From b8422d7d9270a4b4f6843a0749c0356542191e4c Mon Sep 17 00:00:00 2001
From: mykhailo_vinnichuk <mykhailo_vinnichuk@epam.com>
Date: Thu, 12 Jan 2023 16:55:22 +0200
Subject: [PATCH] Removed audience property
---
devops/gcp/deploy/README.md | 1 -
devops/gcp/deploy/templates/configmap.yaml | 3 ---
devops/gcp/deploy/values.yaml | 1 -
docs/api/search_openapi.yaml | 1 -
provider/search-gcp/docs/anthos/README.md | 1 -
provider/search-gcp/docs/gcp/README.md | 2 --
provider/search-gcp/pom.xml | 2 +-
.../search-gcp/src/main/resources/application.properties | 1 -
search-core/app.yaml.tmpl | 4 +---
.../osdu/search/config/SearchConfigurationProperties.java | 2 --
testing/integration-tests/readme.md | 1 -
.../src/main/java/org/opengroup/osdu/util/Config.java | 5 -----
.../src/test/java/org/opengroup/osdu/util/JwtTokenUtil.java | 4 ++--
13 files changed, 4 insertions(+), 24 deletions(-)
diff --git a/devops/gcp/deploy/README.md b/devops/gcp/deploy/README.md
index 2a5bd9eb7..d4b7e4721 100644
--- a/devops/gcp/deploy/README.md
+++ b/devops/gcp/deploy/README.md
@@ -40,7 +40,6 @@ You need to set variables in **values.yaml** file using any code editor. Some of
**redisSearchHost** | Redis search host | string | `redis-search-master` | yes
**policyId** | policy id from ex `${POLICY_HOST}/api/policy/v1/policies` | string | `search` | yes
**securityHttpsCertificateTrust** | Elastic client connection uses TrustSelfSignedStrategy(), if it is `true` | bool | `true` | yes
-**googleAudiences** | Client ID of Google Cloud Credentials, ex `123-abc123.apps.googleusercontent.com` | string | - | yes
### Deployment variables
diff --git a/devops/gcp/deploy/templates/configmap.yaml b/devops/gcp/deploy/templates/configmap.yaml
index 4fb73a8c0..278e898c9 100644
--- a/devops/gcp/deploy/templates/configmap.yaml
+++ b/devops/gcp/deploy/templates/configmap.yaml
@@ -16,6 +16,3 @@ data:
POLICY_HOST: {{ .Values.data.policyHost | quote }}
POLICY_ID: {{ .Values.data.policyId | quote }}
INDEXER_BASE_HOST: {{ .Values.data.indexerHost | quote }}
- {{- if not .Values.conf.onPremEnabled }}
- GOOGLE_AUDIENCES: {{ .Values.data.googleAudiences | quote }}
- {{- end }}
diff --git a/devops/gcp/deploy/values.yaml b/devops/gcp/deploy/values.yaml
index eb1f7de3f..4192e1178 100644
--- a/devops/gcp/deploy/values.yaml
+++ b/devops/gcp/deploy/values.yaml
@@ -10,7 +10,6 @@ data:
indexerHost: "http://indexer"
policyId: "osdu.instance.search"
securityHttpsCertificateTrust: "true"
- googleAudiences: ""
# Deployments
requestsCpu: "0.1"
requestsMemory: "448M"
diff --git a/docs/api/search_openapi.yaml b/docs/api/search_openapi.yaml
index 2cfc22204..8287c0c94 100644
--- a/docs/api/search_openapi.yaml
+++ b/docs/api/search_openapi.yaml
@@ -381,7 +381,6 @@ securityDefinitions:
type: "oauth2"
x-google-issuer: "https://accounts.google.com"
x-google-jwks_uri: "https://www.googleapis.com/oauth2/v3/certs"
- x-google-audiences: "245464679631-ktfdfpl147m1mjpbutl00b3cmffissgq.apps.googleusercontent.com,245464679631-u44eh98vq4t2ajc2quc8b0kgojsmd3gp.apps.googleusercontent.com"
scopes: {}
#Security configuration or the portal
Bearer:
diff --git a/provider/search-gcp/docs/anthos/README.md b/provider/search-gcp/docs/anthos/README.md
index 016fdbedd..34b6fe25d 100644
--- a/provider/search-gcp/docs/anthos/README.md
+++ b/provider/search-gcp/docs/anthos/README.md
@@ -28,7 +28,6 @@ Defined in default application property file but possible to override:
| `REDIS_SEARCH_PASSWORD` | ex `127.0.0.1` | Redis search host password | yes | |
| `REDIS_SEARCH_WITH_SSL` | ex `true` or `false` | Redis search host ssl config | no | |
| `REDIS_SEARCH_EXPIRATION` | ex `30` | Redis search cache expiration in seconds | no | |
-| `GOOGLE_AUDIENCES` | ex `*****.apps.googleusercontent.com` | Client ID for getting access to cloud resources | yes | https://console.cloud.google.com/apis/credentials |
| `GOOGLE_APPLICATION_CREDENTIALS` | ex `/path/to/directory/service-key.json` | Service account credentials, you only need this if running locally | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
| `SECURITY_HTTPS_CERTIFICATE_TRUST` | ex `false` | Elastic client connection uses TrustSelfSignedStrategy(), if it is 'true' | false | output of infrastructure deployment |
| `PARTITION_API` | ex `http://localhost:8080/api/partition/v1` | Partition service endpoint | no | output of infrastructure deployment |
diff --git a/provider/search-gcp/docs/gcp/README.md b/provider/search-gcp/docs/gcp/README.md
index 5f2166c98..283dd87c2 100644
--- a/provider/search-gcp/docs/gcp/README.md
+++ b/provider/search-gcp/docs/gcp/README.md
@@ -9,7 +9,6 @@ Must have:
| name | value | description | sensitive? | source |
|----------------------------------------------|---------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------|---------------------------------------------------|
| `SPRING_PROFILES_ACTIVE` | ex `gcp` | Spring profile that activate default configuration for Google Cloud environment | false | - |
-| `GOOGLE_AUDIENCES` | ex `*****.apps.googleusercontent.com` | Client ID for getting access to cloud resources | yes | https://console.cloud.google.com/apis/credentials |
| `<ELASTICSEARCH_USER_ENV_VARIABLE_NAME>` | ex `user` | Elasticsearch user, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service, see [Partition properties set](#Properties-set-in-Partition-service) | yes | - |
| `<ELASTICSEARCH_PASSWORD_ENV_VARIABLE_NAME>` | ex `password` | Elasticsearch password, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service, see [Partition properties set](#Properties-set-in-Partition-service) | false | - |
@@ -124,7 +123,6 @@ You will need to have the following environment variables defined.
