resolve conflict.

Dockerfile

@@ -10,8 +10,5 @@ RUN unzip /tmp/sonar-scanner-cli-5.0.1.3006-linux.zip -d /tmp
 RUN python -m venv /tmp/venv
 RUN . /tmp/venv/bin/activate
 ENV PATH="/tmp/sonar-scanner-5.0.1.3006-linux/bin:/tmp/venv/bin:${PATH}"
-RUN pip install --upgrade pip
-RUN pip install --upgrade pip-tools
-RUN pip install --upgrade setuptools
-RUN pip install --upgrade coverage
-RUN pip install -r requirements/requirements.dev.txt --no-index --find-links ./vendor/
+RUN pip install --upgrade pip pip-tools setuptools coverage
+RUN pip install -r requirements/requirements.dev.txt --no-index --find-links ./vendor/

Dockerfile.selenium

@@ -1,16 +1,18 @@
-FROM seleniarm/standalone-chromium
+FROM selenium/standalone-chromium
 
-ENV PYTHONUNBUFFERED 1
 USER root
-#RUN apt-get update ; apt-get install -yq git curl libpq-dev libffi-dev
+
 RUN apt-get update ; apt-get install -yq python3 python3-venv
 RUN ln -s /usr/bin/python3 /usr/local/bin/python
-RUN useradd -m -s /bin/bash DEV
-USER DEV
+
+# switch to existing seluser from selenium docker
+USER seluser
+
 ADD . /code
 WORKDIR /code
 RUN python -m venv /tmp/venv
 RUN . /tmp/venv/bin/activate
 ENV PATH="/tmp/venv/bin:${PATH}"
+
 RUN pip3 install --upgrade pip
 RUN pip3 install selenium pytest debugpy jsonschema python-dateutil

Dockerfiles/Dockerfile.selenium-jenkins-python311-plus-chromedriver

@@ -0,0 +1,27 @@
+FROM --platform=linux/amd64 python:3.11
+# For build CBC Jenkins job ECR image
+ENV PYTHONUNBUFFERED 1
+
+RUN mkdir /code
+ADD . /code/
+WORKDIR /code
+
+RUN pip install --upgrade pip
+RUN apt-get update && apt-get install -yq git unzip curl
+
+# Install Chrome for Selenium
+RUN curl https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb -o /chrome.deb \
+    && dpkg -i /chrome.deb || apt-get install -yf \
+    && rm /chrome.deb
+
+# Install chromedriver for Selenium: keep the previous chrome driver install code for reference
+# RUN wget -O /tmp/chromedriver.zip http://chromedriver.storage.googleapis.com/`curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE`/chromedriver_linux64.zip \
+#     && unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/ \
+#     && chmod +x /usr/local/bin/chromedriver
+
+# hard code the zip URL here since `curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE` still points to 114 which is out of date
+# this is the current way google publish the chrome drivers, going forward, need to make changes to keep up with the way google publish the
+# drivers.
+RUN wget -O /tmp/chromedriver.zip https://storage.googleapis.com/chrome-for-testing-public/131.0.6778.108/linux64/chromedriver-linux64.zip \
+    && unzip -p /tmp/chromedriver.zip chromedriver-linux64/chromedriver > /usr/local/bin/chromedriver \
+    && chmod +x /usr/local/bin/chromedriver

Dockerfiles/readme.md

@@ -1,13 +1,11 @@
-# Build, Tag, and Publish integration and selenium tests ECR iamge
+# Build, Tag, and Publish integration and selenium tests ECR image - used by github CI check
 
 Go to BB2 local repo base directory and do the followings (assume aws cli installed and configured properly):
 
 ```
-
 aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/f5g8o1y9
 cd <bb2-local-repo-base-dir>/Dockerfiles
-docker build -f Dockerfile.selenium-jenkins -t bb2-cbc-build-selenium .
-docker tag bb2-cbc-build-selenium:latest public.ecr.aws/f5g8o1y9/bb2-cbc-build-selenium:latest
-docker push public.ecr.aws/f5g8o1y9/bb2-cbc-build-selenium:latest
-
-```
+docker build -f Dockerfile.selenium-jenkins-python311-plus-chromedriver -t bb2-cbc-build-selenium-python311-chromium .
+docker tag bb2-cbc-build-selenium-python311-chromium:latest public.ecr.aws/f5g8o1y9/bb2-cbc-build-selenium-python311-chromium:latest
+docker push public.ecr.aws/f5g8o1y9/bb2-cbc-build-selenium-python311-chromium:latest
+```

Jenkinsfiles/Jenkinsfile.cbc-run-multi-pr-checks-w-selenium

@@ -56,7 +56,6 @@ pipeline {
           python -m venv venv
           . venv/bin/activate
           python -m pip install --upgrade pip setuptools wheel cryptography
-          make reqs-download
           make reqs-install-dev
           pip install --upgrade coverage
         """
@@ -101,7 +100,7 @@ pipeline {
        steps{
         sh """
           . venv/bin/activate
-          pytest ./apps/integration_tests/logging_tests.py::TestLoggings::test_auth_fhir_flows_logging
+          USE_NEW_PERM_SCREEN=true pytest ./apps/integration_tests/logging_tests.py::TestLoggings::test_auth_fhir_flows_logging
         """
        }
     }
@@ -136,7 +135,7 @@ pipeline {
         sh 'echo "RUN selenium tests - testclient based authorization flow tests and data flow tests"'
         sh """
           . venv/bin/activate
-          pytest ./apps/integration_tests/selenium_tests.py
+          USE_NEW_PERM_SCREEN=true pytest ./apps/integration_tests/selenium_tests.py
         """
        }
     }

Jenkinsfiles/Jenkinsfile.cbc-run-multi-pr-checks-w-selenium-chromium

@@ -0,0 +1,151 @@
+pipeline {
+  agent {
+    kubernetes {
+      defaultContainer "bb2-cbc-build-selenium-python311-chromium"
+      yamlFile "Jenkinsfiles/cbc-pod-deployment-config-w-selenium-p311-chromium.yaml"
+    }
+  }
+
+  environment {
+    DJANGO_LOG_JSON_FORMAT_PRETTY = true
+    DJANGO_SETTINGS_MODULE = "hhs_oauth_server.settings.logging_it"
+    OAUTHLIB_INSECURE_TRANSPORT = true
+    DJANGO_SECURE_SESSION = false
+    DJANGO_FHIR_CERTSTORE = "./certstore"
+    // use mock login - safer, faster
+    USE_MSLSX = true
+    DJANGO_MEDICARE_SLSX_REDIRECT_URI = "http://localhost:8000/mymedicare/sls-callback"
+    DJANGO_MEDICARE_SLSX_LOGIN_URI = "http://localhost:8080/sso/authorize?client_id=bb2api"
+    DJANGO_SLSX_HEALTH_CHECK_ENDPOINT = "http://localhost:8080/health"
+    DJANGO_SLSX_TOKEN_ENDPOINT = "http://localhost:8080/sso/session"
+    DJANGO_SLSX_SIGNOUT_ENDPOINT = "http://localhost:8080/sso/signout"
+    DJANGO_SLSX_USERINFO_ENDPOINT="http://localhost:8080/v1/users"
+    DJANGO_SLSX_CLIENT_ID = credentials("bb2-selenium-tests-slsx-client-id")
+    DJANGO_SLSX_CLIENT_SECRET = credentials("bb2-selenium-tests-slsx-client-secret")
+    DJANGO_USER_ID_ITERATIONS = credentials("bb2-integration-tests-bfd-iterations")
+    DJANGO_USER_ID_SALT = credentials("bb2-integration-tests-bfd-salt")
+    FHIR_CERT = credentials("bb2-integration-tests-bfd-cert")
+    FHIR_KEY = credentials("bb2-integration-tests-bfd-key")
+    FHIR_URL = "${params.FHIR_URL}"
+    HOSTNAME_URL = "http://localhost:8000"
+  }
+
+  parameters {
+    string(
+      name: 'FHIR_URL',
+      defaultValue: "https://prod-sbx.bfd.cms.gov",
+      description: 'The default FHIR URL for the back end BFD service.'
+    )
+    booleanParam(
+        name: 'RUN_SELENIUM_TESTS', 
+        defaultValue: false, 
+        description: 'Set to true, selenium tests will be run as part of integration tests'
+    )
+  }
+
+  stages {
+    stage("SETUP FHIR cert and key") {
+      steps {
+        writeFile(file: "${env.DJANGO_FHIR_CERTSTORE}/certstore/ca.cert.pem", text: readFile(env.FHIR_CERT))
+        writeFile(file: "${env.DJANGO_FHIR_CERTSTORE}/certstore/ca.key.nocrypt.pem", text: readFile(env.FHIR_KEY))
+      }
+    }
+
+    stage("INSTALL Python Packages") {
+      steps {
+        sh """
+          pip3 install --upgrade pip setuptools wheel
+          pip3 install -r requirements/requirements.dev.txt --no-index --find-links ./vendor/
+        """
+      }
+    }
+
+    stage("CHECK Flake8 Python Lint/Style") {
+      steps{
+        sh """
+          flake8
+        """
+      }
+    }
+
+    stage("START BB2 server in background") {
+       when {
+        expression { params.RUN_SELENIUM_TESTS == true }
+       }
+       steps{
+        sh """
+          mkdir ./docker-compose/tmp/
+          (python3 ./dev-local/app.py&) && 
+          python3 manage.py migrate &&
+          python3 manage.py create_admin_groups &&
+          python3 manage.py loaddata scopes.json &&
+          python3 manage.py create_blue_button_scopes &&
+          python3 manage.py create_test_user_and_application &&
+          python3 manage.py create_user_identification_label_selection &&
+          python3 manage.py create_test_feature_switches &&
+          (if [ ! -d 'bluebutton-css' ] ; then git clone https://github.com/CMSgov/bluebutton-css.git ; else echo 'CSS already installed.' ; fi) &&
+          echo 'starting bb2...' &&
+          (export DJANGO_SETTINGS_MODULE=hhs_oauth_server.settings.logging_it && python3 manage.py runserver 0.0.0.0:8000 > ./docker-compose/tmp/bb2_email_to_stdout.log 2>&1 &)
+        """
+       }
+    }
+
+    stage("RUN logging integration tests") {
+       when {
+        expression { params.RUN_SELENIUM_TESTS == true }
+       }
+       steps{
+        catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') {
+          sh """
+            USE_NEW_PERM_SCREEN=true ON_REMOTE_CI=true pytest -s ./apps/integration_tests/logging_tests.py::TestLoggings::test_auth_fhir_flows_logging
+          """
+        }
+        sh """
+          echo '======================'
+          cat ./docker-compose/tmp/bb2_email_to_stdout.log
+          echo '======================'
+        """
+       }
+    }
+
+    stage("RUN selenium user and apps management tests") {
+       when {
+        expression { params.RUN_SELENIUM_TESTS == true }
+       }
+       steps{
+        sh 'echo "RUN selenium tests - user account and app management tests"'
+        sh """
+          USE_NEW_PERM_SCREEN=true ON_REMOTE_CI=true pytest -s ./apps/integration_tests/selenium_accounts_tests.py::TestUserAndAppMgmt::testAccountAndAppMgmt
+        """
+       }
+    }
+
+    stage("RUN integration tests") {
+      steps{
+        sh """
+          python3 runtests.py --integration apps.integration_tests.integration_test_fhir_resources.IntegrationTestFhirApiResources
+        """
+      }
+    }
+
+    stage("RUN Django Unit Tests") {
+      steps{
+        sh """
+          python3 runtests.py
+        """
+      }
+    }
+
+    stage("RUN selenium tests") {
+       when {
+        expression { params.RUN_SELENIUM_TESTS == true }
+       }
+       steps{
+        sh 'echo "RUN selenium tests - testclient based authorization flow tests and data flow tests"'
+        sh """
+          USE_NEW_PERM_SCREEN=true ON_REMOTE_CI=true pytest -s ./apps/integration_tests/selenium_tests.py
+        """
+       }
+    }
+  }
+}

Jenkinsfiles/cbc-pod-deployment-config-w-selenium-p311-chromium.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+spec:
+  containers:
+    - name: bb2-cbc-build-selenium-python311-chromium
+      image: "public.ecr.aws/f5g8o1y9/bb2-cbc-build-selenium-python311-chromium:latest"
+      tty: true
+      command: ["tail", "-f"]
+      imagePullPolicy: Always
+  nodeSelector:
+      Agents: true

README.md

@@ -167,4 +167,4 @@ by their respective authors.
 License
 -------
 
-This project is free and open source software under the Apache 2 license. See LICENSE for more information.
+This project is free and open source software under the Apache 2 license. See LICENSE for more information.

apps/authorization/models.py

@@ -8,7 +8,6 @@
 from django.utils import timezone
 from oauth2_provider.settings import oauth2_settings
 from oauth2_provider.models import get_access_token_model
-from waffle import get_waffle_flag_model
 
 
 class DataAccessGrant(models.Model):
@@ -41,22 +40,17 @@ def user(self):
 
     def update_expiration_date(self):
         # For THIRTEEN_MONTH type update expiration_date
-        if self.application:
-            flag = get_waffle_flag_model().get("limit_data_access")
-            if flag.rollout or (flag.id is not None and flag.is_active_for_user(self.application.user)):
-                if self.application.data_access_type == "THIRTEEN_MONTH":
-                    self.expiration_date = datetime.now().replace(
-                        tzinfo=pytz.UTC
-                    ) + relativedelta(months=+13)
-                    self.save()
+        if self.application and self.application.data_access_type == "THIRTEEN_MONTH":
+            self.expiration_date = datetime.now().replace(
+                tzinfo=pytz.UTC
+            ) + relativedelta(months=+13)
+            self.save()
 
     def has_expired(self):
-        flag = get_waffle_flag_model().get("limit_data_access")
-        if flag.rollout or (flag.id is not None and flag.is_active_for_user(self.application.user)):
-            if self.application.data_access_type == "THIRTEEN_MONTH":
-                if self.expiration_date:
-                    if self.expiration_date < datetime.now().replace(tzinfo=pytz.UTC):
-                        return True
+        if self.application.data_access_type == "THIRTEEN_MONTH":
+            if self.expiration_date:
+                if self.expiration_date < datetime.now().replace(tzinfo=pytz.UTC):
+                    return True
 
         return False