feature:#16 Gateway에 SKM 설정

nhnacademy-be5-T3Team · Apr 29, 2024 · 77e9eb8 · 77e9eb8
1 parent f8fd751
commit 77e9eb8
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 31 deletions.
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -2,14 +2,22 @@ name: CI / CD
 
 on:
   push:
-    branches: [ "develop" ]
+    branches: [ "master", "develop" ]
+  pull_request:
+    branches: [ "master", "develop" ]
 
 jobs:
   ci-cd:
     runs-on: ubuntu-latest
 
     steps:
     - uses: actions/checkout@v3
+    - name: Prepare secure key manager certKey file
+      run:
+        echo ${{ secrets.SECURE_KEY_MANAGER_CERT_KEY }} > t3team-skm-cert.txt
+        mkdir src/main/resources/key
+        base64 -d t3team-skm-cert.txt > src/main/resources/key/t3team-skm-cert.p12
+
     - name: Set up JDK 11
       uses: actions/setup-java@v3
       with:
@@ -18,7 +26,7 @@ jobs:
         cache: maven
 
     - name: build 
-      run: mvn package
+      run: ${{ secrets.MAVEN_OPTION_PACKAGES }}
 
     - name : sonar qube
       run: mvn sonar:sonar -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} -Dsonar.login=${{ secrets.SONAR_LOGIN_TOKEN }}
@@ -42,4 +50,4 @@ jobs:
         key: ${{ secrets.SSH_KEY }}
         port: ${{ secrets.SSH_PORT }}
         script_stop: true
-        script: "kill $(lsof -i:8080 -t) & nohup java -jar ~/target/*.jar > ~/nohup.log 2>&1 &"
+        script: "kill $(lsof -i:9090 -t) & nohup java -jar ~/target/*.jar > ~/nohup.log 2>&1 &"
diff --git a/src/main/java/com/t3t/apigateway/common/JwtUtils.java b/src/main/java/com/t3t/apigateway/common/JwtUtils.java
@@ -2,20 +2,20 @@
 
 import com.t3t.apigateway.exception.TokenNotAuthenticatedExceptions;
 import com.t3t.apigateway.exception.TokenNotConsistedProperly;
+import com.t3t.apigateway.keymanager.properties.SecretKeyProperties;
+import com.t3t.apigateway.keymanager.service.SecretKeyManagerService;
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.security.Keys;
 import io.jsonwebtoken.security.SignatureException;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
+import java.security.Key;
 import java.time.Duration;
 import java.time.LocalDateTime;
 import java.time.ZoneId;
 import java.util.Base64;
-
-import java.security.Key;
 import java.util.Date;
 
 /**
@@ -26,7 +26,8 @@
 public class JwtUtils {
     private Key key;
 
-    public JwtUtils(@Value("${t3t.secret.key}") String secret) {
+    public JwtUtils(SecretKeyManagerService secretKeyManagerService, SecretKeyProperties secretKeyProperties) {
+        String secret = secretKeyManagerService.getSecretValue(secretKeyProperties.getJwtSecretKeyId());
         byte[] byteSecretKey = Base64.getDecoder().decode(secret);
         key = Keys.hmacShaKeyFor(byteSecretKey);
     }

diff --git a/src/main/java/com/t3t/apigateway/config/RedisConfig.java b/src/main/java/com/t3t/apigateway/config/RedisConfig.java
@@ -1,8 +1,11 @@
 package com.t3t.apigateway.config;
 
-import org.springframework.beans.factory.annotation.Value;
+import com.t3t.apigateway.keymanager.properties.SecretKeyProperties;
+import com.t3t.apigateway.keymanager.service.SecretKeyManagerService;
+import com.t3t.apigateway.property.RedisProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
@@ -13,32 +16,35 @@
 @Configuration
 @EnableRedisRepositories
 public class RedisConfig {
-    @Value("${spring.redis.host}")
-    private String host;
-
-    @Value("${spring.redis.port}")
-    private int port;
+    @Bean
+    public RedisProperties redisProperties(SecretKeyManagerService secretKeyManagerService,
+                                           SecretKeyProperties secretKeyProperties,
+                                           Environment environment){
 
-    @Value("${spring.redis.database}")
-    private int database;
+        String activeProfile = environment.getActiveProfiles()[0];
 
-    @Value("${spring.redis.password}")
-    private String password;
+        return RedisProperties.builder()
+                .host(secretKeyManagerService.getSecretValue(secretKeyProperties.getRedisIpAddressKeyId()))
+                .port(Integer.valueOf(secretKeyManagerService.getSecretValue(secretKeyProperties.getRedisPortKeyId())))
+                .password(secretKeyManagerService.getSecretValue(secretKeyProperties.getRedisPasswordKeyId()))
+                .database(20)
+                .build();
+    }
 
     @Bean
-    public RedisConnectionFactory redisConnectionFactory(){
-        RedisStandaloneConfiguration configuration = new RedisStandaloneConfiguration(host, port);
-        configuration.setPassword(password);
-        configuration.setDatabase(database);
+    public RedisConnectionFactory redisConnectionFactory(RedisProperties redisProperties){
+        RedisStandaloneConfiguration configuration = new RedisStandaloneConfiguration(redisProperties.getHost(), redisProperties.getPort());
+        configuration.setPassword(redisProperties.getPassword());
+        configuration.setDatabase(redisProperties.getDatabase());
         return new LettuceConnectionFactory(configuration);
     }
 
     @Bean
-    public RedisTemplate<String, String> redisTemplate(){
+    public RedisTemplate<String, String> redisTemplate(RedisProperties redisProperties){
         RedisTemplate<String, String> redisTemplate = new RedisTemplate<>();
         redisTemplate.setKeySerializer(new StringRedisSerializer());
         redisTemplate.setValueSerializer(new StringRedisSerializer());
-        redisTemplate.setConnectionFactory(redisConnectionFactory());
+        redisTemplate.setConnectionFactory(redisConnectionFactory(redisProperties));
         return redisTemplate;
     }
 }
diff --git a/src/main/java/com/t3t/apigateway/property/RedisProperties.java b/src/main/java/com/t3t/apigateway/property/RedisProperties.java
@@ -0,0 +1,17 @@
+package com.t3t.apigateway.property;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Getter
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class RedisProperties {
+    private String host;
+    private Integer port;
+    private Integer database;
+    private String password;
+}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -8,11 +8,6 @@ spring:
     profiles:
         active: dev
 
-    redis:
-        host: ${redisHost}
-        port: ${redisPort}
-        password: ${redisPassword}
-        database: ${redisDatabase}
     auth:
         host: ${authHost}
 
@@ -27,9 +22,6 @@ eureka:
 
 
 t3t:
-    secret:
-        key: ${jwtSecretKey}
-
     secretKeyManager:
         certKeyPath: ${secretKeyManagerCertKeyPath}
         certKeyType: ${secretKeyManagerCertKeyType}