Commit 5510fa6b authored by Riabokon Stanislav(EPAM)[GCP]'s avatar Riabokon Stanislav(EPAM)[GCP]
Browse files

Merge branch 'gcp-encrypt-elastic-settings-in-cache' into 'master'

Keep Elasticsearch credentials encrypted in Redis cache(GONRG-3021) & refactor dependencies

See merge request !210
parents e2409dfc 1089e85e
Pipeline #69047 failed with stages
in 42 minutes and 17 seconds
This diff is collapsed.
......@@ -16,64 +16,27 @@
<packaging>jar</packaging>
<dependencies>
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-core</artifactId>
<version>0.12.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-gcp</artifactId>
<version>0.10.0</version>
<version>0.12.0-rc3</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-core</artifactId>
<version>1.38.1</version>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>google-cloud-datastore</artifactId>
<version>1.72.0</version>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>google-cloud-logging</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-storage</artifactId>
<version>v1-rev150-1.25.0</version>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-core</artifactId>
<version>0.12.0-SNAPSHOT</version>
<!-- excluded due to runtime conflict with latest core-lib-gcp transient dependencies -->
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
<artifactId>guava-jdk5</artifactId>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
</exclusion>
<exclusion>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-cloudkms</artifactId>
<version>v1-rev81-1.25.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.google.cloud/google-cloud-pubsub -->
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>google-cloud-pubsub</artifactId>
<version>1.60.0</version>
</dependency>
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
<version>1.30.11</version>
</dependency>
<dependency>
<groupId>org.elasticsearch</groupId>
......@@ -147,11 +110,6 @@
<version>1.2.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.api.grpc</groupId>
<artifactId>proto-google-iam-v1</artifactId>
<version>0.12.0</version>
</dependency>
<dependency>
<groupId>ch.qos.logback.contrib</groupId>
<artifactId>logback-json-classic</artifactId>
......
......@@ -17,23 +17,30 @@
package org.opengroup.osdu.indexer.cache;
import com.google.gson.Gson;
import java.io.IOException;
import java.util.Objects;
import javax.inject.Inject;
import org.apache.http.HttpStatus;
import org.opengroup.osdu.core.common.cache.RedisCache;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.model.search.ClusterSettings;
import org.opengroup.osdu.core.common.provider.interfaces.IElasticCredentialsCache;
import org.opengroup.osdu.core.common.provider.interfaces.IKmsClient;
import org.opengroup.osdu.indexer.config.IndexerConfigurationProperties;
import org.springframework.stereotype.Component;
import javax.inject.Inject;
@Component
public class ElasticCredentialsCache implements IElasticCredentialsCache<String, ClusterSettings>, AutoCloseable {
private RedisCache<String, ClusterSettings> cache;
private IKmsClient kmsClient;
private RedisCache<String, String> cache;
@Inject
public ElasticCredentialsCache(final IndexerConfigurationProperties properties) {
cache = new RedisCache<>(properties.getRedisSearchHost(), Integer.parseInt(properties.getRedisSearchPort()),
properties.getElasticCacheExpiration() * 60, String.class, ClusterSettings.class);
public ElasticCredentialsCache(final IndexerConfigurationProperties properties, final IKmsClient kmsClient) {
this.cache = new RedisCache<>(properties.getRedisSearchHost(), Integer.parseInt(properties.getRedisSearchPort()),
properties.getElasticCacheExpiration() * 60, String.class, String.class);
this.kmsClient = kmsClient;
}
@Override
......@@ -43,12 +50,27 @@ public class ElasticCredentialsCache implements IElasticCredentialsCache<String,
@Override
public void put(String s, ClusterSettings o) {
this.cache.put(s,o);
try {
String jsonSettings = new Gson().toJson(o);
String encryptString = kmsClient.encryptString(jsonSettings);
this.cache.put(s, encryptString);
} catch (IOException e) {
throw new AppException(HttpStatus.SC_INTERNAL_SERVER_ERROR, "Internal server error", "Unable to encrypt settings before being cached", e);
}
}
@Override
public ClusterSettings get(String s) {
return this.cache.get(s);
try {
String encryptedSettings = this.cache.get(s);
if (Objects.isNull(encryptedSettings) || encryptedSettings.isEmpty()) {
return null;
}
String jsonSettings = this.kmsClient.decryptString(encryptedSettings);
return new Gson().fromJson(jsonSettings, ClusterSettings.class);
} catch (IOException e) {
throw new AppException(HttpStatus.SC_INTERNAL_SERVER_ERROR, "Internal server error", "Unable to decrypt settings from cache", e);
}
}
@Override
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment