Commit 1a7c408d authored by David Diederich's avatar David Diederich
Browse files

Merge remote-tracking branch 'origin/master' into release/0.4

parents 5165b05f 75472600
Pipeline #20735 failed with stages
in 49 minutes and 20 seconds
......@@ -333,12 +333,6 @@ CC-BY-2.5
The following software have components provided under the terms of this license:
- Checker Qual (from https://checkerframework.org)
========================================================================
CC-BY-3.0
========================================================================
The following software have components provided under the terms of this license:
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
========================================================================
......@@ -366,10 +360,7 @@ CDDL-1.0
The following software have components provided under the terms of this license:
- Common Annotations 1.2 API (from )
- Java Architecture For XML Binding (from )
- Java Servlet API (from http://servlet-spec.java.net)
- JavaBeans Activation Framework API jar (from )
- JavaBeans(TM) Activation Framework (from http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp)
- Old JAXB Core (from )
- Old JAXB Runtime (from )
- javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
......@@ -381,18 +372,27 @@ The following software have components provided under the terms of this license:
- Expression Language 3.0 (from http://uel.java.net)
- Java Architecture For XML Binding (from )
- Java Architecture For XML Binding (from )
- Java Servlet API (from http://servlet-spec.java.net)
- Java(TM) API for WebSocket (from )
- JavaBeans Activation Framework (from )
- JavaBeans(TM) Activation Framework (from http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp)
- JavaMail API (from )
- tomcat-embed-core (from http://tomcat.apache.org/)
========================================================================
CPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- JUnit (from http://junit.org)
========================================================================
EPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- JUnit (from http://junit.org)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
- Logback Classic Module (from )
......@@ -505,7 +505,6 @@ LGPL-2.1-or-later
========================================================================
The following software have components provided under the terms of this license:
- Java Native Access (from https://github.com/java-native-access/jna)
- Java Native Access Platform (from https://github.com/java-native-access/jna)
- Javassist (from http://www.javassist.org/)
- SnakeYAML (from http://www.snakeyaml.org)
......@@ -632,6 +631,7 @@ The following software have components provided under the terms of this license:
- Byte Buddy (without dependencies) (from )
- Common Annotations 1.2 API (from )
- JUnit (from http://junit.org)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-api (from http://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-engine (from http://junit.org/junit5/)
......
# Copyright © Microsoft Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file contains the essential configs for the osdu on azure helm chart
global:
# Service(s) Replica Count
replicaCount: 1
################################################################################
# Specify the Gitlab branch being used for image creation
# ie: community.opengroup.org:5555/osdu/platform/system/storage/{{ .Values.global.branch }}/storage:latest
#
image:
repository: #{container-registry}#.azurecr.io
branch: #{ENVIRONMENT_NAME}#
tag: #{Build.SourceVersion}#
# Copyright © Microsoft Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
trigger:
batch: true
branches:
include:
- master
paths:
exclude:
- /**/*.md
- .gitignore
- /docs
- /provider/notification-aws
- /provider/notification-gcp
- /provider/notification-ibm
resources:
repositories:
- repository: FluxRepo
type: git
name: k8-gitops-manifests
- repository: TemplateRepo
type: git
name: infra-azure-provisioning
variables:
- group: 'Azure - OSDU'
- group: 'Azure - OSDU Secrets'
- name: serviceName
value: "notification"
- name: chartPath
value: "devops/azure/chart"
- name: valuesFile
value: "devops/azure/chart/helm-config.yaml"
- name: 'MANIFEST_REPO'
value: $[ resources.repositories['FluxRepo'].name ]
- name: 'MAVEN_CACHE_FOLDER'
value: $(Pipeline.Workspace)/.m2/repository
- name: SKIP_TESTS
value: 'false'
stages:
- template: /devops/build-stage.yml@TemplateRepo
parameters:
mavenGoal: 'package'
mavenPublishJUnitResults: true
serviceCoreMavenOptions: '-P notification-core --settings .mvn/community-maven.settings.xml'
mavenOptions: '-P notification-azure --settings .mvn/community-maven.settings.xml -Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)'
copyFileContents: |
pom.xml
provider/notification-azure/maven/settings.xml
provider/notification-azure/pom.xml
provider/notification-azure/target/*-spring-boot.jar
.mvn/community-maven.settings.xml
copyFileContentsToFlatten: ''
mavenSettingsFile: '.mvn/community-maven.settings.xml'
serviceBase: ${{ variables.serviceName }}
testingRootFolder: 'testing'
chartPath: ${{ variables.chartPath }}
- template: /devops/deploy-stages.yml@TemplateRepo
parameters:
serviceName: ${{ variables.serviceName }}
chartPath: ${{ variables.chartPath }}
valuesFile: ${{ variables.valuesFile }}
testCoreMavenPomFile: 'testing/notification-test-core/pom.xml'
testCoreMavenOptions: '--settings $(System.DefaultWorkingDirectory)/drop/.mvn/community-maven.settings.xml'
skipDeploy: ${{ variables.SKIP_DEPLOY }}
skipTest: ${{ variables.SKIP_TESTS }}
providers:
- name: Azure
environments: ['dev']
# Copyright © Microsoft Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
trigger:
batch: true
branches:
include:
- master
paths:
exclude:
- /**/*.md
- .gitignore
- /docs
- /provider/notification-aws
- /provider/notification-gcp
- /provider/notification-ibm
resources:
repositories:
- repository: FluxRepo
type: git
name: k8-gitops-manifests
- repository: TemplateRepo
type: git
name: infra-azure-provisioning
variables:
- group: 'Azure - OSDU'
- group: 'Azure - OSDU Secrets'
- name: serviceName
value: "notification"
- name: chartPath
value: "devops/azure/chart"
- name: valuesFile
value: "devops/azure/chart/helm-config.yaml"
- name: 'MANIFEST_REPO'
value: $[ resources.repositories['FluxRepo'].name ]
- name: 'MAVEN_CACHE_FOLDER'
value: $(Pipeline.Workspace)/.m2/repository
- name: SKIP_TESTS
value: 'false'
stages:
- template: /devops/build-stage.yml@TemplateRepo
parameters:
mavenGoal: 'package'
mavenPublishJUnitResults: true
serviceCoreMavenOptions: '-P notification-core --settings .mvn/community-maven.settings.xml'
mavenOptions: '-P notification-azure --settings .mvn/community-maven.settings.xml -Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)'
copyFileContents: |
pom.xml
provider/notification-azure/maven/settings.xml
provider/notification-azure/pom.xml
provider/notification-azure/target/*-spring-boot.jar
.mvn/community-maven.settings.xml
copyFileContentsToFlatten: ''
mavenSettingsFile: '.mvn/community-maven.settings.xml'
serviceBase: ${{ variables.serviceName }}
testingRootFolder: 'testing'
chartPath: ${{ variables.chartPath }}
- template: /devops/deploy-stages.yml@TemplateRepo
parameters:
serviceName: ${{ variables.serviceName }}
chartPath: ${{ variables.chartPath }}
valuesFile: ${{ variables.valuesFile }}
testCoreMavenPomFile: 'testing/notification-test-core/pom.xml'
testCoreMavenOptions: '--settings $(System.DefaultWorkingDirectory)/drop/.mvn/community-maven.settings.xml'
skipDeploy: ${{ variables.SKIP_DEPLOY }}
skipTest: ${{ variables.SKIP_TESTS }}
providers:
- name: Azure
environments: ['demo']
......@@ -50,7 +50,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
<version>0.3.11</version>
<version>0.3.14</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->
......
......@@ -12,36 +12,26 @@
// limitations under the License.
package org.opengroup.osdu.notification.provider.aws.impl;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.*;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagement;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClientBuilder;
import com.amazonaws.services.simplesystemsmanagement.model.*;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.amazonaws.services.simplesystemsmanagement.model.GetParameterRequest;
import com.amazonaws.services.simplesystemsmanagement.model.GetParameterResult;
import com.amazonaws.services.simplesystemsmanagement.model.Parameter;
import lombok.AccessLevel;
import lombok.Getter;
import lombok.Setter;
import org.opengroup.osdu.core.aws.entitlements.ServicePrincipal;
import org.opengroup.osdu.core.aws.iam.IAMConfig;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.opengroup.osdu.core.aws.secrets.SecretsManager;
import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
import org.opengroup.osdu.notification.provider.aws.utils.AwsCognitoClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.annotation.PostConstruct;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@Component
public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient {
......@@ -65,15 +55,12 @@ public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient
@Setter(AccessLevel.PROTECTED)
public String environment;
private String awsOauthCustomScope;
@Autowired
private JaxRsDpsLog log;
String client_credentials_secret;
String client_credentials_clientid;
ServicePrincipal sp;
String password;
String clientid;
String userpoolid;
String serviceprincipaluser;
AwsCognitoClient cognitoClient;
private AWSCredentialsProvider amazonAWSCredentials;
private AWSSimpleSystemsManagement ssmManager;
......@@ -81,132 +68,45 @@ public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient
@PostConstruct
public void init() {
if (ssmEnabled) {
String secretKey = "service_principal_password";
String secretName = "/osdu/" + environment + "/service_principal_password";
String cognito_user_pool_id = "/osdu/" + environment + "/cognito-user-pool-id";
String cognito_client_id = "/osdu/" + environment + "/cognito-client-id";
String service_principal = "/osdu/" + environment + "/service-principal-user";
SecretsManager sm = new SecretsManager();
String oauth_token_url = "/osdu/" + environment + "/oauth-token-uri";
String oauth_custom_scope = "/osdu/" + environment + "/oauth-custom-scope";
String client_credentials_client_id = "/osdu/" + environment + "/client-credentials-client-id";
String client_secret_key = "client_credentials_client_secret";
String client_secret_secretName = "/osdu/" + environment + "/client_credentials_secret";
amazonAWSCredentials = IAMConfig.amazonAWSCredentials();
ssmManager = AWSSimpleSystemsManagementClientBuilder.standard()
.withCredentials(amazonAWSCredentials)
.withRegion(amazonRegion)
.build();
GetParametersRequest paramRequest = new GetParametersRequest()
.withNames(cognito_user_pool_id,cognito_client_id,service_principal)
.withWithDecryption(true);
GetParametersResult paramResult = new GetParametersResult();
paramResult = ssmManager.getParameters(paramRequest);
List<Parameter> paramsResultList = new ArrayList<>();
List<String> paramsResultListInvalid = new ArrayList<>();
paramsResultList = paramResult.getParameters();
paramsResultListInvalid = paramResult.getInvalidParameters();
if(paramsResultListInvalid.size() >0)
{
log.error("SSM did not retrieve all parameters");
}
for (Parameter s : paramsResultList) {
if (s.getName().equalsIgnoreCase(cognito_user_pool_id)) {
userpoolid = s.getValue();
}
if (s.getName().equalsIgnoreCase(cognito_client_id)) {
clientid = s.getValue();
}
if (s.getName().equalsIgnoreCase(service_principal)) {
serviceprincipaluser = s.getValue();
}
}
password = getSecret(secretName,amazonRegion,secretKey);
cognitoClient = new AwsCognitoClient(amazonRegion,clientid,"USER_PASSWORD_AUTH", serviceprincipaluser,password);
cognitoClient.setPassword(serviceprincipaluser,password,userpoolid);
}
}
@Override
public String getIdToken(String s) {
String token= getServicePrincipalCredentials();
return token;
}
client_credentials_clientid = getSsmParameter(client_credentials_client_id);
public String getServicePrincipalCredentials()
{
client_credentials_secret = sm.getSecret(client_secret_secretName,amazonRegion,client_secret_key);
String token = cognitoClient.getToken(serviceprincipaluser,password,"bearer");
return token;
String tokenUrl = getSsmParameter(oauth_token_url);
}
awsOauthCustomScope = getSsmParameter(oauth_custom_scope);
public String getSecret(String secretName, String region,String secretKey) {
String secretVaue="";
// Create a Secrets Manager client
AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard()
.withRegion(region)
.build();
String secret="", decodedBinarySecret="";
GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest()
.withSecretId(secretName);
GetSecretValueResult getSecretValueResult = null;
try {
getSecretValueResult = client.getSecretValue(getSecretValueRequest);
} catch (DecryptionFailureException e) {
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
throw e;
} catch (InternalServiceErrorException e) {
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
throw e;
} catch (InvalidParameterException e) {
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
throw e;
} catch (InvalidRequestException e) {
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
throw e;
} catch (ResourceNotFoundException e) {
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
throw e;
}
sp = new ServicePrincipal(amazonRegion,environment,tokenUrl,awsOauthCustomScope);
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (getSecretValueResult.getSecretString() != null) {
secret = getSecretValueResult.getSecretString();
Map<String, String> secretMap=null;
try
{
secretMap = new ObjectMapper().readValue(secret.getBytes(), Map.class);
} catch (JsonParseException e) {
log.error(e.getMessage());
} catch (JsonMappingException e) {
log.error(e.getMessage());
} catch (IOException e) {
log.error(e.getMessage());
}
secretVaue = secretMap.get(secretKey);
}
}
@Override
public String getIdToken(String s) {
String token= sp.getServicePrincipalAccessToken(client_credentials_clientid,client_credentials_secret);
return token;
}
return secretVaue;
private String getSsmParameter(String parameterKey) {
GetParameterRequest paramRequest = (new GetParameterRequest()).withName(parameterKey).withWithDecryption(true);
GetParameterResult paramResult = ssmManager.getParameter(paramRequest);
return paramResult.getParameter().getValue();
}
......
......@@ -28,7 +28,6 @@ aws.region=${AWS_REGION}
aws.dynamodb.table.prefix=${RESOURCE_PREFIX}-
aws.dynamodb.endpoint=dynamodb.${AWS_REGION}.amazonaws.com
app.expireTime=300
app.maxCacheSize=10
......
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright © Microsoft Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>azure-auth</id>
<configuration>
<tenant>${AZURE_DEPLOY_TENANT}</tenant>
<client>${AZURE_DEPLOY_CLIENT_ID}</client>
<key>${AZURE_DEPLOY_CLIENT_SECRET}</key>
<environment>AZURE</environment>
</configuration>
</server>
</servers>
</settings>
......@@ -20,7 +20,7 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>notification-azure</artifactId>
<version>1.0.0</version>
<version>1.0.0-SNAPSHOT</version>
<name>notification-azure</name>
<description>Azure implementation for Notification service</description>
<packaging>jar</packaging>
......
......@@ -20,11 +20,11 @@ steps:
'build',
'--build-arg', 'PROVIDER_NAME=${_PROVIDER_NAME}',
'--build-arg', 'PORT=${_PORT}',
'-t', 'gcr.io/$PROJECT_ID/os-notification/notification-${_PROVIDER_NAME}:${_SHORT_SHA}',
'-t', 'gcr.io/$PROJECT_ID/os-notification/notification-${_PROVIDER_NAME}:latest',
'-f', 'provider/notification-${_PROVIDER_NAME}/cloudbuild/Dockerfile.cloudbuild',
'-t', 'gcr.io/$PROJECT_ID/${_APPLICATION_NAME}/${_GCP_SERVICE}-${_PROVIDER_NAME}:${_SHORT_SHA}',
'-t', 'gcr.io/$PROJECT_ID/${_APPLICATION_NAME}/${_GCP_SERVICE}-${_PROVIDER_NAME}:latest',
'-f', 'provider/${_GCP_SERVICE}-${_PROVIDER_NAME}/cloudbuild/Dockerfile.cloudbuild',
'.'
]
images:
- 'gcr.io/$PROJECT_ID/os-notification/notification-${_PROVIDER_NAME}'
- 'gcr.io/$PROJECT_ID/${_APPLICATION_NAME}/${_GCP_SERVICE}-${_PROVIDER_NAME}'
/*
Copyright 2020 Google LLC
Copyright 2020 EPAM Systems, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/