From 0d2a3193cbaea51ce76ab65b5af57a3d81ae4378 Mon Sep 17 00:00:00 2001 From: pmcphee77 <150798161+pmcphee77@users.noreply.github.com> Date: Thu, 29 Feb 2024 16:04:48 +0000 Subject: [PATCH 1/3] PI-1878: Added DOB to MAS (#3402) --- .../uk/gov/justice/digital/hmpps/OverviewIntegrationTest.kt | 1 + .../justice/digital/hmpps/api/model/overview/PersonalDetails.kt | 2 ++ .../uk/gov/justice/digital/hmpps/service/OverviewService.kt | 1 + .../digital/hmpps/api/controller/OverviewControllerTest.kt | 2 ++ 4 files changed, 6 insertions(+) diff --git a/projects/manage-supervision-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/OverviewIntegrationTest.kt b/projects/manage-supervision-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/OverviewIntegrationTest.kt index 79b1f890e2..bde8be3a5e 100644 --- a/projects/manage-supervision-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/OverviewIntegrationTest.kt +++ b/projects/manage-supervision-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/OverviewIntegrationTest.kt @@ -76,6 +76,7 @@ internal class OverviewIntegrationTest { assertThat(res.sentences[0].rar?.completed, equalTo(1)) assertThat(res.sentences[0].rar?.scheduled, equalTo(1)) assertThat(res.sentences[0].rar?.totalDays, equalTo(2)) + assertThat(res.personalDetails.dateOfBirth, equalTo(OVERVIEW.dateOfBirth)) } @Test diff --git a/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/model/overview/PersonalDetails.kt b/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/model/overview/PersonalDetails.kt index 8a4436b1b1..cdd3761609 100644 --- a/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/model/overview/PersonalDetails.kt +++ b/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/model/overview/PersonalDetails.kt @@ -1,10 +1,12 @@ package uk.gov.justice.digital.hmpps.api.model.overview import uk.gov.justice.digital.hmpps.api.model.Name +import java.time.LocalDate data class PersonalDetails( val name: Name, val preferredGender: String, + val dateOfBirth: LocalDate, val preferredName: String?, val telephoneNumber: String?, val mobileNumber: String?, diff --git a/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/service/OverviewService.kt b/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/service/OverviewService.kt index 6ddff98468..a980bbbc29 100644 --- a/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/service/OverviewService.kt +++ b/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/service/OverviewService.kt @@ -64,6 +64,7 @@ class OverviewService( preferredName = preferredName, personalCircumstances = personalCircumstances.map { it.toPersonalCircumstance() }, disabilities = disabilities.map { it.toDisability() }, + dateOfBirth = dateOfBirth, provisions = provisions.map { it.toProvision() }, ) diff --git a/projects/manage-supervision-and-delius/src/test/kotlin/uk/gov/justice/digital/hmpps/api/controller/OverviewControllerTest.kt b/projects/manage-supervision-and-delius/src/test/kotlin/uk/gov/justice/digital/hmpps/api/controller/OverviewControllerTest.kt index 6d3d01d23f..d70377edd0 100644 --- a/projects/manage-supervision-and-delius/src/test/kotlin/uk/gov/justice/digital/hmpps/api/controller/OverviewControllerTest.kt +++ b/projects/manage-supervision-and-delius/src/test/kotlin/uk/gov/justice/digital/hmpps/api/controller/OverviewControllerTest.kt @@ -14,6 +14,7 @@ import uk.gov.justice.digital.hmpps.api.model.overview.PersonalDetails import uk.gov.justice.digital.hmpps.api.model.overview.PreviousOrders import uk.gov.justice.digital.hmpps.api.model.overview.Schedule import uk.gov.justice.digital.hmpps.service.OverviewService +import java.time.LocalDate @ExtendWith(MockitoExtension::class) internal class OverviewControllerTest { @@ -35,6 +36,7 @@ internal class OverviewControllerTest { preferredGender = "Prefer not to say", preferredName = "Joe", telephoneNumber = "1234", + dateOfBirth = LocalDate.now().minusYears(50), provisions = emptyList() ) val overview = Overview( From fbbd67640e1f31a729cca776de7c4e1f36cd78bb Mon Sep 17 00:00:00 2001 From: Anthony Britton <105213050+anthony-britton-moj@users.noreply.github.com> Date: Thu, 29 Feb 2024 17:25:43 +0000 Subject: [PATCH 2/3] PI-1964 (#3404) * PI-1964 * Formatting changes * PI-1964 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .../generator/ConvictionEventGenerator.kt | 2 +- .../hmpps/entity/ConvictionEventEntity.kt | 23 ++++++++++++------- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/projects/soc-and-delius/src/dev/kotlin/uk/gov/justice/digital/hmpps/data/generator/ConvictionEventGenerator.kt b/projects/soc-and-delius/src/dev/kotlin/uk/gov/justice/digital/hmpps/data/generator/ConvictionEventGenerator.kt index d3f7c654e1..310d13c1fc 100644 --- a/projects/soc-and-delius/src/dev/kotlin/uk/gov/justice/digital/hmpps/data/generator/ConvictionEventGenerator.kt +++ b/projects/soc-and-delius/src/dev/kotlin/uk/gov/justice/digital/hmpps/data/generator/ConvictionEventGenerator.kt @@ -27,7 +27,7 @@ object ConvictionEventGenerator { ) val DEFAULT_EVENT = ConvictionEventEntity( IdGenerator.getAndIncrement(), - LocalDate.now(), + LocalDate.now().minusDays(1), PERSON ) val INACTIVE_EVENT = ConvictionEventEntity( diff --git a/projects/soc-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/entity/ConvictionEventEntity.kt b/projects/soc-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/entity/ConvictionEventEntity.kt index 6e8aa6e04f..c5745834c6 100644 --- a/projects/soc-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/entity/ConvictionEventEntity.kt +++ b/projects/soc-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/entity/ConvictionEventEntity.kt @@ -12,6 +12,7 @@ import org.hibernate.annotations.Immutable import org.hibernate.annotations.SQLRestriction import org.springframework.data.jpa.repository.EntityGraph import org.springframework.data.jpa.repository.JpaRepository +import org.springframework.data.jpa.repository.Query import java.time.LocalDate @Immutable @@ -165,14 +166,20 @@ class Offence( ) interface ConvictionEventRepository : JpaRepository { - @EntityGraph( - attributePaths = [ - "mainOffence.offence", - "additionalOffences.offence", - "disposal.type" - ] + @Query( + """ + select c from ConvictionEventEntity c + join fetch c.disposal d + join fetch d.type dt + join fetch c.mainOffence mo + join fetch mo.offence + left join fetch c.additionalOffences ao + left join fetch ao.offence + where c.convictionEventPerson.id = :personId and c.active = true + order by c.convictionDate desc + """ ) - fun getAllByConvictionEventPersonIdAndActiveIsTrueOrderByConvictionDateDesc(personId: Long): List + fun getActiveSentencedConvictions(personId: Long): List @EntityGraph( attributePaths = [ @@ -212,4 +219,4 @@ interface ConvictionEventRepository : JpaRepository } fun ConvictionEventRepository.getLatestConviction(personId: Long) = - getAllByConvictionEventPersonIdAndActiveIsTrueOrderByConvictionDateDesc(personId).firstOrNull() + getActiveSentencedConvictions(personId).firstOrNull() From 24dea416a1fa631ebce6198add8e63441b98c319 Mon Sep 17 00:00:00 2001 From: Marcus Aspin Date: Thu, 29 Feb 2024 17:33:07 +0000 Subject: [PATCH 3/3] PI-1940 Add feature-flags project in dev/preprod/prod (#3403) * PI-1940 Add feature-flags project in dev/preprod/prod * Fix preprod/prod redirect urls * Set namespace to probation-integration --- .github/dependabot.yml | 5 + .github/workflows/build.yml | 1 + .github/workflows/check.yml | 1 + .github/workflows/deploy.yml | 1 + .github/workflows/tools.yml | 16 +- README.md | 20 +- .../digital/hmpps/flags/FeatureFlags.kt | 3 +- .../deploy/values-prod.yml | 7 +- .../deploy/values-prod.yml | 6 - projects/feature-flags/.trivyignore | 1 + projects/feature-flags/container/Dockerfile | 4 + .../feature-flags/deploy/Chart.yaml | 0 .../deploy/grafana/flipt-evaluations.json | 355 +++++++++++ .../deploy/grafana/flipt-system.json | 568 ++++++++++++++++++ .../deploy/templates/grafana-dashboards.yml | 19 + projects/feature-flags/deploy/values-dev.yml | 13 + .../feature-flags/deploy/values-preprod.yml | 13 + projects/feature-flags/deploy/values-prod.yml | 7 + projects/feature-flags/deploy/values.yaml | 54 ++ .../opd-and-delius/deploy/values-prod.yml | 5 - .../deploy/values-prod.yml | 5 - .../deploy/values-prod.yml | 5 - templates/helm-defaults.yml | 3 + .../auth0/actions/Check GitHub teams/code.js | 53 -- tools/feature-flags/deploy/auth0/config.json | 7 - tools/feature-flags/deploy/auth0/tenant.yaml | 210 ------- tools/feature-flags/deploy/values.yaml | 55 -- 27 files changed, 1058 insertions(+), 379 deletions(-) create mode 100644 projects/feature-flags/.trivyignore create mode 100644 projects/feature-flags/container/Dockerfile rename {tools => projects}/feature-flags/deploy/Chart.yaml (100%) create mode 100644 projects/feature-flags/deploy/grafana/flipt-evaluations.json create mode 100644 projects/feature-flags/deploy/grafana/flipt-system.json create mode 100644 projects/feature-flags/deploy/templates/grafana-dashboards.yml create mode 100644 projects/feature-flags/deploy/values-dev.yml create mode 100644 projects/feature-flags/deploy/values-preprod.yml create mode 100644 projects/feature-flags/deploy/values-prod.yml create mode 100644 projects/feature-flags/deploy/values.yaml delete mode 100644 tools/feature-flags/deploy/auth0/actions/Check GitHub teams/code.js delete mode 100644 tools/feature-flags/deploy/auth0/config.json delete mode 100644 tools/feature-flags/deploy/auth0/tenant.yaml delete mode 100644 tools/feature-flags/deploy/values.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 713aea7183..ed9632a342 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -85,3 +85,8 @@ updates: directory: "/projects/redrive-dead-letter-queues/container" schedule: interval: "monthly" # to reduce frequency of AWS CLI updates + + - package-ecosystem: "docker" + directory: "/projects/feature-flags/container" + schedule: + interval: "daily" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8367e3b835..aaacb4da02 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -135,6 +135,7 @@ jobs: project: - person-search-index-from-delius - redrive-dead-letter-queues + - feature-flags steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index b030f8e11c..72f0fbef1f 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -45,6 +45,7 @@ jobs: VALIDATE_XML: true VALIDATE_YAML: true LINTER_RULES_PATH: / + FILTER_REGEX_EXCLUDE: .*projects/feature-flags/deploy/templates/grafana-dashboards.yml # yamlint doesn't like the Helm templating GITHUB_ACTIONS_CONFIG_FILE: .github/actionlint.yml GITHUB_ACTIONS_COMMAND_ARGS: -ignore=SC.+:info:.+ GITHUB_TOKEN: ${{ github.token }} \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2ba720197b..318e69b536 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -37,6 +37,7 @@ on: - '["dps-and-delius"]' - '["effective-proposal-framework-and-delius"]' - '["external-api-and-delius"]' + - '["feature-flags"]' - '["hdc-licences-and-delius"]' - '["hmpps-auth-and-delius"]' - '["make-recall-decisions-and-delius"]' diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml index 7d83372e9b..73ee95bb92 100644 --- a/.github/workflows/tools.yml +++ b/.github/workflows/tools.yml @@ -1,5 +1,5 @@ name: Tools -# Deploy shared tools - currently just flipt and auth0 +# Deploy shared tools - currently just the dummy ingress-test service on: push: @@ -16,7 +16,6 @@ jobs: fail-fast: false matrix: project: - - feature-flags - ingress-test steps: - uses: actions/checkout@v4 @@ -49,16 +48,3 @@ jobs: env: PROJECT: ${{ matrix.project }} GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_EXTERNAL_REPOS_TOKEN }} - - deploy-auth: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - - run: npm install -g auth0-deploy-cli - - name: Import Auth0 configuration - working-directory: tools/feature-flags/deploy/auth0 - env: - AUTH0_CLIENT_ID: ${{ secrets.FLIPT_AUTH0_CLIENT_ID }} - AUTH0_CLIENT_SECRET: ${{ secrets.FLIPT_AUTH0_CLIENT_SECRET }} - run: a0deploy import --input_file tenant.yaml --config_file config.json diff --git a/README.md b/README.md index b6f838408b..a1b558b2d9 100644 --- a/README.md +++ b/README.md @@ -199,20 +199,18 @@ For more information on how this is implemented, see [PI-340](https://dsdmoj.atl # Feature flags -This project uses feature flags to control the availability of certain features. -Feature flags allow you to easily turn on or off parts of a service in production. -This helps us to decouple "releases" from "deployments". +This project uses [Flipt](https://www.flipt.io/) to control the availability of certain features. +Feature flags allow us to turn on or off parts of a service in production, decoupling "releases" from "deployments". -Feature flags are managed in the [Flipt dashboard](https://feature-flags.probation-integration.service.justice.gov.uk). -You'll need to be in an appropriate GitHub team to access it. -The list of allowed teams is defined here: [code.js](tools/feature-flags/deploy/auth0/actions/Check%20GitHub%20teams/code.js). +Feature flags are managed in the [Flipt dashboard](https://feature-flags.hmpps.service.justice.gov.uk). +You'll need to be in the `ministryofjustice` organisation to access it. To add a feature flag to your code: -1. Create a new flag in the dashboard -2. Add the FLIPT_URL and FLIPT_TOKEN to your values-prod.yml file. - Example: [values-prod.yml](https://github.com/ministryofjustice/hmpps-probation-integration-services/blob/bd9a93c86112cd8a3717c9cc8631644d27cf34a7/projects/risk-assessment-scores-to-delius/deploy/values-prod.yml#L7-L11). -3. Update your code to inject the `FeatureFlags` service, and call `enabled("")`. Example: +1. Create a new boolean flag in + the [dev](https://feature-flags-dev.hmpps.service.justice.gov.uk), [preprod](https://feature-flags-preprod.hmpps.service.justice.gov.uk), + and [prod](https://feature-flags.hmpps.service.justice.gov.uk) dashboards. +2. Update your code to inject the `FeatureFlags` service, and call `enabled("")`. Example: ```kotlin @Service @@ -227,7 +225,7 @@ class MyService(private val featureFlags: FeatureFlags) { } ``` -For more information about Flipt, check out the [Flipt documentation](https://www.flipt.io/docs). +For more information about Flipt, check out the [documentation](https://www.flipt.io/docs). # Deployment Once the code is built and tested, GitHub Actions deploys the updated images for each service diff --git a/libs/commons/src/main/kotlin/uk/gov/justice/digital/hmpps/flags/FeatureFlags.kt b/libs/commons/src/main/kotlin/uk/gov/justice/digital/hmpps/flags/FeatureFlags.kt index 4a35423244..f37766f91f 100644 --- a/libs/commons/src/main/kotlin/uk/gov/justice/digital/hmpps/flags/FeatureFlags.kt +++ b/libs/commons/src/main/kotlin/uk/gov/justice/digital/hmpps/flags/FeatureFlags.kt @@ -10,7 +10,8 @@ class FeatureFlags( ) { fun enabled(key: String) = try { client == null || client.evaluation() - .evaluateBoolean(EvaluationRequest.builder().flagKey(key).build()).isEnabled + .evaluateBoolean(EvaluationRequest.builder().namespaceKey("probation-integration").flagKey(key).build()) + .isEnabled } catch (e: Exception) { throw FeatureFlagException(key, e) } diff --git a/projects/assessment-summary-and-delius/deploy/values-prod.yml b/projects/assessment-summary-and-delius/deploy/values-prod.yml index efd39738ea..8683fc1fc9 100644 --- a/projects/assessment-summary-and-delius/deploy/values-prod.yml +++ b/projects/assessment-summary-and-delius/deploy/values-prod.yml @@ -6,9 +6,4 @@ generic-service: env: SENTRY_ENVIRONMENT: prod - INTEGRATIONS_ORDS_URL: https://bridge-oasys.az.justice.gov.uk/eor/oasys - FLIPT_URL: http://feature-flags.hmpps-probation-integration.svc.cluster.local - - namespace_secrets: - flipt-client: - FLIPT_TOKEN: TOKEN + INTEGRATIONS_ORDS_URL: https://bridge-oasys.az.justice.gov.uk/eor/oasys \ No newline at end of file diff --git a/projects/create-and-vary-a-licence-and-delius/deploy/values-prod.yml b/projects/create-and-vary-a-licence-and-delius/deploy/values-prod.yml index e1871b9765..88feae4e42 100644 --- a/projects/create-and-vary-a-licence-and-delius/deploy/values-prod.yml +++ b/projects/create-and-vary-a-licence-and-delius/deploy/values-prod.yml @@ -7,9 +7,3 @@ generic-service: SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: http://hmpps-auth.hmpps-auth-prod.svc.cluster.local/auth/oauth/token SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-prod.svc.cluster.local/auth/.well-known/jwks.json SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in.hmpps.service.justice.gov.uk/auth/issuer - - FLIPT_URL: http://feature-flags.hmpps-probation-integration.svc.cluster.local - - namespace_secrets: - flipt-client: - FLIPT_TOKEN: TOKEN \ No newline at end of file diff --git a/projects/feature-flags/.trivyignore b/projects/feature-flags/.trivyignore new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/projects/feature-flags/.trivyignore @@ -0,0 +1 @@ + diff --git a/projects/feature-flags/container/Dockerfile b/projects/feature-flags/container/Dockerfile new file mode 100644 index 0000000000..4fe743682d --- /dev/null +++ b/projects/feature-flags/container/Dockerfile @@ -0,0 +1,4 @@ +FROM ghcr.io/flipt-io/flipt:v1.38.0 + +# Run any pending migrations on startup +CMD ["sh", "-c", "./flipt migrate && ./flipt"] \ No newline at end of file diff --git a/tools/feature-flags/deploy/Chart.yaml b/projects/feature-flags/deploy/Chart.yaml similarity index 100% rename from tools/feature-flags/deploy/Chart.yaml rename to projects/feature-flags/deploy/Chart.yaml diff --git a/projects/feature-flags/deploy/grafana/flipt-evaluations.json b/projects/feature-flags/deploy/grafana/flipt-evaluations.json new file mode 100644 index 0000000000..cc43d4b009 --- /dev/null +++ b/projects/feature-flags/deploy/grafana/flipt-evaluations.json @@ -0,0 +1,355 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Specific evaluations metrics at the flag level.", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "rate(flipt_evaluations_requests_total{flag=\"$flag_key\", namespace=\"$namespace\"}[$__rate_interval])", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Evaluation Requests Rate", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 9 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "rate(flipt_evaluations_results_total{flag=\"$flag_key\", namespace=\"$namespace\"}[$__rate_interval])", + "legendFormat": "Match: {{match}} Reason: {{reason}} Segment: {{segment}} Value: {{value}}", + "range": true, + "refId": "A" + } + ], + "title": "Evaluation Result", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "description": "", + "fieldConfig": { + "defaults": { + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "scaleDistribution": { + "type": "linear" + } + } + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 20 + }, + "id": 6, + "options": { + "calculate": false, + "cellGap": 1, + "color": { + "exponent": 0.5, + "fill": "dark-orange", + "mode": "scheme", + "reverse": false, + "scale": "exponential", + "scheme": "Oranges", + "steps": 64 + }, + "exemplars": { + "color": "rgba(255,0,255,0.7)" + }, + "filterValues": { + "le": 1e-9 + }, + "legend": { + "show": true + }, + "rowsFrame": { + "layout": "auto" + }, + "tooltip": { + "show": true, + "yHistogram": false + }, + "yAxis": { + "axisPlacement": "left", + "reverse": false, + "unit": "ms" + } + }, + "pluginVersion": "9.2.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "rate(flipt_evaluations_latency_milliseconds_bucket{flag=\"$flag_key\", namespace=\"$namespace\"}[$__rate_interval])", + "format": "heatmap", + "legendFormat": "{{le}}", + "range": true, + "refId": "A" + } + ], + "title": "Evaluation Latency", + "type": "heatmap" + } + ], + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(flipt_evaluations_results_total, flag)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "flag_key", + "options": [], + "query": { + "query": "label_values(flipt_evaluations_results_total, flag)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(flipt_evaluations_results_total, namespace)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(flipt_evaluations_results_total, namespace)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Flipt Evaluations", + "uid": "fcfaeade10fc4e9cb380ac9f33742220", + "version": 2, + "weekStart": "" +} \ No newline at end of file diff --git a/projects/feature-flags/deploy/grafana/flipt-system.json b/projects/feature-flags/deploy/grafana/flipt-system.json new file mode 100644 index 0000000000..575e94a453 --- /dev/null +++ b/projects/feature-flags/deploy/grafana/flipt-system.json @@ -0,0 +1,568 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 1, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 16, + "panels": [], + "title": "Flipt Server", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 14, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "sum by(grpc_method) (rate(grpc_server_handled_total[$__rate_interval]))", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "gRPC Request Rate (per method)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "description": "", + "fieldConfig": { + "defaults": { + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "scaleDistribution": { + "type": "linear" + } + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 12, + "options": { + "calculate": false, + "cellGap": 1, + "color": { + "exponent": 0.5, + "fill": "dark-orange", + "mode": "scheme", + "reverse": false, + "scale": "exponential", + "scheme": "Oranges", + "steps": 64 + }, + "exemplars": { + "color": "rgba(255,0,255,0.7)" + }, + "filterValues": { + "le": 1e-9 + }, + "legend": { + "show": true + }, + "rowsFrame": { + "layout": "auto" + }, + "tooltip": { + "show": true, + "yHistogram": false + }, + "yAxis": { + "axisPlacement": "left", + "reverse": false, + "unit": "s" + } + }, + "pluginVersion": "9.2.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "sum(rate(grpc_server_handling_seconds_bucket{grpc_method=\"$grpc_method\"}[$__rate_interval])) by (le)", + "format": "heatmap", + "legendFormat": "{{le}}", + "range": true, + "refId": "A" + } + ], + "title": "gRPC Handled Duration (method)", + "type": "heatmap" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 9 + }, + "id": 4, + "panels": [], + "title": "Database", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 10 + }, + "id": 6, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "9.2.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "max(db_sql_connection_open)", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Connections Open", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 10 + }, + "id": 8, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "9.2.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "max(db_sql_connection_max_open)", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Max Connections Open", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 8, + "y": 10 + }, + "id": 10, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "9.2.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "db_sql_connection_wait_total", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Connection Wait Total", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "scaleDistribution": { + "type": "linear" + } + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 10 + }, + "id": 2, + "options": { + "calculate": false, + "cellGap": 1, + "color": { + "exponent": 0.5, + "fill": "dark-orange", + "mode": "scheme", + "reverse": false, + "scale": "exponential", + "scheme": "Oranges", + "steps": 64 + }, + "exemplars": { + "color": "rgba(255,0,255,0.7)" + }, + "filterValues": { + "le": 1e-9 + }, + "legend": { + "show": true + }, + "rowsFrame": { + "layout": "auto" + }, + "tooltip": { + "show": true, + "yHistogram": false + }, + "yAxis": { + "axisPlacement": "left", + "reverse": false, + "unit": "ms" + } + }, + "pluginVersion": "9.2.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "sum(rate(db_sql_latency_milliseconds_bucket{method=\"$sql_method\"}[$__rate_interval])) by (le)", + "format": "heatmap", + "legendFormat": "{{le}}", + "range": true, + "refId": "A" + } + ], + "title": "SQL Method Latency", + "type": "heatmap" + } + ], + "refresh": "5s", + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "sql.conn.exec", + "value": "sql.conn.exec" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(db_sql_latency_milliseconds_bucket, method)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "sql_method", + "options": [], + "query": { + "query": "label_values(db_sql_latency_milliseconds_bucket, method)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "ListFlags", + "value": "ListFlags" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(grpc_server_handling_seconds_bucket, grpc_method)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "grpc_method", + "options": [], + "query": { + "query": "label_values(grpc_server_handling_seconds_bucket, grpc_method)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Flipt System", + "uid": "9f2b5945cba74513a00ea7198676f844", + "version": 8, + "weekStart": "" +} \ No newline at end of file diff --git a/projects/feature-flags/deploy/templates/grafana-dashboards.yml b/projects/feature-flags/deploy/templates/grafana-dashboards.yml new file mode 100644 index 0000000000..cf55f6a71c --- /dev/null +++ b/projects/feature-flags/deploy/templates/grafana-dashboards.yml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: flipt-evaluations-dashboard + labels: + grafana_dashboard: "" +data: +{{ (.Files.Glob "grafana/flipt-evaluations.json").AsConfig | indent 2 }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: flipt-system-dashboard + labels: + grafana_dashboard: "" +data: +{{ (.Files.Glob "grafana/flipt-system.json").AsConfig | indent 2 }} diff --git a/projects/feature-flags/deploy/values-dev.yml b/projects/feature-flags/deploy/values-dev.yml new file mode 100644 index 0000000000..5eeb0b8805 --- /dev/null +++ b/projects/feature-flags/deploy/values-dev.yml @@ -0,0 +1,13 @@ +generic-service: + ingress: + host: feature-flags-dev.hmpps.service.justice.gov.uk + + scheduledDowntime: + enabled: true + + env: + FLIPT_AUTHENTICATION_SESSION_DOMAIN: feature-flags-dev.hmpps.service.justice.gov.uk + FLIPT_AUTHENTICATION_METHODS_GITHUB_REDIRECT_ADDRESS: https://feature-flags-dev.hmpps.service.justice.gov.uk + +generic-prometheus-alerts: + businessHoursOnly: true diff --git a/projects/feature-flags/deploy/values-preprod.yml b/projects/feature-flags/deploy/values-preprod.yml new file mode 100644 index 0000000000..34708316f3 --- /dev/null +++ b/projects/feature-flags/deploy/values-preprod.yml @@ -0,0 +1,13 @@ +generic-service: + ingress: + host: feature-flags-preprod.hmpps.service.justice.gov.uk + + scheduledDowntime: + enabled: true + + env: + FLIPT_AUTHENTICATION_SESSION_DOMAIN: feature-flags-preprod.hmpps.service.justice.gov.uk + FLIPT_AUTHENTICATION_METHODS_GITHUB_REDIRECT_ADDRESS: https://feature-flags-preprod.hmpps.service.justice.gov.uk + +generic-prometheus-alerts: + businessHoursOnly: true diff --git a/projects/feature-flags/deploy/values-prod.yml b/projects/feature-flags/deploy/values-prod.yml new file mode 100644 index 0000000000..2b1ac0c2fe --- /dev/null +++ b/projects/feature-flags/deploy/values-prod.yml @@ -0,0 +1,7 @@ +generic-service: + ingress: + host: feature-flags.hmpps.service.justice.gov.uk + + env: + FLIPT_AUTHENTICATION_SESSION_DOMAIN: feature-flags.hmpps.service.justice.gov.uk + FLIPT_AUTHENTICATION_METHODS_GITHUB_REDIRECT_ADDRESS: https://feature-flags.hmpps.service.justice.gov.uk diff --git a/projects/feature-flags/deploy/values.yaml b/projects/feature-flags/deploy/values.yaml new file mode 100644 index 0000000000..9570f3ac92 --- /dev/null +++ b/projects/feature-flags/deploy/values.yaml @@ -0,0 +1,54 @@ +generic-service: + nameOverride: feature-flags + + image: + repository: ghcr.io/ministryofjustice/hmpps-probation-integration-services/feature-flags + port: 8080 + + resources: + requests: + memory: 64Mi + cpu: 0.1 + limits: + memory: 1Gi + cpu: 1 + + securityContext: + runAsUser: 100 # flipt + + readinessProbe: + httpGet: + path: /health + livenessProbe: + httpGet: + path: /health + startupProbe: + httpGet: + path: /health + + ingress: + tlsSecretName: feature-flags-cert + + env: + FLIPT_AUTHENTICATION_REQUIRED: 'true' + FLIPT_AUTHENTICATION_SESSION_SECURE: 'true' + FLIPT_AUTHENTICATION_METHODS_TOKEN_ENABLED: 'true' + FLIPT_AUTHENTICATION_METHODS_GITHUB_ENABLED: 'true' + FLIPT_AUTHENTICATION_METHODS_GITHUB_ALLOWED_ORGANISATIONS: ministryofjustice + FLIPT_META_TELEMETRY_ENABLED: 'false' + + namespace_secrets: + flipt-bootstrap-token: + FLIPT_AUTHENTICATION_METHODS_TOKEN_BOOTSTRAP_TOKEN: TOKEN + flipt-github-app: + FLIPT_AUTHENTICATION_METHODS_GITHUB_CLIENT_ID: CLIENT_ID + FLIPT_AUTHENTICATION_METHODS_GITHUB_CLIENT_SECRET: CLIENT_SECRET + flipt-db: + FLIPT_DB_URL: URL + + custommetrics: + enabled: true + metricsPath: /metrics + +generic-prometheus-alerts: + targetApplication: feature-flags diff --git a/projects/opd-and-delius/deploy/values-prod.yml b/projects/opd-and-delius/deploy/values-prod.yml index da6afc5847..dc83dd1d41 100644 --- a/projects/opd-and-delius/deploy/values-prod.yml +++ b/projects/opd-and-delius/deploy/values-prod.yml @@ -4,9 +4,4 @@ generic-service: env: SENTRY_ENVIRONMENT: prod - FLIPT_URL: http://feature-flags.hmpps-probation-integration.svc.cluster.local SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: http://hmpps-auth.hmpps-auth-prod.svc.cluster.local/auth/oauth/token - - namespace_secrets: - flipt-client: - FLIPT_TOKEN: TOKEN diff --git a/projects/prison-case-notes-to-probation/deploy/values-prod.yml b/projects/prison-case-notes-to-probation/deploy/values-prod.yml index 920d29aeee..99c072275c 100644 --- a/projects/prison-case-notes-to-probation/deploy/values-prod.yml +++ b/projects/prison-case-notes-to-probation/deploy/values-prod.yml @@ -5,8 +5,3 @@ generic-service: env: SENTRY_ENVIRONMENT: prod SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: http://hmpps-auth.hmpps-auth-prod.svc.cluster.local/auth/oauth/token - FLIPT_URL: http://feature-flags.hmpps-probation-integration.svc.cluster.local - - namespace_secrets: - flipt-client: - FLIPT_TOKEN: TOKEN diff --git a/projects/prison-custody-status-to-delius/deploy/values-prod.yml b/projects/prison-custody-status-to-delius/deploy/values-prod.yml index cdfff98e8e..0bd4adfaf1 100644 --- a/projects/prison-custody-status-to-delius/deploy/values-prod.yml +++ b/projects/prison-custody-status-to-delius/deploy/values-prod.yml @@ -5,9 +5,4 @@ generic-service: env: SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: http://hmpps-auth.hmpps-auth-prod.svc.cluster.local/auth/oauth/token SENTRY_ENVIRONMENT: prod - FLIPT_URL: http://feature-flags.hmpps-probation-integration.svc.cluster.local