feat: PROMOTE TO UAT (#8)

pagopa · Nov 29, 2024 · e1aaa83 · e1aaa83
2 parents 2ddd53c + f487fc7
commit e1aaa83
Show file tree

Hide file tree

Showing 41 changed files with 1,459 additions and 25 deletions.
diff --git a/.devops/deploy-pipelines.yml b/.devops/deploy-pipelines.yml
@@ -52,6 +52,7 @@ variables:
     kubernetesServiceConnection: '$(PROD_KUBERNETES_SERVICE_CONN)'
     containerRegistry: '$(PROD_CONTAINER_REGISTRY_NAME)'
     selfHostedAgentPool: $(PROD_AGENT_POOL)
+    postmanEnvFile: p4pa_PROD.postman_environment.json #Not used
 
   ${{ else }}:
     environment: 'DEV'

diff --git a/.github/workflows/codereview.yml b/.github/workflows/codereview.yml
@@ -24,7 +24,7 @@ jobs:
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 #v4.2.1
         with:
           distribution: 'corretto'
-          java-version: 17
+          java-version: 21
 
       - name: Grant execute permission for gradlew
         run: chmod +x ./gradlew
@@ -46,3 +46,4 @@ jobs:
           -Dsonar.sources=src/main
           -Dsonar.tests=src/test
           -Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml
+          -Dsonar.exclusions='**/enums/**, **/model/**, **/dto/**, **/*Constant*, **/*Config.java, **/*Scheduler.java, **/*Application.java, **/src/test/**, **/Dummy*.java'
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -37,7 +37,7 @@ jobs:
         run: docker build . --file Dockerfile --tag localbuild/testimage:latest
       - name: Run the Trivy scan action itself with GitHub Advanced Security code scanning integration enabled
         id: scan
-        uses: aquasecurity/trivy-action@0.28.0 #v0.28.0
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
         with:
           trivy-config: 'config/trivy.yaml'
           image-ref: "localbuild/testimage:latest"

diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,10 @@
-# syntax=docker/dockerfile:1.4
+# syntax=docker/dockerfile:1.4@sha256:9ba7531bd80fb0a858632727cf7a112fbfd19b17e94c4e84ced81e24ef1a0dbc
 
 #
 # 🎯 Version Management
 #
-ARG CORRETTO_VERSION="17-alpine3.19"
-ARG CORRETTO_SHA="2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477"
+ARG CORRETTO_VERSION="21-alpine3.20"
+ARG CORRETTO_SHA="8b16834e7fabfc62d4c8faa22de5df97f99627f148058d52718054aaa4ea3674"
 ARG GRADLE_VERSION="8.10.2"
 ARG GRADLE_DOWNLOAD_SHA256="31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26"
 ARG APPINSIGHTS_VERSION="3.5.2"
@@ -93,6 +93,7 @@ WORKDIR /build
 COPY --chown=${APP_USER}:${APP_GROUP} build.gradle.kts settings.gradle.kts ./
 COPY --chown=${APP_USER}:${APP_GROUP} gradle.lockfile ./
 COPY --chown=${APP_USER}:${APP_GROUP} openapi openapi/
+COPY --chown=${APP_USER}:${APP_GROUP} src/main/resources src/main/resources
 
 # Generate OpenAPI stubs and download dependencies
 RUN mkdir -p src/main/java && \
@@ -101,7 +102,9 @@ RUN mkdir -p src/main/java && \
 
 USER ${APP_USER}
 
-RUN gradle openApiGenerate dependencies --no-daemon
+RUN gradle openApiGeneratePayhub dependencies --no-daemon
+
+RUN gradle openApiGeneratePdndClient dependencies --no-daemon
 
 #
 # 🏗️ Build Stage

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -14,7 +14,7 @@ description = "p4pa-pdnd-services"
 
 java {
 	toolchain {
-		languageVersion = JavaLanguageVersion.of(17)
+		languageVersion = JavaLanguageVersion.of(21)
 	}
 }
 
@@ -31,6 +31,12 @@ repositories {
 val springDocOpenApiVersion = "2.6.0"
 val openApiToolsVersion = "0.2.6"
 val findbugsVersion = "3.0.2"
+val javaJwtVersion = "4.4.0"
+val jwksRsaVersion = "0.22.1"
+val nimbusJoseJwtVersion = "9.47"
+val jjwtVersion = "0.12.6"
+val wiremockVersion = "3.9.2"
+val wiremockSpringBootVersion = "2.1.3"
 
 dependencies {
 	implementation("org.springframework.boot:spring-boot-starter")
@@ -45,11 +51,19 @@ dependencies {
 	compileOnly("org.projectlombok:lombok")
 	annotationProcessor("org.projectlombok:lombok")
 
+	// validation token jwt
+	implementation("com.auth0:java-jwt:$javaJwtVersion")
+	implementation("com.auth0:jwks-rsa:$jwksRsaVersion")
+	implementation("com.nimbusds:nimbus-jose-jwt:$nimbusJoseJwtVersion")
+	implementation("io.jsonwebtoken:jjwt-api:$jjwtVersion")
+
 	//	Testing
 	testImplementation("org.springframework.boot:spring-boot-starter-test")
 	testImplementation("org.springframework.security:spring-security-test")
 	testImplementation("org.mockito:mockito-core")
 	testImplementation ("org.projectlombok:lombok")
+	testImplementation ("org.wiremock:wiremock-standalone:$wiremockVersion")
+	testImplementation ("com.maciejwalkowiak.spring:wiremock-spring-boot:$wiremockSpringBootVersion")
 }
 
 tasks.withType<Test> {
@@ -84,21 +98,24 @@ configurations {
 }
 
 tasks.compileJava {
-	dependsOn("openApiGenerate")
+	dependsOn("openApiGeneratePayhub","openApiGeneratePdndClient")
 }
 
-
 configure<SourceSetContainer> {
 	named("main") {
 		java.srcDir("$projectDir/build/generated/src/main/java")
+		java.srcDir("$projectDir/build/generated/pdnd-client/src/main/java")
 	}
 }
 
 springBoot {
 	mainClass.value("it.gov.pagopa.payhub.pdnd.PayhubPdndApplication")
 }
 
-openApiGenerate {
+tasks.register<org.openapitools.generator.gradle.plugin.tasks.GenerateTask>("openApiGeneratePayhub") {
+	group = "openapi"
+	description = "description"
+
 	generatorName.set("spring")
 	inputSpec.set("$rootDir/openapi/p4pa-pdnd.openapi.yaml")
 	outputDir.set("$projectDir/build/generated")
@@ -112,6 +129,29 @@ openApiGenerate {
 		"useTags" to "true",
 		"generateConstructorWithAllArgs" to "false",
 		"generatedConstructorWithRequiredArgs" to "false",
-		"additionalModelTypeAnnotations" to "@lombok.Data @lombok.Builder @lombok.AllArgsConstructor @lombok.RequiredArgsConstructor"
+		"additionalModelTypeAnnotations" to "@lombok.Data @lombok.Builder @lombok.AllArgsConstructor @lombok.RequiredArgsConstructor",
+		"serializationLibrary" to "jackson"
+	))
+}
+
+tasks.register<org.openapitools.generator.gradle.plugin.tasks.GenerateTask>("openApiGeneratePdndClient") {
+	group = "openapi"
+	description = "description"
+
+	generatorName.set("java")
+	inputSpec.set("$rootDir/src/main/resources/pdnd/pdnd-v1.yaml")
+	outputDir.set("$projectDir/build/generated/pdnd-client")
+	apiPackage.set("it.gov.pagopa.payhub.pdnd.connector.pdnd.generated.api")
+	modelPackage.set("it.gov.pagopa.payhub.pdnd.connector.pdnd.generated.dto")
+	modelNameSuffix.set("DTO")
+	configOptions.set(mapOf(
+		"swaggerAnnotations" to "false",
+		"openApiNullable" to "false",
+		"dateLibrary" to "java17",
+		"useSpringBoot3" to "true",
+		"useJakartaEe" to "true",
+		"serializationLibrary" to "jackson",
+		"generateSupportingFiles" to "true"
 	))
+	library.set("resttemplate")
 }
diff --git a/gradle.lockfile b/gradle.lockfile
@@ -3,6 +3,8 @@
 # This file is expected to be part of source control.
 ch.qos.logback:logback-classic:1.5.11=compileClasspath
 ch.qos.logback:logback-core:1.5.11=compileClasspath
+com.auth0:java-jwt:4.4.0=compileClasspath
+com.auth0:jwks-rsa:0.22.1=compileClasspath
 com.fasterxml.jackson.core:jackson-annotations:2.17.2=compileClasspath
 com.fasterxml.jackson.core:jackson-core:2.17.2=compileClasspath
 com.fasterxml.jackson.core:jackson-databind:2.17.2=compileClasspath
@@ -12,6 +14,8 @@ com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.2=compileClasspath
 com.fasterxml.jackson.module:jackson-module-parameter-names:2.17.2=compileClasspath
 com.fasterxml.jackson:jackson-bom:2.17.2=compileClasspath
 com.google.code.findbugs:jsr305:3.0.2=compileClasspath
+com.nimbusds:nimbus-jose-jwt:9.47=compileClasspath
+io.jsonwebtoken:jjwt-api:0.12.6=compileClasspath
 io.micrometer:micrometer-commons:1.13.6=compileClasspath
 io.micrometer:micrometer-core:1.13.6=compileClasspath
 io.micrometer:micrometer-jakarta9:1.13.6=compileClasspath

diff --git a/helm/values-dev.yaml b/helm/values-dev.yaml
@@ -31,6 +31,13 @@ microservice-chart:
     ENV: "DEV"
     JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -javaagent:/app/applicationinsights-agent.jar -Dapplicationinsights.configuration.file=/mnt/file-config-external/appinsights-config/applicationinsights.json -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
 
+    PDND_BASE_URL: https://auth.uat.interop.pagopa.it
+    PDND_ACCESS_TOKEN_AUDIENCE: auth.uat.interop.pagopa.it/client-assertion
+    PDND_SERVICE_CLIENTID: 890b7ca9-b402-4dce-9e8d-9a333d22d76d
+    PDND_SERVICE_KID: jxOpPRxM6oFcnnKtICqeW5l7fbxLr45IAsJ8Q9s-fK8
+    PDND_SERVICE_ANPR_C003_PURPOSE_ID: 5ba1f38f-6a91-4da4-8a42-4da1aa55bfee
+    PDND_SERVICE_ANPR_C030_PURPOSE_ID: 87520bd5-207a-4616-85d9-10d7bb3e88b8
+
   keyvault:
     name: "p4pa-d-payhub-kv"
     tenantId: "7788edaf-0346-4068-9d79-c868aed15b3d"
diff --git a/helm/values-prod.yaml b/helm/values-prod.yaml
@@ -31,6 +31,14 @@ microservice-chart:
     ENV: "PROD"
     JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -javaagent:/app/applicationinsights-agent.jar -Dapplicationinsights.configuration.file=/mnt/file-config-external/appinsights-config/applicationinsights.json -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
 
+    #TODO edit with real env when prod is ready P4ADEV-1518
+    PDND_BASE_URL: https://auth.uat.interop.pagopa.it
+    PDND_ACCESS_TOKEN_AUDIENCE: auth.uat.interop.pagopa.it/client-assertion
+    PDND_SERVICE_CLIENTID: 890b7ca9-b402-4dce-9e8d-9a333d22d76d
+    PDND_SERVICE_KID: jxOpPRxM6oFcnnKtICqeW5l7fbxLr45IAsJ8Q9s-fK8
+    PDND_SERVICE_ANPR_C003_PURPOSE_ID: 5ba1f38f-6a91-4da4-8a42-4da1aa55bfee
+    PDND_SERVICE_ANPR_C030_PURPOSE_ID: 87520bd5-207a-4616-85d9-10d7bb3e88b8
+
   keyvault:
     name: "p4pa-p-payhub-kv"
     tenantId: "7788edaf-0346-4068-9d79-c868aed15b3d"
diff --git a/helm/values-uat.yaml b/helm/values-uat.yaml
@@ -31,6 +31,13 @@ microservice-chart:
     ENV: "UAT"
     JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -javaagent:/app/applicationinsights-agent.jar -Dapplicationinsights.configuration.file=/mnt/file-config-external/appinsights-config/applicationinsights.json -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
 
+    PDND_BASE_URL: https://auth.uat.interop.pagopa.it
+    PDND_ACCESS_TOKEN_AUDIENCE: auth.uat.interop.pagopa.it/client-assertion
+    PDND_SERVICE_CLIENTID: 685e6542-8d1b-4837-a555-130e92c9dc6c
+    PDND_SERVICE_KID: y80rvmuzGPyfMw0n6v5K-yWsyUVYXiICG2zzNPAJg64
+    PDND_SERVICE_ANPR_C003_PURPOSE_ID: 5ba1f38f-6a91-4da4-8a42-4da1aa55bfee
+    PDND_SERVICE_ANPR_C030_PURPOSE_ID: 87520bd5-207a-4616-85d9-10d7bb3e88b8
+
   keyvault:
     name: "p4pa-u-payhub-kv"
     tenantId: "7788edaf-0346-4068-9d79-c868aed15b3d"
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -61,10 +61,14 @@ microservice-chart:
     APPLICATIONINSIGHTS_PREVIEW_PROFILER_ENABLED: "false"
     ENABLE_AUDIT_APPENDER: "TRUE"
 
+    AUTH_SERVER_BASE_URL: "http://p4pa-auth-microservice-chart:8080/payhub"
 
   envSecret:
     APPLICATIONINSIGHTS_CONNECTION_STRING: appinsights-connection-string
 
+    PDND_SERVICE_PRIVATEKEY: piattaforma-unitaria-interop-priv
+    PDND_SERVICE_PUBLICKEY: piattaforma-unitaria-interop-pub
+
   # nodeSelector: {}
 
   # tolerations: []

diff --git a/src/main/java/it/gov/pagopa/payhub/pdnd/config/RestTemplateConfig.java b/src/main/java/it/gov/pagopa/payhub/pdnd/config/RestTemplateConfig.java
@@ -0,0 +1,28 @@
+package it.gov.pagopa.payhub.pdnd.config;
+
+import java.time.Duration;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.web.client.RestTemplateBuilderConfigurer;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration(proxyBeanMethods = false)
+public class RestTemplateConfig {
+  private final int connectTimeoutMillis;
+  private final int readTimeoutHandlerMillis;
+
+  public RestTemplateConfig(
+      @Value("${app.rest-client.connect.timeout.millis}") int connectTimeoutMillis,
+      @Value("${app.rest-client.read.timeout.millis}") int readTimeoutHandlerMillis) {
+    this.connectTimeoutMillis = connectTimeoutMillis;
+    this.readTimeoutHandlerMillis = readTimeoutHandlerMillis;
+  }
+
+  @Bean
+  public RestTemplateBuilder restTemplateBuilder(RestTemplateBuilderConfigurer configurer) {
+      return configurer.configure(new RestTemplateBuilder())
+          .setConnectTimeout(Duration.ofMillis(connectTimeoutMillis))
+          .setReadTimeout(Duration.ofMillis(readTimeoutHandlerMillis));
+  }
+}
diff --git a/src/main/java/it/gov/pagopa/payhub/pdnd/config/pdnd/PdndConfig.java b/src/main/java/it/gov/pagopa/payhub/pdnd/config/pdnd/PdndConfig.java
@@ -0,0 +1,12 @@
+package it.gov.pagopa.payhub.pdnd.config.pdnd;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@ConfigurationProperties(prefix = "app.pdnd.config")
+@Data
+public class PdndConfig {
+    private String audience;
+}
diff --git a/src/main/java/it/gov/pagopa/payhub/pdnd/config/pdnd/PdndServiceIntegratedConfig.java b/src/main/java/it/gov/pagopa/payhub/pdnd/config/pdnd/PdndServiceIntegratedConfig.java
@@ -0,0 +1,17 @@
+package it.gov.pagopa.payhub.pdnd.config.pdnd;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public abstract class PdndServiceIntegratedConfig {
+  private String clientId;
+  private String kid;
+  private String purposeId;
+  private String privateKey;
+  private String publicKey;
+}
diff --git a/src/main/java/it/gov/pagopa/payhub/pdnd/config/pdnd/anpr/AnprC003ServiceConfig.java b/src/main/java/it/gov/pagopa/payhub/pdnd/config/pdnd/anpr/AnprC003ServiceConfig.java
@@ -0,0 +1,11 @@
+package it.gov.pagopa.payhub.pdnd.config.pdnd.anpr;
+
+import it.gov.pagopa.payhub.pdnd.config.pdnd.PdndServiceIntegratedConfig;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@ConfigurationProperties(prefix = "app.pdnd.anpr.services.c003")
+public class AnprC003ServiceConfig extends PdndServiceIntegratedConfig {
+
+}
diff --git a/src/main/java/it/gov/pagopa/payhub/pdnd/config/pdnd/anpr/AnprC030ServiceConfig.java b/src/main/java/it/gov/pagopa/payhub/pdnd/config/pdnd/anpr/AnprC030ServiceConfig.java
@@ -0,0 +1,11 @@
+package it.gov.pagopa.payhub.pdnd.config.pdnd.anpr;
+
+import it.gov.pagopa.payhub.pdnd.config.pdnd.PdndServiceIntegratedConfig;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@ConfigurationProperties(prefix = "app.pdnd.anpr.services.c030")
+public class AnprC030ServiceConfig extends PdndServiceIntegratedConfig {
+
+}
diff --git a/src/main/java/it/gov/pagopa/payhub/pdnd/connector/pdnd/client/PdndClient.java b/src/main/java/it/gov/pagopa/payhub/pdnd/connector/pdnd/client/PdndClient.java
@@ -0,0 +1,7 @@
+package it.gov.pagopa.payhub.pdnd.connector.pdnd.client;
+
+import it.gov.pagopa.payhub.pdnd.connector.pdnd.generated.dto.ClientCredentialsResponseDTO;
+
+public interface PdndClient {
+  ClientCredentialsResponseDTO getAccessToken(String clientId, String clientAssertions);
+}
diff --git a/src/main/java/it/gov/pagopa/payhub/pdnd/connector/pdnd/client/PdndClientImpl.java b/src/main/java/it/gov/pagopa/payhub/pdnd/connector/pdnd/client/PdndClientImpl.java
@@ -0,0 +1,30 @@
+package it.gov.pagopa.payhub.pdnd.connector.pdnd.client;
+
+import it.gov.pagopa.payhub.pdnd.connector.pdnd.generated.ApiClient;
+import it.gov.pagopa.payhub.pdnd.connector.pdnd.generated.api.AuthApi;
+import it.gov.pagopa.payhub.pdnd.connector.pdnd.generated.dto.ClientCredentialsResponseDTO;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.RestTemplate;
+
+@Service
+public class PdndClientImpl implements PdndClient {
+
+  private static final String CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
+  private static final String GRANT_TYPE = "client_credentials";
+  private final AuthApi authApi;
+
+  public PdndClientImpl(RestTemplateBuilder restTemplateBuilder,
+      @Value("${app.pdnd.base-url}") String pdndBaseUrl) {
+    RestTemplate restTemplate = restTemplateBuilder.build();
+    ApiClient apiClient = new ApiClient(restTemplate);
+    apiClient.setBasePath(pdndBaseUrl);
+    authApi = new AuthApi(apiClient);
+  }
+
+  @Override
+  public ClientCredentialsResponseDTO getAccessToken(String clientId, String clientAssertions) {
+    return authApi.createToken(clientAssertions, CLIENT_ASSERTION_TYPE, GRANT_TYPE, clientId);
+  }
+}