This PR implemented ticket clevermicro/user-management#34 for the user-service-v1 endpoint, along with all the infrastructures required to support the endpoints.
The changes are:
+ switch build tool to gradle for easier access to the private artifacts of clevermicro (although later Brian change the artifacts to public)
+ set up clevermicro amqp client
+ switched to official keycloak admin client instead of implementing it with webflux
+ implement the message formats for the RPC protocol, for now they are exclusive to auth-service, but in the future we will reuse (might with some changes) them for all RPC calls inside clevermicro (need a server lib for handling the message parsing and convertion)
+ implement the user query endpoint
+ implement unit test so the overall coverage is above 85%
+ fixed all issues found during the testing phase with shared env
Currently the latest docker image has been deployed to the shared env, see https://docs.cleverthis.com/en/architecture/microservices/shared-env#multi-user-support
Reviewed-on: #35
According to design https://docs.cleverthis.com/en/architecture/microservices/feature-discussion/service-specific-permission-system, this PR replaced the role-based forward auth with UMA ticket to allow keycloak to verify permission based on client authorization rules, which supports roles, with extra features like resource access control and group/organization.
Other than that, this PR also:
+ add config properties objects, which allows easier unit test
+ adapt setup from clevermicro/identity-management#9, now the auth-service works with the dev realm created in identity management repo
+ add pass-through config, allow clients to configure a list of rules to skip the token checking. Use case: CleverBRAG's token for its API access
This PR bumps the coverage rate to 73%, which is still below 85%. Thus the pipeline is failing.
Reviewed-on: #31
Reviewed-by: Stanislav Hejny <stanislav.hejny@cleverthis.com>
Co-authored-by: Rui Hu <rui.hu@cleverthis.com>
Co-committed-by: Rui Hu <rui.hu@cleverthis.com>
Pull config from consul to resolve permission mapping dynamically
if consul is not available or the
value is corrupted, use settings from local value in application.yaml
ISSUES CLOSED: clevermicro/user-management#23