Merge branch 'aws-integration-merge-msjangid' into 'master'

AWS integration merge See merge request !366

Merge branch 'aws-integration-merge-msjangid' into 'master'
c90ffd91 · Manish Jangid · 28e603bd · 7ea98b99 · c90ffd91 · c90ffd91
Commit c90ffd91 authored 1 year ago by Manish Jangid
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -27,6 +27,10 @@ environmentVariables:
    value: "http://os-entitlements:8080"
  - name: REGISTER_BASE_URL
    value: http://os-register:8080
+  - name: TMP_VOLUME_PATH
+    value: "/tmp"
+  - name: PARTITION_BASE_URL
+    value: http://os-partition:8080
 # Resource Config
 replicaCount: 1
@@ -62,7 +66,7 @@ cors:
 securityContext: 
  runAsUser: 10001
  runAsNonRoot: true
-  readOnlyRootFilesystem: false
+  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop:

--- a/provider/notification-aws/build-aws/Dockerfile
+++ b/provider/notification-aws/build-aws/Dockerfile
@@ -19,12 +19,9 @@ ARG JAR_FILE=provider/notification-aws/target/*spring-boot.jar
 # Harcoding this value since Notification-core requires this variable. AWS does not use it. Might change in future
 ENV ENVIRONMENT=DEV
-#Default to using self signed generated TLS cert
-ENV USE_SELF_SIGNED_SSL_CERT true
 WORKDIR /
 COPY ${JAR_FILE} app.jar
-COPY /provider/notification-aws/build-aws/ssl.sh /ssl.sh
 COPY /provider/notification-aws/build-aws/entrypoint.sh /entrypoint.sh
 EXPOSE 8080

--- a/provider/notification-aws/build-aws/entrypoint.sh
+++ b/provider/notification-aws/build-aws/entrypoint.sh
-if [ -n $USE_SELF_SIGNED_SSL_CERT ];
-then    
-    export SSL_KEY_PASSWORD=$RANDOM$RANDOM$RANDOM;
-    export SSL_KEY_STORE_PASSWORD=$SSL_KEY_PASSWORD;
-    export SSL_KEY_STORE_DIR=/tmp/certs;
-    export SSL_KEY_STORE_NAME=osduonaws.p12;
-    export SSL_KEY_STORE_PATH=$SSL_KEY_STORE_DIR/$SSL_KEY_STORE_NAME;
-    export SSL_KEY_ALIAS=osduonaws;
-    ./ssl.sh;
-fi
 java $JAVA_OPTS -jar /app.jar
\ No newline at end of file
--- a/provider/notification-aws/build-aws/ssl.sh
+++ b/provider/notification-aws/build-aws/ssl.sh
-# Copyright © 2021 Amazon Web Services
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#!/usr/bin/env bash
-#Future: Support for using Amazon Cert Manager
-# if [ "$1" == "webserver" ] && [ -n $ACM_CERTIFICATE_ARN ];
-# then
-#   aws acm export-certificate --certificate-arn $ACM_CERTIFICATE_ARN --passphrase $(echo -n 'aws123' | openssl base64 -e) | jq -r '"\(.PrivateKey)"' > ${SSL_KEY_PATH}.enc
-#   openssl rsa -in ${SSL_KEY_PATH}.enc -out $SSL_KEY_PATH -passin pass:aws123
-#   aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.CertificateChain)"' > $SSL_CERT_PATH
-#   aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.Certificate)"' >> $SSL_CERT_PATH
-# fi
-if [ -n $USE_SELF_SIGNED_SSL_CERT ];
-then
-    mkdir -p $SSL_KEY_STORE_DIR
-    pushd $SSL_KEY_STORE_DIR
-    keytool -genkeypair -alias $SSL_KEY_ALIAS -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore $SSL_KEY_STORE_NAME -validity 3650 -keypass $SSL_KEY_PASSWORD -storepass $SSL_KEY_PASSWORD -dname "CN=localhost, OU=AWS, O=Energy, L=Houston, ST=TX, C=US"
-    popd
-fi
--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -76,7 +76,7 @@
        <dependency>
            <groupId>org.opengroup.osdu.core.aws</groupId>
            <artifactId>os-core-lib-aws</artifactId>
-            <version>0.19.0-rc3</version>
+            <version>0.21.0-rc1</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->

--- a/provider/notification-aws/src/main/resources/application.properties
+++ b/provider/notification-aws/src/main/resources/application.properties
@@ -18,7 +18,7 @@ server.servlet.contextPath=/api/notification/v1
 server.port=${APPLICATION_PORT:8080}
 AUTHORIZE_API=${ENTITLEMENTS_BASE_URL}/api/entitlements/v2
-PARTITION_API=${ENTITLEMENTS_BASE_URL}/api/partition/v1
+PARTITION_API=${PARTITION_BASE_URL}/api/partition/v1
 REGISTER_SERVICE_URL=${REGISTER_BASE_URL}/api/register/v1
 aws.ssm=${SSM_ENABLED:True}

--- a/testing/notification-test-aws/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
+++ b/testing/notification-test-aws/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
@@ -73,7 +73,7 @@ public class TestPubsubEndpointHMAC extends PubsubEndpointHMACTests {
    @Override
    public void should_return401_when_noAccessOnCustomerTenant() throws Exception {
        ClientResponse response = descriptor.runOnCustomerTenant(getArg(), getOsduTenantAdminCredentials());
-        assertEquals(error(	response.getEntity(String.class)), 403, response.getStatus());
+        assertEquals(error(	response.getEntity(String.class)), 401, response.getStatus());
    }
    @Test