From 740d4acf657dbb1d8368c409bfaefcd4b839f95b Mon Sep 17 00:00:00 2001 From: mikebrownccd <104495891+mikebrownccd@users.noreply.github.com> Date: Wed, 13 Nov 2024 16:26:27 +0000 Subject: [PATCH 1/8] CME-121 Database monitoring and alerting on AM repositories - Unsync ITHC (#2379) --- Jenkinsfile_CNP | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile_CNP b/Jenkinsfile_CNP index 82e782eb5d..82cc01bce8 100644 --- a/Jenkinsfile_CNP +++ b/Jenkinsfile_CNP @@ -54,7 +54,7 @@ def secrets = [ ] // Configure branches to sync with master branch -def branchesToSync = ['demo', 'perftest', 'ithc'] +def branchesToSync = ['demo', 'perftest'] // Vars needed for functional and smoke tests to run against AKS env.IDAM_URL = "https://idam-api.aat.platform.hmcts.net" From 812809673f8ae1a0082eef3a0e2d131f3043782d Mon Sep 17 00:00:00 2001 From: Matt Nayler <57350764+mattnayler@users.noreply.github.com> Date: Mon, 18 Nov 2024 17:01:15 +0000 Subject: [PATCH 2/8] DTSAM-611 Fix RAS FTA issue with XUI S2S token (#2385) [DTSAM-611](https://tools.hmcts.net/jira/browse/DTSAM-611) Refactor S2S token secrets and environment variables used in FTAs. --- Jenkinsfile_CNP | 13 ++--- Jenkinsfile_nightly | 14 ++--- .../RoleAssignmentTestAutomationAdapter.java | 55 ++++--------------- 3 files changed, 23 insertions(+), 59 deletions(-) diff --git a/Jenkinsfile_CNP b/Jenkinsfile_CNP index 82cc01bce8..34efa9e087 100644 --- a/Jenkinsfile_CNP +++ b/Jenkinsfile_CNP @@ -35,7 +35,9 @@ def secrets = [ 's2s-${env}': [ secret('microservicekey-am-role-assignment-service', 'AM_ROLE_ASSIGNMENT_SERVICE_SECRET'), secret('microservicekey-am-role-assignment-service', 'BEFTA_S2S_CLIENT_SECRET'), - secret('microservicekey-am-org-role-mapping-service', 'AM_ORG_S2S_SECRET') + secret('microservicekey-am-org-role-mapping-service', 'BEFTA_S2S_CLIENT_SECRET_OF_AM_ORG_ROLE_MAPPING_SERVICE'), + secret('microservicekey-ccd-data', 'BEFTA_S2S_CLIENT_SECRET_OF_CCD_DATA'), + secret('microservicekey-xui-webapp', 'BEFTA_S2S_CLIENT_SECRET_OF_XUI_WEBAPP') ], 'am-${env}': [ secret('role-assignment-service-IDAM-CLIENT-SECRET', 'ROLE_ASSIGNMENT_IDAM_CLIENT_SECRET'), @@ -44,12 +46,6 @@ def secrets = [ secret('test-am-user2-befta-pwd', 'TEST_AM_USER2_BEFTA_PWD'), secret('test-am-user3-befta-pwd', 'TEST_AM_USER3_BEFTA_PWD'), secret('role-assignment-service-IDAM-CLIENT-SECRET', 'OAUTH2_CLIENT_SECRET') - ], - 'ccd-${env}': [ - secret('ccd-data-s2s-secret', 'CCD_DATA_S2S_SECRET') - ], - 'rpx-${env}': [ - secret('xui-webapp', 'XUI_WEBAPP_S2S_SECRET') ] ] @@ -64,6 +60,9 @@ env.DEFINITION_STORE_HOST = "http://ccd-definition-store-api-aat.service.core-co env.DEFINITION_STORE_URL_BASE = "http://ccd-definition-store-api-aat.service.core-compute-aat.internal" env.CCD_DATA_STORE_URL = "http://ccd-data-store-api-aat.service.core-compute-aat.internal" env.BEFTA_S2S_CLIENT_ID = "am_role_assignment_service" +env.BEFTA_S2S_CLIENT_ID_OF_AM_ORG_ROLE_MAPPING_SERVICE = "am_org_role_mapping_service" +env.BEFTA_S2S_CLIENT_ID_OF_CCD_DATA = "ccd_data" +env.BEFTA_S2S_CLIENT_ID_OF_XUI_WEBAPP = "xui_webapp" env.OAUTH2_CLIENT_ID = "am_role_assignment" env.OAUTH2_REDIRECT_URI = "http://am-role-assignment-service-aat.service.core-compute-aat.internal/oauth2redirect" env.OAUTH2_ACCESS_TOKEN_TYPE = "OIDC" diff --git a/Jenkinsfile_nightly b/Jenkinsfile_nightly index f7d13a1dca..3b8d0f7de0 100644 --- a/Jenkinsfile_nightly +++ b/Jenkinsfile_nightly @@ -19,9 +19,12 @@ def component = "role-assignment-service" def secrets = [ 's2s-${env}': [ + secret('microservicekey-am-role-assignment-service', 'AM_ROLE_ASSIGNMENT_SERVICE_SECRET'), secret('microservicekey-am-role-assignment-service', 'BEFTA_S2S_CLIENT_SECRET'), secret('microservicekey-am-role-assignment-service', 'S2S_SECRET'), - secret('microservicekey-am-org-role-mapping-service', 'AM_ORG_S2S_SECRET') + secret('microservicekey-am-org-role-mapping-service', 'BEFTA_S2S_CLIENT_SECRET_OF_AM_ORG_ROLE_MAPPING_SERVICE'), + secret('microservicekey-ccd-data', 'BEFTA_S2S_CLIENT_SECRET_OF_CCD_DATA'), + secret('microservicekey-xui-webapp', 'BEFTA_S2S_CLIENT_SECRET_OF_XUI_WEBAPP') ], 'am-${env}': [ secret('role-assignment-service-IDAM-CLIENT-SECRET', 'ROLE_ASSIGNMENT_IDAM_CLIENT_SECRET'), @@ -30,12 +33,6 @@ def secrets = [ secret('test-am-user2-befta-pwd', 'TEST_AM_USER2_BEFTA_PWD'), secret('test-am-user3-befta-pwd', 'TEST_AM_USER3_BEFTA_PWD'), secret('role-assignment-service-IDAM-CLIENT-SECRET', 'OAUTH2_CLIENT_SECRET') - ], - 'ccd-${env}': [ - secret('ccd-data-s2s-secret', 'CCD_DATA_S2S_SECRET') - ], - 'rpx-${env}': [ - secret('xui-webapp', 'XUI_WEBAPP_S2S_SECRET') ] ] @@ -70,6 +67,9 @@ withNightlyPipeline(type, product, component) { env.S2S_URL = "http://rpe-service-auth-provider-aat.service.core-compute-aat.internal" env.S2S_URL_BASE = "http://rpe-service-auth-provider-aat.service.core-compute-aat.internal" env.BEFTA_S2S_CLIENT_ID = "am_role_assignment_service" + env.BEFTA_S2S_CLIENT_ID_OF_AM_ORG_ROLE_MAPPING_SERVICE = "am_org_role_mapping_service" + env.BEFTA_S2S_CLIENT_ID_OF_CCD_DATA = "ccd_data" + env.BEFTA_S2S_CLIENT_ID_OF_XUI_WEBAPP = "xui_webapp" env.DEFINITION_STORE_HOST = "http://ccd-definition-store-api-aat.service.core-compute-aat.internal" env.DEFINITION_STORE_URL_BASE = "http://ccd-definition-store-api-aat.service.core-compute-aat.internal" env.CCD_DATA_STORE_URL = "http://ccd-data-store-api-aat.service.core-compute-aat.internal" diff --git a/src/functionalTest/java/uk/gov/hmcts/reform/roleassignment/befta/RoleAssignmentTestAutomationAdapter.java b/src/functionalTest/java/uk/gov/hmcts/reform/roleassignment/befta/RoleAssignmentTestAutomationAdapter.java index 54f1dc77ed..82ee2d4916 100644 --- a/src/functionalTest/java/uk/gov/hmcts/reform/roleassignment/befta/RoleAssignmentTestAutomationAdapter.java +++ b/src/functionalTest/java/uk/gov/hmcts/reform/roleassignment/befta/RoleAssignmentTestAutomationAdapter.java @@ -3,9 +3,6 @@ import lombok.extern.slf4j.Slf4j; import uk.gov.hmcts.befta.DefaultTestAutomationAdapter; import uk.gov.hmcts.befta.player.BackEndFunctionalTestScenarioContext; -import uk.gov.hmcts.reform.roleassignment.befta.utils.TokenUtils; -import uk.gov.hmcts.reform.roleassignment.befta.utils.UserTokenProviderConfig; -import uk.gov.hmcts.reform.roleassignment.util.EnvironmentVariableUtils; import java.time.LocalDate; import java.util.Date; @@ -17,25 +14,16 @@ public class RoleAssignmentTestAutomationAdapter extends DefaultTestAutomationAd @Override public Object calculateCustomValue(BackEndFunctionalTestScenarioContext scenarioContext, Object key) { - //the docAMUrl is is referring the self link in PR - switch (key.toString()) { - case ("generateUUID"): - return UUID.randomUUID(); - case ("generateCaseId"): - return generateCaseId(); - case ("generateS2STokenForCcd"): - return new TokenUtils().generateServiceToken(buildCcdSpecificConfig()); - case ("generateS2STokenForXui"): - return new TokenUtils().generateServiceToken(buildXuiSpecificConfig()); - case ("generateS2STokenForOrm"): - return new TokenUtils().generateServiceToken(buildOrmSpecificConfig()); - case ("tomorrow"): - return LocalDate.now().plusDays(1); - case ("today"): - return LocalDate.now(); - default: - return super.calculateCustomValue(scenarioContext, key); - } + return switch (key.toString()) { + case ("generateUUID") -> UUID.randomUUID(); + case ("generateCaseId") -> generateCaseId(); + case ("generateS2STokenForCcd") -> super.getNewS2SToken("ccd_data"); + case ("generateS2STokenForOrm") -> super.getNewS2SToken("am_org_role_mapping_service"); + case ("generateS2STokenForXui") -> super.getNewS2SToken("xui_webapp"); + case ("tomorrow") -> LocalDate.now().plusDays(1); + case ("today") -> LocalDate.now(); + default -> super.calculateCustomValue(scenarioContext, key); + }; } private Object generateCaseId() { @@ -44,27 +32,4 @@ private Object generateCaseId() { return time + ("0000000000000000".substring(time.length())); } - private UserTokenProviderConfig buildCcdSpecificConfig() { - UserTokenProviderConfig config = new UserTokenProviderConfig(); - config.setMicroService("ccd_data"); - config.setSecret(System.getenv("CCD_DATA_S2S_SECRET")); - config.setS2sUrl(EnvironmentVariableUtils.getRequiredVariable("IDAM_S2S_URL")); - return config; - } - - private UserTokenProviderConfig buildXuiSpecificConfig() { - UserTokenProviderConfig config = new UserTokenProviderConfig(); - config.setMicroService("xui_webapp"); - config.setSecret(System.getenv("XUI_WEBAPP_S2S_SECRET")); - config.setS2sUrl(EnvironmentVariableUtils.getRequiredVariable("IDAM_S2S_URL")); - return config; - } - - private UserTokenProviderConfig buildOrmSpecificConfig() { - UserTokenProviderConfig config = new UserTokenProviderConfig(); - config.setMicroService("am_org_role_mapping_service"); - config.setSecret(System.getenv("AM_ORG_S2S_SECRET")); - config.setS2sUrl(EnvironmentVariableUtils.getRequiredVariable("IDAM_S2S_URL")); - return config; - } } From 683f8db55a52ff5a3f4cfa6dc64c582a3f6e83d8 Mon Sep 17 00:00:00 2001 From: mikebrownccd <104495891+mikebrownccd@users.noreply.github.com> Date: Tue, 19 Nov 2024 11:22:30 +0000 Subject: [PATCH 3/8] DTSAM-571 Audit byPassOrgDroolRule when receiving ORG roles from ORM (#2364) * DTSAM-571 Audit byPassOrgDroolRule when receiving ORG roles from ORM * process included in log * () added to log properties * do not log if client id = am_org_role_mapping_service * not ORM log filter fixed by using .equals() * logging made null safe * FTAs with ref S-*_Org_Role_Creation added ORM request header to remove from the KQL report * ServiceAuthorization header moved to Test_Data_Base file * ServiceAuthorization header added to requests in common dir --- .../features/F-001/F-001_Test_Data_Base.td.json | 7 ++++++- .../features/F-002/F-002_Test_Data_Base.td.json | 7 ++++++- .../features/F-003/F-003_Test_Data_Base.td.json | 7 ++++++- .../features/F-005/F-005_Test_Data_Base.td.json | 7 ++++++- .../features/F-006/F-006_Test_Data_Base.td.json | 7 ++++++- .../features/F-007/F-007_Test_Data_Base.td.json | 7 ++++++- .../features/F-008/F-008_Test_Data_Base.td.json | 7 ++++++- .../features/F-009/F-009_Test_Data_Base.td.json | 7 ++++++- .../F-010/F-010_Test_Data_Base-Create.td.json | 7 ++++++- .../features/F-010/F-010_Test_Data_Base.td.json | 7 ++++++- .../features/F-011/F-011_Test_Data_Base.td.json | 7 ++++++- .../features/F-012/F-012_Test_Data_Base.td.json | 7 ++++++- .../features/F-013/F-013_Test_Data_Base.td.json | 7 ++++++- .../features/F-014/F-014_Test_Data_Base.td.json | 7 ++++++- .../features/F-015/F-015_Test_Data_Base.td.json | 7 ++++++- .../features/F-016/F-016_Test_Data_Base.td.json | 7 ++++++- .../features/F-017/F-017_Test_Data_Base.td.json | 7 ++++++- .../F-017/F-017_Test_Data_Base_Get.td.json | 7 ++++++- .../features/F-018/F-018_Test_Data_Base.td.json | 7 ++++++- .../CreationDataBaseForRoleAssignment.td.json | 2 +- .../CreationDataForRoleAssignment.td.json | 3 +++ .../common/DeleteDataForRoleAssignments.td.json | 2 +- .../service/common/ValidationModelService.java | 9 ++++++++- .../core/organisational-role-mapping-common.drl | 17 +++++++++++++++++ 24 files changed, 144 insertions(+), 22 deletions(-) diff --git a/src/functionalTest/resources/features/F-001/F-001_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-001/F-001_Test_Data_Base.td.json index 33098b2658..8580eeb4bb 100644 --- a/src/functionalTest/resources/features/F-001/F-001_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-001/F-001_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-002/F-002_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-002/F-002_Test_Data_Base.td.json index afcf86c335..47ea2b18dd 100644 --- a/src/functionalTest/resources/features/F-002/F-002_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-002/F-002_Test_Data_Base.td.json @@ -5,5 +5,10 @@ "specs": [ "an active IDAM profile with full permissions" ], - "method": "DELETE" + "method": "DELETE", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-003/F-003_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-003/F-003_Test_Data_Base.td.json index 9875edf550..12e282e9e6 100644 --- a/src/functionalTest/resources/features/F-003/F-003_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-003/F-003_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "uri": "/am/role-assignments/{assignmentId}", "specs": [ "an active IDAM profile with full permissions" - ] + ], + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-005/F-005_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-005/F-005_Test_Data_Base.td.json index 1f5ec6a699..d7c997a2d0 100644 --- a/src/functionalTest/resources/features/F-005/F-005_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-005/F-005_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "GET", - "uri": "/am/role-assignments/actors/{actorId}" + "uri": "/am/role-assignments/actors/{actorId}", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-006/F-006_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-006/F-006_Test_Data_Base.td.json index 10fa9ebdc3..f8811ef5f2 100644 --- a/src/functionalTest/resources/features/F-006/F-006_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-006/F-006_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "/am/role-assignments/query" + "uri": "/am/role-assignments/query", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-007/F-007_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-007/F-007_Test_Data_Base.td.json index eb77f26a85..9159506870 100644 --- a/src/functionalTest/resources/features/F-007/F-007_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-007/F-007_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "GET", - "uri": "am/role-assignments/roles" + "uri": "am/role-assignments/roles", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-008/F-008_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-008/F-008_Test_Data_Base.td.json index 487e39ecac..447dcc726d 100644 --- a/src/functionalTest/resources/features/F-008/F-008_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-008/F-008_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-009/F-009_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-009/F-009_Test_Data_Base.td.json index f9e7401fb9..583e85836b 100644 --- a/src/functionalTest/resources/features/F-009/F-009_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-009/F-009_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "/am/role-assignments/query" + "uri": "/am/role-assignments/query", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-010/F-010_Test_Data_Base-Create.td.json b/src/functionalTest/resources/features/F-010/F-010_Test_Data_Base-Create.td.json index ca9d851e63..a2ede3d2d7 100644 --- a/src/functionalTest/resources/features/F-010/F-010_Test_Data_Base-Create.td.json +++ b/src/functionalTest/resources/features/F-010/F-010_Test_Data_Base-Create.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-010/F-010_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-010/F-010_Test_Data_Base.td.json index b64b1e0aad..c4cb1d07da 100644 --- a/src/functionalTest/resources/features/F-010/F-010_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-010/F-010_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "/am/role-assignments/query/delete" + "uri": "/am/role-assignments/query/delete", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-011/F-011_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-011/F-011_Test_Data_Base.td.json index 7784e2b5f8..824c1688e5 100644 --- a/src/functionalTest/resources/features/F-011/F-011_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-011/F-011_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-012/F-012_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-012/F-012_Test_Data_Base.td.json index 2a7c695d8c..57d24ee24d 100644 --- a/src/functionalTest/resources/features/F-012/F-012_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-012/F-012_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-013/F-013_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-013/F-013_Test_Data_Base.td.json index f92401aff3..fe59d522cb 100644 --- a/src/functionalTest/resources/features/F-013/F-013_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-013/F-013_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-014/F-014_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-014/F-014_Test_Data_Base.td.json index 46f4edcb37..b611acf14b 100644 --- a/src/functionalTest/resources/features/F-014/F-014_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-014/F-014_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-015/F-015_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-015/F-015_Test_Data_Base.td.json index d051561657..da1c7d00f6 100644 --- a/src/functionalTest/resources/features/F-015/F-015_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-015/F-015_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-016/F-016_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-016/F-016_Test_Data_Base.td.json index a053eff1df..75404cad7f 100644 --- a/src/functionalTest/resources/features/F-016/F-016_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-016/F-016_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-017/F-017_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-017/F-017_Test_Data_Base.td.json index 0e1210d8b3..ff7830ded7 100644 --- a/src/functionalTest/resources/features/F-017/F-017_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-017/F-017_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-017/F-017_Test_Data_Base_Get.td.json b/src/functionalTest/resources/features/F-017/F-017_Test_Data_Base_Get.td.json index 69259c7b17..f7087c8ddc 100644 --- a/src/functionalTest/resources/features/F-017/F-017_Test_Data_Base_Get.td.json +++ b/src/functionalTest/resources/features/F-017/F-017_Test_Data_Base_Get.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "GET", - "uri": "/am/role-assignments/actors/{actorId}" + "uri": "/am/role-assignments/actors/{actorId}", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/F-018/F-018_Test_Data_Base.td.json b/src/functionalTest/resources/features/F-018/F-018_Test_Data_Base.td.json index 12e4b2a9dd..1b318405c6 100644 --- a/src/functionalTest/resources/features/F-018/F-018_Test_Data_Base.td.json +++ b/src/functionalTest/resources/features/F-018/F-018_Test_Data_Base.td.json @@ -7,5 +7,10 @@ "an active IDAM profile with full permissions" ], "method": "POST", - "uri": "am/role-assignments" + "uri": "am/role-assignments", + "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + } + } } diff --git a/src/functionalTest/resources/features/common/CreationDataBaseForRoleAssignment.td.json b/src/functionalTest/resources/features/common/CreationDataBaseForRoleAssignment.td.json index 702034c959..51add1745b 100644 --- a/src/functionalTest/resources/features/common/CreationDataBaseForRoleAssignment.td.json +++ b/src/functionalTest/resources/features/common/CreationDataBaseForRoleAssignment.td.json @@ -16,7 +16,7 @@ "request": { "headers": { "Authorization": "[[DEFAULT_AUTO_VALUE]]", - "ServiceAuthorization": "[[DEFAULT_AUTO_VALUE]]", + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}", "X-Correlation-ID": "003352d0-e699-48bc-b6f5-5810411e60af", "Content-Type": "application/json" }, diff --git a/src/functionalTest/resources/features/common/CreationDataForRoleAssignment.td.json b/src/functionalTest/resources/features/common/CreationDataForRoleAssignment.td.json index 3067d164ad..fd6b2f15ba 100644 --- a/src/functionalTest/resources/features/common/CreationDataForRoleAssignment.td.json +++ b/src/functionalTest/resources/features/common/CreationDataForRoleAssignment.td.json @@ -2,6 +2,9 @@ "_guid_": "CreationDataForRoleAssignment", "_extends_": "CreationDataBaseForRoleAssignment", "request": { + "headers": { + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}" + }, "body": { "roleRequest": { "reference": "${[scenarioContext][customValues][generateUUID]}", diff --git a/src/functionalTest/resources/features/common/DeleteDataForRoleAssignments.td.json b/src/functionalTest/resources/features/common/DeleteDataForRoleAssignments.td.json index 7edc3c3351..d9eb6373dc 100644 --- a/src/functionalTest/resources/features/common/DeleteDataForRoleAssignments.td.json +++ b/src/functionalTest/resources/features/common/DeleteDataForRoleAssignments.td.json @@ -15,7 +15,7 @@ "request": { "headers": { "Authorization": "[[DEFAULT_AUTO_VALUE]]", - "ServiceAuthorization": "[[DEFAULT_AUTO_VALUE]]", + "ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForOrm]}", "X-Correlation-ID": "003352d0-e699-48bc-b6f5-5810411e60af" }, "pathVariables": { diff --git a/src/main/java/uk/gov/hmcts/reform/roleassignment/domain/service/common/ValidationModelService.java b/src/main/java/uk/gov/hmcts/reform/roleassignment/domain/service/common/ValidationModelService.java index 9bff05d8ea..b7babcf30d 100644 --- a/src/main/java/uk/gov/hmcts/reform/roleassignment/domain/service/common/ValidationModelService.java +++ b/src/main/java/uk/gov/hmcts/reform/roleassignment/domain/service/common/ValidationModelService.java @@ -177,12 +177,19 @@ private void runRulesOnAllRequestedAssignments(AssignmentRequest assignmentReque } /** - * This utility method is used to capture the log in drools. + * This utility method is used to capture the log in drools and log at DEBUG level. */ public static void logMsg(final String message) { log.debug(message); } + /** + * This utility method is used to capture the log in drools and log at INFO level. + */ + public static void logInfoMsg(final String message) { + log.info(message); + } + private void getFlagValuesFromDB(Map droolFlagStates) { for (FeatureFlagEnum featureFlagEnum : FeatureFlagEnum.values()) { Boolean status = persistenceService.getStatusByParam(featureFlagEnum.getValue(), environment); diff --git a/src/main/resources/validationrules/core/organisational-role-mapping-common.drl b/src/main/resources/validationrules/core/organisational-role-mapping-common.drl index 3bc6c01437..1f720b5a1d 100644 --- a/src/main/resources/validationrules/core/organisational-role-mapping-common.drl +++ b/src/main/resources/validationrules/core/organisational-role-mapping-common.drl @@ -7,6 +7,7 @@ import uk.gov.hmcts.reform.roleassignment.domain.model.enums.RequestType; import uk.gov.hmcts.reform.roleassignment.domain.model.enums.RoleCategory; import uk.gov.hmcts.reform.roleassignment.domain.model.enums.RoleType; import function uk.gov.hmcts.reform.roleassignment.domain.service.common.ValidationModelService.logMsg; +import function uk.gov.hmcts.reform.roleassignment.domain.service.common.ValidationModelService.logInfoMsg; /* * Generic rule for validation of roles created by the staff organisational @@ -29,6 +30,14 @@ then $ra.log("Create approved : staff_organisational_role_mapping_service_create"); update($ra); logMsg("Rule : staff_organisational_role_mapping_service_create"); + + if (!"am_org_role_mapping_service".equals($rq.getClientId())) { + logInfoMsg("Rule : staff_organisational_role_mapping_service_create " + + " request id: " + ($rq.getId() != null ? $rq.getId() : "null") + + " clientId: " + ($rq.getClientId() != null ? $rq.getClientId() : "null") + + " process: " + ($rq.getProcess() != null ? $rq.getProcess() : "null") + + " reference: " + ($rq.getReference() != null ? $rq.getReference() : "null")); + } end; /* @@ -50,6 +59,14 @@ then update($ra); logMsg("Rule :: staff_organisational_role_mapping_service_delete"); + + if (!"am_org_role_mapping_service".equals($rq.getClientId())) { + logInfoMsg("Rule : staff_organisational_role_mapping_service_delete " + + " request id: " + ($rq.getId() != null ? $rq.getId() : "null") + + " clientId: " + ($rq.getClientId() != null ? $rq.getClientId() : "null") + + " process: " + ($rq.getProcess() != null ? $rq.getProcess() : "null") + + " reference: " + ($rq.getReference() != null ? $rq.getReference() : "null")); + } end; rule "sscs_system_user_hearings_roles_create" From 7a38104afd09ab562ebeb23eebeccde36b2e017a Mon Sep 17 00:00:00 2001 From: mikebrownccd <104495891+mikebrownccd@users.noreply.github.com> Date: Tue, 19 Nov 2024 11:46:14 +0000 Subject: [PATCH 4/8] DTSAM-572 Audit use of case-allocator rules for CCD case-roles (#2365) * DTSAM-571 Audit byPassOrgDroolRule when receiving ORG roles from ORM * process included in log * () added to log properties * do not log if client id = am_org_role_mapping_service * not ORM log filter fixed by using .equals() * DTSAM-572 Audit use of case-allocator rules for CCD case-roles - conditional logInfoMsg() added * temp removal of conditional for report dev in aat * temp removal of conditional for report dev in aat * space added to log * logging made null safe * RoleCategory filter uncommented * logging made null safe * FTAs with ref S-*_Org_Role_Creation added ORM request header to remove from the KQL report * ServiceAuthorization header moved to Test_Data_Base file * ServiceAuthorization header added to requests in common dir * logged rule corrected to case_allocator_approve_delete_case_role_all_wa_services * RoleCategory comparisons made null safe --- .../core/case-allocator-global.drl | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/main/resources/validationrules/core/case-allocator-global.drl b/src/main/resources/validationrules/core/case-allocator-global.drl index 708311821b..8be7bf54ab 100644 --- a/src/main/resources/validationrules/core/case-allocator-global.drl +++ b/src/main/resources/validationrules/core/case-allocator-global.drl @@ -63,6 +63,20 @@ then $ra.log("Case Allocator approved : case_allocator_approve_create_case_role"); update($ra); logMsg("Rule : case_allocator_approve_create_case_role"); + if (!RoleCategory.LEGAL_OPERATIONS.equals($ra.getRoleCategory()) && + !RoleCategory.JUDICIAL.equals($ra.getRoleCategory()) && + !RoleCategory.ADMIN.equals($ra.getRoleCategory()) && + !RoleCategory.OTHER_GOV_DEPT.equals($ra.getRoleCategory()) && + !RoleCategory.CTSC.equals($ra.getRoleCategory())) { + logInfoMsg("Rule : case_allocator_approve_create_case_role" + + " request id: " + ($rq.getId() != null ? $rq.getId() : "null") + + " clientId: " + ($rq.getClientId() != null ? $rq.getClientId() : "null") + + " process: " + ($rq.getProcess() != null ? $rq.getProcess() : "null") + + " reference: " + ($rq.getReference() != null ? $rq.getReference() : "null") + + " roleCategory: " + ($ra.getRoleCategory() != null ? $ra.getRoleCategory() : "null") + + " roleName: " + ($ra.getRoleName() != null ? $ra.getRoleName() : "null") + + " jurisdiction: " + ($c.getJurisdiction() != null ? $c.getJurisdiction() : "null")); + } end; /* @@ -118,4 +132,18 @@ then $ra.log("Case Allocator approved : case_allocator_approve_delete_case_role_all_wa_services"); update($ra); logMsg("Rule : case_allocator_approve_delete_case_role_all_wa_services"); + if (!RoleCategory.LEGAL_OPERATIONS.equals($ra.getRoleCategory()) && + !RoleCategory.JUDICIAL.equals($ra.getRoleCategory()) && + !RoleCategory.ADMIN.equals($ra.getRoleCategory()) && + !RoleCategory.OTHER_GOV_DEPT.equals($ra.getRoleCategory()) && + !RoleCategory.CTSC.equals($ra.getRoleCategory())) { + logInfoMsg("Rule : case_allocator_approve_delete_case_role_all_wa_services" + + " request id: " + ($rq.getId() != null ? $rq.getId() : "null") + + " clientId: " + ($rq.getClientId() != null ? $rq.getClientId() : "null") + + " process: " + ($rq.getProcess() != null ? $rq.getProcess() : "null") + + " reference: " + ($rq.getReference() != null ? $rq.getReference() : "null") + + " roleCategory: " + ($ra.getRoleCategory() != null ? $ra.getRoleCategory() : "null") + + " roleName: " + ($ra.getRoleName() != null ? $ra.getRoleName() : "null") + + " jurisdiction: " + ($c.getJurisdiction() != null ? $c.getJurisdiction() : "null")); + } end; From a949d45751a93adbd72da8975ed3e37ddbd36272 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 16:04:25 +0000 Subject: [PATCH 5/8] Renovate Combined Pull Request (#2382) * Update dependency org.pitest:pitest to v1.17.1 * Update versions.tomcat to v9.0.97 * DTSAM-610 Renovate review W/C 2024-11-18 - pitest reverted 1.17.1 -> 1.17.0 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions Co-authored-by: Mike Brown Co-authored-by: mikebrownccd <104495891+mikebrownccd@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 7257ff09b1..2ad6d0dda1 100644 --- a/build.gradle +++ b/build.gradle @@ -51,7 +51,7 @@ def versions = [ springSecurity : '5.7.11', springHystrix : '2.1.1.RELEASE', swagger2Version: '2.10.5', - tomcat : '9.0.96', + tomcat : '9.0.97', pact_version : '4.1.7', rest_assured : '3.3.0', cucumber : '5.7.0', From e6d5f7dd7a4e7983152c7c4b8ad7ee282997c3e4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:28:11 +0000 Subject: [PATCH 6/8] Renovate Combined Pull Request (#2390) * Update dependency org.projectlombok:lombok to v1.18.36 * Update Terraform azurerm to ~> 3.117.0 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions --- build.gradle | 2 +- infrastructure/terraform.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 2ad6d0dda1..0f49c24bf0 100644 --- a/build.gradle +++ b/build.gradle @@ -39,7 +39,7 @@ ext['snakeyaml.version'] = '2.0' def versions = [ junit : '5.9.0', - lombok : '1.18.34', + lombok : '1.18.36', gradlePitest : '1.3.0', pitest : '1.17.0', reformLogging : '6.1.7', diff --git a/infrastructure/terraform.tf b/infrastructure/terraform.tf index 2e1befc382..558fcbab26 100644 --- a/infrastructure/terraform.tf +++ b/infrastructure/terraform.tf @@ -19,7 +19,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 3.116.0" + version = "~> 3.117.0" } azuread = { source = "hashicorp/azuread" From 5b735d86e0ca7ff72b63a07e014289e33216cf2f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:39:18 +0000 Subject: [PATCH 7/8] Update dependency com.nimbusds:nimbus-jose-jwt to v9.47 (#2394) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 0f49c24bf0..0f2b419a79 100644 --- a/build.gradle +++ b/build.gradle @@ -458,7 +458,7 @@ dependencies { implementation group: 'org.hibernate', name: 'hibernate-core', version: '5.6.15.Final' implementation group: 'com.github.ben-manes.caffeine', name: 'caffeine', version: '3.1.8' implementation group: 'org.postgresql', name: 'postgresql', version: '42.7.4' - implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.41.2' + implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.47' implementation group: 'io.jsonwebtoken', name: 'jjwt', version: '0.9.1' implementation group: 'commons-io', name:'commons-io', version: '2.16.1' implementation group: 'org.apache.commons', name: 'commons-compress', version: '1.27.1' From 0f4140ef5a5a1d96afde28c4eabb89fb134b577c Mon Sep 17 00:00:00 2001 From: "Kiran.Yenigala" Date: Fri, 6 Dec 2024 12:37:12 +0000 Subject: [PATCH 8/8] CME-121: Change window size and frequency --- infrastructure/variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index da0a4d3b12..dae340f2f0 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -99,19 +99,19 @@ variable "action_group_name" { } variable "cpu_threshold" { - default = 7 + default = 5 type = number description = "Average CPU utilisation threshold" } variable "memory_threshold" { - default = 9 + default = 7 type = number description = "Average memory utilisation threshold" } variable "storage_threshold" { - default = 1 + default = 2 type = number description = "Average storage utilisation threshold" }