Removing resourcePrefix usage

f777045e · Manish Jangid · 954af608 · f777045e · f777045e · f777045e
Commit f777045e authored 1 year ago by Manish Jangid
--- a/devops/aws/chart/templates/serviceparameters.yaml
+++ b/devops/aws/chart/templates/serviceparameters.yaml
+{{- template "common.serviceparameters" (list . "os-schema.serviceparameters") -}}
+{{- define "os-schema.serviceparameters" -}}
+## Define overrides for the service parameters here
+{{- end -}}
\ No newline at end of file
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
 # Service Config
-image: __CONTAINER__
-imagePullPolicy: Always
-service:
-  type: ClusterIP
-  port: 8080
-  apiPath: /api/schema-service/v1/
-  readinessProbeHttpPath: /api/schema-service/v1/actuator/health
-  livenessProbeHttpPath: /api/schema-service/v1/actuator/health
-environmentVariables:
-  - name: APPLICATION_PORT
-    value: "{{ .Values.service.port }}"
-  - name: AWS_REGION
-    value: "{{ .Values.global.region }}"
-  - name: ENVIRONMENT
-    value: "{{ .Values.global.resourcePrefix }}"
-  - name: JAVA_OPTS
-    value: "-Xms538M -Xmx900M"
-  - name: LOG_LEVEL
-    value: "{{ default `INFO` .Values.global.logLevel }}"
-  - name: SSM_ENABLED
-    value: "True"
-  - name: SSL_ENABLED
-    value: "false"
-  - name: ENTITLEMENTS_BASE_URL
-    value: "http://os-entitlements:8080"
-  - name: PARTITION_BASE_URL
-    value: http://os-partition:8080
-  - name: SCHEMA_SERVICE_REPOSITORY_IMPLEMENTATION
-    value: "{{ default `dynamodb` .Values.global.coreDbProvider }}"
-  - name: TMP_VOLUME_PATH
-    value: "/tmp"
-
-# Resource Config
-replicaCount: 1
-resources:
-  limits:
-    memory: 900M
-  requests:
-    cpu: 500m
-    memory: 900M
-autoscaling:
-  enabled: true
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-# Security Config
-serviceAccountRole: arn:aws:iam::{{ .Values.global.accountID }}:role/osdu-{{ .Values.global.resourcePrefix }}-{{ .Values.global.region }}-{{ include "common.name" . }}
-cors:
-  maxAge: "60m"
-  allowCredentials: true
-  allowMethods: 
-    - POST
-    - GET
-    - PUT
-  allowHeaders:
-    - Authorization
-    - Data-Partition-Id
-    - Correlation-Id
-    - Content-Type
-securityContext: 
-  runAsUser: 10001
-  runAsNonRoot: true
-  readOnlyRootFilesystem: true
-  allowPrivilegeEscalation: false
-  capabilities:
-    drop:
-    - ALL
-podSecurityContext: 
-  fsGroup: 1337
-  seccompProfile:
-    type: RuntimeDefault
-
-allowedPrincipals:
-  - cluster.local/ns/istio-system/sa/istio-ingressgateway
-  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-dataset
-  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-indexer
-  - cluster.local/ns/os-timeseries-dms/sa/os-timeseries-dms
-  - cluster.local/ns/aws-binary-dms/sa/binary-dms
-  - cluster.local/ns/osdu-airflow/sa/airflow-dag-upload
-  - cluster.local/ns/osdu-airflow/sa/airflow-worker
-  - cluster.local/ns/osdu-ingest/sa/os-data-workflow
-  - cluster.local/ns/osdu-ingest/sa/os-ingestion-workflow
-  - cluster.local/ns/osdu-seismic-ddms/sa/os-seismic-store
-  - cluster.local/ns/osdu-well-delivery/sa/os-welldelivery
-  - cluster.local/ns/osdu-wellbore-ddms/sa/os-wellbore-ddms
+image: __CONTAINER__
\ No newline at end of file
--- a/provider/schema-aws/pom.xml
+++ b/provider/schema-aws/pom.xml
@@ -80,7 +80,7 @@
        <dependency>
            <groupId>org.opengroup.osdu.core.aws</groupId>
            <artifactId>os-core-lib-aws</artifactId>
-            <version>0.21.0-rc1</version>
+            <version>0.21.0-SNAPSHOT</version>
        </dependency>

        <dependency>

--- a/provider/schema-aws/src/main/java/org/opengroup/osdu/schema/provider/aws/security/AuthorizationServiceForServiceAdminImpl.java
+++ b/provider/schema-aws/src/main/java/org/opengroup/osdu/schema/provider/aws/security/AuthorizationServiceForServiceAdminImpl.java
@@ -15,6 +15,8 @@
 package org.opengroup.osdu.schema.provider.aws.security;

 import org.opengroup.osdu.core.aws.entitlements.RequestKeys;
+import org.opengroup.osdu.core.aws.ssm.K8sLocalParameterProvider;
+import org.opengroup.osdu.core.aws.ssm.K8sParameterNotFoundException;
 import org.opengroup.osdu.core.aws.ssm.SSMUtil;
 import org.opengroup.osdu.core.common.model.http.AppException;
 import org.opengroup.osdu.core.common.model.http.DpsHeaders;
@@ -32,25 +34,14 @@ public class AuthorizationServiceForServiceAdminImpl implements IAuthorizationSe
    @Autowired
    private DpsHeaders headers;

-
-    @Value("${aws.region}")
-    private String awsRegion;
-
-    @Value("${aws.environment}")
-    private String awsEnvironment;
-
    String memberEmail=null;
-    SSMUtil ssmUtil = null;
    String spu_email=null;

    @PostConstruct
-    public void init() {
-        if (ssmUtil == null) {
-            ssmUtil = new SSMUtil("/osdu/" + awsEnvironment + "/");
-        }
+    public void init() throws K8sParameterNotFoundException {
        //get sp email
-        spu_email = ssmUtil.getSsmParameterAsString("service-principal-user");
-
+        K8sLocalParameterProvider provider = new K8sLocalParameterProvider();
+        spu_email = provider.getParameterAsString("SERVICE_PRINCIPAL");
    }

    @Override

--- a/provider/schema-aws/src/main/resources/application-unittest.properties
+++ b/provider/schema-aws/src/main/resources/application-unittest.properties
@@ -15,7 +15,6 @@
 server.servlet.context-path=/api/schema-service/v1
 logging.level.org.springframework.web=${LOG_LEVEL:INFO}
 server.port=${APPLICATION_PORT:8080}
-aws.resource.prefix=${ENVIRONMENT}
 aws.ssm=${SSM_ENABLED:True}
 AUTHORIZE_API=${ENTITLEMENTS_BASE_URL}/api/entitlements/v2
 AUTHORIZE_API_KEY=

--- a/provider/schema-aws/src/main/resources/application.properties
+++ b/provider/schema-aws/src/main/resources/application.properties
@@ -15,7 +15,6 @@
 server.servlet.context-path=/api/schema-service/v1
 logging.level.org.springframework.web=${LOG_LEVEL:INFO}
 server.port=${APPLICATION_PORT:8080}
-aws.resource.prefix=${ENVIRONMENT}

 AUTHORIZE_API=${ENTITLEMENTS_BASE_URL}/api/entitlements/v2
 AUTHORIZE_API_KEY=
@@ -24,25 +23,18 @@ PARTITION_API=${PARTITION_BASE_URL}/api/partition/v1
 LOG_PREFIX=schema

 aws.ssm=${SSM_ENABLED:True}
-aws.parameter.prefix=/osdu/${ENVIRONMENT}
-aws.environment=${ENVIRONMENT}

 ## AWS s3 Configuraiton 

 #Tenant Specific S3 Bucket Configuration
-aws.s3.schemaBucket.ssm.relativePath=${SCHEMA_BUCKET_SSM_RELATIVE_PATH:schema/s3DataBucket}
+aws.s3.schemaBucket.ssm.relativePath=${SCHEMA_BUCKET_SSM_RELATIVE_PATH:services/core/schema/s3DataBucket}

-## AWS DynamoDB configuration
-# needed for tenantfactory
-aws.dynamodb.key=kind
-aws.dynamodb.table.prefix=${aws.resource.prefix}-
 aws.region=${AWS_REGION}
-aws.dynamodb.endpoint=dynamodb.${AWS_REGION}.amazonaws.com

-aws.dynamodb.authorityTable.ssm.relativePath=${AUTHORITY_TABLE_SSM_RELATIVE_PATH:schema/AuthorityTable}
-aws.dynamodb.entityTypeTable.ssm.relativePath=${ENTITY_TYPE_TABLE_SSM_RELATIVE_PATH:schema/EntityTypeTable}
-aws.dynamodb.schemaInfoTable.ssm.relativePath=${SCHEMA_INFO_TABLE_SSM_RELATIVE_PATH:schema/SchemaInfoTable}
-aws.dynamodb.sourceTable.ssm.relativePath=${SOURCE_TABLE_SSM_RELATIVE_PATH:schema/SourceTable}
+aws.dynamodb.authorityTable.ssm.relativePath=${AUTHORITY_TABLE_SSM_RELATIVE_PATH:services/core/schema/AuthorityTable}
+aws.dynamodb.entityTypeTable.ssm.relativePath=${ENTITY_TYPE_TABLE_SSM_RELATIVE_PATH:services/core/schema/EntityTypeTable}
+aws.dynamodb.schemaInfoTable.ssm.relativePath=${SCHEMA_INFO_TABLE_SSM_RELATIVE_PATH:services/core/schema/SchemaInfoTable}
+aws.dynamodb.sourceTable.ssm.relativePath=${SOURCE_TABLE_SSM_RELATIVE_PATH:services/core/schema/SourceTable}

 # if this is turned on then the service tries to connect to elastic search
 management.health.elasticsearch.enabled=false

--- a/testing/schema-test-core/pom.xml
+++ b/testing/schema-test-core/pom.xml
@@ -12,7 +12,7 @@
 	<properties>
 		<os-core-lib-ibm.version>0.15.2</os-core-lib-ibm.version>
 		<os-core-lib-azure.version>0.6.1</os-core-lib-azure.version>
-        <os-core-lib-aws.version>0.13.0</os-core-lib-aws.version>
+        <os-core-lib-aws.version>0.21.0-SNAPSHOT</os-core-lib-aws.version>
 		<maven.compiler.target>1.8</maven.compiler.target>
 		<maven.compiler.source>1.8</maven.compiler.source>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

--- a/testing/schema-test-core/src/test/java/org/opengroup/osdu/schema/util/AwsServicePrincipalUtil.java
+++ b/testing/schema-test-core/src/test/java/org/opengroup/osdu/schema/util/AwsServicePrincipalUtil.java
@@ -28,7 +28,7 @@ import org.opengroup.osdu.core.aws.secrets.SecretsManager;

 public class AwsServicePrincipalUtil {

-    private static final String environment = System.getProperty("RESOURCE_PREFIX", System.getenv("RESOURCE_PREFIX"));
+    private static final String cognitoName = System.getProperty("COGNITO_NAME", System.getenv("COGNITO_NAME"));
    private static final String amazonRegion = System.getProperty("AWS_REGION", System.getenv("AWS_REGION"));

    private static final AWSCredentialsProvider amazonAWSCredentials = IAMConfig.amazonAWSCredentials();
@@ -38,17 +38,17 @@ public class AwsServicePrincipalUtil {
            .build();
    private static final SecretsManager sm = new SecretsManager();

-    private static final String oauth_token_url = "/osdu/" + environment + "/oauth-token-uri";
-    private static final String oauth_custom_scope = "/osdu/" + environment + "/oauth-custom-scope";
-    private static final String client_credentials_client_id = "/osdu/" + environment + "/client-credentials-client-id";
+    private static final String oauth_token_url = "/osdu/cognito/" + cognitoName + "/oauth/token-uri";
+    private static final String oauth_custom_scope = "/osdu/cognito/" + cognitoName + "/oauth/custom-scope";
+    private static final String client_credentials_client_id = "/osdu/cognito/" + cognitoName + "/client/client-credentials/id";
    private static final String client_secret_key = "client_credentials_client_secret";
-    private static final String client_secret_secretName = "/osdu/" + environment + "/client_credentials_secret";
+    private static final String client_secret_secretName = "/osdu/cognito/" + cognitoName + "/client-credentials-secret";
    private static final String client_credentials_clientid = getSsmParameter(client_credentials_client_id);
    private static final String client_credentials_secret = sm.getSecret(client_secret_secretName, amazonRegion, client_secret_key);
    private static final String tokenUrl = getSsmParameter(oauth_token_url);
    private static final String awsOauthCustomScope = getSsmParameter(oauth_custom_scope);

-    private static final ServicePrincipal sp = new ServicePrincipal(amazonRegion, environment, tokenUrl, awsOauthCustomScope);
+    private static final ServicePrincipal sp = new ServicePrincipal(amazonRegion, tokenUrl, awsOauthCustomScope);

    public static String getAccessToken() throws Exception {
        return sp.getServicePrincipalAccessToken(client_credentials_clientid, client_credentials_secret).replace("Bearer ", "");