From 6332054ae75aaa7e7d9eba39ccfb1e986047ee8c Mon Sep 17 00:00:00 2001
From: vasudevganesanhmcts
<100689363+vasudevganesanhmcts@users.noreply.github.com>
Date: Mon, 15 Apr 2024 16:42:05 +0100
Subject: [PATCH] CIV-13426 import ccd definition issue fix (#111)
* changes required
* changing to yq
* Update .nvmrc
* Update suppressions.xml
* Update import-ccd-definition.sh
* changes
---
.nvmrc | 2 +-
Jenkinsfile_CNP | 30 ++++++++--------
bin/import-ccd-definition.sh | 3 +-
bin/pull-latest-release-asset.sh | 2 +-
bin/utils/ccd-import-definition.sh | 35 +++++++++++++++++--
bin/utils/idam-lease-user-token.sh | 4 +--
.../values.aat.template.yaml | 2 ++
.../values.preview.template.yaml | 2 ++
config/owasp/suppressions.xml | 4 +++
9 files changed, 62 insertions(+), 22 deletions(-)
diff --git a/.nvmrc b/.nvmrc
index 6d80269a..4a1f488b 100644
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-18.16.0
+18.17.1
diff --git a/Jenkinsfile_CNP b/Jenkinsfile_CNP
index 60618e2e..b724a5fe 100644
--- a/Jenkinsfile_CNP
+++ b/Jenkinsfile_CNP
@@ -62,21 +62,23 @@ withPipeline(type, product, component) {
loadVaultSecrets(secrets)
}
before('smoketest:preview') {
- sh """
- eval \$(./bin/variables/load-preview-environment-variables.sh ${CHANGE_ID})
- ./bin/add-roles.sh
- ./bin/pull-latest-camunda-files.sh ${camundaBranch}
- ./bin/import-ccd-definition.sh "-e *-prod.json,*HNL-nonprod.json,*-shuttered.json" ${ccddefbranch}
+ retry (3) {
+ sh """
+ eval \$(./bin/variables/load-preview-environment-variables.sh ${CHANGE_ID})
+ ./bin/add-roles.sh
+ ./bin/pull-latest-camunda-files.sh ${camundaBranch}
+ ./bin/import-ccd-definition.sh "-e *-prod.json,*HNL-nonprod.json,*-shuttered.json" ${ccddefbranch}
"""
- env.IDAM_API_URL = "https://idam-api.aat.platform.hmcts.net"
- env.CIVIL_ORCHESTRATOR_SERVICE_URL="https://civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
- env.CCD_DATA_STORE_URL = "https://ccd-data-store-api-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
- env.DM_STORE_URL = "http://dm-store-aat.service.core-compute-aat.internal"
- env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
- env.URL = "https://xui-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
- env.CIVIL_SERVICE_URL = "https://civil-service-civil-orchestrator-pr-${CHANGE_ID}.preview.platform.hmcts.net"
- yarnBuilder.yarn('yarn-update')
- yarnBuilder.yarn('install-dependencies')
+ }
+ env.IDAM_API_URL = "https://idam-api.aat.platform.hmcts.net"
+ env.CIVIL_ORCHESTRATOR_SERVICE_URL="https://civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+ env.CCD_DATA_STORE_URL = "https://ccd-data-store-api-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+ env.DM_STORE_URL = "http://dm-store-aat.service.core-compute-aat.internal"
+ env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+ env.URL = "https://xui-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+ env.CIVIL_SERVICE_URL = "https://civil-service-civil-orchestrator-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+ yarnBuilder.yarn('yarn-update')
+ yarnBuilder.yarn('install-dependencies')
}
afterAlways('smoketest:preview') {
diff --git a/bin/import-ccd-definition.sh b/bin/import-ccd-definition.sh
index f79f5805..5a646540 100755
--- a/bin/import-ccd-definition.sh
+++ b/bin/import-ccd-definition.sh
@@ -8,8 +8,8 @@ params="$@"
params="$1"
branchName="$2"
+rm -rf ./civil-ccd-definition
-#Checkout specific branch pf civil camunda bpmn definition
git clone https://github.com/hmcts/civil-ccd-definition.git
cd civil-ccd-definition
@@ -17,7 +17,6 @@ echo "Switch to ${branchName} branch on civil-ccd-definition"
git checkout ${branchName}
cd ..
-#Copy ccd definition files to civil-ccd-def which contians bpmn files
cp -r ./civil-ccd-definition/ccd-definition .
cp -r ./civil-ccd-definition/e2e .
cp -r ./civil-ccd-definition/package.json .
diff --git a/bin/pull-latest-release-asset.sh b/bin/pull-latest-release-asset.sh
index b1a5323c..d138f82d 100755
--- a/bin/pull-latest-release-asset.sh
+++ b/bin/pull-latest-release-asset.sh
@@ -9,7 +9,7 @@ token=$(az keyvault secret show --vault-name infra-vault-nonprod --name hmcts-gi
latestAssetId=$(curl -H "Authorization: token ${token}" \
https://api.github.com/repos/hmcts/${repoName}/releases/latest \
- | docker run --rm --interactive stedolan/jq ".assets[] | select(.name==\"${assetName}\") | .id")
+ | docker run --rm --interactive mikefarah/yq ".assets[] | select(.name==\"${assetName}\") | .id")
curl -L \
-H "Accept: application/octet-stream" \
diff --git a/bin/utils/ccd-import-definition.sh b/bin/utils/ccd-import-definition.sh
index 465f958a..5199cbfe 100755
--- a/bin/utils/ccd-import-definition.sh
+++ b/bin/utils/ccd-import-definition.sh
@@ -12,15 +12,46 @@ uploadFilename="$(date +"%Y%m%d-%H%M%S")-${filename}"
userToken=$(${dir}/idam-lease-user-token.sh ${CCD_CONFIGURER_IMPORTER_USERNAME:-ccd.docker.default@hmcts.net} ${CCD_CONFIGURER_IMPORTER_PASSWORD:-Password12!})
serviceToken=$(${dir}/idam-lease-service-token.sh ccd_gw $(docker run --rm toolbelt/oathtool --totp -b ${CCD_API_GATEWAY_S2S_SECRET:-AAAAAAAAAAAAAAAC}))
-uploadResponse=$(curl --insecure --silent -w "\n%{http_code}" --show-error -X POST \
+version="n/a"
+newVersion="n/a"
+
+if [[ "${ENVIRONMENT}" == "preview" ]]; then
+ version=$(curl --insecure --silent --show-error -X GET \
+ ${CCD_DEFINITION_STORE_API_BASE_URL:-http://localhost:4451}/api/data/case-type/CIVIL/version \
+ -H "Authorization: Bearer ${userToken}" \
+ -H "ServiceAuthorization: Bearer ${serviceToken}" || echo 'bypass-if-error')
+
+ echo "Current version is ${version}"
+fi
+
+uploadResponse=$(curl --insecure --silent -w "\n%{http_code}" --show-error --max-time 60 -X POST \
${CCD_DEFINITION_STORE_API_BASE_URL:-http://localhost:4451}/import \
-H "Authorization: Bearer ${userToken}" \
-H "ServiceAuthorization: Bearer ${serviceToken}" \
- -F "file=@${filepath};filename=${uploadFilename}")
+ -F "file=@${filepath};filename=${uploadFilename}" || echo 'bypass-if-error')
upload_http_code=$(echo "$uploadResponse" | tail -n1)
upload_response_content=$(echo "$uploadResponse" | sed '$d')
+if [ "${ENVIRONMENT}" == "preview" ] && [ "${upload_http_code}" != "201" ]; then
+ echo "Bypassing audit check as on preview - will wait 45s and then verify the version has changed"
+ sleep 45
+
+ newVersion=$(curl --insecure --silent --show-error -X GET \
+ ${CCD_DEFINITION_STORE_API_BASE_URL:-http://localhost:4451}/api/data/case-type/CIVIL/version \
+ -H "Authorization: Bearer ${userToken}" \
+ -H "ServiceAuthorization: Bearer ${serviceToken}" || echo 'bypass-if-error')
+
+ echo "Current version is ${newVersion}"
+ if [[ "$newVersion" == "$version" ]]; then
+ echo "Version has not changed - the definition was not imported successfully"
+ exit 1
+ fi
+
+ echo "CCD definition version has changed, definition successfully uploaded"
+ exit 0
+fi
+
if [[ "${upload_http_code}" == '504' ]]; then
for try in {1..10}
do
diff --git a/bin/utils/idam-lease-user-token.sh b/bin/utils/idam-lease-user-token.sh
index 3544b690..736af52f 100755
--- a/bin/utils/idam-lease-user-token.sh
+++ b/bin/utils/idam-lease-user-token.sh
@@ -11,9 +11,9 @@ IDAM_URL=${IDAM_STUB_LOCALHOST:-$IDAM_API_URL}
clientSecret=${CCD_API_GATEWAY_IDAM_CLIENT_SECRET:-ccd_gateway_secret}
redirectUri=${CCD_IDAM_REDIRECT_URL:-http://localhost:3451/oauth2redirect}
if [ -z "$IDAM_STUB_LOCALHOST" ]; then
- code=$(curl --insecure --fail --show-error --silent -X POST --user "${username}:${password}" "${IDAM_URL}/oauth2/authorize?redirect_uri=${redirectUri}&response_type=code&client_id=ccd_gateway" -d "" | docker run --rm --interactive stedolan/jq -r .code)
+ code=$(curl --insecure --fail --show-error --silent -X POST --user "${username}:${password}" "${IDAM_URL}/oauth2/authorize?redirect_uri=${redirectUri}&response_type=code&client_id=ccd_gateway" -d "" | docker run --rm --interactive mikefarah/yq -r .code)
else
code=stubbed-value
fi
-curl --insecure --fail --show-error --silent -X POST -H "Content-Type: application/x-www-form-urlencoded" --user "ccd_gateway:${clientSecret}" "${IDAM_URL}/oauth2/token?code=${code}&redirect_uri=${redirectUri}&grant_type=authorization_code" -d "" | docker run --rm --interactive stedolan/jq -r .access_token
+curl --insecure --fail --show-error --silent -X POST -H "Content-Type: application/x-www-form-urlencoded" --user "ccd_gateway:${clientSecret}" "${IDAM_URL}/oauth2/token?code=${code}&redirect_uri=${redirectUri}&grant_type=authorization_code" -d "" | docker run --rm --interactive mikefarah/yq -r .access_token
diff --git a/charts/civil-orchestrator-service/values.aat.template.yaml b/charts/civil-orchestrator-service/values.aat.template.yaml
index 774751e3..d329881e 100644
--- a/charts/civil-orchestrator-service/values.aat.template.yaml
+++ b/charts/civil-orchestrator-service/values.aat.template.yaml
@@ -230,6 +230,8 @@ ccd:
DEFINITION_STORE_DB_HOST: ${SERVICE_NAME}-postgresql
DEFINITION_STORE_IDAM_KEY: ${CCD_DEFINITION_STORE_S2S_SECRET}
IDAM_USER_URL: https://idam-web-public.aat.platform.hmcts.net
+ DEFINITION_STORE_TX_TIMEOUT_DEFAULT: 60
+ WELSH_TRANSLATION_ENABLED: false
keyVaults: []
postgresql:
diff --git a/charts/civil-orchestrator-service/values.preview.template.yaml b/charts/civil-orchestrator-service/values.preview.template.yaml
index f8e3b80e..cea2d920 100644
--- a/charts/civil-orchestrator-service/values.preview.template.yaml
+++ b/charts/civil-orchestrator-service/values.preview.template.yaml
@@ -205,6 +205,8 @@ ccd:
DEFINITION_STORE_DB_HOST: ${SERVICE_NAME}-postgresql
DEFINITION_STORE_IDAM_KEY: ${CCD_DEFINITION_STORE_S2S_SECRET}
IDAM_USER_URL: https://idam-web-public.aat.platform.hmcts.net
+ DEFINITION_STORE_TX_TIMEOUT_DEFAULT: 60
+ WELSH_TRANSLATION_ENABLED: false
keyVaults: []
ingressHost: ccd-definition-store-${SERVICE_FQDN}
diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
index ec290856..b3716ff4 100644
--- a/config/owasp/suppressions.xml
+++ b/config/owasp/suppressions.xml
@@ -20,6 +20,10 @@
CVE-2023-41080
CVE-2023-5072
CVE-2024-22243
+ CVE-2024-29857
+ CVE-2024-30172
+ CVE-2024-30171
+ CVE-2024-22262