Merge pull request #180 from jesperancinha/dependabot/maven/spring-bo…

…ot-starter-parent.version-3.2.0

Bump spring-boot-starter-parent.version from 3.1.5 to 3.2.0

Makefile

@@ -133,6 +133,10 @@ build-graphite:
 	docker-compose -p ${GITHUB_RUN_ID} rm graphite
 	docker-compose -p ${GITHUB_RUN_ID} build --no-cache graphite
 	docker-compose -p ${GITHUB_RUN_ID} up -d graphite
+build-kong:
+	docker-compose -p ${GITHUB_RUN_ID} rm kong
+	docker-compose -p ${GITHUB_RUN_ID} build --no-cache kong
+	docker-compose -p ${GITHUB_RUN_ID} up -d kong
 stop-cameras-auth-service: stop-auth-service
 status-containers:
 	docker ps

Readme.md

@@ -81,23 +81,9 @@ make dcup
 
 #### Videos
 
-<div align="center"> 
-      <a title="Custom Metrics with Prometheus by Stack Doctor" href="https://www.youtube.com/watch?v=XToKHYXSUyc">
-     <img 
-          src="https://img.youtube.com/vi/XToKHYXSUyc/0.jpg" 
-          style="width:20%;">
-      </a>
-     <a title="Getting Started with Kong Ingress Controller for Kubernetes" href="https://www.youtube.com/watch?v=hrYqGXU-a6E">
-     <img 
-          src="https://img.youtube.com/vi/hrYqGXU-a6E/0.jpg" 
-          style="width:20%;">
-      </a>
-     <a title="Getting Started with Kong Ingress Controller for Kubernetes" href="https://www.youtube.com/watch?v=AIYIHZbDziI">
-     <img 
-          src="https://img.youtube.com/vi/AIYIHZbDziI/0.jpg" 
-          style="width:20%;">
-      </a>
-</div>
+-   [Custom Metrics with Prometheus by Stack Doctor](https://www.youtube.com/watch?v=XToKHYXSUyc)
+-   [Getting Started with Kong Ingress Controller for Kubernetes](https://www.youtube.com/watch?v=hrYqGXU-a6E)
+-   [How to Use Kong Gateway OAuth2 Plugin](https://www.youtube.com/watch?v=AIYIHZbDziI)
 
 ## About me
 

camera-service/src/main/kotlin/org/jesperancinha/cameras/cameraservice/config/MetricsConfiguration.kt

@@ -60,12 +60,12 @@ class MetricsConfiguration(
     fun gaugeMetric(meterRegistry: MeterRegistry) =
         Gauge.builder("camera.image.read.time", last10FileDeltaNSReading)
         { last10Records ->
-            logger.debug("$last10FileDeltaNSReading")
+            logger.debug("{}", last10FileDeltaNSReading)
             measureNanoTime { runBlocking { cameraService.getImageByteArrayByCameraNumber(cameraNumber) } }.toDouble()
                 .let { record ->
                     last10Records.add(record)
                     if (last10Records.size == 11) {
-                        last10Records.removeFirst()
+                        last10Records.removeAt(0)
                     }
                     logger.info("Refreshed ${last10Records.size} metrics. Last value read is ${last10Records.last()} ns")
                     record

cameras-auth-service/src/main/kotlin/org/jesperancinha/cameras/auth/CamerasAuthAppLauncher.kt

@@ -9,7 +9,9 @@ import org.springframework.boot.SpringApplication
 import org.springframework.boot.autoconfigure.SpringBootApplication
 import org.springframework.context.event.ContextRefreshedEvent
 import org.springframework.context.event.EventListener
-import org.springframework.core.env.*
+import org.springframework.core.env.AbstractEnvironment
+import org.springframework.core.env.EnumerablePropertySource
+import org.springframework.core.env.PropertySource
 import org.springframework.stereotype.Component
 import java.util.*
 import java.util.stream.StreamSupport

cameras-auth-service/src/main/kotlin/org/jesperancinha/cameras/auth/config/SecurityConfiguration.kt

