hmcts · DanCatchpole · Dec 9, 2024 · Nov 12, 2024 · Nov 12, 2024 · Nov 12, 2024
@@ -3,6 +3,7 @@
 @Library("Infrastructure")
 import uk.gov.hmcts.contino.AppPipelineConfig
 import uk.gov.hmcts.contino.AppPipelineDsl
+import uk.gov.hmcts.contino.GithubAPI
 
 def type = "java"
 def yarnBuilder = new uk.gov.hmcts.contino.YarnBuilder(this)
@@ -48,7 +49,8 @@ def otherSecrets = [
   ],
   'fpl-${env}': [
     secret('definition-importer-username', 'CCD_CONFIGURER_IMPORTER_USERNAME'),
-    secret('definition-importer-password', 'CCD_CONFIGURER_IMPORTER_PASSWORD')
+    secret('definition-importer-password', 'CCD_CONFIGURER_IMPORTER_PASSWORD'),
+    secret('fpl-case-service-s2s-secret', 'FPL_S2S_SECRET')
   ]
 ]
 
@@ -149,6 +151,27 @@ def setupShutteringSecret() {
   }
 }
 
+def deployWADmns() {
+  def githubApi = new GithubAPI(this)
+
+  def waStandaloneBranch = "master"
+  // For testing DMNs, change this to the branch on the DMN repo, but ensure it is changed back to master before merging
+  def dmnBranch = "master"
+
+  echo "Checking if we should use WA"
+  if (githubApi.checkForLabel(env.BRANCH_NAME, 'enable_wa')) {
+    env.SERVICES_WORK_ALLOCATION_TASK_API = "http://fpl-case-api-pr-${CHANGE_ID}-wa-task-management-api"
+    env.SERVICES_WA_WORKFLOW_API_URL = "http://fpl-case-api-pr-${CHANGE_ID}-wa-workflow-api"
+    env.WA_SUPPORTED_JURISDICTIONS = "PUBLICLAW"
+    echo "WA enabled, loading DMNs"
+    sh """
+        eval \$(./bin/variables/load-preview-environment-variables.sh ${CHANGE_ID})
+        ./bin/pull-latest-dmn-files.sh ${dmnBranch}
+        ./bin/pull-camunda-bpmn-files.sh ${waStandaloneBranch}
+        ./bin/import-dmn-diagram.sh . publiclaw fpl
+        """
+  }
+}
 
 // Vars for Kubernetes
 env.PACT_BROKER_FULL_URL = 'https://pact-broker.platform.hmcts.net'
@@ -237,11 +260,14 @@ withPipeline(type, product, component) {
     sh """
       eval \$(./bin/variables/load-preview-environment-variables.sh ${CHANGE_ID})
       ./bin/add-ccd-user-roles.sh
+      ./bin/add-role-assignments.sh
     """
 
     archiveCoreCaseDataDefinitions('preview')
     uploadCoreCaseDataDefinitions('preview', '0')
 
+    deployWADmns()
+
     env.IDAM_API_URL = "https://idam-api.aat.platform.hmcts.net"
     env.CASE_SERVICE_URL = "https://fpl-case-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
     env.URL = "https://xui-fpl-case-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"

@@ -24,3 +24,5 @@ ${dir}/utils/ccd-add-role.sh "citizen"
 ${dir}/utils/ccd-add-role.sh "caseworker-ras-validation"
 ${dir}/utils/ccd-add-role.sh "caseworker-wa-task-configuration"
 ${dir}/utils/ccd-add-role.sh "GS_profile"
+${dir}/utils/ccd-add-role.sh "ctsc"
+${dir}/utils/ccd-add-role.sh "hearing-centre-admin"
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -eu
+
+dir=$(dirname ${0})
+
+jq -c '(.[])' service/src/cftlib/resources/cftlib-am-role-assignments.json | while read user; do
+  email=$(jq -r '.email' <<< $user)
+  idamId=$(jq -r '.id' <<< $user)
+  password=${SYSTEM_UPDATE_USER_PASSWORD}
+
+  if [[ $email == *"ejudiciary"* ]]; then
+    password=${E2E_TEST_JUDGE_PASSWORD}
+  fi
+
+  jq -c '(.roleAssignments[])' <<< $user | while read assignment; do
+    roleName=$(jq -r '.roleName' <<< $assignment)
+    roleCategory=$(jq -r '.roleCategory' <<< $assignment)
+    classification=$(jq -r '.classification' <<< $assignment)
+    grantType=$(jq -r '.grantType' <<< $assignment)
+    readOnly=$(jq -r '.readOnly' <<< $assignment)
+    attributes=$(jq -r '.attributes | tostring' <<< $assignment)
+
+    authorisations=$(jq -r '.authorisations | tostring' <<< $assignment)
+
+    echo "Creating '${roleName}' assignment for user ${email}"
+    ${dir}/utils/organisational-role-assignment.sh $email $password $classification $roleName $attributes $roleCategory $authorisations $grantType
+  done
+  echo
+done
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+set -eu
+workspace=${1}
+tenant_id=${2}
+product=${3}
+
+s2sSecret=${FPL_S2S_SECRET:-AABBCCDDEEFFGGHH}
+
+serviceToken=$($(realpath $workspace)/bin/utils/idam-lease-service-token.sh fpl_case_service \
+  $(docker run --rm hmctspublic.azurecr.io/imported/toolbelt/oathtool --totp -b ${s2sSecret}))
+
+camundaFilepath="$(realpath $workspace)/camunda"
+if [ ! -d ${camundaFilepath} ]; then
+  echo "Directory with camunda definition files is missing: ${camundaFilepath}";
+fi
+
+# Load BPMN files
+for file in $(find ${camundaFilepath} -name '*.bpmn')
+do
+  echo "file=@${camundaFilepath}/$(basename ${file})";
+  uploadResponse=$(curl --insecure -v --silent -w "\n%{http_code}" --show-error -X POST \
+    ${CAMUNDA_BASE_URL:-http://localhost:9404}/engine-rest/deployment/create \
+    -H "Accept: application/json" \
+    -H "ServiceAuthorization: Bearer ${serviceToken}" \
+    -F "deployment-name=$(basename ${file})" \
+    -F "deploy-changed-only=true" \
+    -F "file=@${camundaFilepath}/$(basename ${file})")
+
+  upload_http_code=$(echo "$uploadResponse" | tail -n1)
+  upload_response_content=$(echo "$uploadResponse" | sed '$d')
+
+  if [[ "${upload_http_code}" == '200' ]]; then
+    echo "$(basename ${file}) diagram uploaded successfully (${upload_response_content})";
+    continue;
+  fi
+
+  echo "$(basename ${file}) upload failed with http code ${upload_http_code} and response (${upload_response_content})"
+  continue;
+done
+
+# Load DMN files
+for file in $(find ${camundaFilepath} -name '*.dmn')
+do
+  echo "file=@${camundaFilepath}/$(basename ${file})";
+  uploadResponse=$(curl --insecure -v --silent -w "\n%{http_code}" --show-error -X POST \
+    ${CAMUNDA_BASE_URL:-http://localhost:9404}/engine-rest/deployment/create \
+    -H "Accept: application/json" \
+    -H "ServiceAuthorization: Bearer ${serviceToken}" \
+    -F "deployment-name=$(basename ${file})" \
+    -F "deploy-changed-only=true" \
+    -F "deployment-source=$product" \
+    ${tenant_id:+'-F' "tenant-id=$tenant_id"} \
+    -F "file=@${camundaFilepath}/$(basename ${file})")
+
+  upload_http_code=$(echo "$uploadResponse" | tail -n1)
+  upload_response_content=$(echo "$uploadResponse" | sed '$d')
+
+  if [[ "${upload_http_code}" == '200' ]]; then
+    echo "$(basename ${file}) diagram uploaded successfully (${upload_response_content})";
+    continue;
+  fi
+
+  echo "$(basename ${file}) upload failed with http code ${upload_http_code} and response (${upload_response_content})";
+  continue;
+done
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+branchName=$1
+
+#Checkout specific branch of wa-standalone-task-bpmn
+git clone https://github.com/hmcts/wa-standalone-task-bpmn.git
+
+if [ ! -d "./wa-standalone-task-bpmn" ]; then
+  exit 1
+fi
+
+echo "Switch to ${branchName} branch on wa-standalone-task-bpmn"
+cd wa-standalone-task-bpmn
+git checkout ${branchName}
+cd ..
+
+#Copy bpmn files to camunda folder
+if [ ! -d "./camunda" ]; then
+  mkdir camunda
+fi
+
+cp -r ./wa-standalone-task-bpmn/src/main/resources/*.bpmn ./camunda
+rm -rf ./wa-standalone-task-bpmn
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+branchName=$1
+
+#Checkout specific branch of fpl-wa-task-configuration
+git clone https://github.com/hmcts/fpl-wa-task-configuration.git
+
+if [ ! -d "./fpl-wa-task-configuration" ]; then
+  exit 1
+fi
+
+echo "Switch to ${branchName} branch on fpl-wa-task-configuration"
+cd fpl-wa-task-configuration
+git checkout ${branchName}
+cd ..
+
+#Copy dmn files to camunda folder
+if [ ! -d "./camunda" ]; then
+  mkdir camunda
+fi
+
+cp -r ./fpl-wa-task-configuration/src/main/resources/*.dmn ./camunda
+rm -rf ./fpl-wa-task-configuration
@@ -0,0 +1,11 @@
+#!/bin/bash
+## Usage: ./idam-user-id.sh [usertoken]
+##
+## Options:
+##    - usertoken: Token to get the user id for. Can be generated with ./idam-user-token.sh.
+##
+## Returns a valid IDAM user id for the given token.
+
+USER_TOKEN=${1}
+
+curl --silent --show-error -X GET "${IDAM_API_BASE_URL}/details" -H "accept: application/json" -H "authorization: Bearer ${USER_TOKEN}" | jq -r .id
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+## Usage: ./organisational-role-assignment.sh [username] [password] [role_classification] [role_name] [role_attributes] [microservice_name]
+##
+## Options:
+##    - username: Email for user. Default to `test@fake.hmcts.net`.
+##    - password: Password for user. Default to `Test`.
+##    - role_classification: Role assignment classification. Default to `PUBLIC`.
+##    - role_name: Name of the role for role-assignment. Default to `ctsc`.
+##
+
+USERNAME=${1:-test@fake.hmcts.net}
+PASSWORD=${2:-Test}
+ROLE_CLASSIFICATION="${3:-PUBLIC}"
+ROLE_NAME="${4:-"ctsc"}"
+ROLE_ATTRIBUTES="${5:-'{"jurisdiction":"PUBLICLAW"}'}"
+ROLE_CATEGORY="${6:-"ADMIN"}"
+AUTHORISATIONS="${7:-null}"
+GRANT_TYPE="${8:-"STANDARD"}"
+
+BASEDIR=$(dirname "$0")
+
+USER_TOKEN=$($BASEDIR/idam-lease-user-token.sh $USERNAME $PASSWORD)
+USER_ID=$($BASEDIR/idam-user-id.sh $USER_TOKEN)
+SERVICE_TOKEN=$($BASEDIR/idam-lease-service-token.sh fpl_case_service \
+  $(docker run --rm hmctspublic.azurecr.io/imported/toolbelt/oathtool --totp -b ${FPL_S2S_SECRET:-AAAAAAAAAAAAAAAC}))
+
+echo -e "\nCreating role assignment: \n User: ${USER_ID}\n Role name: ${ROLE_NAME}\n ROLE_CLASSIFICATION: ${ROLE_CLASSIFICATION}\n"
+
+curl --silent --show-error -X POST "${ROLE_ASSIGNMENT_URL}/am/role-assignments" \
+  -H "accept: application/vnd.uk.gov.hmcts.role-assignment-service.create-assignments+json;charset=UTF-8;version=1.0" \
+  -H "Authorization: Bearer ${USER_TOKEN}" \
+  -H "ServiceAuthorization: Bearer ${SERVICE_TOKEN}" \
+  -H "Content-Type: application/json" \
+  -d '{ "roleRequest": {
+          "assignerId": "'"${USER_ID}"'",
+          "process": "staff-organisational-role-mapping",
+          "reference": "'"${USER_ID}/${ROLE_NAME}"'",
+          "replaceExisting": true,
+          "byPassOrgDroolRule": true
+        },
+        "requestedRoles": [
+          {
+            "actorIdType": "IDAM",
+            "actorId": "'"${USER_ID}"'",
+            "roleType": "ORGANISATION",
+            "roleName": "'"${ROLE_NAME}"'",
+            "classification": "'"${ROLE_CLASSIFICATION}"'",
+            "grantType": "'"${GRANT_TYPE}"'",
+            "roleCategory": "'"${ROLE_CATEGORY}"'",
+            "readOnly": false,
+            "attributes": '${ROLE_ATTRIBUTES}',
+            "authorisations": '${AUTHORISATIONS}'
+          }
+        ]
+      }'
@@ -11,6 +11,8 @@ echo "export SERVICE_AUTH_PROVIDER_API_BASE_URL=http://rpe-service-auth-provider
 echo "export IDAM_API_BASE_URL=https://idam-api.aat.platform.hmcts.net"
 echo "export CCD_IDAM_REDIRECT_URL=https://ccd-case-management-web-aat.service.core-compute-aat.internal/oauth2redirect"
 echo "export CCD_DEFINITION_STORE_API_BASE_URL=https://ccd-definition-store-fpl-case-service-pr-${pr}.preview.platform.hmcts.net"
+echo "export ROLE_ASSIGNMENT_URL=https://am-role-assignment-service-fpl-case-service-pr-${pr}.preview.platform.hmcts.net"
+echo "export CAMUNDA_BASE_URL=https://camunda-fpl-case-service-pr-${pr}.preview.platform.hmcts.net"
 
 # definition placeholders
 echo "export CCD_DEF_CASE_SERVICE_BASE_URL=http://fpl-case-service-pr-${pr}-java"
diff --git a/charts/fpl-case-service/Chart.yaml b/charts/fpl-case-service/Chart.yaml
@@ -1,7 +1,7 @@
 name: fpl-case-service
 apiVersion: v2
 home: https://github.com/hmcts/fpl-ccd-configuration
-version: 1.12.80
+version: 1.12.81
 description: FPL Case Service
 maintainers:
   - name: HMCTS Family Public Law team
@@ -39,3 +39,15 @@ dependencies:
     version: 1.0.2
     repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
     condition: postgresql.enabled
+  - name: servicebus
+    version: 1.0.7
+    repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
+    condition: servicebus.enabled
+  - name: wa
+    version: ~1.0.5
+    repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
+    condition: wa.enabled
+  - name: ccd-message-publisher
+    version: ~0.1.11
+    repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
+    condition: ccd-message-publisher.enabled