diff --git a/.fossa.yml b/.fossa.yml
index ad198294f8c5fb49dd2d00f408493f3993af057c..c530ca18f16acf9fb7f442885d83823722930904 100644
--- a/.fossa.yml
+++ b/.fossa.yml
@@ -32,3 +32,7 @@ analyze:
type: mvn
target: provider/legal-aws/pom.xml
path: .
+ - name: legal-ibm
+ type: mvn
+ target: provider/legal-ibm/pom.xml
+ path: .
diff --git a/NOTICE b/NOTICE
index ac0c9a28fd76c6b8c9dd234d458d7ae5218da465..9704c41f2b48092493448d3bc243afea728deff8 100644
--- a/NOTICE
+++ b/NOTICE
@@ -25,6 +25,8 @@ Apache-2.0
========================================================================
The following software have components provided under the terms of this license:
+- AMQP 1.0 JMS Spring Boot AutoConfiguration (from https://repo1.maven.org/maven2/org/amqphub/spring/amqp-10-jms-spring-boot-autoconfigure)
+- AMQP 1.0 JMS Spring Boot Starter (from https://repo1.maven.org/maven2/org/amqphub/spring/amqp-10-jms-spring-boot-starter)
- ASM Analysis (from )
- ASM Commons (from )
- ASM Core (from )
@@ -235,6 +237,10 @@ The following software have components provided under the terms of this license:
- Apache Commons Text (from http://commons.apache.org/proper/commons-text/)
- Apache Commons Validator (from http://commons.apache.org/proper/commons-validator/)
- Apache Commons Validator (from http://commons.apache.org/proper/commons-validator/)
+- Apache Geronimo JMS Spec 2.0 (from http://geronimo.apache.org/maven/${siteId}/${version})
+- Apache Groovy (from http://groovy-lang.org)
+- Apache Groovy (from http://groovy-lang.org)
+- Apache Groovy (from http://groovy-lang.org)
- Apache HttpAsyncClient (from http://hc.apache.org/httpcomponents-asyncclient)
- Apache HttpClient (from http://hc.apache.org/httpcomponents-client)
- Apache HttpCore (from http://hc.apache.org/httpcomponents-core-ga)
@@ -267,6 +273,7 @@ The following software have components provided under the terms of this license:
- Commons Digester (from http://commons.apache.org/digester/)
- Commons Digester (from http://commons.apache.org/digester/)
- Commons IO (from http://commons.apache.org/io/)
+- Commons IO (from http://commons.apache.org/io/)
- Commons Lang (from http://commons.apache.org/lang/)
- Converter: Jackson (from )
- Doxia :: APT Module (from )
@@ -299,6 +306,10 @@ The following software have components provided under the terms of this license:
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- HPPC Collections (from http://labs.carrotsearch.com)
- Hibernate Validator Engine (from )
+- IBM COS Java SDK for Amazon S3 (from https://github.com/ibm/ibm-cos-sdk-java)
+- IBM COS Java SDK for COS KMS (from https://github.com/ibm/ibm-cos-sdk-java)
+- IBM COS SDK For Java (from https://github.com/ibm/ibm-cos-sdk-java)
+- IBM COS SDK for Java - Core (from https://github.com/ibm/ibm-cos-sdk-java)
- Identity and Access Management (IAM) API v1-rev247-1.23.0 (from )
- J2ObjC Annotations (from https://github.com/google/j2objc/)
- J2ObjC Annotations (from https://github.com/google/j2objc/)
@@ -330,6 +341,7 @@ The following software have components provided under the terms of this license:
- Java Servlet API (from http://servlet-spec.java.net)
- Java UUID Generator (from http://wiki.fasterxml.com/JugHome)
- Javassist (from http://www.javassist.org/)
+- Javassist (from http://www.javassist.org/)
- Jetty Server (from )
- Jetty Utilities (from )
- Joda-Time (from http://www.joda.org/joda-time/)
@@ -370,8 +382,8 @@ The following software have components provided under the terms of this license:
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
-- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
+- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- Mojo's Maven plugin for Cobertura (from http://mojo.codehaus.org/cobertura-maven-plugin/)
- Netty Reactive Streams Implementation (from )
@@ -395,8 +407,10 @@ The following software have components provided under the terms of this license:
- OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
- Objenesis (from http://objenesis.org)
- OkHttp (from )
+- OkHttp (from )
- OkHttp Logging Interceptor (from )
- OkHttp URLConnection (from )
+- OkHttp URLConnection (from )
- Okio (from )
- OpenCensus (from https://github.com/census-instrumentation/opencensus-java)
- OpenCensus (from https://github.com/census-instrumentation/opencensus-java)
@@ -408,6 +422,7 @@ The following software have components provided under the terms of this license:
- Plexus Velocity Component (from )
- PowerMock (from http://www.powermock.org)
- Protocol Buffer extensions to the Google HTTP Client Library for Java. (from )
+- QpidJMS Client (from )
- Reactive Object Pool (from https://github.com/reactor/reactor-pool)
- Reactive Streams Netty driver (from https://github.com/reactor/reactor-netty)
- Retrofit (from )
