Finished up secure config files with ansible. Finally removed the private repo. (#54)

billoneil · web-flow · commit b47f94216681 · 2017-11-10T17:55:25.000-05:00
diff --git a/ansible/inventories/production/group_vars/all.yml b/ansible/inventories/production/group_vars/all.yml
@@ -1,2 +1,3 @@
 ---
   ansible_ssh_user: ec2-user
+  env: prod
diff --git a/ansible/inventories/production/group_vars/stubbornjava/vault_webserver_vars.yml b/ansible/inventories/production/group_vars/stubbornjava/vault_webserver_vars.yml
@@ -1,14 +1,20 @@
 $ANSIBLE_VAULT;1.1;AES256
-39666666393138366664303864626130323134656239316636666138363532386264353232373761
-3135623930323134353731366432346433633237613633310a303234373566373763363663643666
-33306631316662373261643164633535396534373234323833323266393963386638663663613065
-3165626231343232390a373735393362313663623265613232333738653539343231633839306331
-33643935363134366631343133373662663665323464653730356264323537333264346434623233
-31316663393438656461333431656631613262353562333964653230313331653839346236343364
-39666339633564666438646365643166326562353338376265326234666633653238393237623636
-39313433363732326234353863363730626263356536613732313561653062383965653363356665
-37383262343134326163336235656266633333653332343461626330333639366635636638636664
-37313837316361313464353465393832636332323332666464303762643636613938326536353838
-31313062323730663034633239336236383632353535623432333932356539373565376361303638
-33303534343838303134323839633863313237303337646532343064666330333966643635356337
-65623265366330623935633230376238353837353662303039666335383533306139
+62383035313961363234303436316238633235343139323264356462393132303962383033623136
+3463383832376634343961373932646132666663643732650a333763393432633635303735393163
+34623936316439646666303663656462376234646561626635353465396332623933346132386664
+3365613034663366660a666133333263326230373235623635633732333661656636383938663863
+31643339653664663766303063353062356230313239663030626233323434346631663137623465
+65353935346530333734656364656362376234623935636633363638353063653534353031306430
+31393233353561616634346231343265663132306366303035313466653036653232306433343564
+35323736316462323664666434643938623636373131623635353365376336346538353538616266
+33666662343638663464323661366339346364633232333335643464393066363832333830303132
+38626130613939373161393266343837343161336130613162333036376562353261313538646666
+33306630323664363131303032633131316466333366363465306464626566386336656136663939
+36613834653638323463373534376365346131613838366130663630626431643530386434373133
+35663763656364363237366666323231386130653365386263623463656232343239373362386530
+32393832666333383337336261393332373934343262613066353931393839306639376134623334
+61616262353362393931656536346663346164333064313532383035666438626163643733333137
+31383263626666316130336536323761646232326532633739623431316134383266623435636134
+38346333303664326237636236646161303761326464633635643763336134636566396166356263
+64636639323338326366376335636131373532663936623763346565383631366166396332386535
+376464376465633439326131623036343763
diff --git a/ansible/inventories/production/group_vars/stubbornjava/webserver_vars.yml b/ansible/inventories/production/group_vars/stubbornjava/webserver_vars.yml
@@ -3,3 +3,7 @@
     url: "{{_vault['db']['url']}}"
     user: "{{_vault['db']['user']}}"
     password: "{{_vault['db']['password']}}"
+
+  github:
+    client_id: "{{_vault['github']['client_id']}}"
+    client_secret: "{{_vault['github']['client_secret']}}"
diff --git a/ansible/roles/apps/app_base/templates/secure.conf.j2 b/ansible/roles/apps/app_base/templates/secure.conf.j2
@@ -3,3 +3,8 @@ db {
   user="{{db['user']}}"
   password="{{db['password']}}"
 }
+
+github {
+  clientId="{{github['client_id']}}"
+  clientSecret="{{github['client_secret']}}"
+}
diff --git a/ansible/stubbornjava.yml b/ansible/stubbornjava.yml
@@ -8,6 +8,6 @@
     - {
         role: apps/app_base,
         app_name: stubbornjava,
-        app_command: java8 -Denv=prod -Xmx640m -cp 'stubbornjava-all.jar' com.stubbornjava.webapp.StubbornJavaWebApp,
+        app_command: "java8 -Denv={{env}} -server -Xmx640m -cp 'stubbornjava-all.jar' com.stubbornjava.webapp.StubbornJavaWebApp",
         become: true
       }
diff --git a/settings.gradle b/settings.gradle
@@ -6,6 +6,4 @@ include ':stubbornjava-common'
 include ':stubbornjava-examples'
 include ':stubbornjava-webapp'
 
-def rootProjectDescriptor = settings.rootProject
-settings.createProjectDescriptor(rootProjectDescriptor, 'stubbornjava-private', file('../stubbornjava'))
 // {{end:settings}}
diff --git a/stubbornjava-common/src/main/java/com/stubbornjava/common/Configs.java b/stubbornjava-common/src/main/java/com/stubbornjava/common/Configs.java
@@ -1,28 +1,26 @@
 package com.stubbornjava.common;
 
-import java.util.List;
+import java.io.File;
 import java.util.Map;
 
 import org.jooq.lambda.Seq;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.base.Preconditions;
-import com.google.common.collect.Lists;
 import com.typesafe.config.Config;
 import com.typesafe.config.ConfigFactory;
 import com.typesafe.config.ConfigRenderOptions;
 
 // {{start:config}}
 public class Configs {
-    private static final Logger logger = LoggerFactory.getLogger(Configs.class);
+    private static final Logger log = LoggerFactory.getLogger(Configs.class);
     /*
      * I am letting the typesafe configs bleed out on purpose here.
      * We could abstract out and delegate but its not worth it.
      * I am gambling on the fact that I will not switch out the config library.
      */
     private static final Config system = ConfigFactory.systemProperties();
-    private static final Config properties = new Builder().envAwareApp().build();
+    private static final Config properties = new Builder().withSecureConf().envAwareApp().build();
 
     public static Config system() {
         return system;
@@ -38,40 +36,52 @@ public static Map<String, Object> asMap(Config config) {
     }
 
     public static class Builder {
-        private final List<String> configs;
+        private Config conf;
 
         public Builder() {
-            this.configs = Lists.newLinkedList();
+            log.info("Loading configs first row is highest priority, second row is fallback and so on");
         }
 
         public Builder withResource(String resource) {
-            configs.add(resource);
+            conf = returnOrFallback(ConfigFactory.parseResources(resource));
+            log.info("Loaded config file from resource ({})", resource);
+            return this;
+        }
+
+        public Builder withOptionalFile(String path) {
+            File secureConfFile = new File(path);
+            if (secureConfFile.exists()) {
+                log.info("Loaded config file from path ({})", path);
+                conf = returnOrFallback(ConfigFactory.parseFile(secureConfFile));
+            } else {
+                log.info("Attempted to load file from path ({}) but it was not found", path);
+            }
             return this;
         }
 
         public Builder envAwareApp() {
             String env = system.hasPath("env") ? system.getString("env") : "local";
             String envFile = "application." + env + ".conf";
-            configs.add(envFile);
-            configs.add("application.conf");
-            return this;
+            return withResource(envFile).withResource("application.conf");
         }
 
-        public Config build() {
-            logger.info("Loading configs first row is highest priority, second row is fallback and so on");
-            configs.forEach(logger::info);
-            Preconditions.checkArgument(configs.size() > 0, "No config resources specified!");
-            Config appConfig = ConfigFactory.parseResources(configs.remove(0));
-            for (String resource : configs) {
-                appConfig = appConfig.withFallback(ConfigFactory.parseResources(resource));
-            }
+        public Builder withSecureConf() {
+            return withOptionalFile("./secure.conf");
+        }
 
+        public Config build() {
             // Resolve substitutions.
-            appConfig = appConfig.resolve();
+            conf = conf.resolve();
+            log.debug("Logging properties. Make sure sensitive data such as passwords or secrets are not logged!");
+            log.debug(conf.root().render(ConfigRenderOptions.concise().setFormatted(true)));
+            return conf;
+        }
 
-            logger.debug("Logging properties. Make sure sensitive data such as passwords or secrets are not logged!");
-            logger.debug(appConfig.root().render(ConfigRenderOptions.concise().setFormatted(true)));
-            return appConfig;
+        private Config returnOrFallback(Config config) {
+            if (this.conf == null) {
+                return config;
+            }
+            return this.conf.withFallback(config);
         }
     }
 
diff --git a/stubbornjava-common/src/main/java/com/stubbornjava/common/Env.java b/stubbornjava-common/src/main/java/com/stubbornjava/common/Env.java
@@ -19,23 +19,24 @@ public String getName() {
     }
 
     // {{start:logger}}
-    private static final Logger logger = LoggerFactory.getLogger(Env.class);
+    private static final Logger log = LoggerFactory.getLogger(Env.class);
     private static final Env currentEnv;
     static {
         String env = "local";
         if (Configs.system().hasPath("env")) {
             env = Configs.system().getString("env");
         }
         currentEnv = Env.valueOf(env.toUpperCase());
-        logger.debug("Current Env: {}", currentEnv.getName());
+        log.info("Current Env: {}", currentEnv.getName());
     }
 
     public static Env get() {
         return currentEnv;
     }
 
     public static void main(String[] args) {
-        Env env = currentEnv.get();
+        Env env = Env.get();
+        log.debug(env.toString());
     }
     // {{end:logger}}
 }
diff --git a/stubbornjava-common/src/main/java/com/stubbornjava/common/undertow/SimpleServer.java b/stubbornjava-common/src/main/java/com/stubbornjava/common/undertow/SimpleServer.java
@@ -30,13 +30,13 @@ public void start() {
         Undertow undertow = undertowBuilder.build();
         undertow.start();
         /*
-         *  Undertow logs this on its own but we generally set 3rd party
-         *  default logger levels to warn so we log it here. If it wasn't using the
+         *  Undertow logs this on debug but we generally set 3rd party
+         *  default logger levels to info so we log it here. If it wasn't using the
          *  io.undertow context we could turn on just that logger but no big deal.
          */
         undertow.getListenerInfo()
                 .stream()
-                .forEach(listenerInfo -> logger.debug(listenerInfo.toString()));
+                .forEach(listenerInfo -> logger.info(listenerInfo.toString()));
     }
 
     public static SimpleServer simpleServer(HttpHandler handler) {
diff --git a/stubbornjava-webapp/build.gradle b/stubbornjava-webapp/build.gradle
@@ -3,7 +3,6 @@ dependencies {
     // Project reference
     compile project(':stubbornjava-undertow')
     compile project(':stubbornjava-common')
-    compile project(':stubbornjava-private')
     
     compile libs.lombok
 
diff --git a/stubbornjava-webapp/src/main/resources/application.conf b/stubbornjava-webapp/src/main/resources/application.conf
@@ -0,0 +1,25 @@
+db {
+  url="jdbc:mysql://localhost:3306/stubbornjava"
+  driver="com.mysql.jdbc.Driver"
+  user="root"
+  password=""
+  pool {
+    minconnections = 2
+    maxconnections = 10
+    acquireincrement = 2
+    client {
+      preparedstatements {
+        cache = true
+        cachesize = 256
+        cachelimit = 2048
+        useserver=true
+      }
+    }
+  }
+}
+
+mailchimp {
+  lists {
+    subscribe = "7fa124d84d"
+  }
+}
diff --git a/stubbornjava-webapp/src/main/resources/application.prod.conf b/stubbornjava-webapp/src/main/resources/application.prod.conf
@@ -0,0 +1,5 @@
+mailchimp {
+  lists {
+    subscribe = "05c0e98feb"
+  }
+}
diff --git a/stubbornjava-webapp/src/main/resources/logback.xml b/stubbornjava-webapp/src/main/resources/logback.xml
@@ -1,4 +1,4 @@
-<configuration debug="true"> 
+<configuration> 
 
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> 
     <!-- encoders are  by default assigned the type
@@ -8,11 +8,14 @@
     </encoder>
   </appender>
 
-  <root level="WARN">
+  <root level="INFO">
     <appender-ref ref="STDOUT" />
   </root>
   
+  <!-- 
+  Careful setting com.stubbornjava.common.Configs to DEBUG since it
+  can log sensitive info like database passwords.
+   -->
   <logger name="com.stubbornjava" level="INFO" />
-  
 
 </configuration>

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`---`
`2`	`2`	`ansible_ssh_user: ec2-user`
	`3`	`+ env: prod`
Original file line number	Diff line number	Diff line change
`@@ -3,3 +3,8 @@ db {`
`3`	`3`	`user="{{db['user']}}"`
`4`	`4`	`password="{{db['password']}}"`
`5`	`5`	`}`
	`6`	`+`
	`7`	`+github {`
	`8`	`+ clientId="{{github['client_id']}}"`
	`9`	`+ clientSecret="{{github['client_secret']}}"`
	`10`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,6 @@`
`8`	`8`	`- {`
`9`	`9`	`role: apps/app_base,`
`10`	`10`	`app_name: stubbornjava,`
`11`		`- app_command: java8 -Denv=prod -Xmx640m -cp 'stubbornjava-all.jar' com.stubbornjava.webapp.StubbornJavaWebApp,`
	`11`	`+ app_command: "java8 -Denv={{env}} -server -Xmx640m -cp 'stubbornjava-all.jar' com.stubbornjava.webapp.StubbornJavaWebApp",`
`12`	`12`	`become: true`
`13`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,23 +19,24 @@ public String getName() {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`// {{start:logger}}`
`22`		`- private static final Logger logger = LoggerFactory.getLogger(Env.class);`
	`22`	`+ private static final Logger log = LoggerFactory.getLogger(Env.class);`
`23`	`23`	`private static final Env currentEnv;`
`24`	`24`	`static {`
`25`	`25`	`String env = "local";`
`26`	`26`	`if (Configs.system().hasPath("env")) {`
`27`	`27`	`env = Configs.system().getString("env");`
`28`	`28`	`}`
`29`	`29`	`currentEnv = Env.valueOf(env.toUpperCase());`
`30`		`- logger.debug("Current Env: {}", currentEnv.getName());`
	`30`	`+ log.info("Current Env: {}", currentEnv.getName());`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`public static Env get() {`
`34`	`34`	`return currentEnv;`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`public static void main(String[] args) {`
`38`		`- Env env = currentEnv.get();`
	`38`	`+ Env env = Env.get();`
	`39`	`+ log.debug(env.toString());`
`39`	`40`	`}`
`40`	`41`	`// {{end:logger}}`
`41`	`42`	`}`