[RHCLOUD-36316] Add Kessel relations config for recipients-resolver a…

…pp (#3131) * [RHCLOUD-36316] Add Kessel relations config for recipients-resolver app
RedHatInsights · Nov 20, 2024 · 592b687 · 592b687
1 parent 4459d29
commit 592b687
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 7 deletions.
diff --git a/.rhcicd/clowdapp-recipients-resolver.yaml b/.rhcicd/clowdapp-recipients-resolver.yaml
@@ -14,6 +14,8 @@ objects:
     envName: ${ENV_NAME}
     dependencies:
     - rbac
+    optionalDependencies:
+    - kessel-relations
     featureFlags: true
     deployments:
     - name: service
@@ -161,6 +163,20 @@ objects:
             secretKeyRef:
               name: rbac-psks
               key: psks.json
+        - name: RELATIONS_API_AUTHN_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: kessel-authentication
+              key: relations-api.client.id
+        - name: RELATIONS_API_AUTHN_CLIENT_ISSUER
+          value: ${NOTIFICATIONS_KESSEL_OIDC_ISSUER}
+        - name: RELATIONS_API_AUTHN_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: kessel-authentication
+              key: relations-api.client.secret
+        - name: RELATIONS_API_IS_SECURE_CLIENTS
+          value: ${NOTIFICATIONS_KESSEL_RELATIONS_SECURE_CLIENTS}
 parameters:
 - name: CLOUDWATCH_ENABLED
   description: Enable Cloudwatch (or not)
@@ -263,3 +279,9 @@ parameters:
   value: "https"
 - name: NOTIFICATIONS_RECIPIENTS_RESOLVER_USE_KESSEL_ENABLED
   value: "false"
+- name: NOTIFICATIONS_KESSEL_RELATIONS_SECURE_CLIENTS
+  description: Should the inventory gRPC client open channels over TLS?
+  value: "false"
+- name: NOTIFICATIONS_KESSEL_OIDC_ISSUER
+  description: Specifies the issuer of the OIDC authentication tokens.
+  value: "https://redhat.com/realms/redhat-external"
diff --git a/.../main/java/com/redhat/cloud/notifications/recipients/config/RecipientsResolverConfig.java b/.../main/java/com/redhat/cloud/notifications/recipients/config/RecipientsResolverConfig.java
@@ -9,7 +9,10 @@
 import jakarta.enterprise.event.Startup;
 import jakarta.inject.Inject;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
+import java.net.MalformedURLException;
 import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
 import java.time.Duration;
 import java.util.Map;
 import java.util.Optional;
@@ -32,7 +35,7 @@ public class RecipientsResolverConfig {
     private static final String MBOP_ENV = "notifications.recipients-resolver.mbop.env";
     private static final String NOTIFICATIONS_RECIPIENTS_RESOLVER_USE_KESSEL_ENABLED = "notifications.recipients-resolver.use.kessel.enabled";
     private static final String KESSEL_TARGET_URL = "notifications.recipients-resolver.kessel.target-url";
-    private static final String KESSEL_USE_SECURE_CLIENT = "notifications.kessel.secure-client";
+    private static final String KESSEL_USE_SECURE_CLIENT = "relations-api.is-secure-clients";
 
     /*
      * Unleash configuration
@@ -179,13 +182,22 @@ public String getMbopEnv() {
         return mbopEnv;
     }
 
-
     public boolean isKesselUseSecureClient() {
         return kesselUseSecureClient;
     }
 
     public String getKesselTargetUrl() {
-        return kesselTargetUrl;
+        try {
+            final URL url = new URI(kesselTargetUrl).toURL();
+            final String newKesselUrl = url.getHost() + ":9000";
+
+            Log.debugf("Kessel URL changed from \"%s\" to \"%s\"", kesselTargetUrl, newKesselUrl);
+
+            return newKesselUrl;
+        } catch (final IllegalArgumentException | MalformedURLException | URISyntaxException e) {
+            Log.debugf(e, "Unable to create a URL from value \"%s\"", kesselTargetUrl);
+            return kesselTargetUrl;
+        }
     }
 
     public Duration getLogTooLongRequestLimit() {

diff --git a/recipients-resolver/src/main/resources/application.properties b/recipients-resolver/src/main/resources/application.properties
@@ -53,7 +53,10 @@ quarkus.cache.caffeine.find-recipients.metrics-enabled=true
 quarkus.unleash.active=false
 quarkus.unleash.url=http://localhost:4242
 
-# Kessel integration gRpc
-notifications.recipients-resolver.kessel.target-url=localhost:9000
-notifications.recipients-resolver.kessel.secure-client=false
-
+# Kessel relations integration
+notifications.recipients-resolver.kessel.target-url=${clowder.endpoints.kessel-relations-api:localhost:9000}
+relations-api.is-secure-clients=false
+relations-api.authn.client.id=insights-notifications
+relations-api.authn.client.issuer=http://localhost:8084/realms/redhat-external
+relations-api.authn.client.secret=development-value-123
+relations-api.authn.mode=oidc-client-credentials