Merge pull request #155 from govuk-one-login/LIME-1071

LIME-1071 Update to CRI 3.0.2 and align with service changes

build.gradle

@@ -25,13 +25,13 @@ ext {
 		// cri_common_lib dependencies should match the ipv-cri-lib version
 		// Workaround until dependency resolution is fixed.
 		// ---------------------------------------------------------
-		cri_common_lib_version             : "1.6.2",
+		cri_common_lib_version             : "3.0.2",
 
-		// CRI_LIB aws
-		aws_sdk_version                    : "2.20.162",
-		aws_lambda_events_version          : "3.11.0",
+		// AWS SDK
+		aws_sdk_version                    : "2.26.16",
+		aws_lambda_events_version          : "3.11.6",
 
-		// CRI_LIB nimbus
+		// Nimbus Oauth
 		nimbusds_oauth_version             : "11.10.1",
 		nimbusds_jwt_version               : "9.37.3",
 
@@ -46,11 +46,8 @@ ext {
 
 		// AWS  aws-lambda-java-libs see https://github.com/aws/aws-lambda-java-libs
 		aws_lambda_core_version            : "1.2.1",
-		// Object mapper
-		jackson_version                    : "2.17.1",
-		// GSON only Used in DCS pathway remove with DCS removal
-		gson_version						: "2.8.9",
-
+		// Jackson Addons/ needs to track the aws sdk version of jackson
+		jackson_version                    : "2.15.2",
 		// Code weaving (lombok+powertools)
 		aspectjrt_version                  : "1.9.21",
 
@@ -62,12 +59,14 @@ ext {
 		junit_version                      : "5.10.2",
 		hamcrest_version                   : "2.2",
 		mockito_version                    : "4.3.1",
-		webcompere_version                 : "2.0.2",
+		wiremock_version                   : "3.0.1",
+		webcompere_version                 : "2.1.6",
 
 		// testFixturesImplementation
 
 		// Contract Tests
-		pact_provider_version              : "4.6.9",
+		pact_provider_version              : "4.6.4",
+		slf4j_log4j12_version              : "2.0.13", // For contract test debug
 	]
 
 	// Sets the version used on the lambda + lib (ac tests have separate dependencies)

infrastructure/lambda/template.yaml

@@ -240,6 +240,23 @@ Mappings:
       integration: "false"
       production: "false"
 
+  FeatureFlagMapping:
+    dev:
+      VcExpiryRemoved: "true"
+      VcContainsUniqueIdMapping: "true"
+    build:
+      VcExpiryRemoved: "true"
+      VcContainsUniqueIdMapping: "true"
+    staging:
+      VcExpiryRemoved: "true"
+      VcContainsUniqueIdMapping: "true"
+    integration:
+      VcExpiryRemoved: "true"
+      VcContainsUniqueIdMapping: "true"
+    production:
+      VcExpiryRemoved: "true"
+      VcContainsUniqueIdMapping: "true"
+
 Resources:
 
 ####################################################################
@@ -581,6 +598,8 @@ Resources:
         Variables:
           POWERTOOLS_SERVICE_NAME: !Sub "${CriIdentifier}-issuecredential"
           ENVIRONMENT: !Ref Environment
+          ENV_VAR_FEATURE_FLAG_VC_EXPIRY_REMOVED: !FindInMap [ FeatureFlagMapping, !Ref Environment, VcExpiryRemoved ]
+          ENV_VAR_FEATURE_FLAG_VC_CONTAINS_UNIQUE_ID: !FindInMap [ FeatureFlagMapping, !Ref Environment, VcContainsUniqueIdMapping ]
       Policies:
         - DynamoDBReadPolicy:
             TableName: !Sub "{{resolve:ssm:/${CommonStackName}/SessionTableName}}"

lambdas/certexpiryreminder/build.gradle

@@ -8,20 +8,27 @@ plugins {
 	id 'io.freefair.aspectj.post-compile-weaving' version '8.4'
 }
 
+configurations.all {
+	// https://aws.amazon.com/blogs/developer/tuning-the-aws-java-sdk-2-x-to-reduce-startup-time/
+	exclude group:"software.amazon.awssdk", module: "apache-client"
+	exclude group:"software.amazon.awssdk", module: "netty-nio-client"
+}
+
 dependencies {
-	implementation project(":lib"),project(":lib-dvad"),
+	implementation platform("software.amazon.awssdk:bom:${dependencyVersions.aws_sdk_version}"),
+			project(":lib"),project(":lib-dvad"),
 			"uk.gov.account:cri-common-lib:${dependencyVersions.cri_common_lib_version}",
 			"com.nimbusds:oauth2-oidc-sdk:${dependencyVersions.nimbusds_oauth_version}",
 			"com.nimbusds:nimbus-jose-jwt:${dependencyVersions.nimbusds_jwt_version}",
 			"com.amazonaws:aws-lambda-java-core:${dependencyVersions.aws_lambda_core_version}",
 			"com.amazonaws:aws-lambda-java-events:${dependencyVersions.aws_lambda_events_version}",
 			"software.amazon.awssdk:lambda:${dependencyVersions.aws_sdk_version}",
 			"software.amazon.awssdk:kms:${dependencyVersions.aws_sdk_version}",
-			"com.fasterxml.jackson.core:jackson-core:${dependencyVersions.jackson_version}",
+			"com.fasterxml.jackson.core:jackson-core",
+			"com.fasterxml.jackson.core:jackson-databind",
+			"com.fasterxml.jackson.core:jackson-annotations",
 			"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-databind:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-annotations:${dependencyVersions.jackson_version}"
+			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}"
 
 	aspect "software.amazon.lambda:powertools-logging:${dependencyVersions.aws_powertools_logging_version}",
 			"software.amazon.lambda:powertools-metrics:${dependencyVersions.aws_powertools_metrics_version}",

lambdas/certexpiryreminder/src/main/java/uk/gov/di/ipv/cri/passport/certexpiryreminder/handler/CertExpiryReminderHandler.java

@@ -8,9 +8,9 @@
 import software.amazon.lambda.powertools.logging.Logging;
 import software.amazon.lambda.powertools.metrics.Metrics;
 import uk.gov.di.ipv.cri.common.library.annotations.ExcludeFromGeneratedCoverageReport;
+import uk.gov.di.ipv.cri.common.library.util.ClientProviderFactory;
 import uk.gov.di.ipv.cri.common.library.util.EventProbe;
 import uk.gov.di.ipv.cri.passport.certexpiryreminder.handler.config.CertExpiryReminderConfig;
-import uk.gov.di.ipv.cri.passport.library.service.ClientFactoryService;
 import uk.gov.di.ipv.cri.passport.library.service.ParameterStoreService;
 
 import java.security.cert.CertificateException;
@@ -36,9 +36,10 @@ public class CertExpiryReminderHandler implements RequestHandler<Object, Object>
 
     @ExcludeFromGeneratedCoverageReport
     public CertExpiryReminderHandler() {
-        ClientFactoryService clientFactoryService = new ClientFactoryService();
+        ClientProviderFactory clientProviderFactory = new ClientProviderFactory();
 
-        this.parameterStoreService = new ParameterStoreService(clientFactoryService);
+        this.parameterStoreService =
+                new ParameterStoreService(clientProviderFactory.getSSMProvider());
 
         this.certExpiryReminderConfig = new CertExpiryReminderConfig(parameterStoreService);
 

lambdas/checkpassport/build.gradle

@@ -9,30 +9,39 @@ plugins {
 	id 'java-test-fixtures'
 }
 
+configurations.all {
+	// https://aws.amazon.com/blogs/developer/tuning-the-aws-java-sdk-2-x-to-reduce-startup-time/
+	exclude group:"software.amazon.awssdk", module: "apache-client"
+	exclude group:"software.amazon.awssdk", module: "netty-nio-client"
+}
+
 dependencies {
-	implementation project(":lib"), project(":lib-dvad"),
+	implementation platform("software.amazon.awssdk:bom:${dependencyVersions.aws_sdk_version}"),
+			project(":lib"), project(":lib-dvad"),
 			"uk.gov.account:cri-common-lib:${dependencyVersions.cri_common_lib_version}",
 			"com.nimbusds:oauth2-oidc-sdk:${dependencyVersions.nimbusds_oauth_version}",
 			"com.nimbusds:nimbus-jose-jwt:${dependencyVersions.nimbusds_jwt_version}",
 			"com.amazonaws:aws-lambda-java-core:${dependencyVersions.aws_lambda_core_version}",
 			"com.amazonaws:aws-lambda-java-events:${dependencyVersions.aws_lambda_events_version}",
 			"software.amazon.awssdk:lambda:${dependencyVersions.aws_sdk_version}",
 			"software.amazon.awssdk:dynamodb-enhanced:${dependencyVersions.aws_sdk_version}",
-			"com.fasterxml.jackson.core:jackson-core:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-databind:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-annotations:${dependencyVersions.jackson_version}",
+			"software.amazon.awssdk:sqs:${dependencyVersions.aws_sdk_version}",
+			"software.amazon.awssdk:aws-crt-client:${dependencyVersions.aws_sdk_version}",
 			"org.apache.httpcomponents:httpcore:${dependencyVersions.httpcomponents_core_version}",
 			"org.apache.httpcomponents:httpclient:${dependencyVersions.httpcomponents_client_version}",
-			"com.google.code.gson:gson:${dependencyVersions.gson_version}",
-			"org.aspectj:aspectjrt:${dependencyVersions.aspectjrt_version}"
+			"org.aspectj:aspectjrt:${dependencyVersions.aspectjrt_version}",
+			"com.fasterxml.jackson.core:jackson-core",
+			"com.fasterxml.jackson.core:jackson-databind",
+			"com.fasterxml.jackson.core:jackson-annotations",
+			"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${dependencyVersions.jackson_version}",
+			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}"
 
 	aspect "software.amazon.lambda:powertools-logging:${dependencyVersions.aws_powertools_logging_version}",
 			"software.amazon.lambda:powertools-metrics:${dependencyVersions.aws_powertools_metrics_version}",
 			"software.amazon.lambda:powertools-parameters:${dependencyVersions.aws_powertools_parameters_version}"
 
-	testImplementation testFixtures(project(":lib")), testFixtures(this.project),"org.junit.jupiter:junit-jupiter-engine:${dependencyVersions.junit_version}",
+	testImplementation testFixtures(project(":lib")), testFixtures(this.project),
+			"org.junit.jupiter:junit-jupiter-engine:${dependencyVersions.junit_version}",
 			"org.junit.jupiter:junit-jupiter-api:${dependencyVersions.junit_version}",
 			"org.junit.jupiter:junit-jupiter-params:${dependencyVersions.junit_version}",
 			"org.mockito:mockito-junit-jupiter:${dependencyVersions.mockito_version}",

lambdas/checkpassport/src/main/java/uk/gov/di/ipv/cri/passport/checkpassport/services/ThirdPartyAPIServiceFactory.java

@@ -7,7 +7,7 @@
 import uk.gov.di.ipv.cri.passport.library.dvad.services.DVADCloseableHttpClientFactory;
 import uk.gov.di.ipv.cri.passport.library.dvad.services.DvadThirdPartyAPIService;
 import uk.gov.di.ipv.cri.passport.library.dvad.services.endpoints.DvadAPIEndpointFactory;
-import uk.gov.di.ipv.cri.passport.library.service.ClientFactoryService;
+import uk.gov.di.ipv.cri.passport.library.service.ApacheHTTPClientFactoryService;
 import uk.gov.di.ipv.cri.passport.library.service.ParameterStoreService;
 import uk.gov.di.ipv.cri.passport.library.service.ServiceFactory;
 import uk.gov.di.ipv.cri.passport.library.service.ThirdPartyAPIService;
@@ -18,7 +18,7 @@ public class ThirdPartyAPIServiceFactory {
 
     private final ParameterStoreService parameterStoreService;
 
-    public final ClientFactoryService clientFactoryService;
+    public final ApacheHTTPClientFactoryService apacheHTTPClientFactoryService;
 
     // UAT/LIVE DVAD(0) - STUB DVAD(1)
     private static final int DVAD = 0;
@@ -30,7 +30,7 @@ public ThirdPartyAPIServiceFactory(ServiceFactory serviceFactory)
         this.parameterStoreService = serviceFactory.getParameterStoreService();
         this.eventProbe = serviceFactory.getEventProbe();
         this.objectMapper = serviceFactory.getObjectMapper();
-        this.clientFactoryService = serviceFactory.getClientFactoryService();
+        this.apacheHTTPClientFactoryService = serviceFactory.getApacheHTTPClientFactoryService();
 
         // Done this way to allow switching if needed to lazy init + singletons
         thirdPartyAPIServices[DVAD] = createDvadThirdPartyAPIService();
@@ -41,7 +41,7 @@ private ThirdPartyAPIService createDvadThirdPartyAPIService() throws JsonProcess
 
         CloseableHttpClient closeableHttpClient =
                 new DVADCloseableHttpClientFactory()
-                        .getClient(true, parameterStoreService, clientFactoryService);
+                        .getClient(true, parameterStoreService, apacheHTTPClientFactoryService);
 
         // Reduces constructor load in DvadThirdPartyAPIService and allow endpoints to be mocked
         DvadAPIEndpointFactory dvadAPIEndpointFactory =
@@ -60,7 +60,7 @@ private ThirdPartyAPIService createDvadThirdPartyAPIServiceForStub()
 
         CloseableHttpClient closeableHttpClient =
                 new DVADCloseableHttpClientFactory()
-                        .getClient(false, parameterStoreService, clientFactoryService);
+                        .getClient(false, parameterStoreService, apacheHTTPClientFactoryService);
 
         // Reduces constructor load in DvadThirdPartyAPIService and allow endpoints to be mocked
         DvadAPIEndpointFactory dvadAPIEndpointFactory =

lambdas/checkpassport/src/test/java/uk/gov/di/ipv/cri/passport/checkpassport/handler/CheckPassportHandlerTest.java

@@ -35,7 +35,7 @@
 import uk.gov.di.ipv.cri.passport.library.error.CommonExpressOAuthError;
 import uk.gov.di.ipv.cri.passport.library.exceptions.OAuthErrorResponseException;
 import uk.gov.di.ipv.cri.passport.library.persistence.DocumentCheckResultItem;
-import uk.gov.di.ipv.cri.passport.library.service.ClientFactoryService;
+import uk.gov.di.ipv.cri.passport.library.service.ApacheHTTPClientFactoryService;
 import uk.gov.di.ipv.cri.passport.library.service.ParameterStoreService;
 import uk.gov.di.ipv.cri.passport.library.service.ServiceFactory;
 import uk.gov.di.ipv.cri.passport.library.service.ThirdPartyAPIService;
@@ -92,7 +92,7 @@ class CheckPassportHandlerTest {
 
     // Returned via the ServiceFactory
     @Mock private EventProbe mockEventProbe;
-    @Mock private ClientFactoryService mockClientFactoryService;
+    @Mock private ApacheHTTPClientFactoryService mockApacheHTTPClientFactoryService;
     @Mock private ParameterStoreService mockParameterStoreService;
     @Mock private SessionService mockSessionService;
     @Mock private PersonIdentityService mockPersonIdentityService;
@@ -583,7 +583,8 @@ private void mockServiceFactoryBehaviour() {
         when(mockServiceFactory.getObjectMapper()).thenReturn(realObjectMapper);
         when(mockServiceFactory.getEventProbe()).thenReturn(mockEventProbe);
 
-        when(mockServiceFactory.getClientFactoryService()).thenReturn(mockClientFactoryService);
+        when(mockServiceFactory.getApacheHTTPClientFactoryService())
+                .thenReturn(mockApacheHTTPClientFactoryService);
 
         when(mockServiceFactory.getParameterStoreService()).thenReturn(mockParameterStoreService);
 

lambdas/issuecredential/build.gradle

@@ -9,20 +9,23 @@ plugins {
 }
 
 dependencies {
-	implementation project(":lib"),
+	implementation platform("software.amazon.awssdk:bom:${dependencyVersions.aws_sdk_version}"), project(":lib"),
 			"uk.gov.account:cri-common-lib:${dependencyVersions.cri_common_lib_version}",
 			"com.nimbusds:oauth2-oidc-sdk:${dependencyVersions.nimbusds_oauth_version}",
 			"com.nimbusds:nimbus-jose-jwt:${dependencyVersions.nimbusds_jwt_version}",
 			"com.amazonaws:aws-lambda-java-core:${dependencyVersions.aws_lambda_core_version}",
 			"com.amazonaws:aws-lambda-java-events:${dependencyVersions.aws_lambda_events_version}",
 			"software.amazon.awssdk:lambda:${dependencyVersions.aws_sdk_version}",
+			"software.amazon.awssdk:dynamodb-enhanced:${dependencyVersions.aws_sdk_version}",
 			"software.amazon.awssdk:kms:${dependencyVersions.aws_sdk_version}",
-			"com.fasterxml.jackson.core:jackson-core:${dependencyVersions.jackson_version}",
+			"software.amazon.awssdk:sqs:${dependencyVersions.aws_sdk_version}",
+			"software.amazon.awssdk:aws-crt-client:${dependencyVersions.aws_sdk_version}",
+			"org.aspectj:aspectjrt:${dependencyVersions.aspectjrt_version}",
+			"com.fasterxml.jackson.core:jackson-core",
+			"com.fasterxml.jackson.core:jackson-databind",
+			"com.fasterxml.jackson.core:jackson-annotations",
 			"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-databind:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-annotations:${dependencyVersions.jackson_version}",
-			"org.aspectj:aspectjrt:${dependencyVersions.aspectjrt_version}"
+			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}"
 
 	aspect "software.amazon.lambda:powertools-logging:${dependencyVersions.aws_powertools_logging_version}",
 			"software.amazon.lambda:powertools-metrics:${dependencyVersions.aws_powertools_metrics_version}",
@@ -34,11 +37,12 @@ dependencies {
 			"org.mockito:mockito-junit-jupiter:${dependencyVersions.mockito_version}",
 			"org.mockito:mockito-inline:${dependencyVersions.mockito_version}",
 			"org.hamcrest:hamcrest:${dependencyVersions.hamcrest_version}",
+			"com.github.tomakehurst:wiremock-jre8:${dependencyVersions.wiremock_version}",
 			"uk.org.webcompere:system-stubs-core:${dependencyVersions.webcompere_version}",
 			"uk.org.webcompere:system-stubs-jupiter:${dependencyVersions.webcompere_version}",
 			"au.com.dius.pact:provider:${dependencyVersions.pact_provider_version}",
 			"au.com.dius.pact.provider:junit5:${dependencyVersions.pact_provider_version}",
-			"software.amazon.awssdk:dynamodb:${dependencyVersions.aws_sdk_version}"
+			"org.slf4j:slf4j-log4j12:${dependencyVersions.slf4j_log4j12_version}"
 }
 
 tasks.register('buildZip', Zip) {

lambdas/issuecredential/src/main/java/uk/gov/di/ipv/cri/passport/issuecredential/handler/IssueCredentialHandler.java

@@ -91,7 +91,7 @@ public IssueCredentialHandler() {
                         serviceFactory
                                 .getCommonLibConfigurationService()
                                 .getVerifiableCredentialKmsSigningKeyId(),
-                        serviceFactory.getClientFactoryService().getKMSClient());
+                        serviceFactory.getClientProviderFactory().getKMSClient());
 
         // VerifiableCredentialService is internal to IssueCredentialHandler
         VerifiableCredentialService verifiableCredentialServiceNotAssignedYet =