From e451f98f47b455c7e252489cb1742061d81935ec Mon Sep 17 00:00:00 2001 From: Imran Ali <101260174+justiceia@users.noreply.github.com> Date: Wed, 22 Nov 2023 16:18:15 +0000 Subject: [PATCH] master branch fixes (#3188) * added 1 month to dependancy suppression * dependancies * chart 4.1.4 to 5.0.0 * Bumping chart version/ fixing aliases * resourcegroup name * Revert "resourcegroup name" This reverts commit 5e0f41b611a1da1b265e8460634a1c22dcb71234. * Update Jenkinsfile_CNP * trying random stuff * dependancy fix attempt * suppress CVE-2023-4586 for 10days * returning java version * longer suppression * tomcat dependancy fix * gradle 8.1 * gradle not upgrade * undo tomcat dependancy * tomcat suppression * helm chart update * changing servicebussecret back * changing servicebus deets * extending suppression for a bit * extended 1 more * trying jenkinsfile_CNP change * adding as secrets * temp suppression * removed smoke changes * combined secrets addition * sbNamespace change * trying renameing enviroment refernces to queues * changing back environment queues * changing serviceBusSecret back * Revert "changing serviceBusSecret back" This reverts commit 524274b77c9ceebd0b4abbeec8e1ec1757aa16ce. * tried to fix it * fixing cves * key ref correction * secrets fiddling * conf trash * changed TestConfiguration to work with application.yaml so we can use defaults * Revert "changed TestConfiguration to work with application.yaml so we can use defaults" This reverts commit 30fa2f4670795c006ee2513908fbb24936dde3c8. * added default within jenkilsfile cnp * servicebus to sb --------- Co-authored-by: hmcts-jenkins-a-to-c <62422075+hmcts-jenkins-a-to-c[bot]@users.noreply.github.com> Co-authored-by: jordankainos --- Jenkinsfile_CNP | 13 ++++++----- build.gradle | 6 ++--- charts/bulk-scan-processor/Chart.yaml | 2 +- .../values.preview.template.yaml | 23 ++++++++++--------- 4 files changed, 23 insertions(+), 21 deletions(-) diff --git a/Jenkinsfile_CNP b/Jenkinsfile_CNP index 5a96e44249..25ee0f13cd 100644 --- a/Jenkinsfile_CNP +++ b/Jenkinsfile_CNP @@ -16,8 +16,7 @@ def channel = '#bsp-build-notices' def combinedSecrets = [ 'bulk-scan-${env}': [ secret('storage-account-staging-primary-key', 'TEST_STORAGE_ACCOUNT_KEY'), - secret('storage-account-staging-name', 'TEST_STORAGE_ACCOUNT_NAME'), - secret('processed-envelopes-staging-queue-send-shared-access-key', 'PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY') + secret('storage-account-staging-name', 'TEST_STORAGE_ACCOUNT_NAME') ], 's2s-${env}': [ // to be removed later @@ -27,6 +26,11 @@ def combinedSecrets = [ ] def commonSecrets = [ + 'bulk-scan-${env}': [ + secret('all-preview-queue-access-key', 'PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY'), + secret('idam-users-bulkscan-username', 'IDAM_USER_NAME'), + secret('idam-users-bulkscan-password', 'IDAM_USER_PASSWORD') + ], 's2s-${env}': [ // to be removed later secret('microservicekey-bulk-scan-processor-tests', 'TEST_S2S_SECRET'), @@ -54,7 +58,6 @@ withPipeline(type, product, component) { env.TEST_STORAGE_ACCOUNT_URL = 'https://bulkscanaatstaging.blob.core.windows.net' env.FLUX_FUNC_TEST = false env.PROCESSED_ENVELOPES_QUEUE_NAME = 'processed-envelopes-staging' - env.PROCESSED_ENVELOPES_QUEUE_NAMESPACE = 'bulk-scan-servicebus-aat-premium' env.PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY_NAME = 'SendSharedAccessKey' env.JMS_ENABLED = false env.SPRING_PROFILES_ACTIVE = 'default' @@ -65,7 +68,6 @@ withPipeline(type, product, component) { def subscription = env.SUBSCRIPTION_NAME def aksServiceName = dockerImage.getAksServiceName().toLowerCase() def storageSecret = "storage-secret-${aksServiceName}-blobstorage" - def serviceBusSecret = "bsp-servicebus-preview" def storageSecretName = "storage-account-${aksServiceName}-blobstorage" def namespace = new TeamConfig(this).getNameSpace(product) def kubectl = new Kubectl(this, subscription, namespace) @@ -85,9 +87,8 @@ withPipeline(type, product, component) { // Get envelopes queue connection string env.PROCESSED_ENVELOPES_QUEUE_NAME = "${aksServiceName}-servicebus-processed-envelopes" + env.PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY_NAME = "RootManageSharedAccessKey" env.PROCESSED_ENVELOPES_QUEUE_NAMESPACE = "bsp-sb-preview" - env.PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY = kubectl.getSecret(serviceBusSecret, namespace, "{.data.primaryKey}") - env.PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY_NAME = 'RootManageSharedAccessKey' } } diff --git a/build.gradle b/build.gradle index 289738b6e5..6a7c4df281 100644 --- a/build.gradle +++ b/build.gradle @@ -3,9 +3,9 @@ plugins { id 'checkstyle' id 'pmd' id 'jacoco' - id 'io.spring.dependency-management' version '1.1.0' + id 'io.spring.dependency-management' version '1.1.3' id 'org.flywaydb.flyway' version '9.20.0' - id 'org.springframework.boot' version '2.7.14' + id 'org.springframework.boot' version '2.7.17' id 'org.owasp.dependencycheck' version '8.3.1' id 'com.github.ben-manes.versions' version '0.47.0' id 'org.sonarqube' version '4.2.1.3168' @@ -274,7 +274,7 @@ dependencyManagement { entry 'logback-classic' } //CVE-2022-24823 - dependencySet(group: 'io.netty', version: '4.1.94.Final') { + dependencySet(group: 'io.netty', version: '4.1.99.Final') { entry 'netty-buffer' entry 'netty-codec' entry 'netty-codec-dns' diff --git a/charts/bulk-scan-processor/Chart.yaml b/charts/bulk-scan-processor/Chart.yaml index 69f5464a04..c7eb2d10c2 100644 --- a/charts/bulk-scan-processor/Chart.yaml +++ b/charts/bulk-scan-processor/Chart.yaml @@ -1,7 +1,7 @@ name: bulk-scan-processor apiVersion: v2 home: https://github.com/hmcts/bulk-scan-processor -version: 1.0.17 +version: 1.0.18 description: HMCTS Bulk scan processor service maintainers: - name: HMCTS BSP Team diff --git a/charts/bulk-scan-processor/values.preview.template.yaml b/charts/bulk-scan-processor/values.preview.template.yaml index 4cea1fab67..e17aeb4df0 100644 --- a/charts/bulk-scan-processor/values.preview.template.yaml +++ b/charts/bulk-scan-processor/values.preview.template.yaml @@ -1,8 +1,5 @@ java: secrets: - SB_ACCESS_KEY: - secretRef: bsp-servicebus-preview - key: primaryKey TEST_STORAGE_ACCOUNT_NAME: secretRef: storage-account-{{ .Release.Name }}-blobstorage key: storage_account_name @@ -24,16 +21,15 @@ java: environment: STORAGE_BLOB_SELECTED_CONTAINER: "bulkscan" STORAGE_URL: "$(STORAGE_URL)" + PROCESSED_ENVELOPES_QUEUE_NAMESPACE: "bsp-sb-preview" + PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY_NAME: "RootManageSharedAccessKey" QUEUE_ACCESS_KEY_LISTEN_NAME: "RootManageSharedAccessKey" QUEUE_ACCESS_KEY_SEND_NAME: "RootManageSharedAccessKey" - QUEUE_ENVELOPE_SEND_ACCESS_KEY: "$(SB_ACCESS_KEY)" QUEUE_ENVELOPE_NAME: "{{ .Release.Name }}-servicebus-envelopes" QUEUE_PROCESSED_ENVELOPES_NAME: "{{ .Release.Name }}-servicebus-processed-envelopes" QUEUE_NOTIFICATIONS_NAME: "{{ .Release.Name }}-servicebus-notifications" QUEUE_NAMESPACE: "bsp-sb-preview" QUEUE_NOTIFICATIONS_NAMESPACE: "bsp-sb-preview" - QUEUE_NOTIFICATIONS_SEND_ACCESS_KEY: "$(SB_ACCESS_KEY)" - QUEUE_PROCESSED_ENVELOPES_READ_ACCESS_KEY: "$(SB_ACCESS_KEY)" BULK_SCANNING_DB_USER_NAME: "{{ .Values.postgresql.auth.username}}" BULK_SCANNING_DB_PASSWORD: "{{ .Values.postgresql.auth.password}}" BULK_SCANNING_DB_NAME: "{{ .Values.postgresql.auth.database}}" @@ -64,6 +60,14 @@ java: alias: idam.users.bulkscan.username - name: idam-users-bulkscan-password alias: idam.users.bulkscan.password + - name: all-preview-queue-access-key + alias: QUEUE_ENVELOPE_SEND_ACCESS_KEY + - name: all-preview-queue-access-key + alias: QUEUE_NOTIFICATIONS_SEND_ACCESS_KEY + - name: all-preview-queue-access-key + alias: QUEUE_PROCESSED_ENVELOPES_READ_ACCESS_KEY + - name: all-preview-queue-access-key + alias: PROCESSED_ENVELOPES_QUEUE_WRITE_ACCESS_KEY # Don't modify below here image: ${IMAGE_NAME} @@ -75,17 +79,14 @@ java: postgresqlPassword: bsppassword postgresqlDatabase: bulk_scan servicebus: - resourceGroup: bulk-scan-aso-preview-rg - teamName: "Software Engineering" - location: uksouth - serviceplan: basic + enabled: true + resourceGroup: bsp-aso-preview-rg sbNamespace: bsp-servicebus-preview setup: queues: - name: envelopes - name: notifications - name: processed-envelopes - enabled: true blobstorage: resourceGroup: bulk-scan-aks-rg