@@ -437,9 +452,12 @@ The following software have components provided under the terms of this license:
- Spring Context (from https://github.com/spring-projects/spring-framework)
- Spring Core (from https://github.com/spring-projects/spring-framework)
- Spring Expression Language (SpEL) (from https://github.com/spring-projects/spring-framework)
+- Spring JMS (from https://github.com/spring-projects/spring-framework)
+- Spring Messaging (from https://github.com/spring-projects/spring-framework)
- Spring Plugin - Core (from )
- Spring Plugin - Metadata Extension (from )
- Spring TestContext Framework (from https://github.com/spring-projects/spring-framework)
+- Spring Transaction (from https://github.com/spring-projects/spring-framework)
- Spring Web (from https://github.com/spring-projects/spring-framework)
- Spring Web MVC (from https://github.com/spring-projects/spring-framework)
- T-Digest (from https://github.com/tdunning/t-digest)
@@ -472,8 +490,11 @@ The following software have components provided under the terms of this license:
- io.grpc:grpc-protobuf-lite (from https://github.com/grpc/grpc-java)
- io.grpc:grpc-stub (from https://github.com/grpc/grpc-java)
- ion-java (from https://github.com/amznlabs/ion-java/)
+- ion-java (from https://github.com/amznlabs/ion-java/)
- jackson-databind (from http://github.com/FasterXML/jackson)
- jackson-databind (from http://github.com/FasterXML/jackson)
+- java-cloudant (from https://cloudant.com)
+- java-cloudant (from https://cloudant.com)
- javax.inject (from http://code.google.com/p/atinject/)
- javax.ws.rs-api (from http://jax-rs-spec.java.net)
- jersey-container-servlet (from git://java.net/jersey~code/project/jersey-container-servlet)
@@ -502,6 +523,7 @@ The following software have components provided under the terms of this license:
- powermock-reflect (from )
- proto-google-cloud-datastore-v1 (from https://github.com/googleapis/api-client-staging)
- proton-j (from )
+- proton-j (from )
- rank-eval (from https://github.com/elastic/elasticsearch)
- resilience4j (from https://github.com/resilience4j/resilience4j)
- resilience4j (from https://github.com/resilience4j/resilience4j)
@@ -516,6 +538,7 @@ The following software have components provided under the terms of this license:
- spring-security-oauth2-client (from http://spring.io/spring-security)
- spring-security-oauth2-core (from http://spring.io/spring-security)
- spring-security-oauth2-jose (from http://spring.io/spring-security)
+- spring-security-oauth2-resource-server (from http://spring.io/spring-security)
- spring-security-test (from http://spring.io/spring-security)
- spring-security-web (from http://spring.io/spring-security)
- springfox-core (from https://github.com/springfox/springfox)
@@ -569,6 +592,7 @@ The following software have components provided under the terms of this license:
- ASM library repackaged as OSGi bundle (from )
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/)
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/)
+- Apache Groovy (from http://groovy-lang.org)
- GAX (Google Api eXtensions) (from https://github.com/googleapis)
- GAX (Google Api eXtensions) (from https://github.com/googleapis)
- GAX (Google Api eXtensions) (from https://github.com/googleapis)
@@ -808,6 +832,7 @@ The following software have components provided under the terms of this license:
- Java Native Access (from https://github.com/java-native-access/jna)
- Java Native Access Platform (from https://github.com/java-native-access/jna)
- Javassist (from http://www.javassist.org/)
+- Javassist (from http://www.javassist.org/)
- Logback Classic Module (from )
- Logback Core Module (from )
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
@@ -823,6 +848,7 @@ The following software have components provided under the terms of this license:
- Java Native Access (from https://github.com/java-native-access/jna)
- Java Native Access Platform (from https://github.com/java-native-access/jna)
+- Javassist (from http://www.javassist.org/)
- SnakeYAML (from http://www.snakeyaml.org)
========================================================================
@@ -869,8 +895,8 @@ The following software have components provided under the terms of this license:
- Microsoft Azure client library for Identity (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure client library for KeyVault Secrets (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure common module for Storage (from https://github.com/Azure/azure-sdk-for-java)
-- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
+- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- Netty/Codec/HTTP (from )
- Netty/Common (from )
@@ -889,12 +915,14 @@ The following software have components provided under the terms of this license:
- Cobertura code coverage (from http://cobertura.sourceforge.net)
- Javassist (from http://www.javassist.org/)
+- Javassist (from http://www.javassist.org/)
========================================================================
MPL-2.0
========================================================================
The following software have components provided under the terms of this license:
+- Javassist (from http://www.javassist.org/)
- Javassist (from http://www.javassist.org/)
========================================================================
@@ -949,6 +977,8 @@ public-domain
The following software have components provided under the terms of this license:
- AWS SDK for Java - Models (from https://aws.amazon.com/sdkforjava)
+- Apache Groovy (from http://groovy-lang.org)
+- Apache Groovy (from http://groovy-lang.org)
- Asynchronous Http Client (from )
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
diff --git a/devops/azure/README.md b/devops/azure/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..e053a04930fb01908010f2bd7793a06d94846a3d
--- /dev/null
+++ b/devops/azure/README.md
@@ -0,0 +1,21 @@
+# Pipeline Support Commands
+
+```bash
+AZURE_SERVICE="legal"
+REPO_BRANCH="master"
+TAG="latest"
+PARTIAL=${REPO_BRANCH/\//-}
+BRANCH=${PARTIAL/./-}
+
+echo "--set image.branch=$BRANCH --set image.tag=$TAG"
+
+# Remove the Service
+kubectl delete deployment osdu-gitlab-$AZURE_SERVICE
+kubectl delete service osdu-gitlab-$AZURE_SERVICE
+
+# Install the Service
+helm upgrade -i osdu-gitlab-$AZURE_SERVICE chart --set image.branch=$BRANCH --set image.tag=$TAG
+pod=$(kubectl get pod |grep $AZURE_SERVICE | tail -1 | awk '{print $1}')
+status=$(kubectl wait --for=condition=Ready pod/$pod --timeout=60s)
+if [[ "$status" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
+```
diff --git a/devops/azure/chart/Chart.yaml b/devops/azure/chart/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f4bfe007924a4ecb30a3094bce16319d0097ba09
--- /dev/null
+++ b/devops/azure/chart/Chart.yaml
@@ -0,0 +1,20 @@
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: legal
+appVersion: "latest"
+description: Helm Chart for installing legal service.
+version: 0.1.0
+type: application
diff --git a/devops/azure/chart/templates/deployment.yaml b/devops/azure/chart/templates/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..88d1cd931a3a5b51b6724669b61d7e6962933476
--- /dev/null
+++ b/devops/azure/chart/templates/deployment.yaml
@@ -0,0 +1,122 @@
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}
+ namespace: osdu
+spec:
+ replicas: {{ .Values.global.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Chart.Name }}
+ aadpodidbinding: osdu-identity
+ spec:
+ volumes:
+ - name: azure-keyvault
+ csi:
+ driver: secrets-store.csi.k8s.io
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: azure-keyvault
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image.repository }}/{{ .Chart.Name }}-{{ .Values.image.branch }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 80
+ readinessProbe:
+ httpGet:
+ path: /api/legal/v1/swagger-ui.html
+ port: 80
+ volumeMounts:
+ - name: azure-keyvault
+ mountPath: "/mnt/azure-keyvault"
+ readOnly: true
+ env:
+ - name: spring_application_name
+ value: legal
+ - name: server.servlet.contextPath
+ value: /api/legal/v1/
+ - name: server_port
+ value: "80"
+ - name: ACCEPT_HTTP # TEMPORARY UNTIL HTTPS
+ value: "true"
+ - name: KEYVAULT_URI
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_KEYVAULT
+ - name: AZURE_CLIENT_ID
+ valueFrom:
+ secretKeyRef:
+ name: clientid
+ key: clientid
+ - name: AZURE_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: clientpassword
+ key: clientpassword
+ - name: AZURE_TENANT_ID
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_TENANT_ID
+ - name: aad_client_id
+ valueFrom:
+ secretKeyRef:
+ name: appid
+ key: appid
+ - name: appinsights_key
+ valueFrom:
+ secretKeyRef:
+ name: appinsights
+ key: appinsights
+ - name: servicebus_namespace_name
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_SERVICEBUS_NAMESPACE
+ - name: storage_account
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_STORAGE_ACCOUNT
+ - name: azure_activedirectory_session_stateless
+ value: "true"
+ - name: azure_activedirectory_AppIdUri
+ value: "api://$(aad_client_id)"
+ - name: cosmosdb_database
+ value: osdu-db
+ - name: LOG_PREFIX
+ value: legal
+ - name: azure_storage_container_name
+ value: legal-service-azure-configuration
+ - name: azure_storage_enable_https
+ value: "true"
+ - name: legal_service_region
+ value: us
+ - name: servicebus_topic_name
+ value: legaltags
+ - name: entitlements_service_endpoint
+ value: http://entitlements-azure/entitlements/v1
+ - name: entitlements_service_api_key
+ value: "OBSOLETE"
+ - name: azure_istioauth_enabled
+ value: "true"
