Add cache-control headers for an SLB specific API

devops/azure/chart/templates/virtual-service.yaml

@@ -12,7 +12,75 @@ spec:
   gateways:
   - istio-gateway
   http:  
-  - match:
+  - name: "Settings specific to the Swagger page and resources"
+    match:
+    - uri:
+        prefix: "/api/indexer/v2/webjars"
+    - uri:
+        prefix: "/api/indexer/v2/swagger-resources"
+    - uri:
+        prefix: "/api/indexer/v2/v3/api-docs"
+    - uri:
+        prefix: "/api/indexer/v2/swagger-ui"
+    route:
+    - destination:
+        host: {{ .Chart.Name }}
+        port:
+          number: 80
+    headers:
+      response:
+        set:
+          cache-control: "private, max-age=300"
+    corsPolicy:
+      maxAge: "60m"
+      allowCredentials: true
+      allowHeaders:
+      - Authorization
+      - Data-Partition-Id
+      - Correlation-Id
+      - Content-Type
+      - cache-control
+      allowMethods:
+      - POST
+      - GET
+      - PUT
+      - PATCH
+      - DELETE
+      allowOrigins:
+      - prefix: "*"
+  - name: "Settings specific to the QueryAttributeApi API"
+    match:
+    - uri:
+        prefix: "/api/indexer/v2/query/attributes"
+    route:
+    - destination:
+        host: {{ .Chart.Name }}
+        port:
+          number: 80
+    headers:
+      response:
+        set:
+          cache-control: "private, max-age=300, stale-while-revalidate=600, stale-if-error=600"
+          vary: "data-partition-id,authorization"
+    corsPolicy:
+      maxAge: "60m"
+      allowCredentials: true
+      allowHeaders:
+      - Authorization
+      - Data-Partition-Id
+      - Correlation-Id
+      - Content-Type
+      - cache-control
+      allowMethods:
+      - POST
+      - GET
+      - PUT
+      - PATCH
+      - DELETE
+      allowOrigins:
+      - prefix: "*"
+  - name: "Default settings, applies to everything not matched above"
+    match:
     - uri:
         prefix: "/api/indexer/v2"
     route:
@@ -28,6 +96,7 @@ spec:
       - Data-Partition-Id
       - Correlation-Id
       - Content-Type
+      - cache-control
       allowMethods:
       - POST
       - GET

devops/azure/release.yaml

@@ -74,7 +74,7 @@ spec:
         - containerPort: 80
         readinessProbe:
           httpGet:
-            path: /api/indexer/v2/swagger-ui.html
+            path: /api/indexer/v2/swagger-ui/index.html
             port: 80
         volumeMounts:
         - name: azure-keyvault

indexer-core/src/main/java/org/opengroup/osdu/indexer/util/IndexerFilter.java

@@ -2,6 +2,7 @@
 package org.opengroup.osdu.indexer.util;
 
 import java.io.IOException;
+import java.util.Map;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -10,8 +11,10 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletResponse;
 import lombok.extern.java.Log;
+import org.opengroup.osdu.core.common.http.ResponseHeadersFactory;
 import org.opengroup.osdu.core.common.model.http.DpsHeaders;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
 @Log
@@ -19,6 +22,11 @@ import org.springframework.stereotype.Component;
 public class IndexerFilter implements Filter {
 
     private final DpsHeaders dpsHeaders;
+    private ResponseHeadersFactory responseHeadersFactory = new ResponseHeadersFactory();
+
+    // defaults to * for any front-end, string must be comma-delimited if more than one domain
+    @Value("${ACCESS_CONTROL_ALLOW_ORIGIN_DOMAINS:*}")
+    String ACCESS_CONTROL_ALLOW_ORIGIN_DOMAINS;
 
     @Autowired
     public IndexerFilter(DpsHeaders dpsHeaders) {
@@ -37,11 +45,20 @@ public class IndexerFilter implements Filter {
         HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
 
         dpsHeaders.addCorrelationIdIfMissing();
-        httpResponse.addHeader(DpsHeaders.CORRELATION_ID, dpsHeaders.getCorrelationId());
+
+        setResponseHeaders(httpResponse);
 
         filterChain.doFilter(servletRequest, servletResponse);
     }
 
+    private void setResponseHeaders(HttpServletResponse httpServletResponse) {
+        Map<String, String> responseHeaders = responseHeadersFactory.getResponseHeaders(ACCESS_CONTROL_ALLOW_ORIGIN_DOMAINS);
+        for (Map.Entry<String, String> header : responseHeaders.entrySet()) {
+            httpServletResponse.addHeader(header.getKey(), header.getValue());
+        }
+        httpServletResponse.addHeader(DpsHeaders.CORRELATION_ID, this.dpsHeaders.getCorrelationId());
+    }
+
     @Override
     public void destroy() {
     }

provider/indexer-azure/README.md

@@ -118,7 +118,7 @@ $ mvn spring-boot:run
 
 ### Test the application
 
-After the service has started it should be accessible via a web browser by visiting [http://localhost:8080/swagger-ui.html](http://localhost:8080/swagger-ui.html). If the request does not fail, you can then run the integration tests.
+After the service has started it should be accessible via a web browser by visiting [http://localhost:8080/swagger-ui/index.html](http://localhost:8080/swagger-ui/index.html). If the request does not fail, you can then run the integration tests.
 
 > **Note**: the integration tests for `os-indexer-azure` work by validating that records submitted to `os-storage-azure` can eventually be queried by `os-search-azure`. This only works if the messages emitted by `os-storage-azure` can be consumed by `os-indexer-queue-azure`, which will submit the indexing request to `os-indexer-azure`.
 >

provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/security/AADSecurityConfig.java

@@ -46,7 +46,7 @@ public class AADSecurityConfig extends WebSecurityConfigurerAdapter {
                         "/configuration/security",
                         "/swagger",
                         "/info",
-                        "/swagger-ui.html",
+                        "/swagger-ui/index.html",
                         "/swagger-ui/**",
                         "/webjars/**").permitAll()
                 .anyRequest().authenticated()