sensitive property look-up from env variables(GONRG-4404)

45502e7a · Rustam Lotsmanenko (EPAM) · Riabokon Stanislav(EPAM)[GCP] · 2e0d29a3 · 45502e7a · 45502e7a
Commit 45502e7a authored 3 years ago by Rustam Lotsmanenko (EPAM) Committed by Riabokon Stanislav(EPAM)[GCP] 3 years ago
--- a/provider/legal-gcp/docs/anthos/README.md
+++ b/provider/legal-gcp/docs/anthos/README.md
@@ -9,6 +9,10 @@ Must have:
 | name | value | description | sensitive? | source |
 | ---  | ---   | ---         | ---        | ---    |
 | `SPRING_PROFILES_ACTIVE` | ex `anthos` | Spring profile that activate default configuration for GCP environment | false | - |
+| `<POSTGRES_PASSWORD_ENV_VARIABLE_NAME>` | ex `password` | Potgres user, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service, see [Partition properties set](#Properties-set-in-Partition-service)  | yes | - |
+| `<MINIO_SECRETKEY_ENV_VARIABLE_NAME>` | ex `password` | Minio password, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service, see [Partition properties set](#Properties-set-in-Partition-service) | false | - |
+| `<AMQP_PASSWORD_ENV_VARIABLE_NAME>` | ex `password` | RabbitMQ password, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service, see [Partition properties set](#Properties-set-in-Partition-service) | false | - |
+| `<AMQP_ADMIN_PASSWORD_ENV_VARIABLE_NAME>` | ex `password` | RabbitMQ Admin password, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service, see [Partition properties set](#Properties-set-in-Partition-service) | false | - |

 Defined in default application property file but possible to override:

@@ -34,6 +38,24 @@ Usage of spring profiles is preferred.
 | `OQMDRIVER` | `rabbitmq` | Oqm driver mode that defines which message broker will be used | no | - |
 | `SERVICE_TOKEN_PROVIDER` | `GCP` or `OPENID` |Service account token provider, `GCP` means use Google service account `OPEIND` means use OpenId provider like `Keycloak` | no | - |

+### Properties set in Partition service:
+
+Note that properties can be set in Partition as `sensitive` in that case in property `value` should be present not value itself, but ENV variable name.
+This variable should be present in environment of service that need that variable.
+
+Example:
+```
+    "elasticsearch.port": {
+      "sensitive": false, <- value not sensitive 
+      "value": "9243"  <- will be used as is.
+    },
+      "elasticsearch.password": {
+      "sensitive": true, <- value is sensitive 
+      "value": "ELASTIC_SEARCH_PASSWORD_OSDU" <- service consumer should have env variable ELASTIC_SEARCH_PASSWORD_OSDU with elastic search password
+    }
+```
+
+
 ## Postgres configuration:

 ### Properties set in Partition service:
@@ -69,7 +91,7 @@ curl -L -X PATCH 'http://partition.com/api/partition/v1/partitions/opendes' -H '
    },
    "osm.postgres.datasource.password": {
      "sensitive": true,
-      "value": "postgres"
+      "value": "<POSTGRES_PASSWORD_ENV_VARIABLE_NAME>" <- (Not actual value, just name of env variable)
    }
  }
 }'
@@ -169,7 +191,7 @@ curl -L -X PATCH 'https://dev.osdu.club/api/partition/v1/partitions/opendes' -H
    },
    "oqm.rabbitmq.amqp.password": {
      "sensitive": true,
-      "value": "guest"
+      "value": "<AMQP_PASSWORD_ENV_VARIABLE_NAME>" <- (Not actual value, just name of env variable)
    },

     "oqm.rabbitmq.admin.schema": {
@@ -194,7 +216,7 @@ curl -L -X PATCH 'https://dev.osdu.club/api/partition/v1/partitions/opendes' -H
    },
    "oqm.rabbitmq.admin.password": {
      "sensitive": true,
-      "value": "guest"
+      "value": "<AMQP_ADMIN_PASSWORD_ENV_VARIABLE_NAME>" <- (Not actual value, just name of env variable)
    }
  }
 }'
@@ -251,7 +273,7 @@ curl -L -X PATCH 'https://dev.osdu.club/api/partition/v1/partitions/opendes' -H
    },
    "obm.minio.credentials.secret.key": {
      "sensitive": false,
-      "value": "secret"
+      "value": "<MINIO_SECRETKEY_ENV_VARIABLE_NAME>" <- (Not actual value, just name of env variable)
    }
  }
 }'

--- a/provider/legal-gcp/pom.xml
+++ b/provider/legal-gcp/pom.xml
@@ -75,7 +75,7 @@
    <dependency>
      <groupId>org.opengroup.osdu</groupId>
      <artifactId>core-lib-gcp</artifactId>
-      <version>0.14.0-rc1</version>
+      <version>0.14.0-rc2</version>
    </dependency>
    <dependency>
      <groupId>org.opengroup.osdu.legal</groupId>