This repository was archived by the owner on Sep 15, 2023. It is now read-only.
Pad the response time for authcode verification calls #16
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Kudos, SonarCloud Quality Gate passed!
|
fabe2913
added a commit
that referenced
this pull request
Jun 22, 2020
* refactoring: configuration of actuator and loggers * test: “out-of-BIT” development support (#14) * test(local): docker-compose.yml with PostgreSQL-in-a-box - PostgreSQL data is stored in a Docker persistent volume - SQL scripts are executed with superuser privileges at database creation time * test(local): add Keycloak server - Persist state into PostgreSQL - Set up suitable initdb.d script * test(local): Keycloak "bag-pts" realm definition - One client in `"clients"` whose `clientId` matches the one the Covidcode UI uses (`"ha-ui-web-client"`) - Client allows CORS from (`webOrigins`), and redirects to (`redirectURIs`) http://localhost:4200/ (the URL of the Covidcode UI while in development mode) - `"publicClient"` is set to true, meaning that the Covidcode UI doesn't need to set up a secret on its side - Create `bag-pts-allow` role and a `doctor` user (password `doctor`) as a member of the role - Ensure (via suitable `"protocolMappers"` entry) that membership in this role appears under "userroles" at the `userinfo` OIDC endpoint (as required by Covidcode UI: https://github.com/admin-ch/CovidCode-UI/blob/master/src/app/auth/oauth.service.ts#L91) - Ensure (using a second `"protocolMappers"` entry) that a `ctx` claim is set to `"USER"`, as per README.md. (On the other hand, the audience setting doesn't appear to be required anymore) * test(local): rewrite URLs on port 8180 with Træfik This lets covidcode-ui obtain its endpoints from http://localhost:8180/.well-known/openid-configuration which is its out-of-the-box behavior. * test(local): `mvn exec:java` - Add suitable stanzas to pom.xml to get the Covidcode-Service to start up using the `local` Spring profile (i.e. fake configuration and credentials found in `src/main/resources/application-local.yml`) - Prepare a database for it in PostgreSQL - Need a `haauthcodegeneration` superuser and a `haauthcodegeneration_role_full`, as both are expected by the Covidcode-Service SQL migration scripts squash! [feature] `mvn exec:java` * test: Sonarqube Persistence is done in-container with no volumes (i.e. not very persistent at all) * test(local): comments in YAML on how to increase logging * test(local): `mvn exec:java` : configure for use w/ local Keycloak - Add new Spring profile `keycloak-local` to override `jeap.security.oauth2.resourceserver.authorization-server` configuration - Apply it from `mvn exec:java` in pom.xml * docs: development lifecycle using the new docker-compose environment * test: avoid using port 8180 While using the docker-compose workflow, port 8180 is likely to be in use by the local KeyCloak. Co-authored-by: Dominique Quatravaux <dominique.quatravaux@epfl.ch> * Update version number to 1.0.0 * Pad the response time for authcode verification calls (#16) Co-authored-by: Fabien Cerf <fabien.cerf@bit.admin.ch> Co-authored-by: Fabien Cerf <fabien.cerf@bit.admin.ch> Co-authored-by: domq <dominique@quatravaux.org> Co-authored-by: Dominique Quatravaux <dominique.quatravaux@epfl.ch>
fabe2913
added a commit
that referenced
this pull request
Jun 22, 2020
* refactoring: configuration of actuator and loggers * test: “out-of-BIT” development support (#14) * test(local): docker-compose.yml with PostgreSQL-in-a-box - PostgreSQL data is stored in a Docker persistent volume - SQL scripts are executed with superuser privileges at database creation time * test(local): add Keycloak server - Persist state into PostgreSQL - Set up suitable initdb.d script * test(local): Keycloak "bag-pts" realm definition - One client in `"clients"` whose `clientId` matches the one the Covidcode UI uses (`"ha-ui-web-client"`) - Client allows CORS from (`webOrigins`), and redirects to (`redirectURIs`) http://localhost:4200/ (the URL of the Covidcode UI while in development mode) - `"publicClient"` is set to true, meaning that the Covidcode UI doesn't need to set up a secret on its side - Create `bag-pts-allow` role and a `doctor` user (password `doctor`) as a member of the role - Ensure (via suitable `"protocolMappers"` entry) that membership in this role appears under "userroles" at the `userinfo` OIDC endpoint (as required by Covidcode UI: https://github.com/admin-ch/CovidCode-UI/blob/master/src/app/auth/oauth.service.ts#L91) - Ensure (using a second `"protocolMappers"` entry) that a `ctx` claim is set to `"USER"`, as per README.md. (On the other hand, the audience setting doesn't appear to be required anymore) * test(local): rewrite URLs on port 8180 with Træfik This lets covidcode-ui obtain its endpoints from http://localhost:8180/.well-known/openid-configuration which is its out-of-the-box behavior. * test(local): `mvn exec:java` - Add suitable stanzas to pom.xml to get the Covidcode-Service to start up using the `local` Spring profile (i.e. fake configuration and credentials found in `src/main/resources/application-local.yml`) - Prepare a database for it in PostgreSQL - Need a `haauthcodegeneration` superuser and a `haauthcodegeneration_role_full`, as both are expected by the Covidcode-Service SQL migration scripts squash! [feature] `mvn exec:java` * test: Sonarqube Persistence is done in-container with no volumes (i.e. not very persistent at all) * test(local): comments in YAML on how to increase logging * test(local): `mvn exec:java` : configure for use w/ local Keycloak - Add new Spring profile `keycloak-local` to override `jeap.security.oauth2.resourceserver.authorization-server` configuration - Apply it from `mvn exec:java` in pom.xml * docs: development lifecycle using the new docker-compose environment * test: avoid using port 8180 While using the docker-compose workflow, port 8180 is likely to be in use by the local KeyCloak. Co-authored-by: Dominique Quatravaux <dominique.quatravaux@epfl.ch> * Update version number to 1.0.0 * Pad the response time for authcode verification calls (#16) Co-authored-by: Fabien Cerf <fabien.cerf@bit.admin.ch> * Version 1.0.1 Co-authored-by: Fabien Cerf <fabien.cerf@bit.admin.ch> Co-authored-by: domq <dominique@quatravaux.org> Co-authored-by: Dominique Quatravaux <dominique.quatravaux@epfl.ch>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.