| `INDEXER_HOST` | ex `https://os-indexer-dot-opendes.appspot.com/api/indexer/v2/` | Indexer API endpoint | no | output of infrastructure deployment |
| `DATA_GROUP` | `opendes` | The service account to this group and substitute | no | - |
| `ENTITLEMENTS_DOMAIN` | ex `opendes-gcp.projects.com` | OSDU R2 to run tests under | no | - |
-| `INTEGRATION_TEST_AUDIENCE` | `********` | client application ID | yes | https://console.cloud.google.com/apis/credentials || `OTHER_RELEVANT_DATA_COUNTRIES` | ex `US` | a other relevant data countries (for LEGAL_TAG) | no | - |
| `DEFAULT_DATA_PARTITION_ID_TENANT1` | ex `opendes` | HTTP Header 'Data-Partition-ID' | no | - |
| `DEFAULT_DATA_PARTITION_ID_TENANT2` | ex `not-exist` | HTTP Header 'Data-Partition-ID' with not existing tenant | no | - |
| `SEARCH_INTEGRATION_TESTER` | `********` | Service account for API calls. Note: this user must have entitlements configured already | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
diff --git a/provider/search-gcp/pom.xml b/provider/search-gcp/pom.xml
index 5d4248be0..bb902653b 100644
--- a/provider/search-gcp/pom.xml
+++ b/provider/search-gcp/pom.xml
@@ -70,7 +70,7 @@
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-gcp</artifactId>
- <version>0.19.0-rc2</version>
+ <version>0.19.0-rc3</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
diff --git a/provider/search-gcp/src/main/resources/application.properties b/provider/search-gcp/src/main/resources/application.properties
index e74218d6f..02d6fbb89 100644
--- a/provider/search-gcp/src/main/resources/application.properties
+++ b/provider/search-gcp/src/main/resources/application.properties
@@ -44,7 +44,6 @@ service.policy.enabled=true
service.policy.id=${POLICY_ID}
service.policy.endpoint=${POLICY_API}
-GOOGLE_AUDIENCES=apps.googleusercontent.com
ENTITLEMENTS_HOST=http://entitlements
ENTITLEMENTS_PATH=/api/entitlements/v2
diff --git a/search-core/app.yaml.tmpl b/search-core/app.yaml.tmpl
index 89d053fcd..0a7ac7972 100644
--- a/search-core/app.yaml.tmpl
+++ b/search-core/app.yaml.tmpl
@@ -2,7 +2,6 @@
{{$gcloudProject := getenv "GCLOUD_PROJECT" -}}
{{$gcloudRedisHost := getenv "REDIS_SEARCH_HOST" -}}
{{$environment := getenv "ENVIRONMENT" -}}
-{{$googleAudiences := getenv "GOOGLE_AUDIENCES" -}}
{{$ccsDisabled := getenv "SMART_SEARCH_CCS_DISABLED" -}}
service: search
@@ -55,6 +54,5 @@ env_variables:
ELASTIC_DATASTORE_ID: "search-service"
REDIS_SEARCH_HOST: "{{$gcloudRedisHost}}"
ENVIRONMENT: {{$environment}}
- GOOGLE_AUDIENCES: {{$googleAudiences}}
INDEXER_HOST: "https://indexer-dot-{{$gcloudProject}}.appspot.com/api/indexer/v2/"
- SMART_SEARCH_CCS_DISABLED: {{$ccsDisabled}}
\ No newline at end of file
+ SMART_SEARCH_CCS_DISABLED: {{$ccsDisabled}}
diff --git a/search-core/src/main/java/org/opengroup/osdu/search/config/SearchConfigurationProperties.java b/search-core/src/main/java/org/opengroup/osdu/search/config/SearchConfigurationProperties.java
index a0591afff..d3e33bda2 100644
--- a/search-core/src/main/java/org/opengroup/osdu/search/config/SearchConfigurationProperties.java
+++ b/search-core/src/main/java/org/opengroup/osdu/search/config/SearchConfigurationProperties.java
@@ -48,7 +48,6 @@ public class SearchConfigurationProperties {
private String storageRecordsBatchSize;
private String storageSchemaHost;
private String entitlementsHost;
- private String entitlementTargetAudience;
private String indexerQueueHost;
private String redisSearchHost;
private String redisSearchPort = "6379";
@@ -69,7 +68,6 @@ public class SearchConfigurationProperties {
private String gaeVersion;
private String googleCloudProject;
private String googleCloudProjectRegion;
- private String googleAudiences;
public DeploymentEnvironment getDeploymentEnvironment(){
return DeploymentEnvironment.valueOf(deploymentEnvironment);
diff --git a/testing/integration-tests/readme.md b/testing/integration-tests/readme.md
index 4066490e3..101076a9b 100644
--- a/testing/integration-tests/readme.md
+++ b/testing/integration-tests/readme.md
@@ -27,7 +27,6 @@ limitations under the License.
