From 577e25a7f25f9e9cbeed161a80f6c5535ebeefd9 Mon Sep 17 00:00:00 2001 From: Christine Banek Date: Thu, 9 Jan 2020 12:46:03 -0700 Subject: [PATCH 1/2] [DM-22959] Remove group for logControl With this group here, and no authorizer, this means no one can alter the log settings. This needs to be moved over to a better way of controlling this via secrets, but this is the first step. --- src/main/webapp/WEB-INF/web.xml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml index 7c727d9..3cb9363 100644 --- a/src/main/webapp/WEB-INF/web.xml +++ b/src/main/webapp/WEB-INF/web.xml @@ -24,14 +24,6 @@ ca.nrc.cadc.uws - - logAccessGroup - CADC - - - - - 1 From ee696cbcaa22291a020618082d0cc3fea38bc225 Mon Sep 17 00:00:00 2001 From: Christine Banek Date: Thu, 9 Jan 2020 13:12:27 -0700 Subject: [PATCH 2/2] [DM-22959] Configure properties file for authorized users and groups If it doesn't exist, it should just print out a warning but be fine. This should come from a secret, and /etc/creds is a path that is generated from the vault-secret. --- docker/docker-compose.yml | 2 +- src/main/webapp/WEB-INF/web.xml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 8f67f51..b15ff11 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -22,7 +22,7 @@ services: networks: - tap-network environment: - CATALINA_OPTS: "-Dqservuser.jdbc.username=qsmaster -Dqservuser.jdbc.password= -Dqservuser.jdbc.driverClassName=com.mysql.cj.jdbc.Driver -Dqservuser.jdbc.url=jdbc:mysql://mock-qserv:3306/ -Dtapuser.jdbc.username=TAP_SCHEMA -Dtapuser.jdbc.password=TAP_SCHEMA -Dtapuser.jdbc.driverClassName=com.mysql.cj.jdbc.Driver -Dtapuser.jdbc.url=jdbc:mysql://tap-schema-db:3306/ -Dca.nrc.cadc.reg.client.RegistryClient.local=true -Duws.jdbc.username=postgres -Duws.jdbc.driverClassName=org.postgresql.Driver -Duws.jdbc.url=jdbc:postgresql://uws-db/ -Dca.nrc.cadc.auth.Authenticator=org.opencadc.tap.impl.AuthenticatorImpl" + CATALINA_OPTS: "-Dqservuser.jdbc.username=qsmaster -Dqservuser.jdbc.password= -Dqservuser.jdbc.driverClassName=com.mysql.cj.jdbc.Driver -Dqservuser.jdbc.url=jdbc:mysql://mock-qserv:3306/ -Dtapuser.jdbc.username=TAP_SCHEMA -Dtapuser.jdbc.password=TAP_SCHEMA -Dtapuser.jdbc.driverClassName=com.mysql.cj.jdbc.Driver -Dtapuser.jdbc.url=jdbc:mysql://tap-schema-db:3306/ -Dca.nrc.cadc.reg.client.RegistryClient.local=true -Duws.jdbc.username=postgres -Duws.jdbc.driverClassName=org.postgresql.Driver -Duws.jdbc.url=jdbc:postgresql://uws-db/ -Dca.nrc.cadc.auth.Authenticator=org.opencadc.tap.impl.AuthenticatorImpl -Dca.nrc.cadc.util.PropertiesReader.dir=/etc/creds/" GOOGLE_APPLICATION_CREDENTIALS: "/etc/google_creds.json" volumes: - './google_creds.json:/etc/google_creds.json' diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml index 3cb9363..1e5847c 100644 --- a/src/main/webapp/WEB-INF/web.xml +++ b/src/main/webapp/WEB-INF/web.xml @@ -24,6 +24,10 @@ ca.nrc.cadc.uws + + logControlProperties + logcontrol.properties + 1