From fe568723fe9ff651c8422cb9ad4c7950c3013cff Mon Sep 17 00:00:00 2001
From: Abhay Joshi <bios@amazon.com>
Date: Tue, 28 Mar 2023 14:33:15 +0000
Subject: [PATCH] Squashed commit of the following

commit e3f55234
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 08:40:34 GMT-0700 (Pacific Daylight Time)

    removing old ssl stuff

commit 8c4a5f54
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 07:29:36 GMT-0700 (Pacific Daylight Time)

    Renaming variable

commit b50cd3bb
Author: Abhay <bios@amazon.com>
Date: Mon Mar 20 2023 10:46:47 GMT-0700 (Pacific Daylight Time)

    adding changes for rootFilesystem

(cherry picked from commit 187b77ab285da2f1ab8bec296ba1d6511be4d24a)
---
 devops/aws/chart/values.yaml                  |  4 ++-
 .../notification-aws/build-aws/Dockerfile     |  3 --
 .../notification-aws/build-aws/entrypoint.sh  | 11 ------
 provider/notification-aws/build-aws/ssl.sh    | 34 -------------------
 4 files changed, 3 insertions(+), 49 deletions(-)
 delete mode 100755 provider/notification-aws/build-aws/ssl.sh

diff --git a/devops/aws/chart/values.yaml b/devops/aws/chart/values.yaml
index a8b091f4a..71ead1bdb 100644
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -27,6 +27,8 @@ environmentVariables:
     value: "http://os-entitlements:8080"
   - name: REGISTER_BASE_URL
     value: http://os-register:8080
+  - name: TMP_VOLUME_PATH
+    value: "/tmp"
 
 # Resource Config
 replicaCount: 1
@@ -62,7 +64,7 @@ cors:
 securityContext: 
   runAsUser: 10001
   runAsNonRoot: true
-  readOnlyRootFilesystem: false
+  readOnlyRootFilesystem: true
   allowPrivilegeEscalation: false
   capabilities:
     drop:
diff --git a/provider/notification-aws/build-aws/Dockerfile b/provider/notification-aws/build-aws/Dockerfile
index bacdf23dc..07b035a53 100644
--- a/provider/notification-aws/build-aws/Dockerfile
+++ b/provider/notification-aws/build-aws/Dockerfile
@@ -19,12 +19,9 @@ ARG JAR_FILE=provider/notification-aws/target/*spring-boot.jar
 # Harcoding this value since Notification-core requires this variable. AWS does not use it. Might change in future
 ENV ENVIRONMENT=DEV
 
-#Default to using self signed generated TLS cert
-ENV USE_SELF_SIGNED_SSL_CERT true
 
 WORKDIR /
 COPY ${JAR_FILE} app.jar
-COPY /provider/notification-aws/build-aws/ssl.sh /ssl.sh
 COPY /provider/notification-aws/build-aws/entrypoint.sh /entrypoint.sh
 EXPOSE 8080
 
diff --git a/provider/notification-aws/build-aws/entrypoint.sh b/provider/notification-aws/build-aws/entrypoint.sh
index 9bd3ec69d..412f71afd 100755
--- a/provider/notification-aws/build-aws/entrypoint.sh
+++ b/provider/notification-aws/build-aws/entrypoint.sh
@@ -1,15 +1,4 @@
 
 
-if [ -n $USE_SELF_SIGNED_SSL_CERT ];
-then    
-    export SSL_KEY_PASSWORD=$RANDOM$RANDOM$RANDOM;
-    export SSL_KEY_STORE_PASSWORD=$SSL_KEY_PASSWORD;
-    export SSL_KEY_STORE_DIR=/tmp/certs;
-    export SSL_KEY_STORE_NAME=osduonaws.p12;
-    export SSL_KEY_STORE_PATH=$SSL_KEY_STORE_DIR/$SSL_KEY_STORE_NAME;
-    export SSL_KEY_ALIAS=osduonaws;
-    
-    ./ssl.sh;
-fi
 
 java $JAVA_OPTS -jar /app.jar
\ No newline at end of file
diff --git a/provider/notification-aws/build-aws/ssl.sh b/provider/notification-aws/build-aws/ssl.sh
deleted file mode 100755
index 9ede56568..000000000
--- a/provider/notification-aws/build-aws/ssl.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright © 2021 Amazon Web Services
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/usr/bin/env bash
-
-#Future: Support for using Amazon Cert Manager
-# if [ "$1" == "webserver" ] && [ -n $ACM_CERTIFICATE_ARN ];
-# then
-
-#   aws acm export-certificate --certificate-arn $ACM_CERTIFICATE_ARN --passphrase $(echo -n 'aws123' | openssl base64 -e) | jq -r '"\(.PrivateKey)"' > ${SSL_KEY_PATH}.enc
-#   openssl rsa -in ${SSL_KEY_PATH}.enc -out $SSL_KEY_PATH -passin pass:aws123
-#   aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.CertificateChain)"' > $SSL_CERT_PATH
-#   aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.Certificate)"' >> $SSL_CERT_PATH
-
-# fi
-
-if [ -n $USE_SELF_SIGNED_SSL_CERT ];
-then
-    mkdir -p $SSL_KEY_STORE_DIR
-    pushd $SSL_KEY_STORE_DIR
-    keytool -genkeypair -alias $SSL_KEY_ALIAS -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore $SSL_KEY_STORE_NAME -validity 3650 -keypass $SSL_KEY_PASSWORD -storepass $SSL_KEY_PASSWORD -dname "CN=localhost, OU=AWS, O=Energy, L=Houston, ST=TX, C=US"
-    popd
-fi
-- 
GitLab