From 35b343072f3e6abdb187359abcd07081ca969b0c Mon Sep 17 00:00:00 2001
From: Abhay Joshi <bios@amazon.com>
Date: Tue, 28 Mar 2023 14:32:47 +0000
Subject: [PATCH] Squashed commit of the following

commit 95502d16
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 08:41:01 GMT-0700 (Pacific Daylight Time)

    removing old ssl stuff


commit 57eba9d2
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 07:30:09 GMT-0700 (Pacific Daylight Time)

    Renaming variable


commit b4f85698
Author: Abhay <bios@amazon.com>
Date: Mon Mar 20 2023 10:48:27 GMT-0700 (Pacific Daylight Time)

    adding changes for rootFilesystem
---
 devops/aws/chart/values.yaml                  |  4 ++-
 provider/register-aws/build-aws/Dockerfile    |  4 +--
 provider/register-aws/build-aws/entrypoint.sh | 11 ------
 provider/register-aws/build-aws/ssl.sh        | 34 -------------------
 4 files changed, 4 insertions(+), 49 deletions(-)
 delete mode 100755 provider/register-aws/build-aws/ssl.sh

diff --git a/devops/aws/chart/values.yaml b/devops/aws/chart/values.yaml
index addca7e69..85f8d7b78 100644
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -36,6 +36,8 @@ environmentVariables:
     value: "xxx"
   - name: SUBSCRIBER_SECRET
     value: "02030405060708090A0B0C0D0E0F"
+  - name: TMP_VOLUME_PATH
+    value: "/tmp"
 
 # Resource Config
 replicaCount: 1
@@ -70,7 +72,7 @@ cors:
 securityContext: 
   runAsUser: 10001
   runAsNonRoot: true
-  readOnlyRootFilesystem: false
+  readOnlyRootFilesystem: true
   allowPrivilegeEscalation: false
   capabilities:
     drop:
diff --git a/provider/register-aws/build-aws/Dockerfile b/provider/register-aws/build-aws/Dockerfile
index d597087c6..cce6b0eed 100644
--- a/provider/register-aws/build-aws/Dockerfile
+++ b/provider/register-aws/build-aws/Dockerfile
@@ -19,12 +19,10 @@ ARG JAR_FILE=provider/register-aws/target/*spring-boot.jar
 # Harcoding this value since Register-core requires this variable. AWS does not use it. Might change in future
 ENV ENVIRONMENT=DEV
 
-#Default to using self signed generated TLS cert
-ENV USE_SELF_SIGNED_SSL_CERT true
+
 
 WORKDIR /
 COPY ${JAR_FILE} app.jar
-COPY /provider/register-aws/build-aws/ssl.sh /ssl.sh
 COPY /provider/register-aws/build-aws/entrypoint.sh /entrypoint.sh
 EXPOSE 8080
 
diff --git a/provider/register-aws/build-aws/entrypoint.sh b/provider/register-aws/build-aws/entrypoint.sh
index 6de22440c..d719372c1 100755
--- a/provider/register-aws/build-aws/entrypoint.sh
+++ b/provider/register-aws/build-aws/entrypoint.sh
@@ -1,15 +1,4 @@
 
 
-if [ -n $USE_SELF_SIGNED_SSL_CERT ];
-then    
-    export SSL_KEY_PASSWORD=$RANDOM$RANDOM$RANDOM;
-    export SSL_KEY_STORE_PASSWORD=$SSL_KEY_PASSWORD;
-    export SSL_KEY_STORE_DIR=/tmp/certs;
-    export SSL_KEY_STORE_NAME=osduonaws.p12;
-    export SSL_KEY_STORE_PATH=$SSL_KEY_STORE_DIR/$SSL_KEY_STORE_NAME;
-    export SSL_KEY_ALIAS=osduonaws;
-    
-    ./ssl.sh;
-fi
 
 java $JAVA_OPTS -jar /app.jar
diff --git a/provider/register-aws/build-aws/ssl.sh b/provider/register-aws/build-aws/ssl.sh
deleted file mode 100755
index 9ede56568..000000000
--- a/provider/register-aws/build-aws/ssl.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright © 2021 Amazon Web Services
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/usr/bin/env bash
-
-#Future: Support for using Amazon Cert Manager
-# if [ "$1" == "webserver" ] && [ -n $ACM_CERTIFICATE_ARN ];
-# then
-
-#   aws acm export-certificate --certificate-arn $ACM_CERTIFICATE_ARN --passphrase $(echo -n 'aws123' | openssl base64 -e) | jq -r '"\(.PrivateKey)"' > ${SSL_KEY_PATH}.enc
-#   openssl rsa -in ${SSL_KEY_PATH}.enc -out $SSL_KEY_PATH -passin pass:aws123
-#   aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.CertificateChain)"' > $SSL_CERT_PATH
-#   aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.Certificate)"' >> $SSL_CERT_PATH
-
-# fi
-
-if [ -n $USE_SELF_SIGNED_SSL_CERT ];
-then
-    mkdir -p $SSL_KEY_STORE_DIR
-    pushd $SSL_KEY_STORE_DIR
-    keytool -genkeypair -alias $SSL_KEY_ALIAS -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore $SSL_KEY_STORE_NAME -validity 3650 -keypass $SSL_KEY_PASSWORD -storepass $SSL_KEY_PASSWORD -dname "CN=localhost, OU=AWS, O=Energy, L=Houston, ST=TX, C=US"
-    popd
-fi
-- 
GitLab