Commit a781d575 authored by Rucha Deshpande's avatar Rucha Deshpande Committed by Spencer Sutton
Browse files

Read ES credentials from secrets manager

commit 05065157 
Author: Rucha Deshpande <deshruch@amazon.com> 
Date: Thu Jun 03 2021 14:02:49 GMT-0500 (Central Daylight Time) 

    bug fix


commit e10bb09c 
Author: Rucha Deshpande <deshruch@amazon.com> 
Date: Thu Jun 03 2021 13:57:29 GMT-0500 (Central Daylight Time) 

    read ES credentials from Secrets Manager
parent af9d1e87
...@@ -14,6 +14,9 @@ ...@@ -14,6 +14,9 @@
package org.opengroup.osdu.search.provider.aws.persistence; package org.opengroup.osdu.search.provider.aws.persistence;
import lombok.AccessLevel;
import lombok.Getter;
import lombok.Setter;
import org.opengroup.osdu.core.common.model.tenant.TenantInfo; import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
import javax.annotation.PostConstruct; import javax.annotation.PostConstruct;
...@@ -24,6 +27,7 @@ import org.opengroup.osdu.core.common.model.search.ClusterSettings; ...@@ -24,6 +27,7 @@ import org.opengroup.osdu.core.common.model.search.ClusterSettings;
import org.opengroup.osdu.core.common.provider.interfaces.IElasticRepository; import org.opengroup.osdu.core.common.provider.interfaces.IElasticRepository;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.opengroup.osdu.core.aws.secrets.SecretsManager;
@Component @Component
public class ElasticRepositoryImpl implements IElasticRepository { public class ElasticRepositoryImpl implements IElasticRepository {
...@@ -51,27 +55,32 @@ public class ElasticRepositoryImpl implements IElasticRepository { ...@@ -51,27 +55,32 @@ public class ElasticRepositoryImpl implements IElasticRepository {
@Value("${aws.elasticsearch.host}") @Value("${aws.elasticsearch.host}")
String hostParameter; String hostParameter;
@Value("${aws.elasticsearch.username}") @Value("${ aws.elasticsearch.credentials.secret}")
String usernameParameter; String elasticCredentialsSecret;
@Value("${aws.region}")
private String amazonRegion;
@Value("${aws.elasticsearch.password}")
String passwordParameter;
@Value("${aws.ssm}") @Value("${aws.ssm}")
String ssmEnabledString; String ssmEnabledString;
private ParameterStorePropertySource ssm; private ParameterStorePropertySource ssm;
@PostConstruct @PostConstruct
private void postConstruct() { private void postConstruct() {
if( Boolean.parseBoolean(ssmEnabledString)) { if( Boolean.parseBoolean(ssmEnabledString)) {
SSMConfig ssmConfig = new SSMConfig(); SSMConfig ssmConfig = new SSMConfig();
ssm = ssmConfig.amazonSSM(); ssm = ssmConfig.amazonSSM();
host = ssm.getProperty(hostParameter).toString(); host = ssm.getProperty(hostParameter).toString();
port = Integer.parseInt(ssm.getProperty(portParameter).toString()); port = Integer.parseInt(ssm.getProperty(portParameter).toString());
username = ssm.getProperty(usernameParameter).toString();
password = ssm.getProperty(passwordParameter).toString();
} }
SecretsManager sm = new SecretsManager();
username = sm.getSecret(elasticCredentialsSecret,amazonRegion,"username");
password = sm.getSecret(elasticCredentialsSecret,amazonRegion,"password");
//elastic expects username:password format //elastic expects username:password format
usernameAndPassword = String.format("%s:%s", username, password); usernameAndPassword = String.format("%s:%s", username, password);
......
...@@ -14,6 +14,7 @@ ...@@ -14,6 +14,7 @@
package org.opengroup.osdu.search.provider.aws.service; package org.opengroup.osdu.search.provider.aws.service;
import org.opengroup.osdu.core.aws.secrets.SecretsManager;
import org.opengroup.osdu.core.aws.ssm.ParameterStorePropertySource; import org.opengroup.osdu.core.aws.ssm.ParameterStorePropertySource;
import org.opengroup.osdu.core.aws.ssm.SSMConfig; import org.opengroup.osdu.core.aws.ssm.SSMConfig;
import org.opengroup.osdu.core.common.model.search.ClusterSettings; import org.opengroup.osdu.core.common.model.search.ClusterSettings;
...@@ -52,27 +53,31 @@ public class ElasticSettingServiceImpl implements IElasticSettingService { ...@@ -52,27 +53,31 @@ public class ElasticSettingServiceImpl implements IElasticSettingService {
@Value("${aws.elasticsearch.host}") @Value("${aws.elasticsearch.host}")
String hostParameter; String hostParameter;
@Value("${aws.elasticsearch.username}") @Value("${ aws.elasticsearch.credentials.secret}")
String usernameParameter; String elasticCredentialsSecret;
@Value("${aws.elasticsearch.password}") @Value("${aws.region}")
String passwordParameter; private String amazonRegion;
@Value("${aws.ssm}") @Value("${aws.ssm}")
String ssmEnabledString; String ssmEnabledString;
private ParameterStorePropertySource ssm; private ParameterStorePropertySource ssm;
@PostConstruct @PostConstruct
private void postConstruct() { private void postConstruct() {
if( Boolean.parseBoolean(ssmEnabledString)) { if( Boolean.parseBoolean(ssmEnabledString)) {
SSMConfig ssmConfig = new SSMConfig(); SSMConfig ssmConfig = new SSMConfig();
ssm = ssmConfig.amazonSSM(); ssm = ssmConfig.amazonSSM();
host = ssm.getProperty(hostParameter).toString(); host = ssm.getProperty(hostParameter).toString();
port = Integer.parseInt(ssm.getProperty(portParameter).toString()); port = Integer.parseInt(ssm.getProperty(portParameter).toString());
username = ssm.getProperty(usernameParameter).toString();
password = ssm.getProperty(passwordParameter).toString();
} }
SecretsManager sm = new SecretsManager();
username = sm.getSecret(elasticCredentialsSecret,amazonRegion,"username");
password = sm.getSecret(elasticCredentialsSecret,amazonRegion,"password");
//elastic expects username:password format //elastic expects username:password format
usernameAndPassword = String.format("%s:%s", username, password); usernameAndPassword = String.format("%s:%s", username, password);
......
...@@ -56,8 +56,7 @@ aws.ssm.prefix=/osdu/${ENVIRONMENT} ...@@ -56,8 +56,7 @@ aws.ssm.prefix=/osdu/${ENVIRONMENT}
aws.elasticsearch.host=${aws.ssm.prefix}/elasticsearch/end-point aws.elasticsearch.host=${aws.ssm.prefix}/elasticsearch/end-point
aws.elasticsearch.port=${aws.ssm.prefix}/elasticsearch/end-point-port aws.elasticsearch.port=${aws.ssm.prefix}/elasticsearch/end-point-port
aws.elasticsearch.username=${aws.ssm.prefix}/elasticsearch/username aws.elasticsearch.credentials.secret=${aws.ssm.prefix}/elasticsearch/credentials
aws.elasticsearch.password=${aws.ssm.prefix}/elasticsearch/password
server.ssl.enabled=${SSL_ENABLED:true} server.ssl.enabled=${SSL_ENABLED:true}
server.ssl.key-store-type=PKCS12 server.ssl.key-store-type=PKCS12
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment