CDPS-1054: Added template API for iteration 1 (#3)

* Updated environment name for dev from "dev" to "development" to match infrastructure.

* Removed rename-project workflow

* Set security scans to send alerts to the connect DPS dev channel.

* CDPS-1054: Added Prison API url and client credentials to helm values.

* CDPS-1054: Setup docker compose for running locally.

* CDPS-1054: Added prison API details to application properties.

* CDPS-1054: Updated the template references in banner and log config.

* CDP-1054: Template Iteration 1 API added to Core Person Record and Protected Characteristics domains.

* CDPS-1054: Template tests added for iteration 1 API.

* CDPS-1054: Corrected typo in app name.

* CDPS-1054: Set SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI to the local hmpps auth container url

* CDPS-1054: Lint issues fixed.

* CDPS-1054: Switch helm lint environment name from development to dev.

* CDPS-1054: Updated resource and service tests for core person record.

* CDPS-1054: Added basic tests for prototype functionality and applied auto-formating.

* CDPS-1054: Updated roles to be read or read/write and allowed access to reference data to either role.

* CDPS-1054: Updated app name on open api spec.

* CDPS-1054: Updated the docker-compose file to use container names instead of localhost.

* CDPS-1054: Remove wildcard import.

* CDPS-1054: Added service specific timeouts to web clients.

* CDPS-1054: Switched PUT and PATCH endpoints to return No Content on success.

* CDPS-1054: Fixed description for field value property.

* CDPS-1054: Updated image update test to expect a no content response.

* CDPS-1054: Corrected prison api port number in docker compose.

Author: mtac50

.github/workflows/pipeline.yml

@@ -78,18 +78,18 @@ jobs:
       docker_multiplatform: ${{ inputs.docker_multiplatform || true }}
   deploy_dev:
     name: Deploy to dev environment
-    needs: 
+    needs:
       - build
       - helm_lint
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v1 # WORKFLOW_VERSION
     secrets: inherit
     with:
-      environment: 'dev'
+      environment: 'development'
       app_version: '${{ needs.build.outputs.app_version }}'
 
   # deploy_preprod:
   #   name: Deploy to pre-production environment
-  #   needs: 
+  #   needs:
   #     - build
   #     - deploy_dev
   #   uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v1 # WORKFLOW_VERSION
@@ -99,7 +99,7 @@ jobs:
   #     app_version: '${{ needs.build.outputs.app_version }}'
   # deploy_prod:
   #   name: Deploy to production environment
-  #   needs: 
+  #   needs:
   #     - build
   #     - deploy_preprod
   #   uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v1 # WORKFLOW_VERSION

.github/workflows/rename_template_project_pr.yml

@@ -8,5 +8,5 @@ jobs:
     name: Kotlin security OWASP dependency check
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_owasp.yml@v0.7 # WORKFLOW_VERSION
     with:
-      channel_id: C05J915DX0Q
+      channel_id: C04JFG3QJE6
     secrets: inherit

.github/workflows/security_owasp.yml

@@ -8,5 +8,5 @@ jobs:
     name: Project security trivy dependency check
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v0.7 # WORKFLOW_VERSION
     with:
-      channel_id: C05J915DX0Q
+      channel_id: C04JFG3QJE6
     secrets: inherit

.github/workflows/security_trivy.yml

@@ -8,5 +8,5 @@ jobs:
     name: Project security veracode pipeline scan
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_pipeline_scan.yml@v0.7 # WORKFLOW_VERSION
     with:
-      channel_id: C05J915DX0Q
+      channel_id: C04JFG3QJE6
     secrets: inherit

.github/workflows/security_veracode_pipeline_scan.yml

@@ -8,5 +8,5 @@ jobs:
     name: Project security veracode policy scan
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_policy_scan.yml@v0.7 # WORKFLOW_VERSION
     with:
-      channel_id: C05J915DX0Q
+      channel_id: C04JFG3QJE6
     secrets: inherit

.github/workflows/security_veracode_policy_scan.yml

@@ -1,8 +1,10 @@
-version: "3"
 services:
   hmpps-person-integration-api:
     build:
       context: .
+    depends_on:
+      - hmpps-auth
+      - prison-api
     networks:
       - hmpps
     container_name: hmpps-person-integration-api
@@ -13,8 +15,7 @@ services:
     environment:
       - SERVER_PORT=8080
       - HMPPS_AUTH_URL=http://hmpps-auth:8080/auth
-      # TODO: Remove this URL and replace with outgoing service URLs
-      - EXAMPLE_URL=http://hmpps-person-integration-api:8080
+      - PRISON_API_BASE_URL=http://prison-api:8080
       - SPRING_PROFILES_ACTIVE=dev
 
   hmpps-auth:
@@ -31,5 +32,19 @@ services:
       - SPRING_PROFILES_ACTIVE=dev
       - APPLICATION_AUTHENTICATION_UI_ALLOWLIST=0.0.0.0/0
 
+  prison-api:
+    image: quay.io/hmpps/prison-api:latest
+    container_name: prison-api
+    networks:
+      - hmpps
+    ports:
+      - '8082:8080'
+    healthcheck:
+      test: [ 'CMD', 'curl', '-f', 'http://localhost:8080/health' ]
+    environment:
+      - SERVER_PORT=8080
+      - SPRING_PROFILES_ACTIVE=nomis-hsqldb
+      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://hmpps-auth:8080/auth/.well-known/jwks.json
+
 networks:
   hmpps:

docker-compose.yml

@@ -21,22 +21,18 @@ generic-service:
     APPLICATIONINSIGHTS_CONNECTION_STRING: "InstrumentationKey=$(APPINSIGHTS_INSTRUMENTATIONKEY)"
     APPLICATIONINSIGHTS_CONFIGURATION_FILE: applicationinsights.json
 
-  # Pre-existing kubernetes secrets to load as environment variables in the deployment.
-  # namespace_secrets:
-  #   [name of kubernetes secret]:
-  #     [name of environment variable as seen by app]: [key of kubernetes secret to load]
-
   namespace_secrets:
     hmpps-person-integration-api:
-      # Example client registration secrets
-      EXAMPLE_API_CLIENT_ID: "TEMPLATE_KOTLIN_API_CLIENT_ID"
-      EXAMPLE_API_CLIENT_SECRET: "TEMPLATE_KOTLIN_API_CLIENT_SECRET"
+      SYSTEM_CLIENT_ID: "SYSTEM_CLIENT_ID"
+      SYSTEM_CLIENT_SECRET: "SYSTEM_CLIENT_SECRET"
     application-insights:
       APPINSIGHTS_INSTRUMENTATIONKEY: "APPINSIGHTS_INSTRUMENTATIONKEY"
 
   allowlist:
     groups:
       - internal
 
+  modsecurity_enabled: true
+
 generic-prometheus-alerts:
   targetApplication: hmpps-person-integration-api

helm_deploy/hmpps-person-integration-api/values.yaml

@@ -10,9 +10,7 @@ generic-service:
   env:
     APPLICATIONINSIGHTS_CONFIGURATION_FILE: "applicationinsights.dev.json"
     HMPPS_AUTH_URL: "https://sign-in-dev.hmpps.service.justice.gov.uk/auth"
-    # Template kotlin calls out to itself to provide an example of a service call
-    # TODO: This should be replaced by a call to a different service, or removed
-    EXAMPLE_API_URL: "https://person-integration-api-dev.hmpps.service.justice.gov.uk"
+    PRISON_API_BASE_URL: "https://prison-api-dev.prison.service.justice.gov.uk"
 
 # CloudPlatform AlertManager receiver to route prometheus alerts to slack
 # See https://user-guide.cloud-platform.service.justice.gov.uk/documentation/monitoring-an-app/how-to-create-alarms.html#creating-your-own-custom-alerts

helm_deploy/values-dev.yaml

@@ -10,9 +10,7 @@ generic-service:
   env:
     APPLICATIONINSIGHTS_CONFIGURATION_FILE: "applicationinsights.dev.json"
     HMPPS_AUTH_URL: "https://sign-in-preprod.hmpps.service.justice.gov.uk/auth"
-    # Template kotlin calls out to itself to provide an example of a service call
-    # TODO: This should be replaced by a call to a different service, or removed
-    EXAMPLE_API_URL: "https://person-integration-api-preprod.hmpps.service.justice.gov.uk"
+    PRISON_API_BASE_URL: "https://prison-api-preprod.prison.service.justice.gov.uk"
 
 # CloudPlatform AlertManager receiver to route prometheus alerts to slack
 # See https://user-guide.cloud-platform.service.justice.gov.uk/documentation/monitoring-an-app/how-to-create-alarms.html#creating-your-own-custom-alerts

helm_deploy/values-preprod.yaml

@@ -7,9 +7,7 @@ generic-service:
 
   env:
     HMPPS_AUTH_URL: "https://sign-in.hmpps.service.justice.gov.uk/auth"
-    # Template kotlin calls out to itself to provide an example of a service call
-    # TODO: This should be replaced by a call to a different service, or removed
-    EXAMPLE_API_URL: "https://person-integration-api.hmpps.service.justice.gov.uk"
+    PRISON_API_BASE_URL: "https://prison-api.prison.service.justice.gov.uk"
 
 # CloudPlatform AlertManager receiver to route prometheus alerts to slack
 # See https://user-guide.cloud-platform.service.justice.gov.uk/documentation/monitoring-an-app/how-to-create-alarms.html#creating-your-own-custom-alerts

helm_deploy/values-prod.yaml

@@ -1,11 +1,11 @@
-package uk.gov.justice.digital.hmpps.templatepackagename
+package uk.gov.justice.digital.hmpps.personintegrationapi
 
 import org.springframework.boot.autoconfigure.SpringBootApplication
 import org.springframework.boot.runApplication
 
 @SpringBootApplication
-class HmppsTemplateKotlin
+class HmppsPersonIntegrationApi
 
 fun main(args: Array<String>) {
-  runApplication<HmppsTemplateKotlin>(*args)
+  runApplication<HmppsPersonIntegrationApi>(*args)
 }

src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/HmppsPersonIntegrationApi.kt

@@ -0,0 +1,7 @@
+package uk.gov.justice.digital.hmpps.personintegrationapi.common
+
+object Constants {
+  const val PRISONER_NUMBER_REGEX = "^[A-Za-z0-9]{1,10}\$"
+  const val PRISONER_NUMBER_VALIDATION_MESSAGE =
+    "The prisoner number must be a alphanumeric string upto 10 characters in length."
+}

src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/common/Constants.kt

@@ -0,0 +1,23 @@
+package uk.gov.justice.digital.hmpps.personintegrationapi.common.annotation
+
+import io.swagger.v3.oas.annotations.media.Schema
+import jakarta.validation.constraints.Pattern
+import uk.gov.justice.digital.hmpps.personintegrationapi.common.Constants
+
+@Schema(
+  description = Constants.PRISONER_NUMBER_VALIDATION_MESSAGE,
+  example = "A12345",
+  pattern = Constants.PRISONER_NUMBER_REGEX,
+)
+@Pattern(
+  regexp = Constants.PRISONER_NUMBER_REGEX,
+  message = Constants.PRISONER_NUMBER_VALIDATION_MESSAGE,
+)
+@Target(
+  AnnotationTarget.FIELD,
+  AnnotationTarget.VALUE_PARAMETER,
+)
+@Retention(
+  AnnotationRetention.RUNTIME,
+)
+annotation class ValidPrisonerNumber

src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/common/annotation/ValidPrisonerNumber.kt

@@ -0,0 +1,17 @@
+package uk.gov.justice.digital.hmpps.personintegrationapi.common.client
+
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.service.annotation.HttpExchange
+import org.springframework.web.service.annotation.PutExchange
+import uk.gov.justice.digital.hmpps.personintegrationapi.common.client.dto.UpdateBirthPlace
+
+@HttpExchange("/api/offenders")
+interface PrisonApiClient {
+  @PutExchange("/{offenderNo}/birth-place")
+  fun updateBirthPlaceForWorkingName(
+    @PathVariable offenderNo: String,
+    @RequestBody updateBirthPlace: UpdateBirthPlace,
+  ): ResponseEntity<Void>
+}

src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/common/client/PrisonApiClient.kt

@@ -0,0 +1,9 @@
+package uk.gov.justice.digital.hmpps.personintegrationapi.common.client.dto
+
+import io.swagger.v3.oas.annotations.media.Schema
+
+@Schema(description = "Update to prisoner birth place (city or town of birth)")
+data class UpdateBirthPlace(
+  @Schema(description = "Birth place (city or town of birth)", example = "SHEFFIELD")
+  val birthPlace: String,
+)