chore(regulations-admin): Update national registry for regulations

[thordurhhh]

What

For regulations:
Remove national registry v2.
Add national registry v3.

Why

Updates.

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

• New Features

  • Introduced new environment variables for the National Registry B2C integration, enhancing capabilities for user authentication and data retrieval.
  • Transitioned away from X-Road configurations, streamlining backend interactions.

• Bug Fixes

  • Adjusted configurations to ensure seamless integration with the National Registry services.

• Documentation

  • Updated configurations to reflect the new B2C integration and its functionalities.

[coderabbitai]

Walkthrough

The changes involve updates to the environment variable configurations for the regulations-admin-backend application, specifically transitioning from X-Road services to National Registry B2C integration. New environment variables such as NATIONAL_REGISTRY_B2C_CLIENT_ID, NATIONAL_REGISTRY_B2C_ENDPOINT, NATIONAL_REGISTRY_B2C_PATH, and NATIONAL_REGISTRY_B2C_SCOPE have been added, while several X-Road related variables have been removed across development, production, and staging configurations.

Changes

Files	Change Summary
charts/islandis/values.dev.yaml, charts/islandis/values.prod.yaml, charts/islandis/values.staging.yaml	Added new environment variables for National Registry B2C integration and removed old X-Road variables.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant RegulationsAdminBackend
    participant NationalRegistryB2C

    Client->>RegulationsAdminBackend: Request data
    RegulationsAdminBackend->>NationalRegistryB2C: Authenticate and retrieve data
    NationalRegistryB2C-->>RegulationsAdminBackend: Return data
    RegulationsAdminBackend-->>Client: Provide data

Loading

Possibly related PRs

• fix(auth-admin-api): Add missing xroad config to auth admin api #15988: This PR adds missing X-Road configuration variables to the auth admin API, which is directly related to the changes in the main PR that also involve modifications to environment variables for X-Road services.
• fix(auth-admin-api): Add missing env #15991: This PR introduces a new environment variable, IDENTITY_SERVER_CLIENT_ID, to the auth admin API, which aligns with the main PR's focus on adding and modifying environment variables for backend configurations.

Tip

OpenAI O1 model for chat

• We have deployed OpenAI's latest O1 model for chat.
• OpenAI claims that this model has superior reasoning capabilities than their GPT-4o model.
• Please share any feedback with us in the discussions post.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 36.84%. Comparing base (a811680) to head (c4720ab).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #15995   +/-   ##
=======================================
  Coverage   36.84%   36.84%           
=======================================
  Files        6718     6718           
  Lines      137732   137732           
  Branches    39159    39159           
=======================================
  Hits        50753    50753           
  Misses      86979    86979           

Flag	Coverage Δ
air-discount-scheme-web	0.00% <ø> (ø)
api	3.39% <ø> (ø)
application-api-files	57.46% <ø> (ø)
application-core	72.25% <ø> (-0.09%)	⬇️
application-system-api	41.67% <ø> (ø)
application-template-api-modules	23.44% <ø> (-0.02%)	⬇️
application-templates-accident-notification	22.26% <ø> (ø)
application-templates-car-recycling	3.12% <ø> (ø)
application-templates-criminal-record	26.96% <ø> (ø)
application-templates-driving-license	18.75% <ø> (ø)
application-templates-estate	12.55% <ø> (ø)
application-templates-example-payment	25.72% <ø> (ø)
application-templates-financial-aid	14.39% <ø> (ø)
application-templates-general-petition	23.95% <ø> (ø)
application-templates-health-insurance	26.88% <ø> (ø)
application-templates-inheritance-report	6.45% <ø> (ø)
application-templates-marriage-conditions	15.35% <ø> (ø)
application-templates-mortgage-certificate	44.15% <ø> (ø)
application-templates-parental-leave	29.31% <ø> (ø)
application-types	6.74% <ø> (ø)
application-ui-components	1.52% <ø> (ø)
application-ui-shell	21.74% <ø> (ø)
clients-charge-fjs-v2	24.11% <ø> (ø)
download-service	44.55% <ø> (ø)
judicial-system-web	28.71% <ø> (ø)
web	1.85% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a811680...c4720ab. Read the comment docs.

[datadog-island-is]

Datadog Report

All test runs 3477430 🔗

✅ 23 Total Test Services: 0 Failed, 23 Passed
🔻 Test Sessions change in coverage: 1 decreased (-0.11%), 94 no change

Test Services

This report shows up to 10 services

Service Name	Failed	Known Flaky	New Flaky	Passed	Skipped	Total Time	Code Coverage Change	Test Service View
air-discount-scheme-web	0	0	0	2	0	8.92s	1 no change	Link
api	0	0	0	4	0	2.97s	1 no change	Link
application-api-files	0	0	0	12	0	6.2s	1 no change	Link
application-core	0	0	0	90	0	19.52s	1 decreased (-0.11%)	Link
application-system-api	0	0	0	111	2	3m 34.09s	1 no change	Link
application-template-api-modules	0	0	0	109	0	1m 48.37s	1 no change	Link
application-templates-accident-notification	0	0	0	98	0	21.61s	1 no change	Link
application-templates-criminal-record	0	0	0	2	0	11.1s	1 no change	Link
application-templates-driving-license	0	0	0	13	0	16.45s	1 no change	Link
application-templates-example-payment	0	0	0	2	0	11.26s	1 no change	Link

🔻 Code Coverage Decreases vs Default Branch (1)

• application-core - jest 79.56% (-0.11%) - Details

[disaerna]

🕺🏼

[coderabbitai]

Actionable comments posted: 2

Outside diff range and nitpick comments (1)

apps/services/regulations-admin-backend/infra/regulations-admin-backend.ts (1)

32-33: Ensure secure storage and access of the client secret.

The addition of NATIONAL_REGISTRY_B2C_CLIENT_SECRET to the API endpoints looks good. It indicates that the service will be authenticating with the national registry using a client secret.

Please ensure that the client secret is securely stored and accessed. Consider the following best practices:

• Store the client secret in a secure vault or secrets manager.
• Rotate the client secret regularly.
• Limit access to the client secret to only the necessary services and personnel.

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 3de648f and c0b2135.

Files selected for processing (5)

• apps/services/regulations-admin-backend/infra/regulations-admin-backend.ts (2 hunks)
• apps/services/regulations-admin-backend/src/app/modules/draft_regulation/draft_regulation.service.ts (3 hunks)
• charts/islandis/values.dev.yaml (2 hunks)
• charts/islandis/values.prod.yaml (2 hunks)
• charts/islandis/values.staging.yaml (2 hunks)

Files skipped from review as they are similar to previous changes (1)

• apps/services/regulations-admin-backend/src/app/modules/draft_regulation/draft_regulation.service.ts

Additional context used

Path-based instructions (1)

apps/services/regulations-admin-backend/infra/regulations-admin-backend.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

Gitleaks

charts/islandis/values.staging.yaml

1609-1609: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

charts/islandis/values.prod.yaml

1735-1735: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

charts/islandis/values.dev.yaml

1867-1867: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Additional comments not posted (6)

charts/islandis/values.staging.yaml (2)

1609-1612: LGTM!

The additions for the National Registry B2C integration look good. Note that the static analysis hint about NATIONAL_REGISTRY_B2C_CLIENT_ID being a generic API key is likely a false positive, as client IDs are typically not considered sensitive.

Tools

Gitleaks

1609-1609: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1685-1685: LGTM!

Storing the NATIONAL_REGISTRY_B2C_CLIENT_SECRET as a Kubernetes secret is the correct way to handle this sensitive value.

charts/islandis/values.prod.yaml (4)

1735-1735: The static analysis hint for a generic API key is a false positive. This is a client ID for a specific service which is fine to be present in the prod config file.

Tools

Gitleaks

1735-1735: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1736-1738: The new National Registry B2C config values look good!

The added environment variables specify the correct public endpoints, path and scope needed for the app to integrate with the National Registry B2C API in production. No secrets are exposed.

---

1811-1811: Good practice of providing the client secret via a Kubernetes secret!

Instead of putting the sensitive client secret value directly in the config file, it is correctly referenced from a pre-configured Kubernetes secret at path /k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET. This follows the best practice for keeping secrets out of source control.

---

1735-1738: Code in lines 1736-1738 was already reviewed and approved in a previous comment.

Tools

Gitleaks

1735-1735: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

[robertaandersen]

LGTM

[coderabbitai]

Actionable comments posted: 2

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between c0b2135 and c4720ab.

Files selected for processing (3)

• charts/islandis/values.dev.yaml (2 hunks)
• charts/islandis/values.prod.yaml (2 hunks)
• charts/islandis/values.staging.yaml (2 hunks)

Additional context used

Gitleaks

charts/islandis/values.staging.yaml

1610-1610: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

charts/islandis/values.prod.yaml

1736-1736: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

charts/islandis/values.dev.yaml

1868-1868: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Additional comments not posted (5)

charts/islandis/values.staging.yaml (1)

1686-1686: LGTM! Using a Kubernetes secret for the sensitive client secret is the way to go.

Referencing the secret via the Kubernetes secret path ensures the sensitive value is not exposed in the config file. This is a secure approach. Good job!

charts/islandis/values.prod.yaml (2)

1736-1739: LGTM!

The added environment variables for National Registry B2C integration look good. The NATIONAL_REGISTRY_B2C_CLIENT_ID has the correct UUID format for a client ID.

Tools

Gitleaks

1736-1736: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1812-1812: Good security practice!

Securely storing the NATIONAL_REGISTRY_B2C_CLIENT_SECRET in Kubernetes secrets is the right approach.

charts/islandis/values.dev.yaml (2)

1869-1871: LGTM!

The addition of the NATIONAL_REGISTRY_B2C_ENDPOINT, NATIONAL_REGISTRY_B2C_PATH and NATIONAL_REGISTRY_B2C_SCOPE environment variables for integrating with the National Registry B2C services looks good.

---

1944-1944: Excellent!

Storing the NATIONAL_REGISTRY_B2C_CLIENT_SECRET in Kubernetes secrets and referencing it via an environment variable is the secure way to handle secrets.

Please also make sure to update the NATIONAL_REGISTRY_B2C_CLIENT_ID to follow this same pattern as suggested in the previous comment.