Merged PR 203455: indexer: sync up with gitlab

indexer: sync up with gitlab

Merged PR 203455: indexer: sync up with gitlab
95aad589 · Sherman Yang · 3c3d67e3 · 95aad589 · 95aad589 · 95aad589
Commit 95aad589 authored 4 years ago by Sherman Yang
--- a/NOTICE
+++ b/NOTICE
@@ -237,6 +237,7 @@ The following software have components provided under the terms of this license:
 - Google HTTP Client Library for Java (from https://github.com/google/google-http-java-client.git)
 - Google OAuth Client Library for Java (from )
 - Gson (from https://github.com/google/gson)
+- Gson (from https://github.com/google/gson)
 - Guava InternalFutureFailureAccess and InternalFutures (from )
 - Guava ListenableFuture only (from )
 - Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
@@ -318,10 +319,10 @@ The following software have components provided under the terms of this license:
 - Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Logback Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
+- Mockito (from http://www.mockito.org)
 - Mockito (from http://mockito.org)
 - Mockito (from http://mockito.org)
 - Mockito (from http://mockito.org)
- Mockito (from http://www.mockito.org)
 - Mojo's Maven plugin for Cobertura (from http://mojo.codehaus.org/cobertura-maven-plugin/)
 - Netty Reactive Streams Implementation (from )
 - Netty/Buffer (from http://netty.io/)
@@ -395,6 +396,7 @@ The following software have components provided under the terms of this license:
 - Spring Context (from https://github.com/spring-projects/spring-framework)
 - Spring Core (from https://github.com/spring-projects/spring-framework)
 - Spring Data Core (from )
+- Spring Data Core (from )
 - Spring Expression Language (SpEL) (from https://github.com/spring-projects/spring-framework)
 - Spring JMS (from https://github.com/spring-projects/spring-framework)
 - Spring Messaging (from https://github.com/spring-projects/spring-framework)
@@ -515,6 +517,7 @@ The following software have components provided under the terms of this license:
 - Plexus :: Default Container (from )
 - Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
 - StAX (from http://stax.codehaus.org/)
+- Stax2 API (from http://github.com/FasterXML/stax2-api)
 - jersey-ext-bean-validation (from )
 - jersey-spring4 (from )
 - oro (from )
@@ -765,6 +768,7 @@ The following software have components provided under the terms of this license:

 - OSGi resource locator (from )
 - Project Lombok (from https://projectlombok.org)
+- Project Lombok (from https://projectlombok.org)
 - SnakeYAML (from http://www.snakeyaml.org)
 - javax.ws.rs-api (from http://jax-rs-spec.java.net)

@@ -856,19 +860,21 @@ The following software have components provided under the terms of this license:
 - Microsoft Azure client library for Identity (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure client library for KeyVault Secrets (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure common module for Storage (from https://github.com/Azure/azure-sdk-for-java)
- Mockito (from http://www.mockito.org)
 - Mockito (from http://mockito.org)
 - Mockito (from http://mockito.org)
 - Mockito (from http://mockito.org)
+- Mockito (from http://www.mockito.org)
 - Netty/Codec/HTTP (from )
 - Netty/Common (from )
 - Plexus :: Default Container (from )
 - Plexus Default Interactivity Handler (from )
 - Project Lombok (from https://projectlombok.org)
+- Project Lombok (from https://projectlombok.org)
 - SLF4J API Module (from http://www.slf4j.org)
 - Spring Data for Azure Cosmos DB SQL API (from https://github.com/Microsoft/spring-data-cosmosdb)
 - adal4j (from https://github.com/AzureAD/azure-activedirectory-library-for-java)
 - azure-documentdb (from https://azure.microsoft.com/en-us/services/cosmos-db/)
+- micrometer-core (from https://github.com/micrometer-metrics/micrometer)
 - msal4j (from https://github.com/AzureAD/microsoft-authentication-library-for-java)
 - spring-security-core (from http://spring.io/spring-security)

@@ -901,7 +907,6 @@ The following software have components provided under the terms of this license:
 - jersey-core-common (from )
 - jersey-core-server (from git://java.net/jersey~code/jersey-server)
 - jts-core (from )
- reactive-streams (from http://www.reactive-streams.org/)
 - xml-apis (from )

 ========================================================================
@@ -955,8 +960,10 @@ The following software have components provided under the terms of this license:
 - Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure client library for Blob Storage (from https://github.com/Azure/azure-sdk-for-java)
 - Project Lombok (from https://projectlombok.org)
+- Project Lombok (from https://projectlombok.org)
 - Spring Security JWT Library (from http://github.com/spring-projects/spring-security-oauth)
 - Spring Web (from https://github.com/spring-projects/spring-framework)
+- reactive-streams (from http://www.reactive-streams.org/)

 ========================================================================
 unknown

--- a/devops/azure/chart/templates/deployment.yaml
+++ b/devops/azure/chart/templates/deployment.yaml
@@ -129,3 +129,5 @@ spec:
          value: http://storage/api/storage/v2/query/records:batch
        - name: STORAGE_QUERY_RECORD_HOST
          value: http://storage/api/storage/v2/records
+        - name: azure_istioauth_enabled
+          value: "true"
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.1.7.RELEASE</version>
+        <version>2.1.16.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>


--- a/provider/indexer-aws/build-aws/buildspec.yaml
+++ b/provider/indexer-aws/build-aws/buildspec.yaml
@@ -30,7 +30,8 @@ phases:
      - echo $JAVA_HOME #WHY
      - mkdir -p /root/.m2
      - cp ./provider/indexer-aws/maven/settings.xml /root/.m2/settings.xml # copy the AWS-specific settings.xml to the CodeBuild instance's .m2 folder
-      - export AWS_OSDU_DEV_MAVEN_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain osdu-dev --domain-owner 888733619319 --query authorizationToken --output text`
+      - export AWS_ACCOUNT_ID=`aws sts get-caller-identity | grep Account | cut -d':' -f 2 | cut -d'"' -f 2`
+      - export AWS_OSDU_DEV_MAVEN_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain $AWS_OSDU_DEV_MAVEN_DOMAIN --domain-owner $AWS_ACCOUNT_ID --query authorizationToken --output text`
  pre_build:
    commands:
      - echo "Logging in to Amazon ECR..."

--- a/provider/indexer-azure/README.md
+++ b/provider/indexer-azure/README.md
@@ -56,6 +56,7 @@ az keyvault secret show --vault-name $KEY_VAULT_NAME --name $KEY_VAULT_SECRET_NA
 | `AZURE_CLIENT_ID` | `********` | Identity to run the service locally. This enables access to Azure resources. You only need this if running locally | yes | keyvault secret: `$KEYVAULT_URI/secrets/app-dev-sp-username` |
 | `AZURE_TENANT_ID` | `********` | AD tenant to authenticate users from | yes | keyvault secret: `$KEYVAULT_URI/secrets/app-dev-sp-tenant-id` |
 | `AZURE_CLIENT_SECRET` | `********` | Secret for `$AZURE_CLIENT_ID` | yes | keyvault secret: `$KEYVAULT_URI/secrets/app-dev-sp-password` |
+| `azure_istioauth_enabled` | `true` | Flag to Disable AAD auth | no | -- |

 **Required to run integration tests**


--- a/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/security/AADSecurityConfig.java
+++ b/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/security/AADSecurityConfig.java
@@ -15,6 +15,7 @@
 package org.opengroup.osdu.indexer.azure.security;

 import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -26,6 +27,7 @@ import javax.inject.Inject;

 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
+@ConditionalOnProperty(value = "azure.istio.auth.enabled", havingValue = "false", matchIfMissing = false)
 public class AADSecurityConfig extends WebSecurityConfigurerAdapter {
    @Inject
    private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;

--- a/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/security/AzureIstioSecurityConfig.java
+++ b/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/security/AzureIstioSecurityConfig.java
+//  Copyright © Microsoft Corporation
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+
+package org.opengroup.osdu.indexer.azure.security;
+
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@ConditionalOnProperty(value = "azure.istio.auth.enabled", havingValue = "true", matchIfMissing = true)
+public class AzureIstioSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.httpBasic().disable()
+                .csrf().disable();  //AuthN is disabled. AuthN is handled by sidecar proxy
+    }
+}
--- a/provider/indexer-azure/src/main/resources/application.properties
+++ b/provider/indexer-azure/src/main/resources/application.properties
@@ -43,9 +43,13 @@ STORAGE_RECORDS_BATCH_SIZE=20

 INDEXER_QUEUE_HOST=http://127.0.0.1:9000

-#AzureADconfiguration
-azure.activedirectory.session-stateless=true
-azure.activedirectory.client-id=${aad_client_id}
+#AzureADconfiguration, commented below settings to disable AAD AuthN ,
+#Uncomment it In the Istio AUTHN disabled Scenario
+#azure.activedirectory.session-stateless=true
+#azure.activedirectory.client-id=${aad_client_id}
+
+# Istio Auth Enabled
+azure.istio.auth.enabled=${azure_istioauth_enabled}

 azure.cosmosdb.uri=${cosmosdb_account}
 azure.cosmosdb.key=${cosmosdb_key}