hmcts · Jennings-HMCTS · Jul 14, 2021 · Jul 15, 2021 · Jul 16, 2021 · Jul 16, 2021
diff --git a/Jenkinsfile_CNP b/Jenkinsfile_CNP
@@ -16,11 +16,35 @@ def app = "api"
 // Configure branches to sync with master branch
 def branchesToSync = ['demo', 'ithc', 'perftest']
 
+def vaultOverrides = [
+    'preview': 'aat',
+    'hmctsdemo': 'aat',
+]
+
+def secrets = [
+    'ccpay-${env}': [
+        secret('AppInsightsInstrumentationKey', 'APPINSIGHTS_INSTRUMENTATIONKEY')
+    ]
+]
+
+static LinkedHashMap<String, Object> secret(String secretName, String envVar) {
+    [ $class: 'AzureKeyVaultSecret',
+      secretType: 'Secret',
+      name: secretName,
+      version: '',
+      envVariable: envVar
+    ]
+}
+
+
 withPipeline(type, product, app) {
+    overrideVaultEnvironments(vaultOverrides)
+    loadVaultSecrets(secrets)
     enableSlackNotifications('#bar-tech')
     enableAksStagingDeployment()
 
 
+
     after('functionalTest:aat') {
         steps.archiveArtifacts allowEmptyArchive: true, artifacts: '**/site/serenity/**/*'
         publishHTML target: [

diff --git a/README.md b/README.md
@@ -38,6 +38,23 @@ or in dev/test environment you can use this link
 https://dev.api.bar.reform.hmcts.net/swagger-ui.html
 or https://test.api.bar.reform.hmcts.net/swagger-ui.html
 
+## Run the application using docker compose
+
+Please add the following environmental variables in .env file (bar-api/.env)
+
+1. BAR_SPRING_DATASOURCE_PASSWORD=bar
+2. BAR_POSTGRES_PASSWORD=bar
+3. PAYMENT_SPRING_DATASOURCE_PASSWORD=payment
+4. OPENID_SPRING_DATASOURCE_PASSWORD=openidm
+5. IDAM_SPI_FORGEROCK_AM_PASSWORD=Pa55word11
+6. IDAM_SPI_FORGEROCK_IDM_PASSWORD=openidm-admin
+7. IDAM_SPI_FORGEROCK_IDM_PIN_DEFAULTPASSWORD=BlaBlaBlackSh33p
+8. SECURITY_OAUTH2_CLIENT_CLIENTSECRET=password
+9. FEE_REG_SPRING_DATASOURCE_PASSWORD=fee_register
+
+
+``` docker-compose up```
+
 ## Service Endpoints
 Some of the end points are as below. These might be out of date. Please look at the swagger-ui to be sure. 
 

diff --git a/api/src/main/resources/application.properties b/api/src/main/resources/application.properties
@@ -5,7 +5,7 @@ spring.main.allow-bean-definition-overriding=true
 
 spring.datasource.url=jdbc:postgresql://${POSTGRES_HOST:localhost}:${POSTGRES_PORT:5432}/${POSTGRES_NAME:bar}${POSTGRES_CONNECTION_OPTIONS:}
 spring.datasource.username=${POSTGRES_USERNAME:bar}
-spring.datasource.password=${POSTGRES_PASSWORD:bar}
+spring.datasource.password=${POSTGRES_PASSWORD}
 spring.datasource.driver=org.postgresql.Driver
 spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
 
@@ -15,7 +15,7 @@ management.health.probes.enabled=true
 
 # auth.idam.client.baseUrl=${IDAM_CLIENT_BASE_URL:https://idam-test.dev.ccidam.reform.hmcts.net}
 auth.idam.client.baseUrl=${IDAM_CLIENT_BASE_URL:http://localhost:23443}
-idam.s2s-auth.totp_secret=${S2S_SECRET:ABCD1F2BABCD1F2B}
+idam.s2s-auth.totp_secret=${S2S_SECRET}
 idam.s2s-auth.microservice=bar_api
 idam.s2s-auth.url=${S2S_AUTH_URL:http://localhost:23443}
 payment.api.url=${PAYMENT_API_URL:http://localhost:23443}
@@ -30,6 +30,6 @@ spring.liquibase.enabled=${SPRING_LIQUIBASE_ENABLED:true}
 
 http.client.timeout = 5
 
-azure.application-insights.instrumentation-key=${APPINSIGHTS_INSTRUMENTATIONKEY:dummy}
+azure.application-insights.instrumentation-key=${APPINSIGHTS_INSTRUMENTATIONKEY}
 server.shutdown=${SERVER_SHUTDOWN_STRATEGY:graceful}
 spring.lifecycle.timeout-per-shutdown-phase=${TIMEOUT_SERVER_SHUTDOWN_PHASE:30s}
diff --git a/charts/bar-api/Chart.yaml b/charts/bar-api/Chart.yaml
@@ -3,11 +3,11 @@ appVersion: "2.0"
 description: Helm chart for the HMCTS bar api
 name: bar-api
 home: https://github.com/hmcts/bar-app
-version: 0.2.10
+version: 0.2.11
 maintainers:
   - name: HMCTS Bar Dev Team
     email: [email protected]
 dependencies:
   - name: java
     version: 3.4.5
-    repository: '@hmctspublic'
+    repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -13,12 +13,12 @@ services:
     environment:
       - SPRING_DATASOURCE_URL=jdbc:postgresql://bar-database:5432/bar
       - SPRING_DATASOURCE_USERNAME=bar
-      - SPRING_DATASOURCE_PASSWORD=bar
+      - SPRING_DATASOURCE_PASSWORD=${BAR_SPRING_DATASOURCE_PASSWORD}
       - auth.idam.client.baseUrl=http://idam-api:5000
       - payment.api.url=http://payments-api:8080
       - idam.s2s-auth.url=http://service-auth-provider-api:8489
       - idam.s2s-auth.microservice=bar_api
-      - idam.s2s-auth.totp_secret=DUMMYSECRET12345
+      - idam.s2s-auth.totp_secret=DUMMY
       - site.api.url=http://bar-api:8080
     ports:
      - 8185:8080
@@ -31,7 +31,7 @@ services:
     image: postgres:11-alpine
     environment:
       - POSTGRES_USER=bar
-      - POSTGRES_PASSWORD=bar
+      - POSTGRES_PASSWORD=${BAR_POSTGRES_PASSWORD}
       - POSTGRES_DB=bar
     ports:
       - 5182:5432
@@ -100,7 +100,7 @@ services:
       - REFORM_TEAM=cc
       - SPRING_DATASOURCE_URL=jdbc:postgresql://payments-database:5432/payment
       - SPRING_DATASOURCE_USERNAME=payment
-      - SPRING_DATASOURCE_PASSWORD=payment
+      - SPRING_DATASOURCE_PASSWORD=${PAYMENT_SPRING_DATASOURCE_PASSWORD}
       - SPRING_LIQUIBASE_ENABLED=true
       - SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE=true
       - SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_TRUST=*
@@ -122,7 +122,7 @@ services:
     image: postgres:11-alpine
     environment:
       - POSTGRES_USER=payment
-      - POSTGRES_PASSWORD=payment
+      - POSTGRES_PASSWORD=${PAYMENT_SPRING_DATASOURCE_PASSWORD}
       - POSTGRES_DB=payment
     ports:
       - 5430:5432
@@ -133,7 +133,7 @@ services:
     environment:
       - SPRING_DATASOURCE_URL=jdbc:postgresql://ccfr-fees-database:5432/fees_register
       - SPRING_DATASOURCE_USERNAME=fees_register
-      - SPRING_DATASOURCE_PASSWORD=fees_register
+      - SPRING_DATASOURCE_PASSWORD=${FEE_REG_SPRING_DATASOURCE_PASSWORD}
       - AUTH_IDAM_CLIENT_BASEURL=https://idam-test.dev.ccidam.reform.hmcts.net
     ports:
       - 8182:8080
@@ -145,7 +145,7 @@ services:
     image: postgres:11-alpine
     environment:
       - POSTGRES_USER=fees_register
-      - POSTGRES_PASSWORD=fees_register
+      - POSTGRES_PASSWORD=${FEE_REG_SPRING_DATASOURCE_PASSWORD}
       - POSTGRES_DB=fees_register
     ports:
       - 5183:5432
@@ -154,7 +154,7 @@ services:
     image: hmctspublic.azurecr.io/rpe/service-auth-provider
     environment:
       - microserviceKeys_payment_app=AAAAAAAAAAAAAAAB
-      - microserviceKeys_bar_api=DUMMYSECRET12345
+      - microserviceKeys_bar_api=DUMMY
     ports:
       - 8085:8489
 
@@ -206,19 +206,19 @@ services:
       - SPRING_PROFILES_ACTIVE=local
       - SPRING_DATASOURCE_URL=jdbc:postgresql://shared-db:5432/openidm?currentSchema=fridam
       - SPRING_DATASOURCE_USERNAME=openidm
-      - SPRING_DATASOURCE_PASSWORD=openidm
-      - SECURITY_OAUTH2_CLIENT_CLIENTSECRET=password
+      - SPRING_DATASOURCE_PASSWORD=${OPENID_SPRING_DATASOURCE_PASSWORD}
+      - SECURITY_OAUTH2_CLIENT_CLIENTSECRET=${SECURITY_OAUTH2_CLIENT_CLIENTSECRET}
       - SECURITY_OAUTH2_CLIENT_PRE_ESTABLISHED_REDIRECT_URI=http://idam-web-public:9002/login
       - SECURITY_OAUTH2_CLIENT_REGISTERED_REDIRECT_URI=http://idam-web-public:9002/login
       - IDAM_SPI_FORGEROCK_AM_ROOT=http://fr-am:8080/openam
       - IDAM_SPI_FORGEROCK_AM_TOPLEVELHOST=fr-am
       - IDAM_SPI_FORGEROCK_AM_USERNAME=amadmin
-      - IDAM_SPI_FORGEROCK_AM_PASSWORD=Pa55word11
+      - IDAM_SPI_FORGEROCK_AM_PASSWORD=${IDAM_SPI_FORGEROCK_AM_PASSWORD}
       - IDAM_SPI_FORGEROCK_AM_JWKSURIFOROAUTH2CLIENTS=http://fr-am:8080/openam/oauth2/hmcts/connect/jwk_uri
       - IDAM_SPI_FORGEROCK_IDM_ROOT=http://fr-idm:18080/openidm
       - IDAM_SPI_FORGEROCK_IDM_USERNAME=openidm-admin
-      - IDAM_SPI_FORGEROCK_IDM_PASSWORD=openidm-admin
-      - IDAM_SPI_FORGEROCK_IDM_PIN_DEFAULTPASSWORD=BlaBlaBlackSh33p
+      - IDAM_SPI_FORGEROCK_IDM_PASSWORD=${IDAM_SPI_FORGEROCK_IDM_PASSWORD}
+      - IDAM_SPI_FORGEROCK_IDM_PIN_DEFAULTPASSWORD=${IDAM_SPI_FORGEROCK_IDM_PIN_DEFAULTPASSWORD}
       - APPSETTING_NODE_PATH=/opt/app
 
   idam-web-public: