diff --git a/NOTICE b/NOTICE
index 03f7b6cf1121588f097aea3f81a883716588ff3e..448e55fbe84a285c1ca44e80d15dd32f135cda0c 100644
--- a/NOTICE
+++ b/NOTICE
@@ -390,9 +390,9 @@ The following software have components provided under the terms of this license:
- Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure Netty HTTP Client Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
-- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- Mockito (from http://mockito.org)
+- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- Mojo's Maven plugin for Cobertura (from http://mojo.codehaus.org/cobertura-maven-plugin/)
- MongoDB Driver (from http://www.mongodb.org)
@@ -426,6 +426,7 @@ The following software have components provided under the terms of this license:
- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
+- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
- Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
- Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
- Non-Blocking Reactive Foundation for the JVM (from https://github.com/reactor/reactor)
@@ -433,6 +434,7 @@ The following software have components provided under the terms of this license:
- OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
- OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
- OAuth2 for Spring Security (from )
+- OAuth2 for Spring Security (from )
- Objenesis (from http://objenesis.org)
- OkHttp (from )
- OkHttp (from )
@@ -626,6 +628,7 @@ The following software have components provided under the terms of this license:
- spring-security-oauth2-client (from http://spring.io/spring-security)
- spring-security-oauth2-core (from http://spring.io/spring-security)
- spring-security-oauth2-jose (from http://spring.io/spring-security)
+- spring-security-oauth2-jose (from http://spring.io/spring-security)
- spring-security-oauth2-resource-server (from http://spring.io/spring-security)
- spring-security-test (from http://spring.io/spring-security)
- spring-security-web (from http://spring.io/spring-security)
diff --git a/provider/indexer-aws/maven/settings.xml b/provider/indexer-aws/maven/settings.xml
index 2e357eff2cf88c10c9be823ab99c56b069c38384..1bfc43ac96aafb6790498c6f0acef3ca0818a98f 100644
--- a/provider/indexer-aws/maven/settings.xml
+++ b/provider/indexer-aws/maven/settings.xml
@@ -1,80 +1,80 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Copyright © 2020 Amazon Web Services
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.​
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
- <profiles>
- <profile>
- <id>aws-osdu-dev-maven</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- </activation>
- <repositories>
- <repository>
- <id>aws-osdu-dev-maven</id>
- <url>${env.AWS_OSDU_DEV_MAVEN_URL}</url>
- </repository>
- <repository>
- <id>gitlab-os-core-common-maven</id>
- <url>https://community.opengroup.org/api/v4/projects/67/packages/maven</url>
- </repository>
- <repository>
+ <profiles>
+ <profile>
+ <id>aws-osdu-dev-maven</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <repositories>
+ <repository>
+ <id>aws-osdu-dev-maven</id>
+ <url>${env.AWS_OSDU_DEV_MAVEN_URL}</url>
+ </repository>
+ <repository>
+ <id>gitlab-os-core-common-maven</id>
+ <url>https://community.opengroup.org/api/v4/projects/67/packages/maven</url>
+ </repository>
+ <repository>
<id>gitlab-os-core-lib-aws-maven</id>
<url>https://community.opengroup.org/api/v4/projects/68/packages/maven</url>
</repository>
- </repositories>
- </profile>
- <profile>
- <id>credentialsConfiguration</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- </activation>
- <properties>
- <deployment.environment>dev</deployment.environment>
- <aws.accessKeyId>no-default</aws.accessKeyId>
- <aws.secretKey>no-default</aws.secretKey>
- <azure.devops.username>Another-Access-Token-2021</azure.devops.username>
- <azure.devops.token>no-default</azure.devops.token>
- </properties>
- </profile>
- </profiles>
+ </repositories>
+ </profile>
+ <profile>
+ <id>credentialsConfiguration</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <properties>
+ <deployment.environment>dev</deployment.environment>
+ <aws.accessKeyId>no-default</aws.accessKeyId>
+ <aws.secretKey>no-default</aws.secretKey>
+ <azure.devops.username>Another-Access-Token-2021</azure.devops.username>
+ <azure.devops.token>no-default</azure.devops.token>
+ </properties>
+ </profile>
+ </profiles>
- <servers>
- <server>
- <id>aws-osdu-dev-maven</id>
- <username>aws</username>
- <password>${env.AWS_OSDU_DEV_MAVEN_AUTH_TOKEN}</password>
- </server>
- </servers>
+ <servers>
+ <server>
+ <id>aws-osdu-dev-maven</id>
+ <username>aws</username>
+ <password>${env.AWS_OSDU_DEV_MAVEN_AUTH_TOKEN}</password>
+ </server>
+ </servers>
- <!-- CodeArtifact doesn't support external repos yet that aren't Maven Central. ETA Q4 2020. -->
- <!-- <mirrors> -->
- <!-- <mirror> -->
- <!-- <id>aws-osdu-dev-maven</id> -->
- <!-- <name>aws-osdu-dev-maven</name> -->
- <!-- <url>https://osdu-dev-888733619319.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url> -->
- <!-- <mirrorOf>*,!gitlab-os-core-common-maven</mirrorOf> -->
- <!-- </mirror> -->
- <!-- </mirrors> -->
+ <mirrors>
+ <mirror>
+ <id>aws-osdu-dev-maven</id>
+ <name>aws-osdu-dev-maven</name>
+ <url>https://osdu-dev-${AWS_ACCOUNT_ID}.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url>
+ <mirrorOf>central,!gitlab-os-core-common-maven,!gitlab-os-core-lib-aws-maven</mirrorOf>
+ </mirror>
+ </mirrors>
- <activeProfiles>
- <activeProfile>credentialsConfiguration</activeProfile>
- </activeProfiles>
+ <activeProfiles>
+ <activeProfile>credentialsConfiguration</activeProfile>
+ </activeProfiles>
</settings>
\ No newline at end of file
diff --git a/provider/indexer-aws/pom.xml b/provider/indexer-aws/pom.xml
index 4602ae9bedca6c11ac7efcf9d316bbfe59a64d80..9b61d00163515ed199c46bbf6cb307eabdb07891 100644
--- a/provider/indexer-aws/pom.xml
+++ b/provider/indexer-aws/pom.xml
@@ -74,7 +74,7 @@
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
- <version>2.3.6.RELEASE</version>
+ <version>2.5.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
@@ -88,6 +88,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
+ <version>5.5.0</version>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
diff --git a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/cache/IndexCacheImpl.java b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/cache/IndexCacheImpl.java
index c28acd5c3f9d213c5658737d8d393475c85001a9..2c08033ebafb9a2b4e5f2224da2a59153bd49d8c 100644
--- a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/cache/IndexCacheImpl.java
+++ b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/cache/IndexCacheImpl.java
@@ -26,8 +26,9 @@ public class IndexCacheImpl implements IIndexCache<String, Boolean>, AutoCloseab
public IndexCacheImpl(@Value("${aws.elasticache.cluster.endpoint}") final String REDIS_SEARCH_HOST,
@Value("${aws.elasticache.cluster.port}") final String REDIS_SEARCH_PORT,
+ @Value("${aws.elasticache.cluster.key}") final String REDIS_SEARCH_KEY,
@Value("${aws.elasticache.cluster.index.expiration}") final String INDEX_CACHE_EXPIRATION) {
- cache = new RedisCache<>(REDIS_SEARCH_HOST, Integer.parseInt(REDIS_SEARCH_PORT),
+ cache = new RedisCache<>(REDIS_SEARCH_HOST, Integer.parseInt(REDIS_SEARCH_PORT), REDIS_SEARCH_KEY,
Integer.parseInt(INDEX_CACHE_EXPIRATION) * 60, String.class, Boolean.class);
}
diff --git a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/cache/SchemaCacheImpl.java b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/cache/SchemaCacheImpl.java
index e0a713737ccb356313ff9d5edf43ebeac6fda331..5b8b8f02e12ed3d5f43170721d53a282d1283b94 100644
--- a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/cache/SchemaCacheImpl.java
+++ b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/cache/SchemaCacheImpl.java
@@ -26,8 +26,9 @@ public class SchemaCacheImpl implements ISchemaCache<String, String>, AutoClosea
