Merge pull request #17272 from CDCgov/deployment/2025-02-05

Deployment of 2025-02-05

Author: adegolier

.github/ISSUE_TEMPLATE/devops_request.md

@@ -13,8 +13,7 @@ jobs:
       - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       - name: Workflow Housekeeper - workflows NOT in default branch
 
-        uses: JosiahSiegel/workflow-housekeeper@731cc20bb613208b34efb6ac74aab4ba147abb50
-        ## DevSecOps - Aquia (Replace) - uses: ./.github/actions/workflow-housekeeper
+        uses: ./.github/actions/workflow-housekeeper
 
         env:
           GITHUB_TOKEN: ${{ secrets.LOG_MANAGEMENT_TOKEN }}
@@ -25,8 +24,7 @@ jobs:
           dry-run: false
       - name: Workflow Housekeeper - workflows in default branch
 
-        uses: JosiahSiegel/workflow-housekeeper@731cc20bb613208b34efb6ac74aab4ba147abb50
-        ## DevSecOps - Aquia (Replace) - uses: ./.github/actions/workflow-housekeeper
+        uses: ./.github/actions/workflow-housekeeper
 
         env:
           GITHUB_TOKEN: ${{ secrets.LOG_MANAGEMENT_TOKEN }}

.github/workflows/log_management.yml

@@ -28,17 +28,15 @@ jobs:
 
       - name: "Create branch '${{ env.BRANCH_NAME }}' to contain the changes for the deployment on ${{ env.DEPLOYMENT_DATE }}"
 
-        uses: JosiahSiegel/remote-branch-action@dbe7a2138eb064fbfdb980abee918091a7501fbe
-        ## DevSecOps - Aquia (Replace) - uses: ./.github/actions/remote-branch-action
+        uses: ./.github/actions/remote-branch
 
         with:
           branch: "${{ env.BRANCH_NAME }}"
 
       - name: "Prepare a Pull Request from ${{ env.BRANCH_NAME }} into production branch"
         id: pr
 
-        uses: JosiahSiegel/reliable-pull-request-action@ae8d0c88126329ee363a35392793d0bc94cb82e7
-        ## DevSecOps - Aquia (Replace) - uses: ./.github/actions/reliable-pull-request-action
+        uses: ./.github/actions/reliable-pull-request
 
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/prepare_deployment_branch.yaml

@@ -7,9 +7,7 @@ import org.apache.logging.log4j.kotlin.Logging
 import org.springframework.stereotype.Service
 
 @Service
-class OktaGroupsClient(
-    private val applicationGroupsApi: ApplicationGroupsApi,
-) : Logging {
+class OktaGroupsClient(private val applicationGroupsApi: ApplicationGroupsApi) : Logging {
 
     /**
      * Get all application groups from the Okta Admin API
@@ -18,8 +16,7 @@ class OktaGroupsClient(
      *
      * @see https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationGroups/#tag/ApplicationGroups/operation/listApplicationGroupAssignments
      */
-    suspend fun getApplicationGroups(appId: String): List<String> {
-        return withContext(Dispatchers.IO) {
+    suspend fun getApplicationGroups(appId: String): List<String> = withContext(Dispatchers.IO) {
             try {
                 val groups = applicationGroupsApi
                     .listApplicationGroupAssignments(appId, null, null, null, "group")
@@ -33,5 +30,4 @@ class OktaGroupsClient(
                 throw ex
             }
         }
-    }
 }

auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/client/OktaGroupsClient.kt

@@ -10,17 +10,11 @@ import kotlin.time.TimeSource
  * Simple class to automatically read configuration from application.yml (or environment variable overrides)
  */
 @ConfigurationProperties(prefix = "app")
-data class ApplicationConfig(
-    val environment: Environment,
-) {
+data class ApplicationConfig(val environment: Environment) {
 
     @Bean
-    fun timeSource(): TimeSource {
-        return TimeSource.Monotonic
-    }
+    fun timeSource(): TimeSource = TimeSource.Monotonic
 
