[] summary: Register a policy that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -930,8 +915,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2:[] summary: Removes a policy that should no longer be accepted in EDC negotiation. tags: - Item Relationship Service @@ -981,8 +965,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2:[] summary: Updates an existing policy with new validUntil value. tags: - Item Relationship Service @@ -2635,6 +2618,5 @@ components: flows: clientCredentials: scopes: - profile email: "" tokenUrl: https://localhost type: oauth2 \ No newline at end of file From 77041037512b1b82fdc453475eea41009a7b1dbd Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Fri, 10 Nov 2023 15:22:31 +0100 Subject: [PATCH 08/27] feat(impl):[TRI-244] remove keycloak --- .../templates/configmap-spring-app-config.yaml | 10 +++++----- charts/irs-helm/templates/deployment.yaml | 8 ++++---- charts/irs-helm/templates/secrets.yaml | 4 ++-- charts/irs-helm/values.yaml | 11 +++++------ irs-api/src/main/resources/application.yml | 4 ++-- 5 files changed, 18 insertions(+), 19 deletions(-) diff --git a/charts/irs-helm/templates/configmap-spring-app-config.yaml b/charts/irs-helm/templates/configmap-spring-app-config.yaml index 0ade09ec32..7a0fece209 100644 --- a/charts/irs-helm/templates/configmap-spring-app-config.yaml +++ b/charts/irs-helm/templates/configmap-spring-app-config.yaml @@ -52,19 +52,19 @@ data: client: registration: common: - client-id: "${COMMON_OAUTH2_CLIENT_ID}" # taken from secret ENV - client-secret: "${COMMON_OAUTH2_CLIENT_SECRET}" # taken from secret ENV + client-id: "${OAUTH2_CLIENT_ID}" # taken from secret ENV + client-secret: "${OAUTH2_CLIENT_SECRET}" # taken from secret ENV portal: client-id: ${PORTAL_OAUTH2_CLIENT_ID} # taken from secret ENV client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # taken from secret ENV provider: common: - token-uri: {{ tpl (.Values.common.oauth2.clientTokenUri | default "http://localhost") . | quote }} + token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} portal: - token-uri: {{ tpl (.Values.common.oauth2.clientTokenUri | default "http://localhost") . | quote }} + token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} resourceserver: jwt: - jwk-set-uri: {{ tpl (.Values.common.oauth2.jwkSetUri | default "http://localhost") . | quote }} + jwk-set-uri: {{ tpl (.Values.oauth2.jwkSetUri | default "http://localhost") . | quote }} digitalTwinRegistry: descriptorEndpoint: {{ tpl (.Values.digitalTwinRegistry.descriptorEndpoint | default "") . | quote }} diff --git a/charts/irs-helm/templates/deployment.yaml b/charts/irs-helm/templates/deployment.yaml index fde671d1ee..757d8dae97 100644 --- a/charts/irs-helm/templates/deployment.yaml +++ b/charts/irs-helm/templates/deployment.yaml @@ -81,16 +81,16 @@ spec: secretKeyRef: name: {{ template "irs.secretName" . }} key: minioPassword - - name: COMMON_OAUTH2_CLIENT_ID + - name: OAUTH2_CLIENT_ID valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: commonClientId - - name: COMMON_OAUTH2_CLIENT_SECRET + key: clientId + - name: OAUTH2_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: commonClientSecret + key: clientSecret - name: PORTAL_OAUTH2_CLIENT_ID valueFrom: secretKeyRef: diff --git a/charts/irs-helm/templates/secrets.yaml b/charts/irs-helm/templates/secrets.yaml index 7eb2d8239a..c22f19d517 100644 --- a/charts/irs-helm/templates/secrets.yaml +++ b/charts/irs-helm/templates/secrets.yaml @@ -35,8 +35,8 @@ type: Opaque data: minioUser: {{ .Values.minioUser | default "minio" | b64enc | quote }} minioPassword: {{ .Values.minioPassword | default "minioPass" | b64enc | quote }} - commonClientId: {{ .Values.common.oauth2.clientId | default "commonClientId" | b64enc | quote }} - commonClientSecret: {{ .Values.common.oauth2.clientSecret | default "commonClientSecret" | b64enc | quote }} + clientId: {{ .Values.oauth2.clientId | default "clientId" | b64enc | quote }} + clientSecret: {{ .Values.oauth2.clientSecret | default "clientSecret" | b64enc | quote }} portalClientId: {{ .Values.portal.oauth2.clientId | default "portalClientId" | b64enc | quote }} portalClientSecret: {{ .Values.portal.oauth2.clientSecret | default "portalClientSecret" | b64enc | quote }} edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | toString | default "" | b64enc | quote }} diff --git a/charts/irs-helm/values.yaml b/charts/irs-helm/values.yaml index 8ed26dec53..ba163c3079 100644 --- a/charts/irs-helm/values.yaml +++ b/charts/irs-helm/values.yaml @@ -142,12 +142,11 @@ bpdm: minioUser: "minio" # minioPassword: # minioUrl: "http://{{ .Release.Name }}-minio:9000" -common: - oauth2: - clientId: # - clientSecret: # - clientTokenUri: # - jwkSetUri: # +oauth2: + clientId: # + clientSecret: # + clientTokenUri: # + jwkSetUri: # portal: oauth2: clientId: # diff --git a/irs-api/src/main/resources/application.yml b/irs-api/src/main/resources/application.yml index c83501bf5a..51ed769174 100644 --- a/irs-api/src/main/resources/application.yml +++ b/irs-api/src/main/resources/application.yml @@ -11,8 +11,8 @@ spring: registration: common: authorization-grant-type: client_credentials - client-id: ${COMMON_OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM - client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM + client-id: ${OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM + client-secret: ${OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM portal: authorization-grant-type: client_credentials client-id: ${PORTAL_OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM From 05e47b11f3544bb76562766f4e25cb279cf9357f Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Mon, 13 Nov 2023 14:25:14 +0100 Subject: [PATCH 09/27] feat(impl):[TRI-203] ess building block docs --- .../arc42/building-block-view/irs-api.adoc | 7 ++++ .../arc42/building-block-view/level-1.adoc | 10 ++++-- .../arc42/building-block-view/level-2.adoc | 34 +++++++++++++++++++ .../ess-api-interaction.puml | 34 +++++++++++++++++++ .../building-block-view.puml | 23 +++++++++---- .../building-block-view/level-2-int-ess.puml | 26 ++++++++++++++ 6 files changed, 124 insertions(+), 10 deletions(-) create mode 100644 docs/src/uml-diagrams/api-specification/ess-api-interaction.puml create mode 100644 docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml diff --git a/docs/src/docs/arc42/building-block-view/irs-api.adoc b/docs/src/docs/arc42/building-block-view/irs-api.adoc index ab0c98011b..0cb0d7a788 100644 --- a/docs/src/docs/arc42/building-block-view/irs-api.adoc +++ b/docs/src/docs/arc42/building-block-view/irs-api.adoc @@ -11,3 +11,10 @@ Since we cannot rely on synchronous responses regarding the requests of submodel .... include::../../../uml-diagrams/api-specification/irs-api-interaction.puml[] .... + +== ESS Investigation interaction diagram + +[plantuml, target=ess-api, format=svg] +.... +include::../../../uml-diagrams/api-specification/ess-api-interaction.puml[] +.... diff --git a/docs/src/docs/arc42/building-block-view/level-1.adoc b/docs/src/docs/arc42/building-block-view/level-1.adoc index 21903a9414..b080f0b20d 100644 --- a/docs/src/docs/arc42/building-block-view/level-1.adoc +++ b/docs/src/docs/arc42/building-block-view/level-1.adoc @@ -43,9 +43,6 @@ A job is processed in this order: 5. Recursively iteration over step 2-4 until an abort criterion is reached. 6. Assembles the complete item graph. -|*Policy Store* -|The *Policy Store* provides an Interface for getting, adding and deleting accepted IRS EDC policies. These policies will be used to validate EDC contract offers. - |*BlobStore* |The BlobStore is the database where the relationships and tombstones are stored for a requested item. @@ -60,4 +57,11 @@ A job is processed in this order: |*EDC Client* |The EDC Client is used to communicate with the EDC network, negotiate contracts and retrieve submodel data. + +|*PolicyStoreController* +|The *PolicyStoreController* provides a REST Interface for creating and retrieving policies that should be accepted in EDC negotiations. + +|*PolicyStore* +|The *Policy Store* provides an Interface for getting, adding and deleting accepted IRS EDC policies. These policies will be used to validate EDC contract offers. + |=== \ No newline at end of file diff --git a/docs/src/docs/arc42/building-block-view/level-2.adoc b/docs/src/docs/arc42/building-block-view/level-2.adoc index c0f3310909..30cb5e0488 100644 --- a/docs/src/docs/arc42/building-block-view/level-2.adoc +++ b/docs/src/docs/arc42/building-block-view/level-2.adoc @@ -33,6 +33,39 @@ include::../../../uml-diagrams/building-block-view/level-2-int.puml[] |=== +== ESS controller + +The ESS REST controller is used to provide a RESTful web service to related Environmental and Social Standards functionalities. + +=== Component diagram + +[plantuml, target=level-2-ess-controller, format=svg] +.... +include::../../../uml-diagrams/building-block-view/level-2-int-ess.puml[] +.... + +=== Component description + +|=== +|Components |Description + +|EssController +|Application REST controller. + +|EssService +|Service contains business logic for investigation if part is inside supply chain. + +|IrsItemGraphQueryService +|Service for retrieving item graph. + +|BpnInvestigationJobCache +|Interface for storing incident data blobs. + +|EssRecursiveNotificationHandler +|Business logic handling recursive investigation and calculating results. +|=== + + == RecursiveJobHandler The *RecursiveJobHandler* component provide the logic to build jobs with recursive logic to retrieve items over the complete C-X network and assembles the partial results into a single item graph result. @@ -63,6 +96,7 @@ include::../../../uml-diagrams/building-block-view/level-2-int-recursive-job-han |Interface for storing data blobs. |=== + == TransferProcessManagement The TransferProcessManager creates executions and provides them to the executor service. Each execution contains HTTP requests to the asset administration shell registry and to the submodel interface. diff --git a/docs/src/uml-diagrams/api-specification/ess-api-interaction.puml b/docs/src/uml-diagrams/api-specification/ess-api-interaction.puml new file mode 100644 index 0000000000..0b4f872537 --- /dev/null +++ b/docs/src/uml-diagrams/api-specification/ess-api-interaction.puml @@ -0,0 +1,34 @@ +@startuml +skinparam monochrome true +skinparam shadowing false +skinparam linetype ortho +skinparam defaultFontName "Architects daughter" + +actor APIConsumer +activate APIConsumer + +box "IRS" #LightBlue +participant WebService as "ESS API" +activate WebService + +APIConsumer -> WebService : POST /ess/bpn/investigations +opt +APIConsumer <-- WebService : 201: Returns jobId of registered Investigation job. + + loop poll is "200" http + APIConsumer -> WebService : GET /ess/bpn/investigations/{jobId} + + opt job.hasCompleted() + APIConsumer <-- WebService : "200" Item Graph for given jobId with additional supplyChainImpacted information. + else job.isRunning() + APIConsumer <-- WebService : "200" Item Graph for given jobId with partial results about supplyChainImpacted information. + end opt + end loop + +else +APIConsumer <-- WebService : 400: Registering Investigation job failed. +end opt + + + +@enduml \ No newline at end of file diff --git a/docs/src/uml-diagrams/building-block-view/building-block-view.puml b/docs/src/uml-diagrams/building-block-view/building-block-view.puml index 2016ccfe8b..3ec0edead3 100644 --- a/docs/src/uml-diagrams/building-block-view/building-block-view.puml +++ b/docs/src/uml-diagrams/building-block-view/building-block-view.puml @@ -8,9 +8,15 @@ skinparam defaultFontName "Architects daughter" component [**IRS-Application**] <> as IRS { component [**RecursiveJobHandler**] <> as RecursiveJobHandler component [**IrsController**] <> as IrsController + component [**PolicyStoreController**] <> as PolicyStoreController + component [**EssController**] <> as EssController + component [**IrsItemGraphQueryService**] <> as IrsItemGraphQueryService component [**JobOrchestrator**] <> as JobOrchestrator - component [**TransferProcessManagment**] <> as TransferProcessManagement - component [**Policy Store**] <> as PolicyStore + component [**TransferProcessManagement**] <> as TransferProcessManagement + component [**PolicyStore**] <> as PolicyStore + component [**EssService**] <> as EssService + component [**EssRecursiveNotificationHandler**] <> as EssRecursiveNotificationHandler + port "IRS API" as API_PORT port "Digital Twin Client" as AAS_PORT @@ -19,14 +25,16 @@ skinparam defaultFontName "Architects daughter" () "BlobStore\nInterface" as StoreInterface - IrsController <..> JobOrchestrator + IrsController <..> IrsItemGraphQueryService + IrsItemGraphQueryService <..> JobOrchestrator JobOrchestrator <..> TransferProcessManagement JobOrchestrator <..> RecursiveJobHandler TransferProcessManagement --( StoreInterface - PolicyStore --( StoreInterface - PolicyStore <..> TransferProcessManagement - IrsController <..> PolicyStore - + PolicyStore -( StoreInterface + PolicyStoreController <.> PolicyStore + EssController <..> EssService + EssService <..> IrsItemGraphQueryService + EssService <..> EssRecursiveNotificationHandler } component [**Digital Twin Registry**] <> as DTR @@ -34,6 +42,7 @@ component [**EDC**] <> as EDC actor IrsApiConsumer IrsController -up- API_PORT PolicyStoreController -down- API_PORT +EssController -down- API_PORT IrsApiConsumer -(0- API_PORT diff --git a/docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml b/docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml new file mode 100644 index 0000000000..4eaa291767 --- /dev/null +++ b/docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml @@ -0,0 +1,26 @@ +@startuml +skinparam monochrome true +skinparam shadowing false +skinparam linetype ortho +skinparam defaultFontName "Architects daughter" + + component [**Controller**] <> as Controller { + component [**EssController**] <> as EssController + component [**EssService**] <> as EssService + port "ESS API" as API_PORT + EssController .> EssService + interface BpnInvestigationJobCache + interface IrsItemGraphQueryService + interface EssRecursiveNotificationHandler + + } + + actor EssApiConsumer + EssController -up- API_PORT + EssApiConsumer -(0- API_PORT + + EssService -down-( BpnInvestigationJobCache + EssService -left-( IrsItemGraphQueryService + EssService -up--( EssRecursiveNotificationHandler + +@enduml \ No newline at end of file From 61af3f100b3f34240d55208ec040a6c27f259e4d Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Tue, 14 Nov 2023 08:39:47 +0100 Subject: [PATCH 10/27] feat(impl):[TRI-203] ess building block docs --- .../arc42/building-block-view/level-1.adoc | 6 ++ .../arc42/building-block-view/level-2.adoc | 62 +++++++++---------- .../building-block-view.puml | 16 +++-- .../building-block-view/level-2-int-ess.puml | 18 +++--- 4 files changed, 50 insertions(+), 52 deletions(-) diff --git a/docs/src/docs/arc42/building-block-view/level-1.adoc b/docs/src/docs/arc42/building-block-view/level-1.adoc index b080f0b20d..e850f97f81 100644 --- a/docs/src/docs/arc42/building-block-view/level-1.adoc +++ b/docs/src/docs/arc42/building-block-view/level-1.adoc @@ -58,6 +58,12 @@ A job is processed in this order: |*EDC Client* |The EDC Client is used to communicate with the EDC network, negotiate contracts and retrieve submodel data. +|*EssController* +|The *EssController* provides a REST Interface to perform BPN investigations of supply chain. + +|*EssService* +|The *EssService* implements the REST Interface of the EssController and handles recursive investigation with results calculations. + |*PolicyStoreController* |The *PolicyStoreController* provides a REST Interface for creating and retrieving policies that should be accepted in EDC negotiations. diff --git a/docs/src/docs/arc42/building-block-view/level-2.adoc b/docs/src/docs/arc42/building-block-view/level-2.adoc index 30cb5e0488..e538a91875 100644 --- a/docs/src/docs/arc42/building-block-view/level-2.adoc +++ b/docs/src/docs/arc42/building-block-view/level-2.adoc @@ -33,39 +33,6 @@ include::../../../uml-diagrams/building-block-view/level-2-int.puml[] |=== -== ESS controller - -The ESS REST controller is used to provide a RESTful web service to related Environmental and Social Standards functionalities. - -=== Component diagram - -[plantuml, target=level-2-ess-controller, format=svg] -.... -include::../../../uml-diagrams/building-block-view/level-2-int-ess.puml[] -.... - -=== Component description - -|=== -|Components |Description - -|EssController -|Application REST controller. - -|EssService -|Service contains business logic for investigation if part is inside supply chain. - -|IrsItemGraphQueryService -|Service for retrieving item graph. - -|BpnInvestigationJobCache -|Interface for storing incident data blobs. - -|EssRecursiveNotificationHandler -|Business logic handling recursive investigation and calculating results. -|=== - - == RecursiveJobHandler The *RecursiveJobHandler* component provide the logic to build jobs with recursive logic to retrieve