From 79e2875723ecfc5be3197702942cfc3e03a4de12 Mon Sep 17 00:00:00 2001
From: Alan Braz <alanbraz@br.ibm.com>
Date: Wed, 25 Mar 2020 11:44:25 -0300
Subject: [PATCH] get user from env vars

---
 .../indexer/ibm/security/SecurityConfig.java  |  6 +--
 ...eyCloakUser.java => KeyCloakProvider.java} |  0
 .../ibm/util/ServiceAccountJwtClientImpl.java | 17 +++++++-
 .../src/main/resources/application.properties | 40 +++++++------------
 4 files changed, 31 insertions(+), 32 deletions(-)
 rename provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/util/{KeyCloakUser.java => KeyCloakProvider.java} (100%)

diff --git a/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/security/SecurityConfig.java b/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/security/SecurityConfig.java
index 5cf0266c2..7bbc21c82 100644
--- a/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/security/SecurityConfig.java
+++ b/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/security/SecurityConfig.java
@@ -38,10 +38,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                         "/swagger",
                         "/swagger-ui.html",
                         "/webjars/**").permitAll()
-                .anyRequest()
-                .authenticated()
-                .and()
-                .oauth2ResourceServer().jwt();
-        //changed the http authentication to jwt authetication.
+                .anyRequest().anonymous();
     }
 }
diff --git a/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/util/KeyCloakUser.java b/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/util/KeyCloakProvider.java
similarity index 100%
rename from provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/util/KeyCloakUser.java
rename to provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/util/KeyCloakProvider.java
diff --git a/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/util/ServiceAccountJwtClientImpl.java b/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/util/ServiceAccountJwtClientImpl.java
index 5c3312d2b..152cd58a4 100644
--- a/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/util/ServiceAccountJwtClientImpl.java
+++ b/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/util/ServiceAccountJwtClientImpl.java
@@ -23,6 +23,7 @@ import org.opengroup.osdu.core.common.model.http.DpsHeaders;
 import org.opengroup.osdu.core.common.provider.interfaces.IJwtCache;
 import org.opengroup.osdu.core.common.provider.interfaces.ITenantFactory;
 import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.annotation.RequestScope;
 
@@ -41,6 +42,18 @@ public class ServiceAccountJwtClientImpl implements IServiceAccountJwtClient {
     
     @Inject
     private JaxRsDpsLog log;
+    
+    @Inject
+    private KeyCloakProvider keyCloack;
+    
+    @Value("${ibm.keycloak.useremail}")
+    private String userEmail;
+    
+    @Value("${ibm.keycloak.username}")
+    private String userName;
+    
+    @Value("${ibm.keycloak.password}")
+    private String userPassword;
 	
     @Override
     public String getIdToken(String tenantName) {
@@ -53,9 +66,9 @@ public class ServiceAccountJwtClientImpl implements IServiceAccountJwtClient {
         String ACCESS_TOKEN = "";
         try {
 
-            this.dpsHeaders.put(DpsHeaders.USER_EMAIL, "osdu-user@osdu.opengroup.org");
+            this.dpsHeaders.put(DpsHeaders.USER_EMAIL, userEmail);
 
-            ACCESS_TOKEN = KeyCloakUser.getToken();
+            ACCESS_TOKEN = keyCloack.getToken(userName, userPassword);
             
         } catch (AppException e) {
             throw e;
diff --git a/provider/indexer-ibm/src/main/resources/application.properties b/provider/indexer-ibm/src/main/resources/application.properties
index a9ff96a7a..cb1707c70 100644
--- a/provider/indexer-ibm/src/main/resources/application.properties
+++ b/provider/indexer-ibm/src/main/resources/application.properties
@@ -2,7 +2,6 @@ server.servlet.contextPath=/api/indexer/v2/
 
 LOG_PREFIX=indexer
 
-spring.main.allow-bean-definition-overriding=true
 logging.level.org.springframework.web=DEBUG
 server.port=8060
 JAVA_HEAP_OPTS=-Xms4096M -Xmx4096M
@@ -14,8 +13,6 @@ AUTHORIZE_API=https://entitlements-osdu-r2.osduadev-a1c3eaf78a86806e299f5f3f2075
 AUTHORIZE_API_KEY=tobeupdated
 LEGALTAG_API=https://os-legal-ibm-osdu-r2.osduadev-a1c3eaf78a86806e299f5f3f207556f0-0000.us-south.containers.appdomain.cloud/api/legal/v1
 
-INSECURE_HOSTNAMES=keycloak-osdu-r2.osduadev-a1c3eaf78a86806e299f5f3f207556f0-0000.us-south.containers.appdomain.cloud:85e9c617-e295-460e-a2ff-048b18a76b22.blijs0dd0dcr4f55oehg.databases.appdomain.cloud:elasticsearch-instance-osdu-es.osduadev-a1c3eaf78a86806e299f5f3f207556f0-0000.us-south.containers.appdomain.cloud
-
 DEPLOYMENT_ENVIRONMENT=CLOUD
 
 SCHEMA_CACHE_EXPIRATION=60
@@ -36,39 +33,32 @@ STORAGE_QUERY_RECORD_HOST=${storage_service_url}/api/storage/v2/query/records
 STORAGE_QUERY_RECORD_FOR_CONVERSION_HOST=${storage_service_url}/api/storage/v2/query/records:batch
 STORAGE_RECORDS_BATCH_SIZE=20
 
-spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://keycloak-osdu-r2.osduadev-a1c3eaf78a86806e299f5f3f207556f0-0000.us-south.containers.appdomain.cloud/auth/realms/OSDU/protocol/openid-connect/certs
-
-#spring.security.user.name=opendes@byoc.local
-#spring.security.user.password=123
-#spring.security.user.roles=service.indexer.admin
-
 ibm.cloudant.url=https://5be9693e-3324-400a-aadc-59908c132be2-bluemix.cloudant.com
 ibm.cloudant.apikey=0TsJrjBedUyyu4DhtpxcoL-D8vnHUsPlT5r8A-1IN4SE
 
-ibm.tenant.cloudant.url=https://5be9693e-3324-400a-aadc-59908c132be2-bluemix.cloudant.com
-ibm.tenant.cloudant.apikey=0TsJrjBedUyyu4DhtpxcoL-D8vnHUsPlT5r8A-1IN4SE
+ibm.tenant.cloudant.url=${ibm.cloudant.url}
+ibm.tenant.cloudant.apikey=${ibm.cloudant.apikey}
 
 ibm.rabbitmq.uri=amqps://ibm_cloud_45338a90_9047_4927_a6a4_67cd2f7ad9f7:32769652ee6c161f72fd4bcee2929a1866178092b90d22e7f0d7650b8d3b6fa1@e6530902-b278-496b-92bb-230dd55edf86.bn2a2vgd01r3l0hfmvc0.databases.appdomain.cloud:30270
 
+ibm.keycloak.endpoint_url=keycloak-osdu-r2.osduadev-a1c3eaf78a86806e299f5f3f207556f0-0000.us-south.containers.appdomain.cloud
+ibm.keycloak.realm=OSDU
+ibm.keycloak.client_id=osdu-login
+ibm.keycloak.username=osdu-user
+ibm.keycloak.password=password1
+ibm.keycloak.useremail=osdu-user@osdu.opengroup.org
+
 #Indexer-Queue-header
 indexer.queue.key=abcd
 
-#REDIS_GROUP_HOST=127.0.0.1
-#REDIS_GROUP_PORT=6379
-#REDIS_SEARCH_HOST=localhost
-#REDIS_SEARCH_PORT=6379
-
 ELASTIC_DATASTORE_KIND=SearchSettings
 ELASTIC_DATASTORE_ID=indexer-service
 
-#ELASTIC_HOST=elasticsearch-instance-osdu-es.osduadev-a1c3eaf78a86806e299f5f3f207556f0-0000.us-south.containers.appdomain.cloud
-#ELASTIC_PORT=443
-#ELASTIC_USER_PASSWORD=elastic:5bljztd8jtpv76cxqqhvf46
-ELASTIC_HOST=85e9c617-e295-460e-a2ff-048b18a76b22.blijs0dd0dcr4f55oehg.databases.appdomain.cloud
-ELASTIC_PORT=30842
-ELASTIC_USER_PASSWORD=ibm_cloud_a3207231_f8ea_4ca5_9e7e_b63badc2e544:61e86fddfd5b9385510e961bec444d95799258d41b635422e59b073610d7f62d
-
-
+ELASTIC_HOST=elasticsearch-instance-osdu-es.osduadev-a1c3eaf78a86806e299f5f3f207556f0-0000.us-south.containers.appdomain.cloud
+ELASTIC_PORT=443
+ELASTIC_USER_PASSWORD=elastic-internal:mp7m94xrgz4t7rz758p4k79m
+#ELASTIC_HOST=85e9c617-e295-460e-a2ff-048b18a76b22.blijs0dd0dcr4f55oehg.databases.appdomain.cloud
+#ELASTIC_PORT=30842
+#ELASTIC_USER_PASSWORD=ibm_cloud_a3207231_f8ea_4ca5_9e7e_b63badc2e544:61e86fddfd5b9385510e961bec444d95799258d41b635422e59b073610d7f62d
 
 #GAE_SERVICE=indexer
-
-- 
GitLab