Update s2s secret references (#451)

* Update s2s secret references * Bumping chart version * updated read me * updated configs * updated configs * Updatem s2s-secret secret name to PRD s2s secret * Update var reference * test values * test values * Using debug image to validate secrets * Revert docker image and change secret name * Change PRD secret name Co-authored-by: hmcts-jenkins-rd <62425331+hmcts-jenkins-rd[bot]@users.noreply.github.com> Co-authored-by: abhijit <Abhijit.diwan@hmcts.net>
hmcts · Jan 14, 2021 · 35e0bbb · 35e0bbb
1 parent d29e400
commit 35e0bbb
Show file tree

Hide file tree

Showing 8 changed files with 11 additions and 29 deletions.
diff --git a/README.md b/README.md
@@ -54,7 +54,7 @@ Remember to return the localhost back to the remote broker
 `Step 1: Go to where you can edit configurations for the tests here..`
 ![pact1](readme-images/pact1.png?raw=true "Step 1")
 
-`Step 2: Press the plus to add a new Junit test class..`
+`Step 2: Press the plus to add a new Junit test class...`
 ![pact2](readme-images/pact2.png?raw=true "Step 2")
 
 `Step 3: Then setup the configuration like so, making sure the path to the test class is correct..`

diff --git a/charts/rd-profile-sync/Chart.yaml b/charts/rd-profile-sync/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "0.1"
 description: Reference data service for professional users
 name: rd-profile-sync
-version: 0.0.8
+version: 0.0.9
diff --git a/charts/rd-profile-sync/values.preview.template.yaml b/charts/rd-profile-sync/values.preview.template.yaml
@@ -15,5 +15,5 @@ java:
   keyVaults:
     rd:
       secrets:
-        - s2s-secret
+        - professional-api-s2s-secret
         - OAUTH2-AUTH
diff --git a/charts/rd-profile-sync/values.yaml b/charts/rd-profile-sync/values.yaml
@@ -18,7 +18,7 @@ java:
   keyVaults:
     rd:
       secrets:
-        - s2s-secret
+        - professional-api-s2s-secret
         - profile-sync-POSTGRES-PASS
         - AppInsightsInstrumentationKey
         - OAUTH2-CLIENT-SECRET

diff --git a/infrastructure/main.tf b/infrastructure/main.tf
@@ -2,33 +2,13 @@ locals {
   preview_vault_name      = join("-", [var.raw_product, "aat"])
   non_preview_vault_name  = join("-", [var.raw_product, var.env])
   key_vault_name          = var.env == "preview" || var.env == "spreview" ? local.preview_vault_name : local.non_preview_vault_name
-
-  s2s_rg_prefix             = "rpe-service-auth-provider"
-  s2s_key_vault_name        = var.env == "preview" || var.env == "spreview" ? join("-", ["s2s", "aat"]) : join("-", ["s2s", var.env])
-  s2s_vault_resource_group  = var.env == "preview" || var.env == "spreview" ? join("-", [local.s2s_rg_prefix, "aat"]) : join("-", [local.s2s_rg_prefix, var.env])
 }
 
 data "azurerm_key_vault" "rd_key_vault" {
   name                = local.key_vault_name
   resource_group_name = local.key_vault_name
 }
 
-data "azurerm_key_vault" "s2s_key_vault" {
-  name                = local.s2s_key_vault_name
-  resource_group_name = local.s2s_vault_resource_group
-}
-
-data "azurerm_key_vault_secret" "s2s_secret" {
-  name          = "microservicekey-rd-profile-sync"
-  key_vault_id  = data.azurerm_key_vault.s2s_key_vault.id
-}
-
-resource "azurerm_key_vault_secret" "profile_sync_s2s_secret" {
-  name          = "profile-sync-s2s-secret"
-  value         = data.azurerm_key_vault_secret.s2s_secret.value
-  key_vault_id  = data.azurerm_key_vault.rd_key_vault.id
-}
-
 resource "azurerm_key_vault_secret" "POSTGRES-USER" {
   name          = join("-", [var.component, "POSTGRES-USER"])
   value         = module.db-profile-sync-data.user_name

diff --git a/src/integrationTest/resources/application.yaml b/src/integrationTest/resources/application.yaml
@@ -32,7 +32,7 @@ idam:
     client-authorization: ${OAUTH2_CLIENT_AUTH:ymQtcHJvZmVzc2lvbmFsLWFwaTpjYzVmMmE2LTk2OTAtMTFlOS1iYzQyLTUyNmFmNzc2NGY2PA==}
 
   s2s-auth:
-    totp_secret: ${S2S_SECRET:A6KA6PRLRFWQLSA6}
+    totp_secret: ${S2S_SECRET:AAAAAAAAAAAAAAAA}
     microservice: rd_professional_api
     url: ${S2S_URL:http://127.0.0.1:8990}
   s2s-authorised:

diff --git a/src/main/java/uk/gov/hmcts/reform/profilesync/config/ServiceTokenGeneratorConfiguration.java b/src/main/java/uk/gov/hmcts/reform/profilesync/config/ServiceTokenGeneratorConfiguration.java
@@ -1,5 +1,6 @@
 package uk.gov.hmcts.reform.profilesync.config;
 
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -8,13 +9,14 @@
 import uk.gov.hmcts.reform.authorisation.generators.AuthTokenGeneratorFactory;
 
 @Configuration
+@Slf4j
 public class ServiceTokenGeneratorConfiguration {
 
     @Bean
     public AuthTokenGenerator serviceAuthTokenGenerator(
-            @Value("${idam.s2s-auth.totp_secret}") final String secret,
-            @Value("${idam.s2s-auth.microservice}") final String microService,
-            final ServiceAuthorisationApi serviceAuthorisationApi
+        @Value("${idam.s2s-auth.totp_secret}") final String secret,
+        @Value("${idam.s2s-auth.microservice}") final String microService,
+        final ServiceAuthorisationApi serviceAuthorisationApi
     ) {
         return AuthTokenGeneratorFactory.createDefaultGenerator(secret, microService, serviceAuthorisationApi);
     }

diff --git a/src/main/resources/bootstrap.yaml b/src/main/resources/bootstrap.yaml
@@ -4,7 +4,7 @@ spring:
       prefixed: false
       paths: /mnt/secrets/rd
       aliases:
-        s2s-secret: idam.s2s-auth.totp_secret
+        professional-api-s2s-secret: S2S_SECRET
         profile-sync-POSTGRES-PASS: spring.datasource.password
         OAUTH2-CLIENT-SECRET: idam.api-redirect-uri
         OAUTH2-AUTH: idam.api.authorization