From a7188c4df181121593d9c10c1f293752e7c3024e Mon Sep 17 00:00:00 2001
From: Spencer Sutton <suttonsp@amazon.com>
Date: Thu, 27 May 2021 16:02:40 +0000
Subject: [PATCH] Locking down maven central
commit a62093b5
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Thu May 27 2021 10:15:43 GMT-0500 (Central Daylight Time)
"Excluding springs default security, locking down mvn central"
---
provider/partition-aws/maven/settings.xml | 38 +++++++++----------
.../src/main/resources/application.properties | 4 +-
2 files changed, 22 insertions(+), 20 deletions(-)
diff --git a/provider/partition-aws/maven/settings.xml b/provider/partition-aws/maven/settings.xml
index 3dbde15f4..1bfc43ac9 100644
--- a/provider/partition-aws/maven/settings.xml
+++ b/provider/partition-aws/maven/settings.xml
@@ -1,18 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Copyright © 2020 Amazon Web Services
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.​
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
@@ -63,15 +64,14 @@
</server>
</servers>
- <!-- CodeArtifact doesn't support external repos yet that aren't Maven Central. ETA Q4 2020. -->
- <!-- <mirrors> -->
- <!-- <mirror> -->
- <!-- <id>aws-osdu-dev-maven</id> -->
- <!-- <name>aws-osdu-dev-maven</name> -->
- <!-- <url>https://osdu-dev-888733619319.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url> -->
- <!-- <mirrorOf>*,!gitlab-os-core-common-maven</mirrorOf> -->
- <!-- </mirror> -->
- <!-- </mirrors> -->
+ <mirrors>
+ <mirror>
+ <id>aws-osdu-dev-maven</id>
+ <name>aws-osdu-dev-maven</name>
+ <url>https://osdu-dev-${AWS_ACCOUNT_ID}.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url>
+ <mirrorOf>central,!gitlab-os-core-common-maven,!gitlab-os-core-lib-aws-maven</mirrorOf>
+ </mirror>
+ </mirrors>
<activeProfiles>
<activeProfile>credentialsConfiguration</activeProfile>
diff --git a/provider/partition-aws/src/main/resources/application.properties b/provider/partition-aws/src/main/resources/application.properties
index be8040fa7..6175e3002 100644
--- a/provider/partition-aws/src/main/resources/application.properties
+++ b/provider/partition-aws/src/main/resources/application.properties
@@ -46,4 +46,6 @@ server.ssl.key-store-type=PKCS12
server.ssl.key-store=${SSL_KEY_STORE_PATH:/certs/osduonaws.p12}
server.ssl.key-alias=${SSL_KEY_ALIAS:osduonaws}
server.ssl.key-password=${SSL_KEY_PASSWORD:}
-server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
\ No newline at end of file
+server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
\ No newline at end of file
--
GitLab