     @Bean
-    fun clock(): Clock {
-        return Clock.systemUTC()
-    }
+    fun clock(): Clock = Clock.systemUTC()
 }

auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/ApplicationConfig.kt

@@ -12,26 +12,20 @@ import org.springframework.context.annotation.Profile
 
 @Configuration
 @Profile("!test")
-class OktaClientConfig(
-    private val oktaClientProperties: OktaClientProperties,
-) {
+class OktaClientConfig(private val oktaClientProperties: OktaClientProperties) {
 
     @Bean
-    fun apiClient(): ApiClient {
-        return Clients.builder()
+    fun apiClient(): ApiClient = Clients.builder()
             .setOrgUrl(oktaClientProperties.orgUrl)
             .setAuthorizationMode(AuthorizationMode.PRIVATE_KEY)
             .setClientId(oktaClientProperties.clientId)
             .setScopes(oktaClientProperties.requiredScopes)
             .setPrivateKey(oktaClientProperties.apiPrivateKey)
             // .setCacheManager(...) TODO: investigate caching since groups don't often change
             .build()
-    }
 
     @Bean
-    fun applicationGroupsApi(): ApplicationGroupsApi {
-        return ApplicationGroupsApi(apiClient())
-    }
+    fun applicationGroupsApi(): ApplicationGroupsApi = ApplicationGroupsApi(apiClient())
 
     @ConfigurationProperties(prefix = "okta.admin-client")
     data class OktaClientProperties(

auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/OktaClientConfig.kt

@@ -16,9 +16,7 @@ import org.springframework.security.web.server.SecurityWebFilterChain
  */
 @Configuration
 @EnableWebFluxSecurity
-class SecurityConfig(
-    private val applicationConfig: ApplicationConfig,
-) : Logging {
+class SecurityConfig(private val applicationConfig: ApplicationConfig) : Logging {
 
     @Bean
     fun securityWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {

auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/SecurityConfig.kt

@@ -8,9 +8,7 @@ import org.springframework.web.bind.annotation.RestController
 import kotlin.time.TimeSource
 
 @RestController
-class HealthController(
-    timeSource: TimeSource,
-) {
+class HealthController(timeSource: TimeSource) {
 
     private val applicationStart = timeSource.markNow()
 

auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/controller/HealthController.kt

@@ -15,19 +15,15 @@ import reactor.core.publisher.Mono
  * defined in spring-cloud-gateway and is instantiated via configuration under a route's filters.
  */
 @Component
-class AppendOktaGroupsGatewayFilterFactory(
-    private val oktaGroupsService: OktaGroupsService,
-) : AbstractGatewayFilterFactory<Any>() {
+class AppendOktaGroupsGatewayFilterFactory(private val oktaGroupsService: OktaGroupsService) :
+    AbstractGatewayFilterFactory<Any>() {
 
     /**
      * function used only in testing to create our filter without any configuration
      */
-    fun apply(): GatewayFilter {
-        return apply { _: Any? -> }
-    }
+    fun apply(): GatewayFilter = apply { _: Any? -> }
 
-    override fun apply(config: Any?): GatewayFilter {
-        return GatewayFilter { exchange, chain ->
+    override fun apply(config: Any?): GatewayFilter = GatewayFilter { exchange, chain ->
             exchange
                 .getPrincipal<BearerTokenAuthentication>()
                 .flatMap { oktaAccessTokenJWT ->
@@ -57,5 +53,4 @@ class AppendOktaGroupsGatewayFilterFactory(
                     chain.filter(exchange.mutate().request(request).build())
                 }
         }
-    }
 }

auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/filter/AppendOktaGroupsGatewayFilterFactory.kt

@@ -3,8 +3,4 @@ package gov.cdc.prime.reportstream.auth.model
 /**
  * Simple json response model for application status
  */
-data class ApplicationStatus(
-    val application: String,
-    val status: String,
-    val uptime: String,
-)
+data class ApplicationStatus(val application: String, val status: String, val uptime: String)