#2530 Enable SASL for bie kafka (#2624)

* Initial attempt currently failing on sasl handshake * Enables sasl_ssl for our kafka broker and clients * More changes * Fix for integration test * Remove comments and unnecessary duplication of ssl * Automated commit: Unpin versions of updated images * Bump org.springframework.boot:spring-boot-autoconfigure from 3.2.2 to 3.2.3 (#2659) Bump org.springframework.boot:spring-boot-autoconfigure Bumps [org.springframework.boot:spring-boot-autoconfigure](https://github.com/spring-projects/spring-boot) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.2.2...v3.2.3) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-autoconfigure dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Cheng <[email protected]> * EP Merge: Special Issue Code workaround for testing (#2645) Made special issue code an environment variable, so it can be switched without code change. * Update QA BGS URL (#2622) * Update to use vault values, added to dev and integration test yamls * Update the remaining environments * Updating the names of the topics and add the tls certs needed for communication. * Add the var initialization to setenv.sh * Update urls to dev from tst * Update Contention Event to use new updated topic names * Update BieMessagePayload to use new updated topic names * Updating Login config to only include Kafka user and no default value * Bump org.eclipse.jgit:org.eclipse.jgit from 6.8.0.202311291450-r to 6.9.0.202403050737-r (#2725) Bump org.eclipse.jgit:org.eclipse.jgit Bumps org.eclipse.jgit:org.eclipse.jgit from 6.8.0.202311291450-r to 6.9.0.202403050737-r. --- updated-dependencies: - dependency-name: org.eclipse.jgit:org.eclipse.jgit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ponnia <[email protected]> * Bump com.fasterxml.jackson.core:jackson-databind from 2.16.1 to 2.16.2 (#2728) Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.16.1 to 2.16.2. - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ponnia <[email protected]> * Bump org.apache.commons:commons-compress from 1.26.0 to 1.26.1 (#2727) Bumps org.apache.commons:commons-compress from 1.26.0 to 1.26.1. --- updated-dependencies: - dependency-name: org.apache.commons:commons-compress dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ponnia <[email protected]> * Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.16.1 to 2.16.2 (#2726) Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 Bumps com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.16.1 to 2.16.2. --- updated-dependencies: - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ponnia <[email protected]> * EP Merge: Updated logging of errors and warnings (#2733) * Updated logging of errors and warnings * Simplify EP Merge integration test sorter (#2683) Co-authored-by: Erik Nelsestuen <[email protected]> Co-authored-by: Derek Fitchett <[email protected]> * Github action version rollback (#2737) * rollback version for yoomlam/delete-older-releases * Revert "rollback version for yoomlam/delete-older-releases" This reverts commit 19ad81e. * rollback github-action version * EPMerge: Fix serialization issue resulting in bad request response from BIP API (#2732) Changed rest template to use configured objectmapper * mock-bip-claims-api: Updated mocks for new EE EP Merge End2End tests. (#2746) Updated mocks for new EE EP Merge End2End tests. * EP Merge: add checks for get EP400 claim details (#2747) * Added checks for EP 400 claim details to only allow claims with EP codes in [400, 409] with a benefit claim type code of '400SUPP' * bump pydantic version for Contention Classification App (#2674) bump pydantic version, use model validator w/ mode="before" for validating CfI Co-authored-by: Erik Nelsestuen <[email protected]> * #2749: PROD FIX, Increase rabbitmq container memory (#2750) Production FIX: Increase the rabbitmq container memory * Update SpringBootStarterWeb (#2752) Snyk fix, update spring-boot-web to 3.2.3 * Upgrade spring-boot-starter-web package version (#2754) Upgrade spring-boot-starter-web package version * remove all versioning (#2741) * remove all versioning * undo some changes * run image-names script * add back sourcing file * Update the substring env instead of a prefix for bia kafka topics. * Experiment with bie-kafka-end2end-test.yml * Experiment with bie-kafka-end2end-test.yml * Experiment with bie-kafka-end2end-test.yml * Update group-id * Add V02 to the end of topic names * Update the escaped "" * Changes to the key and value -deserializer * Changes to the key and value -deserializer * Add deserializer delegate class * Add deserializer delegate class * Fix integration test attempt #1 * Update kafka cert generation script to only generate the truststore. * Add yes back * Revert config * Update application yamls * Debug application integration test yaml * Changes to bie kafka docker vars * Changes to bie kafka docker vars * Changes to bie kafka docker vars * Add truststore back * Edits to ssl/sasl connection * Updates to docker-entryprep.sh to ignore the keystore creation/verification * Remove references to keystore file * Add a ssl piece to the properties file * Add ssl truststore everywhere. * Change shape of schema.registry.truststore.* * Add in USER_INFO basic auth for schema registry * Revert higher environments for RBAC to match develop * Small nits and update to infix from env * rm unnecessary Kafka cert gen * Add qa and sandbox as well * Revert mock BIE kafka to existing state * Revert local config * RBAC user id password are not needed for local test --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Cheng <[email protected]> Co-authored-by: VRO Machine User <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Derek Fitchett <[email protected]> Co-authored-by: Mason Watson <[email protected]> Co-authored-by: Ponnia <[email protected]> Co-authored-by: YANG YANG <[email protected]> Co-authored-by: Erik Nelsestuen <[email protected]> Co-authored-by: Luke Short <[email protected]>
department-of-veterans-affairs · Apr 17, 2024 · 97b535f · 97b535f
1 parent e2fcd53
commit 97b535f
Show file tree

