diff --git a/Jenkinsfile b/Jenkinsfile index 9bb3e554..633335f2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,3 +1,3 @@ -@Library('defra-library@v-9') _ +@Library('defra-library@v-10') _ buildNodeJs() diff --git a/app/config/database.js b/app/config/database.js index e2a16271..78548812 100644 --- a/app/config/database.js +++ b/app/config/database.js @@ -1,4 +1,4 @@ -const { DefaultAzureCredential } = require('@azure/identity') +const { DefaultAzureCredential, getBearerTokenProvider } = require('@azure/identity') const isProd = () => { return process.env.NODE_ENV === 'production' @@ -7,9 +7,13 @@ const isProd = () => { const hooks = { beforeConnect: async (cfg) => { if (isProd()) { - const credential = new DefaultAzureCredential() - const accessToken = await credential.getToken('https://ossrdbms-aad.database.windows.net', { requestOptions: { timeout: 1000 } }) - cfg.password = accessToken.token + const dbAuthEndpoint = 'https://ossrdbms-aad.database.windows.net/.default' + const credential = new DefaultAzureCredential({ managedIdentityClientId: process.env.AZURE_CLIENT_ID }) + const tokenProvider = getBearerTokenProvider( + credential, + dbAuthEndpoint + ) + cfg.password = tokenProvider } } } diff --git a/app/config/message.js b/app/config/message.js index 66c2d346..938d4ce7 100644 --- a/app/config/message.js +++ b/app/config/message.js @@ -6,7 +6,8 @@ const schema = Joi.object({ username: Joi.string(), password: Joi.string(), useCredentialChain: Joi.bool().default(false), - appInsights: Joi.object() + appInsights: Joi.object(), + managedIdentityClientId: Joi.string().optional() }, processingSubscription: { address: Joi.string().required(), @@ -64,7 +65,8 @@ const config = { username: process.env.MESSAGE_QUEUE_USER, password: process.env.MESSAGE_QUEUE_PASSWORD, useCredentialChain: process.env.NODE_ENV === 'production', - appInsights: process.env.NODE_ENV === 'production' ? require('applicationinsights') : undefined + appInsights: process.env.NODE_ENV === 'production' ? require('applicationinsights') : undefined, + managedIdentityClientId: process.env.AZURE_CLIENT_ID }, processingSubscription: { address: process.env.PROCESSING_SUBSCRIPTION_ADDRESS, diff --git a/appconfig/common.yaml b/appconfig/common.yaml new file mode 100644 index 00000000..49449328 --- /dev/null +++ b/appconfig/common.yaml @@ -0,0 +1,12 @@ +container.processingTopicAddress: queue:ffc-pay-processing +container.acknowledgementTopicAddress: queue:ffc-pay-acknowledgement +container.returnTopicAddress: queue:ffc-pay-return +container.paymentSubmitTopicAddress: queue:ffc-pay-submit +container.debtTopicAddress: queue:ffc-pay-debt-data +container.qcTopicAddress: queue:ffc-pay-debt-data-response +container.manualCheckTopicAddress: queue:ffc-pay-manual-check-data +container.qcManualCheckTopicAddress: queue:ffc-pay-quality-check +container.xbTopicAddress: queue:ffc-pay-xb +container.xbResponseTopicAddress: queue:ffc-pay-xb-response +container.eventTopicAddress: queue:ffc-pay-event +container.eventsTopicAddress: queue:ffc-pay-events \ No newline at end of file diff --git a/appconfig/dev.yaml b/appconfig/dev.yaml new file mode 100644 index 00000000..e69de29b diff --git a/appconfig/post-deployment-test.yaml b/appconfig/post-deployment-test.yaml new file mode 100644 index 00000000..e69de29b diff --git a/appconfig/prd.yaml b/appconfig/prd.yaml new file mode 100644 index 00000000..e69de29b diff --git a/appconfig/pre.yaml b/appconfig/pre.yaml new file mode 100644 index 00000000..e69de29b diff --git a/appconfig/snd2.yaml b/appconfig/snd2.yaml new file mode 100644 index 00000000..e69de29b diff --git a/appconfig/test.yaml b/appconfig/test.yaml new file mode 100644 index 00000000..e69de29b diff --git a/helm/ffc-pay-processing/Chart.yaml b/helm/ffc-pay-processing/Chart.yaml index c40e6a80..9990cb12 100644 --- a/helm/ffc-pay-processing/Chart.yaml +++ b/helm/ffc-pay-processing/Chart.yaml @@ -5,5 +5,5 @@ name: ffc-pay-processing version: 1.0.0 dependencies: - name: ffc-helm-library - version: 4.0.0 + version: 4.7.2 repository: https://raw.githubusercontent.com/defra/ffc-helm-repository/master/ diff --git a/helm/ffc-pay-processing/templates/azure-identity-binding.yaml b/helm/ffc-pay-processing/templates/azure-identity-binding.yaml deleted file mode 100644 index 888a6eba..00000000 --- a/helm/ffc-pay-processing/templates/azure-identity-binding.yaml +++ /dev/null @@ -1,5 +0,0 @@ -{{- if .Values.aadPodIdentity }} -{{- include "ffc-helm-library.azure-identity-binding" (list . "ffc-pay-processing.azure-identity-binding") -}} -{{- end }} -{{- define "ffc-pay-processing.azure-identity-binding" -}} -{{- end -}} diff --git a/helm/ffc-pay-processing/templates/azure-identity.yaml b/helm/ffc-pay-processing/templates/azure-identity.yaml deleted file mode 100644 index 5416af47..00000000 --- a/helm/ffc-pay-processing/templates/azure-identity.yaml +++ /dev/null @@ -1,5 +0,0 @@ -{{- if .Values.aadPodIdentity }} -{{- include "ffc-helm-library.azure-identity" (list . "ffc-pay-processing.azure-identity") -}} -{{- end }} -{{- define "ffc-pay-processing.azure-identity" -}} -{{- end -}} diff --git a/helm/ffc-pay-processing/templates/service-account.yaml b/helm/ffc-pay-processing/templates/service-account.yaml new file mode 100644 index 00000000..989dc655 --- /dev/null +++ b/helm/ffc-pay-processing/templates/service-account.yaml @@ -0,0 +1,3 @@ +{{- include "ffc-helm-library.service-account" (list . "ffc-pay-processing.service-account") -}} +{{- define "ffc-pay-processing.service-account" -}} +{{- end -}} diff --git a/helm/ffc-pay-processing/values.yaml b/helm/ffc-pay-processing/values.yaml index 95ba439a..26ab6a80 100644 --- a/helm/ffc-pay-processing/values.yaml +++ b/helm/ffc-pay-processing/values.yaml @@ -83,7 +83,7 @@ livenessProbe: failureThreshold: 5 timeoutSeconds: 30 -aadPodIdentity: true +workloadIdentity: true azureIdentity: clientID: not-a-real-clientID diff --git a/jest.config.js b/jest.config.js index d56c470c..b32af029 100644 --- a/jest.config.js +++ b/jest.config.js @@ -13,7 +13,8 @@ module.exports = { '/node_modules/', '/test-output/', '/test/', - '/jest.config.js' + '/jest.config.js', + '/app/config' ], modulePathIgnorePatterns: [ 'node_modules' diff --git a/package-lock.json b/package-lock.json index 08737a61..a99c4ea3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "ffc-pay-processing", - "version": "2.55.40", + "version": "2.55.41", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "ffc-pay-processing", - "version": "2.55.40", + "version": "2.55.41", "license": "OGL-UK-3.0", "dependencies": { "@azure/identity": "4.3.0", diff --git a/package.json b/package.json index d107ac8d..101cb605 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ffc-pay-processing", - "version": "2.55.40", + "version": "2.55.41", "description": "Payment Hub processing service", "homepage": "https://github.com/DEFRA/ffc-pay-processing", "main": "app/index.js", @@ -26,7 +26,8 @@ "Steve Dickinson steve.dickinson@defra.gov.uk", "Kirsten Williamson kirsten.williamson@kainos.com", "Sam Plackett samuel.plackett@eviden.com", - "Leigh Godson leigh.godson@eviden.com" + "Leigh Godson leigh.godson@eviden.com", + "Oliver Lewington oliver.lewington@eviden.com" ], "license": "OGL-UK-3.0", "dependencies": { diff --git a/provision.azure.yaml b/provision.azure.yaml index c87bf747..01105f54 100644 --- a/provision.azure.yaml +++ b/provision.azure.yaml @@ -1,13 +1,39 @@ resources: + identity: pay-processing + postgreSql: + name: ffc-pay-processing topics: - - name: processing - - name: acknowledgement - - name: return - - name: debt - - name: qc - - name: paymentSubmit - - name: qcManualCheck - - name: manualCheck - - name: event - - name: xb - - name: xbResponse + - name: ffc-pay-processing + role: receiver + subscriptions: + - name: ffc-pay-processing + - name: ffc-pay-acknowledgement + role: receiver + subscriptions: + - name: ffc-pay-processing + - name: ffc-pay-return + role: receiver + subscriptions: + - name: ffc-pay-processing + - name: ffc-pay-debt-data-response + role: receiver + subscriptions: + - name: ffc-pay-processing + - name: ffc-pay-quality-check + role: receiver + subscriptions: + - name: ffc-pay-processing + - name: ffc-pay-xb-response + role: receiver + subscriptions: + - name: ffc-pay-processing + - name: ffc-pay-submit + role: sender + - name: ffc-pay-debt-data + role: sender + - name: ffc-pay-manual-check-data + role: sender + - name: ffc-pay-event + role: sender + - name: ffc-pay-events + role: sender \ No newline at end of file diff --git a/sonar-project.properties b/sonar-project.properties index 5d2e91bb..d5630f93 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,3 +1,3 @@ -sonar.javascript.exclusions=**/jest.config.js,**/__mocks__/**,**/node_modules/**,**/test/**,**/test-output/** +sonar.javascript.exclusions=**/jest.config.js,**/__mocks__/**,**/node_modules/**,**/test/**,**/test-output/**,**/app/config/** sonar.javascript.lcov.reportPaths=test-output/lcov.info sonar.exclusions=/test/**,**/*.test.js,*snyk_report.html,*snyk_report.css