When TerraformBoot enables authentication, Xpanse calls its APIs alwa…

…ys return 401 unauthenticated exception.
eclipse-xpanse · Dec 4, 2023 · c831640 · c831640
1 parent d7f5d86
commit c831640
Show file tree

Hide file tree

Showing 29 changed files with 317 additions and 178 deletions.
diff --git a/modules/deployment/pom.xml b/modules/deployment/pom.xml
@@ -106,7 +106,7 @@
                             <library>resttemplate</library>
                             <skip>${skipTerraformBootClientGeneration}</skip>
                             <supportingFilesToGenerate>
-                                ApiClient.java,JavaTimeFormatter.java,RFC3339DateFormat.java,ServerConfiguration.java,ServerVariable.java,ApiKeyAuth.java,Authentication.java,HttpBasicAuth.java,HttpBearerAuth.java
+                                ApiClient.java,JavaTimeFormatter.java,RFC3339DateFormat.java,ServerConfiguration.java,ServerVariable.java,ApiKeyAuth.java,Authentication.java,HttpBasicAuth.java,HttpBearerAuth.java,OAuth.java
                             </supportingFilesToGenerate>
                             <configOptions>
                                 <generateClientAsBean>true</generateClientAsBean>

diff --git a/...va/org/eclipse/xpanse/modules/deployment/deployers/terraform/TerraformBootDeployment.java b/...va/org/eclipse/xpanse/modules/deployment/deployers/terraform/TerraformBootDeployment.java
@@ -28,6 +28,7 @@
 import org.eclipse.xpanse.modules.deployment.deployers.terraform.terraformboot.model.WebhookConfig.AuthTypeEnum;
 import org.eclipse.xpanse.modules.deployment.utils.DeployEnvironments;
 import org.eclipse.xpanse.modules.models.response.ResultType;
+import org.eclipse.xpanse.modules.models.security.model.CurrentUserInfoHolder;
 import org.eclipse.xpanse.modules.models.service.common.enums.Csp;
 import org.eclipse.xpanse.modules.models.service.deploy.DeployResult;
 import org.eclipse.xpanse.modules.models.service.deploy.exceptions.TerraformBootRequestFailedException;
@@ -41,6 +42,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Profile;
 import org.springframework.stereotype.Component;
+import org.springframework.util.CollectionUtils;
 import org.springframework.web.client.RestClientException;
 
 /**
@@ -52,13 +54,17 @@
 public class TerraformBootDeployment implements Deployment {
 
     public static final String STATE_FILE_NAME = "terraform.tfstate";
+    private static final String ZITADEL_PROFILE_NAME = "zitadel";
     private final DeployEnvironments deployEnvironments;
     private final PluginManager pluginManager;
     private final TerraformBootConfig terraformBootConfig;
     private final String port;
     private final TerraformApi terraformApi;
     private final ObjectMapper objectMapper = new ObjectMapper();
 
+    @Value("${spring.profiles.active}")
+    private String profiles;
+
     /**
      * Initializes the TerraformBoot deployer.
      */
@@ -81,6 +87,7 @@ public DeployResult deploy(DeployTask deployTask) {
         DeployResult result = new DeployResult();
         TerraformAsyncDeployFromDirectoryRequest request = getDeployRequest(deployTask);
         try {
+            setHeaderTokenByProfiles();
             terraformApi.asyncDeployWithScripts(request, deployTask.getId());
             result.setId(deployTask.getId());
             return result;
@@ -96,6 +103,7 @@ public DeployResult destroy(DeployTask task, String stateFile) {
         DeployResult result = new DeployResult();
         TerraformAsyncDestroyFromDirectoryRequest request = getDestroyRequest(task, stateFile);
         try {
+            setHeaderTokenByProfiles();
             terraformApi.asyncDestroyWithScripts(request, task.getId());
             result.setId(task.getId());
             return result;
@@ -127,6 +135,7 @@ public DeployerKind getDeployerKind() {
      */
     @Override
     public DeployValidationResult validate(Ocl ocl) {
+        setHeaderTokenByProfiles();
         TerraformValidationResult validate =
                 terraformApi.validateWithScripts(getDeployWithScriptsRequest(ocl));
         DeployValidationResult result = null;
@@ -141,6 +150,7 @@ public DeployValidationResult validate(Ocl ocl) {
 
     @Override
     public String getDeployPlanAsJson(DeployTask task) {
+        setHeaderTokenByProfiles();
         TerraformPlan terraformPlan =
                 terraformApi.planWithScripts(getPlanWithScriptsRequest(task), task.getId());
         return terraformPlan.getPlan();
@@ -246,4 +256,14 @@ private Map<String, String> getEnvironmentVariables(DeployTask deployTask) {
         envVariables.putAll(this.deployEnvironments.getPluginMandatoryVariables(deployTask));
         return envVariables;
     }
+
+    private void setHeaderTokenByProfiles() {
+        if (StringUtils.isBlank(profiles)) {
+            return;
+        }
+        List<String> profileList = Arrays.asList(profiles.split(","));
+        if (!CollectionUtils.isEmpty(profileList) && profileList.contains(ZITADEL_PROFILE_NAME)) {
+            terraformApi.getApiClient().setAccessToken(CurrentUserInfoHolder.getToken());
+        }
+    }
 }
diff --git a/.../java/org/eclipse/xpanse/modules/deployment/deployers/terraform/TerraformBootManager.java b/.../java/org/eclipse/xpanse/modules/deployment/deployers/terraform/TerraformBootManager.java
@@ -11,6 +11,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.xpanse.modules.deployment.deployers.terraform.terraformboot.api.TerraformApi;
 import org.eclipse.xpanse.modules.deployment.deployers.terraform.terraformboot.model.TerraformBootSystemStatus;
+import org.eclipse.xpanse.modules.models.security.model.CurrentUserInfoHolder;
 import org.eclipse.xpanse.modules.models.system.BackendSystemStatus;
 import org.eclipse.xpanse.modules.models.system.enums.BackendSystemType;
 import org.eclipse.xpanse.modules.models.system.enums.HealthStatus;
@@ -26,6 +27,7 @@
 public class TerraformBootManager {
 
     private static final String TERRAFORM_BOOT_PROFILE_NAME = "terraform-boot";
+    private static final String ZITADEL_PROFILE_NAME = "zitadel";
 
     @Resource
     private TerraformApi terraformApi;
@@ -48,6 +50,10 @@ public BackendSystemStatus getTerraformBootStatus() {
             terraformBootStatus.setEndpoint(terraformBootBaseUrl);
 
             try {
+                List<String> profileList = Arrays.asList(springProfilesActive.split(","));
+                if (profileList.contains(ZITADEL_PROFILE_NAME)) {
+                    terraformApi.getApiClient().setAccessToken(CurrentUserInfoHolder.getToken());
+                }
                 TerraformBootSystemStatus terraformBootSystemStatus = terraformApi.healthCheck();
                 terraformBootStatus.setHealthStatus(HealthStatus.valueOf(
                         terraformBootSystemStatus.getHealthStatus().getValue()));

diff --git a/...va/org/eclipse/xpanse/modules/deployment/deployers/terraform/terraformboot/ApiClient.java b/...va/org/eclipse/xpanse/modules/deployment/deployers/terraform/terraformboot/ApiClient.java
@@ -54,6 +54,7 @@
 import java.time.OffsetDateTime;
 
 import org.eclipse.xpanse.modules.deployment.deployers.terraform.terraformboot.auth.Authentication;
+import org.eclipse.xpanse.modules.deployment.deployers.terraform.terraformboot.auth.OAuth;
 
 @jakarta.annotation.Generated(value = "org.openapitools.codegen.languages.JavaClientCodegen")
 @Component("org.eclipse.xpanse.modules.deployment.deployers.terraform.terraformboot.ApiClient")
@@ -109,6 +110,7 @@ protected void init() {
 
         // Setup authentications (key: authentication name, value: authentication).
         authentications = new HashMap<String, Authentication>();
+        authentications.put("OAuth2Flow", new OAuth());
         // Prevent the authentications from being modified.
         authentications = Collections.unmodifiableMap(authentications);
     }
@@ -155,6 +157,21 @@ public Authentication getAuthentication(String authName) {
 
 
 
+    /**
+     * Helper method to set access token for the first OAuth2 authentication.
+     *
+     * @param accessToken Access token
+     */
+    public void setAccessToken(String accessToken) {
+        for (Authentication auth : authentications.values()) {
+            if (auth instanceof OAuth) {
+                ((OAuth) auth).setAccessToken(accessToken);
+                return;
+            }
+        }
+        throw new RuntimeException("No OAuth2 authentication configured!");
+    }
+
 
     /**
      * Set the User-Agent header's value (by adding to the default header map).

diff --git a/...clipse/xpanse/modules/deployment/deployers/terraform/terraformboot/JavaTimeFormatter.java b/...clipse/xpanse/modules/deployment/deployers/terraform/terraformboot/JavaTimeFormatter.java
@@ -1,8 +1,8 @@
 /*
- * OpenAPI definition
- * No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
+ * Terraform-Boot API
+ * RESTful Services to interact with Terraform-Boot runtime
  *
- * The version of the OpenAPI document: v0
+ * The version of the OpenAPI document: 1.0.1-SNAPSHOT
  * 
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

diff --git a/...clipse/xpanse/modules/deployment/deployers/terraform/terraformboot/RFC3339DateFormat.java b/...clipse/xpanse/modules/deployment/deployers/terraform/terraformboot/RFC3339DateFormat.java
@@ -1,8 +1,8 @@
 /*
- * OpenAPI definition
- * No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
+ * Terraform-Boot API
+ * RESTful Services to interact with Terraform-Boot runtime
  *
- * The version of the OpenAPI document: v0
+ * The version of the OpenAPI document: 1.0.1-SNAPSHOT
  * 
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).