Hide file tree

Showing 11 changed files with 130 additions and 133 deletions.
diff --git a/shared/lib-bie-kafka/src/main/java/gov/va/vro/model/biekafka/BieMessagePayload.java b/shared/lib-bie-kafka/src/main/java/gov/va/vro/model/biekafka/BieMessagePayload.java
@@ -34,60 +34,60 @@ public class BieMessagePayload {
 
   // populated from kafka topic payload
   @TargetEvents({
-    "CONTENTION_BIE_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
-    "CONTENTION_BIE_CONTENTION_CLASSIFIED_V02",
-    "CONTENTION_BIE_CONTENTION_UPDATED_V02"
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_CLASSIFIED_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"
   })
   private String benefitClaimTypeCode;
 
   @TargetEvents({
-    "CONTENTION_BIE_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
-    "CONTENTION_BIE_CONTENTION_CLASSIFIED_V02",
-    "CONTENTION_BIE_CONTENTION_UPDATED_V02"
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_CLASSIFIED_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"
   })
   private String actorStation;
 
   @TargetEvents({
-    "CONTENTION_BIE_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
-    "CONTENTION_BIE_CONTENTION_CLASSIFIED_V02",
-    "CONTENTION_BIE_CONTENTION_UPDATED_V02"
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_CLASSIFIED_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"
   })
   private String details;
 
   @TargetEvents({
-    "CONTENTION_BIE_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
-    "CONTENTION_BIE_CONTENTION_CLASSIFIED_V02",
-    "CONTENTION_BIE_CONTENTION_UPDATED_V02"
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_CLASSIFIED_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"
   })
   private Long veteranParticipantId;
 
   @TargetEvents({
-    "CONTENTION_BIE_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
-    "CONTENTION_BIE_CONTENTION_CLASSIFIED_V02",
-    "CONTENTION_BIE_CONTENTION_UPDATED_V02"
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_CLASSIFIED_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"
   })
   private String contentionClassificationName;
 
   @TargetEvents({
-    "CONTENTION_BIE_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
-    "CONTENTION_BIE_CONTENTION_CLASSIFIED_V02",
-    "CONTENTION_BIE_CONTENTION_UPDATED_V02"
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_CLASSIFIED_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"
   })
   private String diagnosticTypeCode;
 
-  @TargetEvents({"CONTENTION_BIE_CONTENTION_UPDATED_V02"})
+  @TargetEvents({"BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"})
   private String journalStatusTypeCode;
 
   @TargetEvents({
-    "CONTENTION_BIE_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
-    "CONTENTION_BIE_CONTENTION_CLASSIFIED_V02",
-    "CONTENTION_BIE_CONTENTION_UPDATED_V02"
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_ASSOCIATED_TO_CLAIM_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_CLASSIFIED_V02",
+    "BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"
   })
   private Long dateAdded;
 
-  @TargetEvents({"CONTENTION_BIE_CONTENTION_UPDATED_V02"})
+  @TargetEvents({"BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"})
   private Long dateCompleted;
 
-  @TargetEvents({"CONTENTION_BIE_CONTENTION_UPDATED_V02"})
+  @TargetEvents({"BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"})
   private Long dateUpdated;
 }
diff --git a/shared/lib-bie-kafka/src/main/java/gov/va/vro/model/biekafka/ContentionEvent.java b/shared/lib-bie-kafka/src/main/java/gov/va/vro/model/biekafka/ContentionEvent.java
@@ -3,11 +3,11 @@
 import java.util.Arrays;
 
 public enum ContentionEvent {
-  CONTENTION_ASSOCIATED_TO_CLAIM("CONTENTION_BIE_CONTENTION_ASSOCIATED_TO_CLAIM_V02"),
-  CONTENTION_UPDATED("CONTENTION_BIE_CONTENTION_UPDATED_V02"),
-  CONTENTION_CLASSIFIED("CONTENTION_BIE_CONTENTION_CLASSIFIED_V02"),
-  CONTENTION_COMPLETED("CONTENTION_BIE_CONTENTION_COMPLETED_V02"),
-  CONTENTION_DELETED("CONTENTION_BIE_CONTENTION_DELETED_V02");
+  CONTENTION_ASSOCIATED_TO_CLAIM("BIA_SERVICES_BIE_CATALOG_CONTENTION_ASSOCIATED_TO_CLAIM_V02"),
+  CONTENTION_UPDATED("BIA_SERVICES_BIE_CATALOG_CONTENTION_UPDATED_V02"),
+  CONTENTION_CLASSIFIED("BIA_SERVICES_BIE_CATALOG_CONTENTION_CLASSIFIED_V02"),
+  CONTENTION_COMPLETED("BIA_SERVICES_BIE_CATALOG_CONTENTION_COMPLETED_V02"),
+  CONTENTION_DELETED("BIA_SERVICES_BIE_CATALOG_CONTENTION_DELETED_V02");
 
   private final String topicName;
 
@@ -20,13 +20,13 @@ public String getTopicName() {
   }
 
   public static ContentionEvent mapTopicToEvent(String topic) {
-    // remove first word prefix from topic seperated by _
-    String noPrefixTopic = topic.substring(topic.indexOf("_") + 1);
+    String subString = "CATALOG_.*?_CONTENTION";
+    String noSubStringTopic = topic.replaceAll(subString, "CATALOG_CONTENTION");
 
     return Arrays.stream(ContentionEvent.values())
-        .filter(event -> event.getTopicName().equals(noPrefixTopic))
+        .filter(event -> event.getTopicName().equals(noSubStringTopic))
         .findFirst()
-        .orElseThrow(() -> new IllegalArgumentException("Unrecognized topic: " + noPrefixTopic));
+        .orElseThrow(() -> new IllegalArgumentException("Unrecognized topic: " + noSubStringTopic));
   }
 
   public static String rabbitMqExchangeName(String topic) {

diff --git a/svc-bie-kafka/docker-entryprep.sh b/svc-bie-kafka/docker-entryprep.sh
@@ -6,20 +6,12 @@ getEnvVarValue(){
 }
 
 for ENV_VAR in \
-  BIE_KAFKA_KEYSTORE_INBASE64 BIE_KAFKA_KEYSTORE_PASSWORD \
   BIE_KAFKA_TRUSTSTORE_INBASE64 BIE_KAFKA_TRUSTSTORE_PASSWORD; do
   if [ "$(getEnvVarValue "$ENV_VAR")" = "" ]; then
     >&2 echo "ERROR: Missing expected environment variable: $ENV_VAR"
   fi
 done
 
-export KEYSTORE_FILE="$PWD/keystore.p12"
-echo "$BIE_KAFKA_KEYSTORE_INBASE64" | base64 -d > "$KEYSTORE_FILE"
-echo -e "\nVerifying keystore ($KEYSTORE_FILE) and its password..."
-if ! keytool -list -v -keystore "$KEYSTORE_FILE" -storepass "$BIE_KAFKA_KEYSTORE_PASSWORD" | grep "Alias name:"; then
-  >&2 echo "ERROR: with keystore"
-fi
-
 export TRUSTSTORE_FILE="$PWD/truststore.p12"
 echo "$BIE_KAFKA_TRUSTSTORE_INBASE64" | base64 -d > "$TRUSTSTORE_FILE"
 echo -e "\nVerifying truststore ($TRUSTSTORE_FILE) and its password..."

diff --git a/svc-bie-kafka/src/main/java/gov/va/vro/services/bie/config/BieProperties.java b/svc-bie-kafka/src/main/java/gov/va/vro/services/bie/config/BieProperties.java
@@ -13,11 +13,15 @@
 @Setter
 public class BieProperties {
 
-  @Getter String kakfaTopicPrefix;
+  @Getter String kafkaTopicInfix;
 
   public String[] topicNames() {
     return Arrays.stream(ContentionEvent.values())
-        .map(contention -> kakfaTopicPrefix + contention.getTopicName())
+        .map(
+            contention -> {
+              String subString = "CATALOG_" + kafkaTopicInfix + "_CONTENTION";
+              return contention.getTopicName().replaceAll("CATALOG_CONTENTION", subString);
+            })
         .toArray(String[]::new);
   }
 }
diff --git a/svc-bie-kafka/src/main/resources/application-dev.yaml b/svc-bie-kafka/src/main/resources/application-dev.yaml
@@ -1,24 +1,32 @@
 spring:
   kafka:
-    bootstrap-servers: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:kafka.dev.bip.va.gov:443}"
+    bootstrap-servers: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:bip-kafka.dev.bip.va.gov:443}"
     properties:
-      schema.registry.url: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:https://schemaregistry.dev.bip.va.gov:443}"
-      schema.registry.ssl.protocol: SSL
-      schema.registry.ssl.keystore.location: "${KEYSTORE_FILE}"
-      schema.registry.ssl.keystore.password: "${BIE_KAFKA_KEYSTORE_PASSWORD}"
-      schema.registry.ssl.keystore.type: "PKCS12"
-      schema.registry.ssl.truststore.location: "${TRUSTSTORE_FILE}"
-      schema.registry.ssl.truststore.password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
-      schema.registry.ssl.truststore.type: "PKCS12"
+      basic.auth.credentials.source: USER_INFO
+      basic.auth.user.info: "${BIE_KAFKA_RBAC_USERNAME}:${BIE_KAFKA_RBAC_PASSWORD}"
+      schema.registry:
+        basic.auth.credentials.source: USER_INFO
+        basic.auth.user.info: "${BIE_KAFKA_RBAC_USERNAME}:${BIE_KAFKA_RBAC_PASSWORD}"
+        url: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:https://bip-schemaregistry.dev.bip.va.gov}"
+        ssl:
+          truststore.location: "${TRUSTSTORE_FILE}"
+          truststore.password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+          truststore.type: "PKCS12"
+      security.protocol: SASL_SSL
+      sasl:
+        mechanism: PLAIN
+        jaas:
+          config: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"${BIE_KAFKA_RBAC_USERNAME}\" password=\"${BIE_KAFKA_RBAC_PASSWORD}\";"
     consumer:
-      group-id: "${BIE_KAFKA_PLACEHOLDERS_GROUP_ID:vro-bie-tst-vro-1}"
+      group-id: "${BIE_KAFKA_PLACEHOLDERS_GROUP_ID:EXT_VRO_TST}"
       key-deserializer: "org.apache.kafka.common.serialization.StringDeserializer"
       value-deserializer: "io.confluent.kafka.serializers.KafkaAvroDeserializer"
-      properties:
-        security.protocol: SSL
-        ssl.keystore.type: PKCS12
-        ssl.keystore.location: "${KEYSTORE_FILE}"
-        ssl.keystore.password: "${BIE_KAFKA_KEYSTORE_PASSWORD}"
-        ssl.truststore.type: PKCS12
-        ssl.truststore.location: "${TRUSTSTORE_FILE}"
-        ssl.truststore.password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+      security:
+        protocol: SASL_SSL
+      ssl:
+        trust-store-location: "file:${TRUSTSTORE_FILE}"
+        trust-store-password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+        trust-store-type: "PKCS12"
+
+bie:
+  kafka-topic-infix: "TST"
diff --git a/svc-bie-kafka/src/main/resources/application-integration-test.yaml b/svc-bie-kafka/src/main/resources/application-integration-test.yaml
@@ -1,4 +1,3 @@
-
 spring:
   kafka:
     # To prevent java.net.UnknownHostException mock-bie-kafka, use mock Kafka's 'EXTERNAL' port 9094

diff --git a/svc-bie-kafka/src/main/resources/application-qa.yaml b/svc-bie-kafka/src/main/resources/application-qa.yaml
@@ -1,35 +1,32 @@
 spring:
   kafka:
-    bootstrap-servers: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:kafka.stage.bip.va.gov:443}"
+    bootstrap-servers: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:bip-kafka.qa.bip.va.gov:443}"
     properties:
-      schema:
-        registry:
-          url: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:https://schemaregistry.stage.bip.va.gov:443}"
-          ssl:
-            protocol: SSL
-            keystore:
-              type: PKCS12
-              location: "${KEYSTORE_FILE}"
-              password: "${BIE_KAFKA_KEYSTORE_PASSWORD}"
-            truststore:
-              type: PKCS12
-              location: "${TRUSTSTORE_FILE}"
-              password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+      basic.auth.credentials.source: USER_INFO
+      basic.auth.user.info: "${BIE_KAFKA_RBAC_USERNAME}:${BIE_KAFKA_RBAC_PASSWORD}"
+      schema.registry:
+        basic.auth.credentials.source: USER_INFO
+        basic.auth.user.info: "${BIE_KAFKA_RBAC_USERNAME}:${BIE_KAFKA_RBAC_PASSWORD}"
+        url: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:https://bip-schemaregistry.dev.bip.va.gov}"
+        ssl:
+          truststore.location: "${TRUSTSTORE_FILE}"
+          truststore.password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+          truststore.type: "PKCS12"
+      security.protocol: SASL_SSL
+      sasl:
+        mechanism: PLAIN
+        jaas:
+          config: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"${BIE_KAFKA_RBAC_USERNAME}\" password=\"${BIE_KAFKA_RBAC_PASSWORD}\";"
     consumer:
-      group-id: "${BIE_KAFKA_PLACEHOLDERS_GROUP_ID:vro-bie-ivv-vro}"
+      group-id: "${BIE_KAFKA_PLACEHOLDERS_GROUP_ID:EXT_VRO_QA}"
       key-deserializer: "org.apache.kafka.common.serialization.StringDeserializer"
       value-deserializer: "io.confluent.kafka.serializers.KafkaAvroDeserializer"
-      properties:
-        security.protocol: SSL
-        ssl:
-          keystore:
-            type: PKCS12
-            location: "${KEYSTORE_FILE}"
-            password: "${BIE_KAFKA_KEYSTORE_PASSWORD}"
-          truststore:
-            type: PKCS12
-            location: "${TRUSTSTORE_FILE}"
-            password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+      security:
+        protocol: SASL_SSL
+      ssl:
+        trust-store-location: "file:${TRUSTSTORE_FILE}"
+        trust-store-password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+        trust-store-type: "PKCS12"
 
 bie:
-  kakfa-topic-prefix: "IVV_"
+  kafka-topic-infix: "QA"
diff --git a/svc-bie-kafka/src/main/resources/application-sandbox.yaml b/svc-bie-kafka/src/main/resources/application-sandbox.yaml
@@ -1,35 +1,32 @@
 spring:
   kafka:
-    bootstrap-servers: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:kafka.stage.bip.va.gov:443}"
+    bootstrap-servers: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:bip-kafka.stage.bip.va.gov:443}"
     properties:
-      schema:
-        registry:
-          url: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:https://schemaregistry.stage.bip.va.gov:443}"
-          ssl:
-            protocol: SSL
-            keystore:
-              type: PKCS12
-              location: "${KEYSTORE_FILE}"
-              password: "${BIE_KAFKA_KEYSTORE_PASSWORD}"
-            truststore:
-              type: PKCS12
-              location: "${TRUSTSTORE_FILE}"
-              password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+      basic.auth.credentials.source: USER_INFO
+      basic.auth.user.info: "${BIE_KAFKA_RBAC_USERNAME}:${BIE_KAFKA_RBAC_PASSWORD}"
+      schema.registry:
+        basic.auth.credentials.source: USER_INFO
+        basic.auth.user.info: "${BIE_KAFKA_RBAC_USERNAME}:${BIE_KAFKA_RBAC_PASSWORD}"
+        url: "${BIE_KAFKA_PLACEHOLDERS_BROKERS:bip-schemaregistry.stage.bip.va.go}"
+        ssl:
+          truststore.location: "${TRUSTSTORE_FILE}"
+          truststore.password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+          truststore.type: "PKCS12"
+      security.protocol: SASL_SSL
+      sasl:
+        mechanism: PLAIN
+        jaas:
+          config: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"${BIE_KAFKA_RBAC_USERNAME}\" password=\"${BIE_KAFKA_RBAC_PASSWORD}\";"
     consumer:
-      group-id: "${BIE_KAFKA_PLACEHOLDERS_GROUP_ID:vro-bie-uat-vro}"
+      group-id: "${BIE_KAFKA_PLACEHOLDERS_GROUP_ID:EXT_VRO_IVV}"
       key-deserializer: "org.apache.kafka.common.serialization.StringDeserializer"
       value-deserializer: "io.confluent.kafka.serializers.KafkaAvroDeserializer"
-      properties:
-        security.protocol: SSL
-        ssl:
-          keystore:
-            type: PKCS12
-            location: "${KEYSTORE_FILE}"
-            password: "${BIE_KAFKA_KEYSTORE_PASSWORD}"
-          truststore:
-            type: PKCS12
-            location: "${TRUSTSTORE_FILE}"
-            password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+    security:
+      protocol: SASL_SSL
+    ssl:
+      trust-store-location: "file:${TRUSTSTORE_FILE}"
+      trust-store-password: "${BIE_KAFKA_TRUSTSTORE_PASSWORD}"
+      trust-store-type: "PKCS12"
 
 bie:
-  kakfa-topic-prefix: "UAT_"
+  kafka-topic-infix: "IVV"
diff --git a/svc-bie-kafka/src/main/resources/application.yaml b/svc-bie-kafka/src/main/resources/application.yaml
@@ -33,7 +33,7 @@ spring:
 
 ## Specify bie properties
 bie:
-  kakfa-topic-prefix: "TST_"
+  kafka-topic-infix: "TST"
 
 ## Actuator for health check, liveness, and readiness
 management:

diff --git a/svc-bie-kafka/src/test/java/gov/va/vro/services/bie/config/ContentionEventTest.java b/svc-bie-kafka/src/test/java/gov/va/vro/services/bie/config/ContentionEventTest.java
@@ -13,11 +13,11 @@ public class ContentionEventTest {
 
   @ParameterizedTest
   @CsvSource({
-    "TST_CONTENTION_BIE_CONTENTION_ASSOCIATED_TO_CLAIM_V02, CONTENTION_ASSOCIATED_TO_CLAIM",
-    "TST_CONTENTION_BIE_CONTENTION_UPDATED_V02, CONTENTION_UPDATED",
-    "TST_CONTENTION_BIE_CONTENTION_CLASSIFIED_V02, CONTENTION_CLASSIFIED",
-    "TST_CONTENTION_BIE_CONTENTION_COMPLETED_V02, CONTENTION_COMPLETED",
-    "TST_CONTENTION_BIE_CONTENTION_DELETED_V02, CONTENTION_DELETED"
+    "BIA_SERVICES_BIE_CATALOG_TST_CONTENTION_ASSOCIATED_TO_CLAIM_V02, CONTENTION_ASSOCIATED_TO_CLAIM",
+    "BIA_SERVICES_BIE_CATALOG_TST_CONTENTION_UPDATED_V02, CONTENTION_UPDATED",
+    "BIA_SERVICES_BIE_CATALOG_TST_CONTENTION_CLASSIFIED_V02, CONTENTION_CLASSIFIED",
+    "BIA_SERVICES_BIE_CATALOG_TST_CONTENTION_COMPLETED_V02, CONTENTION_COMPLETED",
+    "BIA_SERVICES_BIE_CATALOG_TST_CONTENTION_DELETED_V02, CONTENTION_DELETED"
   })
   public void testMapTopicToEvent_validTopics(String inputTopic, ContentionEvent expectedEvent) {
     assertEquals(expectedEvent, mapTopicToEvent(inputTopic));
@@ -35,11 +35,11 @@ public void testMapTopicToEvent_unrecognizedTopic() {
 
   @ParameterizedTest
   @CsvSource({
-    "TST_CONTENTION_BIE_CONTENTION_ASSOCIATED_TO_CLAIM_V02, bie-events-contention-associated-to-claim",
-    "TST_CONTENTION_BIE_CONTENTION_UPDATED_V02, bie-events-contention-updated",
-    "TST_CONTENTION_BIE_CONTENTION_CLASSIFIED_V02, bie-events-contention-classified",
-    "TST_CONTENTION_BIE_CONTENTION_COMPLETED_V02, bie-events-contention-completed",
-    "TST_CONTENTION_BIE_CONTENTION_DELETED_V02, bie-events-contention-deleted"
+    "BIA_SERVICES_BIE_CATALOG_TST_CONTENTION_ASSOCIATED_TO_CLAIM_V02, bie-events-contention-associated-to-claim",
+    "BIA_SERVICES_BIE_CATALOG_TST_CONTENTION_UPDATED_V02, bie-events-contention-updated",
+    "BIA_SERVICES_BIE_CATALOG_TST_CONTENTION_CLASSIFIED_V02, bie-events-contention-classified",
+    "BIA_SERVICES_BIE_CATALOG_TST_CONTENTION_COMPLETED_V02, bie-events-contention-completed",
+    "BIA_SERVICES_BIE_CATALOG_TST_CONTENTION_DELETED_V02, bie-events-contention-deleted"
   })
   public void testGenerateRabbitMQChannelName_channelNames(String inputTopic, String bieChannel) {
     assertEquals(bieChannel, ContentionEvent.rabbitMqExchangeName(inputTopic));
-Original file line number
+Diff line change
@@ -1,4 +1,3 @@
     spring:
       kafka:
         # To prevent java.net.UnknownHostException mock-bie-kafka, use mock Kafka's 'EXTERNAL' port 9094
@@ Expand Down @@