Commit e2df1d91 authored by Spencer Sutton's avatar Spencer Sutton
Browse files

SSL AWS

commit f84d04a6 
Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> 
Date: Fri Jan 29 2021 17:04:47 GMT-0600 (Central Standard Time) 

    Taking out ssl disabling for unit tests


commit 356199b8 
Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> 
Date: Fri Jan 29 2021 17:03:18 GMT-0600 (Central Standard Time) 

    Merge branch 'dev' of codecommit::us-east-1://default@os-schema into feat/TLS


commit 69af5955 
Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> 
Date: Fri Jan 29 2021 15:48:27 GMT-0600 (Central Standard Time) 

    Trying to disable ssl


commit d74d0ab0 
Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> 
Date: Fri Jan 29 2021 15:27:37 GMT-0600 (Central Standard Time) 

    Still trying to disable ssl on unittests


commit d9e9fe67 
Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> 
Date: Fri Jan 29 2021 15:14:14 GMT-0600 (Central Standard Time) 

    Trying to disable ssl on unit tests


commit a7c23b33 
Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> 
Date: Fri Jan 29 2021 14:37:39 GMT-0600 (Central Standard Time) 

    Trying to disable ssl for unit tests


commit 5c763e5a 
Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> 
Date: Fri Jan 29 2021 14:24:40 GMT-0600 (Central Standard Time) 

    Turning off ssl for unit tests


commit 09bf27b2 
Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> 
Date: Fri Jan 29 2021 14:08:15 GMT-0600 (Central Standard Time) 

    Had wrong paths


commit cd494119 
Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> 
Date: Fri Jan 29 2021 12:54:29 GMT-0600 (Central Standard Time) 

    Adding ssl
parent b03541e7
......@@ -16,7 +16,14 @@
FROM amazoncorretto:8
ARG JAR_FILE=provider/schema-aws/target/*-spring-boot.jar
#Default to using self signed generated TLS cert
ENV USE_SELF_SIGNED_SSL_CERT true
WORKDIR /
COPY ${JAR_FILE} app.jar
COPY /provider/schema-aws/build-aws/ssl.sh /ssl.sh
COPY /provider/schema-aws/build-aws/entrypoint.sh /entrypoint.sh
EXPOSE 8080
ENTRYPOINT java $JAVA_OPTS -jar /app.jar
ENTRYPOINT ["/bin/sh", "-c", ". /entrypoint.sh"]
......@@ -58,7 +58,7 @@ phases:
- echo "Building primary service assemblies..."
- mvn install -N # required for this service to install the parent pom so that the integration tests will find it
- mvn -B test install -pl schema-core,provider/schema-aws -Ddeployment.environment=prod
- mvn -B test install -pl schema-core,provider/schema-aws -Ddeployment.environment=prod
# Suspended until further notice
# - echo "Copying assemblies to dist..."
......
if [ -n $USE_SELF_SIGNED_SSL_CERT ];
then
export SSL_KEY_PASSWORD=$RANDOM$RANDOM$RANDOM;
export SSL_KEY_STORE_PASSWORD=$SSL_KEY_PASSWORD;
export SSL_KEY_STORE_DIR=/tmp/certs;
export SSL_KEY_STORE_NAME=osduonaws.p12;
export SSL_KEY_STORE_PATH=$SSL_KEY_STORE_DIR/$SSL_KEY_STORE_NAME;
export SSL_KEY_ALIAS=osduonaws;
./ssl.sh;
fi
java $JAVA_OPTS -jar /app.jar
\ No newline at end of file
# Copyright © 2021 Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#!/usr/bin/env bash
#Future: Support for using Amazon Cert Manager
# if [ "$1" == "webserver" ] && [ -n $ACM_CERTIFICATE_ARN ];
# then
# aws acm export-certificate --certificate-arn $ACM_CERTIFICATE_ARN --passphrase $(echo -n 'aws123' | openssl base64 -e) | jq -r '"\(.PrivateKey)"' > ${SSL_KEY_PATH}.enc
# openssl rsa -in ${SSL_KEY_PATH}.enc -out $SSL_KEY_PATH -passin pass:aws123
# aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.CertificateChain)"' > $SSL_CERT_PATH
# aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.Certificate)"' >> $SSL_CERT_PATH
# fi
if [ -n $USE_SELF_SIGNED_SSL_CERT ];
then
mkdir -p $SSL_KEY_STORE_DIR
pushd $SSL_KEY_STORE_DIR
keytool -genkeypair -alias $SSL_KEY_ALIAS -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore $SSL_KEY_STORE_NAME -validity 3650 -keypass $SSL_KEY_PASSWORD -storepass $SSL_KEY_PASSWORD -dname "CN=localhost, OU=AWS, O=Energy, L=Houston, ST=TX, C=US"
popd
fi
# Copyright � 2020 Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
server.servlet.context-path=/api/schema-service/v1
logging.level.org.springframework.web=${LOG_LEVEL:INFO}
server.port=${APPLICATION_PORT:8080}
aws.resource.prefix=${ENVIRONMENT}
aws.ssm=${SSM_ENABLED:True}
AUTHORIZE_API=${ENTITLEMENTS_BASE_URL}/api/entitlements/v1
AUTHORIZE_API_KEY=
LOG_PREFIX=schema
# s3 data bucket
aws.s3.endpoint=s3.${AWS_REGION}.amazonaws.com
aws.s3.bucket=${S3_BUCKET:""}
## AWS DynamoDB configuration
# needed for tenantfactory
aws.dynamodb.key=kind
aws.dynamodb.table.prefix=${aws.resource.prefix}-
aws.region=${AWS_REGION}
aws.dynamodb.endpoint=dynamodb.${AWS_REGION}.amazonaws.com
# if this is turned on then the service tries to connect to elastic search
management.health.elasticsearch.enabled=false
# Use this property to name your shared tenant name
shared.tenant.name=common
server.ssl.enabled=false
\ No newline at end of file
# Copyright 2020 Amazon Web Services
# Copyright 2020 Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
......@@ -39,3 +39,10 @@ management.health.elasticsearch.enabled=false
# Use this property to name your shared tenant name
shared.tenant.name=common
server.ssl.enabled=${SSL_ENABLED:true}
server.ssl.key-store-type=PKCS12
server.ssl.key-store=${SSL_KEY_STORE_PATH:/certs/osduonaws.p12}
server.ssl.key-alias=${SSL_KEY_ALIAS:osduonaws}
server.ssl.key-password=${SSL_KEY_PASSWORD:}
server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment