Added logging and reformatted, updated drone config

.drone.yml

@@ -118,10 +118,13 @@ steps:
       - ssh-keyscan -H git.2martens.de > $HOME/.ssh/known_hosts 2>/dev/null
       - git clone ssh://giteajim@git.2martens.de:22/2martens/cloud-configuration.git .
       - git checkout main
-  - name: modify deployed image
+  - name: update image version
     image: alpine
     commands:
-      - sed -i -r "s/(wahlrecht_image_version:).*/\1\ ${DRONE_SEMVER}/" ansible/inventories/host_vars/api-server/public.yaml
+      - mkdir $HOME/bin
+      - wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 -O $HOME/bin/yq && chmod +x $HOME/bin/yq
+      - sed -i -r "s/(tag:).*/\1\ \"${DRONE_SEMVER}\"/" argocd/wahlrecht/${DRONE_DEPLOY_TO}/overwrite_values.yaml
+      - cd argocd/configserver/${DRONE_DEPLOY_TO} && $HOME/bin/yq '. *= load("overwrite_values.yaml")' default_values.yaml > values.yaml
   - name: save modified variable file
     image: alpine/git
     environment:
@@ -134,32 +137,13 @@ steps:
       - touch $HOME/.ssh/known_hosts
       - chmod 600 $HOME/.ssh/known_hosts
       - ssh-keyscan -H git.2martens.de > $HOME/.ssh/known_hosts 2>/dev/null
-      - git add ansible/inventories/host_vars/api-server/public.yaml
+      - git add argocd/wahlrecht/${DRONE_DEPLOY_TO}/*
       - git diff-index --quiet HEAD || git commit -m "[Drone] Changed wahlrecht_image_version to ${DRONE_SEMVER}"
       - git push origin main
-  - name: deploy image
-    image: plugins/ansible:latest
-    volumes:
-      - name: cache
-        path: /root/.ansible
-    settings:
-      playbook: ansible/deploy_spring.yaml
-      inventory: ansible/inventories/production
-      galaxy: ansible/requirements.yaml
-      galaxy_force: false
-      private_key:
-        from_secret: private_ssh_key
-      vault_password:
-        from_secret: vault_password
-
-volumes:
-  - name: cache
-    host:
-      path: /var/lib/drone/cache/.ansible
 
 trigger:
   target:
-    - production
+    - test
   event:
     include:
       - promote

module-server/src/main/kotlin/de/twomartens/wahlrecht/security/SpringPolicyEnforcer.kt

@@ -13,53 +13,54 @@ import org.keycloak.representations.idm.authorization.Permission
 class SpringPolicyEnforcer(private val policyEnforcer: PolicyEnforcer,
                            private val policyEnforcerConfig: PolicyEnforcerConfig) {
 
-    fun enforce(request: HttpRequest, response: HttpResponse): AuthorizationContext {
-        if (log.isDebugEnabled) {
-            log.debug("Policy enforcement is enabled. Enforcing policy decisions for path [{}].", request.uri)
-        }
-        val context = authorize(request, response)
-        if (log.isDebugEnabled) {
-            log.debug("Policy enforcement result for path [{}] is : {}", request.uri, if (context.isGranted) "GRANTED" else "DENIED")
-            log.debug("Returning authorization context with permissions:")
-            for (permission in context.permissions) {
-                log.debug(permission.toString())
-            }
-        }
-        return context
+  fun enforce(request: HttpRequest, response: HttpResponse): AuthorizationContext {
+    if (log.isDebugEnabled) {
+      log.debug("Policy enforcement is enabled. Enforcing policy decisions for path [{}].", request.uri)
     }
-
-    private fun authorize(request: HttpRequest, response: HttpResponse): AuthorizationContext {
-        val enforcementMode = policyEnforcerConfig.enforcementMode
-        return if (EnforcementMode.DISABLED == enforcementMode) {
-            createAuthorizedContext()
-        } else policyEnforcer.enforce(request, response)
+    val context = authorize(request, response)
+    if (log.isDebugEnabled) {
+      log.debug("Policy enforcement result for path [{}] is : {}", request.uri, if (context.isGranted) "GRANTED" else "DENIED")
+      log.debug("Returning authorization context with permissions:")
+      for (permission in context.permissions) {
+        log.debug(permission.toString())
+      }
     }
+    return context
+  }
 
-    private fun createAuthorizedContext(): AuthorizationContext {
-        return object : ClientAuthorizationContext(policyEnforcer.authzClient) {
-            override fun hasPermission(resourceName: String, scopeName: String): Boolean {
-                return true
-            }
+  private fun authorize(request: HttpRequest, response: HttpResponse): AuthorizationContext {
+    val enforcementMode = policyEnforcerConfig.enforcementMode
+    log.debug("Authorize with enforcement mode: [{}]", enforcementMode)
+    return if (EnforcementMode.DISABLED == enforcementMode) {
+      createAuthorizedContext()
+    } else policyEnforcer.enforce(request, response)
+  }
 
-            override fun hasResourcePermission(resourceName: String): Boolean {
-                return true
-            }
+  private fun createAuthorizedContext(): AuthorizationContext {
+    return object : ClientAuthorizationContext(policyEnforcer.authzClient) {
+      override fun hasPermission(resourceName: String, scopeName: String): Boolean {
+        return true
+      }
 
-            override fun hasScopePermission(scopeName: String): Boolean {
-                return true
-            }
+      override fun hasResourcePermission(resourceName: String): Boolean {
+        return true
+      }
 
-            override fun getPermissions(): List<Permission> {
-                return emptyList()
-            }
+      override fun hasScopePermission(scopeName: String): Boolean {
+        return true
+      }
 
-            override fun isGranted(): Boolean {
-                return true
-            }
-        }
+      override fun getPermissions(): List<Permission> {
+        return emptyList()
+      }
+
+      override fun isGranted(): Boolean {
+        return true
+      }
     }
+  }
 
-    companion object {
-        private val log = KotlinLogging.logger {}
-    }
+  companion object {
+    private val log = KotlinLogging.logger {}
+  }
 }