5) Update **DEFAULT_SEARCH_INTEGRATION_TESTER** variable in Config file with base64 encoded value to service account json key
6) Update **DEFAULT_SEARCH_ON_BEHALF_INTEGRATION_TESTER** variable in Config file with base64 encoded value to service account json key (it will be used for slb-on-behalf-header)
7) Have credentials for Elastic Cluster and update **DEFAULT_ELASTIC_HOST**, **DEFAULT_ELASTIC_USER_NAME** and **DEFAULT_ELASTIC_PASSWORD**.
-8) Update **DEFAULT_TARGET_AUDIENCE** with the Google audience
Note:
1) Config (Config.java) file is present in com.slb.util package
diff --git a/testing/integration-tests/search-test-core/src/main/java/org/opengroup/osdu/util/Config.java b/testing/integration-tests/search-test-core/src/main/java/org/opengroup/osdu/util/Config.java
index b5efba566..23f2320db 100644
--- a/testing/integration-tests/search-test-core/src/main/java/org/opengroup/osdu/util/Config.java
+++ b/testing/integration-tests/search-test-core/src/main/java/org/opengroup/osdu/util/Config.java
@@ -16,8 +16,6 @@ public class Config {
private static final String DEFAULT_DATA_PARTITION_ID_TENANT2 = "";
private static final String DEFAULT_SEARCH_INTEGRATION_TESTER = "";
- private static final String DEFAULT_TARGET_AUDIENCE = "";
-
private static final String DEFAULT_LEGAL_TAG = "";
private static final String DEFAULT_OTHER_RELEVANT_DATA_COUNTRIES = "";
@@ -35,9 +33,6 @@ public class Config {
return getEnvironmentVariableOrDefaultValue("LEGAL_TAG", DEFAULT_LEGAL_TAG);
}
- public static String getTargetAudience() {
- return getEnvironmentVariableOrDefaultValue("INTEGRATION_TEST_AUDIENCE", DEFAULT_TARGET_AUDIENCE);
- }
public static String getKeyValue() {
return getEnvironmentVariableOrDefaultValue("SEARCH_INTEGRATION_TESTER", DEFAULT_SEARCH_INTEGRATION_TESTER);
diff --git a/testing/integration-tests/search-test-gcp/src/test/java/org/opengroup/osdu/util/JwtTokenUtil.java b/testing/integration-tests/search-test-gcp/src/test/java/org/opengroup/osdu/util/JwtTokenUtil.java
index 7c13aaae6..b5b1e70e6 100644
--- a/testing/integration-tests/search-test-gcp/src/test/java/org/opengroup/osdu/util/JwtTokenUtil.java
+++ b/testing/integration-tests/search-test-gcp/src/test/java/org/opengroup/osdu/util/JwtTokenUtil.java
@@ -30,6 +30,7 @@ import java.util.List;
class JwtTokenUtil {
private static String accessToken;
+ public static final String DEFAULT_TARGET_AUDIENCE = "osdu";
static String getAccessToken() throws IOException {
@@ -67,7 +68,6 @@ class JwtTokenUtil {
private static String getJwt(String serviceAccountFile) throws IOException {
- String targetAudience = Config.getTargetAudience();
long currentTime = Clock.SYSTEM.currentTimeMillis();
InputStream stream = new ByteArrayInputStream(Base64.getDecoder().decode(serviceAccountFile));
@@ -83,7 +83,7 @@ class JwtTokenUtil {
payload.setExpirationTimeSeconds(currentTime / 1000 + 3600);
payload.setAudience("https://www.googleapis.com/oauth2/v4/token");
payload.setIssuer(credential.getServiceAccountId());
- payload.set("target_audience", targetAudience);
+ payload.set("target_audience", DEFAULT_TARGET_AUDIENCE);
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();
String signedJwt = null;
--
GitLab