Netcracker · nurtai325 · May 4, 2026 · May 4, 2026 · May 4, 2026 · May 5, 2026
@@ -1,6 +1,7 @@
 package com.netcracker.cloud.microserviceframework.application;
 
 import com.netcracker.cloud.dbaas.client.DbaasClient;
+import com.netcracker.cloud.restclient.MicroserviceRestClient;
 import com.netcracker.cloud.restclient.resttemplate.MicroserviceRestTemplate;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -23,7 +24,7 @@ class BaseApplicationOnRestTemplateTest {
     @Test
     void testDbaasRestClientInitialized() {
         assertThat("Bean 'dbaasRestClient' is missing in context",
-                context.getBean("dbaasRestClient") instanceof MicroserviceRestTemplate);
+                context.getBean("dbaasRestClient") instanceof MicroserviceRestClient);
     }
 
     @Test

@@ -7,8 +7,12 @@
 import org.springframework.cloud.config.client.ConfigClientAutoConfiguration;
 import org.springframework.context.annotation.Configuration;
 
+import com.netcracker.cloud.security.common.DummyM2MManagerConfiguration;
+import org.springframework.context.annotation.Import;
+
 @Configuration
 @EnableServiceDbaasPostgresql
 @EnableAutoConfiguration(exclude = {DataElasticsearchAutoConfiguration.class, ConfigClientAutoConfiguration.class})
+@Import(DummyM2MManagerConfiguration.class)
 public class TestApplicationOnRestTemplate extends BaseApplicationOnRestTemplate {
 }
@@ -1,6 +1,7 @@
 package com.netcracker.cloud.microserviceframework.application;
 
 import com.netcracker.cloud.dbaas.client.DbaasClient;
+import com.netcracker.cloud.restclient.MicroserviceRestClient;
 import com.netcracker.cloud.restclient.webclient.MicroserviceWebClient;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -23,7 +24,7 @@ class BaseApplicationOnWebClientTest {
     @Test
     void testDbaasRestClientInitialized() {
         assertThat("Bean 'dbaasRestClient' is missing in context",
-                context.getBean("dbaasRestClient") instanceof MicroserviceWebClient);
+                context.getBean("dbaasRestClient") instanceof MicroserviceRestClient);
     }
 
     @Test

@@ -2,13 +2,16 @@
 
 import com.netcracker.cloud.dbaas.client.config.EnableServiceDbaasPostgresql;
 import com.netcracker.cloud.microserviceframework.BaseApplicationOnWebClient;
+import com.netcracker.cloud.security.common.DummyM2MManagerConfiguration;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.data.elasticsearch.autoconfigure.DataElasticsearchAutoConfiguration;
 import org.springframework.cloud.config.client.ConfigClientAutoConfiguration;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 
 @Configuration
 @EnableServiceDbaasPostgresql
 @EnableAutoConfiguration(exclude = {DataElasticsearchAutoConfiguration.class, ConfigClientAutoConfiguration.class})
+@Import(DummyM2MManagerConfiguration.class)
 public class TestApplicationOnWebClient extends BaseApplicationOnWebClient {
 }
@@ -58,7 +58,13 @@
       <groupId>com.squareup.okhttp3</groupId>
       <artifactId>okhttp</artifactId>
     </dependency>
-    <!--TEst-->
+    <dependency>
+        <groupId>com.netcracker.cloud.security.core.utils</groupId>
+        <artifactId>k8s-utils</artifactId>
+        <version>3.1.0-SNAPSHOT</version>
+    </dependency>
+
+      <!--TEst-->
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-core</artifactId>

@@ -6,8 +6,8 @@
 import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
 import com.fasterxml.jackson.module.paramnames.ParameterNamesModule;
 import com.netcracker.cloud.quarkus.security.auth.M2MManager;
-import com.netcracker.cloud.security.core.auth.Token;
 import com.netcracker.cloud.security.core.utils.tls.TlsUtils;
+import com.netcracker.cloud.security.core.utils.k8s.M2MClientFactory;
 import okhttp3.*;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.eclipse.microprofile.config.Config;
@@ -36,7 +36,8 @@ public class ConfigServerClientImpl implements ConfigServerClient {
     private URL url;
 
     public ConfigServerClientImpl(String csUrl) throws MalformedURLException {
-        client = new OkHttpClient.Builder()
+        client = M2MClientFactory.getM2mOkHttpClient(() -> M2MManager.getInstance().getToken().getTokenValue())
+                .newBuilder()
                 .connectionSpecs(Collections.singletonList(
                         csUrl.startsWith("https") ? ConnectionSpec.COMPATIBLE_TLS : ConnectionSpec.CLEARTEXT)
                 )
@@ -87,9 +88,7 @@ private String processRequest(Request request) throws IOException {
         int count = 1;
         while (true) {
             try {
-                Token token = M2MManager.getInstance().getToken();
                 request = request.newBuilder()
-                        .addHeader("Authorization", token.getTokenType() + " " + token.getTokenValue())
                         .build();
                 Response response = client.newCall(request).execute();
                 return response.body().string();

@@ -63,6 +63,11 @@
       <groupId>com.netcracker.cloud.security.core.utils</groupId>
       <artifactId>tls-utils</artifactId>
     </dependency>
+    <dependency>
+        <groupId>com.netcracker.cloud.security.core.utils</groupId>
+        <artifactId>k8s-utils</artifactId>
+        <version>3.1.0-SNAPSHOT</version>
+    </dependency>
     <!--Test-->
     <dependency>
       <groupId>io.quarkus</groupId>

@@ -12,14 +12,14 @@ public class DbaasClientProducer {
 
     @Produces
     @DefaultBean
-    public DbaasClient dbaaSClient(DbaasClientConfig dbaasClientConfig) {
+    public DbaasClient dbaaSClient(SecurityConfig securityConfig, DbaasClientConfig dbaasClientConfig) {
         if (dbaasClientConfig.dbaasUrl().isPresent() && dbaasClientConfig.dbaasUsername().isPresent() && dbaasClientConfig.dbaasPassword().isPresent()) {
             log.debug("Create dbaas client with basic auth");
             return new BasicDbaaSClient(dbaasClientConfig).build();
         }
 
         log.debug("Create dbaas client with m2m auth");
-        return new M2MDbaaSClient(dbaasClientConfig).build();
+        return new M2MDbaaSClient(securityConfig, dbaasClientConfig).build();
 
     }
 }
@@ -1,40 +1,53 @@
 package com.netcracker.cloud.dbaas.common.config;
 
-import jakarta.enterprise.context.ApplicationScoped;
-import okhttp3.OkHttpClient;
-import okhttp3.Request;
 import com.netcracker.cloud.context.propagation.core.ContextManager;
 import com.netcracker.cloud.dbaas.client.DbaaSClientOkHttpImpl;
 import com.netcracker.cloud.dbaas.client.DbaasClient;
 import com.netcracker.cloud.framework.contexts.tenant.TenantContextObject;
 import com.netcracker.cloud.quarkus.security.auth.M2MManager;
-import com.netcracker.cloud.security.core.auth.Token;
+import com.netcracker.cloud.security.core.utils.k8s.M2MClientFactory;
 import com.netcracker.cloud.security.core.utils.tls.TlsUtils;
+import jakarta.enterprise.context.ApplicationScoped;
+import lombok.extern.slf4j.Slf4j;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
 
 import java.util.Optional;
 
 import static com.netcracker.cloud.dbaas.common.config.DbaasClientConfig.DEFAULT_DBAAS_AGENT_ADDRESS;
 import static com.netcracker.cloud.framework.contexts.tenant.BaseTenantProvider.TENANT_CONTEXT_NAME;
 
+@Slf4j
 @ApplicationScoped
 public class M2MDbaaSClient {
-    private DbaasClientConfig config;
     private static final int MAX_RETRIES = 3;
     private static final long INITIAL_RETRY_DELAY = 500;
 
-    public M2MDbaaSClient(DbaasClientConfig config) {
-        this.config = config;
+    private final SecurityConfig securityConfig;
+    private final DbaasClientConfig dbaasConfig;
+
+    public M2MDbaaSClient(SecurityConfig securityConfig, DbaasClientConfig dbaasConfig) {
+        this.securityConfig = securityConfig;
+        this.dbaasConfig = dbaasConfig;
     }
 
     public DbaasClient build() {
-        String url = config.dbaasAgentUrl().orElse(DEFAULT_DBAAS_AGENT_ADDRESS);
-        OkHttpClient httpClient = new OkHttpClient.Builder()
+        String dbaasAgentUrl = dbaasConfig.dbaasAgentUrl().orElse(DEFAULT_DBAAS_AGENT_ADDRESS);
+
+        String dbaasUrl = dbaasAgentUrl;
+        if(securityConfig.k8sEnabled()) {
+            if(dbaasConfig.dbaasUrl().isEmpty()) {
+                log.warn("DBaaS address is not available, falling back to dbaas-agent. Specify 'api.dbaas.address' property to DBaaS url");
+            }
+            dbaasUrl = dbaasConfig.dbaasUrl().orElse(dbaasAgentUrl);
+        }
+
+        OkHttpClient httpClient = M2MClientFactory.getDbaasOkHttpClient(() -> M2MManager.getInstance().getToken().getTokenValue());
+
+        httpClient = httpClient.newBuilder()
                 .addInterceptor(chain -> {
                     Request original = chain.request();
-                    Token token = M2MManager.getInstance().getToken();
-                    String credentials = token.getTokenType() + " " + token.getTokenValue();
-                    Request.Builder requestBuilder = original.newBuilder()
-                            .addHeader("Authorization", credentials);
+                    Request.Builder requestBuilder = original.newBuilder();
                     Optional<TenantContextObject> tenantContextData = ContextManager.getSafe(TENANT_CONTEXT_NAME);
                     if (tenantContextData.isPresent() && tenantContextData.get().getTenant() != null) {
                         requestBuilder.addHeader("tenant", tenantContextData.get().getTenant());
@@ -44,6 +57,6 @@ public DbaasClient build() {
                 .addInterceptor(new RetryInterceptor(MAX_RETRIES, INITIAL_RETRY_DELAY))
                 .sslSocketFactory(TlsUtils.getSslContext().getSocketFactory(), TlsUtils.getTrustManager())
                 .build();
-        return new DbaaSClientOkHttpImpl(url, httpClient);
+        return new DbaaSClientOkHttpImpl(dbaasUrl, httpClient);
     }
 }
@@ -0,0 +1,15 @@
+package com.netcracker.cloud.dbaas.common.config;
+
+import io.smallrye.config.ConfigMapping;
+import io.smallrye.config.WithDefault;
+import io.smallrye.config.WithName;
+
+@ConfigMapping(prefix = "security.m2m")
+public interface SecurityConfig {
+    /**
+     * kubernetes tokens authentication enabled
+     */
+    @WithName("kubernetes.enabled")
+    @WithDefault("false")
+    boolean k8sEnabled();
+}
@@ -16,11 +16,18 @@
 class M2MDbaaSClientTest {
     private M2MDbaaSClient m2MDbaaSClient;
     private static final String DB_AGENT_URL  = "http://dbaas-agent:8080";
+    private static final String DB_AGGREGATOR_URL  = "http://dbaas-aggregator:8080";
+
     @BeforeEach
     void setUp() {
-        DbaasClientConfig config = mock(DbaasClientConfig.class);
-        when(config.dbaasAgentUrl()).thenReturn(Optional.of(DB_AGENT_URL));
-        m2MDbaaSClient = new M2MDbaaSClient(config);
+        SecurityConfig securityConfig = mock(SecurityConfig.class);
+        when(securityConfig.k8sEnabled()).thenReturn(true);
+
+        DbaasClientConfig dbaasConfig = mock(DbaasClientConfig.class);
+        when(dbaasConfig.dbaasAgentUrl()).thenReturn(Optional.of(DB_AGENT_URL));
+        when(dbaasConfig.dbaasUrl()).thenReturn(Optional.of(DB_AGGREGATOR_URL));
+
+        m2MDbaaSClient = new M2MDbaaSClient(securityConfig, dbaasConfig);
     }
     @Test
     void testBuild() throws NoSuchFieldException, IllegalAccessException {
@@ -29,8 +36,6 @@ void testBuild() throws NoSuchFieldException, IllegalAccessException {
         clientField.setAccessible(true);
         OkHttpClient clientValue = (OkHttpClient) clientField.get(client);
         assertNotNull(client);
-        assertEquals(2, clientValue.interceptors().size());
+        assertEquals(3, clientValue.interceptors().size());
     }
 }
-
-
@@ -46,7 +46,12 @@
       <groupId>com.netcracker.cloud.security.core.utils</groupId>
       <artifactId>tls-utils</artifactId>
     </dependency>
-    <!--Test-->
+    <dependency>
+        <groupId>com.netcracker.cloud.security.core.utils</groupId>
+        <artifactId>k8s-utils</artifactId>
+        <version>3.1.0-SNAPSHOT</version>
+    </dependency>
+      <!--Test-->
     <dependency>
       <groupId>io.quarkus</groupId>
       <artifactId>quarkus-junit</artifactId>

@@ -4,16 +4,16 @@
 import com.netcracker.cloud.routesregistration.common.gateway.route.*;
 import com.netcracker.cloud.routesregistration.common.gateway.route.rest.RegistrationRequestFactory;
 import com.netcracker.cloud.routesregistration.common.gateway.route.transformation.RouteTransformer;
-import com.netcracker.cloud.security.core.auth.Token;
+import com.netcracker.cloud.security.core.utils.tls.TlsUtils;
 import io.quarkus.arc.Unremovable;
 import io.reactivex.Scheduler;
 import io.reactivex.schedulers.Schedulers;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.enterprise.inject.Produces;
 import jakarta.inject.Named;
 import okhttp3.OkHttpClient;
-import okhttp3.Request;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
+import com.netcracker.cloud.security.core.utils.k8s.M2MClientFactory;
 
 import java.util.Optional;
 
@@ -82,15 +82,8 @@ ControlPlaneClient controlPlaneClient(@Named(CONTROL_PLANE_HTTP_CLIENT) OkHttpCl
     @Produces
     @Named(CONTROL_PLANE_HTTP_CLIENT)
     OkHttpClient controlPlaneHttpClient() {
-        return new OkHttpClient.Builder()
-                .addInterceptor(chain -> {
-                    Token token = M2MManager.getInstance().getToken();
-                    Request original = chain.request();
-                    Request request = original.newBuilder()
-                            .addHeader("Authorization", token.getTokenType() + " " + token.getTokenValue())
-                            .build();
-                    return chain.proceed(request);
-                })
+        return M2MClientFactory.getM2mOkHttpClient(() -> M2MManager.getInstance().getToken().getTokenValue())
+                .newBuilder()
                 .retryOnConnectionFailure(true)
                 .build();
     }

@@ -25,5 +25,15 @@
             <artifactId>rest-security-adapters</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.netcracker.cloud</groupId>
+            <artifactId>microservice-restclient-okhttp</artifactId>
+            <version>7.1.0-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>com.netcracker.cloud.security.core.utils</groupId>
+            <artifactId>k8s-utils</artifactId>
+            <version>3.1.0-SNAPSHOT</version>
+        </dependency>
     </dependencies>
 </project>
@@ -1,5 +1,7 @@
 package com.netcracker.cloud.configserver.resttemplate;
 
+import com.netcracker.cloud.restclient.okhttp.MicroserviceOkHttpRestClient;
+import com.netcracker.cloud.security.core.utils.k8s.M2MClientFactory;
 import org.apache.hc.client5.http.classic.HttpClient;
 import org.apache.hc.client5.http.impl.classic.HttpClients;
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
@@ -14,10 +16,9 @@
 import org.springframework.boot.bootstrap.ConfigurableBootstrapContext;
 import org.springframework.boot.logging.DeferredLogFactory;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.http.client.JdkClientHttpRequestFactory;
 import org.springframework.web.client.RestTemplate;
 
-import java.util.Collections;
-
 public class RestTemplateConfigServerConfigDataLocationResolver extends AbstractCustomConfigServerConfigDataLocationResolver {
 
     @Value("${connection.readTimeout:60000}")
@@ -32,10 +33,14 @@ public RestTemplateConfigServerConfigDataLocationResolver(DeferredLogFactory log
 
     @Override
     public MicroserviceRestClient getMicroserviceRestClient() {
-        return new MicroserviceRestTemplate(createM2MRestTemplate());
+        if (hasM2M(configurableBootstrapContext)) {
+            var client = M2MClientFactory.getM2mOkHttpClient(() -> getM2MToken(configurableBootstrapContext));
+            return new MicroserviceOkHttpRestClient(client);
+        }
+        return createM2MRestTemplate();
     }
 
-    private RestTemplate createM2MRestTemplate() {
+    private MicroserviceRestClient createM2MRestTemplate() {
         RestTemplate template = new RestTemplate();
         SocketConfig socketConfig = SocketConfig.custom().setSoTimeout(Timeout.ofMilliseconds(readTimeout)).build();
 
@@ -45,14 +50,7 @@ private RestTemplate createM2MRestTemplate() {
         HttpClient httpClient = HttpClients.custom().setConnectionManager(poolingHttpClientConnectionManager).build();
 
         template.setRequestFactory(new HttpComponentsClientHttpRequestFactory(httpClient));
-        if (hasM2M(configurableBootstrapContext)) {
-            template.setInterceptors(Collections.singletonList((request, body, execution) -> {
-                request.getHeaders().setBearerAuth(getM2MToken(configurableBootstrapContext));
-                return execution.execute(request, body);
-            }));
-        }
-
-        return template;
+        return new MicroserviceRestTemplate(template);
     }
 
     private String getM2MToken(ConfigurableBootstrapContext configurableBootstrapContext) {

@@ -25,5 +25,15 @@
             <artifactId>rest-security-adapters</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.netcracker.cloud</groupId>
+            <artifactId>microservice-restclient-okhttp</artifactId>
+            <version>7.1.0-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>com.netcracker.cloud.security.core.utils</groupId>
+            <artifactId>k8s-utils</artifactId>
+            <version>3.1.0-SNAPSHOT</version>
+        </dependency>
     </dependencies>
 </project>