Spring upgrade to 3.3.6 (#8325)

* builds but doesn't run * deprecated method and graphql-java update * Spring 3.3 pause to do 3.2 * spring 3.2 building and running * spring 3.2.11 building and running * minimum dependencies for 3.3.0 failure * spring 3.3.0 building and running * 3.3.1 building and running * 3.3.3 building and running * 3.3.4 building and running * 3.3.6 building and running * fixing tests * cleanup * fixing backend linting * increasing test coverage for sonar * timezone agnostic tests * formatting * testing linting precommit * testing linting precommit * checkstyleTest precommit takes too long * sonar fix * adding getter comment * more comment detail * comment format change * renaming isDeleted method to getIsDeleted
CDCgov · Dec 10, 2024 · 3b272d0 · 3b272d0
1 parent 56975a0
commit 3b272d0
Show file tree

Hide file tree

Showing 28 changed files with 388 additions and 229 deletions.
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -5,7 +5,7 @@ buildscript {
 }
 
 plugins {
-    id 'org.springframework.boot' version '3.1.7'
+    id 'org.springframework.boot' version '3.3.6'
     id 'org.liquibase.gradle' version '3.0.1'
     id 'io.spring.dependency-management' version '1.1.6'
     id 'java'
@@ -23,9 +23,9 @@ java {
 }
 
 ext {
-    set('springCloudVersion', "2022.0.4")
+    set('springCloudVersion', "2023.0.1")
     set('oktaVersion', "13.0.2")
-    set('hibernate.version', '6.3.1.Final') // temporary until update to spring 3.2+
+    set('hibernate.version', '6.6.2.Final')
 }
 repositories {
     mavenCentral()
@@ -37,19 +37,19 @@ jar {
 
 dependencies {
     // core infrastructure
-    implementation 'org.springframework.boot:spring-boot-starter-web:3.3.4'
+    implementation 'org.springframework.boot:spring-boot-starter-web:3.3.6'
     implementation 'org.springframework.boot:spring-boot-starter-cache'
     implementation 'org.springframework.boot:spring-boot-actuator'
     implementation 'org.springframework.boot:spring-boot-actuator-autoconfigure'
 
     // graphql
-    implementation 'org.springframework.boot:spring-boot-starter-graphql:3.1.10'
-    implementation 'org.springframework:spring-web:6.0.18'
+    implementation 'org.springframework.boot:spring-boot-starter-graphql:3.3.6'
+    implementation 'org.springframework:spring-web:6.1.15'
     testImplementation 'org.springframework:spring-webflux'
     testImplementation 'org.springframework.graphql:spring-graphql-test'
-    implementation 'com.graphql-java:graphql-java:20.9'
+    implementation 'com.graphql-java:graphql-java:22.3'
     // graphql-java-extended-validation schema directives
-    implementation 'com.graphql-java:graphql-java-extended-validation:21.0'
+    implementation 'com.graphql-java:graphql-java-extended-validation:22.0'
     // graphql-java-extended-scalars
     implementation 'com.graphql-java:graphql-java-extended-scalars:22.0'
 
@@ -68,12 +68,12 @@ dependencies {
      * DevSecOps verifies these packages at least once per month. LAST VERIFIED: 10 July 2024.
      */
     implementation 'com.squareup.okio:okio:3.9.1'
-    implementation 'org.springframework:spring-core:6.0.16'
-    implementation 'org.springframework.security:spring-security-core:6.1.8'
-    implementation 'org.springframework.security:spring-security-oauth2-client:6.3.1'
-    implementation 'org.apache.tomcat.embed:tomcat-embed-core:10.1.30'
-    implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:10.1.19'
-    implementation 'org.springframework.security:spring-security-web:6.1.7'
+    implementation 'org.springframework:spring-core:6.1.15'
+    implementation 'org.springframework.security:spring-security-core:6.3.5'
+    implementation 'org.springframework.security:spring-security-oauth2-client:6.3.5'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-core:10.1.33'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:10.1.33'
+    implementation 'org.springframework.security:spring-security-web:6.3.5'
 
