diff --git a/conf/integ-config.json b/conf/integ-config.json index be7037e4..d6fc6944 100644 --- a/conf/integ-config.json +++ b/conf/integ-config.json @@ -4,8 +4,8 @@ "core_s3_bucket": "", "aws_access_key_id": "", "aws_secret_access_key": "", - "kms_aws_access_key_id": "", - "kms_aws_secret_access_key": "", + "aws_kms_access_key_id": "", + "aws_kms_secret_access_key": "", "sites_metadata_path": "uid2/sites/metadata.json", "clients_metadata_path": "uid2/clients/metadata.json", "client_side_keypairs_metadata_path": "uid2/client_side_keypairs/metadata.json", diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json index de4163a9..a418c0fb 100644 --- a/conf/local-e2e-config.json +++ b/conf/local-e2e-config.json @@ -8,9 +8,9 @@ "aws_region": "us-east-2", "aws_access_key_id": "no access key needed for test", "aws_secret_access_key": "no secret key needed for test", - "kms_aws_access_key_id": "no access key needed for test", - "kms_aws_secret_access_key": "no secret key needed for test", - "kms_aws_endpoint": "http://localhost:5001", + "aws_kms_access_key_id": "no access key needed for test", + "aws_kms_secret_access_key": "no secret key needed for test", + "aws_kms_endpoint": "http://localhost:5001", "sites_metadata_path": "sites/metadata.json", "clients_metadata_path": "clients/metadata.json", "client_side_keypairs_metadata_path": "client_side_keypairs/metadata.json", diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index 3a4b871d..13d2ef82 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -7,9 +7,9 @@ "aws_region": "us-east-2", "aws_access_key_id": "no access key needed for test", "aws_secret_access_key": "no secret key needed for test", - "kms_aws_access_key_id": "no access key needed for test", - "kms_aws_secret_access_key": "no secret key needed for test", - "kms_aws_endpoint": "http://localstack:5001", + "aws_kms_access_key_id": "no access key needed for test", + "aws_kms_secret_access_key": "no secret key needed for test", + "aws_kms_endpoint": "http://localstack:5001", "sites_metadata_path": "sites/metadata.json", "clients_metadata_path": "clients/metadata.json", "client_side_keypairs_metadata_path": "client_side_keypairs/metadata.json", diff --git a/src/main/java/com/uid2/core/Const.java b/src/main/java/com/uid2/core/Const.java index 79d9997c..5451bcba 100644 --- a/src/main/java/com/uid2/core/Const.java +++ b/src/main/java/com/uid2/core/Const.java @@ -14,9 +14,11 @@ public static class RoutingContextData { public static class Config extends com.uid2.shared.Const.Config { public static final String ServiceInstancesProp = "service_instances"; - public static final String KmsAccessKeyIdProp = "kms_aws_access_key_id"; - public static final String KmsSecretAccessKeyProp = "kms_aws_secret_access_key"; - public static final String KmsEndpointProp = "kms_aws_endpoint"; + + public static final String KmsRegionProp = "aws_kms_region"; + public static final String KmsAccessKeyIdProp = "aws_kms_access_key_id"; + public static final String KmsSecretAccessKeyProp = "aws_kms_secret_access_key"; + public static final String KmsEndpointProp = "aws_kms_endpoint"; } public static final String OPERATOR_CONFIG_PATH = "conf/operator/operator-config.json"; diff --git a/src/main/java/com/uid2/core/service/JWTTokenProvider.java b/src/main/java/com/uid2/core/service/JWTTokenProvider.java index 0b889c96..81b607e6 100644 --- a/src/main/java/com/uid2/core/service/JWTTokenProvider.java +++ b/src/main/java/com/uid2/core/service/JWTTokenProvider.java @@ -1,6 +1,7 @@ package com.uid2.core.service; import com.uid2.core.model.ConfigStore; +import com.uid2.shared.Const; import io.vertx.core.json.JsonObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -130,22 +131,22 @@ private void addMapToJsonObject(JsonObject jsonObject, Map map) private static KmsClient getKmsClient(KmsClientBuilder kmsClientBuilder, JsonObject config) throws URISyntaxException { KmsClient client; + String region = config.getString(KmsRegionProp, config.getString(Const.Config.AwsRegionProp)); String accessKeyId = config.getString(KmsAccessKeyIdProp); String secretAccessKey = config.getString(KmsSecretAccessKeyProp); - String endpoint = config.getString(KmsEndpointProp, ""); - String awsRegion = config.getString(AwsRegionProp); + String endpoint = config.getString(KmsEndpointProp); - if (accessKeyId != null && !accessKeyId.isEmpty() && secretAccessKey != null && !secretAccessKey.isEmpty()) { + if (accessKeyId != null && !accessKeyId.isBlank() && secretAccessKey != null && !secretAccessKey.isBlank()) { AwsBasicCredentials basicCredentials = AwsBasicCredentials.create(accessKeyId, secretAccessKey); StaticCredentialsProvider.create(basicCredentials); try { - if (endpoint != null && !endpoint.isEmpty()) { + if (endpoint != null && !endpoint.isBlank()) { kmsClientBuilder.endpointOverride(new URI(endpoint)); } client = kmsClientBuilder - .region(Region.of(awsRegion)) + .region(Region.of(region)) .credentialsProvider(StaticCredentialsProvider.create(basicCredentials)) .build(); } catch (URISyntaxException e) { @@ -156,7 +157,7 @@ private static KmsClient getKmsClient(KmsClientBuilder kmsClientBuilder, JsonObj WebIdentityTokenFileCredentialsProvider credentialsProvider = WebIdentityTokenFileCredentialsProvider.create(); client = kmsClientBuilder - .region(Region.of(awsRegion)) + .region(Region.of(region)) .credentialsProvider(credentialsProvider) .build(); }