various changes required for spring boot 3.4.0 on both auth and submissions

Author: jalbinson

auth/build.gradle.kts

@@ -1,7 +1,7 @@
 apply(from = rootProject.file("buildSrc/shared.gradle.kts"))
 
 plugins {
-    id("org.springframework.boot") version "3.3.4" // 3.3.5 has breaking bug for appending headers https://github.com/spring-projects/spring-framework/issues/33789
+    id("org.springframework.boot") version "3.4.0"
     id("io.spring.dependency-management") version "1.1.6"
     id("reportstream.project-conventions")
     kotlin("plugin.spring") version "2.0.21"
@@ -36,11 +36,6 @@ dependencies {
     testImplementation("org.springframework.boot:spring-boot-starter-test")
     testImplementation("org.springframework.security:spring-security-test")
     testImplementation("org.springframework.cloud:spring-cloud-starter-contract-stub-runner")
-    testImplementation("org.jetbrains.kotlin:kotlin-test-junit5")
-    testImplementation("org.mockito.kotlin:mockito-kotlin:5.4.0")
-    testImplementation("com.squareup.okhttp3:mockwebserver:4.12.0")
-
-    testRuntimeOnly("org.junit.platform:junit-platform-launcher")
 
     compileOnly("org.springframework.boot:spring-boot-devtools")
 }
@@ -54,7 +49,7 @@ configurations.all {
 dependencyManagement {
     imports {
         mavenBom("com.azure.spring:spring-cloud-azure-dependencies:5.18.0")
-        mavenBom("org.springframework.cloud:spring-cloud-dependencies:2023.0.3")
+        mavenBom("org.springframework.cloud:spring-cloud-dependencies:2024.0.0")
     }
 }
 

auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/AuthApplicationConstants.kt

@@ -12,7 +12,6 @@ object AuthApplicationConstants {
         const val HEALTHCHECK_ENDPOINT_V1 = "/api/v1/healthcheck"
     }
 
-
     object Scopes {
         const val ORGANIZATION_SCOPE = "organization"
         const val SUBJECT_SCOPE = "sub"

auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/OktaClientConfig.kt

@@ -8,8 +8,10 @@ import gov.cdc.prime.reportstream.shared.StringUtilities.base64Decode
 import org.springframework.boot.context.properties.ConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Profile
 
 @Configuration
+@Profile("!test")
 class OktaClientConfig(
     private val oktaClientProperties: OktaClientProperties,
 ) {

auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/service/OktaGroupsService.kt

@@ -2,7 +2,6 @@ package gov.cdc.prime.reportstream.auth.service
 
 import gov.cdc.prime.reportstream.auth.client.OktaGroupsClient
 import gov.cdc.prime.reportstream.shared.auth.jwt.OktaGroupsJWT
-import org.apache.logging.log4j.kotlin.Logging
 import org.springframework.stereotype.Service
 
 @Service

auth/src/main/resources/application.yml

@@ -1,6 +1,8 @@
 spring:
   application:
     name: "auth"
+  profiles:
+    active: "local"
   security:
     oauth2:
       resourceserver:

auth/src/test/kotlin/gov/cdc/prime/reportstream/auth/config/TestOktaClientConfig.kt

@@ -0,0 +1,26 @@
+package gov.cdc.prime.reportstream.auth.config
+
+import com.okta.sdk.resource.api.ApplicationGroupsApi
+import com.okta.sdk.resource.client.ApiClient
+import io.mockk.mockk
+import org.springframework.boot.test.context.TestConfiguration
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Profile
+
+/**
+ * We don't want the Okta client to actually attempt to connect to staging Okta during tests
+ */
+@TestConfiguration
+@Profile("test")
+class TestOktaClientConfig {
+
+    @Bean
+    fun apiClient(): ApiClient {
+        return mockk()
+    }
+
+    @Bean
+    fun applicationGroupsApi(): ApplicationGroupsApi {
+        return mockk()
+    }
+}

auth/src/test/kotlin/gov/cdc/prime/reportstream/auth/controller/HealthControllerTest.kt

@@ -1,23 +1,23 @@
 package gov.cdc.prime.reportstream.auth.controller
 
-import com.okta.sdk.resource.api.ApplicationGroupsApi
 import gov.cdc.prime.reportstream.auth.AuthApplicationConstants
+import gov.cdc.prime.reportstream.auth.config.TestOktaClientConfig
 import gov.cdc.prime.reportstream.auth.model.ApplicationStatus
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient
 import org.springframework.boot.test.context.SpringBootTest
-import org.springframework.boot.test.mock.mockito.MockBean
+import org.springframework.context.annotation.Import
 import org.springframework.test.context.junit.jupiter.SpringExtension
 import org.springframework.test.web.reactive.server.WebTestClient
 import kotlin.test.Test
 
 @ExtendWith(SpringExtension::class)
 @SpringBootTest
 @AutoConfigureWebTestClient
+@Import(TestOktaClientConfig::class)
 class HealthControllerTest @Autowired constructor(
     private val webTestClient: WebTestClient,
-    @MockBean private val applicationGroupsApi: ApplicationGroupsApi // mock bean to avoid instantiating Okta API client
 ) {
 
     @Test

auth/src/test/kotlin/gov/cdc/prime/reportstream/auth/filter/AppendOktaGroupsGatewayFilterFactoryTest.kt

@@ -4,6 +4,7 @@ import com.github.tomakehurst.wiremock.client.WireMock.aResponse
 import com.github.tomakehurst.wiremock.client.WireMock.get
 import com.github.tomakehurst.wiremock.client.WireMock.stubFor
 import com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo
+import gov.cdc.prime.reportstream.auth.config.TestOktaClientConfig
 import gov.cdc.prime.reportstream.auth.service.OktaGroupsService
 import io.mockk.coEvery
 import io.mockk.mockk
@@ -19,6 +20,7 @@ import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock
 import org.springframework.cloud.gateway.route.RouteLocator
 import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder
 import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Import
 import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOpaqueToken
 import org.springframework.test.context.junit.jupiter.SpringExtension
 import org.springframework.test.web.reactive.server.WebTestClient
@@ -33,6 +35,7 @@ import org.springframework.test.web.reactive.server.WebTestClient
 @AutoConfigureWebTestClient
 @SpringBootTest
 @AutoConfigureWireMock(port = 0)
+@Import(TestOktaClientConfig::class)
 class AppendOktaGroupsGatewayFilterFactoryTest @Autowired constructor(
     private val client: WebTestClient,
     private val oktaGroupsService: OktaGroupsService,
@@ -43,7 +46,6 @@ class AppendOktaGroupsGatewayFilterFactoryTest @Autowired constructor(
         @Value("\${wiremock.server.port}") val port: Int,
     ) {
 
-        // we have to set this up this way rather than using @TestMock because of kotlin coroutine support
         @Bean
         fun oktaGroupsService(): OktaGroupsService {
             return mockk()

auth/src/test/kotlin/gov/cdc/prime/reportstream/auth/util/KeyGenerationUtils.kt

@@ -1,8 +1,6 @@
 package gov.cdc.prime.reportstream.auth.util
 
-import com.nimbusds.jose.jwk.JWK
 import com.nimbusds.jose.jwk.RSAKey
-import gov.cdc.prime.reportstream.shared.StringUtilities.base64Decode
 import gov.cdc.prime.reportstream.shared.StringUtilities.base64Encode
 import java.security.KeyPairGenerator
 import java.security.interfaces.RSAPrivateKey

auth/src/test/resources/application.yml

@@ -1,6 +1,8 @@
 spring:
   application:
     name: "auth"
+  profiles:
+    active: "test"
   security:
     oauth2:
       resourceserver:
@@ -17,8 +19,6 @@ spring:
             - Path=/get
           filters:
             - AppendOktaGroups
-  main:
-    lazy-initialization: true
 server.port: 9000
 
 app:

buildSrc/src/main/kotlin/reportstream.project-conventions.gradle.kts

@@ -28,9 +28,9 @@ java {
 val compileKotlin: KotlinCompile by tasks
 val compileTestKotlin: KotlinCompile by tasks
 compileKotlin.kotlinOptions.jvmTarget = "$majorJavaVersion"
-compileKotlin.kotlinOptions.allWarningsAsErrors = false
+compileKotlin.kotlinOptions.allWarningsAsErrors = true
 compileTestKotlin.kotlinOptions.jvmTarget = "$majorJavaVersion"
-compileTestKotlin.kotlinOptions.allWarningsAsErrors = false
+compileTestKotlin.kotlinOptions.allWarningsAsErrors = true
 
 configure<KtlintExtension> {
     // See ktlint versions at https://github.com/pinterest/ktlint/releases
@@ -69,10 +69,10 @@ dependencies {
     // Common test dependencies
     testImplementation(kotlin("test-junit5"))
     testImplementation("io.mockk:mockk:1.13.11")
-    testImplementation("org.junit.jupiter:junit-jupiter-api:5.10.2")
+    testImplementation("org.junit.jupiter:junit-jupiter-api:5.11.3")
     testImplementation("com.willowtreeapps.assertk:assertk-jvm:0.28.1")
-    testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:5.10.2")
-    testImplementation("org.junit.jupiter:junit-jupiter:5.10.2")
+    testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:5.11.3")
+    testImplementation("org.junit.jupiter:junit-jupiter:5.11.3")
     testImplementation("org.testcontainers:testcontainers:1.19.8")
     testImplementation("org.testcontainers:junit-jupiter:1.19.8")
     testImplementation("org.testcontainers:postgresql:1.19.8")

shared/src/main/kotlin/gov/cdc/prime/reportstream/shared/auth/AuthZService.kt

@@ -7,7 +7,7 @@ import gov.cdc.prime.reportstream.shared.auth.jwt.OktaGroupsJWTReader
  * Shared authorization service to allow routes to check if an incoming request should be allowed access
  */
 class AuthZService(
-    private val oktaGroupsJWTReader: OktaGroupsJWTReader
+    private val oktaGroupsJWTReader: OktaGroupsJWTReader,
 ) {
 
     private val adminGroup = "DHPrimeAdmins"
@@ -24,8 +24,6 @@ class AuthZService(
             val oktaGroupsJWT = oktaGroupsJWTReader.read(oktaGroupsHeader)
             isSenderAuthorized(clientId, oktaGroupsJWT.groups)
         } ?: false
-
-
     }
 
     /**
@@ -63,6 +61,4 @@ class AuthZService(
             false
         }
     }
-
-
 }

shared/src/main/kotlin/gov/cdc/prime/reportstream/shared/auth/jwt/OktaGroupsJWT.kt

@@ -5,5 +5,5 @@ package gov.cdc.prime.reportstream.shared.auth.jwt
  */
 data class OktaGroupsJWT(
     val appId: String,
-    val groups: List<String>
-)
+    val groups: List<String>,
+)

shared/src/main/kotlin/gov/cdc/prime/reportstream/shared/auth/jwt/OktaGroupsJWTConstants.kt

@@ -7,5 +7,4 @@ object OktaGroupsJWTConstants {
 
     // Non-application users have okta groups automatically injected into this claim
     const val OKTA_GROUPS_JWT_GROUP_CLAIM = "groups"
-
 }

shared/src/main/kotlin/gov/cdc/prime/reportstream/shared/auth/jwt/OktaGroupsJWTReader.kt

@@ -38,5 +38,4 @@ class OktaGroupsJWTReader(
             throw BadJWTException("Invalid signature")
         }
     }
-
 }

shared/src/test/kotlin/gov/cdc/prime/reportstream/shared/auth/AuthZServiceTest.kt

@@ -60,6 +60,4 @@ class AuthZServiceTest {
             true
         )
     }
-
-
 }

shared/src/test/kotlin/gov/cdc/prime/reportstream/shared/auth/jwt/OktaGroupsJWTReaderTest.kt

@@ -22,15 +22,13 @@ import kotlin.test.assertEquals
 
 class OktaGroupsJWTReaderTest {
 
-
     inner class Fixture {
         val clock = Clock.fixed(Instant.now(), ZoneId.of("UTC"))
         val keyPair = generateRSAKeyPair()
         val privateKey = keyPair.first
         val publicKey = keyPair.second
         val service = OktaGroupsJWTReader(publicKey)
 
-
         fun generateRSAKeyPair(): Pair<RSAKey, RSAKey> {
             val keyGen = KeyPairGenerator.getInstance("RSA")
             keyGen.initialize(2048)
@@ -111,6 +109,4 @@ class OktaGroupsJWTReaderTest {
             f.service.read(jwt)
         }
     }
-
-
 }

submissions/build.gradle.kts

@@ -1,7 +1,7 @@
 apply(from = rootProject.file("buildSrc/shared.gradle.kts"))
 
 plugins {
-    id("org.springframework.boot") version "3.3.5"
+    id("org.springframework.boot") version "3.4.0"
     id("io.spring.dependency-management") version "1.1.6"
     id("reportstream.project-conventions")
     kotlin("plugin.spring") version "2.0.21"
@@ -10,9 +10,8 @@ plugins {
 group = "gov.cdc.prime"
 version = "0.0.1-SNAPSHOT"
 
-extra["springCloudAzureVersion"] = "5.14.0"
-
 dependencies {
+    implementation(project(":shared"))
     implementation("org.springframework.boot:spring-boot-starter-web")
     implementation("org.springframework.boot:spring-boot-starter-security")
     implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
@@ -27,13 +26,10 @@ dependencies {
     testImplementation("org.springframework.boot:spring-boot-starter-test")
     testImplementation("org.springframework.boot:spring-boot-testcontainers")
     testImplementation("org.xmlunit:xmlunit-core:2.10.0")
-    testImplementation("org.jetbrains.kotlin:kotlin-test-junit5")
     testImplementation("org.mockito.kotlin:mockito-kotlin:5.4.0")
     testImplementation("org.apache.commons:commons-compress:1.27.1")
     testImplementation("org.springframework.security:spring-security-test")
-    testRuntimeOnly("org.junit.platform:junit-platform-launcher")
     implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor:1.9.0")
-    implementation(project(":shared"))
 }
 
 // There is a conflict in logging implementations. Excluded these in favor of using log4j-slf4j2-impl
@@ -44,7 +40,7 @@ configurations.all {
 
 dependencyManagement {
     imports {
-        mavenBom("com.azure.spring:spring-cloud-azure-dependencies:${property("springCloudAzureVersion")}")
+        mavenBom("com.azure.spring:spring-cloud-azure-dependencies:5.18.0")
     }
 }