Skip to content

Merge from develop to master#42

Merged
BraisVQ merged 27 commits into
masterfrom
develop
Jul 1, 2026
Merged

Merge from develop to master#42
BraisVQ merged 27 commits into
masterfrom
develop

Conversation

@BraisVQ

@BraisVQ BraisVQ commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Release version 0.0.3

jorge-romero and others added 27 commits March 11, 2026 12:40
Co-authored-by: Jorge Romero <jorge.romero.ext@boehringer-ingelheim.com>
Added project components module functionality for v0.

---------

Co-authored-by: valeriuc <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com>
This pull request introduces a new `core-contracts` module, which
defines the core interfaces, data structures, and contract classes for
API service modules. It also integrates this new module as a dependency
into the `persistence` module. The changes lay the foundation for a
modular, contract-driven architecture by specifying interfaces for API
modules, authentication, policies, error handling, and persistence.

The most important changes are:

**Introduction of `core-contracts` module:**

* Added a new Maven module `core-contracts` with its own `pom.xml`,
specifying dependencies on Spring, Jackson, Lombok, and Jakarta Servlet
API.

**API and Policy Contracts:**

* Defined core interfaces and data classes for API modules
(`ApiModule`), API definitions (`ApiDefinition`), and policy evaluation
(`PolicyEvaluator`, `PolicyRule`, `PolicyContext`, `PolicyTypes`). These
provide a standardized contract for API registration, discovery, and
policy enforcement.
* 
**Authentication and Authorization:**

* Introduced enums and logic for authentication types (`AuthType`) and
authorization decisions (`AuthorizationDecision`), including a utility
method for combining decisions.
**Persistence Contracts:**

* Added interfaces for data access to API definitions, clients, and
policies (`ApiDefinitionDao`, `ClientDao`, `PolicyDao`), including
read-only projections for client information
**Error Handling:**

* Introduced a simple `GatewayError` value class for standardized error
representation in the core contracts.

**Integration with Persistence Module:**

* Updated `persistence/pom.xml` to add a dependency on the new
`core-contracts` module, enabling the persistence layer to implement and
use these contracts.
Add marketplace 2.0 external service, mocks for create/get component and fix REST paths.

---------

Co-authored-by: zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com>
This pull request introduces a new modular security layer for the
project by adding a `core-security` module. The changes implement a
flexible policy-based authorization system integrated with Spring
Security and Azure AD JWT authentication. The security configuration is
now externalized, supporting public endpoints and dynamic policy
evaluation for API requests. The main areas of change are the addition
of new security components, policy evaluation infrastructure, and
configuration updates.

**Security configuration and integration:**

- Added a new `core-security` module with its own `pom.xml`, including
dependencies for Spring Security, OAuth2 resource server, and project
contracts.
- Introduced `SecurityConfig` and `SecurityProperties` to configure
Spring Security, define public endpoints, and integrate JWT
authentication with Azure AD.
[[1]](diffhunk://#diff-89b518b29fa9ec1944351e69efbcdba71e422c3a60243639e380ba2b7fdf9969R1-R53)
[[2]](diffhunk://#diff-a407cfaaee4141697d8cd945a003a242b17f4caf458d659f0f701b97cfdbb499R1-R20)
- Updated `application.yaml` to configure OAuth2 resource server with
Azure AD issuer and define public endpoints for health checks.

**Policy-based authorization system:**

- Implemented `PolicyAuthorizationManager`, `PolicyEngine`, and
`PolicyService` to support dynamic, rule-based authorization decisions
for API requests. These components resolve API definitions, retrieve
relevant policies, and evaluate them to allow or deny access.
[[1]](diffhunk://#diff-1330c45b35848910097a5c9083c330efbc5c978fdacbe80e768d6657573809beR1-R79)
[[2]](diffhunk://#diff-81f467c5c53592ee3767530c780ef2142885ae1fcf0ddae78b68cebdc45b831bR1-R49)
[[3]](diffhunk://#diff-c81749eb986f34aa144a64ef9d2e529ddb29c36d75a9c2f84d2815e038aa645dR1-R32)
- Added `PolicyContextFactory` to build policy evaluation contexts from
HTTP requests and JWT claims.

**Policy evaluators:**

- Added `AllowedClientsEvaluator` and `FlavorRestrictionEvaluator` as
concrete policy evaluators, supporting client-based and
request-body-based authorization rules, respectively.
[[1]](diffhunk://#diff-abc0ee53c28626c12e7bebda566921b0cdf787cef038bed9d4fde7cfd0c1b923R1-R47)
[[2]](diffhunk://#diff-512b30434a48bdd75e08d7bf935623cb31a354bb934066ad730cefd72735cd60R1-R54)

**Authentication flow enforcement:**

- Added `AuthTypeEnforcementFilter`, `AuthFlowResolver`, and
`AuthFlowValidator` to ensure that only allowed authentication flows
(e.g., OBO, client credentials) are accepted for each API, with
flow-specific validation.
[[1]](diffhunk://#diff-3cd26dad5f2149a5873f0b9e0a3dc21468cf1f84f949c18e353d6248185972e3R1-R75)
[[2]](diffhunk://#diff-0b949f9f721cec94f4e91188177fa3b549be489ef1404e3530bd417aa638cbc0R1-R22)
[[3]](diffhunk://#diff-34a386426c9c407d82e7e04c5dccbaaeec679c47d049077bedcae5d7d4e24fceR1-R11)

---------

Co-authored-by: Angel Martinez <angelmp.mail@gmail.com>
… to application yaml… (#16)

This pull request makes significant improvements to the application's
configuration, focusing on environment variable management,
documentation, and flexibility for deployment in different environments.
The main changes involve restructuring the `application.yaml` file to
better organize configuration sections, enhance documentation, and
ensure that sensitive or environment-specific values are supplied via
environment variables. Additionally, there is a small fix in the
`ProjectServiceImpl` class to align a configuration property key.

**Configuration and Environment Management Improvements:**

* Refactored `application.yaml` to consistently use environment
variables for sensitive and environment-specific settings (e.g.,
database credentials, OAuth2 endpoints, external service URLs),
improving security and deployment flexibility.
* Enhanced inline documentation throughout `application.yaml` to clarify
the purpose and usage of each configuration option, making onboarding
and troubleshooting easier.
[[1]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR1-R103)
[[2]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadL79-R163)
[[3]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadL159-R228)
[[4]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR244-R246)
[[5]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR270-R279)
* Added or expanded configuration sections for logging, Spring Boot
infrastructure, security, actuator endpoints, OpenTelemetry, and
external integrations (Ansible, OpenShift, Bitbucket, Projects Info
Service), with detailed comments and improved defaulting via environment
variables.
[[1]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR1-R103)
[[2]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadL79-R163)
[[3]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadL159-R228)
[[4]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR244-R246)
[[5]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR270-R279)

**Code Consistency and Bug Fixes:**

* Updated the property key in `ProjectServiceImpl.java` from
`ldap.group.pattern` to `services.project.ldap.group.pattern` to match
the new configuration structure, ensuring the correct value is injected.
#17)

…ng and response mapping

---------

Co-authored-by: Jorge Romero <jorge.romero.ext@boehringer-ingelheim.com>
Add Marketplace 2.0 client with config.

---------

Co-authored-by: zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com>
Co-authored-by: Angel Martinez <angelmp.mail@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Update marketplace deletion service and controller with tests.

---------

Co-authored-by: zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com>
Co-authored-by: Angel Martinez <angelmp.mail@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Fix special chars in the password by base64 encoding.

---------

Co-authored-by: zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com>
Added possibility to register components by raising the registerOnly
flag in the create component endpoint. This workflow calls to the
Marketplace API 2.0 to register the component correctly.

By default this flag is set to false, so the default component creation
workflow is performed if this flag is not informed or set to false.

---------

Co-authored-by: zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com>
Co-authored-by: Angel Martinez <angelmp.mail@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a bug when registering a project that it was returning
ProjectAlreadyExistsException because it was not omitting checks in
Jira, Bitbucket and Openshift.

Code has been updated to only check in Collection when this flag is
raised. It checks everything otherwise.
#36)

…actor authentication token handling in MarketplaceServiceImpl to
streamline authentication process.

---------

Co-authored-by: Jorge Romero <jorge.romero.ext@boehringer-ingelheim.com>
@BraisVQ BraisVQ requested a review from jorge-romero July 1, 2026 09:01
@sonarqubecloud

sonarqubecloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

oauth2.authenticationManagerResolver(jwtIssuerAuthenticationManagerResolver)
)
.headers(headers -> headers.frameOptions(frame -> frame.disable()))
.csrf(csrf -> csrf.disable());
}
};
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, trustAllCertificates, new java.security.SecureRandom());
protected void prepareConnection(HttpURLConnection connection, String httpMethod) throws java.io.IOException {
if (connection instanceof HttpsURLConnection httpsConnection) {
httpsConnection.setSSLSocketFactory(socketFactory);
httpsConnection.setHostnameVerifier((hostname, session) -> true);
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

📊 Static Analysis Summary

🔍 Code Quality Checks

  • ✅ JaCoCo coverage report generated

📦 Download detailed reports from the workflow artifacts.

@BraisVQ BraisVQ merged commit dea1628 into master Jul 1, 2026
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants