Merge pull request #434 from bcgov/test

prod promotion

.gitignore

@@ -18,6 +18,9 @@
 # Mono auto generated files
 mono_crash.*
 
+# intellij
+.idea
+
 # Build results
 [Dd]ebug/
 [Dd]ebugPublic/

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 All notable changes to this project will be documented in this file. See [versionize](https://github.com/versionize/versionize) for commit guidelines.
 
+<a name="1.0.11"></a>
+## [1.0.11](https://www.github.com/bcgov/JAG-JPIDP/releases/tag/v1.0.11) (2024-1-31)
+
 <a name="1.0.9"></a>
 ## [1.0.9](https://www.github.com/bcgov/JAG-JPIDP/releases/tag/v1.0.9) (2024-1-6)
 

backend/ApprovalFlow/ApprovalFlow.csproj

@@ -4,7 +4,7 @@
     <TargetFramework>net6.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
-    <Version>1.0.9</Version>
+    <Version>1.0.11</Version>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
   </PropertyGroup>
 

backend/NotificationService/Kafka/ConsumerSetup.cs

@@ -24,7 +24,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl,
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
             SslKeyLocation = config.KafkaCluster.SslKeyLocation
@@ -38,7 +38,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl,
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

backend/NotificationService/NotificationService.csproj

@@ -6,7 +6,7 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <UserSecretsId>0932d320-0272-4127-af4d-01fae4f7c4c8</UserSecretsId>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    <Version>1.0.9</Version>
+    <Version>1.0.11</Version>
   </PropertyGroup>
 
    <PropertyGroup>

backend/NotificationService/NotificationServiceConfiguration.cs

@@ -33,7 +33,7 @@ public class KafkaClusterConfiguration
         public string SslKeyLocation { get; set; } = string.Empty;
         public string Scope { get; set; } = "openid";
         public string ConsumerGroupId { get; set; } = "jum-notification-consumer-group";
-
+        public string HostnameVerification { get; set; } = "Https";
 
     }
 

backend/common/Common.csproj

@@ -5,7 +5,7 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    <Version>1.0.9</Version>
+    <Version>1.0.11</Version>
   </PropertyGroup>
   <ItemGroup>
 

backend/edt.casemanagement/ConsumerSetup.cs

@@ -32,7 +32,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SocketKeepaliveEnable = true,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             ConnectionsMaxIdleMs = 600000,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
@@ -49,7 +49,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerScope = config.KafkaCluster.Scope,
             ClientId = Dns.GetHostName(),
             RequestTimeoutMs = 60000,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

backend/edt.casemanagement/EdtServiceConfiguration.cs

@@ -106,6 +106,8 @@ public class KafkaClusterConfiguration : BaseKafkafiguration
         public string AckTopicName { get; set; } = string.Empty;
         public string ConsumerGroupId { get; set; } = "caseaccess-consumer-group";
         public string RetryConsumerGroupId { get; set; } = "caseaccess-retry-consumer-group";
+        public string HostnameVerification { get; set; } = "Https";
+
     }
 
 

backend/edt.casemanagement/Kafka/ConsumerSetup.cs

@@ -29,7 +29,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SocketKeepaliveEnable = true,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             ConnectionsMaxIdleMs = 600000,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
@@ -46,7 +46,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerScope = config.KafkaCluster.Scope,
             ClientId = Dns.GetHostName(),
             RequestTimeoutMs = 60000,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

backend/edt.casemanagement/edt.casemanagement.csproj

@@ -4,7 +4,7 @@
     <TargetFramework>net6.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
-    <Version>1.0.9</Version>
+    <Version>1.0.11</Version>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
   </PropertyGroup>
 

backend/edt.disclosure/EdtDisclosureServiceConfiguration.cs

@@ -120,6 +120,7 @@ public class KafkaClusterConfiguration
         public string ConsumerGroupId { get; set; } = "disclosure-consumer-group";
         public string RetryConsumerGroupId { get; set; } = "disclosure-retry-consumer-group";
         public string CoreFolioCreationNotificationTopic { get; set; } = string.Empty;
+        public string HostnameVerification { get; set; } = "Https";
 
 
     }

backend/edt.disclosure/Kafka/ConsumerSetup.cs

@@ -35,7 +35,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SocketKeepaliveEnable = true,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             ConnectionsMaxIdleMs = 600000,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
@@ -52,7 +52,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerScope = config.KafkaCluster.Scope,
             ClientId = Dns.GetHostName(),
             RequestTimeoutMs = 60000,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

backend/edt.disclosure/edt.disclosure.csproj

@@ -5,7 +5,7 @@
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    <Version>1.0.9</Version>
+    <Version>1.0.11</Version>
   </PropertyGroup>
 
 

backend/entrypoint.sh

@@ -14,6 +14,11 @@ if [ -d ${VAULT_SECRETS_DIR} ]; then
     source ${i}
   done
   set +a # disable mark variables which are modified or created for export
+  # remove vault files
+  for i in ${VAULT_SECRETS_DIR}/*; do
+    echo "Removing ${i}"
+    rm ${i}
+  done
 else
   echo "[entrypoint] Vault secrets directory (${VAULT_SECRETS_DIR}) does not exist"
 fi

backend/jumwebapi/Infrastructure/Auth/AuthenticationSetup.cs

@@ -1,3 +1,4 @@
+using System.IdentityModel.Tokens.Jwt;
 using Confluent.Kafka;
 using jumwebapi.Extensions;
 using jumwebapi.Kafka.Producer;
@@ -6,7 +7,6 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.IdentityModel.Tokens;
 using Newtonsoft.Json;
-using System.IdentityModel.Tokens.Jwt;
 
 namespace jumwebapi.Infrastructure.Auth
 {
@@ -26,7 +26,7 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service
                 SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl,
                 SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
                 SaslOauthbearerScope = config.KafkaCluster.Scope,
-                SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+                SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
                 SslCaLocation = config.KafkaCluster.SslCaLocation,
                 SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
                 SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,
@@ -62,7 +62,8 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service
                 };
                 options.Events = new JwtBearerEvents
                 {
-                    OnTokenValidated = context => {
+                    OnTokenValidated = context =>
+                    {
                         return Task.CompletedTask;
                     },
                     OnAuthenticationFailed = context =>
@@ -72,7 +73,7 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service
                             context.NoResult();
                             context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                             context.Response.ContentType = "application/json";
-                            string response =
+                            var response =
                             JsonConvert.SerializeObject("The access token provided is not valid.");
                             if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
                             {
@@ -82,7 +83,7 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service
                             }
                             await context.Response.WriteAsync(response);
                         });
-                   
+
                         //context.HandleResponse();
                         //context.Response.WriteAsync(response).Wait();
                         return Task.CompletedTask;

backend/jumwebapi/jumwebapi.csproj

@@ -6,7 +6,7 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <UserSecretsId>b2b3aeca-3282-4224-bc2c-ae504c17e682</UserSecretsId>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    <Version>1.0.9</Version>
+    <Version>1.0.11</Version>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">

backend/jumwebapi/jumwebapiConfiguration.cs

@@ -65,6 +65,8 @@ public class KafkaClusterConfiguration
         public string SslCertificateLocation { get; set; } = string.Empty;
         public string SslKeyLocation { get; set; } = string.Empty;
         public string Scope { get; set; } = "openid";
+        public string HostnameVerification { get; set; } = "Https";
+
     }
     public class JustinClientConfiguration
     {

backend/service.edt/EdtServiceConfiguration.cs

@@ -119,6 +119,7 @@ public class KafkaClusterConfiguration
         public string ConsumerGroupId { get; set; } = "accessrequest-consumer-group";
         public string RetryConsumerGroupId { get; set; } = "accessrequest-retry-consumer-group";
         public string CoreFolioCreationNotificationTopic { get; set; } = string.Empty;
+        public string HostnameVerification { get; set; } = "Https";
 
     }
 

backend/service.edt/Kafka/ConsumerSetup.cs

@@ -38,7 +38,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             ConnectionsMaxIdleMs = 2147483647,
             TopicMetadataRefreshIntervalMs = 10000,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
             SslKeyLocation = config.KafkaCluster.SslKeyLocation
@@ -54,7 +54,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic
             SaslOauthbearerScope = config.KafkaCluster.Scope,
             ClientId = Dns.GetHostName(),
             RequestTimeoutMs = 60000,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

backend/service.edt/edt.service.csproj

@@ -6,7 +6,7 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <UserSecretsId>c27750f6-c52b-45f1-b040-e4c09f34fc0d</UserSecretsId>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    <Version>1.0.9</Version>
+    <Version>1.0.11</Version>
   </PropertyGroup>
 
   <ItemGroup>

backend/webapi/Features/Admin/Kafka/Topics/TopicQuery.cs

@@ -1,9 +1,8 @@
 namespace Pidp.Features.Admin.Kafka.Topics;
 
-using AutoMapper;
-using Pidp.Features.Admin.Kafka.Models;
 using Confluent.Kafka;
 using Confluent.Kafka.Admin;
+using Pidp.Features.Admin.Kafka.Models;
 
 public record TopicQuery(string? topicName) : IQuery<List<TopicModel>>;
 
@@ -35,7 +34,7 @@ public async Task<List<TopicModel>> HandleAsync(TopicQuery query)
             SslCertificateLocation = this.configuration.KafkaCluster.SslCertificateLocation,
             SslCaLocation = this.configuration.KafkaCluster.SslCaLocation,
             SaslOauthbearerScope = this.configuration.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = (this.configuration.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None,
             SslKeyLocation = this.configuration.KafkaCluster.SslKeyLocation,
             SaslMechanism = SaslMechanism.OAuthBearer,
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,

backend/webapi/Infrastructure/HttpClients/HttpClientSetup.cs

@@ -68,6 +68,9 @@ public static IServiceCollection AddHttpClients(this IServiceCollection services
 
         services.AddTransient<ISmtpEmailClient, SmtpEmailClient>();
 
+        var hostVerification = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None;
+        Serilog.Log.Information($"Host verification set to {hostVerification}");
+
         var clientConfig = new ClientConfig()
         {
             BootstrapServers = config.KafkaCluster.BootstrapServers,
@@ -76,7 +79,7 @@ public static IServiceCollection AddHttpClients(this IServiceCollection services
             SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl,
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = hostVerification,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SslCertificateLocation = config.KafkaCluster.SslCertificateLocation,
             SslKeyLocation = config.KafkaCluster.SslKeyLocation,
@@ -93,7 +96,7 @@ public static IServiceCollection AddHttpClients(this IServiceCollection services
             SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
             SaslOauthbearerScope = config.KafkaCluster.Scope,
             ClientId = Dns.GetHostName(),
-            SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https,
+            SslEndpointIdentificationAlgorithm = hostVerification,
             SslCaLocation = config.KafkaCluster.SslCaLocation,
             SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId,
             SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret,

backend/webapi/PidpConfiguration.cs

@@ -135,6 +135,7 @@ public class KafkaClusterConfiguration
         public string ConsumerGroupId { get; set; } = "dems-notification-ack";
         public string KafkaAdminClientId { get; set; } = string.Empty;
         public string KafkaAdminClientSecret { get; set; } = string.Empty;
+        public string HostnameVerification { get; set; } = "Https";
 
     }
     public class JumClientConfiguration

backend/webapi/pidp.csproj

@@ -5,7 +5,7 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <RootNamespace>Pidp</RootNamespace>
     <UserSecretsId>5c2dc965-00b4-4531-9ff0-9b37193ead9b</UserSecretsId>
-    <Version>1.0.9</Version>
+    <Version>1.0.11</Version>
   </PropertyGroup>
   <ItemGroup>
     <Compile Remove="logs\**" />

charts/frontend/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: 0.1.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to