KOGITO-6458: Define default authentication method to be used by OpenAPI (#90)

* KOGITO-6458: Define default authentication method to be used by OpenAPI

* KOGITO-6458: Add integration test to verify configuration property "quarkus.openapi-generator.codegen.default.security.scheme"

* KOGITO-6458: Update readme

* KOGITO-6458: Minor refactoring handling null value

Author: martinweiler

README.md

@@ -147,6 +147,12 @@ pattern: `quarkus.openapi-generator.[filename].[security_scheme_name].auth.[auth
 
 > Tip: on production environments you will likely to use [HashiCorp Vault](https://quarkiverse.github.io/quarkiverse-docs/quarkus-vault/dev/index.html) or [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) to provide this information for your application.
 
+If the OpenAPI specification file has `securitySchemes` definitions, but no [Security Requirement Object](https://spec.openapis.org/oas/v3.1.0#security-requirement-object) definitions, the generator can be configured to create these by default. In this case, for all operations without a security requirement the default one will be created. Note that the property value needs to match the name of a security scheme object definition, eg. `api_key` or `basic_auth` in the `securitySchemes` list above.
+
+| Description          | Property Key                                                   | Example                                              |
+| -------------------- | -------------------------------------------------------------- | ---------------------------------------------------- |
+| Create security for the referenced security scheme | `quarkus.openapi-generator.codegen.default.security.scheme` | `quarkus.openapi-generator.codegen.default.security.scheme=api_key` |
+
 ### Basic HTTP Authentication
 
 For Basic HTTP Authentication, these are the supported configurations:

deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/CodegenConfig.java

@@ -17,6 +17,7 @@ public class CodegenConfig {
     public static final String API_PKG_SUFFIX = ".api";
     public static final String MODEL_PKG_SUFFIX = ".model";
     public static final String VERBOSE_PROPERTY_NAME = "quarkus." + CODEGEN_TIME_CONFIG_PREFIX + ".verbose";
+    public static final String DEFAULT_SECURITY_SCHEME = "quarkus." + CODEGEN_TIME_CONFIG_PREFIX + ".default.security.scheme";
     // package visibility for unit tests
     static final String BUILD_TIME_SPEC_PREFIX_FORMAT = "quarkus." + CODEGEN_TIME_CONFIG_PREFIX + ".spec.%s";
     private static final String BASE_PACKAGE_PROP_FORMAT = "%s.base-package";
@@ -33,6 +34,11 @@ public class CodegenConfig {
      */
     @ConfigItem(name = "verbose", defaultValue = "false")
     public boolean verbose;
+    /**
+     * Security type for which security constraints should be created automatically if not explicitly defined
+     */
+    @ConfigItem(name = "default.security.scheme", defaultValue = "none")
+    public String defaultSecurityScheme;
 
     public static String resolveApiPackage(final String basePackage) {
         return String.format("%s%s", basePackage, API_PKG_SUFFIX);

deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/codegen/OpenApiGeneratorCodeGenBase.java

@@ -11,7 +11,9 @@
 import java.util.stream.Stream;
 
 import org.eclipse.microprofile.config.Config;
+import org.openapitools.codegen.config.GlobalSettings;
 
+import io.quarkiverse.openapi.generator.deployment.CodegenConfig;
 import io.quarkiverse.openapi.generator.deployment.circuitbreaker.CircuitBreakerConfigurationParser;
 import io.quarkiverse.openapi.generator.deployment.wrapper.OpenApiClientGeneratorWrapper;
 import io.quarkus.bootstrap.prebuild.CodeGenException;
@@ -64,6 +66,8 @@ public boolean trigger(CodeGenContext context) throws CodeGenException {
     protected void generate(final Config config, final Path openApiFilePath, final Path outDir) {
         final String basePackage = getBasePackage(config, openApiFilePath);
         final Boolean verbose = config.getOptionalValue(VERBOSE_PROPERTY_NAME, Boolean.class).orElse(false);
+        GlobalSettings.setProperty(OpenApiClientGeneratorWrapper.DEFAULT_SECURITY_SCHEME,
+                config.getOptionalValue(CodegenConfig.DEFAULT_SECURITY_SCHEME, String.class).orElse(""));
 
         final OpenApiClientGeneratorWrapper generator = new OpenApiClientGeneratorWrapper(
                 openApiFilePath.normalize(),

deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/wrapper/OpenApiClientGeneratorWrapper.java

@@ -28,7 +28,10 @@ public class OpenApiClientGeneratorWrapper {
 
     public static final String VERBOSE = "verbose";
     private static final String ONCE_LOGGER = "org.openapitools.codegen.utils.oncelogger.enabled";
-
+    /**
+     * Security scheme for which to apply security constraints even if the OpenAPI definition has no security definition
+     */
+    public static final String DEFAULT_SECURITY_SCHEME = "defaultSecurityScheme";
     private final QuarkusCodegenConfigurator configurator;
     private final DefaultGenerator generator;
 

deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/wrapper/QuarkusJavaClientCodegen.java

@@ -78,6 +78,8 @@ public void preprocessOpenAPI(OpenAPI openAPI) {
         super.preprocessOpenAPI(openAPI);
         // add the default server url to the context
         additionalProperties.put(DEFAULT_SERVER_URL, URLPathUtils.getServerURL(this.openAPI, serverVariableOverrides()));
+        additionalProperties.put(OpenApiClientGeneratorWrapper.DEFAULT_SECURITY_SCHEME,
+                GlobalSettings.getProperty(OpenApiClientGeneratorWrapper.DEFAULT_SECURITY_SCHEME));
     }
 
     @Override

deployment/src/main/resources/templates/auth/compositeAuthenticationProvider.qute

@@ -46,6 +46,12 @@ public class CompositeAuthenticationProvider extends AbstractCompositeAuthentica
                 .build())
         {/if}
         {/for}
+        {#else if defaultSecurityScheme == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
         {/if}
         {/for}
         {/for});
@@ -64,6 +70,12 @@ public class CompositeAuthenticationProvider extends AbstractCompositeAuthentica
                 .build())
         {/if}
         {/for}
+        {#else if defaultSecurityScheme == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
         {/if}
         {/for}
         {/for});
@@ -82,6 +94,12 @@ public class CompositeAuthenticationProvider extends AbstractCompositeAuthentica
                 .build())
         {/if}
         {/for}
+        {#else if defaultSecurityScheme == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
         {/if}
         {/for}
         {/for});
@@ -101,6 +119,12 @@ public class CompositeAuthenticationProvider extends AbstractCompositeAuthentica
                 .build())
         {/if}
         {/for}
+        {#else if defaultSecurityScheme == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
         {/if}
         {/for}
         {/for});
@@ -119,6 +143,12 @@ public class CompositeAuthenticationProvider extends AbstractCompositeAuthentica
                 .build())
         {/if}
         {/for}
+        {#else if defaultSecurityScheme == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
         {/if}
         {/for}
         {/for});
@@ -137,6 +167,12 @@ public class CompositeAuthenticationProvider extends AbstractCompositeAuthentica
                 .build())
         {/if}
         {/for}
+        {#else if defaultSecurityScheme == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
         {/if}
         {/for}
         {/for});

deployment/src/test/java/io/quarkiverse/openapi/generator/deployment/wrapper/OpenApiClientGeneratorWrapperTest.java

@@ -16,6 +16,9 @@
 import java.util.Optional;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.openapitools.codegen.config.GlobalSettings;
 
 import com.github.javaparser.StaticJavaParser;
 import com.github.javaparser.ast.CompilationUnit;
@@ -45,6 +48,32 @@ void verifyAuthBasicGenerated() throws URISyntaxException {
         assertTrue(generatedFiles.stream().anyMatch(f -> f.getName().equals("CompositeAuthenticationProvider.java")));
     }
 
+    @ParameterizedTest
+    @ValueSource(strings = { "basic", "undefined" })
+    void verifyAuthBasicWithMissingSecurityDefinition(String defaultSecurityScheme)
+            throws URISyntaxException, FileNotFoundException {
+        GlobalSettings.setProperty(OpenApiClientGeneratorWrapper.DEFAULT_SECURITY_SCHEME, defaultSecurityScheme);
+        final List<File> generatedFiles = createGeneratorWrapper("petstore-openapi-httpbasic.json").generate("org.petstore");
+        final Optional<File> authProviderFile = generatedFiles.stream()
+                .filter(f -> f.getName().endsWith("CompositeAuthenticationProvider.java")).findFirst();
+        assertThat(authProviderFile).isPresent();
+
+        CompilationUnit compilationUnit = StaticJavaParser.parse(authProviderFile.orElseThrow());
+        List<MethodDeclaration> methodDeclarations = compilationUnit.findAll(MethodDeclaration.class);
+        assertThat(methodDeclarations).isNotEmpty();
+
+        Optional<MethodDeclaration> initMethod = methodDeclarations.stream()
+                .filter(m -> m.getNameAsString().equals("init"))
+                .findAny();
+        assertThat(initMethod).isPresent();
+
+        String fileContent = compilationUnit.toString();
+        assertTrue(fileContent.contains("addAuthenticationProvider"));
+        if (!defaultSecurityScheme.equals("undefined")) {
+            assertTrue(fileContent.contains("addOperation"));
+        }
+    }
+
     @Test
     void verifyAuthBearerGenerated() throws URISyntaxException {
         final List<File> generatedFiles = createGeneratorWrapper("petstore-openapi-bearer.json").generate("org.petstore");