CMR-9215 fixes jwt configuration

daniel-zamora · jwteague · commit 49c16dbeffad · 2023-06-09T12:10:42.000-06:00
diff --git a/other/cmr-exchange/authz/resources/config/cmr-authz/config.edn b/other/cmr-exchange/authz/resources/config/cmr-authz/config.edn
@@ -1,11 +1,5 @@
 {:auth-caching
- {:jwt-public-key "{
-      \"kty\": \"RSA\",
-      \"n\": \"3LopSyeoSZZGorSPjk4mMbR0ybVSLvfrONGSGXCNXE6ScX9Y1QC_zV8fVeh4XO8tYDi9CgzqK3Nhjsd5KI0ZzTI8Lf52tyr7OzebZXGZpMvyvdp59wlbPL4WFkIHvWFpgypSrTQIRENKaYW_yQB9srq6JpUx14aRG5TpiBuPqgnGM-qBqPvLq5LX9kVhqbV46TuZd9uPn_gISut7A7K3Y5S24DZd3ebxXPap1cn6-mIY30QG5oYmVlMZxdVPhnTzjj4ZNsfyKSRKq3F_UapEr4ynhr-ONgj8HyozyFqTpUn3o8pKAMVaOEfZmRlqb3jnQknbcsJ9fNxmWUUZr_PysQ\",
-      \"e\": \"AQAB\",
-      \"kid\": \"edljwtpubkey_sit\"
-}"
-   :init {}
+ {:init {}
    :ttl
     {:minutes 60}
    :lru
@@ -19,8 +13,13 @@
   	   :relative
   	     {:root
   	       {:url "/access-control"}}}}
-   :edl
-   {:rest
+   :edl {:jwt {:public {:key "{
+      \"kty\": \"RSA\",
+      \"n\": \"3LopSyeoSZZGorSPjk4mMbR0ybVSLvfrONGSGXCNXE6ScX9Y1QC_zV8fVeh4XO8tYDi9CgzqK3Nhjsd5KI0ZzTI8Lf52tyr7OzebZXGZpMvyvdp59wlbPL4WFkIHvWFpgypSrTQIRENKaYW_yQB9srq6JpUx14aRG5TpiBuPqgnGM-qBqPvLq5LX9kVhqbV46TuZd9uPn_gISut7A7K3Y5S24DZd3ebxXPap1cn6-mIY30QG5oYmVlMZxdVPhnTzjj4ZNsfyKSRKq3F_UapEr4ynhr-ONgj8HyozyFqTpUn3o8pKAMVaOEfZmRlqb3jnQknbcsJ9fNxmWUUZr_PysQ\",
+      \"e\": \"AQAB\",
+      \"kid\": \"edljwtpubkey_sit\"
+}"}}
+    :rest
     {:protocol "https"
      :host "sit.urs.earthdata.nasa.gov"}}
    :echo
diff --git a/other/cmr-exchange/authz/src/cmr/authz/components/config.clj b/other/cmr-exchange/authz/src/cmr/authz/components/config.clj
@@ -54,7 +54,7 @@
 
 (defn get-jwt-public-key
   [system]
-  (get-in (get-cfg system) [:auth-caching :jwt-public-key]))
+  (get-in (get-cfg system) [:cmr :edl :jwt :public :key]))
 
 (defn get-edl-username
   [system]
diff --git a/other/cmr-exchange/ous-plugin/resources/config/cmr-plugin/config.edn b/other/cmr-exchange/ous-plugin/resources/config/cmr-plugin/config.edn
@@ -1,12 +1,6 @@
 {:api-version "v3"
  :default-content-type "json"
- :auth-caching {:jwt-public-key "{
-      \"kty\": \"RSA\",
-      \"n\": \"3LopSyeoSZZGorSPjk4mMbR0ybVSLvfrONGSGXCNXE6ScX9Y1QC_zV8fVeh4XO8tYDi9CgzqK3Nhjsd5KI0ZzTI8Lf52tyr7OzebZXGZpMvyvdp59wlbPL4WFkIHvWFpgypSrTQIRENKaYW_yQB9srq6JpUx14aRG5TpiBuPqgnGM-qBqPvLq5LX9kVhqbV46TuZd9uPn_gISut7A7K3Y5S24DZd3ebxXPap1cn6-mIY30QG5oYmVlMZxdVPhnTzjj4ZNsfyKSRKq3F_UapEr4ynhr-ONgj8HyozyFqTpUn3o8pKAMVaOEfZmRlqb3jnQknbcsJ9fNxmWUUZr_PysQ\",
-      \"e\": \"AQAB\",
-      \"kid\": \"edljwtpubkey_sit\"
-}"
-                :init {}
+ :auth-caching {:init {}
                 :ttl {:minutes 60}
                 :lru {:threshold 1000}
                 :dumpfile "data/cache/authz-dump.edn"}
@@ -19,7 +13,13 @@
                           :relative {:root {:url "/access-control"}}}}
    :concept {
      :variable {:version "1.1"}}
-   :edl {:rest
+   :edl {:jwt {:public {:key "{
+      \"kty\": \"RSA\",
+      \"n\": \"3LopSyeoSZZGorSPjk4mMbR0ybVSLvfrONGSGXCNXE6ScX9Y1QC_zV8fVeh4XO8tYDi9CgzqK3Nhjsd5KI0ZzTI8Lf52tyr7OzebZXGZpMvyvdp59wlbPL4WFkIHvWFpgypSrTQIRENKaYW_yQB9srq6JpUx14aRG5TpiBuPqgnGM-qBqPvLq5LX9kVhqbV46TuZd9uPn_gISut7A7K3Y5S24DZd3ebxXPap1cn6-mIY30QG5oYmVlMZxdVPhnTzjj4ZNsfyKSRKq3F_UapEr4ynhr-ONgj8HyozyFqTpUn3o8pKAMVaOEfZmRlqb3jnQknbcsJ9fNxmWUUZr_PysQ\",
+      \"e\": \"AQAB\",
+      \"kid\": \"edljwtpubkey_sit\"
+}"}}
+         :rest
          {:protocol "https"
           :host "sit.urs.earthdata.nasa.gov"}}
    :echo {:rest {:protocol "https"
diff --git a/other/cmr-exchange/service-bridge/resources/config/cmr-opendap/config.edn b/other/cmr-exchange/service-bridge/resources/config/cmr-opendap/config.edn
@@ -1,102 +1,85 @@
 {:api-version "v3"
  :default-content-type "json"
- :auth-caching {:jwt-public-key "{
-      \"kty\": \"RSA\",
-      \"n\": \"3LopSyeoSZZGorSPjk4mMbR0ybVSLvfrONGSGXCNXE6ScX9Y1QC_zV8fVeh4XO8tYDi9CgzqK3Nhjsd5KI0ZzTI8Lf52tyr7OzebZXGZpMvyvdp59wlbPL4WFkIHvWFpgypSrTQIRENKaYW_yQB9srq6JpUx14aRG5TpiBuPqgnGM-qBqPvLq5LX9kVhqbV46TuZd9uPn_gISut7A7K3Y5S24DZd3ebxXPap1cn6-mIY30QG5oYmVlMZxdVPhnTzjj4ZNsfyKSRKq3F_UapEr4ynhr-ONgj8HyozyFqTpUn3o8pKAMVaOEfZmRlqb3jnQknbcsJ9fNxmWUUZr_PysQ\",
-      \"e\": \"AQAB\",
-      \"kid\": \"edljwtpubkey_sit\"
-}"
-                :init {}
+ :auth-caching {:init {}
                 :ttl {:minutes 60}
                 :lru {:threshold 1000}
                 :dumpfile "data/cache/authz-dump.edn"}
  :concept-caching {:init {}
                    :ttl {:hours 24}
                    :dumpfile "data/cache/concept-dump.edn"}
- :cmr {
-   :access {:control {:protocol "https"
+ :cmr {:access {:control {:protocol "https"
+                              :host "cmr.sit.earthdata.nasa.gov"
+                              :relative {:root {:url "/access-control"}}}}
+       :concept {:variable {:version "1.1"}}
+       :edl {:jwt {:public {:key "{
+      \"kty\": \"RSA\",
+      \"n\": \"3LopSyeoSZZGorSPjk4mMbR0ybVSLvfrONGSGXCNXE6ScX9Y1QC_zV8fVeh4XO8tYDi9CgzqK3Nhjsd5KI0ZzTI8Lf52tyr7OzebZXGZpMvyvdp59wlbPL4WFkIHvWFpgypSrTQIRENKaYW_yQB9srq6JpUx14aRG5TpiBuPqgnGM-qBqPvLq5LX9kVhqbV46TuZd9uPn_gISut7A7K3Y5S24DZd3ebxXPap1cn6-mIY30QG5oYmVlMZxdVPhnTzjj4ZNsfyKSRKq3F_UapEr4ynhr-ONgj8HyozyFqTpUn3o8pKAMVaOEfZmRlqb3jnQknbcsJ9fNxmWUUZr_PysQ\",
+      \"e\": \"AQAB\",
+      \"kid\": \"edljwtpubkey_sit\"
+}"}}
+             :rest
+             {:protocol "https"
+              :host "sit.urs.earthdata.nasa.gov"}}
+       :echo {:rest {:protocol "https"
+                     :host "cmr.sit.earthdata.nasa.gov"
+                     :context "/legacy-services/rest"}}
+       :max-pagesize 2000
+       :service {:bridge {:protocol "https"
                           :host "cmr.sit.earthdata.nasa.gov"
-                          :relative {:root {:url "/access-control"}}}}
-   :concept {
-     :variable {:version "1.1"}}
-   :edl {:rest
-         {:protocol "https"
-          :host "sit.urs.earthdata.nasa.gov"}}
-   :echo {:rest {:protocol "https"
-                 :host "cmr.sit.earthdata.nasa.gov"
-                 :context "/legacy-services/rest"}}
-   :max-pagesize 2000
-   :service {
-     :bridge {:protocol "https"
-              :host "cmr.sit.earthdata.nasa.gov"
-              :public {:protocol "https"
-                       :host "cmr.sit.earthdata.nasa.gov"}
-              :relative {:root {:url "/service-bridge"}}}}
-   :search {:protocol "https"
-            :host "cmr.sit.earthdata.nasa.gov"
-            :relative {:root {:url "/search"}}}}
- :giovanni {
-   :search {:protocol "https"
-            :host "giovanni.gsfc.nasa.gov"
-            :relative {:root {:url "/giovanni"}}}}
- :edsc {
-   :search {:protocol "https"
-            :host "search.sit.earthdata.nasa.gov"
-            :relative {:root {:url "/search"}}}}
- :httpd {
-   :port 3013
-   :entry-point-fn cmr.opendap.app.core/main
-   :route-fns {
-     :api cmr.opendap.app.routes.rest.core/all
-     :site cmr.opendap.app.routes.site/all}
-   :pages {
-     :default-title "CMR Service-Bridge"}
-   :base-url "/service-bridge"
-   :base-url-fn cmr.opendap.components.config/opendap-base-url
-   :docs "resources/public/docs"
-   :assets "resources/public/assets"
-   :rest-docs
-     {:base-url-template "%%BASE_URL%%"
-      :source "resources/docs/rest-api/index.md"
-      :outdir "resources/public/docs/service-bridge/docs/current/rest-api"}
-   :skip-static #{"/service-bridge/docs"}
-   :replace-base-url #{"/service-bridge/docs/current/rest-api"
-                       "/service-bridge/docs/current/reference/2000-usage.html"}
-   :index-dirs #{"/service-bridge/docs/1.0.0/marginalia"
-                 "/service-bridge/docs/1.0.0/reference"
-                 "/service-bridge/docs/1.0.0/rest-api"
-                 "/service-bridge/docs/1.5.0/marginalia"
-                 "/service-bridge/docs/1.5.0/reference"
-                 "/service-bridge/docs/1.5.0/rest-api"
-                 "/service-bridge/docs/current/marginalia"
-                 "/service-bridge/docs/current/reference"
-                 "/service-bridge/docs/current/rest-api"}
-   :streaming {
-     :timeout 20000 ; milliseconds (20 seconds * 1000)
-     :heartbeat 200 ; milliseconds
-     }}
- :logging {
-   :level :debug
-   :nss [cmr org.httpkit]
-   :color false}
- :mission-control {
-   :messaging-type :core-async}
- :plugin {
-   :jarfiles {
-     ;; The reducer factory function must take two args: plugin name and plugin
-     ;; type -- both of type ^String. The default reducer checks for an exact
-     ;; string match.
-     :reducer-factory cmr.plugin.jar.core/create-has-plugin-type-reducer}
-   :registry {
-     :default {
-       :plugin-name "CMR-Plugin"
-       :plugin-type "service-bridge-app"
-       ;; The fowllowing needs to be an in-JAR path to a plugin's config file,
-       ;; which will be read once its plugin has been identifed as a plugin of
-       ;; the desired name/type.
-       :config-file "config/cmr-plugin/config.edn"}
-     :web {
-       :route-keys [:httpd :route-fns]
-       :api-route-key :api
-       :site-route-key :site}}}
+                          :public {:protocol "https"
+                                   :host "cmr.sit.earthdata.nasa.gov"}
+                          :relative {:root {:url "/service-bridge"}}}}
+       :search {:protocol "https"
+                :host "cmr.sit.earthdata.nasa.gov"
+                :relative {:root {:url "/search"}}}}
+ :giovanni {:search {:protocol "https"
+                     :host "giovanni.gsfc.nasa.gov"
+                     :relative {:root {:url "/giovanni"}}}}
+ :edsc {:search {:protocol "https"
+                 :host "search.sit.earthdata.nasa.gov"
+                 :relative {:root {:url "/search"}}}}
+ :httpd {:port 3013
+         :entry-point-fn cmr.opendap.app.core/main
+         :route-fns {:api cmr.opendap.app.routes.rest.core/all
+                     :site cmr.opendap.app.routes.site/all}
+         :pages {:default-title "CMR Service-Bridge"}
+         :base-url "/service-bridge"
+         :base-url-fn cmr.opendap.components.config/opendap-base-url
+         :docs "resources/public/docs"
+         :assets "resources/public/assets"
+         :rest-docs
+         {:base-url-template "%%BASE_URL%%"
+          :source "resources/docs/rest-api/index.md"
+          :outdir "resources/public/docs/service-bridge/docs/current/rest-api"}
+         :skip-static #{"/service-bridge/docs"}
+         :replace-base-url #{"/service-bridge/docs/current/rest-api"
+                             "/service-bridge/docs/current/reference/2000-usage.html"}
+         :index-dirs #{"/service-bridge/docs/1.0.0/marginalia"
+                       "/service-bridge/docs/1.0.0/reference"
+                       "/service-bridge/docs/1.0.0/rest-api"
+                       "/service-bridge/docs/1.5.0/marginalia"
+                       "/service-bridge/docs/1.5.0/reference"
+                       "/service-bridge/docs/1.5.0/rest-api"
+                       "/service-bridge/docs/current/marginalia"
+                       "/service-bridge/docs/current/reference"
+                       "/service-bridge/docs/current/rest-api"}
+         :streaming {:timeout 20000 ; milliseconds (20 seconds * 1000)
+                     :heartbeat 200}} ; milliseconds
+ :logging {:level :trace
+           :nss [cmr org.httpkit]
+           :color false}
+ :mission-control {:messaging-type :core-async}
+ :plugin {:jarfiles {;; The reducer factory function must take two args: plugin name and plugin
+                     ;; type -- both of type ^String. The default reducer checks for an exact
+                     ;; string match.
+                     :reducer-factory cmr.plugin.jar.core/create-has-plugin-type-reducer}
+          :registry {:default {:plugin-name "CMR-Plugin"
+                               :plugin-type "service-bridge-app"
+                               ;; The fowllowing needs to be an in-JAR path to a plugin's config file,
+                               ;; which will be read once its plugin has been identifed as a plugin of
+                               ;; the desired name/type.
+                               :config-file "config/cmr-plugin/config.edn"}
+                     :web {:route-keys [:httpd :route-fns]
+                           :api-route-key :api
+                           :site-route-key :site}}}
  :vendor "cmr-service-bridge"}
