Compare commits
18 Commits
Author | SHA1 | Date |
---|---|---|
Jim Martens | 6c13815fc3 | |
Jim Martens | 1443dfce1b | |
Jim Martens | ddf24b42e2 | |
Jim Martens | f2c1d1ea49 | |
Jim Martens | aaec4e940a | |
Jim Martens | a02dfa100c | |
Jim Martens | 0082305a5a | |
Jim Martens | 11345c94a5 | |
Jim Martens | f5f773a90b | |
Jim Martens | 323337ed64 | |
Jim Martens | b04d6f4389 | |
Jim Martens | 517f2b4f1b | |
Jim Martens | f089d70d5f | |
Jim Martens | 2a78b47d83 | |
Jim Martens | 84baee6ebb | |
Jim Martens | 35a1b49412 | |
Jim Martens | 9453e10803 | |
Jim Martens | a2b85f402d |
30
.drone.yml
30
.drone.yml
|
@ -118,10 +118,13 @@ steps:
|
|||
- ssh-keyscan -H git.2martens.de > $HOME/.ssh/known_hosts 2>/dev/null
|
||||
- git clone ssh://giteajim@git.2martens.de:22/2martens/cloud-configuration.git .
|
||||
- git checkout main
|
||||
- name: modify deployed image
|
||||
- name: update image version
|
||||
image: alpine
|
||||
commands:
|
||||
- sed -i -r "s/(wahlrecht_image_version:).*/\1\ ${DRONE_SEMVER}/" ansible/inventories/host_vars/api-server/public.yaml
|
||||
- mkdir $HOME/bin
|
||||
- wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 -O $HOME/bin/yq && chmod +x $HOME/bin/yq
|
||||
- sed -i -r "s/(tag:).*/\1\ \"${DRONE_SEMVER}\"/" argocd/wahlrecht/${DRONE_DEPLOY_TO}/overwrite_values.yaml
|
||||
- cd argocd/wahlrecht/${DRONE_DEPLOY_TO} && $HOME/bin/yq '. *= load("overwrite_values.yaml")' default_values.yaml > values.yaml
|
||||
- name: save modified variable file
|
||||
image: alpine/git
|
||||
environment:
|
||||
|
@ -134,32 +137,13 @@ steps:
|
|||
- touch $HOME/.ssh/known_hosts
|
||||
- chmod 600 $HOME/.ssh/known_hosts
|
||||
- ssh-keyscan -H git.2martens.de > $HOME/.ssh/known_hosts 2>/dev/null
|
||||
- git add ansible/inventories/host_vars/api-server/public.yaml
|
||||
- git add argocd/wahlrecht/${DRONE_DEPLOY_TO}/*
|
||||
- git diff-index --quiet HEAD || git commit -m "[Drone] Changed wahlrecht_image_version to ${DRONE_SEMVER}"
|
||||
- git push origin main
|
||||
- name: deploy image
|
||||
image: plugins/ansible:latest
|
||||
volumes:
|
||||
- name: cache
|
||||
path: /root/.ansible
|
||||
settings:
|
||||
playbook: ansible/deploy_spring.yaml
|
||||
inventory: ansible/inventories/production
|
||||
galaxy: ansible/requirements.yaml
|
||||
galaxy_force: false
|
||||
private_key:
|
||||
from_secret: private_ssh_key
|
||||
vault_password:
|
||||
from_secret: vault_password
|
||||
|
||||
volumes:
|
||||
- name: cache
|
||||
host:
|
||||
path: /var/lib/drone/cache/.ansible
|
||||
|
||||
trigger:
|
||||
target:
|
||||
- production
|
||||
- test
|
||||
event:
|
||||
include:
|
||||
- promote
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
<component name="ProjectRunConfigurationManager">
|
||||
<configuration default="false" name="MainApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot" nameIsGenerated="true">
|
||||
<module name="wahlrecht.server.main" />
|
||||
<option name="SPRING_BOOT_MAIN_CLASS" value="de.twomartens.wahlrecht.MainApplication" />
|
||||
<extension name="net.ashald.envfile">
|
||||
<option name="IS_ENABLED" value="true" />
|
||||
<option name="IS_SUBST" value="false" />
|
||||
<option name="IS_PATH_MACRO_SUPPORTED" value="false" />
|
||||
<option name="IS_IGNORE_MISSING_FILES" value="false" />
|
||||
<option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
|
||||
<ENTRIES>
|
||||
<ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
|
||||
<ENTRY IS_ENABLED="true" PARSER="env" IS_EXECUTABLE="false" PATH=".env" />
|
||||
</ENTRIES>
|
||||
</extension>
|
||||
<method v="2">
|
||||
<option name="Make" enabled="true" />
|
||||
</method>
|
||||
</configuration>
|
||||
</component>
|
|
@ -54,7 +54,7 @@ normalization.runtimeClasspath.metaInf {
|
|||
}
|
||||
|
||||
tasks.register("cleanLibs") {
|
||||
delete("${buildDir}/libs")
|
||||
delete("${layout.buildDirectory}/libs")
|
||||
}
|
||||
|
||||
tasks.build {
|
||||
|
|
|
@ -9,10 +9,10 @@ apply(plugin="com.netflix.nebula.release")
|
|||
tasks.register("writeVersionProperties") {
|
||||
group = "version"
|
||||
mustRunAfter("release")
|
||||
outputs.file("$buildDir/version.properties")
|
||||
val directory = buildDir
|
||||
outputs.file("${layout.buildDirectory}/version.properties")
|
||||
val directory = layout.buildDirectory.asFile
|
||||
doLast {
|
||||
Files.createDirectories(directory.toPath())
|
||||
File("$buildDir/version.properties").writeText("VERSION=${project.version}\n")
|
||||
Files.createDirectories(directory.get().toPath())
|
||||
File("${layout.buildDirectory}/version.properties").writeText("VERSION=${project.version}\n")
|
||||
}
|
||||
}
|
|
@ -1,21 +1,21 @@
|
|||
[versions]
|
||||
spring-boot = "3.1.2"
|
||||
spring-doc = "2.1.0"
|
||||
spring-cloud = "2022.0.4"
|
||||
spring-boot = "3.2.3"
|
||||
spring-doc = "2.3.0"
|
||||
spring-cloud = "2023.0.0"
|
||||
spring-grpc = "2.14.0.RELEASE"
|
||||
grpc = "1.57.0"
|
||||
tomcat-annotations = "6.0.53"
|
||||
httpclient = "5.2.1"
|
||||
slf4j = "2.0.7"
|
||||
log4j = "2.20.0"
|
||||
log4j-ecs = "1.5.0"
|
||||
httpclient = "5.3.1"
|
||||
slf4j = "2.0.12"
|
||||
log4j = "2.23.0"
|
||||
log4j-ecs = "1.6.0"
|
||||
mapstruct = "1.5.5.Final"
|
||||
junit = "5.10.0"
|
||||
assertj = "3.24.2"
|
||||
mockito = "5.4.0"
|
||||
keycloak = "22.0.1"
|
||||
junit = "5.10.2"
|
||||
assertj = "3.25.3"
|
||||
mockito = "5.11.0"
|
||||
keycloak = "24.0.1"
|
||||
kotlin-logging = "3.0.5"
|
||||
kotlin-reflect = "1.9.0"
|
||||
kotlin-reflect = "1.9.22"
|
||||
kotlin-lombok = "1.9.0"
|
||||
plugin-nebula-release = "17.2.2"
|
||||
plugin-lombok = "8.0.1"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
distributionBase=GRADLE_USER_HOME
|
||||
distributionPath=wrapper/dists
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-bin.zip
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
|
||||
zipStoreBase=GRADLE_USER_HOME
|
||||
zipStorePath=wrapper/dists
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,60 @@
|
|||
PUT http://localhost:12000/wahlrecht/v1/election
|
||||
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJkalp3QzZGZEZ4eHl4R0RfX3JRYVhIMzNCc0Fxa29fYXZoelRlX19IYUxRIn0.eyJleHAiOjE3MTQ5ODE3NDUsImlhdCI6MTcxNDk4MDg0NSwiYXV0aF90aW1lIjoxNzE0OTc5Njk1LCJqdGkiOiIyMzcwNTU4My1mYTE2LTQ4NWYtODNlMC0xMWIyZjg0ODEyM2YiLCJpc3MiOiJodHRwczovL2lkLjJtYXJ0ZW5zLmRlL3JlYWxtcy8ybWFydGVucyIsImF1ZCI6WyJ0c3ctdGltZXRhYmxlLWZyb250ZW5kIiwiYWNjb3VudCIsInRpbWV0YWJsZSJdLCJzdWIiOiJkOTRiMzU3My05ZjdhLTRjYmMtYTg5MS1kZGRjYWQ1MjE0YjMiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJ3YWhscmVjaHQiLCJzZXNzaW9uX3N0YXRlIjoiZGIxNmVmNzItZTUyMi00ZWE4LThjNjAtYjRjYmRiMTEzNjEyIiwiYWNyIjoiMCIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwczovL2FwaS4ybWFydGVucy5kZSIsImh0dHA6Ly9sb2NhbGhvc3Q6MTIwMDAiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwiQ09SRV9FTEVDVElPTl9EQVRBX0NPTlRSSUJVVE9SIiwiZGVmYXVsdC1yb2xlcy13YWhscmVjaHQiLCJBRE1JTiIsInVtYV9hdXRob3JpemF0aW9uIiwiVVNFUiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRzdy10aW1ldGFibGUtZnJvbnRlbmQiOnsicm9sZXMiOlsiQUNUSVZFX1BMQU4iLCJQRVJTT05BTF9QTEFOIiwiRlJFRV9QTEFOIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX0sInRpbWV0YWJsZSI6eyJyb2xlcyI6WyJBRE1JTiIsIlBFUlNPTkFMX1BMQU4iLCJGUkVFX1BMQU4iXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJzaWQiOiJkYjE2ZWY3Mi1lNTIyLTRlYTgtOGM2MC1iNGNiZGIxMTM2MTIiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6IkppbSBNYXJ0ZW5zIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiZ2l0aHViQDJtYXJ0ZW5zLmRlIiwiZ2l2ZW5fbmFtZSI6IkppbSIsImxvY2FsZSI6ImVuIiwiZmFtaWx5X25hbWUiOiJNYXJ0ZW5zIiwiZW1haWwiOiJnaXRodWJAMm1hcnRlbnMuZGUifQ.VWDniNAGZOdBbQ3rIia81VqchT9fL0PbT4TS8ORpueRTVe8j2gatwDEPz3ocIFNevNh5hv0gQpjcYT8XGh5rk8oNbHrFg48uJZC5SfINzEEq9JYUQCLf_LGiXmfCODwKaRZc6EVFYU34t7d-SXrN0qNcFooFnV7erD57GJB--19nVOAv1zsQKDV_lJYz6SHGlPZol0PBOHwRaREjgsS1zw8kNOBZYFiuaAbHCOl3rrZb0YZevB1_qtPWtdCOCEjCIlGURIU6Wn6xTNUG1MkE2yytArJS1yGUfBnDDg1mAck5q_fl0a9T7lucyhakSNjauFGUWIsJP4ADdJZhn8CDVQ
|
||||
Content-Type: application/json
|
||||
|
||||
{
|
||||
"name": "Bezirkswahl 2024",
|
||||
"day": "2024-06-09",
|
||||
"votingThreshold": "THREE",
|
||||
"totalNumberOfSeats": 51,
|
||||
"constituencies": [
|
||||
{
|
||||
"electionName": "Bezirkswahl 2024",
|
||||
"number": 5,
|
||||
"name": "Niendorf",
|
||||
"numberOfSeats": 5
|
||||
},
|
||||
{
|
||||
"electionName": "Bezirkswahl 2024",
|
||||
"number": 6,
|
||||
"name": "Schnelsen",
|
||||
"numberOfSeats": 3
|
||||
},
|
||||
{
|
||||
"electionName": "Bezirkswahl 2024",
|
||||
"number": 7,
|
||||
"name": "Eidelstedt",
|
||||
"numberOfSeats": 4
|
||||
},
|
||||
{
|
||||
"electionName": "Bezirkswahl 2024",
|
||||
"number": 8,
|
||||
"name": "Stellingen",
|
||||
"numberOfSeats": 3
|
||||
},
|
||||
{
|
||||
"electionName": "Bezirkswahl 2024",
|
||||
"number": 4,
|
||||
"name": "Lokstedt",
|
||||
"numberOfSeats": 3
|
||||
},
|
||||
{
|
||||
"electionName": "Bezirkswahl 2024",
|
||||
"number": 3,
|
||||
"name": "Rotherbaum/Harvestehude",
|
||||
"numberOfSeats": 4
|
||||
},
|
||||
{
|
||||
"electionName": "Bezirkswahl 2024",
|
||||
"number": 1,
|
||||
"name": "Eimsbüttel-Nord",
|
||||
"numberOfSeats": 3
|
||||
},
|
||||
{
|
||||
"electionName": "Bezirkswahl 2024",
|
||||
"number": 2,
|
||||
"name": "Eimsbüttel-Süd/Hoheluft-West",
|
||||
"numberOfSeats": 5
|
||||
}
|
||||
]
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -1,3 +0,0 @@
|
|||
apiVersion: v2
|
||||
name: wahlrecht
|
||||
version: 0.2.4
|
|
@ -1,201 +0,0 @@
|
|||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
|
@ -1,4 +0,0 @@
|
|||
# Wahlrecht API
|
||||
|
||||
This chart installs the Wahlrecht API
|
||||
into the Kubernetes cluster.
|
|
@ -13,53 +13,54 @@ import org.keycloak.representations.idm.authorization.Permission
|
|||
class SpringPolicyEnforcer(private val policyEnforcer: PolicyEnforcer,
|
||||
private val policyEnforcerConfig: PolicyEnforcerConfig) {
|
||||
|
||||
fun enforce(request: HttpRequest, response: HttpResponse): AuthorizationContext {
|
||||
if (log.isDebugEnabled) {
|
||||
log.debug("Policy enforcement is enabled. Enforcing policy decisions for path [{}].", request.uri)
|
||||
}
|
||||
val context = authorize(request, response)
|
||||
if (log.isDebugEnabled) {
|
||||
log.debug("Policy enforcement result for path [{}] is : {}", request.uri, if (context.isGranted) "GRANTED" else "DENIED")
|
||||
log.debug("Returning authorization context with permissions:")
|
||||
for (permission in context.permissions) {
|
||||
log.debug(permission.toString())
|
||||
}
|
||||
}
|
||||
return context
|
||||
fun enforce(request: HttpRequest, response: HttpResponse): AuthorizationContext {
|
||||
if (log.isDebugEnabled) {
|
||||
log.debug("Policy enforcement is enabled. Enforcing policy decisions for path [{}].", request.uri)
|
||||
}
|
||||
|
||||
private fun authorize(request: HttpRequest, response: HttpResponse): AuthorizationContext {
|
||||
val enforcementMode = policyEnforcerConfig.enforcementMode
|
||||
return if (EnforcementMode.DISABLED == enforcementMode) {
|
||||
createAuthorizedContext()
|
||||
} else policyEnforcer.enforce(request, response)
|
||||
val context = authorize(request, response)
|
||||
if (log.isDebugEnabled) {
|
||||
log.debug("Policy enforcement result for path [{}] is : {}", request.uri, if (context.isGranted) "GRANTED" else "DENIED")
|
||||
log.debug("Returning authorization context with permissions:")
|
||||
for (permission in context.permissions) {
|
||||
log.debug(permission.toString())
|
||||
}
|
||||
}
|
||||
return context
|
||||
}
|
||||
|
||||
private fun createAuthorizedContext(): AuthorizationContext {
|
||||
return object : ClientAuthorizationContext(policyEnforcer.authzClient) {
|
||||
override fun hasPermission(resourceName: String, scopeName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
private fun authorize(request: HttpRequest, response: HttpResponse): AuthorizationContext {
|
||||
val enforcementMode = policyEnforcerConfig.enforcementMode
|
||||
log.debug("Authorize with enforcement mode: [{}]", enforcementMode)
|
||||
return if (EnforcementMode.DISABLED == enforcementMode) {
|
||||
createAuthorizedContext()
|
||||
} else policyEnforcer.enforce(request, response)
|
||||
}
|
||||
|
||||
override fun hasResourcePermission(resourceName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
private fun createAuthorizedContext(): AuthorizationContext {
|
||||
return object : ClientAuthorizationContext(policyEnforcer.authzClient) {
|
||||
override fun hasPermission(resourceName: String, scopeName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
|
||||
override fun hasScopePermission(scopeName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
override fun hasResourcePermission(resourceName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
|
||||
override fun getPermissions(): List<Permission> {
|
||||
return emptyList()
|
||||
}
|
||||
override fun hasScopePermission(scopeName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
|
||||
override fun isGranted(): Boolean {
|
||||
return true
|
||||
}
|
||||
}
|
||||
override fun getPermissions(): List<Permission> {
|
||||
return emptyList()
|
||||
}
|
||||
|
||||
override fun isGranted(): Boolean {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
companion object {
|
||||
private val log = KotlinLogging.logger {}
|
||||
}
|
||||
companion object {
|
||||
private val log = KotlinLogging.logger {}
|
||||
}
|
||||
}
|
|
@ -12,18 +12,15 @@ import org.keycloak.adapters.authorization.spi.ConfigurationResolver
|
|||
import org.keycloak.adapters.authorization.spi.HttpRequest
|
||||
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig
|
||||
import java.io.IOException
|
||||
import java.util.concurrent.ConcurrentHashMap
|
||||
|
||||
|
||||
class SpringPolicyEnforcerFilter(private val configResolver: ConfigurationResolver) : Filter {
|
||||
private val policyEnforcer: MutableMap<PolicyEnforcerConfig, SpringPolicyEnforcer> = ConcurrentHashMap()
|
||||
|
||||
@Throws(IOException::class, ServletException::class)
|
||||
override fun doFilter(servletRequest: ServletRequest, servletResponse: ServletResponse?, filterChain: FilterChain) {
|
||||
val request = servletRequest as HttpServletRequest
|
||||
val response = servletResponse as HttpServletResponse?
|
||||
val httpRequest = ServletHttpRequest(request) { extractBearerToken(request) }
|
||||
val policyEnforcer = getOrCreatePolicyEnforcer(httpRequest)
|
||||
val policyEnforcer = createPolicyEnforcer(httpRequest)
|
||||
val authzContext = policyEnforcer.enforce(httpRequest, ServletHttpResponse(response))
|
||||
request.setAttribute(AuthorizationContext::class.java.name, authzContext)
|
||||
if (authzContext.isGranted) {
|
||||
|
@ -53,8 +50,8 @@ class SpringPolicyEnforcerFilter(private val configResolver: ConfigurationResolv
|
|||
return null
|
||||
}
|
||||
|
||||
private fun getOrCreatePolicyEnforcer(request: HttpRequest): SpringPolicyEnforcer {
|
||||
return policyEnforcer.computeIfAbsent(configResolver.resolve(request)) { createPolicyEnforcer(it) }
|
||||
private fun createPolicyEnforcer(request: HttpRequest): SpringPolicyEnforcer {
|
||||
return createPolicyEnforcer(configResolver.resolve(request))
|
||||
}
|
||||
|
||||
private fun createPolicyEnforcer(enforcerConfig: PolicyEnforcerConfig): SpringPolicyEnforcer {
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
server.port: 12000
|
||||
management.server.port: 12001
|
||||
|
||||
|
||||
spring:
|
||||
config:
|
||||
import:
|
||||
- "classpath:config/wahlrecht.yaml"
|
||||
- "optional:configserver:http://localhost:8888/config"
|
||||
- "optional:configserver:${CONFIGSERVER_SCHEME:http}://${CONFIGSERVER_HOST:configserver}:${CONFIGSERVER_PORT:8888}${CONFIGSERVER_PREFIX:/config}"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
spring:
|
||||
config:
|
||||
import:
|
||||
- "configserver:http://configserver:8888/config"
|
||||
- "configserver:${CONFIGSERVER_SCHEME:http}://${CONFIGSERVER_HOST:configserver}:${CONFIGSERVER_PORT:8888}${CONFIGSERVER_PREFIX:/config}"
|
||||
kafka:
|
||||
bootstrap-servers:
|
||||
- kafka:9092
|
||||
- "${KAFKA_HOST:kafka}:${KAFKA_PORT:9092}"
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
server:
|
||||
port: 12000
|
||||
port: ${PORT:12000}
|
||||
shutdown: graceful
|
||||
forward-headers-strategy: framework
|
||||
|
||||
### technical configurations ###
|
||||
management:
|
||||
# for security, don't use same port as application
|
||||
server.port: 12001
|
||||
server.port: ${ACTUATOR_PORT:12001}
|
||||
health:
|
||||
livenessState.enabled: true
|
||||
readinessState.enabled: true
|
||||
|
@ -38,7 +38,7 @@ spring:
|
|||
oauth2:
|
||||
resourceserver:
|
||||
jwt:
|
||||
jwk-set-uri: https://id.2martens.de/realms/2martens/protocol/openid-connect/certs
|
||||
jwk-set-uri: ${KEYCLOAK_URL:https://id.2martens.de}/realms/${KEYCLOAK_REALM:2martens}/protocol/openid-connect/certs
|
||||
application:
|
||||
name: wahlrecht
|
||||
|
||||
|
|
Loading…
Reference in New Issue