Move ServicePrincipal code to os-core-lib-aws

755d743d · Rucha Deshpande · ee6cb3a7 · 755d743d · 755d743d · 755d743d
Commit 755d743d authored 4 years ago by Rucha Deshpande
--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -50,7 +50,7 @@
        <dependency>
            <groupId>org.opengroup.osdu.core.aws</groupId>
            <artifactId>os-core-lib-aws</artifactId>
-            <version>0.3.12-SNAPSHOT</version>
+            <version>0.3.12-deshruch-SNAPSHOT</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->

--- a/provider/notification-aws/src/main/java/org/opengroup/osdu/notification/provider/aws/impl/ServiceAccountJwtAwsClientImpl.java
+++ b/provider/notification-aws/src/main/java/org/opengroup/osdu/notification/provider/aws/impl/ServiceAccountJwtAwsClientImpl.java
@@ -12,39 +12,15 @@
 // limitations under the License.
 package org.opengroup.osdu.notification.provider.aws.impl;
-import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.services.secretsmanager.AWSSecretsManager;
-import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
-import com.amazonaws.services.secretsmanager.model.*;
-import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagement;
-import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClientBuilder;
-import com.amazonaws.services.simplesystemsmanagement.model.*;
-import com.fasterxml.jackson.core.JsonParseException;
-import com.fasterxml.jackson.databind.JsonMappingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.gson.JsonSyntaxException;
 import lombok.AccessLevel;
 import lombok.Getter;
 import lombok.Setter;
-import org.opengroup.osdu.core.aws.entitlements.AccessToken;
-import org.opengroup.osdu.core.aws.iam.IAMConfig;
-import org.opengroup.osdu.core.common.http.HttpClient;
-import org.opengroup.osdu.core.common.http.HttpRequest;
-import org.opengroup.osdu.core.common.http.HttpResponse;
-import org.opengroup.osdu.core.common.http.IHttpClient;
-import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
-import org.opengroup.osdu.core.common.model.entitlements.EntitlementsException;
 import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
-import javax.annotation.PostConstruct;
-import java.io.IOException;
-import java.util.*;
 @Component
 public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient {
@@ -69,172 +45,14 @@ public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient
    public String environment;
-    @Value("${aws.tokenUrl}")
-    @Getter()
-    public String tokenUrl;
-    @Value("${aws.oauth.custom.scope}")
-    private String awsOauthCustomScope;
-    @Autowired
-    private JaxRsDpsLog log;
-    String client_credentials_secret;
-    String client_credentials_clientid;
-    private AWSCredentialsProvider amazonAWSCredentials;
-    private AWSSimpleSystemsManagement ssmManager;
-    @PostConstruct
-    public void init() {
-        if (ssmEnabled) {
-            String client_credentials_client_id = "/osdu/" + environment + "/client-credentials-client-id";
-            String client_secret_key = "client_credentials_client_secret";
-            String client_secret_secretName = "/osdu/" + environment + "/client_credentials_secret";
-            amazonAWSCredentials = IAMConfig.amazonAWSCredentials();
-            ssmManager = AWSSimpleSystemsManagementClientBuilder.standard()
-                    .withCredentials(amazonAWSCredentials)
-                    .withRegion(amazonRegion)
-                    .build();
-            GetParameterRequest paramRequest = new GetParameterRequest()
-                    .withName(client_credentials_client_id)
-                    .withWithDecryption(true);
-            GetParameterResult paramResult = ssmManager.getParameter(paramRequest);
-            Parameter paramsResult = paramResult.getParameter();
-           client_credentials_clientid = paramsResult.getValue();
-            client_credentials_secret = getSecret(client_secret_secretName,amazonRegion,client_secret_key);
-        }
-    }
    @Override
    public String getIdToken(String s) {
-        String token=  getServicePrincipalCredentials();
+        ServicePrincipal sp = new ServicePrincipal(amazonRegion,environment);
+        String token=  sp.getServicePrincipalAccessToken();
        return token;
    }
-    public  String getServicePrincipalCredentials()
-    {
-        String token=null;
-        Map<String,String> headers = new HashMap<>();
-        String authorizationHeaderContents=getEncodedAuthorization(client_credentials_clientid,client_credentials_secret);
-        headers.put("Authorization","Basic "+authorizationHeaderContents);
-        headers.put("Content-Type", "application/x-www-form-urlencoded");
-        IHttpClient httpClient = new HttpClient();
-        String url = tokenUrl+"?grant_type=client_credentials&client_id="+client_credentials_clientid+"&scope="+awsOauthCustomScope;
-        HttpRequest rq = HttpRequest.post().url(url).headers(headers).build();
-        HttpResponse result = httpClient.send(rq);
-        try {
-            AccessToken accessToken = this.getResult(result, AccessToken.class);
-            token = accessToken.getAccess_token();
-        }catch(Exception e)
-        {
-            System.out.println("Could not parse AccessToken result to get access_token");
-        }
-        return "Bearer "+token;
-    }
-    public  String getSecret(String secretName, String region,String secretKey) {
-        String secretVaue="";
-        // Create a Secrets Manager client
-        AWSSecretsManager client  = AWSSecretsManagerClientBuilder.standard()
-                .withRegion(region)
-                .build();
-        String secret="", decodedBinarySecret="";
-        GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest()
-                .withSecretId(secretName);
-        GetSecretValueResult getSecretValueResult = null;
-        try {
-            getSecretValueResult = client.getSecretValue(getSecretValueRequest);
-        } catch (DecryptionFailureException e) {
-            // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
-            // Deal with the exception here, and/or rethrow at your discretion.
-            log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
-            throw e;
-        } catch (InternalServiceErrorException e) {
-            // An error occurred on the server side.
-            // Deal with the exception here, and/or rethrow at your discretion.
-            log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
-            throw e;
-        } catch (InvalidParameterException e) {
-            // You provided an invalid value for a parameter.
-            // Deal with the exception here, and/or rethrow at your discretion.
-            log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
-            throw e;
-        } catch (InvalidRequestException e) {
-            // You provided a parameter value that is not valid for the current state of the resource.
-            // Deal with the exception here, and/or rethrow at your discretion.
-            log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
-            throw e;
-        } catch (ResourceNotFoundException e) {
-            // We can't find the resource that you asked for.
-            // Deal with the exception here, and/or rethrow at your discretion.
-            log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
-            throw e;
-        }
-        // Decrypts secret using the associated KMS CMK.
-        // Depending on whether the secret is a string or binary, one of these fields will be populated.
-        if (getSecretValueResult.getSecretString() != null) {
-            secret = getSecretValueResult.getSecretString();
-            Map<String, String> secretMap=null;
-            try
-            {
-                secretMap = new ObjectMapper().readValue(secret.getBytes(), Map.class);
-            } catch (JsonParseException e) {
-                log.error(e.getMessage());
-            } catch (JsonMappingException e) {
-                log.error(e.getMessage());
-            } catch (IOException e) {
-                log.error(e.getMessage());
-            }
-             secretVaue = secretMap.get(secretKey);
-        }
-        return secretVaue;
-    }
-    public String getEncodedAuthorization(String clientID, String clientSecret)
-    {
-        String base64Auth = Base64.getEncoder().encodeToString((clientID+":"+ clientSecret).getBytes());
-        return base64Auth;
-    }
-    private <T> T getResult(HttpResponse result, Class<T> type) throws EntitlementsException {
-        if (result.isSuccessCode()) {
-            try {
-                return result.parseBody(type);
-            } catch (JsonSyntaxException e) {
-                throw new EntitlementsException("Error parsing response. Check the inner HttpResponse for more info.",
-                        result);
-            }
-        } else {
-            throw this.generateEntitlementsException(result);
-        }
-    }
-    private EntitlementsException generateEntitlementsException(HttpResponse result) {
-        return new EntitlementsException(
-                "Could not generate accessToken in Notification Service with client_credentials flow.", result);
-    }
 }
--- a/testing/notification-test-aws/pom.xml
+++ b/testing/notification-test-aws/pom.xml
@@ -44,7 +44,7 @@
        <dependency>
            <groupId>org.opengroup.osdu.core.aws</groupId>
            <artifactId>os-core-lib-aws</artifactId>
-            <version>0.3.12-SNAPSHOT</version>
+            <version>0.3.12-deshruch-SNAPSHOT</version>
        </dependency>
        <dependency>
            <groupId>com.amazonaws</groupId>