Removed audience property

072226a3 · Dmitrii Novikov (EPAM) · Riabokon Stanislav(EPAM)[GCP] · 0c418a01 · 072226a3 · 072226a3
Commit 072226a3 authored 2 years ago by Dmitrii Novikov (EPAM) Committed by Riabokon Stanislav(EPAM)[GCP] 2 years ago
--- a/NOTICE
+++ b/NOTICE
@@ -319,7 +319,7 @@ The following software have components provided under the terms of this license:
 - Apache Log4j JUL Adapter (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul)
 - Apache Log4j SLF4J Binding (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl)
 - Apache Log4j to SLF4J Adapter (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-to-slf4j)
- AssertJ fluent assertions (from ${project.parent.url}#${project.artifactId}, https://repo1.maven.org/maven2/org/assertj/assertj-core)
+- AssertJ Core (from ${project.organization.url}#${project.artifactId})
 - Asynchronous Http Client (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client)
 - Asynchronous Http Client Netty Utils (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client-netty-utils)
 - AutoValue Annotations (from https://github.com/google/auto/tree/master/value, https://repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations)
@@ -558,8 +558,8 @@ The following software have components provided under the terms of this license:
 - proto-google-cloud-iamcredentials-v1 (from https://github.com/googleapis/google-cloud-java, https://github.com/googleapis/java-iamcredentials/proto-google-cloud-iamcredentials-v1, https://repo1.maven.org/maven2/com/google/api/grpc/proto-google-cloud-iamcredentials-v1)
 - proto-google-cloud-logging-v2 (from https://github.com/googleapis/java-logging/proto-google-cloud-logging-v2, https://repo1.maven.org/maven2/com/google/api/grpc/proto-google-cloud-logging-v2)
 - proto-google-cloud-pubsub-v1 (from https://github.com/googleapis/googleapis, https://github.com/googleapis/java-pubsub/proto-google-cloud-pubsub-v1)
- proto-google-common-protos (from https://github.com/googleapis/api-client-staging, https://github.com/googleapis/googleapis, https://github.com/googleapis/java-iam/proto-google-common-protos)
- proto-google-iam-v1 (from https://github.com/googleapis/googleapis, https://github.com/googleapis/java-iam/proto-google-iam-v1)
+- proto-google-common-protos (from https://github.com/googleapis/api-client-staging, https://github.com/googleapis/gapic-generator-java, https://github.com/googleapis/googleapis, https://github.com/googleapis/java-iam/proto-google-common-protos)
+- proto-google-iam-v1 (from https://github.com/googleapis/gapic-generator-java, https://github.com/googleapis/googleapis, https://github.com/googleapis/java-iam/proto-google-iam-v1)
 - resilience4j (from https://github.com/resilience4j/resilience4j, https://resilience4j.readme.io, ttps://resilience4j.readme.io)
 - spring-security-crypto (from http://spring.io/spring-security, https://spring.io/projects/spring-security, https://spring.io/spring-security)
 - spring-security-oauth2-client (from http://spring.io/spring-security, https://spring.io/projects/spring-security, https://spring.io/spring-security)
@@ -583,7 +583,7 @@ BSD-2-Clause
 ========================================================================
 The following software have components provided under the terms of this license:

- API Common (from https://github.com/googleapis, https://github.com/googleapis/api-common-java)
+- API Common (from https://github.com/googleapis, https://github.com/googleapis/api-common-java, https://repo1.maven.org/maven2/com/google/api/api-common)
 - GAX (Google Api eXtensions) for Java (Core) (from https://repo1.maven.org/maven2/com/google/api/gax)
 - GAX (Google Api eXtensions) for Java (HTTP JSON) (from https://repo1.maven.org/maven2/com/google/api/gax-httpjson)
 - GAX (Google Api eXtensions) for Java (gRPC) (from https://repo1.maven.org/maven2/com/google/api/gax-grpc)
@@ -600,7 +600,7 @@ BSD-3-Clause
 ========================================================================
 The following software have components provided under the terms of this license:

- API Common (from https://github.com/googleapis, https://github.com/googleapis/api-common-java)
+- API Common (from https://github.com/googleapis, https://github.com/googleapis/api-common-java, https://repo1.maven.org/maven2/com/google/api/api-common)
 - ASM Core (from http://asm.ow2.io/, http://asm.ow2.org/)
 - AspectJ Weaver (from http://www.aspectj.org, https://www.eclipse.org/aspectj/)
 - GAX (Google Api eXtensions) for Java (Core) (from https://repo1.maven.org/maven2/com/google/api/gax)

--- a/devops/gcp/deploy/README.md
+++ b/devops/gcp/deploy/README.md
@@ -40,7 +40,6 @@ First you need to set variables in **values.yaml** file using any code editor. S
 **legalHost** | Legal service host address | string | `http://legal` | yes
 **redisGroupHost** | Redis host for groups | string | `redis-group-master` | yes
 **redisStorageHost** | Redis host for storage | string | `redis-storage-master` | yes
-**googleAudiences** | Client ID of Google Cloud Credentials, ex `123-abc123.apps.googleusercontent.com` | string | - | yes
 **opaEndpoint** | OPA host address | string | `http://opa` | yes
 **storageHost** | Storage service host address | string | `http://storage` | only if `conf.bootstrapEnabled` is true
 **defaultLegalTag** | Name of the previously created legal tag (without partition part) | string | `default-data-tag` | only if `conf.bootstrapEnabled` is true

--- a/devops/gcp/deploy/templates/configmap.yaml
+++ b/devops/gcp/deploy/templates/configmap.yaml
@@ -17,6 +17,3 @@ data:
  STORAGE_SERVICE_ACCOUNT_EMAIL: {{ .Values.data.storageServiceAccountEmail | quote }}
  SPRING_PROFILES_ACTIVE: {{ .Values.data.springProfilesActive | quote }}
  OPA_ENDPOINT: {{ .Values.data.opaEndpoint | quote }}
-  {{- if not .Values.conf.onPremEnabled }}
-  GOOGLE_AUDIENCES: {{ .Values.data.googleAudiences | quote }}
-  {{- end }}
--- a/devops/gcp/deploy/values.yaml
+++ b/devops/gcp/deploy/values.yaml
@@ -14,7 +14,6 @@ data:
  legalHost: "http://legal"
  redisGroupHost: "redis-group-master"
  redisStorageHost: "redis-storage-master"
-  googleAudiences: ""
  opaEndpoint: "http://opa"
  storageHost: "http://storage"
  defaultLegalTag: "default-data-tag"

--- a/provider/storage-gcp/docs/gcp/README.md
+++ b/provider/storage-gcp/docs/gcp/README.md
@@ -17,7 +17,6 @@ Must have:

 | name | value | description | sensitive? | source |
 | ---  | ---   | ---         | ---        | ---    |
-| `GOOGLE_AUDIENCES` | ex `*****.apps.googleusercontent.com` | Client ID for getting access to cloud resources | yes | https://console.cloud.google.com/apis/credentials |
 | `SPRING_PROFILES_ACTIVE` | ex `gcp` | Spring profile that activate default configuration for Google Cloud environment | false | - |
 | `STORAGE_SERVICE_ACCOUNT_EMAIL` | `workload-storage-gcp@nice-etching-277309.iam.gserviceaccount.com` |  Storage service account email, used during OQM events processing |no| - |

@@ -123,7 +122,6 @@ You will need to have the following environment variables defined.

 | name | value | description | sensitive? | source |
 | ---  | ---   | ---         | ---        | ---    |
-| `INTEGRATION_TEST_AUDIENCE` | `*****.apps.googleusercontent.com` | client application ID | yes | https://console.cloud.google.com/apis/credentials |
 | `DEPLOY_ENV` | `empty` | Required but not used, should be set up with string "empty"| no | - |
 | `DOMAIN` | ex`opendes-gcp.projects.com` | OSDU R2 to run tests under | no | - |
 | `INTEGRATION_TESTER` | `********` | Service account base64 encoded string for API calls. Note: this user must have entitlements configured already | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |

--- a/provider/storage-gcp/pom.xml
+++ b/provider/storage-gcp/pom.xml
@@ -101,7 +101,7 @@
        <dependency>
            <groupId>org.opengroup.osdu</groupId>
            <artifactId>core-lib-gcp</artifactId>
-            <version>0.19.0-rc2</version>
+            <version>0.19.0-rc3</version>
        </dependency>

        <dependency>

--- a/provider/storage-gcp/src/main/resources/application-gcp.properties
+++ b/provider/storage-gcp/src/main/resources/application-gcp.properties
@@ -3,5 +3,3 @@ obmDriver=gcs
 oqmDriver=pubsub
 service.token.provider=GCP
 partition-auth-enabled=true
-osdu.gcp.storage.gcs.googleAudiences=${GOOGLE_AUDIENCES}
-GOOGLE_AUDIENCES=
\ No newline at end of file
--- a/provider/storage-gcp/src/main/resources/application-local.properties
+++ b/provider/storage-gcp/src/main/resources/application-local.properties
 STORAGE_HOSTNAME=os-storage-dot-opendes.appspot.com
-GOOGLE_AUDIENCES=245464679631-ktfdfpl147m1mjpbutl00b3cmffissgq.apps.googleusercontent.com

 REDIS_GROUP_HOST=127.0.0.1
 REDIS_STORAGE_HOST=127.0.0.1

--- a/testing/storage-test-gcp/src/test/java/org/opengroup/osdu/storage/util/GCPTestUtils.java
+++ b/testing/storage-test-gcp/src/test/java/org/opengroup/osdu/storage/util/GCPTestUtils.java
@@ -22,12 +22,7 @@ public class GCPTestUtils extends TestUtils{
 	public synchronized String getToken() throws Exception {
 		if (Strings.isNullOrEmpty(token)) {
 			String serviceAccountFile = System.getProperty("INTEGRATION_TESTER", System.getenv("INTEGRATION_TESTER"));
-			String audience = System.getProperty("INTEGRATION_TEST_AUDIENCE",
-					System.getenv("INTEGRATION_TEST_AUDIENCE"));
-			if (Strings.isNullOrEmpty(audience)) {
-				audience = "245464679631-ktfdfpl147m1mjpbutl00b3cmffissgq.apps.googleusercontent.com";
-			}
-			token = new GoogleServiceAccount(serviceAccountFile).getAuthToken(audience);
+			token = new GoogleServiceAccount(serviceAccountFile).getAuthToken();
 		}
 		return "Bearer " + token;
 	}
@@ -37,12 +32,7 @@ public class GCPTestUtils extends TestUtils{
 		if (Strings.isNullOrEmpty(noDataAccesstoken)) {
 			String serviceAccountFile = System.getProperty("NO_DATA_ACCESS_TESTER",
 					System.getenv("NO_DATA_ACCESS_TESTER"));
-			String audience = System.getProperty("INTEGRATION_TEST_AUDIENCE",
-					System.getenv("INTEGRATION_TEST_AUDIENCE"));
-			if (Strings.isNullOrEmpty(audience)) {
-				audience = "245464679631-ktfdfpl147m1mjpbutl00b3cmffissgq.apps.googleusercontent.com";
-			}
-			noDataAccesstoken = new GoogleServiceAccount(serviceAccountFile).getAuthToken(audience);
+			noDataAccesstoken = new GoogleServiceAccount(serviceAccountFile).getAuthToken();
 		}
 		return "Bearer " + noDataAccesstoken;
 	}

--- a/testing/storage-test-gcp/src/test/java/org/opengroup/osdu/storage/util/GoogleServiceAccount.java
+++ b/testing/storage-test-gcp/src/test/java/org/opengroup/osdu/storage/util/GoogleServiceAccount.java
@@ -40,6 +40,9 @@ import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;

 class GoogleServiceAccount {
+
+	private static final String DEFAULT_TARGET_AUDIENCE = "osdu";
+
 	public GoogleServiceAccount(String serviceAccountEncoded) throws IOException {
 		this(Base64.getDecoder().decode(serviceAccountEncoded));
 	}
@@ -57,7 +60,7 @@ class GoogleServiceAccount {
 		return this.serviceAccount.getClientEmail();
 	}

-	public String getAuthToken(String audience) throws IOException {
+	public String getAuthToken() throws IOException {
 		JwtBuilder jwtBuilder = Jwts.builder();

 		Map<String, Object> header = new HashMap<>();
@@ -66,7 +69,7 @@ class GoogleServiceAccount {
 		jwtBuilder.setHeader(header);

 		Map<String, Object> claims = new HashMap<>();
-		claims.put("target_audience", audience);
+		claims.put("target_audience", DEFAULT_TARGET_AUDIENCE);
 		claims.put("exp", System.currentTimeMillis() / 1000 + 3600);
 		claims.put("iat", System.currentTimeMillis() / 1000);
 		claims.put("iss", this.getEmail());
@@ -92,4 +95,4 @@ class GoogleServiceAccount {
 		JsonObject content = new JsonParser().parse(responseEntity).getAsJsonObject();
 		return content.get("id_token").getAsString();
 	}
-}
\ No newline at end of file
+}