From 38691764b4ade28eba1d1f315454dc496321548d Mon Sep 17 00:00:00 2001
From: "Rustam Lotsmanenko (EPAM)" <rustam_lotsmanenko@epam.com>
Date: Sat, 12 Mar 2022 18:30:17 +0000
Subject: [PATCH] sensitive property look-up from env variables(GONRG-4404)

---
 .../configmap/templates/notification-configmap.yaml  |  3 +--
 devops/gcp/configmap/values.yaml                     |  3 +--
 provider/notification-gcp/docs/anthos/README.md      | 12 ++++++++----
 provider/notification-gcp/pom.xml                    |  2 +-
 4 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/devops/gcp/configmap/templates/notification-configmap.yaml b/devops/gcp/configmap/templates/notification-configmap.yaml
index 61d38f087..8b7b6e5f1 100644
--- a/devops/gcp/configmap/templates/notification-configmap.yaml
+++ b/devops/gcp/configmap/templates/notification-configmap.yaml
@@ -12,5 +12,4 @@ data:
   APP_REGISTER: "{{ .Values.data.app_register }}"
   PARTITION_API: "{{ .Values.data.partition_api }}"
   GOOGLE_AUDIENCES: "{{ .Values.data.google_audiences }}"
-  SERVICE_TOKEN_PROVIDER: "{{ .Values.data.token_provider }}"
-  PARTITION_AUTH_ENABLED: "{{ .Values.data.partition_auth_enabled }}"
+  SPRING_PROFILES_ACTIVE: "{{ .Values.data.spring_profiles_active }}"
diff --git a/devops/gcp/configmap/values.yaml b/devops/gcp/configmap/values.yaml
index 129e9d1c3..078fa99c1 100644
--- a/devops/gcp/configmap/values.yaml
+++ b/devops/gcp/configmap/values.yaml
@@ -5,8 +5,7 @@ data:
   app_register: "http://register/api/register/v1"
   partition_api: "http://partition/api/partition/v1/"
   google_audiences: ""
-  token_provider: "GCP"
-  partition_auth_enabled: "true"
+  spring_profiles_active: "gcp"
 conf:
   configmap: "notification-config"
   app_name: "notification"
diff --git a/provider/notification-gcp/docs/anthos/README.md b/provider/notification-gcp/docs/anthos/README.md
index a1de38b54..2ab828d7f 100644
--- a/provider/notification-gcp/docs/anthos/README.md
+++ b/provider/notification-gcp/docs/anthos/README.md
@@ -18,16 +18,20 @@
 | name | value | description | sensitive? | source |
 | ---  | ---   | ---         | ---        | ---    |
 | `APP_ENTITLEMENTS` | ex `https://entitlements.com/entitlements/v1` | Entitlements API endpoint | no | output of infrastructure deployment |
-| `APP_REGISTER` | ex `https://register.com/api/register/v1` | Storage API endpoint | no | output of infrastructure deployment |
+| `APP_REGISTER` | ex `https://register.com/api/register/v1` | Register API endpoint | no | output of infrastructure deployment |
 | `APP_PROJECT` | ex `opendes` | Google Cloud Project Id | no | output of infrastructure deployment |
 | `PARTITION_API` | ex `http://localhost:8081/api/partition/v1` | Partition service endpoint | no | - |
-| `SERVICE_TOKEN_PROVIDER` | ex `GCP` or `OPENID` | Service token provider | no | - |
 
 **System Environment required to run service**
 
 | name | value | description | sensitive? | source |
 | ---  | ---   | ---         | ---        | ---    |
 | `SPRING_PROFILES_ACTIVE` | `anthos` | spring active profile | no |
+| `OPENID_PROVIDER_CLIENT_ID` | `*****` |  Client id that represents this service and serves to request tokens, example `workload-identity-legal` |yes| - |
+| `OPENID_PROVIDER_CLIENT_SECRET` | `*****` | This client secret that serves to request tokens| yes | - |
+| `OPENID_PROVIDER_URL` | `https://keycloack.com/auth/realms/master` | URL of OpenID Connect provider, it will be used as `<OpenID URL> + /.well-known/openid-configuration` to auto configure endpoint for token request  | no | - |
+| `<AMQP_PASSWORD_ENV_VARIABLE_NAME>` | ex `AMQP_PASS_OSDU` | Amqp password env name, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Notification service | yes | - |
+| `<AMQP_ADMIN_PASSWORD_ENV_VARIABLE_NAME>` | ex `AMQP_ADMIN_PASS_OSDU` | Amqp admin password env name, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Notification service | yes | - |
 
 ### For Mappers to activate drivers
 
@@ -100,7 +104,7 @@ curl -L -X PATCH 'https://dev.osdu.club/api/partition/v1/partitions/opendes' -H
     },
     "oqm.rabbitmq.amqp.password": {
       "sensitive": true,
-      "value": "guest"
+      "value": "<AMQP_PASSWORD_ENV_VARIABLE_NAME>" <- (Not actual value, just name of env variable)
     },
 
      "oqm.rabbitmq.admin.schema": {
@@ -125,7 +129,7 @@ curl -L -X PATCH 'https://dev.osdu.club/api/partition/v1/partitions/opendes' -H
     },
     "oqm.rabbitmq.admin.password": {
       "sensitive": true,
-      "value": "guest"
+      "value": "<AMQP_ADMIN_PASSWORD_ENV_VARIABLE_NAME>" <- (Not actual value, just name of env variable)
     }
   }
 }'
diff --git a/provider/notification-gcp/pom.xml b/provider/notification-gcp/pom.xml
index fb042f28d..8cbe51e17 100644
--- a/provider/notification-gcp/pom.xml
+++ b/provider/notification-gcp/pom.xml
@@ -44,7 +44,7 @@
         <dependency>
             <groupId>org.opengroup.osdu</groupId>
             <artifactId>core-lib-gcp</artifactId>
-            <version>0.14.0-rc1</version>
+            <version>0.14.0-rc2</version>
         </dependency>
 
         <dependency>
-- 
GitLab