master branch fixes (#3188)

* added 1 month to dependancy suppression

* dependancies

* chart 4.1.4 to 5.0.0

* Bumping chart version/ fixing aliases

* resourcegroup name

* Revert "resourcegroup name"

This reverts commit 5e0f41b.

* Update Jenkinsfile_CNP

* trying random stuff

* dependancy fix attempt

* suppress CVE-2023-4586 for 10days

* returning java version

* longer suppression

* tomcat dependancy fix

* gradle 8.1

* gradle not upgrade

* undo tomcat dependancy

* tomcat suppression

* helm chart update

* changing servicebussecret back

* changing servicebus deets

* extending suppression for a bit

* extended 1 more

* trying jenkinsfile_CNP change

* adding as secrets

* temp suppression

* removed smoke changes

* combined secrets addition

* sbNamespace change

* trying renameing enviroment refernces to queues

* changing back environment queues

* changing serviceBusSecret back

* Revert "changing serviceBusSecret back"

This reverts commit 524274b.

* tried to fix it

* fixing cves

* key ref correction

* secrets fiddling

* conf trash

* changed TestConfiguration to work with application.yaml so we can use defaults

* Revert "changed TestConfiguration to work with application.yaml so we can use defaults"

This reverts commit 30fa2f4.

* added default within jenkilsfile cnp

* servicebus to sb

---------

Co-authored-by: hmcts-jenkins-a-to-c <62422075+hmcts-jenkins-a-to-c[bot]@users.noreply.github.com>
Co-authored-by: jordankainos <[email protected]>

Jenkinsfile_CNP

@@ -16,8 +16,7 @@ def channel = '#bsp-build-notices'
 def combinedSecrets = [
   'bulk-scan-${env}': [
     secret('storage-account-staging-primary-key', 'TEST_STORAGE_ACCOUNT_KEY'),
-    secret('storage-account-staging-name', 'TEST_STORAGE_ACCOUNT_NAME'),
-    secret('processed-envelopes-staging-queue-send-shared-access-key', 'PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY')
+    secret('storage-account-staging-name', 'TEST_STORAGE_ACCOUNT_NAME')
   ],
   's2s-${env}': [
     // to be removed later
@@ -27,6 +26,11 @@ def combinedSecrets = [
 ]
 
 def commonSecrets = [
+  'bulk-scan-${env}': [
+    secret('all-preview-queue-access-key', 'PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY'),
+    secret('idam-users-bulkscan-username', 'IDAM_USER_NAME'),
+    secret('idam-users-bulkscan-password', 'IDAM_USER_PASSWORD')
+  ],
   's2s-${env}': [
     // to be removed later
     secret('microservicekey-bulk-scan-processor-tests', 'TEST_S2S_SECRET'),
@@ -54,7 +58,6 @@ withPipeline(type, product, component) {
   env.TEST_STORAGE_ACCOUNT_URL = 'https://bulkscanaatstaging.blob.core.windows.net'
   env.FLUX_FUNC_TEST = false
   env.PROCESSED_ENVELOPES_QUEUE_NAME = 'processed-envelopes-staging'
-  env.PROCESSED_ENVELOPES_QUEUE_NAMESPACE = 'bulk-scan-servicebus-aat-premium'
   env.PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY_NAME = 'SendSharedAccessKey'
   env.JMS_ENABLED = false
   env.SPRING_PROFILES_ACTIVE = 'default'
@@ -65,7 +68,6 @@ withPipeline(type, product, component) {
       def subscription = env.SUBSCRIPTION_NAME
       def aksServiceName = dockerImage.getAksServiceName().toLowerCase()
       def storageSecret = "storage-secret-${aksServiceName}-blobstorage"
-      def serviceBusSecret = "bsp-servicebus-preview"
       def storageSecretName = "storage-account-${aksServiceName}-blobstorage"
       def namespace = new TeamConfig(this).getNameSpace(product)
       def kubectl = new Kubectl(this, subscription, namespace)
@@ -85,9 +87,8 @@ withPipeline(type, product, component) {
 
       // Get envelopes queue connection string
       env.PROCESSED_ENVELOPES_QUEUE_NAME = "${aksServiceName}-servicebus-processed-envelopes"
+      env.PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY_NAME = "RootManageSharedAccessKey"
       env.PROCESSED_ENVELOPES_QUEUE_NAMESPACE = "bsp-sb-preview"
-      env.PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY = kubectl.getSecret(serviceBusSecret, namespace, "{.data.primaryKey}")
-      env.PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY_NAME = 'RootManageSharedAccessKey'
 
     }
   }

build.gradle

@@ -3,9 +3,9 @@ plugins {
   id 'checkstyle'
   id 'pmd'
   id 'jacoco'
-  id 'io.spring.dependency-management' version '1.1.0'
+  id 'io.spring.dependency-management' version '1.1.3'
   id 'org.flywaydb.flyway' version '9.20.0'
-  id 'org.springframework.boot' version '2.7.14'
+  id 'org.springframework.boot' version '2.7.17'
   id 'org.owasp.dependencycheck' version '8.3.1'
   id 'com.github.ben-manes.versions' version '0.47.0'
   id 'org.sonarqube' version '4.2.1.3168'
@@ -274,7 +274,7 @@ dependencyManagement {
       entry 'logback-classic'
     }
     //CVE-2022-24823
-    dependencySet(group: 'io.netty', version: '4.1.94.Final') {
+    dependencySet(group: 'io.netty', version: '4.1.99.Final') {
       entry 'netty-buffer'
       entry 'netty-codec'
       entry 'netty-codec-dns'

charts/bulk-scan-processor/Chart.yaml

@@ -1,7 +1,7 @@
 name: bulk-scan-processor
 apiVersion: v2
 home: https://github.com/hmcts/bulk-scan-processor
-version: 1.0.17
+version: 1.0.18
 description: HMCTS Bulk scan processor service
 maintainers:
   - name: HMCTS BSP Team

charts/bulk-scan-processor/values.preview.template.yaml

@@ -1,8 +1,5 @@
 java:
   secrets:
-    SB_ACCESS_KEY:
-      secretRef: bsp-servicebus-preview
-      key: primaryKey
     TEST_STORAGE_ACCOUNT_NAME:
       secretRef: storage-account-{{ .Release.Name }}-blobstorage
       key: storage_account_name
@@ -24,16 +21,15 @@ java:
   environment:
     STORAGE_BLOB_SELECTED_CONTAINER: "bulkscan"
     STORAGE_URL: "$(STORAGE_URL)"
+    PROCESSED_ENVELOPES_QUEUE_NAMESPACE: "bsp-sb-preview"
+    PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY_NAME: "RootManageSharedAccessKey"
     QUEUE_ACCESS_KEY_LISTEN_NAME: "RootManageSharedAccessKey"
     QUEUE_ACCESS_KEY_SEND_NAME: "RootManageSharedAccessKey"
-    QUEUE_ENVELOPE_SEND_ACCESS_KEY: "$(SB_ACCESS_KEY)"
     QUEUE_ENVELOPE_NAME: "{{ .Release.Name }}-servicebus-envelopes"
     QUEUE_PROCESSED_ENVELOPES_NAME: "{{ .Release.Name }}-servicebus-processed-envelopes"
     QUEUE_NOTIFICATIONS_NAME: "{{ .Release.Name }}-servicebus-notifications"
     QUEUE_NAMESPACE: "bsp-sb-preview"
     QUEUE_NOTIFICATIONS_NAMESPACE: "bsp-sb-preview"
-    QUEUE_NOTIFICATIONS_SEND_ACCESS_KEY: "$(SB_ACCESS_KEY)"
-    QUEUE_PROCESSED_ENVELOPES_READ_ACCESS_KEY: "$(SB_ACCESS_KEY)"
     BULK_SCANNING_DB_USER_NAME: "{{ .Values.postgresql.auth.username}}"
     BULK_SCANNING_DB_PASSWORD: "{{ .Values.postgresql.auth.password}}"
     BULK_SCANNING_DB_NAME: "{{ .Values.postgresql.auth.database}}"
@@ -64,6 +60,14 @@ java:
           alias: idam.users.bulkscan.username
         - name: idam-users-bulkscan-password
           alias: idam.users.bulkscan.password
+        - name: all-preview-queue-access-key
+          alias: QUEUE_ENVELOPE_SEND_ACCESS_KEY
+        - name: all-preview-queue-access-key
+          alias: QUEUE_NOTIFICATIONS_SEND_ACCESS_KEY
+        - name: all-preview-queue-access-key
+          alias: QUEUE_PROCESSED_ENVELOPES_READ_ACCESS_KEY
+        - name: all-preview-queue-access-key
+          alias: PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY
 
   # Don't modify below here
   image: ${IMAGE_NAME}
@@ -75,17 +79,14 @@ java:
     postgresqlPassword: bsppassword
     postgresqlDatabase: bulk_scan
 servicebus:
-  resourceGroup: bulk-scan-aso-preview-rg
-  teamName: "Software Engineering"
-  location: uksouth
-  serviceplan: basic
+  enabled: true
+  resourceGroup: bsp-aso-preview-rg
   sbNamespace: bsp-servicebus-preview
   setup:
     queues:
       - name: envelopes
       - name: notifications
       - name: processed-envelopes
-  enabled: true
 
 blobstorage:
   resourceGroup: bulk-scan-aks-rg