Dmp 3805 armrpo endpoint integration layer prerequisite (#2195)

Co-authored-by: hmcts-jenkins-cnp <60659747+hmcts-jenkins-cnp[bot]@users.noreply.github.com>
hmcts · Oct 29, 2024 · fd02187 · fd02187
1 parent 3106dd3
commit fd02187
Show file tree

Hide file tree

Showing 51 changed files with 957 additions and 129 deletions.
diff --git a/Jenkinsfile_CNP b/Jenkinsfile_CNP
@@ -11,49 +11,51 @@ def component = "api"
 def branchesToSync = ['demo', 'perftest', 'ithc']
 
 def secrets = [
-    'darts-${env}': [
-        secret('GovukNotifyTestApiKey', 'GOVUK_NOTIFY_API_KEY'),
-        secret('app-insights-connection-string', 'app-insights-connection-string'),
-        secret('AzureAdB2CTenantId', 'AAD_B2C_TENANT_ID'),
-        secret('AzureAdB2CClientId', 'AAD_B2C_CLIENT_ID'),
-        secret('AzureAdB2CClientSecret', 'AAD_B2C_CLIENT_SECRET'),
-        secret('AzureAdB2CFuncTestROPCUsername', 'FUNC_TEST_ROPC_USERNAME'),
-        secret('AzureAdB2CFuncTestROPCPassword', 'FUNC_TEST_ROPC_PASSWORD'),
-        secret('AzureAdB2CFuncTestROPCClientId', 'AAD_B2C_ROPC_CLIENT_ID'),
-        secret('AzureAdB2CFuncTestROPCClientSecret', 'AAD_B2C_ROPC_CLIENT_SECRET'),
-        secret('api-POSTGRES-SCHEMA', 'DARTS_API_DB_SCHEMA'),
-        secret('AzureStorageConnectionString', 'AZURE_STORAGE_CONNECTION_STRING'),
-        secret('AzureADTenantId', 'AAD_TENANT_ID'),
-        secret('AzureADClientId', 'AAD_CLIENT_ID'),
-        secret('AzureADClientSecret', 'AAD_CLIENT_SECRET'),
-        secret('AzureADTenantIdJustice', 'AAD_TENANT_ID_JUSTICE'),
-        secret('AzureADClientIdJustice', 'AAD_CLIENT_ID_JUSTICE'),
-        secret('AzureADClientSecretJustice', 'AAD_CLIENT_SECRET_JUSTICE'),
-        secret('XhibitUserName', 'XHIBIT_USER_NAME'),
-        secret('XhibitPassword', 'XHIBIT_PASSWORD'),
-        secret('CppUserName', 'CPP_USER_NAME'),
-        secret('CppPassword', 'CPP_PASSWORD'),
-        secret('DarPcUserName', 'DARPC_USER_NAME'),
-        secret('DarPcPassword', 'DARPC_PASSWORD'),
-        secret('DarMidTierUserName', 'DAR_MIDTIER_USER_NAME'),
-        secret('DarMidTierPassword', 'DAR_MIDTIER_PASSWORD'),
-        secret('AzureADFunctionalTestUsername', 'AZURE_AD_FUNCTIONAL_TEST_USERNAME'),
-        secret('AzureADFunctionalTestPassword', 'AZURE_AD_FUNCTIONAL_TEST_PASSWORD'),
-        secret('DartsSystemUserEmail', 'SYSTEM_USER_EMAIL'),
-        secret('AzureAdB2CFuncTestROPCGlobalUsername', 'AZURE_AD_FUNCTIONAL_TEST_GLOBAL_USERNAME'),
-        secret('AzureAdB2CFuncTestROPCGlobalPassword', 'AZURE_AD_FUNCTIONAL_TEST_GLOBAL_PASSWORD'),
-        secret('ARMSasEndpoint', 'ARM_SAS_ENDPOINT'),
-        secret('DETSSasURLEndpoint', 'DETS_SAS_URL_ENDPOINT'),
-        secret('DartsInboundStorageSasUrl', 'DARTS_INBOUND_STORAGE_SAS_URL'),
-        secret('DartsUnstructuredStorageSasUrl', 'DARTS_UNSTRUCTURED_STORAGE_SAS_URL'),
-        // secrets for staging DB
-        secret('api-POSTGRES-HOST', 'STAGING_DB_HOST'),
-        secret('api-POSTGRES-USER', 'STAGING_DB_USER'),
-        secret('api-POSTGRES-PASS', 'STAGING_DB_PASS'),
-        secret('api-POSTGRES-PORT', 'STAGING_DB_PORT'),
-        secret('api-POSTGRES-SCHEMA', 'STAGING_DB_SCHEMA'),
-        secret('api-POSTGRES-DATABASE', 'STAGING_DB_DATABASE')
-    ],
+        'darts-${env}': [
+                secret('GovukNotifyTestApiKey', 'GOVUK_NOTIFY_API_KEY'),
+                secret('app-insights-connection-string', 'app-insights-connection-string'),
+                secret('AzureAdB2CTenantId', 'AAD_B2C_TENANT_ID'),
+                secret('AzureAdB2CClientId', 'AAD_B2C_CLIENT_ID'),
+                secret('AzureAdB2CClientSecret', 'AAD_B2C_CLIENT_SECRET'),
+                secret('AzureAdB2CFuncTestROPCUsername', 'FUNC_TEST_ROPC_USERNAME'),
+                secret('AzureAdB2CFuncTestROPCPassword', 'FUNC_TEST_ROPC_PASSWORD'),
+                secret('AzureAdB2CFuncTestROPCClientId', 'AAD_B2C_ROPC_CLIENT_ID'),
+                secret('AzureAdB2CFuncTestROPCClientSecret', 'AAD_B2C_ROPC_CLIENT_SECRET'),
+                secret('api-POSTGRES-SCHEMA', 'DARTS_API_DB_SCHEMA'),
+                secret('AzureStorageConnectionString', 'AZURE_STORAGE_CONNECTION_STRING'),
+                secret('AzureADTenantId', 'AAD_TENANT_ID'),
+                secret('AzureADClientId', 'AAD_CLIENT_ID'),
+                secret('AzureADClientSecret', 'AAD_CLIENT_SECRET'),
+                secret('AzureADTenantIdJustice', 'AAD_TENANT_ID_JUSTICE'),
+                secret('AzureADClientIdJustice', 'AAD_CLIENT_ID_JUSTICE'),
+                secret('AzureADClientSecretJustice', 'AAD_CLIENT_SECRET_JUSTICE'),
+                secret('XhibitUserName', 'XHIBIT_USER_NAME'),
+                secret('XhibitPassword', 'XHIBIT_PASSWORD'),
+                secret('CppUserName', 'CPP_USER_NAME'),
+                secret('CppPassword', 'CPP_PASSWORD'),
+                secret('DarPcUserName', 'DARPC_USER_NAME'),
+                secret('DarPcPassword', 'DARPC_PASSWORD'),
+                secret('DarMidTierUserName', 'DAR_MIDTIER_USER_NAME'),
+                secret('DarMidTierPassword', 'DAR_MIDTIER_PASSWORD'),
+                secret('AzureADFunctionalTestUsername', 'AZURE_AD_FUNCTIONAL_TEST_USERNAME'),
+                secret('AzureADFunctionalTestPassword', 'AZURE_AD_FUNCTIONAL_TEST_PASSWORD'),
+                secret('DartsSystemUserEmail', 'SYSTEM_USER_EMAIL'),
+                secret('AzureAdB2CFuncTestROPCGlobalUsername', 'AZURE_AD_FUNCTIONAL_TEST_GLOBAL_USERNAME'),
+                secret('AzureAdB2CFuncTestROPCGlobalPassword', 'AZURE_AD_FUNCTIONAL_TEST_GLOBAL_PASSWORD'),
+                secret('ARMSasEndpoint', 'ARM_SAS_ENDPOINT'),
+                secret('DETSSasURLEndpoint', 'DETS_SAS_URL_ENDPOINT'),
+                secret('DartsInboundStorageSasUrl', 'DARTS_INBOUND_STORAGE_SAS_URL'),
+                secret('DartsUnstructuredStorageSasUrl', 'DARTS_UNSTRUCTURED_STORAGE_SAS_URL'),
+                secret('ArmServiceEntitlement', 'ARM_SERVICE_ENTITLEMENT'),
+                secret('ArmStorageAccountName', 'ARM_STORAGE_ACCOUNT_NAME'),
+                // secrets for staging DB
+                secret('api-POSTGRES-HOST', 'STAGING_DB_HOST'),
+                secret('api-POSTGRES-USER', 'STAGING_DB_USER'),
+                secret('api-POSTGRES-PASS', 'STAGING_DB_PASS'),
+                secret('api-POSTGRES-PORT', 'STAGING_DB_PORT'),
+                secret('api-POSTGRES-SCHEMA', 'STAGING_DB_SCHEMA'),
+                secret('api-POSTGRES-DATABASE', 'STAGING_DB_DATABASE')
+        ],
 ]
 
 static LinkedHashMap<String, Object> secret(String secretName, String envVar) {
@@ -78,57 +80,57 @@ withPipeline(type, product, component) {
         builder.gradle('jacocoTestReport')
 
         publishHTML target: [
-            allowMissing         : true,
-            alwaysLinkToLastBuild: true,
-            keepAll              : true,
-            reportDir            : "build/reports/checkstyle",
-            reportFiles          : "main.html",
-            reportName           : "Checkstyle Main Report"
+                allowMissing         : true,
+                alwaysLinkToLastBuild: true,
+                keepAll              : true,
+                reportDir            : "build/reports/checkstyle",
+                reportFiles          : "main.html",
+                reportName           : "Checkstyle Main Report"
         ]
 
         publishHTML target: [
-            allowMissing         : true,
-            alwaysLinkToLastBuild: true,
-            keepAll              : true,
-            reportDir            : "build/reports/checkstyle",
-            reportFiles          : "test.html",
-            reportName           : "Checkstyle Test Report"
+                allowMissing         : true,
+                alwaysLinkToLastBuild: true,
+                keepAll              : true,
+                reportDir            : "build/reports/checkstyle",
+                reportFiles          : "test.html",
+                reportName           : "Checkstyle Test Report"
         ]
 
         publishHTML target: [
-            allowMissing         : true,
-            alwaysLinkToLastBuild: true,
-            keepAll              : true,
-            reportDir            : "build/reports/checkstyle",
-            reportFiles          : "functionalTest.html",
-            reportName           : "Checkstyle Functional Test Report"
+                allowMissing         : true,
+                alwaysLinkToLastBuild: true,
+                keepAll              : true,
+                reportDir            : "build/reports/checkstyle",
+                reportFiles          : "functionalTest.html",
+                reportName           : "Checkstyle Functional Test Report"
         ]
 
         publishHTML target: [
-            allowMissing         : true,
-            alwaysLinkToLastBuild: true,
-            keepAll              : true,
-            reportDir            : "build/reports/checkstyle",
-            reportFiles          : "integrationTest.html",
-            reportName           : "Checkstyle Integration Test Report"
+                allowMissing         : true,
+                alwaysLinkToLastBuild: true,
+                keepAll              : true,
+                reportDir            : "build/reports/checkstyle",
+                reportFiles          : "integrationTest.html",
+                reportName           : "Checkstyle Integration Test Report"
         ]
 
         publishHTML target: [
-            allowMissing         : true,
-            alwaysLinkToLastBuild: true,
-            keepAll              : true,
-            reportDir            : "build/reports/tests/test",
-            reportFiles          : "index.html",
-            reportName           : "Unit Tests Report"
+                allowMissing         : true,
+                alwaysLinkToLastBuild: true,
+                keepAll              : true,
+                reportDir            : "build/reports/tests/test",
+                reportFiles          : "index.html",
+                reportName           : "Unit Tests Report"
         ]
 
         publishHTML target: [
-            allowMissing         : true,
-            alwaysLinkToLastBuild: true,
-            keepAll              : true,
-            reportDir            : "build/reports/pmd",
-            reportFiles          : "main.html",
-            reportName           : "PMD Report"
+                allowMissing         : true,
+                alwaysLinkToLastBuild: true,
+                keepAll              : true,
+                reportDir            : "build/reports/pmd",
+                reportFiles          : "main.html",
+                reportName           : "PMD Report"
         ]
     }
 

diff --git a/Jenkinsfile_nightly b/Jenkinsfile_nightly
@@ -46,7 +46,9 @@ def secrets = [
                 secret('ARMSasEndpoint', 'ARM_SAS_ENDPOINT'),
                 secret('DETSSasURLEndpoint', 'DETS_SAS_URL_ENDPOINT'),
                 secret('DartsInboundStorageSasUrl', 'DARTS_INBOUND_STORAGE_SAS_URL'),
-                secret('DartsUnstructuredStorageSasUrl', 'DARTS_UNSTRUCTURED_STORAGE_SAS_URL')
+                secret('DartsUnstructuredStorageSasUrl', 'DARTS_UNSTRUCTURED_STORAGE_SAS_URL'),
+                secret('ArmServiceEntitlement', 'ARM_SERVICE_ENTITLEMENT'),
+                secret('ArmStorageAccountName', 'ARM_STORAGE_ACCOUNT_NAME')
         ],
 ]
 

diff --git a/Jenkinsfile_parameterized b/Jenkinsfile_parameterized
@@ -42,7 +42,9 @@ def secrets = [
                 secret('ARMSasEndpoint', 'ARM_SAS_ENDPOINT'),
                 secret('DETSSasURLEndpoint', 'DETS_SAS_URL_ENDPOINT'),
                 secret('DartsInboundStorageSasUrl', 'DARTS_INBOUND_STORAGE_SAS_URL'),
-                secret('DartsUnstructuredStorageSasUrl', 'DARTS_UNSTRUCTURED_STORAGE_SAS_URL')
+                secret('DartsUnstructuredStorageSasUrl', 'DARTS_UNSTRUCTURED_STORAGE_SAS_URL'),
+                secret('ArmServiceEntitlement', 'ARM_SERVICE_ENTITLEMENT'),
+                secret('ArmStorageAccountName', 'ARM_STORAGE_ACCOUNT_NAME')
         ],
 ]
 

diff --git a/README.md b/README.md
@@ -59,6 +59,8 @@ The required value of each variable is stored in Azure Key Vault as a Secret.
 | DARTS_INBOUND_STORAGE_SAS_URL            | DartsInboundStorageSasUrl                 |
 | DARTS_UNSTRUCTURED_STORAGE_SAS_URL       | DartsUnstructuredStorageSasUrl            |
 | ARM_SERVICE_PROFILE                      | ArmServiceProfile                         |
+| ARM_SERVICE_ENTITLEMENT                  | ArmServiceEntitlement                     |
+| ARM_STORAGE_ACCOUNT_NAME                 | ArmStorageAccountName                     |
 
 There are few attributes which doesn't use Azure Keyvault secrets. Those environment variable values are controlled dynamically via Flux config
 
@@ -87,7 +89,7 @@ active for the secrets to be visible.
 > source bin/secrets-stg.sh
 > ```
 
->If you want to set the environment properties at project level instead of system level (for example using InteliJ Edit configurations) you can run
+> If you want to set the environment properties at project level instead of system level (for example using InteliJ Edit configurations) you can run
 >```bash
 > source bin/secrets-stg-environment.sh
 >```
@@ -101,8 +103,8 @@ launchctl setenv <<env var name>> <<secret value>>
 
 You will then need to restart intellij/terminal windows for it to take effect.
 
-The below step only required if you use system level environment properties and want to make the changes permanent, make a `.zshrc` file in your users folder and populate it with this and their values:
-
+The below step only required if you use system level environment properties and want to make the changes permanent, make a `.zshrc` file in your users folder
+and populate it with this and their values:
 
 ```
 export GOVUK_NOTIFY_API_KEY=
@@ -136,6 +138,8 @@ export ARM_PASSWORD=
 export DARTS_INBOUND_STORAGE_SAS_URL=
 export DARTS_UNSTRUCTURED_STORAGE_SAS_URL=
 export ARM_SERVICE_PROFILE=
+export ARM_SERVICE_ENTITLEMENT=
+export ARM_STORAGE_ACCOUNT_NAME=
 ```
 
 ### Storage Account

diff --git a/bin/secrets-stg-environment.sh b/bin/secrets-stg-environment.sh
@@ -44,4 +44,6 @@ echo "DARTS_UNSTRUCTURED_STORAGE_SAS_URL=$(az keyvault secret show --vault-name
 echo "ARM_SERVICE_PROFILE=$(az keyvault secret show --vault-name darts-stg --name ArmServiceProfile | jq .value -r)"
 echo "ACTIVE_DIRECTORY_B2C_AUTH_URI=https://hmctsstgextid.b2clogin.com/hmctsstgextid.onmicrosoft.com"
 echo "DARTS_PORTAL_URL=http://localhost:3000"
+echo "ARM_SERVICE_ENTITLEMENT=$(az keyvault secret show --vault-name darts-stg --name ArmServiceEntitlement | jq .value -r)"
+echo "ARM_STORAGE_ACCOUNT_NAME=$(az keyvault secret show --vault-name darts-stg --name ArmStorageAccountName | jq .value -r)"
 
diff --git a/bin/secrets-stg.sh b/bin/secrets-stg.sh
@@ -40,4 +40,6 @@ export MAX_FILE_UPLOAD_SIZE_MEGABYTES="$(az keyvault secret show --vault-name da
 export MAX_FILE_UPLOAD_REQUEST_SIZE_MEGABYTES="$(az keyvault secret show --vault-name darts-stg --name MaxFileUploadRequestSizeInMegabytes | jq .value -r)"
 export DARTS_INBOUND_STORAGE_SAS_URL="$(az keyvault secret show --vault-name darts-stg --name DartsInboundStorageSasUrl | jq .value -r)"
 export DARTS_UNSTRUCTURED_STORAGE_SAS_URL="$(az keyvault secret show --vault-name darts-stg --name DartsUnstructuredStorageSasUrl | jq .value -r)"
-export ARM_SERVICE_PROFILE="$(az keyvault secret show --vault-name darts-stg --name ArmServiceProfile | jq .value -r)"
+export ARM_SERVICE_PROFILE="$(az keyvault secret show --vault-name darts-stg --name ArmServiceProfile | jq .value -r)"
+export ARM_SERVICE_ENTITLEMENT="$(az keyvault secret show --vault-name darts-stg --name ArmServiceEntitlement | jq .value -r)"
+export ARM_STORAGE_ACCOUNT_NAME="$(az keyvault secret show --vault-name darts-stg --name ArmStorageAccountName | jq .value -r)"
diff --git a/charts/darts-api/Chart.yaml b/charts/darts-api/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: "1.0"
 description: A Helm chart for darts-api App
 name: darts-api
 home: https://github.com/hmcts/darts-api
-version: 0.0.90
+version: 0.0.91
 maintainers:
   - name: HMCTS darts team
 dependencies:

diff --git a/charts/darts-api/values.dev.template.yaml b/charts/darts-api/values.dev.template.yaml
@@ -93,6 +93,10 @@ java:
           alias: DARTS_INBOUND_STORAGE_SAS_URL
         - name: DartsUnstructuredStorageSasUrl
           alias: DARTS_UNSTRUCTURED_STORAGE_SAS_URL
+        - name: ArmServiceEntitlement
+          alias: ARM_SERVICE_ENTITLEMENT
+        - name: ArmStorageAccountName
+          alias: ARM_STORAGE_ACCOUNT_NAME
   environment:
     ENABLE_FLYWAY: true
     MANUAL_DELETION_ENABLED: true

diff --git a/charts/darts-api/values.yaml b/charts/darts-api/values.yaml
@@ -96,6 +96,10 @@ java:
           alias: DARTS_UNSTRUCTURED_STORAGE_SAS_URL
         - name: ArmServiceProfile
           alias: ARM_SERVICE_PROFILE
+        - name: ArmServiceEntitlement
+          alias: ARM_SERVICE_ENTITLEMENT
+        - name: ArmStorageAccountName
+          alias: ARM_STORAGE_ACCOUNT_NAME
   environment:
     NOTIFICATION_SCHEDULER_CRON: "3 */2 * * * MON-FRI"
     POSTGRES_SSL_MODE: require
@@ -207,6 +211,10 @@ function:
           alias: DARTS_UNSTRUCTURED_STORAGE_SAS_URL
         - name: ArmServiceProfile
           alias: ARM_SERVICE_PROFILE
+        - name: ArmServiceEntitlement
+          alias: ARM_SERVICE_ENTITLEMENT
+        - name: ArmStorageAccountName
+          alias: ARM_STORAGE_ACCOUNT_NAME
   environment:
     ATS_MODE: true
     API_MODE: false

diff --git a/docker-compose-local.yml b/docker-compose-local.yml
@@ -55,6 +55,8 @@ services:
       - MAX_FILE_UPLOAD_REQUEST_SIZE_MEGABYTES=360
       - DARTS_INBOUND_STORAGE_SAS_URL
       - DARTS_UNSTRUCTURED_STORAGE_SAS_URL
+      - ARM_SERVICE_ENTITLEMENT
+      - ARM_STORAGE_ACCOUNT_NAME
     build:
       context: .
       dockerfile: Dockerfile

diff --git a/src/functionalTest/resources/application-functionalTest.yaml b/src/functionalTest/resources/application-functionalTest.yaml
@@ -43,5 +43,7 @@ darts:
       arm-password: ${ARM_PASSWORD:func-password}
       arm-service-profile: ${ARM_SERVICE_PROFILE:func-profile}
       url: ${ARM_URL:http://localhost:4551}
+      arm-service-entitlement: some-entitlement
+      arm-storage-account-name: some-account-name
   automated-tasks-pod: true
   api-pod: true
diff --git a/src/integrationTest/java/uk/gov/hmcts/darts/arm/service/ArmApiServiceIntTest.java b/src/integrationTest/java/uk/gov/hmcts/darts/arm/service/ArmApiServiceIntTest.java
@@ -57,10 +57,10 @@ class ArmApiServiceIntTest extends IntegrationBaseWithWiremock {
     @MockBean
     private ArmTokenClient armTokenClient;
 
-    @Value("${darts.storage.arm-api.download-data-path}")
+    @Value("${darts.storage.arm-api.api-url.download-data-path}")
     private String downloadPath;
 
-    @Value("${darts.storage.arm-api.update-metadata-path}")
+    @Value("${darts.storage.arm-api.api-url.update-metadata-path}")
     private String uploadPath;
 
     @Value("${darts.storage.arm-api.url}")
@@ -130,7 +130,7 @@ void updateMetadata() throws Exception {
         verify(armTokenClient).getToken(armTokenRequest);
 
         WireMock.verify(postRequestedFor(urlPathMatching(uploadPath))
-            .withHeader("Authorization", new RegexPattern(bearerAuth))
+                            .withHeader("Authorization", new RegexPattern(bearerAuth))
                             .withRequestBody(equalToJson(dummyRequest)));
 
         assertEquals(updateMetadataResponse, responseToTest);
@@ -177,7 +177,7 @@ void downloadArmData() {
             WireMock.get(urlPathMatching(getDownloadPath(downloadPath, CABINET_ID, EXTERNAL_RECORD_ID, EXTERNAL_FILE_ID)))
                 .willReturn(
                     aResponse().withBody(binaryData)
-                    .withStatus(200)));
+                        .withStatus(200)));
 
         // When
         DownloadResponseMetaData downloadResponseMetaData = armApiService.downloadArmData(EXTERNAL_RECORD_ID, EXTERNAL_FILE_ID);
@@ -186,7 +186,7 @@ void downloadArmData() {
         verify(armTokenClient).getToken(armTokenRequest);
 
         WireMock.verify(getRequestedFor(urlPathMatching(getDownloadPath(downloadPath, CABINET_ID, EXTERNAL_RECORD_ID, EXTERNAL_FILE_ID)))
-                    .withHeader("Authorization", new RegexPattern("Bearer some-token")));
+                            .withHeader("Authorization", new RegexPattern("Bearer some-token")));
 
         assertThat(downloadResponseMetaData.getResource().getInputStream().readAllBytes()).isEqualTo(binaryData);
     }
@@ -212,9 +212,9 @@ void downloadFailureExceptionFromFeign() {
 
     private AvailableEntitlementProfile getAvailableEntitlementProfile() {
         List<AvailableEntitlementProfile.Profiles> profiles = List.of(AvailableEntitlementProfile.Profiles.builder()
-                        .profileName("some-profile-name")
-                        .profileId("some-profile-id")
-                        .build());
+                                                                          .profileName("some-profile-name")
+                                                                          .profileId("some-profile-id")
+                                                                          .build());
 
         return AvailableEntitlementProfile.builder()
             .profiles(profiles)