BR-53 Add config for deployment to MOJ environments

.github/workflows/pipeline.yml

@@ -77,8 +77,6 @@ jobs:
     name: Build docker image from hmpps-github-actions
     if: github.ref == 'refs/heads/main'
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/docker_build.yml@v2 # WORKFLOW_VERSION
-    needs:
-      - kotlin_validate
     with:
       docker_registry: 'ghcr.io'
       registry_org: 'ministryofjustice'
@@ -90,6 +88,7 @@ jobs:
     needs:
       - build
       - helm_lint
+      - kotlin_validate
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
     secrets: inherit
     with:

applicationinsights.dev.json

@@ -25,7 +25,7 @@
             "matchType": "regexp"
           }
         ],
-        "percentage": 100
+        "percentage": 0
       }
     ]
   }

applicationinsights.json

@@ -25,7 +25,7 @@
             "matchType": "regexp"
           }
         ],
-        "percentage": 10
+        "percentage": 0
       }
     ]
   }

helm_deploy/hmpps-breach-notice-api/Chart.yaml

@@ -5,7 +5,11 @@ name: hmpps-breach-notice-api
 version: 0.2.0
 dependencies:
   - name: generic-service
-    version: "3.8"
+    version: "3.9"
+    repository: https://ministryofjustice.github.io/hmpps-helm-charts
+  - name: generic-service
+    alias: gotenberg
+    version: "3.9"
     repository: https://ministryofjustice.github.io/hmpps-helm-charts
   - name: generic-prometheus-alerts
     version: "1.11"

helm_deploy/hmpps-breach-notice-api/values.yaml

@@ -5,7 +5,7 @@ generic-service:
   replicaCount: 4
 
   image:
-    repository: quay.io/hmpps/hmpps-breach-notice-api
+    repository: ghcr.io/ministryofjustice/hmpps-breach-notice-api
     tag: app_version # override at deployment time
     port: 8080
 
@@ -18,8 +18,9 @@ generic-service:
   env:
     JAVA_OPTS: "-Xmx512m"
     SERVER_PORT: "8080"
-    APPLICATIONINSIGHTS_CONNECTION_STRING: "InstrumentationKey=$(APPINSIGHTS_INSTRUMENTATIONKEY)"
+    APPLICATIONINSIGHTS_CONNECTION_STRING: "InstrumentationKey=$(APPINSIGHTS_INSTRUMENTATIONKEY);IngestionEndpoint=https://northeurope-0.in.applicationinsights.azure.com/;LiveEndpoint=https://northeurope.livediagnostics.monitor.azure.com/"
     APPLICATIONINSIGHTS_CONFIGURATION_FILE: applicationinsights.json
+    GOTENBERG_URL: http://hmpps-breach-notice-api-gotenberg
 
   # Pre-existing kubernetes secrets to load as environment variables in the deployment.
   # namespace_secrets:
@@ -29,13 +30,54 @@ generic-service:
   namespace_secrets:
     hmpps-breach-notice-api:
       APPINSIGHTS_INSTRUMENTATIONKEY: "APPINSIGHTS_INSTRUMENTATIONKEY"
-      # Example client registration secrets
-      EXAMPLE_API_CLIENT_ID: "TEMPLATE_KOTLIN_API_CLIENT_ID"
-      EXAMPLE_API_CLIENT_SECRET: "TEMPLATE_KOTLIN_API_CLIENT_SECRET"
+    rds-instance-output:
+      DATABASE_ENDPOINT: rds_instance_endpoint
+      DATABASE_USERNAME: database_username
+      DATABASE_PASSWORD: database_password
+      DATABASE_NAME: database_name
 
-  allowlist:
-    groups:
-      - internal
+gotenberg:
+  nameOverride: gotenberg
+  replicaCount: 2
+
+  image:
+    repository: gotenberg/gotenberg
+    tag: 8
+    port: 3000
+
+  ingress:
+    enabled: false
+
+  livenessProbe:
+    httpGet:
+      path: /health
+    periodSeconds: 30
+    initialDelaySeconds: 60
+    timeoutSeconds: 20
+    failureThreshold: 10
+
+  readinessProbe:
+    httpGet:
+      path: /health
+    periodSeconds: 20
+    initialDelaySeconds: 60
+    timeoutSeconds: 30
+    failureThreshold: 15
+
+  podSecurityContext:
+    fsGroup: 1001
+
+  securityContext:
+    runAsUser: 1001
+    runAsNonRoot: true
+    readOnlyRootFilesystem: false
+    allowPrivilegeEscalation: false
+    privileged: false
+
+  env:
+    GOOGLE_CHROME_IGNORE_CERTIFICATE_ERRORS: 1
+    DISABLE_UNOCONV: 1
+    DEFAULT_WAIT_TIMEOUT: 30
 
 generic-prometheus-alerts:
   targetApplication: hmpps-breach-notice-api

helm_deploy/values-dev.yaml

@@ -10,6 +10,15 @@ generic-service:
   env:
     APPLICATIONINSIGHTS_CONFIGURATION_FILE: "applicationinsights.dev.json"
     HMPPS_AUTH_URL: "https://sign-in-dev.hmpps.service.justice.gov.uk/auth"
+    FRONTEND_URL: "https://breach-notice-dev.hmpps.service.justice.gov.uk"
+
+  allowlist:
+    groups:
+      - internal
+      - unilink_staff
+    delius-test-1: 35.176.126.163/32
+    delius-test-2: 35.178.162.73/32
+    delius-test-3: 52.56.195.113/32
 
 # CloudPlatform AlertManager receiver to route prometheus alerts to slack
 # See https://user-guide.cloud-platform.service.justice.gov.uk/documentation/monitoring-an-app/how-to-create-alarms.html#creating-your-own-custom-alerts

helm_deploy/values-preprod.yaml

@@ -10,6 +10,13 @@ generic-service:
   env:
     APPLICATIONINSIGHTS_CONFIGURATION_FILE: "applicationinsights.dev.json"
     HMPPS_AUTH_URL: "https://sign-in-preprod.hmpps.service.justice.gov.uk/auth"
+    FRONTEND_URL: "https://breach-notice-preprod.hmpps.service.justice.gov.uk"
+
+  allowlist:
+    groups:
+      - internal
+      - unilink_staff
+      - delius-preprod
 
 # CloudPlatform AlertManager receiver to route prometheus alerts to slack
 # See https://user-guide.cloud-platform.service.justice.gov.uk/documentation/monitoring-an-app/how-to-create-alarms.html#creating-your-own-custom-alerts

helm_deploy/values-prod.yaml

@@ -7,6 +7,13 @@ generic-service:
 
   env:
     HMPPS_AUTH_URL: "https://sign-in.hmpps.service.justice.gov.uk/auth"
+    FRONTEND_URL: "https://breach-notice.hmpps.service.justice.gov.uk"
+
+  allowlist:
+    groups:
+      - internal
+      - unilink_staff
+      - delius-prod
 
 # CloudPlatform AlertManager receiver to route prometheus alerts to slack
 # See https://user-guide.cloud-platform.service.justice.gov.uk/documentation/monitoring-an-app/how-to-create-alarms.html#creating-your-own-custom-alerts

src/main/kotlin/uk/gov/justice/digital/hmpps/breachnoticeapi/config/HmppsBreachNoticeApiExceptionHandler.kt

@@ -8,9 +8,12 @@ import org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR
 import org.springframework.http.HttpStatus.NOT_FOUND
 import org.springframework.http.ResponseEntity
 import org.springframework.security.access.AccessDeniedException
+import org.springframework.web.bind.MethodArgumentNotValidException
 import org.springframework.web.bind.annotation.ExceptionHandler
 import org.springframework.web.bind.annotation.RestControllerAdvice
+import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException
 import org.springframework.web.servlet.resource.NoResourceFoundException
+import uk.gov.justice.digital.hmpps.breachnoticeapi.exception.NotFoundException
 import uk.gov.justice.hmpps.kotlin.common.ErrorResponse
 
 @RestControllerAdvice
@@ -26,6 +29,39 @@ class HmppsBreachNoticeApiExceptionHandler {
       ),
     ).also { log.info("Validation exception: {}", e.message) }
 
+  @ExceptionHandler(IllegalArgumentException::class)
+  fun handleIllegalArgumentException(e: IllegalArgumentException): ResponseEntity<ErrorResponse> = ResponseEntity
+    .status(BAD_REQUEST)
+    .body(
+      ErrorResponse(
+        status = BAD_REQUEST,
+        userMessage = "Validation failure: ${e.message}",
+        developerMessage = e.message,
+      ),
+    ).also { log.info("Illegal argument exception: {}", e.message) }
+
+  @ExceptionHandler(MethodArgumentTypeMismatchException::class)
+  fun handleMethodArgumentTypeMismatchException(e: MethodArgumentTypeMismatchException): ResponseEntity<ErrorResponse> = ResponseEntity
+    .status(BAD_REQUEST)
+    .body(
+      ErrorResponse(
+        status = BAD_REQUEST,
+        userMessage = "Validation failure: ${e.message}",
+        developerMessage = e.message,
+      ),
+    ).also { log.info("Method type exception: {}", e.message) }
+
+  @ExceptionHandler(MethodArgumentNotValidException::class)
+  fun handleMethodArgumentNotValidException(e: MethodArgumentNotValidException): ResponseEntity<ErrorResponse> = ResponseEntity
+    .status(BAD_REQUEST)
+    .body(
+      ErrorResponse(
+        status = BAD_REQUEST,
+        userMessage = e.bindingResult.fieldErrors.joinToString { "Field: ${it.field} - ${it.defaultMessage}" },
+        developerMessage = e.message,
+      ),
+    ).also { log.info("Method validation exception: {}", e.message) }
+
   @ExceptionHandler(NoResourceFoundException::class)
   fun handleNoResourceFoundException(e: NoResourceFoundException): ResponseEntity<ErrorResponse> = ResponseEntity
     .status(NOT_FOUND)
@@ -37,6 +73,17 @@ class HmppsBreachNoticeApiExceptionHandler {
       ),
     ).also { log.info("No resource found exception: {}", e.message) }
 
+  @ExceptionHandler(NotFoundException::class)
+  fun handleNotFound(e: NotFoundException): ResponseEntity<ErrorResponse> = ResponseEntity
+    .status(NOT_FOUND)
+    .body(
+      ErrorResponse(
+        status = NOT_FOUND,
+        userMessage = "No resource found failure: ${e.message}",
+        developerMessage = e.message,
+      ),
+    ).also { log.info("Not found exception: {}", e.message) }
+
   @ExceptionHandler(AccessDeniedException::class)
   fun handleAccessDeniedException(e: AccessDeniedException): ResponseEntity<ErrorResponse> = ResponseEntity
     .status(FORBIDDEN)

src/main/kotlin/uk/gov/justice/digital/hmpps/breachnoticeapi/controller/BreachNoticeController.kt

@@ -12,6 +12,7 @@ import org.springframework.http.HttpStatus
 import org.springframework.http.MediaType
 import org.springframework.http.ResponseEntity
 import org.springframework.security.access.prepost.PreAuthorize
+import org.springframework.validation.annotation.Validated
 import org.springframework.web.bind.annotation.DeleteMapping
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.PathVariable
@@ -28,6 +29,7 @@ import uk.gov.justice.digital.hmpps.breachnoticeapi.service.BreachNoticeService
 import uk.gov.justice.hmpps.kotlin.common.ErrorResponse
 import java.util.*
 
+@Validated
 @RestController
 @PreAuthorize("hasRole('ROLE_BREACH_NOTICE')")
 @RequestMapping(value = ["/breach-notice"], produces = ["application/json"])

src/main/kotlin/uk/gov/justice/digital/hmpps/breachnoticeapi/model/BreachNotice.kt

@@ -2,10 +2,12 @@ package uk.gov.justice.digital.hmpps.breachnoticeapi.model
 
 import com.fasterxml.jackson.annotation.JsonSetter
 import com.fasterxml.jackson.annotation.Nulls
+import jakarta.validation.constraints.Pattern
 import java.time.LocalDate
 import java.time.LocalDateTime
 
 data class BreachNotice(
+  @field:Pattern(regexp = "^[A-Z][0-9]{6}")
   val crn: String,
   val titleAndFullName: String? = null,
   val dateOfLetter: LocalDate? = null,

src/main/resources/banner.txt

@@ -1,13 +1,3 @@
-_  _ _  _ ___  ___  ____  
-|__| |\/| |__] |__] [__   
-|  | |  | |    |    ___]  
-
-___ ____ _  _ ___  _    ____ ___ ____ 
- |  |___ |\/| |__] |    |__|  |  |___ 
- |  |___ |  | |    |___ |  |  |  |___ 
-
-_  _ ____ ___ _    _ _  _ 
-|_/  |  |  |  |    | |\ | 
-| \_ |__|  |  |___ | | \| 
-
-TODO: Please change me by generating your own ASCII art and placing in banner.txt
+   -----------------------
+   HMPPS Breach Notice API
+   -----------------------