items over the complete C-X network and assembles the partial results into a single item graph result. @@ -129,4 +96,33 @@ include::../../../uml-diagrams/building-block-view/level-2-int-transfer-process- |ExecutorService |The ExecutorService enables the simultaneous execution of requests of transfer processes. +|=== + +== ESS controller + +The ESS REST controller is used to provide a RESTful web service to related Environmental and Social Standards functionalities. + +=== Component diagram + +[plantuml, target=level-2-ess-controller, format=svg] +.... +include::../../../uml-diagrams/building-block-view/level-2-int-ess.puml[] +.... + +=== Component description + +|=== +|Components |Description + +|EssService +|Service contains business logic for investigation if part is inside supply chain. + +|IrsItemGraphQueryService +|Service for retrieving item graph. + +|BpnInvestigationJobCache +|Interface for storing incident data blobs. + +|EssRecursiveNotificationHandler +|Business logic handling recursive investigation and results calculation. Responsible for sending and receiving EDC notifications. |=== \ No newline at end of file diff --git a/docs/src/uml-diagrams/building-block-view/building-block-view.puml b/docs/src/uml-diagrams/building-block-view/building-block-view.puml index 3ec0edead3..5d8eebd9fc 100644 --- a/docs/src/uml-diagrams/building-block-view/building-block-view.puml +++ b/docs/src/uml-diagrams/building-block-view/building-block-view.puml @@ -10,40 +10,38 @@ skinparam defaultFontName "Architects daughter" component [**IrsController**] <> as IrsController component [**PolicyStoreController**] <> as PolicyStoreController component [**EssController**] <> as EssController - component [**IrsItemGraphQueryService**] <> as IrsItemGraphQueryService component [**JobOrchestrator**] <> as JobOrchestrator component [**TransferProcessManagement**] <> as TransferProcessManagement component [**PolicyStore**] <> as PolicyStore - component [**EssService**] <> as EssService - component [**EssRecursiveNotificationHandler**] <> as EssRecursiveNotificationHandler - port "IRS API" as API_PORT + port "API" as API_PORT port "Digital Twin Client" as AAS_PORT port "EDC Client" as EDC_PORT () "BlobStore\nInterface" as StoreInterface - IrsController <..> IrsItemGraphQueryService - IrsItemGraphQueryService <..> JobOrchestrator + IrsController <..> JobOrchestrator JobOrchestrator <..> TransferProcessManagement JobOrchestrator <..> RecursiveJobHandler TransferProcessManagement --( StoreInterface PolicyStore -( StoreInterface PolicyStoreController <.> PolicyStore - EssController <..> EssService - EssService <..> IrsItemGraphQueryService - EssService <..> EssRecursiveNotificationHandler + EssController <..> JobOrchestrator } component [**Digital Twin Registry**] <> as DTR component [**EDC**] <> as EDC actor IrsApiConsumer +actor EssApiConsumer +actor PolicyStoreApiConsumer IrsController -up- API_PORT PolicyStoreController -down- API_PORT EssController -down- API_PORT IrsApiConsumer -(0- API_PORT +EssApiConsumer -(0- API_PORT +PolicyStoreApiConsumer -(0- API_PORT TransferProcessManagement --- AAS_PORT diff --git a/docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml b/docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml index 4eaa291767..484dcf9dec 100644 --- a/docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml +++ b/docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml @@ -4,23 +4,21 @@ skinparam shadowing false skinparam linetype ortho skinparam defaultFontName "Architects daughter" - component [**Controller**] <> as Controller { - component [**EssController**] <> as EssController + component [**EssController**] <> as EssController { component [**EssService**] <> as EssService + component [**EssRecursiveNotificationHandler**] <> as EssRecursiveNotificationHandler + component [**IrsItemGraphQueryService**] <> as IrsItemGraphQueryService port "ESS API" as API_PORT - EssController .> EssService interface BpnInvestigationJobCache - interface IrsItemGraphQueryService - interface EssRecursiveNotificationHandler + + EssService <.> IrsItemGraphQueryService + EssService <..> EssRecursiveNotificationHandler + EssService --( BpnInvestigationJobCache } actor EssApiConsumer - EssController -up- API_PORT + EssService -up- API_PORT EssApiConsumer -(0- API_PORT - EssService -down-( BpnInvestigationJobCache - EssService -left-( IrsItemGraphQueryService - EssService -up--( EssRecursiveNotificationHandler - @enduml \ No newline at end of file From 8b9c3ec0c4ba68472ffc55f0ba0a27cbc7513f3e Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Tue, 14 Nov 2023 08:47:45 +0100 Subject: [PATCH 11/27] feat(impl):[TRI-203] ess building block docs --- docs/src/docs/arc42/building-block-view/level-1.adoc | 6 ------ .../building-block-view/building-block-view.puml | 4 +--- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/docs/src/docs/arc42/building-block-view/level-1.adoc b/docs/src/docs/arc42/building-block-view/level-1.adoc index e850f97f81..0a29fcd28c 100644 --- a/docs/src/docs/arc42/building-block-view/level-1.adoc +++ b/docs/src/docs/arc42/building-block-view/level-1.adoc @@ -61,13 +61,7 @@ A job is processed in this order: |*EssController* |The *EssController* provides a REST Interface to perform BPN investigations of supply chain. -|*EssService* -|The *EssService* implements the REST Interface of the EssController and handles recursive investigation with results calculations. - |*PolicyStoreController* |The *PolicyStoreController* provides a REST Interface for creating and retrieving policies that should be accepted in EDC negotiations. -|*PolicyStore* -|The *Policy Store* provides an Interface for getting, adding