@@ -2,16 +2,19 @@ package org.jesperancinha.cameras.auth.config
 
 import io.netty.handler.ssl.SslContextBuilder
 import io.netty.handler.ssl.util.InsecureTrustManagerFactory
-import kotlinx.coroutines.*
+import kotlinx.coroutines.runBlocking
 import org.jesperancinha.cameras.auth.dao.UserRepository
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.http.client.reactive.ReactorClientHttpConnector
+import org.springframework.security.config.Customizer
 import org.springframework.security.config.web.server.ServerHttpSecurity
 import org.springframework.security.core.GrantedAuthority
-import org.springframework.security.core.userdetails.*
+import org.springframework.security.core.userdetails.MapReactiveUserDetailsService
+import org.springframework.security.core.userdetails.User
+import org.springframework.security.core.userdetails.UserDetails
 import org.springframework.security.crypto.bcrypt.BCrypt
 import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.security.web.server.SecurityWebFilterChain
@@ -21,7 +24,6 @@ import org.springframework.web.reactive.function.client.WebClient
 import reactor.core.publisher.Mono
 import reactor.netty.http.client.HttpClient
 import reactor.netty.tcp.SslProvider
-import reactor.netty.tcp.TcpClient
 
 
 /**
@@ -30,36 +32,45 @@ import reactor.netty.tcp.TcpClient
 @Configuration
 class SecurityConfiguration {
     @Bean
-    fun securityWebFilterChain(httpSecurity: ServerHttpSecurity): SecurityWebFilterChain =
-        httpSecurity
-            .csrf().disable()
-            .authorizeExchange()
-            .pathMatchers("/webjars/**")
-            .permitAll()
-            .pathMatchers("/logout")
-            .permitAll()
-            .pathMatchers("/logout/**")
-            .permitAll()
-            .pathMatchers("/v3/**")
-            .permitAll()
-            .pathMatchers("/actuator/**")
-            .permitAll()
-            .anyExchange()
-            .authenticated()
-            .and()
-            .formLogin()
-            .and()
+    fun securityWebFilterChain(
+        @Value("\${hc.csrf.enable:false}")
+        csrf: Boolean,
+        httpSecurity: ServerHttpSecurity
+    ): SecurityWebFilterChain {
+        val serverHttpSecurityBuilder = httpSecurity
+            .authorizeExchange { exchanges ->
+                exchanges
+                    .pathMatchers("/webjars/**")
+                    .permitAll()
+                    .pathMatchers("/logout")
+                    .permitAll()
+                    .pathMatchers("/logout/**")
+                    .permitAll()
+                    .pathMatchers("/v3/**")
+                    .permitAll()
+                    .pathMatchers("/actuator/**")
+                    .permitAll()
+                    .anyExchange()
+                    .authenticated()
+
+            }
+            .formLogin(Customizer.withDefaults())
+        if(!csrf){
+            serverHttpSecurityBuilder.csrf { it.disable() }
+        }
+        return serverHttpSecurityBuilder
             .build()
+    }
 
     @Bean
     fun webFluxClient(): WebClient = run {
         val sslContext = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build()
-        val tcpClient = TcpClient.create().secure { sslContextSpec: SslProvider.SslContextSpec ->
-            sslContextSpec.sslContext(
-                sslContext
-            )
-        }
-        val httpClient: HttpClient = HttpClient.from(tcpClient)
+        val httpClient: HttpClient = HttpClient.create()
+            .secure { sslContextSpec: SslProvider.SslContextSpec ->
+                sslContextSpec.sslContext(
+                    sslContext
+                )
+            }
         WebClient.builder().clientConnector(ReactorClientHttpConnector(httpClient)).build()
     }
 
