From ddb073601e226d6e03c193f90ba06998a6794185 Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 10:39:26 +0100 Subject: [PATCH 01/13] PAY-6706-New-APIM --- .../api/configuration/SpringSecurityConfiguration.java | 2 +- infrastructure/.terraform-version | 2 +- infrastructure/aat.tfvars | 2 ++ infrastructure/demo.tfvars | 5 ++++- infrastructure/ithc.tfvars | 1 + infrastructure/perftest.tfvars | 2 ++ infrastructure/prod.tfvars | 1 + infrastructure/provider.tf | 6 ++++++ infrastructure/state.tf | 10 ++-------- infrastructure/variables.tf | 4 ++++ infrastructure/versions.tf | 2 +- 11 files changed, 25 insertions(+), 12 deletions(-) diff --git a/api/src/main/java/uk/gov/hmcts/fees/register/api/configuration/SpringSecurityConfiguration.java b/api/src/main/java/uk/gov/hmcts/fees/register/api/configuration/SpringSecurityConfiguration.java index a507c974e..9e7656c76 100644 --- a/api/src/main/java/uk/gov/hmcts/fees/register/api/configuration/SpringSecurityConfiguration.java +++ b/api/src/main/java/uk/gov/hmcts/fees/register/api/configuration/SpringSecurityConfiguration.java @@ -10,7 +10,7 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import uk.gov.hmcts.reform.auth.checker.core.RequestAuthorizer; +import uk.gov.hmcts.reform.auth.checker.corer.RequestAuthorizer; import uk.gov.hmcts.reform.auth.checker.core.user.User; import uk.gov.hmcts.reform.auth.checker.spring.useronly.AuthCheckerUserOnlyFilter; diff --git a/infrastructure/.terraform-version b/infrastructure/.terraform-version index 3336003dc..8decb929b 100644 --- a/infrastructure/.terraform-version +++ b/infrastructure/.terraform-version @@ -1 +1 @@ -1.3.7 +1.8.5 diff --git a/infrastructure/aat.tfvars b/infrastructure/aat.tfvars index 8875cda56..e94f330a4 100644 --- a/infrastructure/aat.tfvars +++ b/infrastructure/aat.tfvars @@ -1,4 +1,6 @@ sku_name = "GP_Gen5_4" flexible_sku_name = "GP_Standard_D4s_v3" sku_capacity = "4" +aks_subscription_id = "96c274ce-846d-4e48-89a7-d528432298a7" +apim_suffix = "stg" feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE","D36AC5686200258AE7C03CCCA70E14B69C17F94B"] diff --git a/infrastructure/demo.tfvars b/infrastructure/demo.tfvars index 161259b94..f03f66e2e 100644 --- a/infrastructure/demo.tfvars +++ b/infrastructure/demo.tfvars @@ -1,7 +1,10 @@ +# Test Certificate refunds_api_gateway_certificate_thumbprints +# "7744A2F56BD3B73C0D7FED61309E1C65AF08538C" - Shravan test cert +# "BFE89B4BA1F47E048CFDF125C2E1BB4E2CC26083" - Dave test cert sku_name = "GP_Gen5_2" flexible_sku_name = "GP_Standard_D2s_v3" sku_capacity = "2" -feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE", "D36AC5686200258AE7C03CCCA70E14B69C17F94B"] +feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE", "D36AC5686200258AE7C03CCCA70E14B69C17F94B", "7744A2F56BD3B73C0D7FED61309E1C65AF08538C", "BFE89B4BA1F47E048CFDF125C2E1BB4E2CC26083"] aks_subscription_id = "d025fece-ce99-4df2-b7a9-b649d3ff2060" additional_databases = [ "postgresql-db2" diff --git a/infrastructure/ithc.tfvars b/infrastructure/ithc.tfvars index 43e5f5a5a..49d5d93df 100644 --- a/infrastructure/ithc.tfvars +++ b/infrastructure/ithc.tfvars @@ -1,4 +1,5 @@ sku_name = "GP_Gen5_2" flexible_sku_name = "GP_Standard_D2s_v3" sku_capacity = "2" +aks_subscription_id = "62864d44-5da9-4ae9-89e7-0cf33942fa09" feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE"] diff --git a/infrastructure/perftest.tfvars b/infrastructure/perftest.tfvars index 94acb5a22..fa70d6774 100644 --- a/infrastructure/perftest.tfvars +++ b/infrastructure/perftest.tfvars @@ -1,4 +1,6 @@ sku_name = "GP_Gen5_4" flexible_sku_name = "GP_Standard_D4s_v3" sku_capacity = "4" +aks_subscription_id = "8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c" +apim_suffix = "test" feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE"] diff --git a/infrastructure/prod.tfvars b/infrastructure/prod.tfvars index 9b9b08d35..567a438e0 100644 --- a/infrastructure/prod.tfvars +++ b/infrastructure/prod.tfvars @@ -1,4 +1,5 @@ sku_name = "GP_Gen5_4" flexible_sku_name = "GP_Standard_D4s_v3" sku_capacity = "4" +aks_subscription_id = "8cbc6f36-7c56-4963-9d36-739db5d00b27" feeregister_api_gateway_certificate_thumbprints = ["B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE","68EDF481C5394D65962E9810913455D3EC635FA5","B1BF8007527F85085D7C4A3DC406A9A6D124D721","B49BDDE7818B78058AC7401BE0284A40845031E3","C6E2FBAB5FED58FD86C10A3BD212CF44668FD1A3","7744A2F56BD3B73C0D7FED61309E1C65AF08538C"] diff --git a/infrastructure/provider.tf b/infrastructure/provider.tf index 4cbc37f84..78ba923f7 100644 --- a/infrastructure/provider.tf +++ b/infrastructure/provider.tf @@ -4,3 +4,9 @@ provider "azurerm" { alias = "postgres_network" subscription_id = var.aks_subscription_id } + +provider "azurerm" { + features {} + alias = "aks-cftapps" + subscription_id = var.aks_subscription_id +} diff --git a/infrastructure/state.tf b/infrastructure/state.tf index 9cd63593b..a6684b92b 100644 --- a/infrastructure/state.tf +++ b/infrastructure/state.tf @@ -4,17 +4,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 3.40" + version = "~> 3.107.0" } azuread = { source = "hashicorp/azuread" - version = "1.6.0" + version = "2.51.0" } } } - -provider "azurerm" { - alias = "cftappsdemo" - features {} - subscription_id = var.aks_subscription_id -} diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index 419e385d2..4ec2761ab 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -68,3 +68,7 @@ variable "postgresql_flexible_sql_version" { variable "postgresql_flexible_server_port" { default = "5432" } + +variable "apim_suffix" { + default = "" +} diff --git a/infrastructure/versions.tf b/infrastructure/versions.tf index 305e9ecc8..1e3f40bee 100644 --- a/infrastructure/versions.tf +++ b/infrastructure/versions.tf @@ -1,3 +1,3 @@ terraform { - required_version = ">= 1.3.7" + required_version = ">= 1.8.0" } From d8966b7086c5be789218f59dfee8b2023d1add74 Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 10:48:37 +0100 Subject: [PATCH 02/13] Update Auth checker lib --- api/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/build.gradle b/api/build.gradle index 7fd73a0f4..3d47dc75b 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -71,7 +71,7 @@ def javaLoggingVersion = '6.0.1' dependencies { implementation project(':fees-register-model') implementation project(':fees-register-api-contract') - implementation (group: 'uk.gov.hmcts.reform.auth', name: 'auth-checker-lib', version: '2.1.2') { + implementation (group: 'uk.gov.hmcts.reform.auth', name: 'auth-checker-lib', version: '2.3.0') { exclude(module: 'java-logging-spring') } implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web' From d7453969fe77a23a1d1cd0c059ee64d4cb469462 Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 11:01:36 +0100 Subject: [PATCH 03/13] Updated location of auth-checker --- api/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/build.gradle b/api/build.gradle index 3d47dc75b..395190353 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -71,7 +71,7 @@ def javaLoggingVersion = '6.0.1' dependencies { implementation project(':fees-register-model') implementation project(':fees-register-api-contract') - implementation (group: 'uk.gov.hmcts.reform.auth', name: 'auth-checker-lib', version: '2.3.0') { + implementation (group: 'com.github.hmcts', name: 'auth-checker-lib', version: '2.3.0') { exclude(module: 'java-logging-spring') } implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web' From b62a53e5c6e473cb44258747a36da7fe6ae0d02c Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 11:20:40 +0100 Subject: [PATCH 04/13] Updated import for RequestAuthorizer for updated auth-checker --- .../register/api/configuration/SpringSecurityConfiguration.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/src/main/java/uk/gov/hmcts/fees/register/api/configuration/SpringSecurityConfiguration.java b/api/src/main/java/uk/gov/hmcts/fees/register/api/configuration/SpringSecurityConfiguration.java index 9e7656c76..a507c974e 100644 --- a/api/src/main/java/uk/gov/hmcts/fees/register/api/configuration/SpringSecurityConfiguration.java +++ b/api/src/main/java/uk/gov/hmcts/fees/register/api/configuration/SpringSecurityConfiguration.java @@ -10,7 +10,7 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import uk.gov.hmcts.reform.auth.checker.corer.RequestAuthorizer; +import uk.gov.hmcts.reform.auth.checker.core.RequestAuthorizer; import uk.gov.hmcts.reform.auth.checker.core.user.User; import uk.gov.hmcts.reform.auth.checker.spring.useronly.AuthCheckerUserOnlyFilter; From 1545af6c1830857d1bfc50a363076401698b89c4 Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 11:47:49 +0100 Subject: [PATCH 05/13] Updated to add new CFT APIM --- infrastructure/cft-api-mgmt-subscriptions.tf | 33 ++++++++++++ infrastructure/cft-api-mgmt.tf | 57 ++++++++++++++++++++ infrastructure/template/cft-api-policy.xml | 33 ++++++++++++ 3 files changed, 123 insertions(+) create mode 100644 infrastructure/cft-api-mgmt-subscriptions.tf create mode 100644 infrastructure/cft-api-mgmt.tf create mode 100644 infrastructure/template/cft-api-policy.xml diff --git a/infrastructure/cft-api-mgmt-subscriptions.tf b/infrastructure/cft-api-mgmt-subscriptions.tf new file mode 100644 index 000000000..57d4421b4 --- /dev/null +++ b/infrastructure/cft-api-mgmt-subscriptions.tf @@ -0,0 +1,33 @@ +# Subscription keys for the CFT APIM + +# Internal subscription - Fee and Payment DTS Team +resource "azurerm_api_management_subscription" "fee_pay_team_fee_register_subscription" { + api_management_name = local.cft_api_mgmt_name + resource_group_name = local.cft_api_mgmt_rg + product_id = module.cft_api_mgmt_product.id + display_name = "Fee Register API - Fee and Pay DTS Team Subscription" + state = "active" + provider = azurerm.aks-cftapps +} + +resource "azurerm_key_vault_secret" "fee_pay_team_fee_register_subscription_key" { + name = "fee-pay-team-fee-register-cft-apim-subscription-key" + value = azurerm_api_management_subscription.fee_pay_team_fee_register_subscription.primary_key + key_vault_id = data.azurerm_key_vault.payment_key_vault.id +} + +# Supplier subscription - Liberata +resource "azurerm_api_management_subscription" "liberata_supplier_fee_register_subscription" { + api_management_name = local.cft_api_mgmt_name + resource_group_name = local.cft_api_mgmt_rg + product_id = module.cft_api_mgmt_product.id + display_name = "Fee Register API - Liberata Subscription" + state = "active" + provider = azurerm.aks-cftapps +} + +data "azurerm_key_vault_secret" "liberata_supplier_fee_register_subscription_key" { + name = "liberata-cft-apim-fee-register-subscription-key" + value = azurerm_api_management_subscription.liberata_supplier_fee_register_subscription.primary_key + key_vault_id = data.azurerm_key_vault.payment_key_vault.id +} diff --git a/infrastructure/cft-api-mgmt.tf b/infrastructure/cft-api-mgmt.tf new file mode 100644 index 000000000..77df6927d --- /dev/null +++ b/infrastructure/cft-api-mgmt.tf @@ -0,0 +1,57 @@ +# Note for API docs see - https://github.com/hmcts/cnp-api-docs/tree/master/docs/specs + +locals { + cft_api_mgmt_suffix = var.apim_suffix == "" ? var.env : var.apim_suffix + cft_api_mgmt_name = join("-", ["cft-api-mgmt", local.cft_api_mgmt_suffix]) + cft_api_mgmt_rg = join("-", ["cft", var.env, "network-rg"]) + cft_api_base_path = "/feeRegister-api" +} + +data "template_file" "cft_policy_template" { + template = file(join("", [path.module, "/template/cft-api-policy.xml"])) + + vars = { + allowed_certificate_thumbprints = local.feeregister_thumbprints_in_quotes_str + s2s_client_id = data.azurerm_key_vault_secret.s2s_client_id.value + s2s_client_secret = data.azurerm_key_vault_secret.s2s_client_secret.value + s2s_base_url = local.s2sUrl + } +} + +module "cft_api_mgmt_product" { + source = "git@github.com:hmcts/cnp-module-api-mgmt-product?ref=master" + name = var.product_name + api_mgmt_name = local.cft_api_mgmt_name + api_mgmt_rg = local.cft_api_mgmt_rg + product_access_control_groups = ["developers"] + providers = { + azurerm = azurerm.aks-cftapps + } +} + +module "cft_api_mgmt_api" { + source = "git@github.com:hmcts/cnp-module-api-mgmt-api?ref=master" + name = join("-", [var.product_name, "api"]) + display_name = "Fee Register API" + api_mgmt_name = local.cft_api_mgmt_name + api_mgmt_rg = local.cft_api_mgmt_rg + product_id = module.cft_api_mgmt_product.product_id + path = local.cft_api_base_path + service_url = local.feeregister_api_url + swagger_url = "https://raw.githubusercontent.com/hmcts/cnp-api-docs/master/docs/specs/ccpay-payment-app.freg_api1.json" + revision = "1" + providers = { + azurerm = azurerm.aks-cftapps + } +} + +module "cft_api_mgmt_policy" { + source = "git@github.com:hmcts/cnp-module-api-mgmt-api-policy?ref=master" + api_mgmt_name = local.cft_api_mgmt_name + api_mgmt_rg = local.cft_api_mgmt_rg + api_name = module.cft_api_mgmt_api.name + api_policy_xml_content = data.template_file.cft_policy_template.rendered + providers = { + azurerm = azurerm.aks-cftapps + } +} diff --git a/infrastructure/template/cft-api-policy.xml b/infrastructure/template/cft-api-policy.xml new file mode 100644 index 000000000..8d55a9ac9 --- /dev/null +++ b/infrastructure/template/cft-api-policy.xml @@ -0,0 +1,33 @@ + + + + + + + + + + + Missing client certificate + + + + + + Invalid client certificate + + + + + + + + + + + + + + + + From 33755b716d8197e4ff3b4ff3c64fb10c7adeadda Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 11:56:03 +0100 Subject: [PATCH 06/13] Updated correct order which secrets are created --- infrastructure/cft-api-mgmt-subscriptions.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/infrastructure/cft-api-mgmt-subscriptions.tf b/infrastructure/cft-api-mgmt-subscriptions.tf index 57d4421b4..b10e6dd86 100644 --- a/infrastructure/cft-api-mgmt-subscriptions.tf +++ b/infrastructure/cft-api-mgmt-subscriptions.tf @@ -14,6 +14,8 @@ resource "azurerm_key_vault_secret" "fee_pay_team_fee_register_subscription_key" name = "fee-pay-team-fee-register-cft-apim-subscription-key" value = azurerm_api_management_subscription.fee_pay_team_fee_register_subscription.primary_key key_vault_id = data.azurerm_key_vault.payment_key_vault.id + + depends_on = [azurerm_api_management_subscription.fee_pay_team_fee_register_subscription] } # Supplier subscription - Liberata @@ -30,4 +32,6 @@ data "azurerm_key_vault_secret" "liberata_supplier_fee_register_subscription_key name = "liberata-cft-apim-fee-register-subscription-key" value = azurerm_api_management_subscription.liberata_supplier_fee_register_subscription.primary_key key_vault_id = data.azurerm_key_vault.payment_key_vault.id + + depends_on = [azurerm_api_management_subscription.liberata_supplier_fee_register_subscription] } From 91087099e5a1e228f8e958574b4ef002ce005a03 Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 12:17:45 +0100 Subject: [PATCH 07/13] Updated correct order which secrets are created --- infrastructure/cft-api-mgmt-subscriptions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/cft-api-mgmt-subscriptions.tf b/infrastructure/cft-api-mgmt-subscriptions.tf index b10e6dd86..9a8324648 100644 --- a/infrastructure/cft-api-mgmt-subscriptions.tf +++ b/infrastructure/cft-api-mgmt-subscriptions.tf @@ -28,7 +28,7 @@ resource "azurerm_api_management_subscription" "liberata_supplier_fee_register_s provider = azurerm.aks-cftapps } -data "azurerm_key_vault_secret" "liberata_supplier_fee_register_subscription_key" { +resource "azurerm_key_vault_secret" "fee_pay_team_fee_register_subscription_key" { name = "liberata-cft-apim-fee-register-subscription-key" value = azurerm_api_management_subscription.liberata_supplier_fee_register_subscription.primary_key key_vault_id = data.azurerm_key_vault.payment_key_vault.id From 397cbf96af08346510ad4086a183f2a6bd278c61 Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 12:23:15 +0100 Subject: [PATCH 08/13] Updated correct order which secrets are created --- infrastructure/cft-api-mgmt-subscriptions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/cft-api-mgmt-subscriptions.tf b/infrastructure/cft-api-mgmt-subscriptions.tf index 9a8324648..4d3fb2984 100644 --- a/infrastructure/cft-api-mgmt-subscriptions.tf +++ b/infrastructure/cft-api-mgmt-subscriptions.tf @@ -28,7 +28,7 @@ resource "azurerm_api_management_subscription" "liberata_supplier_fee_register_s provider = azurerm.aks-cftapps } -resource "azurerm_key_vault_secret" "fee_pay_team_fee_register_subscription_key" { +resource "azurerm_key_vault_secret" "liberata_supplier_fee_register_subscription_key" { name = "liberata-cft-apim-fee-register-subscription-key" value = azurerm_api_management_subscription.liberata_supplier_fee_register_subscription.primary_key key_vault_id = data.azurerm_key_vault.payment_key_vault.id From c47f520e211f618461174f72d1d85943a56e98ae Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 13:19:28 +0100 Subject: [PATCH 09/13] Updated correct api path --- infrastructure/cft-api-mgmt.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/cft-api-mgmt.tf b/infrastructure/cft-api-mgmt.tf index 77df6927d..05e2676b1 100644 --- a/infrastructure/cft-api-mgmt.tf +++ b/infrastructure/cft-api-mgmt.tf @@ -4,7 +4,7 @@ locals { cft_api_mgmt_suffix = var.apim_suffix == "" ? var.env : var.apim_suffix cft_api_mgmt_name = join("-", ["cft-api-mgmt", local.cft_api_mgmt_suffix]) cft_api_mgmt_rg = join("-", ["cft", var.env, "network-rg"]) - cft_api_base_path = "/feeRegister-api" + cft_api_base_path = "feeRegister-api" } data "template_file" "cft_policy_template" { From 16c7c7ab0966aa1cf75def7ec3568d8e26c1d6ea Mon Sep 17 00:00:00 2001 From: 58046 <62422075+hmcts-jenkins-a-to-c[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 12:39:32 +0000 Subject: [PATCH 10/13] Updating Terraform Formatting --- infrastructure/aat.tfvars | 12 +++--- infrastructure/cft-api-mgmt.tf | 8 ++-- infrastructure/demo.tfvars | 10 ++--- infrastructure/fee_reg_core.tf | 8 ++-- infrastructure/ithc.tfvars | 8 ++-- infrastructure/main.tf | 78 +++++++++++++++++----------------- infrastructure/perftest.tfvars | 10 ++--- infrastructure/prod.tfvars | 10 ++--- infrastructure/sdp.tf | 6 +-- infrastructure/variables.tf | 8 ++-- 10 files changed, 79 insertions(+), 79 deletions(-) diff --git a/infrastructure/aat.tfvars b/infrastructure/aat.tfvars index e94f330a4..9194b210c 100644 --- a/infrastructure/aat.tfvars +++ b/infrastructure/aat.tfvars @@ -1,6 +1,6 @@ -sku_name = "GP_Gen5_4" -flexible_sku_name = "GP_Standard_D4s_v3" -sku_capacity = "4" -aks_subscription_id = "96c274ce-846d-4e48-89a7-d528432298a7" -apim_suffix = "stg" -feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE","D36AC5686200258AE7C03CCCA70E14B69C17F94B"] +sku_name = "GP_Gen5_4" +flexible_sku_name = "GP_Standard_D4s_v3" +sku_capacity = "4" +aks_subscription_id = "96c274ce-846d-4e48-89a7-d528432298a7" +apim_suffix = "stg" +feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE", "D36AC5686200258AE7C03CCCA70E14B69C17F94B"] diff --git a/infrastructure/cft-api-mgmt.tf b/infrastructure/cft-api-mgmt.tf index 05e2676b1..683033db3 100644 --- a/infrastructure/cft-api-mgmt.tf +++ b/infrastructure/cft-api-mgmt.tf @@ -19,10 +19,10 @@ data "template_file" "cft_policy_template" { } module "cft_api_mgmt_product" { - source = "git@github.com:hmcts/cnp-module-api-mgmt-product?ref=master" - name = var.product_name - api_mgmt_name = local.cft_api_mgmt_name - api_mgmt_rg = local.cft_api_mgmt_rg + source = "git@github.com:hmcts/cnp-module-api-mgmt-product?ref=master" + name = var.product_name + api_mgmt_name = local.cft_api_mgmt_name + api_mgmt_rg = local.cft_api_mgmt_rg product_access_control_groups = ["developers"] providers = { azurerm = azurerm.aks-cftapps diff --git a/infrastructure/demo.tfvars b/infrastructure/demo.tfvars index f03f66e2e..605d87874 100644 --- a/infrastructure/demo.tfvars +++ b/infrastructure/demo.tfvars @@ -1,11 +1,11 @@ # Test Certificate refunds_api_gateway_certificate_thumbprints # "7744A2F56BD3B73C0D7FED61309E1C65AF08538C" - Shravan test cert # "BFE89B4BA1F47E048CFDF125C2E1BB4E2CC26083" - Dave test cert -sku_name = "GP_Gen5_2" -flexible_sku_name = "GP_Standard_D2s_v3" -sku_capacity = "2" +sku_name = "GP_Gen5_2" +flexible_sku_name = "GP_Standard_D2s_v3" +sku_capacity = "2" feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE", "D36AC5686200258AE7C03CCCA70E14B69C17F94B", "7744A2F56BD3B73C0D7FED61309E1C65AF08538C", "BFE89B4BA1F47E048CFDF125C2E1BB4E2CC26083"] -aks_subscription_id = "d025fece-ce99-4df2-b7a9-b649d3ff2060" +aks_subscription_id = "d025fece-ce99-4df2-b7a9-b649d3ff2060" additional_databases = [ - "postgresql-db2" + "postgresql-db2" ] diff --git a/infrastructure/fee_reg_core.tf b/infrastructure/fee_reg_core.tf index e9f2dd14f..72995a215 100644 --- a/infrastructure/fee_reg_core.tf +++ b/infrastructure/fee_reg_core.tf @@ -16,11 +16,11 @@ module "ccpay-feeregister-api-core" { service_url = local.feeregister_api_url product_id = module.ccpay-feeregister-product-core.product_id name = join("-", [var.product_name, "apiList"]) - protocols = ["http", "https"] + protocols = ["http", "https"] - display_name = "Fee Register API" - path = "feeRegister-api" - swagger_url = "https://raw.githubusercontent.com/hmcts/reform-api-docs/master/docs/specs/ccpay-payment-app.freg_api1.json" + display_name = "Fee Register API" + path = "feeRegister-api" + swagger_url = "https://raw.githubusercontent.com/hmcts/reform-api-docs/master/docs/specs/ccpay-payment-app.freg_api1.json" } diff --git a/infrastructure/ithc.tfvars b/infrastructure/ithc.tfvars index 49d5d93df..0a48ee159 100644 --- a/infrastructure/ithc.tfvars +++ b/infrastructure/ithc.tfvars @@ -1,5 +1,5 @@ -sku_name = "GP_Gen5_2" -flexible_sku_name = "GP_Standard_D2s_v3" -sku_capacity = "2" -aks_subscription_id = "62864d44-5da9-4ae9-89e7-0cf33942fa09" +sku_name = "GP_Gen5_2" +flexible_sku_name = "GP_Standard_D2s_v3" +sku_capacity = "2" +aks_subscription_id = "62864d44-5da9-4ae9-89e7-0cf33942fa09" feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE"] diff --git a/infrastructure/main.tf b/infrastructure/main.tf index ce0314c96..31572d4cf 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -1,8 +1,8 @@ provider "azurerm" { features { - resource_group { - prevent_deletion_if_contains_resources = false - } + resource_group { + prevent_deletion_if_contains_resources = false + } } } @@ -10,9 +10,9 @@ locals { vaultName = join("-", [var.product, var.env]) //ccpay key vault configuration - core_product_vaultName = join("-", [var.core_product, var.env]) - freg_key_vault = join("-", ["ccpay", var.env]) - api_mgmt_name = join("-", ["core-api-mgmt", var.env]) + core_product_vaultName = join("-", [var.core_product, var.env]) + freg_key_vault = join("-", ["ccpay", var.env]) + api_mgmt_name = join("-", ["core-api-mgmt", var.env]) api_mgmt_rg = join("-", ["core-infra", var.env]) api_mgmt_name_cft = join("-", ["cft-api-mgmt", var.env]) api_mgmt_rg_cft = join("-", ["cft", var.env, "network-rg"]) @@ -37,53 +37,53 @@ data "azurerm_key_vault" "freg_key_vault" { } resource "azurerm_key_vault_secret" "freg-idam-client-secret" { - name = "freg-idam-client-secret" - value = data.azurerm_key_vault_secret.freg-idam-client-secret.value + name = "freg-idam-client-secret" + value = data.azurerm_key_vault_secret.freg-idam-client-secret.value key_vault_id = data.azurerm_key_vault.fees_key_vault.id } data "azurerm_key_vault_secret" "appinsights_instrumentation_key" { - name = "AppInsightsInstrumentationKey" + name = "AppInsightsInstrumentationKey" key_vault_id = data.azurerm_key_vault.payment_key_vault.id } data "azurerm_key_vault" "payment_key_vault" { - name = local.core_product_vaultName + name = local.core_product_vaultName resource_group_name = join("-", ["ccpay", var.env]) } //copy below secrets from payment app resource "azurerm_key_vault_secret" "appinsights_instrumentation_key" { - name = "AppInsightsInstrumentationKey" - value = data.azurerm_key_vault_secret.appinsights_instrumentation_key.value + name = "AppInsightsInstrumentationKey" + value = data.azurerm_key_vault_secret.appinsights_instrumentation_key.value key_vault_id = data.azurerm_key_vault.fees_key_vault.id } //copy below secrets from payment app for functional tests data "azurerm_key_vault_secret" "freg-idam-test-user-password" { - name = "freg-idam-test-user-password" + name = "freg-idam-test-user-password" key_vault_id = data.azurerm_key_vault.payment_key_vault.id } resource "azurerm_key_vault_secret" "freg-idam-test-user-password" { - name = "freg-idam-test-user-password" - value = data.azurerm_key_vault_secret.freg-idam-test-user-password.value + name = "freg-idam-test-user-password" + value = data.azurerm_key_vault_secret.freg-idam-test-user-password.value key_vault_id = data.azurerm_key_vault.fees_key_vault.id } data "azurerm_key_vault_secret" "freg-idam-generated-user-email-pattern" { - name = "freg-idam-generated-user-email-pattern" + name = "freg-idam-generated-user-email-pattern" key_vault_id = data.azurerm_key_vault.payment_key_vault.id } resource "azurerm_key_vault_secret" "freg-idam-generated-user-email-pattern" { - name = "freg-idam-generated-user-email-pattern" - value = data.azurerm_key_vault_secret.freg-idam-generated-user-email-pattern.value + name = "freg-idam-generated-user-email-pattern" + value = data.azurerm_key_vault_secret.freg-idam-generated-user-email-pattern.value key_vault_id = data.azurerm_key_vault.fees_key_vault.id } data "azurerm_key_vault_secret" "freg-idam-client-secret" { - name = "freg-idam-client-secret" + name = "freg-idam-client-secret" key_vault_id = data.azurerm_key_vault.payment_key_vault.id } @@ -92,33 +92,33 @@ module "fees-register-database-v15" { providers = { azurerm.postgres_network = azurerm.postgres_network } - source = "git@github.com:hmcts/terraform-module-postgresql-flexible?ref=master" - product = var.product - component = var.component - business_area = "cft" - name = join("-", [var.product, "postgres-db-v15"]) - location = var.location - env = var.env + source = "git@github.com:hmcts/terraform-module-postgresql-flexible?ref=master" + product = var.product + component = var.component + business_area = "cft" + name = join("-", [var.product, "postgres-db-v15"]) + location = var.location + env = var.env pgsql_admin_username = var.postgresql_user # Setup Access Reader db user force_user_permissions_trigger = "0" pgsql_databases = [ - { - name : var.database_name - } - ] - pgsql_server_configuration = [ - { - name = "azure.extensions" - value = "plpgsql,pg_stat_statements,pg_buffercache" - } - ] - pgsql_sku = var.flexible_sku_name + { + name : var.database_name + } + ] + pgsql_server_configuration = [ + { + name = "azure.extensions" + value = "plpgsql,pg_stat_statements,pg_buffercache" + } + ] + pgsql_sku = var.flexible_sku_name admin_user_object_id = var.jenkins_AAD_objectId - common_tags = var.common_tags - pgsql_version = var.postgresql_flexible_sql_version + common_tags = var.common_tags + pgsql_version = var.postgresql_flexible_sql_version } resource "azurerm_key_vault_secret" "POSTGRES-PASS" { diff --git a/infrastructure/perftest.tfvars b/infrastructure/perftest.tfvars index fa70d6774..9e88bdef2 100644 --- a/infrastructure/perftest.tfvars +++ b/infrastructure/perftest.tfvars @@ -1,6 +1,6 @@ -sku_name = "GP_Gen5_4" -flexible_sku_name = "GP_Standard_D4s_v3" -sku_capacity = "4" -aks_subscription_id = "8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c" -apim_suffix = "test" +sku_name = "GP_Gen5_4" +flexible_sku_name = "GP_Standard_D4s_v3" +sku_capacity = "4" +aks_subscription_id = "8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c" +apim_suffix = "test" feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE"] diff --git a/infrastructure/prod.tfvars b/infrastructure/prod.tfvars index 567a438e0..9372cf777 100644 --- a/infrastructure/prod.tfvars +++ b/infrastructure/prod.tfvars @@ -1,5 +1,5 @@ -sku_name = "GP_Gen5_4" -flexible_sku_name = "GP_Standard_D4s_v3" -sku_capacity = "4" -aks_subscription_id = "8cbc6f36-7c56-4963-9d36-739db5d00b27" -feeregister_api_gateway_certificate_thumbprints = ["B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE","68EDF481C5394D65962E9810913455D3EC635FA5","B1BF8007527F85085D7C4A3DC406A9A6D124D721","B49BDDE7818B78058AC7401BE0284A40845031E3","C6E2FBAB5FED58FD86C10A3BD212CF44668FD1A3","7744A2F56BD3B73C0D7FED61309E1C65AF08538C"] +sku_name = "GP_Gen5_4" +flexible_sku_name = "GP_Standard_D4s_v3" +sku_capacity = "4" +aks_subscription_id = "8cbc6f36-7c56-4963-9d36-739db5d00b27" +feeregister_api_gateway_certificate_thumbprints = ["B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE", "68EDF481C5394D65962E9810913455D3EC635FA5", "B1BF8007527F85085D7C4A3DC406A9A6D124D721", "B49BDDE7818B78058AC7401BE0284A40845031E3", "C6E2FBAB5FED58FD86C10A3BD212CF44668FD1A3", "7744A2F56BD3B73C0D7FED61309E1C65AF08538C"] diff --git a/infrastructure/sdp.tf b/infrastructure/sdp.tf index e7693ebdf..0d95554a0 100644 --- a/infrastructure/sdp.tf +++ b/infrastructure/sdp.tf @@ -19,13 +19,13 @@ locals { subscription = "867a878b-cb68-4de5-9741-361ac9e178b6" } test = { - subscription = "3eec5bde-7feb-4566-bfb6-805df6e10b90" + subscription = "3eec5bde-7feb-4566-bfb6-805df6e10b90" } ithc = { - subscription = "ba71a911-e0d6-4776-a1a6-079af1df7139" + subscription = "ba71a911-e0d6-4776-a1a6-079af1df7139" } prod = { - subscription = "5ca62022-6aa2-4cee-aaa7-e7536c8d566c" + subscription = "5ca62022-6aa2-4cee-aaa7-e7536c8d566c" } } } diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index 4ec2761ab..0afe94ecc 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -16,12 +16,12 @@ variable "subscription" {} variable "tenant_id" {} variable "jenkins_AAD_objectId" { - description = "(Required) The Azure AD object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." + description = "(Required) The Azure AD object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." } variable "appinsights_instrumentation_key" { description = "Instrumentation key of the App Insights instance this webapp should use. Module will create own App Insights resource if this is not provided" - default = "" + default = "" } variable "database_name" { @@ -51,13 +51,13 @@ variable "feeregister_api_gateway_certificate_thumbprints" { default = [] # TODO: remove default and provide environment-specific values } -variable "aks_subscription_id" { } +variable "aks_subscription_id" {} variable "core_product" { default = "ccpay" } -variable flexible_sku_name { +variable "flexible_sku_name" { default = "GP_Standard_D2s_v3" } From 2fa569901e6e1d3abc7e50419cb188eaa480ba5e Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 14:18:07 +0100 Subject: [PATCH 11/13] Add HTTPClient library --- api/build.gradle | 2 +- build.gradle | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/api/build.gradle b/api/build.gradle index 395190353..9d6d18e2b 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -74,6 +74,7 @@ dependencies { implementation (group: 'com.github.hmcts', name: 'auth-checker-lib', version: '2.3.0') { exclude(module: 'java-logging-spring') } + implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web' implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa' implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security' @@ -95,7 +96,6 @@ dependencies { testImplementation group: 'io.rest-assured', name: 'rest-assured' testImplementation group: 'org.projectlombok', name: 'lombok', version: '1.18.28' - annotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.28' functionalTestAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.28' smokeTestImplementation group: 'org.projectlombok', name: 'lombok', version: '1.18.28' diff --git a/build.gradle b/build.gradle index b78ddee27..ae6fb421a 100644 --- a/build.gradle +++ b/build.gradle @@ -124,6 +124,7 @@ subprojects { implementation('com.sun.xml.bind:jaxb-osgi:2.3.1') implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.1' implementation group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.17.1' + implementation group: 'org.apache.httpcomponents.client5', name: 'httpclient5', version: '5.3.1' implementation group:'org.dom4j',name:'dom4j',version: '2.1.3' implementation group: 'org.owasp.encoder', name: 'encoder', version: '1.2' testImplementation group: 'com.github.tomakehurst', name: 'wiremock-standalone', version: '2.27.2' From f5b67c8af6777e70cddf44e2cacf7b06637c902c Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 15:46:23 +0100 Subject: [PATCH 12/13] Update to auth-checker. --- api/build.gradle | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/api/build.gradle b/api/build.gradle index 9d6d18e2b..13aed1927 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -71,9 +71,8 @@ def javaLoggingVersion = '6.0.1' dependencies { implementation project(':fees-register-model') implementation project(':fees-register-api-contract') - implementation (group: 'com.github.hmcts', name: 'auth-checker-lib', version: '2.3.0') { - exclude(module: 'java-logging-spring') - } + + implementation group: 'com.github.hmcts', name: 'auth-checker-lib', version: '2.2.0' implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web' implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa' @@ -93,7 +92,7 @@ dependencies { } testImplementation group: 'org.springframework.security', name: 'spring-security-test', version: '5.2.1.RELEASE' testImplementation group: 'org.hsqldb', name: 'hsqldb', version: '2.3.5' - testImplementation group: 'io.rest-assured', name: 'rest-assured' + testImplementation group: 'io.rest-assured', name: 'rest-assured', version: '5.5.0' testImplementation group: 'org.projectlombok', name: 'lombok', version: '1.18.28' annotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.28' From d2a4f865f99f9785e8d78b3c4c26c193d8350f83 Mon Sep 17 00:00:00 2001 From: David Jones Date: Mon, 22 Jul 2024 15:53:32 +0100 Subject: [PATCH 13/13] Update to auth-checker. --- api/build.gradle | 2 +- build.gradle | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/api/build.gradle b/api/build.gradle index 13aed1927..e26843d2b 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -92,7 +92,7 @@ dependencies { } testImplementation group: 'org.springframework.security', name: 'spring-security-test', version: '5.2.1.RELEASE' testImplementation group: 'org.hsqldb', name: 'hsqldb', version: '2.3.5' - testImplementation group: 'io.rest-assured', name: 'rest-assured', version: '5.5.0' + testImplementation group: 'io.rest-assured', name: 'rest-assured' testImplementation group: 'org.projectlombok', name: 'lombok', version: '1.18.28' annotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.28' diff --git a/build.gradle b/build.gradle index ae6fb421a..b78ddee27 100644 --- a/build.gradle +++ b/build.gradle @@ -124,7 +124,6 @@ subprojects { implementation('com.sun.xml.bind:jaxb-osgi:2.3.1') implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.1' implementation group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.17.1' - implementation group: 'org.apache.httpcomponents.client5', name: 'httpclient5', version: '5.3.1' implementation group:'org.dom4j',name:'dom4j',version: '2.1.3' implementation group: 'org.owasp.encoder', name: 'encoder', version: '1.2' testImplementation group: 'com.github.tomakehurst', name: 'wiremock-standalone', version: '2.27.2'