From a9a4bd349f6775d87a8f3af5b113391f0bc9d09d Mon Sep 17 00:00:00 2001 From: "kai [they]" Date: Wed, 23 Oct 2024 13:03:05 -0700 Subject: [PATCH 1/4] [AB2D-6187] increase `api` test coverage (#1388) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## 🎫 Ticket https://jira.cms.gov/browse/AB2D-6187 ## πŸ›  Changes Adds test coverage for `CustomUserDetailsService` ## ℹ️ Context This is a part of my journey to achieve 90% test coverage everywhere --------- Co-authored-by: Anna Smirnova <132938234+smirnovaae@users.noreply.github.com> Co-authored-by: smirnovaae --- .../CustomUserDetailsServiceTest.java | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 api/src/test/java/gov/cms/ab2d/api/security/CustomUserDetailsServiceTest.java diff --git a/api/src/test/java/gov/cms/ab2d/api/security/CustomUserDetailsServiceTest.java b/api/src/test/java/gov/cms/ab2d/api/security/CustomUserDetailsServiceTest.java new file mode 100644 index 000000000..3d9a677ea --- /dev/null +++ b/api/src/test/java/gov/cms/ab2d/api/security/CustomUserDetailsServiceTest.java @@ -0,0 +1,39 @@ +package gov.cms.ab2d.api.security; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThrows; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import org.junit.jupiter.api.Test; +import org.springframework.security.core.userdetails.UsernameNotFoundException; + +import gov.cms.ab2d.common.model.PdpClient; +import gov.cms.ab2d.common.repository.PdpClientRepository; + +class CustomUserDetailsServiceTest { + + @Test + void testLoadUserByUsername1() { + PdpClientRepository pdpClientRepository = mock(PdpClientRepository.class); + CustomUserDetailsService customUserDetailsService = new CustomUserDetailsService(pdpClientRepository); + PdpClient pdpClient = new PdpClient(); + when(pdpClientRepository.findByClientId("clientId")).thenReturn(pdpClient); + assertEquals( + customUserDetailsService.loadUserByUsername("clientId"), + pdpClient + ); + } + + @Test + void testLoadUserByUsername2() { + PdpClientRepository pdpClientRepository = mock(PdpClientRepository.class); + CustomUserDetailsService customUserDetailsService = new CustomUserDetailsService(pdpClientRepository); + when(pdpClientRepository.findByClientId(null)).thenReturn(null); + assertThrows( + UsernameNotFoundException.class, + () -> {customUserDetailsService.loadUserByUsername(null);} + ); + } + +} From ad019226f404adbe05573542e9bfa3e98dfc4926 Mon Sep 17 00:00:00 2001 From: Anna Smirnova <132938234+smirnovaae@users.noreply.github.com> Date: Thu, 24 Oct 2024 09:20:20 -0700 Subject: [PATCH 2/4] [Snyk] Upgrade com.newrelic.agent.java:newrelic-java from 8.4.0 to 8.15.0 (#1410) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade com.newrelic.agent.java:newrelic-java from 8.4.0 to 8.15.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **14 versions** ahead of your current version. - The recommended version was released on **23 days ago**. --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** > - 🧐 [View latest project report](https://app.snyk.io/org/smirnovaae/project/95400c78-552b-440c-8d11-5ac0897f16b9?utm_source=github&utm_medium=referral&page=upgrade-pr) > - πŸ“œ [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) > - πŸ›  [Adjust upgrade PR settings](https://app.snyk.io/org/smirnovaae/project/95400c78-552b-440c-8d11-5ac0897f16b9/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - πŸ”• [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/smirnovaae/project/95400c78-552b-440c-8d11-5ac0897f16b9/settings/integration?pkg=com.newrelic.agent.java:newrelic-java&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"com.newrelic.agent.java:newrelic-java","from":"8.4.0","to":"8.15.0"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"5395d35d-9455-44c7-a336-e9ffb042494d","prPublicId":"5395d35d-9455-44c7-a336-e9ffb042494d","packageManager":"maven","priorityScoreList":[],"projectPublicId":"95400c78-552b-440c-8d11-5ac0897f16b9","projectUrl":"https://app.snyk.io/org/smirnovaae/project/95400c78-552b-440c-8d11-5ac0897f16b9?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":14,"publishedDate":"2024-09-30T12:46:20.000Z"},"vulns":[]}' Co-authored-by: snyk-bot --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c42e89c9b..8415bc557 100644 --- a/pom.xml +++ b/pom.xml @@ -34,7 +34,7 @@ ${project.root}/src/main/resources/checkstyle.xml 7.3 1.18.3 - 8.4.0 + 8.15.0 42.7.3 2.4.4 From 93566e963643dd02fcdbf85b42f64585f9fe5a8d Mon Sep 17 00:00:00 2001 From: Anna Smirnova <132938234+smirnovaae@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:08:36 -0700 Subject: [PATCH 3/4] [Snyk] Upgrade com.okta.jwt:okta-jwt-verifier from 0.5.8 to 0.5.10 (#1405) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade com.okta.jwt:okta-jwt-verifier from 0.5.8 to 0.5.10.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **2 versions** ahead of your current version. - The recommended version was released on **25 days ago**. --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** > - 🧐 [View latest project report](https://app.snyk.io/org/smirnovaae/project/597af805-5870-4d5c-8a4b-b0151dc001f2?utm_source=github&utm_medium=referral&page=upgrade-pr) > - πŸ“œ [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) > - πŸ›  [Adjust upgrade PR settings](https://app.snyk.io/org/smirnovaae/project/597af805-5870-4d5c-8a4b-b0151dc001f2/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - πŸ”• [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/smirnovaae/project/597af805-5870-4d5c-8a4b-b0151dc001f2/settings/integration?pkg=com.okta.jwt:okta-jwt-verifier&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"com.okta.jwt:okta-jwt-verifier","from":"0.5.8","to":"0.5.10"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"98e7eab2-a693-493b-9611-f5880fbca8c1","prPublicId":"98e7eab2-a693-493b-9611-f5880fbca8c1","packageManager":"maven","priorityScoreList":[],"projectPublicId":"597af805-5870-4d5c-8a4b-b0151dc001f2","projectUrl":"https://app.snyk.io/org/smirnovaae/project/597af805-5870-4d5c-8a4b-b0151dc001f2?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2024-09-25T10:53:13.000Z"},"vulns":[]}' Co-authored-by: snyk-bot --- api/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/pom.xml b/api/pom.xml index 9e6280846..60a36f6ec 100644 --- a/api/pom.xml +++ b/api/pom.xml @@ -13,7 +13,7 @@ ${basedir}/.. 3.0.0 - 0.5.8 + 0.5.10 **/JobClient.java The current tagging of ab2d-east-prod and ab2d-east-prod-test images causes issues. ECR lifecycle policies are based on prefixes. Essentially, a policy on the ab2d-east-prod prefix will include ab2d-east-prod-test images in its count and may delete all prod images older than any new prod-test images. ## πŸ§ͺ Validation Check Workflow Execution: Confirm that the workflow ran successfully in GitHub Actions. Confirm Image Tags: Go to the Amazon ECR repository in the AWS console. Verify that the images have new tags (e.g., ab2d-prod-test-latest, ab2d-sbx-latest, etc., depending on the environment). Run Deployment: Trigger the deployment pipeline for the environment where this workflow was tested. Confirm that the deployment succeeds without errors. Check Logs for Any Issues: Review logs from GitHub Actions and AWS CloudWatch for any error messages. Verify Application Functionality: Access the application (in the test or production environment as appropriate) to ensure it’s working correctly with the newly tagged images. --------- Co-authored-by: Maboh Christopher --- .github/workflows/promote.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index f167abfff..d4a8181af 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -38,9 +38,18 @@ jobs: with: aws-region: ${{ vars.AWS_REGION }} role-to-assume: arn:aws:iam::${{ secrets.MGMT_ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-mgmt-github-actions - - name: Retag images in ECR + + - name: Set environment variables env: DEPLOYMENT_ENV: ${{ vars[format('{0}_DEPLOYMENT_ENV', inputs.environment)] }} + run: | + if [ "${{ inputs.environment }}" == "prod_test" ]; then + echo "TAG_PREFIX=ab2d-prod-test" >> $GITHUB_ENV + else + echo "TAG_PREFIX=ab2d-$DEPLOYMENT_ENV" >> $GITHUB_ENV + + - name: Retag images in ECR + env: ECR_REPO_DOMAIN: ${{ secrets.MGMT_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com ECR_REPO: ab2d_${{ inputs.module }} run: | @@ -51,10 +60,10 @@ jobs: echo "Getting the manifest of the image tagged main-$SHA_SHORT" MANIFEST="$(curl -sS -H "Authorization: Basic $TOKEN" -H "Accept: $CONTENT_TYPE" "https://$ECR_REPO_DOMAIN/v2/$ECR_REPO/manifests/main-$SHA_SHORT")" - SHA_TAG="ab2d-$DEPLOYMENT_ENV-$SHA_SHORT" + SHA_TAG="$TAG_PREFIX-$SHA_SHORT" echo "Adding the $SHA_TAG tag to main-$SHA_SHORT image" curl -sS -X PUT -H "Authorization: Basic $TOKEN" -H "Content-Type: $CONTENT_TYPE" -d "$MANIFEST" "https://$ECR_REPO_DOMAIN/v2/$ECR_REPO/manifests/$SHA_TAG" - LATEST_TAG="ab2d-$DEPLOYMENT_ENV-latest" + LATEST_TAG="$TAG_PREFIX-latest" echo "Adding the $LATEST_TAG tag to main-$SHA_SHORT image" curl -sS -X PUT -H "Authorization: Basic $TOKEN" -H "Content-Type: $CONTENT_TYPE" -d "$MANIFEST" "https://$ECR_REPO_DOMAIN/v2/$ECR_REPO/manifests/$LATEST_TAG"