     // non-pinned security dependencies
     implementation 'org.owasp.encoder:encoder:1.2'
@@ -84,7 +84,7 @@ dependencies {
     // this provides additional types for JsonB and for ListArray types in Postgres
     implementation 'io.hypersistence:hypersistence-utils-hibernate-62:3.7.6'
     implementation 'org.liquibase:liquibase-core:4.29.1'
-    implementation 'org.postgresql:postgresql:42.7.3'
+    implementation 'org.postgresql:postgresql:42.7.4'
 
     // data validation
     implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.28'
@@ -154,15 +154,10 @@ dependencies {
     testImplementation "com.github.tomakehurst:wiremock-jre8-standalone:2.35.0"
 
     implementation 'ca.uhn.hapi.fhir:hapi-fhir-structures-r4:7.4.4'
-    implementation('com.fasterxml.jackson.core:jackson-core') {
-        // workaround for a sibling dependency version bug in the v7 upgrade to the HAPI library
-        // that was causing a serialization issue
-        version {
-            strictly '2.16.1'
-        }
-    }
+    implementation 'com.fasterxml.jackson.core:jackson-core:2.17.3'
 
     implementation 'commons-validator:commons-validator:1.9.0'
+    implementation 'org.bouncycastle:bcpkix-jdk18on:1.79'
 
     // Needed for Liquibase Gradle Plugin
     liquibaseRuntime 'org.liquibase:liquibase-core:4.29.1'

diff --git a/backend/gradle.lockfile b/backend/gradle.lockfile
diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/api/model/ApiFacility.java b/backend/src/main/java/gov/cdc/usds/simplereport/api/model/ApiFacility.java
@@ -30,7 +30,7 @@ public String getEmail() {
   }
 
   public boolean getIsDeleted() {
-    return getWrapped().isDeleted();
+    return getWrapped().getIsDeleted();
   }
 
   public List<DeviceType> getDeviceTypes() {

diff --git a/...rc/main/java/gov/cdc/usds/simplereport/api/organization/OrganizationMutationResolver.java b/...rc/main/java/gov/cdc/usds/simplereport/api/organization/OrganizationMutationResolver.java
@@ -193,7 +193,7 @@ public Organization markOrganizationAsDeleted(
     // Only set user to be deleted if they are an active, without check mutation will fail.
     usersInOrgToBeUpdated.forEach(
         user -> {
-          if (!user.isDeleted()) {
+          if (!user.getIsDeleted()) {
             apiUserService.setIsDeleted(user.getInternalId(), deleted);
           }
         });

diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/config/ReportStreamCallbackConfig.java b/backend/src/main/java/gov/cdc/usds/simplereport/config/ReportStreamCallbackConfig.java
@@ -27,7 +27,7 @@ ReportStreamCallbackService configuredService(
   }
 
   @Bean(name = "reportStreamCallbackService")
-  @ConditionalOnMissingBean
+  @ConditionalOnMissingBean(ReportStreamCallbackService.class)
   ReportStreamCallbackService noopService() {
     return new ReportStreamCallbackService() {
       @Override

diff --git a/...c/main/java/gov/cdc/usds/simplereport/config/authorization/UserAuthorizationVerifier.java b/...c/main/java/gov/cdc/usds/simplereport/config/authorization/UserAuthorizationVerifier.java
@@ -182,7 +182,7 @@ public boolean userCanAccessFacility(UUID facilityId) {
         Optional<Facility> fac =
             _facilityRepo.findByOrganizationAndInternalIdAllowDeleted(
                 orgRoles.getOrganization(), facilityId);
-        return fac.isPresent() && fac.get().isDeleted();
+        return fac.isPresent() && fac.get().getIsDeleted();
       }
     }
     return false;

diff --git a/...c/main/java/gov/cdc/usds/simplereport/config/scalars/datetime/DateTimeScalarCoercion.java b/...c/main/java/gov/cdc/usds/simplereport/config/scalars/datetime/DateTimeScalarCoercion.java
@@ -1,6 +1,9 @@
 package gov.cdc.usds.simplereport.config.scalars.datetime;
 
+import graphql.GraphQLContext;
+import graphql.execution.CoercedVariables;
 import graphql.language.StringValue;
+import graphql.language.Value;
 import graphql.schema.Coercing;
 import graphql.schema.CoercingParseLiteralException;
 import graphql.schema.CoercingParseValueException;
@@ -13,11 +16,13 @@
 import java.time.format.DateTimeParseException;
 import java.util.Date;
 import java.util.List;
+import java.util.Locale;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
 
