Commit 897cb98f authored by harshit aggarwal's avatar harshit aggarwal
Browse files

config changes

parent 5e61323a
Pipeline #14360 failed with stage
in 2 minutes and 32 seconds
......@@ -6,7 +6,6 @@ variables:
IBM_BUILD_SUBDIR: provider/register-ibm
IBM_INT_TEST_SUBDIR: testing/register-test-ibm
include:
- project: "osdu/platform/ci-cd-pipelines"
file: "standard-setup.yml"
......
......@@ -52,12 +52,12 @@ spec:
env:
- name: spring_application_name
value: register
- name: LOG_PREFIX
value: "register"
- name: server.servlet.contextPath
value: /api/register/v1/
- name: server_port
- name: server.port
value: "80"
- name: ACCEPT_HTTP # TEMPORARY UNTIL HTTPS
value: "true"
- name: KEYVAULT_URI
valueFrom:
configMapKeyRef:
......@@ -92,7 +92,7 @@ spec:
value: osdu-db
- name: ENTITLEMENTS_API
value: http://entitlements-azure/entitlements/v1
- name: entitlements_service_api_key
value: "OBSOLETE"
- name: azure_istioauth_enabled
value: "true"
\ No newline at end of file
- name: RECORDS_CHANGE_PUBSUB_ENDPOINT
value: https://haaggarw-eventgrid-viewer.azurewebsites.net/api/updates
- name: SUBSCRIBER_SECRET
value: "395f1b05e95171d7c0dde0b19fd6cf"
......@@ -16,6 +16,6 @@ global:
replicaCount: 1
image:
repository: community.opengroup.org:5555/osdu/platform/system/storage
repository: community.opengroup.org:5555/osdu/platform/system/register
branch: master
tag: latest
\ No newline at end of file
tag: latest
......@@ -14,23 +14,14 @@
package org.opengroup.osdu.register.provider.azure.di;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.keys.cryptography.CryptographyClient;
import com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.credentials.ApplicationTokenCredentials;
import com.microsoft.azure.credentials.AzureTokenCredentials;
import com.microsoft.azure.management.eventgrid.v2019_01_01.implementation.EventGridManager;
import com.microsoft.rest.LogLevel;
import lombok.Getter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.inject.Named;
import java.util.HashMap;
@Configuration
@Getter
......@@ -41,9 +32,6 @@ public class AzureBootstrapConfig {
@Value("${azure.cosmosdb.database}")
private String cosmosDBName;
@Value("${azure.cryptoKey.identifier}")
private String keyIdentifier;
@Value("${azure.clientId}")
private String azureClientId;
......@@ -53,11 +41,8 @@ public class AzureBootstrapConfig {
@Value("${azure.tenantId}")
private String azureTenantId;
@Value("${azure.subscriptionId}")
private String azureSubscriptionId;
@Value("${azure.resourceGroupName}")
private String resourceGroupName;
@Value("${azure.appResourceId}")
private String AzureAppResourceId;
@Bean
@Named("KEY_VAULT_URL")
......@@ -74,41 +59,13 @@ public class AzureBootstrapConfig {
@Bean
@Named("COSMOS_ENDPOINT")
public String cosmosEndpoint(SecretClient kv) {
return getKeyVaultSecret(kv, "cosmos-endpoint");
return getKeyVaultSecret(kv, "opendes-cosmos-endpoint");
}
@Bean
@Named("COSMOS_KEY")
public String cosmosKey(SecretClient kv) {
return getKeyVaultSecret(kv, "cosmos-primary-key");
}
@Bean
public CryptographyClient getCryptographyClient() {
return new CryptographyClientBuilder()
.keyIdentifier(keyIdentifier)
.credential(new DefaultAzureCredentialBuilder().build())
.buildClient();
}
@Bean
public EventGridManager eventGridManager() {
AzureTokenCredentials azureTokenCredentials = getAzureTokenCredentials();
return EventGridManager
.configure()
.withLogLevel(LogLevel.BASIC)
.authenticate(azureTokenCredentials, azureTokenCredentials.defaultSubscriptionId());
}
private AzureTokenCredentials getAzureTokenCredentials() {
AzureEnvironment azureEnvironment = new AzureEnvironment(new HashMap<>());
azureEnvironment.endpoints().putAll(AzureEnvironment.AZURE.endpoints());
return new ApplicationTokenCredentials(
azureClientId,
azureTenantId,
azureClientSecret,
azureEnvironment).withDefaultSubscriptionId(azureSubscriptionId);
return getKeyVaultSecret(kv, "opendes-cosmos-primary-key");
}
String getKeyVaultSecret(SecretClient kv, String secretName) {
......@@ -125,4 +82,5 @@ public class AzureBootstrapConfig {
return secretValue;
}
}
\ No newline at end of file
// Copyright © Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.register.provider.azure.security;
import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.inject.Inject;
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class AADSecurityConfig extends WebSecurityConfigurerAdapter {
@Inject
private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and()
.authorizeRequests()
.antMatchers("/", "/index.html",
"/v2/api-docs",
"/configuration/ui",
"/swagger-resources/**",
"/configuration/security",
"/swagger",
"/swagger-ui.html",
"/webjars/**").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(appRoleAuthFilter, UsernamePasswordAuthenticationFilter.class);
}
}
\ No newline at end of file
// Copyright © Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.register.provider.azure.security;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class AzureIstioSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable()
.csrf().disable(); //AuthN is disabled. AuthN is handled by sidecar proxy
}
}
......@@ -19,22 +19,16 @@ server.servlet.contextPath=/api/register/v1
service.domain.name=${service_domain_name}
# Azure AD configuration
azure.activedirectory.client-id=${aad_client_id}
azure.activedirectory.AppIdUri=api://${azure.activedirectory.client-id}
azure.activedirectory.session-stateless=true
azure.clientId=${AZURE_CLIENT_ID}
azure.clientSecret=${AZURE_CLIENT_SECRET}
azure.tenantId=${AZURE_TENANT_ID}
azure.subscriptionId=${AZURE_SUBSCRIPTION_ID}
azure.resourceGroupName=${AZURE_RESOURCE_GROUP_NAME}
azure.appResourceId=${aad_client_id}
# Azure CosmosDB configuration
azure.cosmosdb.database=${cosmosdb_database}
# Azure KeyVault configuration
azure.keyvault.url=${KEYVAULT_URI}
azure.cryptoKey.identifier=${KEY_IDENTIFIER}
# Azure App Insights configuration
azure.application-insights.instrumentation-key=${appinsights_key}
......@@ -46,7 +40,6 @@ spring.application.name=register-azure
registerAction.container.name=RegisterAction
registerDdms.container.name=RegisterDdms
registerSubscription.container.name=RegisterSubscription
tenantInfo.container.name=TenantInfo
#logging configuration
logging.transaction.enabled=true
......@@ -58,4 +51,4 @@ CRON_JOB_EXPECTED_IP=0:0:0:0:0:0:0:1
SUBSCRIBER_PRIVATE_KEY_ID=
ENVIRONMENT=LOCAL
management.health.defaults.enabled=false
management.health.defaults.enabled=false
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment