role-assignment-service

Role Assignment Service

Purpose

This SpringBoot application covers the implementation of the Role Assignment Service, which manages the assignment of roles with attributes to actors, to support both ccd access control and work allocation requirements.

The core service manages role assignments, including both case roles and organisational roles. The service is responsible for robust validation of role assignments, against a set of configured rules and/or configuration.
Role assignments are made available through a queryable API to two major consumers: the Case Access Control and Work Allocation.

Prerequisites

To run the project you will need to have the following installed:

Java 11
Docker (optional)

For information about the software versions used to build this API and a complete list of it's dependencies see build.gradle

Environment variables

The following environment variables are required:

Name	Default	Description

  |ROLE_ASSIGNMENT_S2S_AUTHORISED_SERVICES| ccd_gw,am_role_assignment_service,am_org_role_mapping_service,wa_task_management_api,aac_manage_case_assignment,ccd_data|
  |AM_ROLE_ASSIGNMENT_SERVICE_SECRET|
  |IDAM_USER_URL| http://idam-api:5000 |
  |IDAM_S2S_URL| http://service-auth-provider-api:8080|
  |ROLE_ASSIGNMENT_IDAM_CLIENT_ID|am_docker|
  |ROLE_ASSIGNMENT_IDAM_CLIENT_SECRET|am_docker_secret|
  |ROLE_ASSIGNMENT_IDAM_REDIRECT_URI|http://localhost:4096/oauth2redirect|
  |ROLE_ASSIGNMENT_IDAM_ADMIN_USERID|TEST_AM_USER2_BEFTA@test.local|
  |ROLE_ASSIGNMENT_IDAM_ADMIN_PASSWORD|Pa55word11|
  |ROLE_ASSIGNMENT_IDAM_ADMIN_SCOPE|search-user|
  |CCD_DATA_STORE_URL|http://localhost:4452|
  |LAUNCH_DARKLY_ENV|local|
  |LD_SDK_KEY|"Please contact the AM team for getting this key"|

Building the application

The project uses Gradle as a build tool. It already contains ./gradlew wrapper script, so there's no need to install gradle.

To build the project execute the following command:

  ./gradlew build

To clean up your environment use the following, it will delete any temporarily generated files such as reports.

  ./gradlew clean

Running

If you want your code to become available to other Docker projects (e.g. for local environment testing), you need to build the image:

docker-compose build

When the project has been packaged in target/ directory, you can run it by executing following command:

docker-compose up

Note: This setup requires both IDAM and serviceAuth application to be running in Local docker network 'am-docker'. Please follow the am-docker project to setup these dependencies.

As a result the following containers will get created and started:

API exposing port 4096

Alternatively, you can start the application from the current source files using Gradle as follows:

./gradlew clean bootRun

If required, to run with a low memory consumption, the following can be used:

./gradlew --no-daemon assemble && java -Xmx384m -jar build/libs/role-assoignment-service.jar

Using the application

To understand if the application is working, you can call it's health endpoint:

curl http://localhost:4096/health

If the API is running, you should see this response:

{"status":"UP"}

DB Initialisation˙

The application uses a Postgres database which can be run through a docker container on its own if required.

The application should automatically apply any database migrations using liquibase.

Running integration tests:

You can run the integration tests as follows:

./gradlew integration

Running functional tests:

If the API is running (either inside a Docker container or via gradle bootRun) you can run the functional tests as follows:

./gradlew functional

Running smoke tests:

If the API is running (either inside a Docker container or via gradle bootRun) you can run the smoke tests as follows:

./gradlew smoke

Running mutation tests tests:

If you have some time to spare, you can run the mutation tests as follows:

./gradlew pitest

If you are using windows machine to run PI test , use following property in gradle.build under pitest section.

 useClasspathFile = true

As the project grows, these tests will take longer and longer to execute but are useful indicators of the quality of the test suite.

More information about mutation testing can be found here: http://pitest.org/

Contract testing with pact

To publish against remote broker: ./gradlew pactPublish

Turn on VPN and verify on url https://pact-broker.platform.hmcts.net/ The pact contract(s) should be published

Remember to return the localhost back to the remote broker

Endpoints

Authorization(OIDC user token) and ServiceAuthorization (S2S) tokens are required in the headers for all endpoints.

POST /am/role-assignments

Used for creating multiple role assignments records. Also requires a request body payload containing:

roleRequest
requestedRoles

GET /am/role-assignments/actors/{actorId}

Retrieve JSON representation of multiple Role Assignment records.

GET /am/role-assignments

Get Role assignment records by Case Id and Actor Id for RoleType as a CASE.

GET /am/role-assignments/roles

Retrieves a list of roles available in role assignment service.

DELETE /am/role-assignments/

Deletes multiple role assignment based on query parameters. Also requires following request params

process {string}
reference {string}

DELETE /am/role-assignments/{assignmentId}

Deletes single role assignment by assignment Id.

Functional Tests

The functional tests are located in functionalTest folder. These are the tests run against an environment. For example if you would like to test your local environment you'll need to export the following variables on your .bash_profile script.

#Functional Tests
export BEFTA_S2S_CLIENT_ID=am_role_assignment_service
export BEFTA_S2S_CLIENT_SECRET=AAAAAAAAAAAAAAAC
export BEFTA_RESPONSE_HEADER_CHECK_POLICY=JUST_WARN
export OAUTH2_CLIENT_ID=am_docker
export OAUTH2_CLIENT_SECRET=am_docker_secret
export OAUTH2_ACCESS_TOKEN_TYPE=OIDC
export OAUTH2_SCOPE_VARIABLES=openid%20profile%20roles%20authorities
export OAUTH2_REDIRECT_URI=http://localhost:4096/oauth2redirect
export IDAM_CLIENT_ID=am_role_assignment
export OPENID_SCOPE_VARIABLES =openid+profile+roles+authorities
export TEST_AM_USER1_BEFTA_PWD=Pa55word11
export TEST_AM_USER2_BEFTA_PWD=Pa55word11
export TEST_AM_USER3_BEFTA_PWD=Pa55word11

####Running the tests

In order to run the tests you will need to pull down am-docker repo and checkout the master branch.

Run the scripts as instructed in am-docker page . Once this is done, try to run your functional tests.

LICENSE

This project is licensed under the MIT License - see the LICENSE file for details.

Name		Name	Last commit message	Last commit date
Latest commit History 6,604 Commits
.github		.github
bin		bin
charts/am-role-assignment-service		charts/am-role-assignment-service
config		config
docker/database		docker/database
gradle/wrapper		gradle/wrapper
infrastructure		infrastructure
lib		lib
src		src
.editorconfig		.editorconfig
.env		.env
.gitignore		.gitignore
.travis.yml		.travis.yml
Dockerfile		Dockerfile
Jenkinsfile_CNP		Jenkinsfile_CNP
Jenkinsfile_nightly		Jenkinsfile_nightly
LICENSE		LICENSE
README.md		README.md
audit.json		audit.json
broker-compose.yml		broker-compose.yml
build.gradle		build.gradle
catalog-info.yaml		catalog-info.yaml
docker-compose.yml		docker-compose.yml
gradlew		gradlew
gradlew.bat		gradlew.bat
logback-spring.xml		logback-spring.xml
lombok.config		lombok.config
renovate.json		renovate.json
web.config		web.config

License

hmcts/am-role-assignment-service

Folders and files

Latest commit

History

Repository files navigation