 @Slf4j
-class DateTimeScalarCoercion implements Coercing<Date, Object> {
+public class DateTimeScalarCoercion implements Coercing<Date, Object> {
 
   public static final DateTimeFormatter ISO_LOCAL_DATE =
       DateTimeFormatter.ISO_LOCAL_DATE.withZone(ZoneOffset.UTC);
@@ -26,7 +31,7 @@ class DateTimeScalarCoercion implements Coercing<Date, Object> {
           DateTimeFormatter.ISO_INSTANT.withZone(ZoneOffset.UTC),
           DateTimeFormatter.ISO_LOCAL_DATE_TIME.withZone(ZoneOffset.UTC));
 
-  private Date convertImpl(Object input) {
+  public Date convertImpl(Object input) {
     if (input == null) return null;
     else if (input instanceof String) {
       if (StringUtils.isBlank((String) input)) {
@@ -65,10 +70,12 @@ private LocalDateTime getLocalDateTime(Date input) {
   }
 
   @Override
-  public Object serialize(Object dataFetcherResult) throws CoercingSerializeException {
-    if (dataFetcherResult == null) {
-      throw new CoercingSerializeException("Unable to serialize null value");
-    } else if (dataFetcherResult instanceof Date) {
+  public Object serialize(
+      @NotNull Object dataFetcherResult,
+      @NotNull GraphQLContext graphQLContext,
+      @NotNull Locale locale)
+      throws CoercingSerializeException {
+    if (dataFetcherResult instanceof Date) {
       return getISOString(getLocalDateTime((Date) dataFetcherResult));
     } else if (dataFetcherResult instanceof String) {
       LocalDateTime localDateTime = getLocalDateTime((String) dataFetcherResult);
@@ -83,8 +90,10 @@ private static String getISOString(LocalDateTime localDateTime) {
   }
 
   @Override
-  public Date parseValue(Object input) throws CoercingParseValueException {
-    if (((String) input).length() == 0) {
+  public Date parseValue(
+      @NotNull Object input, @NotNull GraphQLContext graphQLContext, @NotNull Locale locale)
+      throws CoercingParseValueException {
+    if (((String) input).isEmpty()) {
       return null;
     }
     Date result = convertImpl(input);
@@ -95,7 +104,12 @@ public Date parseValue(Object input) throws CoercingParseValueException {
   }
 
   @Override
-  public Date parseLiteral(Object input) throws CoercingParseLiteralException {
+  public Date parseLiteral(
+      @NotNull Value<?> input,
+      @NotNull CoercedVariables coercedVariables,
+      @NotNull GraphQLContext graphQLContext,
+      @NotNull Locale locale)
+      throws CoercingParseLiteralException {
     String value = ((StringValue) input).getValue();
     Date result = convertImpl(value);
     if (result == null) {

diff --git a/...rc/main/java/gov/cdc/usds/simplereport/config/scalars/localdate/FlexibleDateCoercion.java b/...rc/main/java/gov/cdc/usds/simplereport/config/scalars/localdate/FlexibleDateCoercion.java
@@ -1,13 +1,18 @@
 package gov.cdc.usds.simplereport.config.scalars.localdate;
 
+import graphql.GraphQLContext;
+import graphql.execution.CoercedVariables;
 import graphql.language.StringValue;
+import graphql.language.Value;
 import graphql.schema.Coercing;
 import graphql.schema.CoercingParseLiteralException;
 import graphql.schema.CoercingParseValueException;
 import graphql.schema.CoercingSerializeException;
 import java.time.LocalDate;
 import java.time.Period;
 import java.time.format.DateTimeFormatter;
+import java.util.Locale;
+import org.jetbrains.annotations.NotNull;
 
 public class FlexibleDateCoercion implements Coercing<Object, Object> {
   private static final DateTimeFormatter US_DASHDATE_FORMATTER = DateTimeFormatter.ISO_LOCAL_DATE;
@@ -36,7 +41,10 @@ public LocalDate convertImpl(Object input) {
   }
 
   @Override
-  public Object serialize(Object dataFetcherResult) {
+  public Object serialize(
+      @NotNull Object dataFetcherResult,
+      @NotNull GraphQLContext graphQLContext,
+      @NotNull Locale locale) {
     LocalDate result = convertImpl(dataFetcherResult);
     if (result == null) {
       throw new CoercingSerializeException("Unable to serialize null value");
@@ -45,7 +53,8 @@ public Object serialize(Object dataFetcherResult) {
   }
 
   @Override
-  public Object parseValue(Object input) {
+  public Object parseValue(
+      @NotNull Object input, @NotNull GraphQLContext graphQLContext, @NotNull Locale locale) {
     if (((String) input).length() == 0) {
       return null;
     }
@@ -57,7 +66,11 @@ public Object parseValue(Object input) {
   }
 
   @Override
-  public Object parseLiteral(Object input) {
+  public Object parseLiteral(
+      @NotNull Value<?> input,
+      @NotNull CoercedVariables coercedVariables,
+      @NotNull GraphQLContext graphQLContext,
+      @NotNull Locale locale) {
     String value = ((StringValue) input).getValue();
     LocalDate result = convertImpl(value);
     if (result == null) {

diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/db/model/Eternal.java b/backend/src/main/java/gov/cdc/usds/simplereport/db/model/Eternal.java
@@ -3,7 +3,7 @@
 /** Marker interface for an entity that gets soft-deleted when it is "destroyed". */
 public interface Eternal {
 
-  boolean isDeleted();
+  boolean getIsDeleted();
 
   void setIsDeleted(boolean deleted);
 }
diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/db/model/EternalAuditedEntity.java b/backend/src/main/java/gov/cdc/usds/simplereport/db/model/EternalAuditedEntity.java
@@ -17,7 +17,7 @@ public abstract class EternalAuditedEntity extends AuditedEntity implements Eter
   @JsonIgnore // this is an artifact of serializing the data at test time, but also seems...
   // correct?
   @Override
-  public boolean isDeleted() {
+  public boolean getIsDeleted() {
     return isDeleted;
   }
 

diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/db/model/EternalSystemManagedEntity.java b/backend/src/main/java/gov/cdc/usds/simplereport/db/model/EternalSystemManagedEntity.java
@@ -17,7 +17,7 @@ public abstract class EternalSystemManagedEntity extends SystemManagedEntity imp
   @JsonIgnore // this is an artifact of serializing the data at test time, but also seems...
   // correct?
   @Override
-  public boolean isDeleted() {
+  public boolean getIsDeleted() {
     return isDeleted;
   }
 

diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/db/model/Facility.java b/backend/src/main/java/gov/cdc/usds/simplereport/db/model/Facility.java
@@ -89,7 +89,9 @@ public void addDeviceType(DeviceType device) {
   }
 
   public List<DeviceType> getDeviceTypes() {
-    return configuredDeviceTypes.stream().filter(e -> !e.isDeleted()).collect(Collectors.toList());
+    return configuredDeviceTypes.stream()
+        .filter(e -> !e.getIsDeleted())
+        .collect(Collectors.toList());
   }
 
   public void removeDeviceType(DeviceType deletedDevice) {

diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/db/model/Person.java b/backend/src/main/java/gov/cdc/usds/simplereport/db/model/Person.java
@@ -300,12 +300,12 @@ public boolean equals(Object o) {
         && birthDate.equals(person.birthDate)
         && Objects.equals(facility, person.facility)
         && Objects.equals(getOrganization(), person.getOrganization())
-        && (isDeleted() == person.isDeleted());
+        && (getIsDeleted() == person.getIsDeleted());
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(nameInfo, birthDate, facility, getOrganization(), isDeleted());
+    return Objects.hash(nameInfo, birthDate, facility, getOrganization(), getIsDeleted());
   }
 
   public void updatePatient(

diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/logging/AuditLoggingInstrumentation.java b/backend/src/main/java/gov/cdc/usds/simplereport/logging/AuditLoggingInstrumentation.java
@@ -15,8 +15,9 @@
 import graphql.GraphQLContext;
 import graphql.execution.instrumentation.InstrumentationContext;
 import graphql.execution.instrumentation.InstrumentationState;
-import graphql.execution.instrumentation.SimpleInstrumentation;
 import graphql.execution.instrumentation.SimpleInstrumentationContext;
+import graphql.execution.instrumentation.SimplePerformantInstrumentation;
+import graphql.execution.instrumentation.parameters.InstrumentationCreateStateParameters;
 import graphql.execution.instrumentation.parameters.InstrumentationExecutionParameters;
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
@@ -31,11 +32,11 @@
 @Component
 @Slf4j
 @RequiredArgsConstructor
-public class AuditLoggingInstrumentation extends SimpleInstrumentation {
+public class AuditLoggingInstrumentation extends SimplePerformantInstrumentation {
   private final AuditService _auditService;
 
   @Override
-  public InstrumentationState createState() {
+  public InstrumentationState createState(InstrumentationCreateStateParameters parameters) {
     GraphqlQueryState state = new GraphqlQueryState();
     log.trace("Creating state={} for audit", state);
     return state;
@@ -44,13 +45,13 @@ public InstrumentationState createState() {
   @Override
   @SuppressWarnings("checkstyle:IllegalCatch")
   public InstrumentationContext<ExecutionResult> beginExecution(
-      InstrumentationExecutionParameters parameters) {
+      InstrumentationExecutionParameters parameters, InstrumentationState instrumentationState) {
     String executionId = parameters.getExecutionInput().getExecutionId().toString();
     log.trace("Instrumenting query executionId={} for audit", executionId);
     try {
       GraphQLContext graphQLContext = parameters.getGraphQLContext();
       Subject subject = graphQLContext.get(SUBJECT_KEY);
-      GraphqlQueryState state = parameters.getInstrumentationState();
+      GraphqlQueryState state = (GraphqlQueryState) instrumentationState;
       state.setRequestId(executionId);
 
       HttpServletRequest httpServletRequest = graphQLContext.get(HTTP_SERVLET_REQUEST_KEY);

diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/logging/QueryLoggingInstrumentation.java b/backend/src/main/java/gov/cdc/usds/simplereport/logging/QueryLoggingInstrumentation.java
@@ -7,7 +7,8 @@
 import com.microsoft.applicationinsights.telemetry.RequestTelemetry;
 import graphql.ExecutionResult;
 import graphql.execution.instrumentation.InstrumentationContext;
-import graphql.execution.instrumentation.SimpleInstrumentation;
+import graphql.execution.instrumentation.InstrumentationState;
+import graphql.execution.instrumentation.SimplePerformantInstrumentation;
 import graphql.execution.instrumentation.parameters.InstrumentationExecutionParameters;
 import graphql.execution.instrumentation.parameters.InstrumentationValidationParameters;
 import graphql.language.Field;
@@ -25,7 +26,7 @@
 /** Created by nickrobison on 11/27/20 */
 @Component
 @Slf4j
-public class QueryLoggingInstrumentation extends SimpleInstrumentation {
+public class QueryLoggingInstrumentation extends SimplePerformantInstrumentation {
 
   private final TelemetryClient client;
   private final boolean isDebugEnabled;
@@ -37,7 +38,7 @@ public QueryLoggingInstrumentation(TelemetryClient client) {
 
   @Override
   public InstrumentationContext<List<ValidationError>> beginValidation(
-      InstrumentationValidationParameters parameters) {
+      InstrumentationValidationParameters parameters, InstrumentationState state) {
     if (isDebugEnabled) {
       // Descend through the GraphQL query and pull out the field names and variables from the
       // operation definitions
@@ -52,12 +53,12 @@ public InstrumentationContext<List<ValidationError>> beginValidation(
               .collect(Collectors.toSet());
       log.debug("Selecting fields: {}", fieldSet);
     }
-    return super.beginValidation(parameters);
+    return super.beginValidation(parameters, state);
   }
 
   @Override
   public InstrumentationContext<ExecutionResult> beginExecution(
-      InstrumentationExecutionParameters parameters) {
+      InstrumentationExecutionParameters parameters, InstrumentationState state) {
     final long queryStart = System.currentTimeMillis();
     final String executionId = parameters.getExecutionInput().getExecutionId().toString();
     // Add the execution ID to the sfl4j MDC and the response headers