feat: Parameter Store 기반 설정 관리 전환 및 loadtest 프로필 추가 (#670)

lsy1307 · web-flow · commit 61aba25c04b2 · 2026-03-03T17:16:30.000+09:00
* feat: Parameter Store 설정 전환

- secret 서브모듈 제거 및 설정 파일 분리

- 프로필별 Parameter Store import와 loadtest 프로필 추가

* feat: Parameter Store 연동 설정 추가

- Spring Cloud AWS Parameter Store 의존성 추가

- config 분리와 profile별 import/loadtest 프로필 설정

* feat: 배포 파이프라인 Parameter Store 대응

- dev/prod workflow에서 submodule checkout 제거

- compose 환경변수에 AWS_REGION 주입

* feat: S3 인증을 IAM Role 체인으로 전환

- 정적 access key/secret key 주입 제거

- DefaultCredentialsProvider 기반 S3Client 구성

* feat: 리뷰 반영 설정 보완

- local 프로필 refresh cookie-domain을 localhost로 수정

- loadtest outbound thread pool에 queue-capacity 추가

* refactor: 환경별 설정 fail-fast 정리

- websocket outbound queue-capacity 누락 보완

- prod/dev/local OAuth redirect-url fallback 제거

- yml placeholder 빈 기본값(:) 제거

- dev CORS admin 도메인 변경 반영

* chore: Parameter Store import를 fail-fast로 전환

- common/local/dev/prod/loadtest aws-parameterstore import에서 optional 제거

* refactor: cloud 설정을 SSM 단일 소스로 정리

- env placeholder(CLOUD_AWS_*) 제거

- cloud.aws.* 값은 /solid-connection/common 경로에서 주입

* refactor: DB/Flyway 설정을 프로퍼티 키 기반으로 정리

- datasource/flyway env placeholder 제거

- prod/dev baseline-on-migrate를 false로 변경

- local 빈 redis 블록 제거

* chore: 공통 변수 설정 보안/컨벤션 정리

- OAuth/JWT/Sentry/News/Loki placeholder 제거

- kakao user-info-url 키를 kebab-case로 통일

- sentry 기본 PII 비활성화 및 prod traces 샘플링 0.1 설정

- dev admin CORS origin 문자열 변경 반영

* fix: dev admin CORS origin trailing slash 제거

* feat: review comments 반영

- loadtest 프로필에 spring.flyway.enabled=false 명시

- test 설정의 kakao user-info 키를 user-info-url로 통일
diff --git a/.github/workflows/dev-cd.yml b/.github/workflows/dev-cd.yml
@@ -19,9 +19,6 @@ jobs:
     steps:
       - name: Checkout the code
         uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.SUBMODULE_ACCESS_TOKEN }}
-          submodules: true
 
       # --- Java, Gradle 설정 ---
       - name: Set up JDK 17
diff --git a/.github/workflows/prod-cd.yml b/.github/workflows/prod-cd.yml
@@ -25,9 +25,6 @@ jobs:
     steps:
       - name: Checkout the code
         uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.SUBMODULE_ACCESS_TOKEN }}
-          submodules: true
 
       # --- Java, Gradle 설정 ---
       - name: Set up JDK 17
diff --git a/.gitmodules b/.gitmodules
diff --git a/build.gradle b/build.gradle
@@ -67,6 +67,7 @@ dependencies {
     // Etc
     implementation platform('software.amazon.awssdk:bom:2.41.4')
     implementation 'software.amazon.awssdk:s3'
+    implementation 'io.awspring.cloud:spring-cloud-aws-starter-parameter-store:3.0.4'
     implementation 'org.hibernate.validator:hibernate-validator'
     implementation 'org.springframework.boot:spring-boot-starter-websocket'
 
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -7,6 +7,7 @@ services:
     network_mode: "host"
     environment:
       - SPRING_PROFILES_ACTIVE=dev
+      - AWS_REGION=ap-northeast-2
       - SPRING_DATA_REDIS_HOST=127.0.0.1
       - SPRING_DATA_REDIS_PORT=6379
     volumes:
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -7,6 +7,7 @@ services:
     network_mode: "host"
     environment:
       - SPRING_PROFILES_ACTIVE=prod
+      - AWS_REGION=ap-northeast-2
       - SPRING_DATA_REDIS_HOST=127.0.0.1
       - SPRING_DATA_REDIS_PORT=6379
     volumes:
diff --git a/src/main/java/com/example/solidconnection/s3/config/AmazonS3Config.java b/src/main/java/com/example/solidconnection/s3/config/AmazonS3Config.java
@@ -3,30 +3,21 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
-import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.s3.S3Client;
 
 @Configuration
 public class AmazonS3Config {
 
-    @Value("${cloud.aws.credentials.access-key}")
-    private String accessKey;
-
-    @Value("${cloud.aws.credentials.secret-key}")
-    private String secretKey;
-
     @Value("${cloud.aws.region.static}")
     private String region;
 
     @Bean
     public S3Client s3Client() {
-        AwsBasicCredentials credentials = AwsBasicCredentials.create(accessKey, secretKey);
-
         return S3Client.builder()
                 .region(Region.of(region))
-                .credentialsProvider(StaticCredentialsProvider.create(credentials))
+                .credentialsProvider(DefaultCredentialsProvider.create())
                 .build();
     }
 }
diff --git a/src/main/resources/application-loadtest.yml b/src/main/resources/application-loadtest.yml
@@ -0,0 +1,32 @@
+spring:
+  config:
+    activate:
+      on-profile: loadtest
+
+  jpa:
+    show-sql: false
+    properties:
+      hibernate:
+        format_sql: false
+
+  datasource:
+    hikari:
+      maximum-pool-size: 50
+      minimum-idle: 20
+
+  flyway:
+    enabled: false
+
+websocket:
+  thread-pool:
+    inbound:
+      core-pool-size: 24
+      max-pool-size: 48
+      queue-capacity: 4000
+    outbound:
+      core-pool-size: 24
+      max-pool-size: 48
+      queue-capacity: 4000
+  heartbeat:
+    server-interval: 10000
+    client-interval: 10000
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -1,9 +1,13 @@
 spring:
+  application:
+    name: solid-connect-server
+
   config:
     import:
-      - classpath:/secret/application-cloud.yml
-      - classpath:/secret/application-db.yml
-      - classpath:/secret/application-variable.yml
+      - optional:classpath:/config/application-cloud.yml
+      - optional:classpath:/config/application-db.yml
+      - optional:classpath:/config/application-variable.yml
+      - aws-parameterstore:/solid-connection/common/
 
   tomcat:
     threads:
@@ -23,3 +27,31 @@ management:
     web:
       exposure:
         include: prometheus
+
+---
+spring:
+  config:
+    activate:
+      on-profile: local
+    import: aws-parameterstore:/solid-connection/local/
+
+---
+spring:
+  config:
+    activate:
+      on-profile: dev
+    import: aws-parameterstore:/solid-connection/dev/
+
+---
+spring:
+  config:
+    activate:
+      on-profile: prod
+    import: aws-parameterstore:/solid-connection/prod/
+
+---
+spring:
+  config:
+    activate:
+      on-profile: loadtest
+    import: aws-parameterstore:/solid-connection/loadtest/
diff --git a/src/main/resources/config/application-cloud.yml b/src/main/resources/config/application-cloud.yml
@@ -0,0 +1,9 @@
+spring:
+  config:
+    activate:
+      on-profile: local, dev, prod, loadtest
+
+cloud:
+  aws:
+    stack:
+      auto: false
diff --git a/src/main/resources/config/application-db.yml b/src/main/resources/config/application-db.yml
@@ -0,0 +1,70 @@
+---
+spring:
+  config:
+    activate:
+      on-profile: prod
+
+  jpa:
+    hibernate:
+      ddl-auto: none
+    generate-ddl: false
+    show-sql: false
+    database: mysql
+    defer-datasource-initialization: false
+
+  datasource:
+    driverClassName: com.mysql.cj.jdbc.Driver
+
+  flyway:
+    enabled: true
+    locations: classpath:db/migration
+    baseline-on-migrate: false
+
+---
+spring:
+  config:
+    activate:
+      on-profile: dev
+
+  jpa:
+    hibernate:
+      ddl-auto: validate
+    generate-ddl: false
+    show-sql: false
+    database: mysql
+    defer-datasource-initialization: false
+
+  datasource:
+    driverClassName: com.mysql.cj.jdbc.Driver
+
+  flyway:
+    enabled: true
+    locations: classpath:db/migration
+    baseline-on-migrate: false
+
+---
+spring:
+  config:
+    activate:
+      on-profile: local
+
+  jpa:
+    hibernate:
+      ddl-auto: create
+    generate-ddl: true
+    show-sql: true
+    database: mysql
+    defer-datasource-initialization: true
+    properties:
+      hibernate:
+        format_sql: true
+
+  sql:
+    init:
+      mode: always
+
+  datasource:
+    driverClassName: com.mysql.cj.jdbc.Driver
+
+  flyway:
+    enabled: false
diff --git a/src/main/resources/config/application-variable.yml b/src/main/resources/config/application-variable.yml
@@ -0,0 +1,154 @@
+view:
+  count:
+    scheduling:
+      delay: 3000
+
+websocket:
+  thread-pool:
+    inbound:
+      core-pool-size: 6
+      max-pool-size: 12
+      queue-capacity: 1000
+    outbound:
+      core-pool-size: 6
+      max-pool-size: 12
+      queue-capacity: 1000
+  heartbeat:
+    server-interval: 15000
+    client-interval: 15000
+
+oauth:
+  apple:
+    token-url: "https://appleid.apple.com/auth/token"
+    client-secret-audience-url: "https://appleid.apple.com"
+    public-key-url: "https://appleid.apple.com/auth/keys"
+  kakao:
+    token-url: "https://kauth.kakao.com/oauth/token"
+    user-info-url: "https://kapi.kakao.com/v2/user/me"
+
+sentry:
+  send-default-pii: false
+  traces-sample-rate: 1.0
+  exception-resolver-order: -2147483647
+
+management:
+  server:
+    port: 8081
+
+token:
+  access:
+    storage-key-prefix: "ACCESS"
+    expire-time: 1h
+  refresh:
+    storage-key-prefix: "REFRESH"
+    expire-time: 90d
+  sign-up:
+    storage-key-prefix: "SIGN_UP"
+    expire-time: 10m
+  black-list:
+    storage-key-prefix: "BLACKLIST"
+    expire-time: 1h
+
+---
+spring:
+  config:
+    activate:
+      on-profile: prod
+
+websocket:
+  thread-pool:
+    inbound:
+      core-pool-size: 16
+      max-pool-size: 32
+      queue-capacity: 2000
+    outbound:
+      core-pool-size: 16
+      max-pool-size: 32
+      queue-capacity: 2000
+  heartbeat:
+    server-interval: 10000
+    client-interval: 10000
+
+cors:
+  allowed-origins:
+    - "https://www.solid-connection.com"
+    - "https://api.solid-connection.com"
+    - "https://admin.solid-connection.com"
+
+sentry:
+  environment: "production"
+  traces-sample-rate: 0.1
+
+token:
+  refresh:
+    cookie-domain: ".solid-connection.com"
+
+---
+spring:
+  config:
+    activate:
+      on-profile: dev
+
+websocket:
+  thread-pool:
+    inbound:
+      core-pool-size: 4
+      max-pool-size: 8
+      queue-capacity: 500
+    outbound:
+      core-pool-size: 4
+      max-pool-size: 8
+      queue-capacity: 500
+  heartbeat:
+    server-interval: 15000
+    client-interval: 15000
+
+cors:
+  allowed-origins:
+    - "https://www.stage.solid-connection.com"
+    - "https://api.stage.solid-connection.com"
+    - "https://www.stage.admins.solid-connection.com"
+    - "http://localhost:3000"
+    - "https://localhost:3000"
+    - "http://localhost:5173"
+
+sentry:
+  environment: "dev"
+
+token:
+  refresh:
+    cookie-domain: ".stage.solid-connection.com"
+
+---
+spring:
+  config:
+    activate:
+      on-profile: local
+
+websocket:
+  thread-pool:
+    inbound:
+      core-pool-size: 4
+      max-pool-size: 8
+      queue-capacity: 500
+    outbound:
+      core-pool-size: 4
+      max-pool-size: 8
+      queue-capacity: 500
+  heartbeat:
+    server-interval: 15000
+    client-interval: 15000
+
+cors:
+  allowed-origins:
+    - "http://localhost:8080"
+    - "http://localhost:3000"
+    - "http://localhost:5173"
+    - "https://localhost:3000"
+
+sentry:
+  environment: "development"
+
+token:
+  refresh:
+    cookie-domain: "localhost"
diff --git a/src/main/resources/secret b/src/main/resources/secret
diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml
