PI-1493 Create initial project for hmpps-auth-and-delius (#2318)

* PI-1493 Create initial project for hmpps-auth-and-delius

* Update audit user name

---------

Co-authored-by: Marcus Aspin <[email protected]>

.github/workflows/access.yml

@@ -38,6 +38,7 @@ on:
           - '["resettlement-passport-and-delius"]'
           - '["prison-education-and-delius"]'
           - '["opd-and-delius"]'
+          - '["hmpps-auth-and-delius"]'
           # ^ add new projects here
           # GitHub Actions doesn't support dynamic choices, we must add each project here to enable manual deployments
           # See https://github.com/community/community/discussions/11795

.github/workflows/build.yml

@@ -61,6 +61,7 @@ jobs:
           - resettlement-passport-and-delius
           - prison-education-and-delius
           - opd-and-delius
+          - hmpps-auth-and-delius
           # ^ add new projects here
           # GitHub Actions doesn't support dynamic choices, we must add each project here to enable manual deployments
           # See https://github.com/community/community/discussions/11795

.github/workflows/deploy.yml

@@ -51,6 +51,7 @@ on:
           - '["resettlement-passport-and-delius"]'
           - '["prison-education-and-delius"]'
           - '["opd-and-delius"]'
+          - '["hmpps-auth-and-delius"]'
           # ^ add new projects here
           # GitHub Actions doesn't support dynamic choices, we must add each project here to enable manual deployments
           # See https://github.com/community/community/discussions/11795

.github/workflows/docs.yml

@@ -44,6 +44,7 @@ on:
           - '["resettlement-passport-and-delius"]'
           - '["prison-education-and-delius"]'
           - '["opd-and-delius"]'
+          - '["hmpps-auth-and-delius"]'
           # ^ add new projects here
           # GitHub Actions doesn't support dynamic choices, we must add each project here to enable manual deployments
           # See https://github.com/community/community/discussions/11795

.github/workflows/end-to-end-tests.yml

@@ -65,6 +65,7 @@ on:
           - '["resettlement-passport-and-delius"]'
           - '["prison-education-and-delius"]'
           - '["opd-and-delius"]'
+          - '["hmpps-auth-and-delius"]'
           # ^ add new projects here
           # GitHub Actions doesn't support dynamic choices, we must add each project here to enable manual deployments
           # See https://github.com/community/community/discussions/11795

.github/workflows/suppress-trivy.yml

@@ -43,6 +43,7 @@ on:
           - resettlement-passport-and-delius
           - prison-education-and-delius
           - opd-and-delius
+          - hmpps-auth-and-delius
           # ^ add new projects here
           # GitHub Actions doesn't support dynamic choices, we must add each project here to enable manual deployments
           # See https://github.com/community/community/discussions/11795

doc/tech-docs/source/index.html.md.erb

@@ -45,5 +45,6 @@ Follow these links to find out more about each of our integration services.
 * [Resettlement Passport And Delius](https://ministryofjustice.github.io/hmpps-probation-integration-services/tech-docs/projects/resettlement-passport-and-delius)
 * [Prison Education And Delius](https://ministryofjustice.github.io/hmpps-probation-integration-services/tech-docs/projects/prison-education-and-delius)
 * [Opd And Delius](https://ministryofjustice.github.io/hmpps-probation-integration-services/tech-docs/projects/opd-and-delius)
+* [Hmpps Auth And Delius](https://ministryofjustice.github.io/hmpps-probation-integration-services/tech-docs/projects/hmpps-auth-and-delius)
 <li style="display: none">^ add new projects here</li>
 

projects/hmpps-auth-and-delius/README.md

@@ -0,0 +1,3 @@
+# hmpps-auth-and-delius
+
+// TODO Describe the service

projects/hmpps-auth-and-delius/applicationinsights.json

@@ -0,0 +1,62 @@
+{
+  "role": {
+    "name": "hmpps-auth-and-delius"
+  },
+  "customDimensions": {
+    "service.version": "${VERSION}",
+    "service.team": "probation-integration"
+  },
+  "instrumentation": {
+    "logging": {
+      "level": "DEBUG"
+    },
+    "springScheduling": {
+      "enabled": false
+    }
+  },
+  "selfDiagnostics": {
+    "destination": "console"
+  },
+  "sampling": {
+    "percentage": 100
+  },
+  "preview": {
+    "sampling": {
+      "overrides": [
+        {
+          "telemetryType": "request",
+          "attributes": [
+            {
+              "key": "http.url",
+              "value": "https?://[^/]+/health/?.*",
+              "matchType": "regexp"
+            }
+          ],
+          "percentage": 0
+        },
+        {
+          "telemetryType": "dependency",
+          "attributes": [
+            {
+              "key": "db.statement",
+              "value": ".*CLIENT_IDENTIFIER.*",
+              "matchType": "regexp"
+            }
+          ],
+          "percentage": 0
+        },
+        {
+          "telemetryType": "dependency",
+          "attributes": [
+            {
+              "key": "db.operation",
+              "value": "SELECT",
+              "matchType": "strict"
+            }
+          ],
+          "percentage": 10
+        }
+      ]
+    }
+  }
+}

projects/hmpps-auth-and-delius/build.gradle.kts

@@ -0,0 +1,37 @@
+import uk.gov.justice.digital.hmpps.extensions.ClassPathExtension
+
+apply(plugin = "com.google.cloud.tools.jib")
+
+dependencies {
+    implementation(project(":libs:audit"))
+    implementation(project(":libs:commons"))
+    implementation(project(":libs:oauth-client"))
+    implementation(project(":libs:oauth-server"))
+
+    implementation("org.springframework.boot:spring-boot-starter-actuator")
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+    implementation("org.springframework.boot:spring-boot-starter-security")
+    implementation("org.springframework.boot:spring-boot-starter-validation")
+    implementation("org.springframework.boot:spring-boot-starter-web")
+    implementation("org.jetbrains.kotlin:kotlin-reflect")
+    implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
+    implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
+    implementation(libs.springdoc)
+
+    dev(project(":libs:dev-tools"))
+    dev("com.h2database:h2")
+    dev("org.testcontainers:oracle-xe")
+
+    runtimeOnly("com.oracle.database.jdbc:ojdbc11")
+
+    testImplementation("org.springframework.boot:spring-boot-starter-test")
+    testImplementation(libs.bundles.mockito)
+}
+
+configure<ClassPathExtension> {
+    jacocoExclusions = listOf(
+        "**/config/**",
+        "**/entity/**",
+        "**/AppKt.class"
+    )
+}

projects/hmpps-auth-and-delius/deploy/Chart.yaml

@@ -0,0 +1,13 @@
+apiVersion: v2
+appVersion: '1.0'
+description: A Helm chart for Kubernetes
+name: hmpps-auth-and-delius
+version: 1.0.0
+
+dependencies:
+  - name: generic-service
+    version: 2.6.0
+    repository: https://ministryofjustice.github.io/hmpps-helm-charts
+  - name: generic-prometheus-alerts
+    version: 1.3.2
+    repository: https://ministryofjustice.github.io/hmpps-helm-charts

projects/hmpps-auth-and-delius/deploy/database/access.yml

@@ -0,0 +1,9 @@
+database:
+  access:
+    username_key: /hmpps-auth-and-delius/db-username
+    password_key: /hmpps-auth-and-delius/db-password
+
+  audit:
+    username: HmppsAuthAndDelius
+    forename: HMPPS Auth
+    surname: Service

projects/hmpps-auth-and-delius/deploy/values-dev.yml

@@ -0,0 +1,18 @@
+enabled: false # TODO set this to true when you're ready to deploy your service
+
+generic-service:
+  ingress:
+    host: hmpps-auth-and-delius-dev.hmpps.service.justice.gov.uk
+
+  scheduledDowntime:
+    enabled: true
+
+  env:
+    SENTRY_ENVIRONMENT: dev
+    SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/.well-known/jwks.json
+    SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
+
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
+
+generic-prometheus-alerts:
+  businessHoursOnly: true

projects/hmpps-auth-and-delius/deploy/values-preprod.yml

@@ -0,0 +1,16 @@
+enabled: false # TODO set this to true when you're ready to deploy your service
+
+generic-service:
+  ingress:
+    host: hmpps-auth-and-delius-preprod.hmpps.service.justice.gov.uk
+
+  scheduledDowntime:
+    enabled: true
+
+  env:
+    SENTRY_ENVIRONMENT: preprod
+    SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: https://sign-in-preprod.hmpps.service.justice.gov.uk/auth/.well-known/jwks.json
+    SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-preprod.hmpps.service.justice.gov.uk/auth/issuer
+
+generic-prometheus-alerts:
+  businessHoursOnly: true

projects/hmpps-auth-and-delius/deploy/values-prod.yml

@@ -0,0 +1,10 @@
+enabled: false # TODO set this to true when you're ready to deploy your service
+
+generic-service:
+  ingress:
+    host: hmpps-auth-and-delius.hmpps.service.justice.gov.uk
+
+  env:
+    SENTRY_ENVIRONMENT: prod
+    SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: https://sign-in.hmpps.service.justice.gov.uk/auth/.well-known/jwks.json
+    SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in.hmpps.service.justice.gov.uk/auth/issuer

projects/hmpps-auth-and-delius/deploy/values.yaml

@@ -0,0 +1,22 @@
+# Common values
+generic-service:
+  nameOverride: hmpps-auth-and-delius
+
+  image:
+    repository: ghcr.io/ministryofjustice/hmpps-probation-integration-services/hmpps-auth-and-delius
+
+  ingress:
+    tlsSecretName: hmpps-auth-and-delius-cert
+
+  namespace_secrets:
+    common:
+      SPRING_DATASOURCE_URL: DB_URL
+    hmpps-auth-and-delius-database:
+      SPRING_DATASOURCE_USERNAME: DB_USERNAME
+      SPRING_DATASOURCE_PASSWORD: DB_PASSWORD
+    hmpps-auth-and-delius-sentry:
+      SENTRY_DSN: SENTRY_DSN
+
+generic-prometheus-alerts:
+  targetApplication: hmpps-auth-and-delius
+

projects/hmpps-auth-and-delius/settings.gradle.kts

@@ -0,0 +1 @@
+rootProject.name = "hmpps-auth-and-delius"

projects/hmpps-auth-and-delius/src/dev/kotlin/uk/gov/justice/digital/hmpps/data/DataLoader.kt

@@ -0,0 +1,25 @@
+package uk.gov.justice.digital.hmpps.data
+
+import jakarta.annotation.PostConstruct
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
+import org.springframework.boot.context.event.ApplicationReadyEvent
+import org.springframework.context.ApplicationListener
+import org.springframework.stereotype.Component
+import uk.gov.justice.digital.hmpps.data.generator.UserGenerator
+import uk.gov.justice.digital.hmpps.user.AuditUserRepository
+
+@Component
+@ConditionalOnProperty("seed.database")
+class DataLoader(
+    private val auditUserRepository: AuditUserRepository
+) : ApplicationListener<ApplicationReadyEvent> {
+
+    @PostConstruct
+    fun saveAuditUser() {
+        auditUserRepository.save(UserGenerator.AUDIT_USER)
+    }
+
+    override fun onApplicationEvent(are: ApplicationReadyEvent) {
+        // Perform dev/test database setup here, using JPA repositories and generator classes...
+    }
+}

projects/hmpps-auth-and-delius/src/dev/kotlin/uk/gov/justice/digital/hmpps/data/generator/UserGenerator.kt

@@ -0,0 +1,7 @@
+package uk.gov.justice.digital.hmpps.data.generator
+
+import uk.gov.justice.digital.hmpps.user.AuditUser
+
+object UserGenerator {
+    val AUDIT_USER = AuditUser(IdGenerator.getAndIncrement(), "HmppsAuthAndDelius")
+}

projects/hmpps-auth-and-delius/src/dev/resources/local-public-key.pub

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo3hw1/oChbttEOxEH4NUDrH+Y
+n2x0DavAmDjMbhcSiQ6+/t8Nz/N03BauWzFOGBtftnQrHfnF+O7RAKj8zMjcbIq4
+QrYeXEpnaFCGEwTtOBpxvSEWPrLEpr1gCarBQZDp67ag+SYqrDgkn2Vme/dMvMUQ
+xUO3DT6jg9921J6TlwIDAQAB
+-----END PUBLIC KEY-----

projects/hmpps-auth-and-delius/src/dev/resources/simulations/__files/hmpps-auth-token-body.json

@@ -0,0 +1,10 @@
+{
+  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJwcm9iYXRpb24taW50ZWdyYXRpb24tZGV2IiwiZ3JhbnRfdHlwZSI6ImNsaWVudF9jcmVkZW50aWFscyIsInVzZXJfbmFtZSI6InByb2JhdGlvbi1pbnRlZ3JhdGlvbi1kZXYiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiYXV0aF9zb3VyY2UiOiJub25lIiwiaXNzIjoiaHR0cHM6Ly9zaWduLWluLWRldi5obXBwcy5zZXJ2aWNlLmp1c3RpY2UuZ292LnVrL2F1dGgvaXNzdWVyIiwiZXhwIjo5OTk5OTk5OTk5LCJhdXRob3JpdGllcyI6WyJST0xFX0VYQU1QTEUiLCJST0xFX1dPUktMT0FEX1JFQUQiLCJST0xFX0FMTE9DQVRJT05fQ09OVEVYVCJdLCJqdGkiOiIyNUR1Um4xLWh5SFpld0xjZEpKeHdWTDAzS1UiLCJjbGllbnRfaWQiOiJwcm9iYXRpb24taW50ZWdyYXRpb24tZGV2IiwiaWF0IjoxNjYzNzU3MzExfQ.5FTCUjA7QZMPxO_EMzkGNSM-IkPk2hfPXyzuNiAa7uuqYva_yCducrC5FdetAiC1W6XpUB7wfoMNDmbW2xepj5oRhcxDx18r92aLPYnKkxaA68hLQF90euMtTzfBzOPg-rKDTNIJKrUC-YoQlFKuCauw0Z5cw1XT6R9GIfi5Yx4",
+  "token_type": "bearer",
+  "expires_in": 9999999999,
+  "scope": "read write",
+  "sub": "probation-integration-dev",
+  "auth_source": "none",
+  "jti": "fN29JHJy1N7gcYvqe-8B_k5T0mA",
+  "iss": "https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer"
+}

projects/hmpps-auth-and-delius/src/dev/resources/simulations/mappings/hmpps-auth.json

@@ -0,0 +1,13 @@
+{
+  "request": {
+    "method": "POST",
+    "urlPath": "/auth/oauth/token"
+  },
+  "response": {
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "status": 200,
+    "bodyFileName": "hmpps-auth-token-body.json"
+  }
+}

projects/hmpps-auth-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/IntegrationTest.kt

@@ -0,0 +1,31 @@
+package uk.gov.justice.digital.hmpps
+
+import com.github.tomakehurst.wiremock.WireMockServer
+import org.junit.jupiter.api.Test
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT
+import org.springframework.boot.test.mock.mockito.MockBean
+import org.springframework.test.web.servlet.MockMvc
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
+import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
+import uk.gov.justice.digital.hmpps.security.withOAuth2Token
+import uk.gov.justice.digital.hmpps.telemetry.TelemetryService
+
+@AutoConfigureMockMvc
+@SpringBootTest(webEnvironment = RANDOM_PORT)
+internal class IntegrationTest {
+    @Autowired lateinit var mockMvc: MockMvc
+
+    @Autowired lateinit var wireMockServer: WireMockServer
+
+    @MockBean lateinit var telemetryService: TelemetryService
+
+    @Test
+    fun `API call retuns a success response`() {
+        mockMvc
+            .perform(get("/example/123").withOAuth2Token(wireMockServer))
+            .andExpect(status().is2xxSuccessful)
+    }
+}

projects/hmpps-auth-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/App.kt

@@ -0,0 +1,11 @@
+package uk.gov.justice.digital.hmpps
+
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.runApplication
+
+@SpringBootApplication
+class App
+
+fun main(args: Array<String>) {
+    runApplication<App>(*args)
+}