Commit 1133a761 authored by Rostislav Dublin (EPAM)'s avatar Rostislav Dublin (EPAM)
Browse files

Merge remote-tracking branch 'origin/master' into gcp-fix-sonar-comments

parents c4716ee6 234c67aa
Pipeline #19485 failed with stages
in 22 minutes and 7 seconds
......@@ -333,12 +333,6 @@ CC-BY-2.5
The following software have components provided under the terms of this license:
- Checker Qual (from https://checkerframework.org)
========================================================================
CC-BY-3.0
========================================================================
The following software have components provided under the terms of this license:
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
========================================================================
......@@ -366,10 +360,7 @@ CDDL-1.0
The following software have components provided under the terms of this license:
- Common Annotations 1.2 API (from )
- Java Architecture For XML Binding (from )
- Java Servlet API (from http://servlet-spec.java.net)
- JavaBeans Activation Framework API jar (from )
- JavaBeans(TM) Activation Framework (from http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp)
- Old JAXB Core (from )
- Old JAXB Runtime (from )
- javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
......@@ -381,18 +372,27 @@ The following software have components provided under the terms of this license:
- Expression Language 3.0 (from http://uel.java.net)
- Java Architecture For XML Binding (from )
- Java Architecture For XML Binding (from )
- Java Servlet API (from http://servlet-spec.java.net)
- Java(TM) API for WebSocket (from )
- JavaBeans Activation Framework (from )
- JavaBeans(TM) Activation Framework (from http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp)
- JavaMail API (from )
- tomcat-embed-core (from http://tomcat.apache.org/)
========================================================================
CPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- JUnit (from http://junit.org)
========================================================================
EPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- JUnit (from http://junit.org)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
- Logback Classic Module (from )
......@@ -505,7 +505,6 @@ LGPL-2.1-or-later
========================================================================
The following software have components provided under the terms of this license:
- Java Native Access (from https://github.com/java-native-access/jna)
- Java Native Access Platform (from https://github.com/java-native-access/jna)
- Javassist (from http://www.javassist.org/)
- SnakeYAML (from http://www.snakeyaml.org)
......@@ -632,6 +631,7 @@ The following software have components provided under the terms of this license:
- Byte Buddy (without dependencies) (from )
- Common Annotations 1.2 API (from )
- JUnit (from http://junit.org)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-api (from http://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-engine (from http://junit.org/junit5/)
......
......@@ -50,7 +50,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
<version>0.3.11</version>
<version>0.3.14</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->
......
......@@ -12,36 +12,26 @@
// limitations under the License.
package org.opengroup.osdu.notification.provider.aws.impl;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.*;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagement;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClientBuilder;
import com.amazonaws.services.simplesystemsmanagement.model.*;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.amazonaws.services.simplesystemsmanagement.model.GetParameterRequest;
import com.amazonaws.services.simplesystemsmanagement.model.GetParameterResult;
import com.amazonaws.services.simplesystemsmanagement.model.Parameter;
import lombok.AccessLevel;
import lombok.Getter;
import lombok.Setter;
import org.opengroup.osdu.core.aws.entitlements.ServicePrincipal;
import org.opengroup.osdu.core.aws.iam.IAMConfig;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.opengroup.osdu.core.aws.secrets.SecretsManager;
import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
import org.opengroup.osdu.notification.provider.aws.utils.AwsCognitoClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.annotation.PostConstruct;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@Component
public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient {
......@@ -65,15 +55,12 @@ public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient
@Setter(AccessLevel.PROTECTED)
public String environment;
private String awsOauthCustomScope;
@Autowired
private JaxRsDpsLog log;
String client_credentials_secret;
String client_credentials_clientid;
ServicePrincipal sp;
String password;
String clientid;
String userpoolid;
String serviceprincipaluser;
AwsCognitoClient cognitoClient;
private AWSCredentialsProvider amazonAWSCredentials;
private AWSSimpleSystemsManagement ssmManager;
......@@ -81,132 +68,45 @@ public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient
@PostConstruct
public void init() {
if (ssmEnabled) {
String secretKey = "service_principal_password";
