Commit 90f9d117 authored by Sutton's avatar Sutton
Browse files

Merge branch 'dev' of codecommit://os-crs-catalog into aws-integration

parents 1fa8febe cab23fc2
Pipeline #27567 failed with stages
in 43 minutes and 45 seconds
......@@ -17,7 +17,14 @@ FROM amazoncorretto:8
ARG JAR_FILE=provider/crs-catalog-aws/target/crs-catalog-aws-*.jar
WORKDIR /
#Default to using self signed generated TLS cert
ENV USE_SELF_SIGNED_SSL_CERT true
COPY ${JAR_FILE} app.jar
COPY /data/crs_catalog_v2.json /data/crs_catalog_v2.json
COPY /provider/crs-catalog-aws/build-aws/ssl.sh /ssl.sh
COPY /provider/crs-catalog-aws/build-aws/entrypoint.sh /entrypoint.sh
EXPOSE 8080
ENTRYPOINT java $JAVA_OPTS -jar /app.jar
ENTRYPOINT ["/bin/sh", "-c", ". /entrypoint.sh"]
......@@ -27,6 +27,8 @@ phases:
runtime-versions:
java: corretto8
commands:
# fix error noted here: https://github.com/yarnpkg/yarn/issues/7866
- curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
- if [ $(echo $CODEBUILD_SOURCE_VERSION | grep -c ^refs/heads.*) -eq 1 ]; then echo "Branch name found"; else echo "This build only supports branch builds" && exit 1; fi
- apt-get update -y
- apt-get install -y maven
......
if [ -n $USE_SELF_SIGNED_SSL_CERT ];
then
export SSL_KEY_PASSWORD=$RANDOM$RANDOM$RANDOM;
export SSL_KEY_STORE_PASSWORD=$SSL_KEY_PASSWORD;
export SSL_KEY_STORE_DIR=/tmp/certs;
export SSL_KEY_STORE_NAME=osduonaws.p12;
export SSL_KEY_STORE_PATH=$SSL_KEY_STORE_DIR/$SSL_KEY_STORE_NAME;
export SSL_KEY_ALIAS=osduonaws;
./ssl.sh;
fi
java $JAVA_OPTS -jar /app.jar
\ No newline at end of file
# Copyright © 2021 Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#!/usr/bin/env bash
#Future: Support for using Amazon Cert Manager
# if [ "$1" == "webserver" ] && [ -n $ACM_CERTIFICATE_ARN ];
# then
# aws acm export-certificate --certificate-arn $ACM_CERTIFICATE_ARN --passphrase $(echo -n 'aws123' | openssl base64 -e) | jq -r '"\(.PrivateKey)"' > ${SSL_KEY_PATH}.enc
# openssl rsa -in ${SSL_KEY_PATH}.enc -out $SSL_KEY_PATH -passin pass:aws123
# aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.CertificateChain)"' > $SSL_CERT_PATH
# aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.Certificate)"' >> $SSL_CERT_PATH
# fi
if [ -n $USE_SELF_SIGNED_SSL_CERT ];
then
mkdir -p $SSL_KEY_STORE_DIR
pushd $SSL_KEY_STORE_DIR
keytool -genkeypair -alias $SSL_KEY_ALIAS -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore $SSL_KEY_STORE_NAME -validity 3650 -keypass $SSL_KEY_PASSWORD -storepass $SSL_KEY_PASSWORD -dname "CN=localhost, OU=AWS, O=Energy, L=Houston, ST=TX, C=US"
popd
fi
......@@ -41,4 +41,11 @@ aws.elasticache.cluster.endpoint=${CACHE_CLUSTER_ENDPOINT}
aws.elasticache.cluster.port=${CACHE_CLUSTER_PORT}
# if this is turned on then the service tries to connect to elastic search
management.health.elasticsearch.enabled=false
\ No newline at end of file
management.health.elasticsearch.enabled=false
server.ssl.enabled=${SSL_ENABLED:true}
server.ssl.key-store-type=PKCS12
server.ssl.key-store=${SSL_KEY_STORE_PATH:/certs/osduonaws.p12}
server.ssl.key-alias=${SSL_KEY_ALIAS:osduonaws}
server.ssl.key-password=${SSL_KEY_PASSWORD:}
server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
\ No newline at end of file
......@@ -18,8 +18,11 @@ import boto3;
import jwt;
def get_id_token():
client = boto3.client('cognito-idp', region_name=os.environ["AWS_REGION"])
region = os.getenv("AWS_COGNITO_REGION")
if region:
client = boto3.client('cognito-idp', region_name=region)
else:
client = boto3.client('cognito-idp', region_name=os.environ["AWS_REGION"])
userAuth = client.initiate_auth(
ClientId= os.environ['AWS_COGNITO_CLIENT_ID'],
# UserPoolId= os.environ['AWS_COGNITO_USER_POOL_ID'],
......@@ -33,4 +36,4 @@ def get_id_token():
def get_invalid_token():
#generate a dummy jwt
return jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256').decode("utf-8")
\ No newline at end of file
return jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256').decode("utf-8")
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment