RDCC-2816: upgrading Spring to 2.4.5 & other dependencies (#508)

* RDCC-2816: upgrading Spring to 2.4.5 & other dependencies

* RDCC-2816: adding name/alias to secrets in values.yaml

* RDCC-2816: adding name/alias to secrets in values.preview.template.yaml

* RDCC-2816: adding config.imports to application.yaml

* RDCC-2816: increasing chart version due to config changes

* RDCC-2816: replacing deprecated StringUtils.isEmpty() with ObjectUtils.isEmpty()

* RDCC-2816: changing LinkedMultiValueMap to HttpHeaders due to case sensitivity issue

* RDCC-2816: adding suppressiong for CVE-2018-1258

* RDCC-2816: removing deprecated bootstrap.yaml

build.gradle

@@ -14,9 +14,9 @@ plugins {
 	id 'pmd'
 	id 'com.github.ben-manes.versions' version '0.36.0'
 	id "info.solidsoft.pitest" version '1.5.2'
-	id 'io.spring.dependency-management' version '1.0.10.RELEASE'
-	id 'org.sonarqube' version '3.0'
-	id 'org.springframework.boot' version '2.3.9.RELEASE'
+	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
+	id 'org.sonarqube' version '3.1.1'
+	id 'org.springframework.boot' version '2.4.5'
 	id "org.flywaydb.flyway" version "7.0.1"
 	id 'au.com.dius.pact' version '4.1.7'// do not change, otherwise serenity report fails
 }
@@ -28,15 +28,15 @@ apply plugin: 'idea'
 
 def versions = [
 
-		lombok             : '1.18.12',
+		lombok             : '1.18.20',
 		gradlePitest       : '1.3.0',
 		pitest             : '1.5.1',
-		reformLogging      : '5.1.0',
-		reformS2sClient    : '3.1.1',
+		reformLogging      : '5.1.7',
+		reformS2sClient    : '4.0.0',
 		serenity           : '2.0.76',
 		sonarPitest        : '0.5',
-		springBoot         : '2.3.3.RELEASE',
-		springHystrix      : '2.1.1.RELEASE',
+		springBoot         : '2.4.5',
+		springHystrix      : '2.2.8.RELEASE',
 		springfoxSwagger   : '2.9.2',
 		pact_version       : '3.5.24'
 ]
@@ -272,6 +272,7 @@ dependencies {
 	compile group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: versions.springBoot
 	compile group: 'org.springframework.boot', name: 'spring-boot-starter-aop', version: versions.springBoot
 	compile group: 'org.springframework.boot', name: 'spring-boot-starter-json', version: versions.springBoot
+	implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.0.2'
 	compile (group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: versions.springBoot){
 		exclude group: "org.springframework.security"
 	}
@@ -286,6 +287,7 @@ dependencies {
 
 	compile group: 'com.github.ben-manes.caffeine', name: 'caffeine', version: '2.5.6'
 	compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.11.3'
+	compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.12.3'
 	compile group: 'io.github.openfeign.form', name: 'feign-form', version: '3.8.0'
 	compile group: 'io.github.openfeign.form', name: 'feign-form-spring', version: '3.8.0'
 
@@ -310,7 +312,7 @@ dependencies {
 	compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.14.0'
 	compile group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: '2.13.3'
 
-	compile (group: 'uk.gov.hmcts.reform', name: 'idam-client', version: '1.5.5'){
+	compile (group: 'uk.gov.hmcts.reform', name: 'idam-client', version: '2.0.0'){
 		exclude group: "org.springframework.security"
 	}
 	implementation "io.github.openfeign:feign-httpclient:11.0"

charts/rd-profile-sync/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "0.1"
 description: Reference data service for professional users
 name: rd-profile-sync
-version: 0.0.13
+version: 0.0.14
 dependencies:
   - name: java
     version: ~3.4.6

charts/rd-profile-sync/values.preview.template.yaml

@@ -15,6 +15,9 @@ java:
   keyVaults:
     rd:
       secrets:
-        - profile-sync-s2s-secret
-        - OAUTH2-AUTH
-        - ApplicationInsightsInstrumentationKey
+        - name: profile-sync-s2s-secret
+          alias: S2S_SECRET
+        - name: OAUTH2-AUTH
+          alias: idam.api.authorization
+        - name: ApplicationInsightsInstrumentationKey
+          alias: azure.application-insights.instrumentation-key

charts/rd-profile-sync/values.yaml

@@ -18,11 +18,19 @@ java:
   keyVaults:
     rd:
       secrets:
-        - profile-sync-s2s-secret
-        - profile-sync-POSTGRES-PASS
-        - ApplicationInsightsInstrumentationKey
-        - OAUTH2-CLIENT-SECRET
-        - OAUTH2-AUTH
-        - OAUTH2-CLIENT-AUTH
-        - SEARCH-QUERY-FROM
-        - CRON-SCHEDULE
+        - name: profile-sync-s2s-secret
+          alias: S2S_SECRET
+        - name: profile-sync-POSTGRES-PASS
+          alias: spring.datasource.password
+        - name: ApplicationInsightsInstrumentationKey
+          alias: azure.application-insights.instrumentation-key
+        - name: OAUTH2-CLIENT-SECRET
+          alias: idam.api-redirect-uri
+        - name: OAUTH2-AUTH
+          alias: idam.api.authorization
+        - name: OAUTH2-CLIENT-AUTH
+          alias: idam.api.client-authorization
+        - name: SEARCH-QUERY-FROM
+          alias: scheduler.hours
+        - name: CRON-SCHEDULE
+          alias: scheduler.config

config/owasp/suppressions.xml

@@ -1,3 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes><![CDATA[
+    file name: spring-security*.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven*.*$</packageUrl>
+        <cve>CVE-2018-1258</cve>
+    </suppress>
 </suppressions>

src/main/java/uk/gov/hmcts/reform/profilesync/schedular/UserProfileSyncJobScheduler.java

@@ -10,7 +10,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
+import org.springframework.util.ObjectUtils;
 import uk.gov.hmcts.reform.profilesync.advice.UserProfileSyncException;
 import uk.gov.hmcts.reform.profilesync.domain.ProfileSyncAudit;
 import uk.gov.hmcts.reform.profilesync.domain.SyncJobConfig;
@@ -71,7 +71,7 @@ public void updateIdamDataWithUserProfile() {
 
         try {
             syncAudit = profileSyncService.updateUserProfileFeed(searchQuery, syncAudit);
-            if (StringUtils.isEmpty(syncAudit.getSchedulerStatus())) {
+            if (ObjectUtils.isEmpty(syncAudit.getSchedulerStatus())) {
                 syncAudit.setSchedulerStatus(SUCCESS);
             }
             syncAudit.setSchedulerStartTime(startTime);

src/main/java/uk/gov/hmcts/reform/profilesync/service/impl/ProfileSyncServiceImpl.java

@@ -117,15 +117,15 @@ public Set<IdamClient.User> getSyncFeed(String bearerToken, String searchQuery)t
                             && !headerCount.get(0).isEmpty()) {
 
                         totalCount = Integer.parseInt(headerCount.get(0));
-                        log.info("{}:: Header Records count from Idam ::{}" + totalCount, loggingComponentName);
+                        log.info("{}:: Header Records count from Idam :: " + totalCount, loggingComponentName);
                     }
 
                 } catch (Exception ex) {
                     //There is No header.
                     log.error("{}:: X-Total-Count header not return Idam Search Service::{}", loggingComponentName,ex);
                 }
             } else {
-                log.error("{}:: Idam Search Service Failed ::{}", loggingComponentName);
+                log.error("{}:: Idam Search Service Failed :: ", loggingComponentName);
                 throw new UserProfileSyncException(HttpStatus.valueOf(response.status()), "Idam search query failure");
 
             }

src/main/java/uk/gov/hmcts/reform/profilesync/util/JsonFeignResponseUtil.java

@@ -13,9 +13,9 @@
 import java.util.Optional;
 
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 
 
@@ -65,7 +65,7 @@ public static ResponseEntity<Object>  toResponseEntity(Response response, TypeRe
     }
 
     public static MultiValueMap<String, String> convertHeaders(Map<String, Collection<String>> responseHeaders) {
-        MultiValueMap<String, String> responseEntityHeaders = new LinkedMultiValueMap<>();
+        HttpHeaders responseEntityHeaders = new HttpHeaders();
         responseHeaders.entrySet().stream().forEach(e ->
                 responseEntityHeaders.put(e.getKey(), new ArrayList<>(e.getValue())));
         return responseEntityHeaders;

src/main/resources/application.yaml

@@ -50,6 +50,9 @@ spring:
         jdbc:
           lob:
             non_contextual_creation: true
+  config:
+    import: "optional:configtree:/mnt/secrets/rd/"
+
 security:
   anonymousPaths:
     - "/"