diff --git a/devops/azure/chart/templates/service.yaml b/devops/azure/chart/templates/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..eb5d124b64e3fdc13f20c0c0480aa1fd13a7a173
--- /dev/null
+++ b/devops/azure/chart/templates/service.yaml
@@ -0,0 +1,27 @@
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: osdu
+spec:
+ type: ClusterIP
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 80
+ selector:
+ app: {{ .Chart.Name }}
diff --git a/devops/azure/chart/values.yaml b/devops/azure/chart/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3567d0f15392658badcba18a9ee24fd7024baf11
--- /dev/null
+++ b/devops/azure/chart/values.yaml
@@ -0,0 +1,21 @@
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ replicaCount: 1
+
+image:
+ repository: community.opengroup.org:5555/osdu/platform/security-and-compliance/legal
+ branch: master
+ tag: latest
diff --git a/devops/azure/release.yaml b/devops/azure/release.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..072fc703aa3a5aeafa81a32d8b77f22e8240220b
--- /dev/null
+++ b/devops/azure/release.yaml
@@ -0,0 +1,151 @@
+---
+# Source: legal/templates/service.yaml
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: osdu-gitlab-legal
+ namespace: osdu
+spec:
+ type: ClusterIP
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 80
+ selector:
+ app: osdu-gitlab-legal
+---
+# Source: legal/templates/deployment.yaml
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: osdu-gitlab-legal
+ namespace: osdu
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: osdu-gitlab-legal
+ template:
+ metadata:
+ labels:
+ app: osdu-gitlab-legal
+ aadpodidbinding: osdu-identity
+ spec:
+ volumes:
+ - name: azure-keyvault
+ csi:
+ driver: secrets-store.csi.k8s.io
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: azure-keyvault
+ containers:
+ - name: osdu-gitlab-legal
+ image: community.opengroup.org:5555/osdu/platform/security-and-compliance/legal/legal-master:latest
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 80
+ readinessProbe:
+ httpGet:
+ path: /entitlements/v1/swagger-ui.html
+ port: 80
+ volumeMounts:
+ - name: azure-keyvault
+ mountPath: "/mnt/azure-keyvault"
+ readOnly: true
+ env:
+ - name: spring_application_name
+ value: legal
+ - name: server.servlet.contextPath
+ value: /api/legal/v1/
+ - name: server_port
+ value: "80"
+ - name: ACCEPT_HTTP # TEMPORARY UNTIL HTTPS
+ value: "true"
+ - name: KEYVAULT_URI
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_KEYVAULT
+ - name: AZURE_CLIENT_ID
+ valueFrom:
+ secretKeyRef:
+ name: clientid
+ key: clientid
+ - name: AZURE_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: clientpassword
+ key: clientpassword
+ - name: AZURE_TENANT_ID
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_TENANT_ID
+ - name: aad_client_id
+ valueFrom:
+ secretKeyRef:
+ name: appid
+ key: appid
+ - name: appinsights_key
+ valueFrom:
+ secretKeyRef:
+ name: appinsights
+ key: appinsights
+ - name: servicebus_namespace_name
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_SERVICEBUS_NAMESPACE
+ - name: storage_account
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_STORAGE_ACCOUNT
+ - name: azure_activedirectory_session_stateless
+ value: "true"
+ - name: azure_activedirectory_AppIdUri
+ value: "api://$(aad_client_id)"
+ - name: cosmosdb_database
+ value: osdu-db
+ - name: LOG_PREFIX
+ value: legal
+ - name: azure_storage_container_name
+ value: legal-service-azure-configuration
+ - name: azure_storage_enable_https
+ value: "true"
+ - name: legal_service_region
+ value: us
+ - name: servicebus_topic_name
+ value: legaltags
+ - name: entitlements_service_endpoint
+ value: http://entitlements-azure/entitlements/v1
+ - name: entitlements_service_api_key
+ value: "OBSOLETE"
diff --git a/provider/legal-aws/build-aws/buildspec.yaml b/provider/legal-aws/build-aws/buildspec.yaml
index 938d62753f25dd661a594004861fe744b9783765..a247ac98de5e32ae7322bc4c89a534a8ac017d32 100644
--- a/provider/legal-aws/build-aws/buildspec.yaml
+++ b/provider/legal-aws/build-aws/buildspec.yaml
@@ -31,7 +31,8 @@ phases:
- echo $JAVA_HOME #WHY
- mkdir -p /root/.m2
- cp ./provider/legal-aws/maven/settings.xml /root/.m2/settings.xml # copy the AWS-specific settings.xml to the CodeBuild instance's .m2 folder
- - export AWS_OSDU_DEV_MAVEN_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain osdu-dev --domain-owner 888733619319 --query authorizationToken --output text`
+ - export AWS_ACCOUNT_ID=`aws sts get-caller-identity | grep Account | cut -d':' -f 2 | cut -d'"' -f 2`
+ - export AWS_OSDU_DEV_MAVEN_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain $AWS_OSDU_DEV_MAVEN_DOMAIN --domain-owner $AWS_ACCOUNT_ID --query authorizationToken --output text`
pre_build:
commands:
- echo "Logging in to Amazon ECR..."
diff --git a/provider/legal-azure/README.md b/provider/legal-azure/README.md
index 9154f0013c4d45c8821c75ef7c3673b6668fdb35..5f4f747f5c3d1371f726679da7c23d575cd75c27 100644
--- a/provider/legal-azure/README.md
+++ b/provider/legal-azure/README.md
@@ -60,6 +60,7 @@ az keyvault secret show --vault-name $KEY_VAULT_NAME --name $KEY_VAULT_SECRET_NA
| `AZURE_TENANT_ID` | `********` | AD tenant to authenticate users from | yes | keyvault secret: `$KEYVAULT_URI/secrets/app-dev-sp-tenant-id` |
| `AZURE_CLIENT_SECRET` | `********` | Secret for `$AZURE_CLIENT_ID` | yes | keyvault secret: `$KEYVAULT_URI/secrets/app-dev-sp-password` |
| `appinsights_key` | `********` | API Key for App Insights | yes | output of infrastructure deployment |
+| `azure_istioauth_enabled` | `true` | Flag to Disable AAD auth | no | -- |
**Required to run integration tests**
diff --git a/provider/legal-azure/src/main/java/org/opengroup/osdu/legal/azure/security/AADSecurityConfig.java b/provider/legal-azure/src/main/java/org/opengroup/osdu/legal/azure/security/AADSecurityConfig.java
index 1c96f3deff490025c1e2ddc8c8e8575d9ebb2882..cd284dfe01d92b24c5d040c1d90b8297d06975f7 100644
--- a/provider/legal-azure/src/main/java/org/opengroup/osdu/legal/azure/security/AADSecurityConfig.java
+++ b/provider/legal-azure/src/main/java/org/opengroup/osdu/legal/azure/security/AADSecurityConfig.java
@@ -15,18 +15,22 @@
package org.opengroup.osdu.legal.azure.security;
import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.parameters.P;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.inject.Inject;
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
+@ConditionalOnProperty(value = "azure.istio.auth.enabled", havingValue = "false", matchIfMissing = false)
public class AADSecurityConfig extends WebSecurityConfigurerAdapter {
+
@Inject
private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;
diff --git a/provider/legal-azure/src/main/java/org/opengroup/osdu/legal/azure/security/AzureIstioSecurityConfig.java b/provider/legal-azure/src/main/java/org/opengroup/osdu/legal/azure/security/AzureIstioSecurityConfig.java
new file mode 100644
index 0000000000000000000000000000000000000000..2de6575c262f49d71fa75ae25a1466e762275b66
--- /dev/null
+++ b/provider/legal-azure/src/main/java/org/opengroup/osdu/legal/azure/security/AzureIstioSecurityConfig.java
@@ -0,0 +1,35 @@
+// Copyright © Microsoft Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package org.opengroup.osdu.legal.azure.security;
+
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@ConditionalOnProperty(value = "azure.istio.auth.enabled", havingValue = "true", matchIfMissing = true)
+public class AzureIstioSecurityConfig extends WebSecurityConfigurerAdapter {
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.httpBasic().disable()
+ .csrf().disable(); //AuthN is disabled. AuthN is handled by sidecar proxy
+ }
+}
diff --git a/provider/legal-azure/src/main/resources/application.properties b/provider/legal-azure/src/main/resources/application.properties
index 6744890ff4e6ad7db6ab7973f9ae3d0519cfaf4a..f4835b67e3187e457a1384351083981b4f92a29d 100644
--- a/provider/legal-azure/src/main/resources/application.properties
+++ b/provider/legal-azure/src/main/resources/application.properties
@@ -21,10 +21,14 @@ AUTHORIZE_API_KEY=${entitlements_service_api_key}
LEGAL_HOSTNAME=notused
CRON_JOB_IP=10.0.0.1
-# Azure AD configuration for OpenIDConnect
-azure.activedirectory.session-stateless=true
-azure.activedirectory.client-id=${aad_client_id}
-azure.activedirectory.AppIdUri=api://${azure.activedirectory.client-id}
+# Azure AD configuration for OpenIDConnect, commented below settings to disable AAD AuthN ,
+# Uncomment it In the Istio AUTHN disabled Scenario
+#azure.activedirectory.session-stateless=true
+#azure.activedirectory.client-id=${aad_client_id}
+#azure.activedirectory.AppIdUri=api://${azure.activedirectory.client-id}
+
+# Istio Auth Enabled
+azure.istio.auth.enabled=${azure_istioauth_enabled}
# Azure CosmosDB configuration
azure.cosmosdb.database=${cosmosdb_database}
@@ -49,4 +53,4 @@ spring.application.name=legal-azure
#logging configuration
logging.transaction.enabled=true
-logging.slf4jlogger.enabled=true
\ No newline at end of file
+logging.slf4jlogger.enabled=true
diff --git a/provider/legal-gcp/pom.xml b/provider/legal-gcp/pom.xml
index e69077e0bb5252cc0d33952052b32f015566f6bc..05a0b9e363ec560eb442ff8d8813c2e280dec924 100644
--- a/provider/legal-gcp/pom.xml
+++ b/provider/legal-gcp/pom.xml
@@ -52,7 +52,7 @@
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-gcp</artifactId>
- <version>0.1.21</version>
+ <version>0.3.21</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
diff --git a/provider/legal-gcp/src/main/java/org/opengroup/osdu/legal/di/DatastoreCredentialsCacheFactory.java b/provider/legal-gcp/src/main/java/org/opengroup/osdu/legal/di/DatastoreCredentialsCacheFactory.java
new file mode 100644
index 0000000000000000000000000000000000000000..ef979fbdb3a114add5abe25241d67db26cf3a9ee
--- /dev/null
+++ b/provider/legal-gcp/src/main/java/org/opengroup/osdu/legal/di/DatastoreCredentialsCacheFactory.java
@@ -0,0 +1,23 @@
+package org.opengroup.osdu.legal.di;
+
+import org.opengroup.osdu.core.common.cache.ICache;
+import org.opengroup.osdu.core.common.cache.VmCache;
+import org.opengroup.osdu.core.gcp.multitenancy.credentials.DatastoreCredential;
+import org.springframework.beans.factory.config.AbstractFactoryBean;
+import org.springframework.stereotype.Component;
+
+@Component
+public class DatastoreCredentialsCacheFactory extends
+ AbstractFactoryBean<ICache<String, DatastoreCredential>> {
+
+ @Override
+ public Class<?> getObjectType() {
+ return ICache.class;
+ }
+
+ @Override
+ protected ICache<String, DatastoreCredential> createInstance() throws Exception {
+ return new VmCache<>(5 * 60, 20);
+ }
+}
+
diff --git a/provider/legal-gcp/src/main/java/org/opengroup/osdu/legal/tags/LegalTagRepositoryFactoryGcpImpl.java b/provider/legal-gcp/src/main/java/org/opengroup/osdu/legal/tags/LegalTagRepositoryFactoryGcpImpl.java
index b13ff2b094cb6e01437ac93dbac2383301122fcb..716998773b99a7160ad0f2ed8baec2adfedec93e 100644
--- a/provider/legal-gcp/src/main/java/org/opengroup/osdu/legal/tags/LegalTagRepositoryFactoryGcpImpl.java
+++ b/provider/legal-gcp/src/main/java/org/opengroup/osdu/legal/tags/LegalTagRepositoryFactoryGcpImpl.java
@@ -1,16 +1,15 @@
package org.opengroup.osdu.legal.tags;
+import com.google.cloud.datastore.Datastore;
import java.util.HashMap;
import java.util.Map;
-
-import com.google.cloud.datastore.Datastore;
-
+import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
-import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.opengroup.osdu.core.common.model.http.AppException;
-import org.opengroup.osdu.core.gcp.multitenancy.DatastoreFactory;
+import org.opengroup.osdu.core.common.model.http.DpsHeaders;
+import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
+import org.opengroup.osdu.core.common.provider.interfaces.ITenantFactory;
import org.opengroup.osdu.core.gcp.multitenancy.IDatastoreFactory;
-import org.opengroup.osdu.core.gcp.multitenancy.TenantFactory;
import org.opengroup.osdu.legal.provider.interfaces.ILegalTagRepository;
