Merging changes from master

.environment/docker/docker-compose/Dockerfile.azurite

@@ -1 +1 @@
-FROM mcr.microsoft.com/azure-storage/azurite:3.31.0
+FROM mcr.microsoft.com/azure-storage/azurite:3.32.0

.environment/gitleaks/gitleaks-config.toml

@@ -203,6 +203,7 @@ title = "PRIME ReportStream Gitleaks Configuration"
             'authority\", \"extension\"',                                                  # FHIR extension URL also shows up in normal FHIR test data
             'ApiKeyCredential\(\"flexion\"',
             'authType: \"two-legged\"',
+            'authType == "two-legged"',
             '\"apiKey\"',
             'api-key\" to \"oracle123\"',
             'Authorization-Type: \"username/password\"',

.github/actions/build-backend/action.yml

@@ -39,7 +39,7 @@ runs:
         distribution: "temurin"
         cache: "gradle"
 
-    - uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+    - uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
 
     - name: Lint
       if: inputs.run-integration-tests == 'true'

.github/actions/build-frontend/action.yml

@@ -47,7 +47,7 @@ runs:
   using: "composite"
   steps:
     - name: Use Node.js with yarn
-      uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
       with:
         node-version-file: "frontend-react/.nvmrc"
 

.github/actions/build-submissions/action.yml

@@ -39,7 +39,7 @@ runs:
         distribution: "temurin"
         cache: "gradle"
 
-    - uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+    - uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
 
     - name: Lint
       if: inputs.run-integration-tests == 'true'

.github/actions/build-vars/action.yml

@@ -234,7 +234,7 @@ runs:
           echo "has_frontend_change=${{ steps.filter.outputs.frontend_react }}" >> $GITHUB_OUTPUT
         fi
 
-    - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+    - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
       if: inputs.sp-creds != 'false'
       with:
         creds: ${{ inputs.sp-creds }}

.github/actions/vpn-azure/action.yml

@@ -63,7 +63,7 @@ runs:
         fi
       shell: bash
 
-    - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+    - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
       if: inputs.sp-creds
       with:
         creds: ${{ inputs.sp-creds }}

.github/workflows/frontend_chromatic_main.yml

@@ -23,7 +23,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Use Node.js with yarn
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
         with:
           node-version-file: "frontend-react/.nvmrc"
           cache: yarn
@@ -32,7 +32,7 @@ jobs:
         run: yarn install --immutable
 
       - name: Run Chromatic
-        uses: chromaui/action@b984808b772126a9f44b2b7737b131b68a2ede32
+        uses: chromaui/action@6eca23b4399151ac2cfc17fa95190d807c7e9519
         with:
           workingDir: frontend-react
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/frontend_ci.yml

@@ -43,7 +43,7 @@ jobs:
       - name: Check out changes
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       - name: Use Node.js with yarn
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
         with:
           node-version-file: frontend-react/.nvmrc
           cache: yarn
@@ -63,7 +63,7 @@ jobs:
       - name: Check out changes
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       - name: Use Node.js with yarn
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
         with:
           node-version-file: "frontend-react/.nvmrc"
           cache: yarn
@@ -100,7 +100,7 @@ jobs:
       - name: Check out changes
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       - name: Use Node.js with yarn
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
         with:
           node-version-file: "frontend-react/.nvmrc"
           cache: yarn
@@ -151,7 +151,7 @@ jobs:
       - name: Check out changes
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       - name: Use Node.js with yarn
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
         with:
           node-version-file: "frontend-react/.nvmrc"
           cache: yarn
@@ -237,7 +237,7 @@ jobs:
           # Hopefully by checking out the HEAD commit of a PR instead of the merge commit we can avoid some of those issues.
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Use Node.js with yarn
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
         with:
           node-version-file: "frontend-react/.nvmrc"
           cache: yarn
@@ -247,7 +247,7 @@ jobs:
 
       - name: Run Chromatic
         id: chromatic
-        uses: chromaui/action@b984808b772126a9f44b2b7737b131b68a2ede32
+        uses: chromaui/action@6eca23b4399151ac2cfc17fa95190d807c7e9519
         with:
           workingDir: frontend-react
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -324,7 +324,7 @@ jobs:
   #       with:
   #         fetch-depth: 0
   #     - name: Use Node.js with yarn
-  #       uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+  #       uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
   #       with:
   #         node-version-file: "frontend-react/.nvmrc"
   #         cache: yarn
@@ -356,7 +356,7 @@ jobs:
   #     - name: Check out changes
   #       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
   #     - name: Use Node.js with yarn
-  #       uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+  #       uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
   #       with:
   #         node-version-file: "frontend-react/.nvmrc"
   #         cache: yarn

.github/workflows/release_chatops_app.yml

@@ -40,7 +40,7 @@ jobs:
         with:
           submodules: true
 
-      - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+      - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
         with:
           creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
 

.github/workflows/restore_databases.yml

@@ -90,7 +90,7 @@ jobs:
           echo "SINK_BACKUP_STORAGE=pdh${{ env.SINK_ENV_NAME }}terraform" >> $GITHUB_ENV
 
       # Login to Azure
-      - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+      - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
         with:
           creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
 
@@ -139,7 +139,7 @@ jobs:
       - name: Check out changes
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
-      - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+      - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
         with:
           creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
 
@@ -230,7 +230,7 @@ jobs:
       - name: Check out changes
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
-      - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+      - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
         with:
           creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
 

.github/workflows/snyk.yml

@@ -40,7 +40,7 @@ jobs:
           java-version: "17"
           distribution: "temurin"
           cache: "gradle"
-      - uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+      - uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
       - name: Snyk Monitor
         working-directory: ${{ matrix.folder }}
         run: snyk monitor --org=prime-reportstream

.github/workflows/sonarcloud.yml

@@ -52,7 +52,7 @@ jobs:
 
       - name: "Get changed files with yaml"
         id: changed-files-yaml
-        uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275
+        uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c
         with:
           files_yaml: |
             frontend:
@@ -70,7 +70,7 @@ jobs:
 
       - name: Gradle setup
         if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
 
       - name: Spin up build containers
         if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
@@ -103,7 +103,7 @@ jobs:
 
       - name: Use Node.js with yarn
         if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
         with:
           node-version-file: "frontend-react/.nvmrc"
 

.github/workflows/start_frontend_smoke.yml

@@ -25,7 +25,7 @@ jobs:
       - name: "Check out changes"
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       - name: Use Node.js with yarn
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
         with:
           node-version-file: frontend-react/.nvmrc
           cache: yarn

.github/workflows/start_test_servers.yml

@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
       # Login to Azure
-      - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+      - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
         with:
           creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
 

.github/workflows/stop_test_servers.yml

@@ -28,7 +28,7 @@ jobs:
           sp-creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
           tf-auth: true
       # Login to Azure
-      - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+      - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
         with:
           creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
 

.github/workflows/validate_resources.yml

@@ -103,7 +103,7 @@ jobs:
       - name: Check Out Changes
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
-      - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+      - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
         with:
           creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
 
@@ -136,7 +136,7 @@ jobs:
       - name: Check Out Changes
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
-      - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+      - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
         with:
           creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
 

.github/workflows/validate_terraform.yml

@@ -48,7 +48,7 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
       - name: Run Checkov action
-        uses: bridgecrewio/checkov-action@08a0f072354cdd9c009ce7c5c6174491834cec08
+        uses: bridgecrewio/checkov-action@15c964c5bee933376cc576908ccfad6687718c8e
         with:
           directory: operations/app/terraform
           skip_check: CKV_AZURE_139,CKV_AZURE_137,CKV_AZURE_103,CKV_AZURE_104,CKV_AZURE_102,CKV_AZURE_130,CKV_AZURE_121,CKV_AZURE_67,CKV_AZURE_56,CKV_AZURE_17,CKV_AZURE_63,CKV_AZURE_18,CKV_AZURE_88,CKV_AZURE_65,CKV_AZURE_13,CKV_AZURE_66,CKV_AZURE_33,CKV_AZURE_35,CKV_AZURE_36,CKV_AZURE_98,CKV2_AZURE_1,CKV2_AZURE_15,CKV2_AZURE_21,CKV_AZURE_213,CKV_AZURE_59,CKV2_AZURE_33,CKV2_AZURE_32,CKV2_AZURE_28,CKV_AZURE_206,CKV_AZURE_42,CKV_AZURE_110,CKV_AZURE_109,CKV_AZURE_166,CKV2_AZURE_38,CKV2_AZURE_40,CKV2_AZURE_41,CKV_AZURE_235

auth/.gitignore

@@ -0,0 +1,40 @@
+HELP.md
+.gradle
+build/
+!gradle/wrapper/gradle-wrapper.jar
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+bin/
+!**/src/main/**/bin/
+!**/src/test/**/bin/
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+out/
+!**/src/main/**/out/
+!**/src/test/**/out/
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+
+### VS Code ###
+.vscode/
+
+### Kotlin ###
+.kotlin

auth/build.gradle.kts

@@ -0,0 +1,58 @@
+apply(from = rootProject.file("buildSrc/shared.gradle.kts"))
+
+plugins {
+    id("org.springframework.boot") version "3.3.2"
+    id("io.spring.dependency-management") version "1.1.6"
+    id("reportstream.project-conventions")
+    kotlin("plugin.spring") version "2.0.0"
+}
+
+group = "gov.cdc.prime"
+version = "0.0.1-SNAPSHOT"
+
+dependencies {
+    implementation(project(":shared"))
+
+    implementation("org.jetbrains.kotlin:kotlin-reflect")
+    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:1.8.1")
+    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor:1.8.1")
+
+    /**
+     * Spring WebFlux was chosen for this project to be able to better handle periods of high traffic
+     */
+    implementation("org.springframework.boot:spring-boot-starter-webflux")
+    implementation("org.springframework.cloud:spring-cloud-gateway-webflux")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
+
+    runtimeOnly("com.nimbusds:oauth2-oidc-sdk:11.18")
+
+    testImplementation("org.springframework.boot:spring-boot-starter-test")
+    testImplementation("org.springframework.security:spring-security-test")
+    testImplementation("org.jetbrains.kotlin:kotlin-test-junit5")
+    testImplementation("org.mockito.kotlin:mockito-kotlin:5.4.0")
+    testImplementation("com.squareup.okhttp3:mockwebserver:4.12.0")
+
+    testRuntimeOnly("org.junit.platform:junit-platform-launcher")
+
+    compileOnly("org.springframework.boot:spring-boot-devtools")
+}
+
+// There is a conflict in logging implementations. Excluded these in favor of using log4j-slf4j2-impl
+configurations.all {
+    exclude(group = "org.apache.logging.log4j", module = "log4j-to-slf4j")
+    exclude(group = "ch.qos.logback")
+}
+
+dependencyManagement {
+    imports {
+        mavenBom("com.azure.spring:spring-cloud-azure-dependencies:5.14.0")
+        mavenBom("org.springframework.cloud:spring-cloud-dependencies:2023.0.3")
+    }
+}
+
+kotlin {
+    compilerOptions {
+        // https://docs.spring.io/spring-boot/docs/2.0.x/reference/html/boot-features-kotlin.html#boot-features-kotlin-null-safety
+        freeCompilerArgs.addAll("-Xjsr305=strict")
+    }
+}

auth/gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists

auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/AuthApplication.kt

@@ -0,0 +1,11 @@
+package gov.cdc.prime.reportstream.auth
+
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.runApplication
+
+@SpringBootApplication
+class AuthApplication
+
+fun main(args: Array<String>) {
+    runApplication<AuthApplication>(*args)
+}