and deleting accepted IRS EDC policies. These policies will be used to validate EDC contract offers. - |=== \ No newline at end of file diff --git a/docs/src/uml-diagrams/building-block-view/building-block-view.puml b/docs/src/uml-diagrams/building-block-view/building-block-view.puml index 5d8eebd9fc..a15742f8b0 100644 --- a/docs/src/uml-diagrams/building-block-view/building-block-view.puml +++ b/docs/src/uml-diagrams/building-block-view/building-block-view.puml @@ -12,7 +12,6 @@ skinparam defaultFontName "Architects daughter" component [**EssController**] <> as EssController component [**JobOrchestrator**] <> as JobOrchestrator component [**TransferProcessManagement**] <> as TransferProcessManagement - component [**PolicyStore**] <> as PolicyStore port "API" as API_PORT @@ -26,8 +25,7 @@ skinparam defaultFontName "Architects daughter" JobOrchestrator <..> TransferProcessManagement JobOrchestrator <..> RecursiveJobHandler TransferProcessManagement --( StoreInterface - PolicyStore -( StoreInterface - PolicyStoreController <.> PolicyStore + PolicyStoreController -( StoreInterface EssController <..> JobOrchestrator } From 2bf253f8ed4a7775bc3f86d3890ab9b6b7859b82 Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Tue, 14 Nov 2023 08:49:13 +0100 Subject: [PATCH 12/27] feat(impl):[TRI-203] ess building block docs --- docs/src/docs/arc42/building-block-view/level-1.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/docs/arc42/building-block-view/level-1.adoc b/docs/src/docs/arc42/building-block-view/level-1.adoc index 0a29fcd28c..b9fb143633 100644 --- a/docs/src/docs/arc42/building-block-view/level-1.adoc +++ b/docs/src/docs/arc42/building-block-view/level-1.adoc @@ -62,6 +62,6 @@ A job is processed in this order: |The *EssController* provides a REST Interface to perform BPN investigations of supply chain. |*PolicyStoreController* -|The *PolicyStoreController* provides a REST Interface for creating and retrieving policies that should be accepted in EDC negotiations. +|The *PolicyStoreController* provides a REST Interface for getting, adding and deleting accepted IRS EDC policies. These policies will be used to validate EDC contract offers. |=== \ No newline at end of file From cce34603e17e89f0f095e39ff0968ce5398d67de Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Tue, 14 Nov 2023 09:06:58 +0100 Subject: [PATCH 13/27] feat(impl):[TRI-244] remove keycloak - new envs --- .github/workflows/BETA-xray-cucumber-integration.yaml | 2 +- .github/workflows/irs-load-test.yaml | 6 +++--- .github/workflows/tavern-integration.yml | 2 +- .github/workflows/tavern.yml | 6 +++--- .../src/test/resources/application-dev.yml | 4 ++-- .../src/test/resources/application-int.yml | 4 ++-- .../src/test/resources/application-local.yml | 4 ++-- .../src/test/resources/application-prd.yml | 4 ++-- irs-integration-tests/src/test/resources/application.yml | 4 ++-- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/BETA-xray-cucumber-integration.yaml b/.github/workflows/BETA-xray-cucumber-integration.yaml index af3e2c22d5..c1ebea938e 100644 --- a/.github/workflows/BETA-xray-cucumber-integration.yaml +++ b/.github/workflows/BETA-xray-cucumber-integration.yaml @@ -38,7 +38,7 @@ jobs: - name: Build with Maven if: ${{ steps.download.outputs.http_response == '200' }} env: - OAUTH2_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET_BETA }} + OAUTH2_CLIENT_SECRET: ${{ secrets.OAUTH2_CLIENT_SECRET_BETA }} run: | unzip -o features.zip -d irs-cucumber-tests/src/test/resources/features mvn --batch-mode clean install -pl irs-cucumber-tests,irs-models -D"cucumber.filter.tags"="not @Ignore and @INTEGRATION_TEST" diff --git a/.github/workflows/irs-load-test.yaml b/.github/workflows/irs-load-test.yaml index d69b260b6d..79d2df9c7b 100644 --- a/.github/workflows/irs-load-test.yaml +++ b/.github/workflows/irs-load-test.yaml @@ -39,9 +39,9 @@ jobs: - name: Run Gatling tests env: - OAUTH2_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} - OAUTH2_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET }} - OAUTH2_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }} + OAUTH2_HOST: ${{ secrets.OAUTH2_CLIENT_TOKEN_URI }} + OAUTH2_CLIENT_SECRET: ${{ secrets.OAUTH2_CLIENT_SECRET }} + OAUTH2_CLIENT_ID: ${{ secrets.OAUTH2_CLIENT_ID }} IRS_HOST: ${{ github.event.inputs.irs-host || 'https://irs-full.dev.demo.catena-x.net' }} TEST_CYCLES: ${{ github.event.inputs.test-cycles || '20' }} run: | diff --git a/.github/workflows/tavern-integration.yml b/.github/workflows/tavern-integration.yml index f51c65a41c..268bad26f4 100644 --- a/.github/workflows/tavern-integration.yml +++ b/.github/workflows/tavern-integration.yml @@ -61,7 +61,7 @@ jobs: env: IRS_HOST: ${{ 'https://irs.int.demo.catena-x.net' }} IRS_ESS_HOST: ${{ github.event.inputs.irs-ess-host || 'https://irs-ess.int.demo.catena-x.net' }} - OAUTH2_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} + OAUTH2_HOST: ${{ secrets.OAUTH2_CLIENT_TOKEN_URI }} OAUTH2_CLIENT_ID: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_ID_INT }} OAUTH2_CLIENT_SECRET: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_SECRET_INT }} GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }} diff --git a/.github/workflows/tavern.yml b/.github/workflows/tavern.yml index da1e8876d5..bd21b36033 100644 --- a/.github/workflows/tavern.yml +++ b/.github/workflows/tavern.yml @@ -63,9 +63,9 @@ jobs: env: IRS_HOST: ${{ 'https://irs.dev.demo.catena-x.net' }} IRS_ESS_HOST: ${{ github.event.inputs.irs-ess-host || 'https://irs-ess.int.demo.catena-x.net' }} - OAUTH2_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} - OAUTH2_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }} - OAUTH2_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET }} + OAUTH2_HOST: ${{ secrets.OAUTH2_CLIENT_TOKEN_URI }} + OAUTH2_CLIENT_ID: ${{ secrets.OAUTH2_CLIENT_ID }} + OAUTH2_CLIENT_SECRET: ${{ secrets.OAUTH2_CLIENT_SECRET }} GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }} BPN_AS_PLANNED: ${{ github.event.inputs.bpn-asPlanned || 'BPNL00000003AYRE' }} GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:6d505432-8b31-4966-9514-4b753372683f' }} diff --git a/irs-integration-tests/src/test/resources/application-dev.yml b/irs-integration-tests/src/test/resources/application-dev.yml index 5576ffe596..380549a462 100644 --- a/irs-integration-tests/src/test/resources/application-dev.yml +++ b/irs-integration-tests/src/test/resources/application-dev.yml @@ -7,8 +7,8 @@ spring: registration: common: authorization-grant-type: client_credentials - client-id: ${COMMON_OAUTH2_CLIENT_ID} - client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} + client-id: ${OAUTH2_CLIENT_ID} + client-secret: ${OAUTH2_CLIENT_SECRET} config: activate: on-profile: dev diff --git a/irs-integration-tests/src/test/resources/application-int.yml b/irs-integration-tests/src/test/resources/application-int.yml index bfdcdca8d9..8afd655f47 100644 --- a/irs-integration-tests/src/test/resources/application-int.yml +++ b/irs-integration-tests/src/test/resources/application-int.yml @@ -7,8 +7,8 @@ spring: registration: common: authorization-grant-type: client_credentials - client-id: ${COMMON_OAUTH2_CLIENT_ID} - client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} + client-id: ${OAUTH2_CLIENT_ID} + client-secret: ${OAUTH2_CLIENT_SECRET} config: activate: on-profile: int diff --git a/irs-integration-tests/src/test/resources/application-local.yml b/irs-integration-tests/src/test/resources/application-local.yml index e7d2865b9f..6da9f147f0 100644 --- a/irs-integration-tests/src/test/resources/application-local.yml +++ b/irs-integration-tests/src/test/resources/application-local.yml @@ -7,8 +7,8 @@ spring: registration: common: authorization-grant-type: client_credentials - client-id: ${COMMON_OAUTH2_CLIENT_ID} - client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} + client-id: ${OAUTH2_CLIENT_ID} + client-secret: ${OAUTH2_CLIENT_SECRET} config: activate: on-profile: local diff --git a/irs-integration-tests/src/test/resources/application-prd.yml b/irs-integration-tests/src/test/resources/application-prd.yml index 83139b6bf8..f00c0bdf1d 100644 --- a/irs-integration-tests/src/test/resources/application-prd.yml +++ b/irs-integration-tests/src/test/resources/application-prd.yml @@ -7,8 +7,8 @@ spring: registration: common: authorization-grant-type: client_credentials - client-id: ${COMMON_OAUTH2_CLIENT_ID} - client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} + client-id: ${OAUTH2_CLIENT_ID} + client-secret: ${OAUTH2_CLIENT_SECRET} config: activate: on-profile: prd diff --git a/irs-integration-tests/src/test/resources/application.yml b/irs-integration-tests/src/test/resources/application.yml index fbb5aaa44e..0e47a8fab6 100644 --- a/irs-integration-tests/src/test/resources/application.yml +++ b/irs-integration-tests/src/test/resources/application.yml @@ -10,7 +10,7 @@ spring: registration: common: authorization-grant-type: client_credentials - client-id: ${COMMON_OAUTH2_CLIENT_ID} - client-secret: ${COMMON_OAUTH2_CLIENT_SECRET} + client-id: ${OAUTH2_CLIENT_ID} + client-secret: ${OAUTH2_CLIENT_SECRET} profiles: active: ${SPRING_PROFILES_ACTIVE:dev} From 895b316eb2b1292bf547f04654f64145711895e6 Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Tue, 14 Nov 2023 14:36:19 +0100 Subject: [PATCH 14/27] feat(impl):[TRI-270] fix build and tests --- docs/src/api/irs-api.yaml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/docs/src/api/irs-api.yaml b/docs/src/api/irs-api.yaml index 83f49e5273..1b620bfa35 100644 --- a/docs/src/api/irs-api.yaml +++ b/docs/src/api/irs-api.yaml @@ -492,7 +492,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job for requested jobId not found. security: - - oAuth2:[] + - oAuth2: [] summary: Cancel job for requested jobId. tags: - Item Relationship Service @@ -529,7 +529,7 @@ paths: $ref: "#/components/schemas/ErrorResponse" description: Authorization refused by server. security: - - oAuth2:[] + - oAuth2: [] summary: Get all available aspect models from semantic hub or local models. tags: - Aspect Models @@ -582,7 +582,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2:[] + - oAuth2: [] summary: "Registers an IRS order with an array of {globalAssetIds}.\ \ Each globalAssetId will be processed in an IRS Job, grouped in batches." tags: @@ -649,7 +649,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - oAuth2:[] + - oAuth2: [] summary: Get a batch order for a given orderId. tags: - Item Relationship Service @@ -714,7 +714,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - oAuth2:[] + - oAuth2: [] summary: Cancel a batch order for a given orderId. tags: - Item Relationship Service @@ -790,7 +790,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch with the requested orderId and batchId not found. security: - - oAuth2:[] + - oAuth2: [] summary: Get a batch with a given batchId for a given orderId. tags: - Item Relationship Service @@ -826,7 +826,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2:[] + - oAuth2: [] summary: Lists the registered policies that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -870,7 +870,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2:[] + - oAuth2: [] summary: Register a policy that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -915,7 +915,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2:[] + - oAuth2: [] summary: Removes a policy that