Merge pull request #422 from bcgov/BCPSDEMS-1696-test-hostname-changes

Kafka config changes
bcgov · Jan 26, 2024 · f89043f · f89043f
2 parents 1162a64 + 0d02114
commit f89043f
Show file tree

Hide file tree

Showing 14 changed files with 28 additions and 21 deletions.
diff --git a/backend/NotificationService/Kafka/ConsumerSetup.cs b/backend/NotificationService/Kafka/ConsumerSetup.cs
@@ -24,7 +24,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl,
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
             SslKeyLocation = config.KafkaCluster.SslKeyLocation
@@ -38,7 +38,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl,
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

diff --git a/backend/NotificationService/NotificationServiceConfiguration.cs b/backend/NotificationService/NotificationServiceConfiguration.cs
@@ -33,7 +33,7 @@ public class KafkaClusterConfiguration
         public string SslKeyLocation { get; set; } = string.Empty;
         public string Scope { get; set; } = "openid";
         public string ConsumerGroupId { get; set; } = "jum-notification-consumer-group";
-
+        public string HostnameVerification { get; set; } = "Https";
 
     }
 

diff --git a/backend/edt.casemanagement/ConsumerSetup.cs b/backend/edt.casemanagement/ConsumerSetup.cs
@@ -32,7 +32,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SocketKeepaliveEnable = true,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             ConnectionsMaxIdleMs = 600000,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
@@ -49,7 +49,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerScope = config.KafkaCluster.Scope,
             ClientId = Dns.GetHostName(),
             RequestTimeoutMs = 60000,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

diff --git a/backend/edt.casemanagement/EdtServiceConfiguration.cs b/backend/edt.casemanagement/EdtServiceConfiguration.cs
@@ -106,6 +106,8 @@ public class KafkaClusterConfiguration : BaseKafkafiguration
         public string AckTopicName { get; set; } = string.Empty;
         public string ConsumerGroupId { get; set; } = "caseaccess-consumer-group";
         public string RetryConsumerGroupId { get; set; } = "caseaccess-retry-consumer-group";
+        public string HostnameVerification { get; set; } = "Https";
+
     }
 
 

diff --git a/backend/edt.casemanagement/Kafka/ConsumerSetup.cs b/backend/edt.casemanagement/Kafka/ConsumerSetup.cs
@@ -29,7 +29,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SocketKeepaliveEnable = true,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             ConnectionsMaxIdleMs = 600000,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
@@ -46,7 +46,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerScope = config.KafkaCluster.Scope,
             ClientId = Dns.GetHostName(),
             RequestTimeoutMs = 60000,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

diff --git a/backend/edt.disclosure/EdtDisclosureServiceConfiguration.cs b/backend/edt.disclosure/EdtDisclosureServiceConfiguration.cs
@@ -120,6 +120,7 @@ public class KafkaClusterConfiguration
         public string ConsumerGroupId { get; set; } = "disclosure-consumer-group";
         public string RetryConsumerGroupId { get; set; } = "disclosure-retry-consumer-group";
         public string CoreFolioCreationNotificationTopic { get; set; } = string.Empty;
+        public string HostnameVerification { get; set; } = "Https";
 
 
     }

diff --git a/backend/edt.disclosure/Kafka/ConsumerSetup.cs b/backend/edt.disclosure/Kafka/ConsumerSetup.cs
@@ -35,7 +35,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SocketKeepaliveEnable = true,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             ConnectionsMaxIdleMs = 600000,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
@@ -52,7 +52,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerScope = config.KafkaCluster.Scope,
             ClientId = Dns.GetHostName(),
             RequestTimeoutMs = 60000,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

diff --git a/backend/jumwebapi/Infrastructure/Auth/AuthenticationSetup.cs b/backend/jumwebapi/Infrastructure/Auth/AuthenticationSetup.cs
@@ -1,3 +1,4 @@
+using System.IdentityModel.Tokens.Jwt;
 using Confluent.Kafka;
 using jumwebapi.Extensions;
 using jumwebapi.Kafka.Producer;
@@ -6,7 +7,6 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.IdentityModel.Tokens;
 using Newtonsoft.Json;
-using System.IdentityModel.Tokens.Jwt;
 
 namespace jumwebapi.Infrastructure.Auth
 {
@@ -26,7 +26,7 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service
                 SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl,
                 SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
                 SaslOauthbearerScope = config.KafkaCluster.Scope,
-                SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+                SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
                 SslCaLocation = config.KafkaCluster.SslCaLocation,
                 SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
                 SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,
@@ -62,7 +62,8 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service
                 };
                 options.Events = new JwtBearerEvents
                 {
-                    OnTokenValidated = context => {
+                    OnTokenValidated = context =>
+                    {
                         return Task.CompletedTask;
                     },
                     OnAuthenticationFailed = context =>
@@ -72,7 +73,7 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service
                             context.NoResult();
                             context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                             context.Response.ContentType = "application/json";
-                            string response =
+                            var response =
                             JsonConvert.SerializeObject("The access token provided is not valid.");
                             if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
                             {
@@ -82,7 +83,7 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service
                             }
                             await context.Response.WriteAsync(response);
                         });
-                   
+
                         //context.HandleResponse();
                         //context.Response.WriteAsync(response).Wait();
                         return Task.CompletedTask;

diff --git a/backend/jumwebapi/jumwebapiConfiguration.cs b/backend/jumwebapi/jumwebapiConfiguration.cs
@@ -65,6 +65,8 @@ public class KafkaClusterConfiguration
         public string SslCertificateLocation { get; set; } = string.Empty;
         public string SslKeyLocation { get; set; } = string.Empty;
         public string Scope { get; set; } = "openid";
+        public string HostnameVerification { get; set; } = "Https";
+
     }
     public class JustinClientConfiguration
     {

diff --git a/backend/service.edt/EdtServiceConfiguration.cs b/backend/service.edt/EdtServiceConfiguration.cs
@@ -119,6 +119,7 @@ public class KafkaClusterConfiguration
         public string ConsumerGroupId { get; set; } = "accessrequest-consumer-group";
         public string RetryConsumerGroupId { get; set; } = "accessrequest-retry-consumer-group";
         public string CoreFolioCreationNotificationTopic { get; set; } = string.Empty;
+        public string HostnameVerification { get; set; } = "Https";
 
     }
 

diff --git a/backend/service.edt/Kafka/ConsumerSetup.cs b/backend/service.edt/Kafka/ConsumerSetup.cs
@@ -38,7 +38,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             ConnectionsMaxIdleMs = 2147483647,
             TopicMetadataRefreshIntervalMs = 10000,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
             SslKeyLocation = config.KafkaCluster.SslKeyLocation
@@ -54,7 +54,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerScope = config.KafkaCluster.Scope,
             ClientId = Dns.GetHostName(),
             RequestTimeoutMs = 60000,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

diff --git a/backend/webapi/Features/Admin/Kafka/Topics/TopicQuery.cs b/backend/webapi/Features/Admin/Kafka/Topics/TopicQuery.cs
@@ -1,9 +1,8 @@
 namespace Pidp.Features.Admin.Kafka.Topics;
 
-using AutoMapper;
-using Pidp.Features.Admin.Kafka.Models;
 using Confluent.Kafka;
 using Confluent.Kafka.Admin;
+using Pidp.Features.Admin.Kafka.Models;
 
 public record TopicQuery(string? topicName) : IQuery<List<TopicModel>>;
 
@@ -35,7 +34,7 @@ public async Task<List<TopicModel>> HandleAsync(TopicQuery query)
             SslCertificateLocation = this.configuration.KafkaCluster.SslCertificateLocation,
             SslCaLocation = this.configuration.KafkaCluster.SslCaLocation,
             SaslOauthbearerScope = this.configuration.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (this.configuration.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslKeyLocation = this.configuration.KafkaCluster.SslKeyLocation,
             SaslMechanism = SaslMechanism.OAuthBearer,
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,

diff --git a/backend/webapi/Infrastructure/HttpClients/HttpClientSetup.cs b/backend/webapi/Infrastructure/HttpClients/HttpClientSetup.cs
@@ -76,7 +76,7 @@ public static IServiceCollection AddHttpClients(this IServiceCollection services
             SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl,
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
             SslKeyLocation = config.KafkaCluster.SslKeyLocation,
@@ -93,7 +93,7 @@ public static IServiceCollection AddHttpClients(this IServiceCollection services
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
             ClientId = Dns.GetHostName(),
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

diff --git a/backend/webapi/PidpConfiguration.cs b/backend/webapi/PidpConfiguration.cs
@@ -135,6 +135,7 @@ public class KafkaClusterConfiguration
         public string ConsumerGroupId { get; set; } = "dems-notification-ack";
         public string KafkaAdminClientId { get; set; } = string.Empty;
         public string KafkaAdminClientSecret { get; set; } = string.Empty;
+        public string HostnameVerification { get; set; } = "Https";
 
     }
     public class JumClientConfiguration