String secretName = "/osdu/" + environment + "/service_principal_password";
String cognito_user_pool_id = "/osdu/" + environment + "/cognito-user-pool-id";
String cognito_client_id = "/osdu/" + environment + "/cognito-client-id";
String service_principal = "/osdu/" + environment + "/service-principal-user";
SecretsManager sm = new SecretsManager();
String oauth_token_url = "/osdu/" + environment + "/oauth-token-uri";
String oauth_custom_scope = "/osdu/" + environment + "/oauth-custom-scope";
String client_credentials_client_id = "/osdu/" + environment + "/client-credentials-client-id";
String client_secret_key = "client_credentials_client_secret";
String client_secret_secretName = "/osdu/" + environment + "/client_credentials_secret";
amazonAWSCredentials = IAMConfig.amazonAWSCredentials();
ssmManager = AWSSimpleSystemsManagementClientBuilder.standard()
.withCredentials(amazonAWSCredentials)
.withRegion(amazonRegion)
.build();
GetParametersRequest paramRequest = new GetParametersRequest()
.withNames(cognito_user_pool_id,cognito_client_id,service_principal)
.withWithDecryption(true);
GetParametersResult paramResult = new GetParametersResult();
paramResult = ssmManager.getParameters(paramRequest);
List<Parameter> paramsResultList = new ArrayList<>();
List<String> paramsResultListInvalid = new ArrayList<>();
paramsResultList = paramResult.getParameters();
paramsResultListInvalid = paramResult.getInvalidParameters();
if(paramsResultListInvalid.size() >0)
{
log.error("SSM did not retrieve all parameters");
}
for (Parameter s : paramsResultList) {
if (s.getName().equalsIgnoreCase(cognito_user_pool_id)) {
userpoolid = s.getValue();
}
if (s.getName().equalsIgnoreCase(cognito_client_id)) {
clientid = s.getValue();
}
if (s.getName().equalsIgnoreCase(service_principal)) {
serviceprincipaluser = s.getValue();
}
}
password = getSecret(secretName,amazonRegion,secretKey);
cognitoClient = new AwsCognitoClient(amazonRegion,clientid,"USER_PASSWORD_AUTH", serviceprincipaluser,password);
cognitoClient.setPassword(serviceprincipaluser,password,userpoolid);
}
}
@Override
public String getIdToken(String s) {
String token= getServicePrincipalCredentials();
return token;
}
client_credentials_clientid = getSsmParameter(client_credentials_client_id);
public String getServicePrincipalCredentials()
{
client_credentials_secret = sm.getSecret(client_secret_secretName,amazonRegion,client_secret_key);
String token = cognitoClient.getToken(serviceprincipaluser,password,"bearer");
return token;
String tokenUrl = getSsmParameter(oauth_token_url);
}
awsOauthCustomScope = getSsmParameter(oauth_custom_scope);
public String getSecret(String secretName, String region,String secretKey) {
String secretVaue="";
// Create a Secrets Manager client
AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard()
.withRegion(region)
.build();
String secret="", decodedBinarySecret="";
GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest()
.withSecretId(secretName);
GetSecretValueResult getSecretValueResult = null;
try {
getSecretValueResult = client.getSecretValue(getSecretValueRequest);
} catch (DecryptionFailureException e) {
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
throw e;
} catch (InternalServiceErrorException e) {
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
throw e;
} catch (InvalidParameterException e) {
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
throw e;
} catch (InvalidRequestException e) {
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
throw e;
} catch (ResourceNotFoundException e) {
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
throw e;
}
sp = new ServicePrincipal(amazonRegion,environment,tokenUrl,awsOauthCustomScope);
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (getSecretValueResult.getSecretString() != null) {
secret = getSecretValueResult.getSecretString();
Map<String, String> secretMap=null;
try
{
secretMap = new ObjectMapper().readValue(secret.getBytes(), Map.class);
} catch (JsonParseException e) {
log.error(e.getMessage());
} catch (JsonMappingException e) {
log.error(e.getMessage());
} catch (IOException e) {
log.error(e.getMessage());
}
secretVaue = secretMap.get(secretKey);
}
}
@Override
public String getIdToken(String s) {
String token= sp.getServicePrincipalAccessToken(client_credentials_clientid,client_credentials_secret);
return token;
}
return secretVaue;
private String getSsmParameter(String parameterKey) {
GetParameterRequest paramRequest = (new GetParameterRequest()).withName(parameterKey).withWithDecryption(true);
GetParameterResult paramResult = ssmManager.getParameter(paramRequest);
return paramResult.getParameter().getValue();
}
......
......@@ -28,7 +28,6 @@ aws.region=${AWS_REGION}
aws.dynamodb.table.prefix=${RESOURCE_PREFIX}-
aws.dynamodb.endpoint=dynamodb.${AWS_REGION}.amazonaws.com
app.expireTime=300
app.maxCacheSize=10
......
......@@ -38,14 +38,13 @@
<java.version>8</java.version>
<maven.compiler.target>${java.version}</maven.compiler.target>
<maven.compiler.source>${java.version}</maven.compiler.source>
<os-core-lib-aws.version>0.3.11</os-core-lib-aws.version>
</properties>
<dependencies>
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
<version>0.3.11</version>
<version>0.3.13</version>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment