GRAD2-3282 - Apply client authentication to GRAD-STUDENT-GRADUATION-API

Author: kamal-mohammed

.github/workflows/build.from.developer.branch.deploy.to.dev.yml

@@ -10,6 +10,9 @@ env:
   COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE }}
   NAMESPACE: ${{ secrets.GRAD_NAMESPACE }}
   BUSINESS_NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }}
+  KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }}
+  KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }}
+  TARGET_ENV: dev
 
   # 🖊️ EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
@@ -95,6 +98,20 @@ jobs:
           username: ${{ env.IMAGE_REGISTRY_USER }}
           password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
 
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        run: npm install axios
+
+      - name: Create/Update clients
+        run: node ./tools/config/clients-and-scopes.js
+
+      - name: Create/Update secrets
+        run: node ./tools/openshift/fetch-and-create-secrets.js
+
       # The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }}
       - name: Install oc
         uses: redhat-actions/openshift-tools-installer@v1

.github/workflows/build.from.main.branch.deploy.to.dev.yml

@@ -10,6 +10,9 @@ env:
   COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }}
   GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}
   BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}
+  KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }}
+  KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }}
+  TARGET_ENV: dev
 
   # 🖊️ EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
@@ -81,6 +84,20 @@ jobs:
           username: ${{ env.IMAGE_REGISTRY_USER }}
           password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
 
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        run: npm install axios
+
+      - name: Create/Update clients
+        run: node ./tools/config/clients-and-scopes.js
+
+      - name: Create/Update secrets
+        run: node ./tools/openshift/fetch-and-create-secrets.js
+
       # The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }}
       - name: Install oc
         uses: redhat-actions/openshift-tools-installer@v1

.github/workflows/build.from.release.branch.deploy.to.dev.yml

@@ -10,6 +10,9 @@ env:
   COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }}
   GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}
   BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}
+  KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }}
+  KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }}
+  TARGET_ENV: dev
 
   # 🖊️ EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
@@ -89,6 +92,20 @@ jobs:
           username: ${{ env.IMAGE_REGISTRY_USER }}
           password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
 
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        run: npm install axios
+
+      - name: Create/Update clients
+        run: node ./tools/config/clients-and-scopes.js
+
+      - name: Create/Update secrets
+        run: node ./tools/openshift/fetch-and-create-secrets.js
+
       # The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }}
       - name: Install oc
         uses: redhat-actions/openshift-tools-installer@v1

.github/workflows/deploy_latest_to_test.yml

@@ -9,6 +9,9 @@ env:
   OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-test
   COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }}
   BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}
+  KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }}
+  KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }}
+  TARGET_ENV: test
 
   SPRING_BOOT_IMAGE_NAME: educ-grad-student-graduation-api
 
@@ -38,6 +41,20 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@v4
 
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        run: npm install axios
+
+      - name: Create/Update clients
+        run: node ./tools/config/clients-and-scopes.js
+
+      - name: Create/Update secrets
+        run: node ./tools/openshift/fetch-and-create-secrets.js
+
       - name: Install oc
         uses: redhat-actions/openshift-tools-installer@v1
         with:

.github/workflows/deploy_prod.yml

@@ -9,6 +9,9 @@ env:
   OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-prod
   COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }}
   BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}
+  KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }}
+  KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }}
+  TARGET_ENV: prod
 
   SPRING_BOOT_IMAGE_NAME: educ-grad-student-graduation-api
 
@@ -42,6 +45,20 @@ jobs:
         uses: actions-ecosystem/action-get-latest-tag@v1
         id: get-latest-tag
 
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        run: npm install axios
+
+      - name: Create/Update clients
+        run: node ./tools/config/clients-and-scopes.js
+
+      - name: Create/Update secrets
+        run: node ./tools/openshift/fetch-and-create-secrets.js
+
       - name: Install oc
         uses: redhat-actions/openshift-tools-installer@v1
         with:
@@ -75,7 +92,7 @@ jobs:
           -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f -
           
           # UPDATE Configmaps
-          curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
+          curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ steps.get-latest-tag.outputs.tag }}/tools/config/update-configmap.sh \
           | bash /dev/stdin \
           prod \
           ${{ env.REPO_NAME }} \

.github/workflows/deploy_test.yml

@@ -9,6 +9,9 @@ env:
   OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-test
   COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }}
   BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}
+  KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }}
+  KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }}
+  TARGET_ENV: test
 
   SPRING_BOOT_IMAGE_NAME: educ-grad-student-graduation-api
 
@@ -42,6 +45,20 @@ jobs:
         uses: actions-ecosystem/action-get-latest-tag@v1
         id: get-latest-tag
 
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        run: npm install axios
+
+      - name: Create/Update clients
+        run: node ./tools/config/clients-and-scopes.js
+
+      - name: Create/Update secrets
+        run: node ./tools/openshift/fetch-and-create-secrets.js
+
       - name: Install oc
         uses: redhat-actions/openshift-tools-installer@v1
         with:
@@ -75,7 +92,7 @@ jobs:
           -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f -
           
           # UPDATE Configmaps
-          curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
+          curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ steps.get-latest-tag.outputs.tag }}/tools/config/update-configmap.sh \
           | bash /dev/stdin \
           test \
           ${{ env.REPO_NAME }} \

.gitignore

@@ -55,4 +55,5 @@ build/
 .vscode/
 
 ### Local dev ###
-**/application-local.yaml
+**/application-local.yaml
+**/generate-local-env.sh

api/pom.xml

@@ -68,6 +68,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
        <!-- GRAD2-1899, getting rid of spring security dependency to upgrade api to spring boot 3.0.2-->
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>

api/src/main/java/ca/bc/gov/educ/api/studentgraduation/config/FlywayMigrationStrategyImpl.java

@@ -1,24 +1,24 @@
 package ca.bc.gov.educ.api.studentgraduation.config;
 
+import lombok.extern.slf4j.Slf4j;
 import org.flywaydb.core.Flyway;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.autoconfigure.flyway.FlywayMigrationStrategy;
 import org.springframework.stereotype.Component;
 
+@Slf4j
 @Component
 public class FlywayMigrationStrategyImpl implements FlywayMigrationStrategy {
 
-    private static Logger logger = LoggerFactory.getLogger(FlywayMigrationStrategyImpl.class);
-
     @Override
     public void migrate(Flyway flyway) {
         if (!flyway.validateWithResult().validationSuccessful) {
             flyway.repair();
         }
-        logger.info("\n");
-        logger.info("************FLYWAY-MIGRATE**********");
+        log.info("\n");
+        log.info("************FLYWAY-MIGRATE**********");
         flyway.migrate();
-        logger.info("************FLYWAY-MIGRATE-END**********\n\n");
+        log.info("************FLYWAY-MIGRATE-END**********\n\n");
     }
 }

api/src/main/java/ca/bc/gov/educ/api/studentgraduation/config/GradStudentGraduationConfig.java

@@ -2,17 +2,10 @@
 
 import ca.bc.gov.educ.api.studentgraduation.util.EducGradStudentGraduationApiConstants;
 import ca.bc.gov.educ.api.studentgraduation.util.LogHelper;
-import ca.bc.gov.educ.api.studentgraduation.util.ThreadLocalStateUtil;
 import org.modelmapper.ModelMapper;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.client.RestTemplate;
-import org.springframework.web.reactive.function.client.ClientRequest;
-import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
-import org.springframework.web.reactive.function.client.WebClient;
-import reactor.netty.http.client.HttpClient;
 
 @Configuration
 public class GradStudentGraduationConfig {
@@ -28,50 +21,6 @@ public GradStudentGraduationConfig(EducGradStudentGraduationApiConstants constan
 
 	@Bean
 	public ModelMapper modelMapper() {
-
-		ModelMapper modelMapper = new ModelMapper();
-		//modelMapper.typeMap(GradProgramEntity.class, GradProgram.class);
-		//modelMapper.typeMap(GradProgram.class, GradProgramEntity.class);
-		return modelMapper;
-	}
-
-	@Bean
-	public WebClient webClient() {
-		HttpClient client = HttpClient.create();
-		client.warmup().block();
-		return WebClient.builder()
-				.filter(setRequestHeaders())
-				.filter(this.log())
-				.build();
-	}
-
-	@Bean
-	public RestTemplate restTemplate(RestTemplateBuilder builder) {
-		return builder.build();
-	}
-
-	private ExchangeFilterFunction setRequestHeaders() {
-		return (clientRequest, next) -> {
-			ClientRequest modifiedRequest = ClientRequest.from(clientRequest)
-					.header(EducGradStudentGraduationApiConstants.CORRELATION_ID, ThreadLocalStateUtil.getCorrelationID())
-					.header(EducGradStudentGraduationApiConstants.USER_NAME, ThreadLocalStateUtil.getCurrentUser())
-					.header(EducGradStudentGraduationApiConstants.REQUEST_SOURCE, EducGradStudentGraduationApiConstants.API_NAME)
-					.build();
-			return next.exchange(modifiedRequest);
-		};
+		return new ModelMapper();
 	}
-
-	private ExchangeFilterFunction log() {
-		return (clientRequest, next) -> next
-				.exchange(clientRequest)
-				.doOnNext((clientResponse -> logHelper.logClientHttpReqResponseDetails(
-						clientRequest.method(),
-						clientRequest.url().toString(),
-						clientResponse.statusCode().value(),
-						clientRequest.headers().get(EducGradStudentGraduationApiConstants.CORRELATION_ID),
-						clientRequest.headers().get(EducGradStudentGraduationApiConstants.REQUEST_SOURCE),
-						constants.isSplunkLogHelperEnabled())
-				));
-	}
-
 }