test: add support of bearer auth for remote envs in integration tests (…

…#818)

Signed-off-by: Anton Baliasnikov <[email protected]>

tests/integration-tests/README.md

@@ -228,6 +228,7 @@ To configure the roles, you need to specify the following options:
 * `webhook`: [MANDATORY] the webhook object to use for this role. If not specified, the default webhook URL will be used.
 * `url`: [MANDATORY] the REST API URL of the agent to use for this role.
 * `apikey`: [OPTIONAL] the API key to use for this role. If not specified, the default API key will be used. API key authentication can also be disabled.
+* `token`: [OPTIONAL] the JWT token to use for this role. To be used only for pre-configured remote instances of the agents with Keycloak authentication enabled.
 * `authHeader`: [OPTIONAL] the authentication header to use for this role. If not specified, the default authentication header will be used.
 
 `webhook` is a special object that contains the following options:
@@ -286,20 +287,93 @@ To work with remote agents, you need to specify the following options:
 2. Remote `apikey` of the agent (if configured)
 3. Webhook configuration with the remote `url` (to be registered on the agent side) and `local_port` that will be opened locally. You have to use `ngrok` or similar tool to open the local port to the world and get the remote URL.
 
+When we would like to test local agent VS remote agents, we need to open the local ports to the world.
+We need to open 3 things:
+1. REST service URL should be available to fetch credential definitions and credential schemas
+2. DIDComm service URL should be available to send and receive DIDComm messages
+3. Webhook URL should be available to receive webhook messages
+
+Here is an example ngrok configuration to open 3 ports:
+```yaml
+version: "2"
+authtoken: ...
+
+tunnels:
+  rest_service7080:
+    proto: http
+    addr: 7080
+  didcomm_service7070:
+    proto: http
+    addr: 7070
+  webhook9999:
+    proto: http
+    addr: 9999
+```
+
+Then, run `ngrok` as follows:
+```shell
+ngrok start --all
+```
+
+And you should see something like this:
+```text
+Session Status                online                                                                                                                            
+Account                       [email protected] (Plan: Free)                                                                                           
+Update                        update available (version 3.5.0, Ctrl-U to update)                                                                                
+Version                       3.4.0                                                                                                                             
+Region                        Europe (eu)                                                                                                                       
+Latency                       -                                                                                                                                 
+Web Interface                 http://127.0.0.1:4040                                                                                                             
+Forwarding                    https://5c0b-2001-818-dce2-c000-9c53-d0a3-15f2-ca59.ngrok-free.app -> http://localhost:7080                                       
+Forwarding                    https://6908-2001-818-dce2-c000-9c53-d0a3-15f2-ca59.ngrok-free.app -> http://localhost:7070                                       
+Forwarding                    https://90e7-2001-818-dce2-c000-9c53-d0a3-15f2-ca59.ngrok-free.app -> http://localhost:9999
+```
+
+After that, you could configure your local agent as follows to provide the required URLs:
+```yaml
+    {
+        version = "${OPEN_ENTERPRISE_AGENT_VERSION}"
+        http_port = 7080
+        didcomm_port = 7070
+        didcomm_service_url = "https://6908-2001-818-dce2-c000-9c53-d0a3-15f2-ca59.ngrok-free.app"
+        rest_service_url = "https://5c0b-2001-818-dce2-c000-9c53-d0a3-15f2-ca59.ngrok-free.app"
+        auth_enabled = true
+        prism_node = ${services.prism_node}
+    }
+```
+
+**Make sure `http_port` and `didcomm_port` are the same as in the `ngrok` configuration!**
+
+Next, you are able to configure your roles to use remote agents.
 Here is an example of the agent configuration for SIT environment:
 ```yaml
     {
         name = "Holder"
         url = "https://sit-prism-agent-issuer.atalaprism.io/prism-agent"
         apikey = "SIT_ENVIRONMENT_API_KEY_FOR_ISSUER"
         webhook = {
-            url = "https://b655-2001-818-dce2-c000-d992-94ce-ad1-d722.ngrok-free.app"
+            url = "https://90e7-2001-818-dce2-c000-9c53-d0a3-15f2-ca59.ngrok-free.app"
             init_required = true
             local_port = 9999
         }
     }
 ```
 
+There is also an option to use JWT token instead of API key for authentication if the remote agent is configured to use Keycloak authentication.
+Here is an example of the agent configuration for sandbox environment:
+```yaml
+    {
+        name = "Issuer"
+        url = "https://sandbox-issuer.atalaprism.io/prism-agent"
+        token = "SANDBOX_ENVIRONMENT_BEARER_TOKEN_FOR_ISSUER"
+        webhook = {
+            url = "https://5868-2001-818-dce2-c000-9c53-d0a3-15f2-ca59.ngrok-free.app"
+            local_port = 9999
+            init_required = true
+        }
+    }
+```
+
 **Please note: `roles` section is MANDATORY. If you do not specify any role, then the tests will fail.**
 
 ## Running the tests

tests/integration-tests/src/test/kotlin/config/Role.kt

@@ -6,6 +6,7 @@ data class Role(
     val name: String,
     val url: URL,
     val apikey: String?,
+    val token: String?,
     val authHeader: String = "apikey",
     val webhook: Webhook?
 )

tests/integration-tests/src/test/kotlin/config/services/Agent.kt

@@ -10,6 +10,7 @@ data class Agent(
     @ConfigAlias("http_port") val httpPort: Int,
     @ConfigAlias("didcomm_port") val didcommPort: Int,
     @ConfigAlias("didcomm_service_url") val didcommServiceUrl: String?,
+    @ConfigAlias("rest_service_url") val restServiceUrl: String?,
     @ConfigAlias("auth_enabled") val authEnabled: Boolean,
     @ConfigAlias("prism_node") val prismNode: PrismNode?,
     val keycloak: Keycloak?,
@@ -26,6 +27,7 @@ data class Agent(
             "AGENT_DIDCOMM_PORT" to didcommPort.toString(),
             "DIDCOMM_SERVICE_URL" to (didcommServiceUrl ?: "http://host.docker.internal:${didcommPort}"),
             "AGENT_HTTP_PORT" to httpPort.toString(),
+            "REST_SERVICE_URL" to (restServiceUrl ?: "http://host.docker.internal:${httpPort}"),
             "PRISM_NODE_PORT" to (prismNode?.httpPort?.toString() ?: ""),
             "SECRET_STORAGE_BACKEND" to if (vault != null) "vault" else "postgres",
             "VAULT_HTTP_PORT" to (vault?.httpPort?.toString() ?: ""),

tests/integration-tests/src/test/kotlin/features/Init.kt

@@ -104,6 +104,9 @@ fun initActors() {
             actor.remember("AUTH_KEY", role.apikey)
             actor.remember("AUTH_HEADER", role.authHeader)
         }
+        if (role.token != null) {
+            actor.remember("BEARER_TOKEN", role.token)
+        }
         if (role.webhook != null) {
             actor.whoCan(ListenToEvents.at(role.webhook.url, role.webhook.localPort))
             if (role.webhook.initRequired) {

tests/integration-tests/src/test/resources/containers/agent.yml

@@ -38,7 +38,7 @@ services:
       AGENT_DIDCOMM_PORT:
       AGENT_HTTP_PORT:
       DIDCOMM_SERVICE_URL:
-      REST_SERVICE_URL: "http://host.docker.internal:${AGENT_HTTP_PORT}"
+      REST_SERVICE_URL:
       API_KEY_ENABLED:
       # Secret storage configuration
       SECRET_STORAGE_BACKEND: