BCDA-7529: Remove nonsensitive env variables from ops repos

Dockerfiles/Dockerfile.ssas

@@ -25,6 +25,8 @@ RUN go build -ldflags "-X github.com/CMSgov/bcda-ssas-app/ssas/constants.Version
 FROM golang:1.19-alpine3.15
 RUN apk update upgrade
 RUN apk --no-cache add ca-certificates aws-cli curl
+WORKDIR /go/src/github.com/CMSgov/bcda-ssas-app
+COPY --from=builder /go/src/github.com/CMSgov/bcda-ssas-app/ssas/cfg/configs ssas/cfg/configs
 WORKDIR /usr/local/bin
 COPY --from=builder /go/src/github.com/CMSgov/bcda-ssas-app/ssas/ssas .
 COPY --from=documentation /go/src/github.com/CMSgov/bcda-ssas-app/ssas/swaggerui ./swaggerui

docker-compose.test.yml

@@ -7,13 +7,12 @@ services:
       dockerfile: Dockerfiles/Dockerfile.tests
       args:
         VERSION: latest
-    env_file:
-      - ./ssas/cfg/configs/local.env
     environment:
       - DB=postgresql://postgres:toor@db:5432
       - DATABASE_URL=postgresql://postgres:toor@db:5432/bcda?sslmode=disable
       - BCDA_SSAS_CLIENT_ID=fake-client-id
       - BCDA_SSAS_SECRET=fake-secret
+      - DEPLOYMENT_TARGET=local
       - SSAS_ADMIN_SIGNING_KEY_PATH=../../../shared_files/ssas/admin_test_signing_key.pem
       - SSAS_PUBLIC_SIGNING_KEY_PATH=../../../shared_files/ssas/public_test_signing_key.pem
       - SSAS_PUBLIC_PORT=:3003

docker-compose.yml

@@ -24,8 +24,6 @@ services:
       args:
         VERSION: latest
     image: bcda-ssas:latest
-    env_file:
-      - ./ssas/cfg/configs/local.env
     environment:
       - DATABASE_URL=postgresql://postgres:toor@db:5432/bcda?sslmode=disable
       - ATO_PUBLIC_KEY_FILE=../shared_files/ATO_public.pem
@@ -34,7 +32,6 @@ services:
       - BCDA_AUTH_PROVIDER=${BCDA_AUTH_PROVIDER}
       - BCDA_SSAS_CLIENT_ID=${BCDA_SSAS_CLIENT_ID}
       - BCDA_SSAS_SECRET=${BCDA_SSAS_SECRET}
-      - DEBUG=true
       - DEPLOYMENT_TARGET=local
       - SSAS_ADMIN_SIGNING_KEY_PATH=../shared_files/ssas/admin_test_signing_key.pem
       - SSAS_PUBLIC_SIGNING_KEY_PATH=../shared_files/ssas/public_test_signing_key.pem
@@ -50,6 +47,7 @@ services:
       - SSAS_CLIENT_ASSERTION_AUD=http://local.testing.cms.gov/api/v2/Token/auth
     volumes:
       - ./shared_files:/usr/local/shared_files
+      - .:/go/src/github.com/CMSgov/bcda-ssas-app
     ports:
       - "3103:3003"
       - "3104:3004"

go.mod

@@ -29,6 +29,7 @@ require (
 	github.com/jackc/puddle/v2 v2.2.1 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/joho/godotenv v1.5.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.10.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect

go.sum

@@ -71,6 +71,8 @@ github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
+github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=

ops/build_and_package.sh

@@ -34,7 +34,7 @@ go clean
 echo "Building ssas..."
 go build -ldflags "-X github.com/CMSgov/bcda-ssas-app/ssas/constants.Version=$VERSION" -o ssas ./service/main
 echo "Packaging ssas binary into RPM..."
-fpm -v $VERSION -s dir -t rpm -n ssas ssas=/usr/local/bin/ssas swaggerui=/etc/sv/ssas
+fpm -v $VERSION -s dir -t rpm -n ssas ssas=/usr/local/bin/ssas swaggerui=/etc/sv/ssas cfg/configs/=/go/src/github.com/CMSgov/bcda-ssas-app/ssas/cfg/configs/
 
 
 #Sign RPMs

ssas/cfg/configs/dev.env

@@ -1,3 +1,4 @@
+DEBUG=TRUE
 DEPLOYMENT_TARGET=dev
 SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
 SSAS_IDLE_TIMEOUT=120

ssas/cfg/configs/local.env

@@ -1,3 +1,4 @@
+DEBUG=TRUE
 DEPLOYMENT_TARGET=local
 SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
 SSAS_IDLE_TIMEOUT=120

ssas/cfg/configs/opensbx.env

@@ -1,3 +1,4 @@
+DEBUG=FALSE
 DEPLOYMENT_TARGET=opensbx
 SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
 SSAS_IDLE_TIMEOUT=120

ssas/cfg/configs/prod.env

@@ -1,3 +1,4 @@
+DEBUG=FALSE
 DEPLOYMENT_TARGET=prod
 SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
 SSAS_IDLE_TIMEOUT=120

ssas/cfg/configs/test.env

@@ -1,3 +1,4 @@
+DEBUG=FALSE
 DEPLOYMENT_TARGET=test
 SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
 SSAS_IDLE_TIMEOUT=120

ssas/service/main/main.go

@@ -1,12 +1,12 @@
 /*
  Package main System-to-System Authentication Service
- 
+
  The System-to-System Authentication Service (SSAS) enables one software system to authenticate and authorize another software system. In this model, the Systems act automatically, independent of a human user identity. Human users are involved only to administer the Service, including establishing the identities and privileges of participating systems.
- 
+
  For more details see our repository readme and Postman tests:
  - https://github.com/CMSgov/bcda-ssas-app
  - https://github.com/CMSgov/bcda-ssas-app/tree/master/test/postman_test
- 
+
  If you have a Client ID and Secret you can use this page to explore the API.  To do this, click the green "Authorize" button below and enter your Client ID and secret in the Basic Authentication username and password boxes.
 Until you click logout your token will be presented with every request made.  To make requests click on the "Try it out" button for the desired endpoint.
 
@@ -20,9 +20,11 @@ Until you click logout your token will be presented with every request made.  To
      SecurityDefinitions:
      basic_auth:
           type: basic
- 
+
  swagger:meta
 */
+//nolint: lll // Ignore long line linting
+
 package main
 
 import (
@@ -78,6 +80,7 @@ func init() {
 	if nil != err {
 		ssas.Logger.Warnf("New Relic integration is disabled: %s", err)
 	}
+
 }
 
 // We provide some simple commands for bootstrapping the system into place. Commands cannot be combined.

ssas/systems.go

@@ -9,6 +9,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"go/build"
 	"io"
 	"net"
 	"os"
@@ -17,6 +18,7 @@ import (
 	"time"
 
 	"github.com/CMSgov/bcda-ssas-app/ssas/cfg"
+	"github.com/joho/godotenv"
 	"github.com/pborman/uuid"
 	"gorm.io/gorm"
 )
@@ -31,15 +33,28 @@ func init() {
 }
 
 func getEnvVars() {
-	DefaultScope = os.Getenv("SSAS_DEFAULT_SYSTEM_SCOPE")
+	env := os.Getenv("DEPLOYMENT_TARGET")
+	gopath := os.Getenv("GOPATH")
+
+	if gopath == "" {
+		gopath = build.Default.GOPATH
+		//when GOROOT==gopath, it'll still be empty. Thus, we specify what's in our Dockerfile.
+		if gopath == "" {
+			gopath = "/go"
+		}
+
+	}
+
+	envPath := fmt.Sprintf(gopath+"/src/github.com/CMSgov/bcda-ssas-app/ssas/cfg/configs/%s.env", env)
+	err := godotenv.Load(envPath)
 
+	if err != nil {
+		ServiceHalted(Event{Help: fmt.Sprintf("Unable to load environment variables in env %s; message: %s", env, err.Error())})
+		panic("Unable to start application without loading environment variables.")
+	}
+	DefaultScope = os.Getenv("SSAS_DEFAULT_SYSTEM_SCOPE")
 	if DefaultScope == "" {
-		if os.Getenv("DEBUG") == "true" {
-			DefaultScope = "bcda-api"
-			return
-		}
-		ServiceHalted(Event{Help: "SSAS_DEFAULT_SYSTEM_SCOPE environment value must be set"})
-		panic("SSAS_DEFAULT_SYSTEM_SCOPE environment value must be set")
+		panic("Unable to source default system scope; check env files")
 	}
 
 	expirationDays := cfg.GetEnvInt("SSAS_CRED_EXPIRATION_DAYS", 90)

ssas/systems_test.go

@@ -668,6 +668,15 @@ func (s *SystemsTestSuite) TestScopeEnvSuccess() {
 	assert.Nil(s.T(), err)
 }
 
+func (s *SystemsTestSuite) TestEmptyGoPath() {
+	err := os.Setenv("GOPATH", "")
+	if err != nil {
+		s.FailNow(err.Error())
+	}
+	getEnvVars()
+	assert.Equal(s.T(), "bcda-api", DefaultScope)
+}
+
 func (s *SystemsTestSuite) TestScopeEnvDebug() {
 	getEnvVars()
 	assert.Equal(s.T(), "bcda-api", DefaultScope)