Enabling OAuth2 Credentials AT
Including clients.write as an authority to the ATs client
This commit is contained in:
committed by
Alberto Ríos
parent
283819aeec
commit
84fad7e3ec
@@ -68,9 +68,6 @@ import org.springframework.web.client.RestTemplate;
|
||||
import org.springframework.web.reactive.function.client.WebClient;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.springframework.cloud.appbroker.acceptance.fixtures.cf.CloudFoundryClientConfiguration.ACCEPTANCE_TEST_OAUTH_CLIENT_AUTHORITIES;
|
||||
import static org.springframework.cloud.appbroker.acceptance.fixtures.cf.CloudFoundryClientConfiguration.ACCEPTANCE_TEST_OAUTH_CLIENT_ID;
|
||||
import static org.springframework.cloud.appbroker.acceptance.fixtures.cf.CloudFoundryClientConfiguration.ACCEPTANCE_TEST_OAUTH_CLIENT_SECRET;
|
||||
import static org.springframework.cloud.appbroker.acceptance.fixtures.cf.CloudFoundryClientConfiguration.APP_BROKER_CLIENT_AUTHORITIES;
|
||||
import static org.springframework.cloud.appbroker.acceptance.fixtures.cf.CloudFoundryClientConfiguration.APP_BROKER_CLIENT_SECRET;
|
||||
|
||||
@@ -186,10 +183,6 @@ abstract class CloudFoundryAcceptanceTest {
|
||||
.getOrCreateDefaultSpace()
|
||||
.map(SpaceSummary::getId)
|
||||
.flatMap(spaceId -> cleanup(orgId, spaceId)
|
||||
.then(uaaService.createClient(
|
||||
ACCEPTANCE_TEST_OAUTH_CLIENT_ID,
|
||||
ACCEPTANCE_TEST_OAUTH_CLIENT_SECRET,
|
||||
ACCEPTANCE_TEST_OAUTH_CLIENT_AUTHORITIES))
|
||||
.then(uaaService.createClient(
|
||||
brokerClientId(),
|
||||
APP_BROKER_CLIENT_SECRET,
|
||||
|
||||
@@ -22,13 +22,10 @@ import com.jayway.jsonpath.DocumentContext;
|
||||
import org.cloudfoundry.operations.applications.ApplicationSummary;
|
||||
import org.cloudfoundry.uaa.clients.GetClientResponse;
|
||||
import org.cloudfoundry.uaa.tokens.GrantType;
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
@Disabled("This test can only be run with a Cloud Foundry user or client that has 'client.write' authority, " +
|
||||
"so it should not be run in CI")
|
||||
class CreateInstanceWithOAuth2CredentialsAcceptanceTest extends CloudFoundryAcceptanceTest {
|
||||
|
||||
private static final String APP_NAME = "app-create-oauth2";
|
||||
@@ -84,9 +81,9 @@ class CreateInstanceWithOAuth2CredentialsAcceptanceTest extends CloudFoundryAcce
|
||||
|
||||
// and has the environment variables
|
||||
DocumentContext json = getSpringAppJson(APP_NAME);
|
||||
assertThat(json.read("$.spring.security.oauth2.client.registration.sample-app-client.client-id").toString())
|
||||
assertThat(json.read("$.['spring.security.oauth2.client.registration.sample-app-client.client-id']").toString())
|
||||
.isEqualTo(uaaClientId(serviceInstanceGuid));
|
||||
assertThat(json.read("$.spring.security.oauth2.client.registration.sample-app-client.client-secret").toString())
|
||||
assertThat(json.read("$.['spring.security.oauth2.client.registration.sample-app-client.client-secret']").toString())
|
||||
.matches("[a-zA-Z]{12}");
|
||||
|
||||
// and a UAA client is created
|
||||
|
||||
@@ -42,20 +42,9 @@ import org.springframework.context.annotation.Configuration;
|
||||
@EnableConfigurationProperties(CloudFoundryProperties.class)
|
||||
public class CloudFoundryClientConfiguration {
|
||||
|
||||
public static final String ACCEPTANCE_TEST_OAUTH_CLIENT_ID = "acceptance-test-client";
|
||||
public static final String ACCEPTANCE_TEST_OAUTH_CLIENT_SECRET = "acceptance-test-client-secret";
|
||||
public static final String[] ACCEPTANCE_TEST_OAUTH_CLIENT_AUTHORITIES = {
|
||||
"openid",
|
||||
"cloud_controller.admin",
|
||||
"cloud_controller.read",
|
||||
"cloud_controller.write",
|
||||
"clients.read",
|
||||
"clients.write"
|
||||
};
|
||||
|
||||
public static final String APP_BROKER_CLIENT_SECRET = "app-broker-client-secret";
|
||||
public static final String[] APP_BROKER_CLIENT_AUTHORITIES = {
|
||||
"cloud_controller.read", "cloud_controller.write"
|
||||
"cloud_controller.read", "cloud_controller.write", "clients.write"
|
||||
};
|
||||
|
||||
@Bean
|
||||
|
||||
Reference in New Issue
Block a user