diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 89565df..616039b 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -2,7 +2,9 @@ name: CI / CD on: push: - branches: [ "develop" ] + branches: [ "master", "develop" ] + pull_request: + branches: [ "master", "develop" ] jobs: ci-cd: @@ -10,6 +12,12 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Prepare secure key manager certKey file + run: + echo ${{ secrets.SECURE_KEY_MANAGER_CERT_KEY }} > t3team-skm-cert.txt + mkdir src/main/resources/key + base64 -d t3team-skm-cert.txt > src/main/resources/key/t3team-skm-cert.p12 + - name: Set up JDK 11 uses: actions/setup-java@v3 with: @@ -18,7 +26,7 @@ jobs: cache: maven - name: build - run: mvn package + run: ${{ secrets.MAVEN_OPTION_PACKAGES }} - name : sonar qube run: mvn sonar:sonar -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} -Dsonar.login=${{ secrets.SONAR_LOGIN_TOKEN }} @@ -42,4 +50,4 @@ jobs: key: ${{ secrets.SSH_KEY }} port: ${{ secrets.SSH_PORT }} script_stop: true - script: "kill $(lsof -i:8080 -t) & nohup java -jar ~/target/*.jar > ~/nohup.log 2>&1 &" + script: "kill $(lsof -i:9090 -t) & nohup java -jar ~/target/*.jar > ~/nohup.log 2>&1 &" diff --git a/src/main/java/com/t3t/apigateway/common/JwtUtils.java b/src/main/java/com/t3t/apigateway/common/JwtUtils.java index f906485..998ed08 100644 --- a/src/main/java/com/t3t/apigateway/common/JwtUtils.java +++ b/src/main/java/com/t3t/apigateway/common/JwtUtils.java @@ -2,20 +2,20 @@ import com.t3t.apigateway.exception.TokenNotAuthenticatedExceptions; import com.t3t.apigateway.exception.TokenNotConsistedProperly; +import com.t3t.apigateway.keymanager.properties.SecretKeyProperties; +import com.t3t.apigateway.keymanager.service.SecretKeyManagerService; import io.jsonwebtoken.ExpiredJwtException; import io.jsonwebtoken.JwtException; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.security.Keys; import io.jsonwebtoken.security.SignatureException; -import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; +import java.security.Key; import java.time.Duration; import java.time.LocalDateTime; import java.time.ZoneId; import java.util.Base64; - -import java.security.Key; import java.util.Date; /** @@ -26,7 +26,8 @@ public class JwtUtils { private Key key; - public JwtUtils(@Value("${t3t.secret.key}") String secret) { + public JwtUtils(SecretKeyManagerService secretKeyManagerService, SecretKeyProperties secretKeyProperties) { + String secret = secretKeyManagerService.getSecretValue(secretKeyProperties.getJwtSecretKeyId()); byte[] byteSecretKey = Base64.getDecoder().decode(secret); key = Keys.hmacShaKeyFor(byteSecretKey); } diff --git a/src/main/java/com/t3t/apigateway/config/RedisConfig.java b/src/main/java/com/t3t/apigateway/config/RedisConfig.java index 4383ecd..23fbb50 100644 --- a/src/main/java/com/t3t/apigateway/config/RedisConfig.java +++ b/src/main/java/com/t3t/apigateway/config/RedisConfig.java @@ -1,8 +1,11 @@ package com.t3t.apigateway.config; -import org.springframework.beans.factory.annotation.Value; +import com.t3t.apigateway.keymanager.properties.SecretKeyProperties; +import com.t3t.apigateway.keymanager.service.SecretKeyManagerService; +import com.t3t.apigateway.property.RedisProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.env.Environment; import org.springframework.data.redis.connection.RedisConnectionFactory; import org.springframework.data.redis.connection.RedisStandaloneConfiguration; import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; @@ -13,32 +16,35 @@ @Configuration @EnableRedisRepositories public class RedisConfig { - @Value("${spring.redis.host}") - private String host; - - @Value("${spring.redis.port}") - private int port; + @Bean + public RedisProperties redisProperties(SecretKeyManagerService secretKeyManagerService, + SecretKeyProperties secretKeyProperties, + Environment environment){ - @Value("${spring.redis.database}") - private int database; + String activeProfile = environment.getActiveProfiles()[0]; - @Value("${spring.redis.password}") - private String password; + return RedisProperties.builder() + .host(secretKeyManagerService.getSecretValue(secretKeyProperties.getRedisIpAddressKeyId())) + .port(Integer.valueOf(secretKeyManagerService.getSecretValue(secretKeyProperties.getRedisPortKeyId()))) + .password(secretKeyManagerService.getSecretValue(secretKeyProperties.getRedisPasswordKeyId())) + .database(20) + .build(); + } @Bean - public RedisConnectionFactory redisConnectionFactory(){ - RedisStandaloneConfiguration configuration = new RedisStandaloneConfiguration(host, port); - configuration.setPassword(password); - configuration.setDatabase(database); + public RedisConnectionFactory redisConnectionFactory(RedisProperties redisProperties){ + RedisStandaloneConfiguration configuration = new RedisStandaloneConfiguration(redisProperties.getHost(), redisProperties.getPort()); + configuration.setPassword(redisProperties.getPassword()); + configuration.setDatabase(redisProperties.getDatabase()); return new LettuceConnectionFactory(configuration); } @Bean - public RedisTemplate redisTemplate(){ + public RedisTemplate redisTemplate(RedisProperties redisProperties){ RedisTemplate redisTemplate = new RedisTemplate<>(); redisTemplate.setKeySerializer(new StringRedisSerializer()); redisTemplate.setValueSerializer(new StringRedisSerializer()); - redisTemplate.setConnectionFactory(redisConnectionFactory()); + redisTemplate.setConnectionFactory(redisConnectionFactory(redisProperties)); return redisTemplate; } } diff --git a/src/main/java/com/t3t/apigateway/property/RedisProperties.java b/src/main/java/com/t3t/apigateway/property/RedisProperties.java new file mode 100644 index 0000000..ed67799 --- /dev/null +++ b/src/main/java/com/t3t/apigateway/property/RedisProperties.java @@ -0,0 +1,17 @@ +package com.t3t.apigateway.property; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Getter; +import lombok.NoArgsConstructor; + +@Getter +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class RedisProperties { + private String host; + private Integer port; + private Integer database; + private String password; +} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 101e8b3..fa28295 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -8,11 +8,6 @@ spring: profiles: active: dev - redis: - host: ${redisHost} - port: ${redisPort} - password: ${redisPassword} - database: ${redisDatabase} auth: host: ${authHost} @@ -27,9 +22,6 @@ eureka: t3t: - secret: - key: ${jwtSecretKey} - secretKeyManager: certKeyPath: ${secretKeyManagerCertKeyPath} certKeyType: ${secretKeyManagerCertKeyType}