Skip to content

Commit

Permalink
enables injection iof 1Password secrets
Browse files Browse the repository at this point in the history
Signed-off-by: Andres LeonRangel <[email protected]>
  • Loading branch information
aleon1220 committed Dec 10, 2023
1 parent 103acc0 commit b2d083c
Show file tree
Hide file tree
Showing 7 changed files with 62 additions and 28 deletions.
1 change: 1 addition & 0 deletions .env.tpl
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
# https://developer.1password.com/docs/cli/secrets-config-files/
LDAP_ADMIN_PASS="op://Professional-IT Projects/multi-cloud-WebApp-Attendance/password"
58 changes: 44 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
- [Attendance WebApp](#attendance-webapp)
- [Introduction](#introduction)
- [Security warnings](#security-warnings)
- [GitHub Reports](#github-reports)
- [Security warnings](#security-warnings)
- [GitHub Vulnerability report](#github-vulnerability-report)
- [Attendance WebApp Architecture (re-architected)](#attendance-webapp-architecture-re-architected)
- [2018-Attendance WebApp high level Architecture](#2018-attendance-webapp-high-level-architecture)
- [Attendance WebApp UI](#attendance-webapp-ui)
Expand All @@ -10,15 +12,16 @@
- [Build WebApp](#build-webapp)
- [Gradle Build Web Package](#gradle-build-web-package)
- [Maven Build](#maven-build)
- [Package WebApp](#package-webapp)
- [Gradle Test suite](#gradle-test-suite)
- [Use 1Password CLI to inject the secrets](#use-1password-cli-to-inject-the-secrets)
- [Package/Run WebApp](#packagerun-webapp)
- [Docker Image Build](#docker-image-build)
- [Available Tomcat versions](#available-tomcat-versions)
- [Run WebApp](#run-webapp)
- [Execute WebApp](#execute-webapp)
- [Container Execution](#container-execution)
- [Docker execution](#docker-execution)
- [Docker-compose](#docker-compose)
- [Editing project diagrams](#editing-project-diagrams)
- [GitHub Vulnerability report](#github-vulnerability-report)

# Attendance WebApp

Expand All @@ -36,11 +39,14 @@ The idea is that you have a short timeframe to submit a random generated code by

The application is a proof of concept for Service orientation and Service interoperability in the cloud

## Security warnings
## GitHub Reports
### Security warnings
> Security Warnings to check
GitHub found 2 vulnerabilities on aleon1220/multi-cloud-WebApp-Attendance's default branch (2 moderate).
To find out more, visit:
[This project security report](https://github.com/aleon1220/multi-cloud-WebApp-Attendance/security)
### GitHub Vulnerability report
https://github.com/aleon1220/multi-cloud-WebApp-Attendance/security/dependabot

## Attendance WebApp Architecture (re-architected)

Expand Down Expand Up @@ -98,7 +104,30 @@ gradle clean build --console plain --warning-mode all
### Maven Build
> maven has been deprecated and moved to [maven](./maven)
## Package WebApp
### Gradle Test suite
#### Use 1Password CLI to inject the secrets
- as a pre-requisite you must have access to the shared vault
- login in the CLI
```bash
# Linux Ubuntu tested 2023-12-10
op signin
```
- inject the secrets for testing Authentication property file
```bash
op inject -i token_auth.properties.tpl -o token_auth.properties
```

- inject the secrets for Testing property file
```bash
op inject -i secrets.env.tpl -o secrets.env
```

- inject the secrets for Testing docker-compose
```bash
op inject -i .env.tpl -o .env
```

## Package/Run WebApp
### Docker Image Build
- Build the app image with Docker. Deploy .WAR file in Tomcat
refer to https://hub.docker.com/_/tomcat
Expand All @@ -111,7 +140,7 @@ Use the tag latest or a particular version e.g. aleon1220/soa:v2 or aleon1220/so
- 7.0.109 = `TOMCAT_VERSION_DOCKER_TAG="7.0.109-jdk8-openjdk"`
- 9.0.78 = `TOMCAT_VERSION_DOCKER_TAG="9.0.78-jre8"`

## Run WebApp
## Execute WebApp
### Container Execution
#### Docker execution

Expand All @@ -131,23 +160,27 @@ Run the tomcat server with the pre-built WAR web Archive file
```bash
docker run -itd --publish 8080:8080 aleon1220/soa:latest
```
- get the name of the running container in port 8888
- get the name of the running container
``` bash
CONTAINER_NAME=$(docker container ls --all --filter publish=8888 --format "{{.Names}}")
CONTAINER_NAME=$(docker container ls --all --filter publish=8080 --format "{{.Names}}")
```
- Access the Docker container via CLI
```bash
docker container exec -it $CONTAINER_NAME /bin/bash
```
- The URl is URL:8888/Attendance-0.0.1 [AttendanceWebApp](http://localhost:8888/Attendance-0.0.1)
- The URl is URL:8080/Attendance-0.0.1 [AttendanceWebApp](http://localhost:8080/AttendanceWebApp)
- clean up docker container environment
``` bash
docker stop $(docker ps --quiet)
docker rm $(docker container ls --all --quiet)
```

#### Docker-compose

- inject the secrets for Testing docker-compose
```bash
op inject -i .env.tpl -o .env
```
- single variable
```bash
export LDAP_ADMIN_PASS=$(op read "op://uqbpxejq7gifvi6mg3c7xxokre/jvuj7juvlxlg7delckucvidqhi/password")
```
Expand All @@ -156,6 +189,3 @@ export LDAP_ADMIN_PASS=$(op read "op://uqbpxejq7gifvi6mg3c7xxokre/jvuj7juvlxlg7d
- go to [diagrams.net](https://app.diagrams.net/?src=about)
- open the file [project-diagrams.drawio](./project-diagrams.drawio) XML file with the diagrams
- Explore > export images to convinience and update this README
## GitHub Vulnerability report

https://github.com/aleon1220/multi-cloud-WebApp-Attendance/security/dependabot
3 changes: 1 addition & 2 deletions src/main/java/entity/LoginReply.java
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,9 @@ public void setAuthenticationResult(AuthenticationResult authenticationResult) {
this.authenticationResult = authenticationResult;
}


@Override
public String toString() {
//return getClass()+"challenge"+challengeParameters+"data in authent"+authenticationResult.getIdToken();
return getClass()+" Not obtaining really much";
return getClass()+" Overriding method";
}
}
12 changes: 7 additions & 5 deletions src/main/java/util/AuthenticateOpenLDAP.java
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
package util;

import com.unboundid.ldap.sdk.*;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
import javax.net.ssl.SSLSocketFactory;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;

public class AuthenticateOpenLDAP {
public void openLDAPAdminSearch() {
// LDAP connection parameters
String ldapURL = "ldap://localhost";
String ldapHost = "localhost";
String bindDN = "cn=admin,dc=my-company,dc=com";
String bindPassword = System.getenv("LDAP_ADMIN_PASS");
String baseDN = "dc=my-company,dc=com";
Expand All @@ -23,7 +25,7 @@ public void openLDAPAdminSearch() {
// connection = new LDAPConnection(socketFactory, "localhost", 636);

// For non-SSL connection
connection = new LDAPConnection("localhost", 389);
connection = new LDAPConnection(ldapHost, 389);
connection.bind(bindDN, bindPassword);

// Perform the search
Expand Down
4 changes: 3 additions & 1 deletion src/test/java/attendance/student/TestStudent.java
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,13 @@

import javax.faces.bean.ManagedBean;

@ManagedBean
import org.junit.jupiter.api.Test;

public class TestStudent {

private String name;

@Test
public String sayHello() {
if (name != null && !name.trim().equals("")) {
return "Hello, " + name + "!";
Expand Down
11 changes: 6 additions & 5 deletions src/test/java/auth/ldap/TestLDAPAuthentication.java
Original file line number Diff line number Diff line change
Expand Up @@ -64,16 +64,17 @@ public void testMockOpenLDAPAdminSearch() throws LDAPSearchException {
@Test
public void testOpenLDAPAdminSearch_withOpenLDAP() {
// Test parameters
String ldapURL = "ldap://localhost";
String ldapURL = "ldap://localhost:389";
String ldapHost = "localhost";
int ldapPort = 389;
String bindDN = "cn=admin,dc=my-company,dc=com";
var bindPassword = "adminpassword";
String bindPassword = System.getenv("LDAP_ADMIN_PASS");
// var bindPassword = "adminpassword";
String baseDN = "dc=my-company,dc=com";
String searchFilter = "(objectClass=*)";

// Connect to OpenLDAP
// Establishing a connection to the LDAP server
// Establish connection to OpenLDAP server
System.out.println("My variable value: " + bindPassword);
try (LDAPConnection connection = new LDAPConnection(ldapHost, ldapPort, bindDN, bindPassword)) {
System.out.println("Connected to the LDAP server.");

Expand All @@ -96,7 +97,7 @@ public void testOpenLDAPAdminSearch_withOpenLDAP() {
// Close connection
connection.close();
} catch (LDAPException e) {
System.err.println("Error connecting to the LDAP server: " + e.getMessage());
System.err.println("LDAP Error connecting: " + e.getMessage());
e.printStackTrace();
}

Expand Down
1 change: 0 additions & 1 deletion src/test/java/json/TestConversionJSON2Object.java
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ public static String readTokenFromProperties() {
} catch (IOException ex) {
ex.printStackTrace();
}

return jwtToken;
}
}

0 comments on commit b2d083c

Please sign in to comment.