NotificationsYou must be signed in to change notification settings
Fork122
Star236

Commitb47f942

authored

Finished up secure config files with ansible. Finally removed the private repo. (#54)

1 parent22c5d8b commitb47f942Copy full SHA for b47f942

File tree

13 files changed

+106

-49

lines changed

ansible
- inventories/production/group_vars
  - all.yml
  - stubbornjava
    - vault_webserver_vars.yml
    - webserver_vars.yml
- roles/apps/app_base/templates
  - secure.conf.j2
- stubbornjava.yml
settings.gradle
stubbornjava-common/src/main/java/com/stubbornjava/common
- Configs.java
- Env.java
- undertow
  - SimpleServer.java
stubbornjava-webapp
- build.gradle
- src/main/resources

13 files changed

+106

-49

lines changed

`‎ansible/inventories/production/group_vars/all.yml‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`---`
`2`	`2`	`ansible_ssh_user:ec2-user`
	`3`	`+env:prod`

`‎ansible/inventories/production/group_vars/stubbornjava/vault_webserver_vars.yml‎`

Lines changed: 19 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,20 @@`
`1`	`1`	`$ANSIBLE_VAULT;1.1;AES256`
`2`		`-39666666393138366664303864626130323134656239316636666138363532386264353232373761`
`3`		`-3135623930323134353731366432346433633237613633310a303234373566373763363663643666`
`4`		`-33306631316662373261643164633535396534373234323833323266393963386638663663613065`
`5`		`-3165626231343232390a373735393362313663623265613232333738653539343231633839306331`
`6`		`-33643935363134366631343133373662663665323464653730356264323537333264346434623233`
`7`		`-31316663393438656461333431656631613262353562333964653230313331653839346236343364`
`8`		`-39666339633564666438646365643166326562353338376265326234666633653238393237623636`
`9`		`-39313433363732326234353863363730626263356536613732313561653062383965653363356665`
`10`		`-37383262343134326163336235656266633333653332343461626330333639366635636638636664`
`11`		`-37313837316361313464353465393832636332323332666464303762643636613938326536353838`
`12`		`-31313062323730663034633239336236383632353535623432333932356539373565376361303638`
`13`		`-33303534343838303134323839633863313237303337646532343064666330333966643635356337`
`14`		`-65623265366330623935633230376238353837353662303039666335383533306139`
	`2`	`+62383035313961363234303436316238633235343139323264356462393132303962383033623136`
	`3`	`+3463383832376634343961373932646132666663643732650a333763393432633635303735393163`
	`4`	`+34623936316439646666303663656462376234646561626635353465396332623933346132386664`
	`5`	`+3365613034663366660a666133333263326230373235623635633732333661656636383938663863`
	`6`	`+31643339653664663766303063353062356230313239663030626233323434346631663137623465`
	`7`	`+65353935346530333734656364656362376234623935636633363638353063653534353031306430`
	`8`	`+31393233353561616634346231343265663132306366303035313466653036653232306433343564`
	`9`	`+35323736316462323664666434643938623636373131623635353365376336346538353538616266`
	`10`	`+33666662343638663464323661366339346364633232333335643464393066363832333830303132`
	`11`	`+38626130613939373161393266343837343161336130613162333036376562353261313538646666`
	`12`	`+33306630323664363131303032633131316466333366363465306464626566386336656136663939`
	`13`	`+36613834653638323463373534376365346131613838366130663630626431643530386434373133`
	`14`	`+35663763656364363237366666323231386130653365386263623463656232343239373362386530`
	`15`	`+32393832666333383337336261393332373934343262613066353931393839306639376134623334`
	`16`	`+61616262353362393931656536346663346164333064313532383035666438626163643733333137`
	`17`	`+31383263626666316130336536323761646232326532633739623431316134383266623435636134`
	`18`	`+38346333303664326237636236646161303761326464633635643763336134636566396166356263`
	`19`	`+64636639323338326366376335636131373532663936623763346565383631366166396332386535`
	`20`	`+376464376465633439326131623036343763`

`‎ansible/inventories/production/group_vars/stubbornjava/webserver_vars.yml‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,3 +3,7 @@`
`3`	`3`	`url:"{{_vault['db']['url']}}"`
`4`	`4`	`user:"{{_vault['db']['user']}}"`
`5`	`5`	`password:"{{_vault['db']['password']}}"`
	`6`	`+`
	`7`	`+github:`
	`8`	`+client_id:"{{_vault['github']['client_id']}}"`
	`9`	`+client_secret:"{{_vault['github']['client_secret']}}"`

`‎ansible/roles/apps/app_base/templates/secure.conf.j2‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,3 +3,8 @@ db {`
`3`	`3`	`user="{{db['user']}}"`
`4`	`4`	`password="{{db['password']}}"`
`5`	`5`	`}`
	`6`	`+`
	`7`	`+github {`
	`8`	`+ clientId="{{github['client_id']}}"`
	`9`	`+ clientSecret="{{github['client_secret']}}"`
	`10`	`+}`

`‎ansible/stubbornjava.yml‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,6 @@`
`8`	`8`	`-{`
`9`	`9`	`role:apps/app_base,`
`10`	`10`	`app_name:stubbornjava,`
`11`		`-app_command:java8 -Denv=prod -Xmx640m -cp 'stubbornjava-all.jar' com.stubbornjava.webapp.StubbornJavaWebApp,`
	`11`	`+app_command:"java8 -Denv={{env}} -server -Xmx640m -cp 'stubbornjava-all.jar' com.stubbornjava.webapp.StubbornJavaWebApp",`
`12`	`12`	`become:true`
`13`	`13`	`}`

`‎settings.gradle‎`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,4 @@ include ':stubbornjava-common'`
`6`	`6`	`include':stubbornjava-examples'`
`7`	`7`	`include':stubbornjava-webapp'`
`8`	`8`
`9`		`-def rootProjectDescriptor= settings.rootProject`
`10`		`-settings.createProjectDescriptor(rootProjectDescriptor,'stubbornjava-private', file('../stubbornjava'))`
`11`	`9`	`// {{end:settings}}`

`‎stubbornjava-common/src/main/java/com/stubbornjava/common/Configs.java‎`

Lines changed: 33 additions & 23 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,28 +1,26 @@`
`1`	`1`	`packagecom.stubbornjava.common;`
`2`	`2`
`3`		`-importjava.util.List;`
	`3`	`+importjava.io.File;`
`4`	`4`	`importjava.util.Map;`
`5`	`5`
`6`	`6`	`importorg.jooq.lambda.Seq;`
`7`	`7`	`importorg.slf4j.Logger;`
`8`	`8`	`importorg.slf4j.LoggerFactory;`
`9`	`9`
`10`		`-importcom.google.common.base.Preconditions;`
`11`		`-importcom.google.common.collect.Lists;`
`12`	`10`	`importcom.typesafe.config.Config;`
`13`	`11`	`importcom.typesafe.config.ConfigFactory;`
`14`	`12`	`importcom.typesafe.config.ConfigRenderOptions;`
`15`	`13`
`16`	`14`	`// {{start:config}}`
`17`	`15`	`publicclassConfigs {`
`18`		`-privatestaticfinalLoggerlogger =LoggerFactory.getLogger(Configs.class);`
	`16`	`+privatestaticfinalLoggerlog =LoggerFactory.getLogger(Configs.class);`
`19`	`17`	`/*`
`20`	`18`	`* I am letting the typesafe configs bleed out on purpose here.`
`21`	`19`	`* We could abstract out and delegate but its not worth it.`
`22`	`20`	`* I am gambling on the fact that I will not switch out the config library.`
`23`	`21`	`*/`
`24`	`22`	`privatestaticfinalConfigsystem =ConfigFactory.systemProperties();`
`25`		`-privatestaticfinalConfigproperties =newBuilder().envAwareApp().build();`
	`23`	`+privatestaticfinalConfigproperties =newBuilder().withSecureConf().envAwareApp().build();`
`26`	`24`
`27`	`25`	`publicstaticConfigsystem() {`
`28`	`26`	`returnsystem;`
`@@ -38,40 +36,52 @@ public static Map<String, Object> asMap(Config config) {`
`38`	`36`	`}`
`39`	`37`
`40`	`38`	`publicstaticclassBuilder {`
`41`		`-privatefinalList<String>configs;`
	`39`	`+privateConfigconf;`
`42`	`40`
`43`	`41`	`publicBuilder() {`
`44`		`-this.configs=Lists.newLinkedList();`
	`42`	`+log.info("Loadingconfigsfirst row is highest priority, second row is fallback and so on");`
`45`	`43`	`}`
`46`	`44`
`47`	`45`	`publicBuilderwithResource(Stringresource) {`
`48`		`-configs.add(resource);`
	`46`	`+conf =returnOrFallback(ConfigFactory.parseResources(resource));`
	`47`	`+log.info("Loaded config file from resource ({})",resource);`
	`48`	`+returnthis;`
	`49`	`+ }`
	`50`	`+`
	`51`	`+publicBuilderwithOptionalFile(Stringpath) {`
	`52`	`+FilesecureConfFile =newFile(path);`
	`53`	`+if (secureConfFile.exists()) {`
	`54`	`+log.info("Loaded config file from path ({})",path);`
	`55`	`+conf =returnOrFallback(ConfigFactory.parseFile(secureConfFile));`
	`56`	`+ }else {`
	`57`	`+log.info("Attempted to load file from path ({}) but it was not found",path);`
	`58`	`+ }`
`49`	`59`	`returnthis;`
`50`	`60`	`}`
`51`	`61`
`52`	`62`	`publicBuilderenvAwareApp() {`
`53`	`63`	`Stringenv =system.hasPath("env") ?system.getString("env") :"local";`
`54`	`64`	`StringenvFile ="application." +env +".conf";`
`55`		`-configs.add(envFile);`
`56`		`-configs.add("application.conf");`
`57`		`-returnthis;`
	`65`	`+returnwithResource(envFile).withResource("application.conf");`
`58`	`66`	`}`
`59`	`67`
`60`		`-publicConfigbuild() {`
`61`		`-logger.info("Loading configs first row is highest priority, second row is fallback and so on");`
`62`		`-configs.forEach(logger::info);`
`63`		`-Preconditions.checkArgument(configs.size() >0,"No config resources specified!");`
`64`		`-ConfigappConfig =ConfigFactory.parseResources(configs.remove(0));`
`65`		`-for (Stringresource :configs) {`
`66`		`-appConfig =appConfig.withFallback(ConfigFactory.parseResources(resource));`
`67`		`- }`
	`68`	`+publicBuilderwithSecureConf() {`
	`69`	`+returnwithOptionalFile("./secure.conf");`
	`70`	`+ }`
`68`	`71`
	`72`	`+publicConfigbuild() {`
`69`	`73`	`// Resolve substitutions.`
`70`		`-appConfig =appConfig.resolve();`
	`74`	`+conf =conf.resolve();`
	`75`	`+log.debug("Logging properties. Make sure sensitive data such as passwords or secrets are not logged!");`
	`76`	`+log.debug(conf.root().render(ConfigRenderOptions.concise().setFormatted(true)));`
	`77`	`+returnconf;`
	`78`	`+ }`
`71`	`79`
`72`		`-logger.debug("Logging properties. Make sure sensitive data such as passwords or secrets are not logged!");`
`73`		`-logger.debug(appConfig.root().render(ConfigRenderOptions.concise().setFormatted(true)));`
`74`		`-returnappConfig;`
	`80`	`+privateConfigreturnOrFallback(Configconfig) {`
	`81`	`+if (this.conf ==null) {`
	`82`	`+returnconfig;`
	`83`	`+ }`
	`84`	`+returnthis.conf.withFallback(config);`
`75`	`85`	`}`
`76`	`86`	`}`
`77`	`87`

`‎stubbornjava-common/src/main/java/com/stubbornjava/common/Env.java‎`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,23 +19,24 @@ public String getName() {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`// {{start:logger}}`
`22`		`-privatestaticfinalLoggerlogger =LoggerFactory.getLogger(Env.class);`
	`22`	`+privatestaticfinalLoggerlog =LoggerFactory.getLogger(Env.class);`
`23`	`23`	`privatestaticfinalEnvcurrentEnv;`
`24`	`24`	`static {`
`25`	`25`	`Stringenv ="local";`
`26`	`26`	`if (Configs.system().hasPath("env")) {`
`27`	`27`	`env =Configs.system().getString("env");`
`28`	`28`	`}`
`29`	`29`	`currentEnv =Env.valueOf(env.toUpperCase());`
`30`		`-logger.debug("Current Env: {}",currentEnv.getName());`
	`30`	`+log.info("Current Env: {}",currentEnv.getName());`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`publicstaticEnvget() {`
`34`	`34`	`returncurrentEnv;`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`publicstaticvoidmain(String[]args) {`
`38`		`-Envenv =currentEnv.get();`
	`38`	`+Envenv =Env.get();`
	`39`	`+log.debug(env.toString());`
`39`	`40`	`}`
`40`	`41`	`// {{end:logger}}`
`41`	`42`	`}`

`‎stubbornjava-common/src/main/java/com/stubbornjava/common/undertow/SimpleServer.java‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,13 +30,13 @@ public void start() {`
`30`	`30`	`Undertowundertow =undertowBuilder.build();`
`31`	`31`	`undertow.start();`
`32`	`32`	`/*`
`33`		`- * Undertow logs this onits own but we generally set 3rd party`
`34`		`- * default logger levels towarn so we log it here. If it wasn't using the`
	`33`	`+ * Undertow logs this ondebug but we generally set 3rd party`
	`34`	`+ * default logger levels toinfo so we log it here. If it wasn't using the`
`35`	`35`	`* io.undertow context we could turn on just that logger but no big deal.`
`36`	`36`	`*/`
`37`	`37`	`undertow.getListenerInfo()`
`38`	`38`	`.stream()`
`39`		`- .forEach(listenerInfo ->logger.debug(listenerInfo.toString()));`
	`39`	`+ .forEach(listenerInfo ->logger.info(listenerInfo.toString()));`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`publicstaticSimpleServersimpleServer(HttpHandlerhandler) {`

`‎stubbornjava-webapp/build.gradle‎`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,6 @@ dependencies {`
`3`	`3`	`// Project reference`
`4`	`4`	`compile project(':stubbornjava-undertow')`
`5`	`5`	`compile project(':stubbornjava-common')`
`6`		`- compile project(':stubbornjava-private')`
`7`	`6`
`8`	`7`	`compile libs.lombok`
`9`	`8`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb47f942

File tree

13 files changed

13 files changed

`‎ansible/inventories/production/group_vars/all.yml‎`

`‎ansible/inventories/production/group_vars/stubbornjava/vault_webserver_vars.yml‎`

`‎ansible/inventories/production/group_vars/stubbornjava/webserver_vars.yml‎`

`‎ansible/roles/apps/app_base/templates/secure.conf.j2‎`

`‎ansible/stubbornjava.yml‎`

`‎settings.gradle‎`

`‎stubbornjava-common/src/main/java/com/stubbornjava/common/Configs.java‎`

`‎stubbornjava-common/src/main/java/com/stubbornjava/common/Env.java‎`

`‎stubbornjava-common/src/main/java/com/stubbornjava/common/undertow/SimpleServer.java‎`

`‎stubbornjava-webapp/build.gradle‎`

0 commit comments