@@ -80,7 +91,6 @@ class CustomPasswordEncoder : PasswordEncoder {
 @Service
 class UserService @Autowired constructor(
     val userRepository: UserRepository,
-    val customPasswordEncoder: CustomPasswordEncoder,
     @Value("\${hc.auth.guest.user}")
     val guestUser: String,
     @Value("\${hc.auth.guest.password}")

cameras-auth-service/src/main/resources/application-local.properties

@@ -0,0 +1 @@
+PROVISION_KEY=1234567890

cameras-auth-service/src/main/resources/application.properties

@@ -7,7 +7,7 @@ spring.r2dbc.password=kong_password
 springdoc.show-actuator=true
 management.endpoints.web.exposure.include=*
 
-spring.webflux.base-path=/api/v1/cameras/auth/
+spring.webflux.base-path=/api/v1/cameras/auth
 
 hc.auth.guest.user=guest
 # Password is guest :)
@@ -21,3 +21,4 @@ hc.auth.oauth.grant_type=authorization_code
 hc.auth.oauth.url.auth=https://localhost:8443/camera-6-service/api/v1/hc/oauth2/authorize
 hc.auth.oauth.url.token=https://localhost:8443/camera-6-service/api/v1/hc/oauth2/token
 hc.auth.guest.validate=false
+hc.csrf.enable=false

cameras-auth-service/src/test/kotlin/org/jesperancinha/cameras/auth/controller/CameraAuthControllerTest.kt

@@ -8,7 +8,6 @@ import io.mockk.every
 import org.jesperancinha.cameras.auth.dao.BearerToken
 import org.jesperancinha.cameras.auth.dao.BearerTokenEnriched
 import org.jesperancinha.cameras.auth.dao.ResAuthorizeBody
-import org.junit.jupiter.api.Assertions.*
 import org.junit.jupiter.api.Test
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.context.SpringBootTest
@@ -24,7 +23,8 @@ import java.util.*
 @SpringBootTest(
     webEnvironment = RANDOM_PORT, properties = [
         "hc.auth.oauth.provision_key=tra-la-la",
-        "hc.auth.guest.validate=true"]
+        "hc.auth.guest.validate=true",
+        "hc.csrf.enable=true"]
 )
 class CameraAuthControllerTest @Autowired constructor(
     val testRestTemplate: TestRestTemplate
@@ -34,7 +34,7 @@ class CameraAuthControllerTest @Autowired constructor(
     lateinit var webFluxClient: WebClient
 
     @Test
-    @WithMockUser("admin")
+    @WithMockUser("guest")
     fun `should create token by calling service`() {
         val testCode = UUID.randomUUID()
         every {

docker-compose.yml

@@ -15,6 +15,10 @@ services:
         condition: service_healthy
       kong:
         condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -I -s -L http://127.0.0.1:8080/api/v1/hc/actuator/health || exit 1"]
+      interval: 5s
+      retries: 30
 
   camera-2-service:
     hostname: camera-2-service
@@ -31,6 +35,10 @@ services:
         condition: service_healthy
       kong:
         condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -I -s -L http://127.0.0.1:8080/api/v1/hc/actuator/health || exit 1"]
+      interval: 5s
+      retries: 30
 
   camera-3-service:
     hostname: camera-3-service
@@ -47,6 +55,10 @@ services:
         condition: service_healthy
       kong:
         condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -I -s -L http://127.0.0.1:8080/api/v1/hc/actuator/health || exit 1"]
+      interval: 5s
+      retries: 30
 
   camera-4-service:
     hostname: camera-4-service
@@ -63,6 +75,10 @@ services:
         condition: service_healthy
       kong:
         condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -I -s -L http://127.0.0.1:8080/api/v1/hc/actuator/health || exit 1"]
+      interval: 5s
+      retries: 30
 
   camera-5-service:
     hostname: camera-5-service
@@ -79,6 +95,10 @@ services:
         condition: service_healthy
       kong:
         condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -I -s -L http://127.0.0.1:8080/api/v1/hc/actuator/health || exit 1"]
+      interval: 5s
+      retries: 30
 
   camera-6-service:
     hostname: camera-6-service
@@ -95,6 +115,10 @@ services:
         condition: service_healthy
       kong:
         condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -I -s -L http://127.0.0.1:8080/api/v1/hc/actuator/health || exit 1"]
+      interval: 5s
+      retries: 30
 
   kong-database:
     hostname: kong-database
@@ -147,6 +171,10 @@ services:
     command: "--config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/prometheus"
     expose:
       - 9090
+    healthcheck:
+      test: ["CMD", "wget", "http://localhost:9090"]
+      interval: 5s
+      retries: 30
     depends_on:
       kong-database:
         condition: service_healthy
@@ -161,6 +189,10 @@ services:
       - ./docker-images/grafana/provisioning/:/etc/grafana/provisioning
     expose:
       - 3000
+    healthcheck:
+      test: timeout 10s bash -c ':> /dev/tcp/127.0.0.1/3000' || exit 1
+      interval: 5s
+      retries: 30
     depends_on:
       kong-database:
         condition: service_healthy
@@ -186,7 +218,7 @@ services:
     healthcheck:
       test: timeout 10s bash -c ':> /dev/tcp/127.0.0.1/8001' || exit 1
       interval: 5s
-      retries: 10
+      retries: 30
     depends_on:
       kong-database:
         condition: service_healthy
@@ -213,14 +245,30 @@ services:
     healthcheck:
       test: timeout 10s bash -c ':> /dev/tcp/127.0.0.1/8090' || exit 1
       interval: 5s
-      retries: 10
+      retries: 30
     depends_on:
       kong-database:
         condition: service_healthy
       kong-migration:
         condition: service_completed_successfully
       kong:
         condition: service_healthy
+      grafana:
+        condition: service_healthy
+      prometheus:
+        condition: service_healthy
+      camera-1-service:
+        condition: service_healthy
+      camera-2-service:
+        condition: service_healthy
+      camera-3-service:
+        condition: service_healthy
+      camera-4-service:
+        condition: service_healthy
+      camera-5-service:
+        condition: service_healthy
+      camera-6-service:
+        condition: service_healthy
 
   graphite:
     container_name: graphite

hc_wait.sh

@@ -31,9 +31,9 @@ checkServiceByNameAndMessage graphite 'ok: run: nginx'
 checkServiceByNameAndMessage kong-database 'database system is ready to accept connections'
 checkServiceByNameAndMessage nginx 'test is successful'
 checkServiceByNameAndMessage prometheus 'Starting rule manager...'
-checkServiceByNameAndMessage camera-1-service 'Tomcat started on port(s): 8080'
-checkServiceByNameAndMessage camera-2-service 'Tomcat started on port(s): 8080'
-checkServiceByNameAndMessage camera-3-service 'Tomcat started on port(s): 8080'
-checkServiceByNameAndMessage camera-4-service 'Tomcat started on port(s): 8080'
-checkServiceByNameAndMessage camera-5-service 'Tomcat started on port(s): 8080'
+checkServiceByNameAndMessage camera-1-service 'Tomcat started'
+checkServiceByNameAndMessage camera-2-service 'Tomcat started'
+checkServiceByNameAndMessage camera-3-service 'Tomcat started'
+checkServiceByNameAndMessage camera-4-service 'Tomcat started'
+checkServiceByNameAndMessage camera-5-service 'Tomcat started'
 checkServiceByNameAndMessage openldap 'slapd starting'

pom.xml

@@ -21,7 +21,7 @@
         <maven-surefire-plugin.version>3.2.3</maven-surefire-plugin.version>
         <maven-failsafe-plugin.version>3.2.3</maven-failsafe-plugin.version>
         <kotlin.version>1.9.21</kotlin.version>
-        <spring-boot-starter-parent.version>3.1.5</spring-boot-starter-parent.version>
+        <spring-boot-starter-parent.version>3.2.0</spring-boot-starter-parent.version>
         <omni-coveragereporter-maven-plugin.version>0.4.3</omni-coveragereporter-maven-plugin.version>
         <jacoco-maven-plugin.version>0.8.11</jacoco-maven-plugin.version>
         <r2dbc-postgresql.version>0.8.13.RELEASE</r2dbc-postgresql.version>