INTEGRATIONS_PRISON-API_URL: https://api.prison.service.justice.gov.uk - - namespace_secrets: - flipt-client: - FLIPT_TOKEN: TOKEN \ No newline at end of file diff --git a/templates/helm-defaults.yml b/templates/helm-defaults.yml index 12718b19aa..78ad70e461 100644 --- a/templates/helm-defaults.yml +++ b/templates/helm-defaults.yml @@ -25,6 +25,7 @@ generic-service: env: AWS_REGION: eu-west-2 + FLIPT_URL: http://feature-flags JDK_JAVA_OPTIONS: -javaagent:/agent/agent.jar -XX:MaxRAMPercentage=75.0 SENTRY_TRACES_SAMPLE_RATE: '0.05' SENTRY_IGNORED_EXCEPTIONS_FOR_TYPE: "org.apache.catalina.connector.ClientAbortException" @@ -32,6 +33,8 @@ generic-service: namespace_secrets: common: APPLICATIONINSIGHTS_CONNECTION_STRING: APPLICATIONINSIGHTS_CONNECTION_STRING + flipt-bootstrap-token: + FLIPT_TOKEN: TOKEN allowlist: groups: diff --git a/tools/feature-flags/deploy/auth0/actions/Check GitHub teams/code.js b/tools/feature-flags/deploy/auth0/actions/Check GitHub teams/code.js deleted file mode 100644 index ade130155a..0000000000 --- a/tools/feature-flags/deploy/auth0/actions/Check GitHub teams/code.js +++ /dev/null @@ -1,53 +0,0 @@ -const ALLOWED_TEAMS = [ - 'ministryofjustice:probation-integration', - 'ministryofjustice:ndst' -] - -/** - * Handler that will be called during the execution of a PostLogin flow. - * - * @param {Event} event - Details about the user and the context in which they are logging in. - * @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login. - */ -exports.onExecutePostLogin = async (event, api) => { - const _ = require('lodash') - const axios = require('axios') - const ManagementClient = require('auth0').ManagementClient - - // Apply to 'github' connections only - if (event.connection.strategy !== 'github') { - api.access.deny('User must be authenticated via GitHub') - return - } - - // Get user - let authUser - try { - authUser = await new ManagementClient({ - domain: event.secrets.domain, - clientId: event.secrets.clientId, - clientSecret: event.secrets.clientSecret - }).getUser({ id: event.user.user_id }) - } catch (e) { - console.log(e) - api.access.deny('Failure to get Auth0 user data') - return - } - - // Get Github teams - const githubIdentity = _.find(authUser.identities, { connection: 'github' }) - const githubResponse = await axios.get('https://api.github.com/user/teams', { - headers: { Authorization: `token ${githubIdentity.access_token}` } - }); - if (githubResponse.status !== 200) { - console.log(githubResponse) - api.access.deny(`Failure to get GitHub teams: ${githubResponse.status}`) - } - const teams = githubResponse.data - - // Check if user is in one of the allowed teams - for (const team of teams) { - if (ALLOWED_TEAMS.includes(`${team.organization.login}:${team.slug}`)) return - } - api.access.deny('User must be a member of one of the following teams: ' + ALLOWED_TEAMS.join(', ')) -} diff --git a/tools/feature-flags/deploy/auth0/config.json b/tools/feature-flags/deploy/auth0/config.json deleted file mode 100644 index 2033f555fc..0000000000 --- a/tools/feature-flags/deploy/auth0/config.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "AUTH0_DOMAIN": "hmpps-probation-integration.uk.auth0.com", - "EXCLUDED_PROPS": { - "clients": ["client_secret"], - "connections": ["options.client_secret"] - } -} diff --git a/tools/feature-flags/deploy/auth0/tenant.yaml b/tools/feature-flags/deploy/auth0/tenant.yaml deleted file mode 100644 index 88cd0c6970..0000000000 --- a/tools/feature-flags/deploy/auth0/tenant.yaml +++ /dev/null @@ -1,210 +0,0 @@ -clients: - - name: Flipt - allowed_clients: [] - app_type: regular_web - callbacks: - - >- - https://feature-flags.probation-integration.service.justice.gov.uk/auth/v1/method/oidc/auth0/callback - client_aliases: [] - cross_origin_auth: false - custom_login_page_on: true - grant_types: - - authorization_code - - implicit - - refresh_token - - client_credentials - is_first_party: true - is_token_endpoint_ip_header_trusted: false - jwt_configuration: - alg: RS256 - lifetime_in_seconds: 36000 - secret_encoded: false - logo_uri: https://ministryofjustice.github.io/assets/moj-crest.png - native_social_login: - apple: - enabled: false - facebook: - enabled: false - oidc_conformant: true - refresh_token: - expiration_type: non-expiring - leeway: 0 - infinite_token_lifetime: true - infinite_idle_token_lifetime: true - token_lifetime: 2592000 - idle_token_lifetime: 1296000 - rotation_type: non-rotating - sso_disabled: false - token_endpoint_auth_method: client_secret_post - web_origins: - - https://feature-flags.probation-integration.service.justice.gov.uk - - name: GitHub Actions - allowed_clients: [] - app_type: non_interactive - callbacks: [] - client_aliases: [] - cross_origin_auth: false - custom_login_page_on: true - grant_types: - - client_credentials - is_first_party: true - is_token_endpoint_ip_header_trusted: false - jwt_configuration: - alg: RS256 - lifetime_in_seconds: 36000 - secret_encoded: false - native_social_login: - apple: - enabled: false - facebook: - enabled: false - oidc_conformant: true - refresh_token: - expiration_type: non-expiring - leeway: 0 - infinite_token_lifetime: true - infinite_idle_token_lifetime: true - token_lifetime: 31557600 - idle_token_lifetime: 2592000 - rotation_type: non-rotating - sso_disabled: false - token_endpoint_auth_method: client_secret_post - - name: GitHub Teams Checker - allowed_clients: [] - app_type: non_interactive - callbacks: [] - client_aliases: [] - cross_origin_auth: false - custom_login_page_on: true - grant_types: - - client_credentials - is_first_party: true - is_token_endpoint_ip_header_trusted: false - jwt_configuration: - alg: RS256 - lifetime_in_seconds: 36000 - secret_encoded: false - native_social_login: - apple: - enabled: false - facebook: - enabled: false - oidc_conformant: true - refresh_token: - expiration_type: non-expiring - leeway: 0 - infinite_token_lifetime: true - infinite_idle_token_lifetime: true - token_lifetime: 31557600 - idle_token_lifetime: 2592000 - rotation_type: non-rotating - sso_disabled: false - token_endpoint_auth_method: client_secret_post -connections: - - name: github - strategy: github - enabled_clients: - - Flipt - - GitHub Actions - - GitHub Teams Checker - is_domain_connection: false - options: - gist: false - repo: false - email: true - scope: - - user:email - - read:org - - read:user - follow: false - profile: true - read_org: true - admin_org: false - client_id: e999a2a55fab9549f933 - read_user: true - write_org: false - delete_repo: false - public_repo: false - repo_status: false - notifications: false - read_repo_hook: false - admin_repo_hook: false - read_public_key: false - repo_deployment: false - write_repo_hook: false - admin_public_key: false - write_public_key: false -tenant: - enabled_locales: - - en - flags: - universal_login: true - revoke_refresh_token_grant: false - dashboard_new_onboarding: false - disable_clickjack_protection_headers: false - friendly_name: HMPPS Probation Integration - picture_url: https://ministryofjustice.github.io/assets/moj-crest.png - sandbox_version: '16' - support_email: probation-integration-team@digital.justice.gov.uk - support_url: https://mojdt.slack.com/archives/C02HQ4M2YQN - universal_login: {} -clientGrants: - - client_id: GitHub Teams Checker - audience: https://hmpps-probation-integration.uk.auth0.com/api/v2/ - scope: - - read:users - - read:user_idp_tokens -branding: - logo_url: https://ministryofjustice.github.io/assets/moj-crest.png - templates: [] -prompts: - customText: {} - universal_login_experience: new -actions: - - name: Check GitHub teams - code: ./actions/Check GitHub teams/code.js - dependencies: [] - deployed: true - runtime: node16 - secrets: - - name: clientId - - name: clientSecret - - name: domain - status: built - supported_triggers: - - id: post-login - version: v3 -triggers: - post-login: - - action_name: Check GitHub teams - display_name: Check GitHub teams -attackProtection: - breachedPasswordDetection: - enabled: false - shields: [] - admin_notification_frequency: [] - method: standard - stage: - pre-user-registration: - shields: [] - bruteForceProtection: - enabled: true - shields: - - block - - user_notification - mode: count_per_identifier_and_ip - allowlist: [] - max_attempts: 10 - suspiciousIpThrottling: - enabled: true - shields: - - admin_notification - - block - allowlist: [] - stage: - pre-login: - max_attempts: 100 - rate: 864000 - pre-user-registration: - max_attempts: 50 - rate: 1200 \ No newline at end of file diff --git a/tools/feature-flags/deploy/values.yaml b/tools/feature-flags/deploy/values.yaml deleted file mode 100644 index 4624f97772..0000000000 --- a/tools/feature-flags/deploy/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -generic-service: - nameOverride: feature-flags - - replicaCount: 2 - - image: - repository: flipt/flipt - tag: v1.37.1 - port: 8080 - - securityContext: - runAsUser: 100 # flipt - - env: - FLIPT_AUTHENTICATION_REQUIRED: 'true' - FLIPT_AUTHENTICATION_SESSION_DOMAIN: feature-flags.probation-integration.service.justice.gov.uk - FLIPT_AUTHENTICATION_METHODS_TOKEN_ENABLED: 'true' - FLIPT_AUTHENTICATION_METHODS_OIDC_ENABLED: 'true' - FLIPT_AUTHENTICATION_METHODS_OIDC_PROVIDERS_AUTH0_REDIRECT_ADDRESS: https://feature-flags.probation-integration.service.justice.gov.uk - FLIPT_AUTHENTICATION_METHODS_OIDC_PROVIDERS_AUTH0_SCOPES: email profile - FLIPT_META_TELEMETRY_ENABLED: 'false' - - namespace_secrets: - flipt-client: - FLIPT_AUTHENTICATION_METHODS_TOKEN_BOOTSTRAP_TOKEN: TOKEN - auth0: - FLIPT_AUTHENTICATION_METHODS_OIDC_PROVIDERS_AUTH0_ISSUER_URL: ISSUER_URL - FLIPT_AUTHENTICATION_METHODS_OIDC_PROVIDERS_AUTH0_CLIENT_ID: CLIENT_ID - FLIPT_AUTHENTICATION_METHODS_OIDC_PROVIDERS_AUTH0_CLIENT_SECRET: CLIENT_SECRET - flipt-db: - FLIPT_DB_URL: URL - - readinessProbe: - httpGet: - path: /health - initialDelaySeconds: 5 - livenessProbe: - httpGet: - path: /health - initialDelaySeconds: 5 - - ingress: - enabled: true - host: feature-flags.probation-integration.service.justice.gov.uk - tlsSecretName: feature-flags-cert - - allowlist: - groups: - - internal - - unilink_staff - -generic-prometheus-alerts: - targetApplication: feature-flags - alertSeverity: probation-integration-notifications