public SchemaCacheImpl(@Value("${aws.elasticache.cluster.endpoint}") final String REDIS_SEARCH_HOST,
@Value("${aws.elasticache.cluster.port}") final String REDIS_SEARCH_PORT,
+ @Value("${aws.elasticache.cluster.key}") final String REDIS_SEARCH_KEY,
@Value("${aws.elasticache.cluster.schema.expiration}") final String SCHEMA_CACHE_EXPIRATION) {
- cache = new RedisCache<>(REDIS_SEARCH_HOST, Integer.parseInt(REDIS_SEARCH_PORT),
+ cache = new RedisCache<>(REDIS_SEARCH_HOST, Integer.parseInt(REDIS_SEARCH_PORT), REDIS_SEARCH_KEY,
Integer.parseInt(SCHEMA_CACHE_EXPIRATION) * 60, String.class, String.class);
}
diff --git a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java
index 93e6acd37039acda8c22e7b02b827447f58a8ecc..1a66790b2d7edc612443404271d3f33b8a22374f 100644
--- a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java
+++ b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java
@@ -14,6 +14,7 @@
package org.opengroup.osdu.indexer.aws.persistence;
+import org.opengroup.osdu.core.aws.secrets.SecretsManager;
import org.opengroup.osdu.core.aws.ssm.ParameterStorePropertySource;
import org.opengroup.osdu.core.aws.ssm.SSMConfig;
import org.opengroup.osdu.core.common.model.search.ClusterSettings;
@@ -51,11 +52,11 @@ public class ElasticRepositoryImpl implements IElasticRepository {
@Value("${aws.elasticsearch.host}")
String hostParameter;
- @Value("${aws.elasticsearch.username}")
- String usernameParameter;
+ @Value("${aws.elasticsearch.credentials.secret}")
+ String elasticCredentialsSecret;
- @Value("${aws.elasticsearch.password}")
- String passwordParameter;
+ @Value("${aws.region}")
+ private String amazonRegion;
@Value("${aws.ssm}")
String ssmEnabledString;
@@ -69,10 +70,11 @@ public class ElasticRepositoryImpl implements IElasticRepository {
ssm = ssmConfig.amazonSSM();
host = ssm.getProperty(hostParameter).toString();
port = Integer.parseInt(ssm.getProperty(portParameter).toString());
- username = ssm.getProperty(usernameParameter).toString();
- password = ssm.getProperty(passwordParameter).toString();
+
}
-
+ SecretsManager sm = new SecretsManager();
+ username = sm.getSecret(elasticCredentialsSecret,amazonRegion,"username");
+ password = sm.getSecret(elasticCredentialsSecret,amazonRegion,"password");
//elastic expects username:password format
usernameAndPassword = String.format("%s:%s", username, password);
}
diff --git a/provider/indexer-aws/src/main/resources/application.properties b/provider/indexer-aws/src/main/resources/application.properties
index 13aa84b45137db6c87cf2e03786d77f8e6d5df51..35404a77fa73afa85035cc0bbe89b9b42fddbce0 100644
--- a/provider/indexer-aws/src/main/resources/application.properties
+++ b/provider/indexer-aws/src/main/resources/application.properties
@@ -34,6 +34,7 @@ INDEXER_QUEUE_HOST=""
## AWS ElastiCache configuration
aws.elasticache.cluster.endpoint=${CACHE_CLUSTER_ENDPOINT}
aws.elasticache.cluster.port=${CACHE_CLUSTER_PORT}
+aws.elasticache.cluster.key=${CACHE_CLUSTER_KEY}
## Cache Settings
aws.elasticache.cluster.index.expiration=60
@@ -55,8 +56,7 @@ aws.ssm.prefix=/osdu/${ENVIRONMENT}
aws.elasticsearch.host=${aws.ssm.prefix}/elasticsearch/end-point
aws.elasticsearch.port=${aws.ssm.prefix}/elasticsearch/end-point-port
-aws.elasticsearch.username=${aws.ssm.prefix}/elasticsearch/username
-aws.elasticsearch.password=${aws.ssm.prefix}/elasticsearch/password
+aws.elasticsearch.credentials.secret=${aws.ssm.prefix}/elasticsearch/credentials
aws.indexer.sns.topic.arn=${aws.ssm.prefix}/indexer/indexer-sns-topic-arn
aws.storage.sns.topic.arn=${aws.ssm.prefix}/storage/storage-sns-topic-arn
@@ -68,4 +68,6 @@ server.ssl.key-store-type=PKCS12
server.ssl.key-store=${SSL_KEY_STORE_PATH:/certs/osduonaws.p12}
server.ssl.key-alias=${SSL_KEY_ALIAS:osduonaws}
server.ssl.key-password=${SSL_KEY_PASSWORD:}
-server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
\ No newline at end of file
+server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
\ No newline at end of file