feat(server-impl): refactoring resources JAX-RS, corrections AuditService/SyncService/UserService, ajout entites Sync et scripts Docker
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
lionsdev
@@ -1,66 +1,38 @@
|
||||
# ============================================================================
|
||||
# Lions User Manager Server - Configuration Production
|
||||
# Lions User Manager - Server Implementation Configuration - PROD
|
||||
# ============================================================================
|
||||
# Ce fichier contient TOUTES les propriétés spécifiques à la production
|
||||
# Il surcharge et complète application.properties
|
||||
# Ce fichier contient UNIQUEMENT les propriétés spécifiques à la PRODUCTION
|
||||
# Il surcharge application.properties
|
||||
# ============================================================================
|
||||
|
||||
# ============================================
|
||||
# HTTP Configuration PROD
|
||||
# ============================================
|
||||
quarkus.http.port=8080
|
||||
|
||||
# CORS restrictif en production (via variable d'environnement)
|
||||
quarkus.http.cors.origins=${CORS_ORIGINS:https://btpxpress.lions.dev,https://admin.lions.dev}
|
||||
quarkus.http.cors.origins=${CORS_ORIGINS:https://users.lions.dev,https://btpxpress.lions.dev,https://admin.lions.dev}
|
||||
|
||||
# ============================================
|
||||
# Logging PROD (moins verbeux)
|
||||
# ============================================
|
||||
quarkus.log.level=INFO
|
||||
quarkus.log.category."dev.lions.user.manager".level=INFO
|
||||
quarkus.log.category."org.keycloak".level=WARN
|
||||
|
||||
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n
|
||||
|
||||
# File Logging pour Audit (PROD)
|
||||
quarkus.log.file.path=/var/log/lions/lions-user-manager.log
|
||||
quarkus.log.file.rotation.max-file-size=50M
|
||||
quarkus.log.file.rotation.max-backup-index=30
|
||||
quarkus.log.file.rotation.rotate-on-boot=false
|
||||
|
||||
# ============================================
|
||||
# OIDC Configuration PROD - OBLIGATOIRE ET ACTIF
|
||||
# OIDC Configuration PROD
|
||||
# ============================================
|
||||
quarkus.oidc.enabled=true
|
||||
quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/master}
|
||||
quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
|
||||
quarkus.oidc.token.issuer=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/master}
|
||||
|
||||
# Vérification TLS requise en production
|
||||
quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
|
||||
quarkus.oidc.token.issuer=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
|
||||
quarkus.oidc.tls.verification=required
|
||||
|
||||
# Vérification stricte des tokens
|
||||
quarkus.oidc.discovery-enabled=true
|
||||
quarkus.oidc.verify-access-token=true
|
||||
|
||||
# Extraction des rôles
|
||||
quarkus.oidc.roles.role-claim-path=realm_access/roles
|
||||
|
||||
# ============================================
|
||||
# Keycloak Admin Client Configuration PROD
|
||||
# ============================================
|
||||
lions.keycloak.server-url=${KEYCLOAK_SERVER_URL:https://security.lions.dev}
|
||||
lions.keycloak.admin-realm=${KEYCLOAK_ADMIN_REALM:master}
|
||||
lions.keycloak.admin-client-id=admin-cli
|
||||
lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME}
|
||||
lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD}
|
||||
|
||||
# Pool de connexions augmenté en production
|
||||
lions.keycloak.connection-pool-size=20
|
||||
lions.keycloak.timeout-seconds=60
|
||||
lions.keycloak.authorized-realms=${KEYCLOAK_AUTHORIZED_REALMS:lions-user-manager,btpxpress,master,unionflow}
|
||||
|
||||
# Realms autorisés en production (via variable d'environnement)
|
||||
lions.keycloak.authorized-realms=${KEYCLOAK_AUTHORIZED_REALMS:btpxpress,master,unionflow}
|
||||
# Quarkus-managed Keycloak Admin Client PROD
|
||||
quarkus.keycloak.admin-client.server-url=${lions.keycloak.server-url}
|
||||
quarkus.keycloak.admin-client.username=${lions.keycloak.admin-username}
|
||||
quarkus.keycloak.admin-client.password=${lions.keycloak.admin-password}
|
||||
|
||||
# ============================================
|
||||
# Retry Configuration PROD
|
||||
@@ -71,40 +43,51 @@ lions.keycloak.retry.delay-seconds=3
|
||||
# ============================================
|
||||
# Audit Configuration PROD
|
||||
# ============================================
|
||||
lions.audit.retention-days=365
|
||||
lions.audit.log-to-database=true
|
||||
lions.audit.log-to-file=false
|
||||
lions.audit.retention-days=365
|
||||
|
||||
# ============================================
|
||||
# Database Configuration PROD (pour audit)
|
||||
# Database Configuration PROD
|
||||
# ============================================
|
||||
quarkus.datasource.db-kind=postgresql
|
||||
quarkus.datasource.username=${DB_USERNAME:audit_user}
|
||||
quarkus.datasource.health.enabled=true
|
||||
quarkus.datasource.username=${DB_USERNAME}
|
||||
quarkus.datasource.password=${DB_PASSWORD}
|
||||
quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST:lions-db.lions.svc.cluster.local}:${DB_PORT:5432}/${DB_NAME:lions_audit}
|
||||
quarkus.datasource.jdbc.max-size=20
|
||||
quarkus.datasource.jdbc.min-size=5
|
||||
quarkus.hibernate-orm.enabled=true
|
||||
quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST}:${DB_PORT:5432}/${DB_NAME:lions_user_manager}
|
||||
|
||||
# ============================================
|
||||
# Hibernate ORM Configuration PROD
|
||||
# ============================================
|
||||
quarkus.hibernate-orm.database.generation=none
|
||||
quarkus.hibernate-orm.log.sql=false
|
||||
|
||||
# ============================================
|
||||
# Flyway Configuration PROD
|
||||
# ============================================
|
||||
quarkus.flyway.migrate-at-start=true
|
||||
quarkus.flyway.baseline-on-migrate=true
|
||||
quarkus.flyway.baseline-version=1.0.0
|
||||
|
||||
# ============================================
|
||||
# Logging Configuration PROD
|
||||
# ============================================
|
||||
quarkus.log.level=INFO
|
||||
quarkus.log.category."dev.lions.user.manager".level=INFO
|
||||
quarkus.log.category."org.keycloak".level=WARN
|
||||
quarkus.log.category."io.quarkus".level=INFO
|
||||
|
||||
quarkus.log.console.enable=true
|
||||
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n
|
||||
|
||||
# File Logging désactivé en PROD (logs centralisés via Kubernetes)
|
||||
quarkus.log.file.enable=false
|
||||
|
||||
# ============================================
|
||||
# OpenAPI/Swagger Configuration PROD
|
||||
# ============================================
|
||||
# Swagger désactivé en production par défaut
|
||||
quarkus.swagger-ui.always-include=false
|
||||
quarkus.swagger-ui.enable=false
|
||||
|
||||
# ============================================
|
||||
# Security Configuration PROD (strict)
|
||||
# ============================================
|
||||
quarkus.security.auth.enabled=true
|
||||
quarkus.security.jaxrs.deny-unannotated-endpoints=true
|
||||
quarkus.security.auth.proactive=true
|
||||
|
||||
# ============================================
|
||||
# Performance tuning PROD
|
||||
# Performance Tuning PROD
|
||||
# ============================================
|
||||
quarkus.thread-pool.core-threads=4
|
||||
quarkus.thread-pool.max-threads=32
|
||||
|
||||
Reference in New Issue
Block a user