Merge branch 'aws-blue-update' into 'master'

AWS Updates

See merge request !172

NOTICE

@@ -390,9 +390,9 @@ The following software have components provided under the terms of this license:
 - Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure Netty HTTP Client Library (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
-- Mockito (from http://www.mockito.org)
 - Mockito (from http://mockito.org)
 - Mockito (from http://mockito.org)
+- Mockito (from http://www.mockito.org)
 - Mockito (from http://mockito.org)
 - Mojo's Maven plugin for Cobertura (from http://mojo.codehaus.org/cobertura-maven-plugin/)
 - MongoDB Driver (from http://www.mongodb.org)
@@ -426,6 +426,7 @@ The following software have components provided under the terms of this license:
 - Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
 - Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
 - Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
+- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
 - Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
 - Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
 - Non-Blocking Reactive Foundation for the JVM (from https://github.com/reactor/reactor)
@@ -433,6 +434,7 @@ The following software have components provided under the terms of this license:
 - OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
 - OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
 - OAuth2 for Spring Security (from )
+- OAuth2 for Spring Security (from )
 - Objenesis (from http://objenesis.org)
 - OkHttp (from )
 - OkHttp (from )
@@ -626,6 +628,7 @@ The following software have components provided under the terms of this license:
 - spring-security-oauth2-client (from http://spring.io/spring-security)
 - spring-security-oauth2-core (from http://spring.io/spring-security)
 - spring-security-oauth2-jose (from http://spring.io/spring-security)
+- spring-security-oauth2-jose (from http://spring.io/spring-security)
 - spring-security-oauth2-resource-server (from http://spring.io/spring-security)
 - spring-security-test (from http://spring.io/spring-security)
 - spring-security-web (from http://spring.io/spring-security)

provider/indexer-aws/maven/settings.xml

 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  Copyright © 2020 Amazon Web Services
 
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.​
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
-       http://www.apache.org/licenses/LICENSE-2.0
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
 
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
 -->
 
 <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
 
-  <profiles>
-    <profile>
-      <id>aws-osdu-dev-maven</id>
-      <activation>
-        <activeByDefault>true</activeByDefault>
-      </activation>
-      <repositories>
-        <repository>
-          <id>aws-osdu-dev-maven</id>
-          <url>${env.AWS_OSDU_DEV_MAVEN_URL}</url>
-        </repository>
-        <repository>
-          <id>gitlab-os-core-common-maven</id>
-          <url>https://community.opengroup.org/api/v4/projects/67/packages/maven</url>
-        </repository>
-         <repository>
+    <profiles>
+        <profile>
+            <id>aws-osdu-dev-maven</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <repositories>
+                <repository>
+                    <id>aws-osdu-dev-maven</id>
+                    <url>${env.AWS_OSDU_DEV_MAVEN_URL}</url>
+                </repository>
+                <repository>
+                    <id>gitlab-os-core-common-maven</id>
+                    <url>https://community.opengroup.org/api/v4/projects/67/packages/maven</url>
+                </repository>
+                <repository>
                     <id>gitlab-os-core-lib-aws-maven</id>
                     <url>https://community.opengroup.org/api/v4/projects/68/packages/maven</url>
                 </repository>
-      </repositories>
-    </profile>
-    <profile>
-      <id>credentialsConfiguration</id>
-      <activation>
-        <activeByDefault>true</activeByDefault>
-      </activation>
-      <properties>
-        <deployment.environment>dev</deployment.environment>
-        <aws.accessKeyId>no-default</aws.accessKeyId>
-        <aws.secretKey>no-default</aws.secretKey>
-        <azure.devops.username>Another-Access-Token-2021</azure.devops.username>
-        <azure.devops.token>no-default</azure.devops.token>
-      </properties>
-    </profile>
-  </profiles>
+            </repositories>
+        </profile>
+        <profile>
+            <id>credentialsConfiguration</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <properties>
+                <deployment.environment>dev</deployment.environment>
+                <aws.accessKeyId>no-default</aws.accessKeyId>
+                <aws.secretKey>no-default</aws.secretKey>
+                <azure.devops.username>Another-Access-Token-2021</azure.devops.username>
+                <azure.devops.token>no-default</azure.devops.token>
+            </properties>
+        </profile>
+    </profiles>
 
-  <servers>
-    <server>
-      <id>aws-osdu-dev-maven</id>
-      <username>aws</username>
-      <password>${env.AWS_OSDU_DEV_MAVEN_AUTH_TOKEN}</password>
-    </server>
-  </servers>
+    <servers>
+        <server>
+            <id>aws-osdu-dev-maven</id>
+            <username>aws</username>
+            <password>${env.AWS_OSDU_DEV_MAVEN_AUTH_TOKEN}</password>
+        </server>
+    </servers>
 
-  <!-- CodeArtifact doesn't support external repos yet that aren't Maven Central.  ETA Q4 2020. -->
-  <!-- <mirrors> -->
-  <!-- <mirror> -->
-  <!-- <id>aws-osdu-dev-maven</id> -->
-  <!-- <name>aws-osdu-dev-maven</name> -->
-  <!-- <url>https://osdu-dev-888733619319.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url> -->
-  <!-- <mirrorOf>*,!gitlab-os-core-common-maven</mirrorOf> -->
-  <!-- </mirror> -->
-  <!-- </mirrors> -->
+    <mirrors>
+        <mirror>
+            <id>aws-osdu-dev-maven</id>
+            <name>aws-osdu-dev-maven</name>
+            <url>https://osdu-dev-${AWS_ACCOUNT_ID}.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url>
+            <mirrorOf>central,!gitlab-os-core-common-maven,!gitlab-os-core-lib-aws-maven</mirrorOf>
+        </mirror>
+    </mirrors>
 
-  <activeProfiles>
-    <activeProfile>credentialsConfiguration</activeProfile>
-  </activeProfiles>
+    <activeProfiles>
+        <activeProfile>credentialsConfiguration</activeProfile>
+    </activeProfiles>
 
 </settings>
\ No newline at end of file

provider/indexer-aws/pom.xml

@@ -74,7 +74,7 @@
     <dependency>
       <groupId>org.springframework.security.oauth</groupId>
       <artifactId>spring-security-oauth2</artifactId>
-      <version>2.3.6.RELEASE</version>
+      <version>2.5.1.RELEASE</version>
     </dependency>
     <dependency>
       <groupId>org.springframework.security</groupId>
@@ -88,6 +88,7 @@
     <dependency>
       <groupId>org.springframework.security</groupId>
       <artifactId>spring-security-oauth2-jose</artifactId>
+      <version>5.5.0</version>
     </dependency>
     <dependency>
       <groupId>javax.inject</groupId>

provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/cache/IndexCacheImpl.java

@@ -26,8 +26,9 @@ public class IndexCacheImpl implements IIndexCache<String, Boolean>, AutoCloseab
 
     public IndexCacheImpl(@Value("${aws.elasticache.cluster.endpoint}") final String REDIS_SEARCH_HOST,
                       @Value("${aws.elasticache.cluster.port}") final String REDIS_SEARCH_PORT,
+                      @Value("${aws.elasticache.cluster.key}") final String REDIS_SEARCH_KEY,
                       @Value("${aws.elasticache.cluster.index.expiration}") final String INDEX_CACHE_EXPIRATION) {
-        cache = new RedisCache<>(REDIS_SEARCH_HOST, Integer.parseInt(REDIS_SEARCH_PORT),
+        cache = new RedisCache<>(REDIS_SEARCH_HOST, Integer.parseInt(REDIS_SEARCH_PORT), REDIS_SEARCH_KEY,
                 Integer.parseInt(INDEX_CACHE_EXPIRATION) * 60, String.class, Boolean.class);
     }
 

provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/cache/SchemaCacheImpl.java

@@ -26,8 +26,9 @@ public class SchemaCacheImpl implements ISchemaCache<String, String>, AutoClosea
 
     public SchemaCacheImpl(@Value("${aws.elasticache.cluster.endpoint}") final String REDIS_SEARCH_HOST,
                        @Value("${aws.elasticache.cluster.port}") final String REDIS_SEARCH_PORT,
+                       @Value("${aws.elasticache.cluster.key}") final String REDIS_SEARCH_KEY,
                        @Value("${aws.elasticache.cluster.schema.expiration}") final String SCHEMA_CACHE_EXPIRATION) {
-        cache = new RedisCache<>(REDIS_SEARCH_HOST, Integer.parseInt(REDIS_SEARCH_PORT),
+        cache = new RedisCache<>(REDIS_SEARCH_HOST, Integer.parseInt(REDIS_SEARCH_PORT), REDIS_SEARCH_KEY,
                 Integer.parseInt(SCHEMA_CACHE_EXPIRATION) * 60, String.class, String.class);
     }
 

provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java

@@ -14,6 +14,7 @@
 
 package org.opengroup.osdu.indexer.aws.persistence;
 
+import org.opengroup.osdu.core.aws.secrets.SecretsManager;
 import org.opengroup.osdu.core.aws.ssm.ParameterStorePropertySource;
 import org.opengroup.osdu.core.aws.ssm.SSMConfig;
 import org.opengroup.osdu.core.common.model.search.ClusterSettings;
@@ -51,11 +52,11 @@ public class ElasticRepositoryImpl implements IElasticRepository {
     @Value("${aws.elasticsearch.host}")
     String hostParameter;
 
-    @Value("${aws.elasticsearch.username}")
-    String usernameParameter;
+    @Value("${aws.elasticsearch.credentials.secret}")
+    String elasticCredentialsSecret;
 
-    @Value("${aws.elasticsearch.password}")
-    String passwordParameter;
+    @Value("${aws.region}")
+    private String amazonRegion;
 
     @Value("${aws.ssm}")
     String ssmEnabledString;
@@ -69,10 +70,11 @@ public class ElasticRepositoryImpl implements IElasticRepository {
             ssm = ssmConfig.amazonSSM();
             host = ssm.getProperty(hostParameter).toString();
             port = Integer.parseInt(ssm.getProperty(portParameter).toString());            
-            username = ssm.getProperty(usernameParameter).toString();            
-            password = ssm.getProperty(passwordParameter).toString();            
+
         }
-        
+        SecretsManager sm = new SecretsManager();
+        username = sm.getSecret(elasticCredentialsSecret,amazonRegion,"username");
+        password = sm.getSecret(elasticCredentialsSecret,amazonRegion,"password");
         //elastic expects username:password format
         usernameAndPassword = String.format("%s:%s", username, password);
     }

provider/indexer-aws/src/main/resources/application.properties

@@ -34,6 +34,7 @@ INDEXER_QUEUE_HOST=""
 ## AWS ElastiCache configuration
 aws.elasticache.cluster.endpoint=${CACHE_CLUSTER_ENDPOINT}
 aws.elasticache.cluster.port=${CACHE_CLUSTER_PORT}
+aws.elasticache.cluster.key=${CACHE_CLUSTER_KEY}
 
 ## Cache Settings
 aws.elasticache.cluster.index.expiration=60
@@ -55,8 +56,7 @@ aws.ssm.prefix=/osdu/${ENVIRONMENT}
 
 aws.elasticsearch.host=${aws.ssm.prefix}/elasticsearch/end-point
 aws.elasticsearch.port=${aws.ssm.prefix}/elasticsearch/end-point-port
-aws.elasticsearch.username=${aws.ssm.prefix}/elasticsearch/username
-aws.elasticsearch.password=${aws.ssm.prefix}/elasticsearch/password
+aws.elasticsearch.credentials.secret=${aws.ssm.prefix}/elasticsearch/credentials
 aws.indexer.sns.topic.arn=${aws.ssm.prefix}/indexer/indexer-sns-topic-arn
 aws.storage.sns.topic.arn=${aws.ssm.prefix}/storage/storage-sns-topic-arn
 
@@ -68,4 +68,6 @@ server.ssl.key-store-type=PKCS12
 server.ssl.key-store=${SSL_KEY_STORE_PATH:/certs/osduonaws.p12}
 server.ssl.key-alias=${SSL_KEY_ALIAS:osduonaws}
 server.ssl.key-password=${SSL_KEY_PASSWORD:}
-server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
\ No newline at end of file
+server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
\ No newline at end of file