diff --git a/provider/notification-aws/pom.xml b/provider/notification-aws/pom.xml
index 85ddaf9fc1cdef0b1118882288ac4cf9e76c54e5..19bd5d784d520289da5d5a12dc1c49c21fff360c 100644
--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -50,7 +50,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
- <version>0.3.11</version>
+ <version>0.3.13</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->
diff --git a/provider/notification-aws/src/main/java/org/opengroup/osdu/notification/provider/aws/impl/ServiceAccountJwtAwsClientImpl.java b/provider/notification-aws/src/main/java/org/opengroup/osdu/notification/provider/aws/impl/ServiceAccountJwtAwsClientImpl.java
index dcfbf42aa4cedd1976432d027e0b855b7d392384..02e2b91e7f64abc56a6ecafa648183337e4fe2df 100644
--- a/provider/notification-aws/src/main/java/org/opengroup/osdu/notification/provider/aws/impl/ServiceAccountJwtAwsClientImpl.java
+++ b/provider/notification-aws/src/main/java/org/opengroup/osdu/notification/provider/aws/impl/ServiceAccountJwtAwsClientImpl.java
@@ -12,36 +12,26 @@
// limitations under the License.
package org.opengroup.osdu.notification.provider.aws.impl;
+
import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.services.secretsmanager.AWSSecretsManager;
-import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
-import com.amazonaws.services.secretsmanager.model.*;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagement;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClientBuilder;
-import com.amazonaws.services.simplesystemsmanagement.model.*;
-import com.fasterxml.jackson.core.JsonParseException;
-import com.fasterxml.jackson.databind.JsonMappingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
+import com.amazonaws.services.simplesystemsmanagement.model.GetParameterRequest;
+import com.amazonaws.services.simplesystemsmanagement.model.GetParameterResult;
+import com.amazonaws.services.simplesystemsmanagement.model.Parameter;
import lombok.AccessLevel;
import lombok.Getter;
import lombok.Setter;
+import org.opengroup.osdu.core.aws.entitlements.ServicePrincipal;
import org.opengroup.osdu.core.aws.iam.IAMConfig;
-import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
+import org.opengroup.osdu.core.aws.secrets.SecretsManager;
import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
-import org.opengroup.osdu.notification.provider.aws.utils.AwsCognitoClient;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.annotation.PostConstruct;
-import java.io.IOException;
-
-import java.util.ArrayList;
-
-import java.util.List;
-import java.util.Map;
@Component
public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient {
@@ -66,14 +56,20 @@ public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient
public String environment;
- @Autowired
- private JaxRsDpsLog log;
+ @Value("${aws.tokenUrl}")
+ @Getter()
+ public String tokenUrl;
+
+ @Value("${aws.oauth.custom.scope}")
+ @Getter()
+ private String awsOauthCustomScope;
+
+
+
+ String client_credentials_secret;
+ String client_credentials_clientid;
+ ServicePrincipal sp;
- String password;
- String clientid;
- String userpoolid;
- String serviceprincipaluser;
- AwsCognitoClient cognitoClient;
private AWSCredentialsProvider amazonAWSCredentials;
private AWSSimpleSystemsManagement ssmManager;
@@ -81,132 +77,35 @@ public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient
@PostConstruct
public void init() {
if (ssmEnabled) {
- String secretKey = "service_principal_password";
- String secretName = "/osdu/" + environment + "/service_principal_password";
- String cognito_user_pool_id = "/osdu/" + environment + "/cognito-user-pool-id";
- String cognito_client_id = "/osdu/" + environment + "/cognito-client-id";
- String service_principal = "/osdu/" + environment + "/service-principal-user";
+
+ SecretsManager sm = new SecretsManager();
+ sp = new ServicePrincipal(amazonRegion,environment,tokenUrl,awsOauthCustomScope);
+
+ String client_credentials_client_id = "/osdu/" + environment + "/client-credentials-client-id";
+ String client_secret_key = "client_credentials_client_secret";
+ String client_secret_secretName = "/osdu/" + environment + "/client_credentials_secret";
+
amazonAWSCredentials = IAMConfig.amazonAWSCredentials();
ssmManager = AWSSimpleSystemsManagementClientBuilder.standard()
.withCredentials(amazonAWSCredentials)
.withRegion(amazonRegion)
.build();
- GetParametersRequest paramRequest = new GetParametersRequest()
- .withNames(cognito_user_pool_id,cognito_client_id,service_principal)
+ GetParameterRequest paramRequest = new GetParameterRequest()
+ .withName(client_credentials_client_id)
.withWithDecryption(true);
- GetParametersResult paramResult = new GetParametersResult();
- paramResult = ssmManager.getParameters(paramRequest);
- List<Parameter> paramsResultList = new ArrayList<>();
- List<String> paramsResultListInvalid = new ArrayList<>();
- paramsResultList = paramResult.getParameters();
- paramsResultListInvalid = paramResult.getInvalidParameters();
-
- if(paramsResultListInvalid.size() >0)
- {
- log.error("SSM did not retrieve all parameters");
- }
- for (Parameter s : paramsResultList) {
- if (s.getName().equalsIgnoreCase(cognito_user_pool_id)) {
- userpoolid = s.getValue();
- }
- if (s.getName().equalsIgnoreCase(cognito_client_id)) {
- clientid = s.getValue();
- }
- if (s.getName().equalsIgnoreCase(service_principal)) {
- serviceprincipaluser = s.getValue();
- }
-
- }
-
- password = getSecret(secretName,amazonRegion,secretKey);
- cognitoClient = new AwsCognitoClient(amazonRegion,clientid,"USER_PASSWORD_AUTH", serviceprincipaluser,password);
- cognitoClient.setPassword(serviceprincipaluser,password,userpoolid);
+ GetParameterResult paramResult = ssmManager.getParameter(paramRequest);
+ Parameter paramsResult = paramResult.getParameter();
+ client_credentials_clientid = paramsResult.getValue();
+ client_credentials_secret = sm.getSecret(client_secret_secretName,amazonRegion,client_secret_key);
+
}
}
@Override
public String getIdToken(String s) {
-
- String token= getServicePrincipalCredentials();
+ String token= sp.getServicePrincipalAccessToken(client_credentials_clientid,client_credentials_secret);
return token;
-
- }
-
- public String getServicePrincipalCredentials()
- {
-
- String token = cognitoClient.getToken(serviceprincipaluser,password,"bearer");
- return token;
-
- }
-
- public String getSecret(String secretName, String region,String secretKey) {
-
-
-String secretVaue="";
- // Create a Secrets Manager client
- AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard()
- .withRegion(region)
- .build();
-
- String secret="", decodedBinarySecret="";
- GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest()
- .withSecretId(secretName);
- GetSecretValueResult getSecretValueResult = null;
-
- try {
- getSecretValueResult = client.getSecretValue(getSecretValueRequest);
- } catch (DecryptionFailureException e) {
- // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
- // Deal with the exception here, and/or rethrow at your discretion.
- log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
- throw e;
- } catch (InternalServiceErrorException e) {
- // An error occurred on the server side.
- // Deal with the exception here, and/or rethrow at your discretion.
- log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
- throw e;
- } catch (InvalidParameterException e) {
- // You provided an invalid value for a parameter.
- // Deal with the exception here, and/or rethrow at your discretion.
- log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
- throw e;
- } catch (InvalidRequestException e) {
- // You provided a parameter value that is not valid for the current state of the resource.
- // Deal with the exception here, and/or rethrow at your discretion.
- log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
- throw e;
- } catch (ResourceNotFoundException e) {
- // We can't find the resource that you asked for.
- // Deal with the exception here, and/or rethrow at your discretion.
- log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
- throw e;
- }
-
- // Decrypts secret using the associated KMS CMK.
- // Depending on whether the secret is a string or binary, one of these fields will be populated.
- if (getSecretValueResult.getSecretString() != null) {
- secret = getSecretValueResult.getSecretString();
- Map<String, String> secretMap=null;
-
- try
- {
- secretMap = new ObjectMapper().readValue(secret.getBytes(), Map.class);
-
- } catch (JsonParseException e) {
- log.error(e.getMessage());
- } catch (JsonMappingException e) {
- log.error(e.getMessage());
- } catch (IOException e) {
- log.error(e.getMessage());
- }
-
- secretVaue = secretMap.get(secretKey);
- }
-
-
- return secretVaue;
}
diff --git a/provider/notification-aws/src/main/resources/application.properties b/provider/notification-aws/src/main/resources/application.properties
index 6412b35466c829df8611f467c82b8e2428185846..cfccbdec8a2adc65bd8952cdb11bfcfc86fc6813 100644
--- a/provider/notification-aws/src/main/resources/application.properties
+++ b/provider/notification-aws/src/main/resources/application.properties
@@ -28,7 +28,8 @@ aws.region=${AWS_REGION}
aws.dynamodb.table.prefix=${RESOURCE_PREFIX}-
aws.dynamodb.endpoint=dynamodb.${AWS_REGION}.amazonaws.com
-
+aws.tokenUrl=${OAUTH_TOKEN_URL}
+aws.oauth.custom.scope=${OAUTH_CUSTOM_SCOPE}
app.expireTime=300
app.maxCacheSize=10
diff --git a/testing/notification-test-aws/pom.xml b/testing/notification-test-aws/pom.xml
index fa94003e20ef3933df797aad9d91a073fd5076b4..806791ec17a263688d4d335615877b7a93dd3229 100644
--- a/testing/notification-test-aws/pom.xml
+++ b/testing/notification-test-aws/pom.xml
@@ -38,14 +38,13 @@
<java.version>8</java.version>
<maven.compiler.target>${java.version}</maven.compiler.target>
<maven.compiler.source>${java.version}</maven.compiler.source>
- <os-core-lib-aws.version>0.3.11</os-core-lib-aws.version>
</properties>
<dependencies>
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
- <version>0.3.11</version>
+ <version>0.3.13</version>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>