Set up a development environment

JIT Groups is a standalone Java application that's based on Quarkus and designed to run in the App Engine Java 17 Standard Environment or on Cloud Run.

Prerequisites

To build and run the application locally, you need:

Make sure both java and mvn are available in your PATH.

To run JIT Groups locally, you need a development project. The quickest way to set up a project is to do the following:

Follow the instructions in Deploy JIT Groups to deploy JIT Groups to a development project.
Grant your own user account the Service Account Token Creator on the service account used by JIT Groups.

You can debug and run the application locally by using the following command:

mvn quarkus:dev -Dsuspend=y -Ddebug=true -Djitaccess.impersonateServiceAccount=SERVICE_ACCOUNT -Djitaccess.debug=true

Replace SERVICE_ACCOUNT with the email address of the service account used by JIT Groups.

This command does the following:

You can then access the application on http://localhost:8080/. Use the debug panel in the lower left to specify a test principal.

To introspect HTTPS traffic using tools like Fiddler, use the following additional parameters:

-DproxyHost=127.0.0.1 -DproxyPort=8888 -DproxySet=true -Djavax.net.ssl.trustStore=JKS_PATH -Djavax.net.ssl.trustStorePassword=JKS_PASSWORD

Replace the following:

JKS_PATH: Path to the keystore that contains the CA certificate of the introspection tool
JKS_PASSWORD: Password of the keystore (typically, changeit)

To run the JUnit tests, do the following:

Create a service account no-access@ in your development project and grant yourself the Token Account Creator role on the service account so that you can impersonate it.
Create a service account temporary-access@ in your development project and grant yourself the Token Account Creator role on the service account so that you can impersonate it.
Create a file sources/test.properties with the following content:
```
test.project = PROJECT_ID
```
Where PROJECT_ID is the ID of your development project.