LIME-1071 Update to CRI 3.0.2 and align with service changes

Removed ClientFactoryService, and switch to CRI Lib ClientProviderFactory. Align with contructor changes in CRI Lib services. Added netty-http client to the build exclusions and placed them in the each lambda sub project (to fully take effect) Remove versions specified for the main Jackson dependencies and defer to the ones pull in from software.amazon.awssdk:bom. There is a breakage in a later jackson version, which crashes in the sdk classes which expect the older versions. Note : jackson-datatype-jsr310 and jackson-datatype-jdk8 are not in the aws sdk and are custom dependencies these version have been set at the aws pom versions to avoid a mismatch. Version Changes Correct missing aws platform bom AWS SDK 2.20.162 -> 2.26.16 New Aws Crt Http Client aligned with AWS SDK 2.26.16 AWS Lambda Events 3.11.0 -> 3.11.6 Jackson 2.17.1 -> 2.15.2 (needs to track the aws sdk version of jackson)
govuk-one-login · Jul 16, 2024 · d48c066 · d48c066
1 parent 0b56604
commit d48c066
Show file tree

Hide file tree

Showing 20 changed files with 232 additions and 243 deletions.
diff --git a/build.gradle b/build.gradle
@@ -25,13 +25,13 @@ ext {
 		// cri_common_lib dependencies should match the ipv-cri-lib version
 		// Workaround until dependency resolution is fixed.
 		// ---------------------------------------------------------
-		cri_common_lib_version             : "1.6.2",
+		cri_common_lib_version             : "3.0.2",
 
-		// CRI_LIB aws
-		aws_sdk_version                    : "2.20.162",
-		aws_lambda_events_version          : "3.11.0",
+		// AWS SDK
+		aws_sdk_version                    : "2.26.16",
+		aws_lambda_events_version          : "3.11.6",
 
-		// CRI_LIB nimbus
+		// Nimbus Oauth
 		nimbusds_oauth_version             : "11.10.1",
 		nimbusds_jwt_version               : "9.37.3",
 
@@ -46,11 +46,8 @@ ext {
 
 		// AWS  aws-lambda-java-libs see https://github.com/aws/aws-lambda-java-libs
 		aws_lambda_core_version            : "1.2.1",
-		// Object mapper
-		jackson_version                    : "2.17.1",
-		// GSON only Used in DCS pathway remove with DCS removal
-		gson_version						: "2.8.9",
-
+		// Jackson Addons/ needs to track the aws sdk version of jackson
+		jackson_version                    : "2.15.2",
 		// Code weaving (lombok+powertools)
 		aspectjrt_version                  : "1.9.21",
 
@@ -62,12 +59,14 @@ ext {
 		junit_version                      : "5.10.2",
 		hamcrest_version                   : "2.2",
 		mockito_version                    : "4.3.1",
-		webcompere_version                 : "2.0.2",
+		wiremock_version                   : "3.0.1",
+		webcompere_version                 : "2.1.6",
 
 		// testFixturesImplementation
 
 		// Contract Tests
-		pact_provider_version              : "4.6.9",
+		pact_provider_version              : "4.6.4",
+		slf4j_log4j12_version              : "2.0.13", // For contract test debug
 	]
 
 	// Sets the version used on the lambda + lib (ac tests have separate dependencies)

diff --git a/infrastructure/lambda/template.yaml b/infrastructure/lambda/template.yaml
@@ -240,6 +240,23 @@ Mappings:
       integration: "false"
       production: "false"
 
+  FeatureFlagMapping:
+    dev:
+      VcExpiryRemoved: "true"
+      VcContainsUniqueIdMapping: "true"
+    build:
+      VcExpiryRemoved: "true"
+      VcContainsUniqueIdMapping: "true"
+    staging:
+      VcExpiryRemoved: "true"
+      VcContainsUniqueIdMapping: "true"
+    integration:
+      VcExpiryRemoved: "true"
+      VcContainsUniqueIdMapping: "true"
+    production:
+      VcExpiryRemoved: "true"
+      VcContainsUniqueIdMapping: "true"
+
 Resources:
 
 ####################################################################
@@ -581,6 +598,8 @@ Resources:
         Variables:
           POWERTOOLS_SERVICE_NAME: !Sub "${CriIdentifier}-issuecredential"
           ENVIRONMENT: !Ref Environment
+          ENV_VAR_FEATURE_FLAG_VC_EXPIRY_REMOVED: !FindInMap [ FeatureFlagMapping, !Ref Environment, VcExpiryRemoved ]
+          ENV_VAR_FEATURE_FLAG_VC_CONTAINS_UNIQUE_ID: !FindInMap [ FeatureFlagMapping, !Ref Environment, VcContainsUniqueIdMapping ]
       Policies:
         - DynamoDBReadPolicy:
             TableName: !Sub "{{resolve:ssm:/${CommonStackName}/SessionTableName}}"

diff --git a/lambdas/certexpiryreminder/build.gradle b/lambdas/certexpiryreminder/build.gradle
@@ -8,20 +8,27 @@ plugins {
 	id 'io.freefair.aspectj.post-compile-weaving' version '8.4'
 }
 
+configurations.all {
+	// https://aws.amazon.com/blogs/developer/tuning-the-aws-java-sdk-2-x-to-reduce-startup-time/
+	exclude group:"software.amazon.awssdk", module: "apache-client"
+	exclude group:"software.amazon.awssdk", module: "netty-nio-client"
+}
+
 dependencies {
-	implementation project(":lib"),project(":lib-dvad"),
+	implementation platform("software.amazon.awssdk:bom:${dependencyVersions.aws_sdk_version}"),
+			project(":lib"),project(":lib-dvad"),
 			"uk.gov.account:cri-common-lib:${dependencyVersions.cri_common_lib_version}",
 			"com.nimbusds:oauth2-oidc-sdk:${dependencyVersions.nimbusds_oauth_version}",
 			"com.nimbusds:nimbus-jose-jwt:${dependencyVersions.nimbusds_jwt_version}",
 			"com.amazonaws:aws-lambda-java-core:${dependencyVersions.aws_lambda_core_version}",
 			"com.amazonaws:aws-lambda-java-events:${dependencyVersions.aws_lambda_events_version}",
 			"software.amazon.awssdk:lambda:${dependencyVersions.aws_sdk_version}",
 			"software.amazon.awssdk:kms:${dependencyVersions.aws_sdk_version}",
-			"com.fasterxml.jackson.core:jackson-core:${dependencyVersions.jackson_version}",
+			"com.fasterxml.jackson.core:jackson-core",
+			"com.fasterxml.jackson.core:jackson-databind",
+			"com.fasterxml.jackson.core:jackson-annotations",
 			"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-databind:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-annotations:${dependencyVersions.jackson_version}"
+			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}"
 
 	aspect "software.amazon.lambda:powertools-logging:${dependencyVersions.aws_powertools_logging_version}",
 			"software.amazon.lambda:powertools-metrics:${dependencyVersions.aws_powertools_metrics_version}",

diff --git a/...java/uk/gov/di/ipv/cri/passport/certexpiryreminder/handler/CertExpiryReminderHandler.java b/...java/uk/gov/di/ipv/cri/passport/certexpiryreminder/handler/CertExpiryReminderHandler.java
@@ -8,9 +8,9 @@
 import software.amazon.lambda.powertools.logging.Logging;
 import software.amazon.lambda.powertools.metrics.Metrics;
 import uk.gov.di.ipv.cri.common.library.annotations.ExcludeFromGeneratedCoverageReport;
+import uk.gov.di.ipv.cri.common.library.util.ClientProviderFactory;
 import uk.gov.di.ipv.cri.common.library.util.EventProbe;
 import uk.gov.di.ipv.cri.passport.certexpiryreminder.handler.config.CertExpiryReminderConfig;
-import uk.gov.di.ipv.cri.passport.library.service.ClientFactoryService;
 import uk.gov.di.ipv.cri.passport.library.service.ParameterStoreService;
 
 import java.security.cert.CertificateException;
@@ -36,9 +36,10 @@ public class CertExpiryReminderHandler implements RequestHandler<Object, Object>
 
     @ExcludeFromGeneratedCoverageReport
     public CertExpiryReminderHandler() {
-        ClientFactoryService clientFactoryService = new ClientFactoryService();
+        ClientProviderFactory clientProviderFactory = new ClientProviderFactory();
 
-        this.parameterStoreService = new ParameterStoreService(clientFactoryService);
+        this.parameterStoreService =
+                new ParameterStoreService(clientProviderFactory.getSSMProvider());
 
         this.certExpiryReminderConfig = new CertExpiryReminderConfig(parameterStoreService);
 

diff --git a/lambdas/checkpassport/build.gradle b/lambdas/checkpassport/build.gradle
@@ -9,30 +9,39 @@ plugins {
 	id 'java-test-fixtures'
 }
 
+configurations.all {
+	// https://aws.amazon.com/blogs/developer/tuning-the-aws-java-sdk-2-x-to-reduce-startup-time/
+	exclude group:"software.amazon.awssdk", module: "apache-client"
+	exclude group:"software.amazon.awssdk", module: "netty-nio-client"
+}
+
 dependencies {
-	implementation project(":lib"), project(":lib-dvad"),
+	implementation platform("software.amazon.awssdk:bom:${dependencyVersions.aws_sdk_version}"),
+			project(":lib"), project(":lib-dvad"),
 			"uk.gov.account:cri-common-lib:${dependencyVersions.cri_common_lib_version}",
 			"com.nimbusds:oauth2-oidc-sdk:${dependencyVersions.nimbusds_oauth_version}",
 			"com.nimbusds:nimbus-jose-jwt:${dependencyVersions.nimbusds_jwt_version}",
 			"com.amazonaws:aws-lambda-java-core:${dependencyVersions.aws_lambda_core_version}",
 			"com.amazonaws:aws-lambda-java-events:${dependencyVersions.aws_lambda_events_version}",
 			"software.amazon.awssdk:lambda:${dependencyVersions.aws_sdk_version}",
 			"software.amazon.awssdk:dynamodb-enhanced:${dependencyVersions.aws_sdk_version}",
-			"com.fasterxml.jackson.core:jackson-core:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-databind:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-annotations:${dependencyVersions.jackson_version}",
+			"software.amazon.awssdk:sqs:${dependencyVersions.aws_sdk_version}",
+			"software.amazon.awssdk:aws-crt-client:${dependencyVersions.aws_sdk_version}",
 			"org.apache.httpcomponents:httpcore:${dependencyVersions.httpcomponents_core_version}",
 			"org.apache.httpcomponents:httpclient:${dependencyVersions.httpcomponents_client_version}",
-			"com.google.code.gson:gson:${dependencyVersions.gson_version}",
-			"org.aspectj:aspectjrt:${dependencyVersions.aspectjrt_version}"
+			"org.aspectj:aspectjrt:${dependencyVersions.aspectjrt_version}",
+			"com.fasterxml.jackson.core:jackson-core",
+			"com.fasterxml.jackson.core:jackson-databind",
+			"com.fasterxml.jackson.core:jackson-annotations",
+			"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${dependencyVersions.jackson_version}",
+			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}"
 
 	aspect "software.amazon.lambda:powertools-logging:${dependencyVersions.aws_powertools_logging_version}",
 			"software.amazon.lambda:powertools-metrics:${dependencyVersions.aws_powertools_metrics_version}",
 			"software.amazon.lambda:powertools-parameters:${dependencyVersions.aws_powertools_parameters_version}"
 
-	testImplementation testFixtures(project(":lib")), testFixtures(this.project),"org.junit.jupiter:junit-jupiter-engine:${dependencyVersions.junit_version}",
+	testImplementation testFixtures(project(":lib")), testFixtures(this.project),
+			"org.junit.jupiter:junit-jupiter-engine:${dependencyVersions.junit_version}",
 			"org.junit.jupiter:junit-jupiter-api:${dependencyVersions.junit_version}",
 			"org.junit.jupiter:junit-jupiter-params:${dependencyVersions.junit_version}",
 			"org.mockito:mockito-junit-jupiter:${dependencyVersions.mockito_version}",

diff --git a/...n/java/uk/gov/di/ipv/cri/passport/checkpassport/services/ThirdPartyAPIServiceFactory.java b/...n/java/uk/gov/di/ipv/cri/passport/checkpassport/services/ThirdPartyAPIServiceFactory.java
@@ -7,7 +7,7 @@
 import uk.gov.di.ipv.cri.passport.library.dvad.services.DVADCloseableHttpClientFactory;
 import uk.gov.di.ipv.cri.passport.library.dvad.services.DvadThirdPartyAPIService;
 import uk.gov.di.ipv.cri.passport.library.dvad.services.endpoints.DvadAPIEndpointFactory;
-import uk.gov.di.ipv.cri.passport.library.service.ClientFactoryService;
+import uk.gov.di.ipv.cri.passport.library.service.ApacheHTTPClientFactoryService;
 import uk.gov.di.ipv.cri.passport.library.service.ParameterStoreService;
 import uk.gov.di.ipv.cri.passport.library.service.ServiceFactory;
 import uk.gov.di.ipv.cri.passport.library.service.ThirdPartyAPIService;
@@ -18,7 +18,7 @@ public class ThirdPartyAPIServiceFactory {
 
     private final ParameterStoreService parameterStoreService;
 
-    public final ClientFactoryService clientFactoryService;
+    public final ApacheHTTPClientFactoryService apacheHTTPClientFactoryService;
 
     // UAT/LIVE DVAD(0) - STUB DVAD(1)
     private static final int DVAD = 0;
@@ -30,7 +30,7 @@ public ThirdPartyAPIServiceFactory(ServiceFactory serviceFactory)
         this.parameterStoreService = serviceFactory.getParameterStoreService();
         this.eventProbe = serviceFactory.getEventProbe();
         this.objectMapper = serviceFactory.getObjectMapper();
-        this.clientFactoryService = serviceFactory.getClientFactoryService();
+        this.apacheHTTPClientFactoryService = serviceFactory.getApacheHTTPClientFactoryService();
 
         // Done this way to allow switching if needed to lazy init + singletons
         thirdPartyAPIServices[DVAD] = createDvadThirdPartyAPIService();
@@ -41,7 +41,7 @@ private ThirdPartyAPIService createDvadThirdPartyAPIService() throws JsonProcess
 
         CloseableHttpClient closeableHttpClient =
                 new DVADCloseableHttpClientFactory()
-                        .getClient(true, parameterStoreService, clientFactoryService);
+                        .getClient(true, parameterStoreService, apacheHTTPClientFactoryService);
 
         // Reduces constructor load in DvadThirdPartyAPIService and allow endpoints to be mocked
         DvadAPIEndpointFactory dvadAPIEndpointFactory =
@@ -60,7 +60,7 @@ private ThirdPartyAPIService createDvadThirdPartyAPIServiceForStub()
 
         CloseableHttpClient closeableHttpClient =
                 new DVADCloseableHttpClientFactory()
-                        .getClient(false, parameterStoreService, clientFactoryService);
+                        .getClient(false, parameterStoreService, apacheHTTPClientFactoryService);
 
         // Reduces constructor load in DvadThirdPartyAPIService and allow endpoints to be mocked
         DvadAPIEndpointFactory dvadAPIEndpointFactory =

diff --git a/.../test/java/uk/gov/di/ipv/cri/passport/checkpassport/handler/CheckPassportHandlerTest.java b/.../test/java/uk/gov/di/ipv/cri/passport/checkpassport/handler/CheckPassportHandlerTest.java
@@ -35,7 +35,7 @@
 import uk.gov.di.ipv.cri.passport.library.error.CommonExpressOAuthError;
 import uk.gov.di.ipv.cri.passport.library.exceptions.OAuthErrorResponseException;
 import uk.gov.di.ipv.cri.passport.library.persistence.DocumentCheckResultItem;
-import uk.gov.di.ipv.cri.passport.library.service.ClientFactoryService;
+import uk.gov.di.ipv.cri.passport.library.service.ApacheHTTPClientFactoryService;
 import uk.gov.di.ipv.cri.passport.library.service.ParameterStoreService;
 import uk.gov.di.ipv.cri.passport.library.service.ServiceFactory;
 import uk.gov.di.ipv.cri.passport.library.service.ThirdPartyAPIService;
@@ -92,7 +92,7 @@ class CheckPassportHandlerTest {
 
     // Returned via the ServiceFactory
     @Mock private EventProbe mockEventProbe;
-    @Mock private ClientFactoryService mockClientFactoryService;
+    @Mock private ApacheHTTPClientFactoryService mockApacheHTTPClientFactoryService;
     @Mock private ParameterStoreService mockParameterStoreService;
     @Mock private SessionService mockSessionService;
     @Mock private PersonIdentityService mockPersonIdentityService;
@@ -583,7 +583,8 @@ private void mockServiceFactoryBehaviour() {
         when(mockServiceFactory.getObjectMapper()).thenReturn(realObjectMapper);
         when(mockServiceFactory.getEventProbe()).thenReturn(mockEventProbe);
 
-        when(mockServiceFactory.getClientFactoryService()).thenReturn(mockClientFactoryService);
+        when(mockServiceFactory.getApacheHTTPClientFactoryService())
+                .thenReturn(mockApacheHTTPClientFactoryService);
 
         when(mockServiceFactory.getParameterStoreService()).thenReturn(mockParameterStoreService);
 

diff --git a/lambdas/issuecredential/build.gradle b/lambdas/issuecredential/build.gradle
@@ -9,20 +9,23 @@ plugins {
 }
 
 dependencies {
-	implementation project(":lib"),
+	implementation platform("software.amazon.awssdk:bom:${dependencyVersions.aws_sdk_version}"), project(":lib"),
 			"uk.gov.account:cri-common-lib:${dependencyVersions.cri_common_lib_version}",
 			"com.nimbusds:oauth2-oidc-sdk:${dependencyVersions.nimbusds_oauth_version}",
 			"com.nimbusds:nimbus-jose-jwt:${dependencyVersions.nimbusds_jwt_version}",
 			"com.amazonaws:aws-lambda-java-core:${dependencyVersions.aws_lambda_core_version}",
 			"com.amazonaws:aws-lambda-java-events:${dependencyVersions.aws_lambda_events_version}",
 			"software.amazon.awssdk:lambda:${dependencyVersions.aws_sdk_version}",
+			"software.amazon.awssdk:dynamodb-enhanced:${dependencyVersions.aws_sdk_version}",
 			"software.amazon.awssdk:kms:${dependencyVersions.aws_sdk_version}",
-			"com.fasterxml.jackson.core:jackson-core:${dependencyVersions.jackson_version}",
+			"software.amazon.awssdk:sqs:${dependencyVersions.aws_sdk_version}",
+			"software.amazon.awssdk:aws-crt-client:${dependencyVersions.aws_sdk_version}",
+			"org.aspectj:aspectjrt:${dependencyVersions.aspectjrt_version}",
+			"com.fasterxml.jackson.core:jackson-core",
+			"com.fasterxml.jackson.core:jackson-databind",
+			"com.fasterxml.jackson.core:jackson-annotations",
 			"com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-databind:${dependencyVersions.jackson_version}",
-			"com.fasterxml.jackson.core:jackson-annotations:${dependencyVersions.jackson_version}",
-			"org.aspectj:aspectjrt:${dependencyVersions.aspectjrt_version}"
+			"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${dependencyVersions.jackson_version}"
 
 	aspect "software.amazon.lambda:powertools-logging:${dependencyVersions.aws_powertools_logging_version}",
 			"software.amazon.lambda:powertools-metrics:${dependencyVersions.aws_powertools_metrics_version}",
@@ -34,11 +37,12 @@ dependencies {
 			"org.mockito:mockito-junit-jupiter:${dependencyVersions.mockito_version}",
 			"org.mockito:mockito-inline:${dependencyVersions.mockito_version}",
 			"org.hamcrest:hamcrest:${dependencyVersions.hamcrest_version}",
+			"com.github.tomakehurst:wiremock-jre8:${dependencyVersions.wiremock_version}",
 			"uk.org.webcompere:system-stubs-core:${dependencyVersions.webcompere_version}",
 			"uk.org.webcompere:system-stubs-jupiter:${dependencyVersions.webcompere_version}",
 			"au.com.dius.pact:provider:${dependencyVersions.pact_provider_version}",
 			"au.com.dius.pact.provider:junit5:${dependencyVersions.pact_provider_version}",
-			"software.amazon.awssdk:dynamodb:${dependencyVersions.aws_sdk_version}"
+			"org.slf4j:slf4j-log4j12:${dependencyVersions.slf4j_log4j12_version}"
 }
 
 tasks.register('buildZip', Zip) {

diff --git a/.../main/java/uk/gov/di/ipv/cri/passport/issuecredential/handler/IssueCredentialHandler.java b/.../main/java/uk/gov/di/ipv/cri/passport/issuecredential/handler/IssueCredentialHandler.java
@@ -91,7 +91,7 @@ public IssueCredentialHandler() {
                         serviceFactory
                                 .getCommonLibConfigurationService()
                                 .getVerifiableCredentialKmsSigningKeyId(),
-                        serviceFactory.getClientFactoryService().getKMSClient());
+                        serviceFactory.getClientProviderFactory().getKMSClient());
 
         // VerifiableCredentialService is internal to IssueCredentialHandler
         VerifiableCredentialService verifiableCredentialServiceNotAssignedYet =