Merged PR 1003: auth fixes

auth fixes

provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/config/AADConfiguration.java

-// Copyright © Microsoft Corporation
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package org.opengroup.osdu.indexer.azure.config;
-
-import lombok.Getter;
-import lombok.Setter;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.stereotype.Component;
-
-@Getter
-@Setter
-@Component
-@ConfigurationProperties("aad")
-public class AADConfiguration {
-    String clientId;
-    String authority;
-    String secretKey;
-    String oboApi;
-
-    public String getAuthority(){
-        if (!authority.endsWith("/")) {
-            authority += "/";
-        }
-        return authority;
-    }
-}
\ No newline at end of file

provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/config/AzureBootstrapConfig.java

 package org.opengroup.osdu.indexer.azure.config;
 
+import com.azure.security.keyvault.secrets.SecretClient;
+import org.opengroup.osdu.azure.KeyVaultFacade;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.stereotype.Component;
@@ -9,6 +11,9 @@ import javax.inject.Named;
 @Component
 public class AzureBootstrapConfig {
 
+    @Value("${aad.oboApi}")
+    private String aadOboAPI;
+
     @Value("${azure.keyvault.url}")
     private String keyVaultURL;
 
@@ -54,4 +59,32 @@ public class AzureBootstrapConfig {
         return  maxCacheValueSize;
     }
 
+    private String authority;
+    private String secretKey;
+
+    @Bean
+    @Named("AAD_OBO_API")
+    public String aadClientID() {
+        return aadOboAPI;
+    }
+
+    @Bean
+    @Named("AUTH_CLIENT_ID")
+    public String authClientID(final SecretClient sc) {
+        return KeyVaultFacade.getSecretWithValidation(sc, "app-dev-sp-username");
+    }
+
+    @Bean
+    @Named("AUTH_CLIENT_SECRET")
+    public String authClientSecret(final SecretClient sc) {
+        return KeyVaultFacade.getSecretWithValidation(sc, "app-dev-sp-password");
+    }
+
+    @Bean
+    @Named("AUTH_URL")
+    public String authURL(final SecretClient sc) {
+        String urlFormat = "https://login.microsoftonline.com/%s/oauth2/token/";
+        String tenant = KeyVaultFacade.getSecretWithValidation(sc, "app-dev-sp-tenant-id");
+        return String.format(urlFormat, tenant);
+    }
 }

provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java

@@ -29,11 +29,11 @@ import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
 import org.opengroup.osdu.core.common.provider.interfaces.IJwtCache;
 import org.opengroup.osdu.core.common.provider.interfaces.ITenantFactory;
 import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
-import org.opengroup.osdu.indexer.azure.config.AADConfiguration;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.annotation.RequestScope;
 
 import javax.inject.Inject;
+import javax.inject.Named;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.Future;
@@ -44,15 +44,31 @@ public class ServiceAccountJwtClientImpl implements IServiceAccountJwtClient {
 
     @Inject
     private ITenantFactory tenantInfoServiceProvider;
+
     @Inject
     private DpsHeaders dpsHeaders;
+
     @Inject
     private IJwtCache cacheService;
+
     @Inject
     private JaxRsDpsLog log;
 
     @Inject
-    private AADConfiguration configuration;
+    @Named("AAD_OBO_API")
+    private String authAPI;
+
+    @Inject
+    @Named("AUTH_CLIENT_ID")
+    private String authClientID;
+
+    @Inject
+    @Named("AUTH_CLIENT_SECRET")
+    private String authClientSecret;
+
+    @Inject
+    @Named("AUTH_URL")
+    private String authURL;
 
     public String getIdToken(String tenantName) {
         this.log.info("Tenant name received for auth token is: " + tenantName);
@@ -75,9 +91,9 @@ public class ServiceAccountJwtClientImpl implements IServiceAccountJwtClient {
             AuthenticationContext context = null;
 
             try {
-                context = new AuthenticationContext(configuration.getAuthority(), false, service);
-                ClientCredential credential = new ClientCredential(configuration.getClientId(), configuration.getSecretKey());
-                Future<AuthenticationResult> future = context.acquireToken(configuration.getOboApi(), credential, null);
+                context = new AuthenticationContext(authURL, false, service);
+                ClientCredential credential = new ClientCredential(authClientID, authClientSecret);
+                Future<AuthenticationResult> future = context.acquireToken(authAPI, credential, null);
 
                 ACCESS_TOKEN =  future.get().getAccessToken();
 

provider/indexer-azure/src/main/resources/application.properties

@@ -49,4 +49,5 @@ azure.keyvault.url=${KEYVAULT_URI}
 azure.application-insights.instrumentation-key=${appinsights_key}
 spring.application.name=indexer-azure
 
-DEPLOYMENT_ENVIRONMENT=CLOUD
\ No newline at end of file
+DEPLOYMENT_ENVIRONMENT=CLOUD
+aad.oboApi=${aad_client_id}