From ec83156c492e2b6aba19adc804f906309f266fa5 Mon Sep 17 00:00:00 2001 From: petretiandrea Date: Mon, 25 Nov 2024 17:35:14 +0100 Subject: [PATCH 1/3] feat: [SRTP-115] Instrumentation otel azure (#23) --- build.gradle | 25 +++++++++++++++--- src/main/resources/application.properties | 1 - src/main/resources/custom.security | 1 + src/main/terraform/container_app.tf | 26 +++++++++++++++++++ src/main/terraform/data.tf | 8 ++++++ .../env/cstar-d-weu-rtp/terraform.tfvars | 14 +++++++--- .../env/cstar-p-weu-rtp/terraform.tfvars | 14 +++++++--- .../env/cstar-u-weu-rtp/terraform.tfvars | 12 +++++++-- src/main/terraform/locals.tf | 3 +++ src/main/terraform/variables.tf | 10 +++++++ 10 files changed, 101 insertions(+), 13 deletions(-) create mode 100644 src/main/resources/custom.security diff --git a/build.gradle b/build.gradle index 1468900..aac0f38 100644 --- a/build.gradle +++ b/build.gradle @@ -21,9 +21,10 @@ repositories { mavenCentral() } -//ext { -// set('springCloudAzureVersion', "5.18.0") -//} +ext { + set('springCloudAzureVersion', "5.18.0") + set('otelInstrumentationVersion','2.10.0') +} dependencies { implementation 'org.springframework.boot:spring-boot-starter-actuator' @@ -42,6 +43,12 @@ dependencies { implementation("org.openapitools:jackson-databind-nullable:0.2.6") implementation("com.fasterxml.jackson.datatype:jackson-datatype-jsr310") implementation("org.springframework.boot:spring-boot-starter-validation") + + // opentelemetry + // implementation("io.opentelemetry.instrumentation:opentelemetry-spring-boot-starter") + // provides the same functionality of spring-boot-starter but configure the azure exporter + implementation("com.azure.spring:spring-cloud-azure-starter-monitor:1.0.0-beta.6") + testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation 'org.springframework.security:spring-security-test' testImplementation 'io.projectreactor:reactor-test' @@ -50,7 +57,8 @@ dependencies { dependencyManagement { imports { -// mavenBom "com.azure.spring:spring-cloud-azure-dependencies:${springCloudAzureVersion}" + mavenBom "com.azure.spring:spring-cloud-azure-dependencies:${springCloudAzureVersion}" + mavenBom "io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom:${otelInstrumentationVersion}" } } @@ -99,6 +107,15 @@ openApiGenerate { ]) } +graalvmNative { + binaries { + main { + buildArgs.add("--initialize-at-build-time=org.slf4j.helpers") + jvmArgs.add("-Djava.security.properties=${file("${projectDir}/src/main/resources/custom.security").absolutePath}") + } + } +} + test { finalizedBy jacocoTestReport // report is always generated after tests run } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index b8ef53d..bc924fc 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,6 +1,5 @@ logging.level.root=INFO - spring.application.name=rtp-activator # enable spring boot actuator health endpoint diff --git a/src/main/resources/custom.security b/src/main/resources/custom.security new file mode 100644 index 0000000..9861c93 --- /dev/null +++ b/src/main/resources/custom.security @@ -0,0 +1 @@ +jdk.jar.disabledAlgorithms=MD2, MD5, RSA, DSA \ No newline at end of file diff --git a/src/main/terraform/container_app.tf b/src/main/terraform/container_app.tf index 08278a1..bc4e510 100644 --- a/src/main/terraform/container_app.tf +++ b/src/main/terraform/container_app.tf @@ -46,6 +46,22 @@ resource "azurerm_container_app" "rtp-activator" { name = "IDENTITY_CLIENT_ID" secret_name = "identity-client-id" } + + dynamic "env" { + for_each = var.rtp_environment_configs + content { + name = env.key + value = env.value + } + } + + dynamic "env" { + for_each = var.rtp_environment_secrets + content { + name = env.key + secret_name = replace(lower(env.key), "_", "-") + } + } } max_replicas = var.rtp_activator_max_replicas @@ -57,6 +73,16 @@ resource "azurerm_container_app" "rtp-activator" { value = "${data.azurerm_user_assigned_identity.rtp-activator.client_id}" } + + dynamic "secret" { + for_each = var.rtp_environment_secrets + content { + name = replace(lower(secret.key), "_", "-") + key_vault_secret_id = "${data.azurerm_key_vault.rtp-kv.vault_uri}secrets/${secret.value}" + identity = data.azurerm_user_assigned_identity.rtp-activator.id + } + } + identity { type = "UserAssigned" identity_ids = [data.azurerm_user_assigned_identity.rtp-activator.id] diff --git a/src/main/terraform/data.tf b/src/main/terraform/data.tf index b11a715..60f0888 100644 --- a/src/main/terraform/data.tf +++ b/src/main/terraform/data.tf @@ -13,3 +13,11 @@ data "azurerm_user_assigned_identity" "rtp-activator" { name = var.id_name resource_group_name = var.id_resource_group_name } + +# ------------------------------------------------------------------------------ +# General purpose key vault used to protect secrets. +# ------------------------------------------------------------------------------ +data "azurerm_key_vault" "rtp-kv" { + name = local.rtp_kv_name + resource_group_name = local.rtp_kv_resource_group_name +} diff --git a/src/main/terraform/env/cstar-d-weu-rtp/terraform.tfvars b/src/main/terraform/env/cstar-d-weu-rtp/terraform.tfvars index d6d8f6e..b3c4910 100644 --- a/src/main/terraform/env/cstar-d-weu-rtp/terraform.tfvars +++ b/src/main/terraform/env/cstar-d-weu-rtp/terraform.tfvars @@ -22,8 +22,8 @@ tags = { # ------------------------------------------------------------------------------ cae_name = "cstar-d-mcshared-cae" cae_resource_group_name = "cstar-d-mcshared-app-rg" -id_name = "cstar-d-mcshared-auth-id" -id_resource_group_name = "cstar-d-mcshared-identity-rg" +id_name = "cstar-d-weu-rtp-activator-id" +id_resource_group_name = "cstar-d-weu-rtp-identity-rg" # ------------------------------------------------------------------------------ # Names of key vault secrets. @@ -39,4 +39,12 @@ rtp_activator_cpu = 0.25 rtp_activator_memory = "0.5Gi" rtp_activator_max_replicas = 5 rtp_activator_min_replicas = 1 -rtp_activator_base_url = "https://mil-d-apim.azure-api.net/rtp-activator" \ No newline at end of file +rtp_activator_base_url = "https://mil-d-apim.azure-api.net/rtp-activator" + +rtp_environment_configs = { + OTEL_TRACES_SAMPLER: "always_on" +} + +rtp_environment_secrets = { + APPLICATIONINSIGHTS_CONNECTION_STRING: "appinsights-connection-string" +} \ No newline at end of file diff --git a/src/main/terraform/env/cstar-p-weu-rtp/terraform.tfvars b/src/main/terraform/env/cstar-p-weu-rtp/terraform.tfvars index 33783f5..1e8f10d 100644 --- a/src/main/terraform/env/cstar-p-weu-rtp/terraform.tfvars +++ b/src/main/terraform/env/cstar-p-weu-rtp/terraform.tfvars @@ -22,8 +22,8 @@ tags = { # ------------------------------------------------------------------------------ cae_name = "cstar-p-mcshared-cae" cae_resource_group_name = "cstar-p-mcshared-app-rg" -id_name = "cstar-p-mcshared-auth-id" -id_resource_group_name = "cstar-p-mcshared-identity-rg" +id_name = "cstar-p-weu-rtp-activator-id" +id_resource_group_name = "cstar-p-weu-rtp-identity-rg" # ------------------------------------------------------------------------------ # Names of key vault secrets. @@ -39,4 +39,12 @@ rtp_activator_cpu = 0.25 rtp_activator_memory = "0.5Gi" rtp_activator_max_replicas = 5 rtp_activator_min_replicas = 1 -rtp_activator_base_url = "https://mil-d-apim.azure-api.net/rtp_activator" \ No newline at end of file +rtp_activator_base_url = "https://mil-d-apim.azure-api.net/rtp_activator" + +rtp_environment_configs = { + OTEL_TRACES_SAMPLER: "always_on" +} + +rtp_environment_secrets = { + APPLICATIONINSIGHTS_CONNECTION_STRING: "appinsights-connection-string" +} \ No newline at end of file diff --git a/src/main/terraform/env/cstar-u-weu-rtp/terraform.tfvars b/src/main/terraform/env/cstar-u-weu-rtp/terraform.tfvars index 896f3f1..3bcbe92 100644 --- a/src/main/terraform/env/cstar-u-weu-rtp/terraform.tfvars +++ b/src/main/terraform/env/cstar-u-weu-rtp/terraform.tfvars @@ -22,8 +22,8 @@ tags = { # ------------------------------------------------------------------------------ cae_name = "cstar-u-mcshared-cae" cae_resource_group_name = "cstar-u-mcshared-app-rg" -id_name = "cstar-u-mcshared-auth-id" -id_resource_group_name = "cstar-u-mcshared-identity-rg" +id_name = "cstar-u-weu-rtp-activator-id" +id_resource_group_name = "cstar-u-weu-rtp-identity-rg" # ------------------------------------------------------------------------------ # Names of key vault secrets. @@ -40,3 +40,11 @@ rtp_activator_memory = "0.5Gi" rtp_activator_max_replicas = 5 rtp_activator_min_replicas = 1 rtp_activator_base_url = "https://mil-d-apim.azure-api.net/rtp-activator" + +rtp_environment_configs = { + OTEL_TRACES_SAMPLER: "always_on" +} + +rtp_environment_secrets = { + APPLICATIONINSIGHTS_CONNECTION_STRING: "appinsights-connection-string" +} \ No newline at end of file diff --git a/src/main/terraform/locals.tf b/src/main/terraform/locals.tf index dea9445..4f0b726 100644 --- a/src/main/terraform/locals.tf +++ b/src/main/terraform/locals.tf @@ -3,4 +3,7 @@ locals { # Project label. # project = var.domain == "" ? "${var.prefix}-${var.env_short}" : "${var.prefix}-${var.env_short}-${var.domain}" + + rtp_kv_name = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}-kv" + rtp_kv_resource_group_name = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}-sec-rg" } \ No newline at end of file diff --git a/src/main/terraform/variables.tf b/src/main/terraform/variables.tf index 14caa68..0a8289f 100644 --- a/src/main/terraform/variables.tf +++ b/src/main/terraform/variables.tf @@ -107,3 +107,13 @@ variable "rtp_activator_memory" { variable "rtp_activator_image" { type = string } + +variable "rtp_environment_configs" { + type = map(any) + default = {} +} + +variable "rtp_environment_secrets" { + type = map(any) + default = {} +} \ No newline at end of file From fff0781c95f4a662da892bb2da51cc5af2d81bef Mon Sep 17 00:00:00 2001 From: petretiandrea Date: Tue, 26 Nov 2024 14:41:12 +0100 Subject: [PATCH 2/3] fix: github pat to bypass main push (#24) --- .github/workflows/post-merge.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/post-merge.yml b/.github/workflows/post-merge.yml index 876091e..420163e 100644 --- a/.github/workflows/post-merge.yml +++ b/.github/workflows/post-merge.yml @@ -70,6 +70,8 @@ jobs: # - name: Checkout the source code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + with: + token: ${{ secrets.GIT_PAT }} # # RELEASE CANDIDATE - Update of gradle.properties with the RC new version. From 85aafaec02a116d5215f9e0058e4cc7a46a011d1 Mon Sep 17 00:00:00 2001 From: GitHub Workflow <> Date: Tue, 26 Nov 2024 13:47:16 +0000 Subject: [PATCH 3/3] Updated with new version 1.2.0 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 166aa4a..d27d704 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1 +1 @@ -version=1.1.0 \ No newline at end of file +version=1.2.0 \ No newline at end of file