should no longer be accepted in EDC negotiation. tags: - Item Relationship Service @@ -965,7 +965,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2:[] + - oAuth2: [] summary: Updates an existing policy with new validUntil value. tags: - Item Relationship Service @@ -2618,5 +2618,6 @@ components: flows: clientCredentials: scopes: + {} tokenUrl: https://localhost type: oauth2 \ No newline at end of file From 5b0122c298b8fc4944b2c9868308c5a70a1cf649 Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Tue, 14 Nov 2023 15:22:49 +0100 Subject: [PATCH 15/27] feat(impl):[TRI-244] update changelogs --- CHANGELOG.md | 32 ++++++++++++++++++++++++++++++++ charts/irs-helm/CHANGELOG.md | 18 ++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9ccccf514..a8d932182c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,38 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - IRS can now check the readiness of external services. Use the new ``management.health.dependencies.enabled`` config entry to determine if external dependencies health checks should be checked (false by default). - The map of external services healthcheck endpoints can be configured with ``management.health.dependencies.urls`` property, eg. ``service_name: http://service_name_host/health`` + +### Changed +- Changed name of spring's OAuth2 client registration from 'keycloak' to 'common' like below: + ``` + spring: + security: + oauth2: + client: + registration: + keycloak: + authorization-grant-type: client_credentials + client-id: + client-secret: + provider: + keycloak: + token-uri: + ``` + to: + ``` + spring: + security: + oauth2: + client: + registration: + common: + authorization-grant-type: client_credentials + client-id: + client-secret: + provider: + common: + token-uri: + ``` ## [4.0.1] - 2023-11-10 ### Changed diff --git a/charts/irs-helm/CHANGELOG.md b/charts/irs-helm/CHANGELOG.md index 6c4e1d8969..681bd470eb 100644 --- a/charts/irs-helm/CHANGELOG.md +++ b/charts/irs-helm/CHANGELOG.md @@ -5,6 +5,24 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Changed +- Changed configuration for OAuth2 client from: + ``` + keycloak: + oauth2: + clientId: + clientSecret: + clientTokenUri: + jwkSetUri: + ``` + to: + ``` + oauth2: + clientId: + clientSecret: + clientTokenUri: + jwkSetUri: + ``` ## [6.9.1] ### Changed From c4115bdde29c5747a515d62ea547b11d86be04df Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Tue, 14 Nov 2023 15:46:29 +0100 Subject: [PATCH 16/27] chore(workflows): Execute documentation linting on PR --- .github/workflows/publish-documentation.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/publish-documentation.yaml b/.github/workflows/publish-documentation.yaml index f20471c66b..54ae300e76 100644 --- a/.github/workflows/publish-documentation.yaml +++ b/.github/workflows/publish-documentation.yaml @@ -2,6 +2,9 @@ name: Publish documentation on: workflow_dispatch: # Trigger manually + pull_request: + paths: + - 'docs/**' push: branches: - main @@ -104,6 +107,7 @@ jobs: mv docs/src/diagram-replacer/assets/ docs/target/generated-docs/assets/ - name: GitHub Pages action + if: github.ref == refs/heads/main uses: peaceiris/actions-gh-pages@v3.9.3 with: github_token: ${{ secrets.GITHUB_TOKEN }} From 57fd4308a9945a383885ded789b397ab70b65173 Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Tue, 14 Nov 2023 15:47:11 +0100 Subject: [PATCH 17/27] chore(docs): Fix linting issues --- .../building-block-view/whitebox-overall.adoc | 26 +++++++++---------- .../arc42/cross-cutting/safety-security.adoc | 2 +- .../ess-top-down/ess-top-down.adoc | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/src/docs/arc42/building-block-view/whitebox-overall.adoc b/docs/src/docs/arc42/building-block-view/whitebox-overall.adoc index 9502356a0e..e72cf6b2e2 100644 --- a/docs/src/docs/arc42/building-block-view/whitebox-overall.adoc +++ b/docs/src/docs/arc42/building-block-view/whitebox-overall.adoc @@ -50,19 +50,19 @@ include::../../../uml-diagrams/building-block-view/whitebox_overall_decentral.pu |Number |Description | 01 -| IrsApiConsumer calls the **IRS** public **API** +| IrsApiConsumer calls the *IRS* public *API* | 02 -| IrsApiConsumer must authorize using **technical C-X User** +| IrsApiConsumer must authorize using *technical C-X User* | 03 -| Delegate authorization request to **IdP** +| Delegate authorization request to *IdP* | 04 -| IRS requesting for **SubmodelAspects** using **EDC** +| IRS requesting for *SubmodelAspects* using *EDC* | 05 -| IRS requesting the **decentral DigitalTwinRegistry** over **EDC** and service discovery flow +| IRS requesting the *decentral DigitalTwinRegistry* over *EDC* and service discovery flow | 06 | IRS uses EDC to ensure sovereign data consumption @@ -71,31 +71,31 @@ include::../../../uml-diagrams/building-block-view/whitebox_overall_decentral.pu | IRS MUST authorize at central IAM | 08 -| IRS lookup for EDC Provider by given BPNs over the **EDC Discovery Service** +| IRS lookup for EDC Provider by given BPNs over the *EDC Discovery Service* | 09 -| IRS lookup for **EDC Discovery Services** by given type over the **Discovery Finder** +| IRS lookup for *EDC Discovery Services* by given type over the *Discovery Finder* | 10 -| IRS uses **Semantic Hub** to validate of **SubmodelAspects** payloads agains the schema provided in **Semantic Hub** +| IRS uses *Semantic Hub* to validate of *SubmodelAspects* payloads agains the schema provided in *Semantic Hub* | 11 | In case "lookupBPNs" is active IRS provides a lookup of company for given BPN | 12 -| **EDC** is connected to **Managed Identity Wallet** for access policy check for data offers +| *EDC* is connected to *Managed Identity Wallet* for access policy check for data offers | 13 -| **EDC** communication covering negotiation and data consumption +| *EDC* communication covering negotiation and data consumption | 14 -| **EDC** is connected to **Managed Identity Wallet** for access policy check for data offers +| *EDC* is connected to *Managed Identity Wallet* for access policy check for data offers | 15 -| **IRS** accessing to **SubmodelServer** on Tier Level using the **EDC** +| *IRS* accessing to *SubmodelServer* on Tier Level using the *EDC* | 16 -| **IRS** accessing the **decentral DigitalTwinRegistry** on Tier Level using the **EDC** +| *IRS* accessing the *decentral DigitalTwinRegistry* on Tier Level using the *EDC* |=== diff --git a/docs/src/docs/arc42/cross-cutting/safety-security.adoc b/docs/src/docs/arc42/cross-cutting/safety-security.adoc index a5e7faee62..6d10d3c4e1 100644 --- a/docs/src/docs/arc42/cross-cutting/safety-security.adoc +++ b/docs/src/docs/arc42/cross-cutting/safety-security.adoc @@ -11,7 +11,7 @@ JWT token should also contain two claims: - 'bpn' which is equal to the configuration value from `API_ALLOWED_BPN` property - 'resource_access' with the specific 'Cl20-CX-IRS' key for C-X environments. (The keys are configurable. For more details see chapter "IRS OAuth2 JWT Token"). The list of values will be converted to roles by IRS. -Currently, IRS API handles two roles: **'admin_irs'** and **'view_irs'.** A valid token with the **'admin_irs'** role can access any endpoint exposed by the IRS API, while a token with the **'view_irs'** role does not have access to policies endpoints and can operate only on resources it owns. +Currently, IRS API handles two roles: *'admin_irs'* and *'view_irs'.* A valid token with the *'admin_irs'* role can access any endpoint exposed by the IRS API, while a token with the *'view_irs'* role does not have access to policies endpoints and can operate only on resources it owns. That means that he only has access to the resources he has created, e.g. jobs and batches. This behavior is shown in the table below. diff --git a/docs/src/docs/arc42/runtime-view/ess-top-down/ess-top-down.adoc b/docs/src/docs/arc42/runtime-view/ess-top-down/ess-top-down.adoc index b7929f23bf..5062d1b797 100644 --- a/docs/src/docs/arc42/runtime-view/ess-top-down/ess-top-down.adoc +++ b/docs/src/docs/arc42/runtime-view/ess-top-down/ess-top-down.adoc @@ -54,7 +54,7 @@ Note: ESS supplier responses are involved in each step of the process. include::../../../../uml-diagrams/runtime-view/use-case-ess-top-down/1_ess-top-down-sequence-highlevel.puml[] .... -=== Step 0: Process initiation: +=== Step 0: Process initiation The process is initiated by an ESS incident, that is received by (or created within) the inquiring company. This ESS incident acts as the root incident for the overall process The incident contains a company name (incl. address) and a valid BPN exists for that company. From 3b664244e7ec62475b12cc721c2b2c58afb0b32f Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Tue, 14 Nov 2023 15:50:49 +0100 Subject: [PATCH 18/27] chore(workflows): Fix condition statement --- .github/workflows/publish-documentation.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-documentation.yaml b/.github/workflows/publish-documentation.yaml index 54ae300e76..946af940bb 100644 --- a/.github/workflows/publish-documentation.yaml +++ b/.github/workflows/publish-documentation.yaml @@ -1,4 +1,4 @@ -name: Publish documentation +name: Lint and Publish documentation on: workflow_dispatch: # Trigger manually @@ -107,7 +107,7 @@ jobs: mv docs/src/diagram-replacer/assets/ docs/target/generated-docs/assets/ - name: GitHub Pages action - if: github.ref == refs/heads/main + if: github.ref == 'refs/heads/main' uses: peaceiris/actions-gh-pages@v3.9.3 with: github_token: ${{ secrets.GITHUB_TOKEN }} From ea2c2e81c4e10c29ba0c4ac65eac333e2aa54780 Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Tue, 14 Nov 2023 16:01:19 +0100 Subject: [PATCH 19/27] chore(workflows): Add cache step to plantuml jar --- .github/workflows/publish-documentation.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-documentation.yaml b/.github/workflows/publish-documentation.yaml index 946af940bb..84f0547eb4 100644 --- a/.github/workflows/publish-documentation.yaml +++ b/.github/workflows/publish-documentation.yaml @@ -12,7 +12,7 @@ on: - 'docs/**' jobs: - publish: + lint-and-publish: # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token permissions: @@ -67,6 +67,13 @@ jobs: asciidoctor-reducer -o docs/target/adminguide.adoc docs/src/docs/administration/administration-guide.adoc asciidoctor-reducer -o docs/target/arc42.adoc docs/src/docs/arc42/full.adoc + - name: Cache plantuml jar + uses: actions/cache@v3 + with: + path: plantuml.jar + key: ${{ runner.os }}-file-${{ hashFiles('plantuml.jar') }} + restore-keys: ${{ runner.os }}-files + - name: Download PlantUML jar run: | wget -O plantuml.jar https://sourceforge.net/projects/plantuml/files/plantuml.jar/download @@ -106,7 +113,7 @@ jobs: run: | mv docs/src/diagram-replacer/assets/ docs/target/generated-docs/assets/ - - name: GitHub Pages action + - name: Update documentation on GitHub Pages if: github.ref == 'refs/heads/main' uses: peaceiris/actions-gh-pages@v3.9.3 with: From 33bce33dab96ddba209e9c8471d9f5926515acbd Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Tue, 14 Nov 2023 16:13:26 +0100 Subject: [PATCH 20/27] chore(workflows): Remove restore key --- .run/IrsApplication.run.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.run/IrsApplication.run.xml b/.run/IrsApplication.run.xml index 0837bbec03..e5631923d0 100644 --- a/.run/IrsApplication.run.xml +++ b/.run/IrsApplication.run.xml @@ -2,7 +2,7 @@