import org.opengroup.osdu.legal.provider.interfaces.ILegalTagRepositoryFactory;
import org.opengroup.osdu.legal.tags.dataaccess.DatastoreLegalTagRepository;
@@ -22,37 +21,43 @@ import org.springframework.stereotype.Service;
@Primary
public class LegalTagRepositoryFactoryGcpImpl implements ILegalTagRepositoryFactory {
- private final IDatastoreFactory factory;
- private final Map<String, ILegalTagRepository> tenantRepositories = new HashMap<>();
+ private final Map<String, ILegalTagRepository> tenantRepositories = new HashMap<>();
- public LegalTagRepositoryFactoryGcpImpl(){
- this(new DatastoreFactory(new TenantFactory()));
- }
+ private TenantInfo tenantInfo;
+ private IDatastoreFactory factory;
+ private ITenantFactory tenantFactory;
- LegalTagRepositoryFactoryGcpImpl(IDatastoreFactory factory){
- this.factory = factory;
- }
+ public LegalTagRepositoryFactoryGcpImpl(TenantInfo tenantInfo, IDatastoreFactory factory,
+ ITenantFactory tenantFactory) {
+ this.tenantInfo = tenantInfo;
+ this.factory = factory;
+ this.tenantFactory = tenantFactory;
+ }
- @Override
- public ILegalTagRepository get(String tenantName){
- if(StringUtils.isBlank(tenantName))
- throw invalidTenantGivenException(tenantName);
- if(!tenantRepositories.containsKey(tenantName)){
- addRepository(tenantName);
- }
- return tenantRepositories.get(tenantName);
+ @Override
+ public ILegalTagRepository get(String tenantName) {
+ if (StringUtils.isBlank(tenantName)) {
+ throw invalidTenantGivenException(tenantName);
}
-
- private void addRepository(String tenantName) {
- Datastore ds = factory.getDatastore(tenantName, tenantName);
- if(ds == null)
- throw invalidTenantGivenException(tenantName);
- ILegalTagRepository repo = new ResilientLegalTagRepository(new DatastoreLegalTagRepository(ds));
- tenantRepositories.put(tenantName, repo);
+ if (!tenantRepositories.containsKey(tenantName)) {
+ addRepository(tenantName);
}
-
- AppException invalidTenantGivenException(String tenantName){
- return new AppException(403, "Forbidden", String.format("You do not have access to the %s value given %s",
- DpsHeaders.ACCOUNT_ID, tenantName));
+ return tenantRepositories.get(tenantName);
+ }
+
+ private void addRepository(String tenantName) {
+ TenantInfo tenantInfo = tenantFactory.getTenantInfo(tenantName);
+ Datastore ds = factory.getDatastore(tenantInfo);
+ if (Objects.isNull(ds)) {
+ throw invalidTenantGivenException(tenantName);
}
+ ILegalTagRepository repo = new ResilientLegalTagRepository(new DatastoreLegalTagRepository(ds));
+ tenantRepositories.put(tenantName, repo);
+ }
+
+ AppException invalidTenantGivenException(String tenantName) {
+ return new AppException(403, "Forbidden",
+ String.format("You do not have access to the %s value given %s",
+ DpsHeaders.ACCOUNT_ID, tenantName));
+ }
}
diff --git a/provider/legal-gcp/src/test/java/org/opengroup/osdu/legal/tags/LegalTagRepositoryFactoryTest.java b/provider/legal-gcp/src/test/java/org/opengroup/osdu/legal/tags/LegalTagRepositoryFactoryTest.java
index f944636df90819cba4f70def559da99f5e75da29..e330b00a58a8bfdc846aa115cce713d064d15a12 100644
--- a/provider/legal-gcp/src/test/java/org/opengroup/osdu/legal/tags/LegalTagRepositoryFactoryTest.java
+++ b/provider/legal-gcp/src/test/java/org/opengroup/osdu/legal/tags/LegalTagRepositoryFactoryTest.java
@@ -7,48 +7,68 @@ import static org.mockito.Mockito.verify;
import static org.powermock.api.mockito.PowerMockito.when;
import com.google.cloud.datastore.Datastore;
-
+import org.junit.Before;
import org.junit.Test;
-import org.opengroup.osdu.core.gcp.multitenancy.DatastoreFactory;
import org.opengroup.osdu.core.common.model.http.AppException;
+import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
+import org.opengroup.osdu.core.common.provider.interfaces.ITenantFactory;
+import org.opengroup.osdu.core.gcp.multitenancy.DatastoreFactory;
import org.opengroup.osdu.legal.provider.interfaces.ILegalTagRepository;
import org.opengroup.osdu.legal.provider.interfaces.ILegalTagRepositoryFactory;
public class LegalTagRepositoryFactoryTest {
- private static final String TENANT_1 = "tenant1";
+ private static final String TENANT_1 = "tenant1";
+ private DatastoreFactory factory;
+ private ITenantFactory tenantFactory;
- @Test(expected = AppException.class)
- public void should_throwAppException_when_givenBlankName(){
- DatastoreFactory factory = mock(DatastoreFactory.class);
- ILegalTagRepositoryFactory sut = new LegalTagRepositoryFactoryGcpImpl(factory);
- sut.get("");
- }
+ @Before
+ public void init() {
+ factory = mock(DatastoreFactory.class);
+ tenantFactory = mock(ITenantFactory.class);
+ }
- @Test(expected = AppException.class)
- public void should_throwAppException_when_tenantDoesNotExist(){
- DatastoreFactory factory = mock(DatastoreFactory.class);
- when(factory.getDatastore(TENANT_1, TENANT_1)).thenReturn(null);
+ @Test(expected = AppException.class)
+ public void should_throwAppException_when_givenBlankName() {
+ TenantInfo tenantInfo = new TenantInfo();
+ tenantInfo.setName(TENANT_1);
+ when(factory.getDatastore(tenantInfo)).thenReturn(null);
+ when(tenantFactory.getTenantInfo(TENANT_1)).thenReturn(null);
+ ILegalTagRepositoryFactory sut = new LegalTagRepositoryFactoryGcpImpl(tenantInfo, factory,
+ tenantFactory);
+ sut.get("");
+ }
- ILegalTagRepositoryFactory sut = new LegalTagRepositoryFactoryGcpImpl(factory);
- sut.get(TENANT_1);
- }
+ @Test(expected = AppException.class)
+ public void should_throwAppException_when_tenantDoesNotExist() {
+ TenantInfo tenantInfo = new TenantInfo();
+ tenantInfo.setName(TENANT_1);
+ when(factory.getDatastore(tenantInfo)).thenReturn(null);
+ when(tenantFactory.getTenantInfo(TENANT_1)).thenReturn(null);
- @Test
- public void should_returnExistingRepo_when_requestingTenantThatHasPreviouslyBeenRequested(){
- Datastore ds = mock(Datastore.class);
- DatastoreFactory factory = mock(DatastoreFactory.class);
- when(factory.getDatastore(TENANT_1, TENANT_1)).thenReturn(ds);
+ ILegalTagRepositoryFactory sut = new LegalTagRepositoryFactoryGcpImpl(tenantInfo, factory,
+ tenantFactory);
+ sut.get(TENANT_1);
+ }
- ILegalTagRepositoryFactory sut = new LegalTagRepositoryFactoryGcpImpl(factory);
- ILegalTagRepository result = sut.get(TENANT_1);
- assertNotNull(result);
- verify(factory, times(1)).getDatastore(TENANT_1, TENANT_1);
+ @Test
+ public void should_returnExistingRepo_when_requestingTenantThatHasPreviouslyBeenRequested() {
+ Datastore ds = mock(Datastore.class);
+ DatastoreFactory factory = mock(DatastoreFactory.class);
+ TenantInfo tenantInfo = new TenantInfo();
+ tenantInfo.setName(TENANT_1);
+ when(factory.getDatastore(tenantInfo)).thenReturn(ds);
+ when(tenantFactory.getTenantInfo(TENANT_1)).thenReturn(tenantInfo);
+ ILegalTagRepositoryFactory sut = new LegalTagRepositoryFactoryGcpImpl(tenantInfo, factory,
+ tenantFactory);
+ ILegalTagRepository result = sut.get(TENANT_1);
+ assertNotNull(result);
+ verify(factory, times(1)).getDatastore(tenantInfo);
- result = sut.get(TENANT_1);
- assertNotNull(result);
- verify(factory, times(1)).getDatastore(TENANT_1, TENANT_1);
+ result = sut.get(TENANT_1);
+ assertNotNull(result);
+ verify(factory, times(1)).getDatastore(tenantInfo);
- }
+ }
}