Merge branch 'main' into MAN-28-sentence-license-condition-notes

libs/messaging/src/main/kotlin/uk/gov/justice/digital/hmpps/listener/AwsNotificationListener.kt

@@ -9,6 +9,7 @@ import io.opentelemetry.api.trace.Span
 import io.opentelemetry.api.trace.SpanKind
 import io.sentry.Sentry
 import io.sentry.spring.jakarta.tracing.SentryTransaction
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression
 import org.springframework.context.annotation.Conditional
 import org.springframework.dao.CannotAcquireLockException
@@ -31,16 +32,25 @@ import java.util.concurrent.CompletionException
 @ConditionalOnExpression("\${messaging.consumer.enabled:true} and '\${messaging.consumer.queue:}' != ''")
 class AwsNotificationListener(
     private val handler: NotificationHandler<*>,
-    private val objectMapper: ObjectMapper
+    private val objectMapper: ObjectMapper,
+    @Value("\${messaging.consumer.sensitive-event-types:[]}") private val sensitiveEventTypes: List<String>,
+    @Value("\${messaging.consumer.queue}") private val queueName: String
 ) {
     @SentryTransaction(operation = "messaging")
     @SqsListener("\${messaging.consumer.queue}")
     fun receive(message: String) {
         val notification = objectMapper.readValue(message, jacksonTypeRef<Notification<String>>())
         notification.attributes
             .extractTelemetryContext()
-            .withSpan(this::class.java.simpleName, "RECEIVE ${notification.eventType}", SpanKind.CONSUMER) {
-                Span.current().setAttribute("message", message)
+            .withSpan(
+                this::class.java.simpleName,
+                "RECEIVE ${notification.eventType ?: "unknown event type"}",
+                SpanKind.CONSUMER
+            ) {
+                Span.current().setAttribute("queue", queueName)
+                if (notification.eventType != null && notification.eventType !in sensitiveEventTypes) {
+                    Span.current().setAttribute("message", message)
+                }
                 try {
                     retry(3, RETRYABLE_EXCEPTIONS) { handler.handle(message) }
                 } catch (e: Throwable) {

libs/messaging/src/test/kotlin/uk/gov/justice/digital/hmpps/listener/AwsNotificationListenerTest.kt

@@ -1,60 +1,56 @@
 package uk.gov.justice.digital.hmpps.listener
 
-import com.fasterxml.jackson.core.type.TypeReference
-import com.fasterxml.jackson.databind.ObjectMapper
 import io.awspring.cloud.sqs.listener.AsyncAdapterBlockingExecutionFailedException
 import io.awspring.cloud.sqs.listener.ListenerExecutionFailedException
+import io.opentelemetry.api.trace.Span
 import io.sentry.Sentry
 import org.hamcrest.CoreMatchers.equalTo
 import org.hamcrest.MatcherAssert.assertThat
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.assertThrows
 import org.junit.jupiter.api.extension.ExtendWith
-import org.mockito.InjectMocks
 import org.mockito.Mock
-import org.mockito.Mockito.mockStatic
+import org.mockito.Mockito.*
 import org.mockito.junit.jupiter.MockitoExtension
 import org.mockito.kotlin.any
 import org.mockito.kotlin.verify
 import org.mockito.kotlin.whenever
 import org.springframework.messaging.support.GenericMessage
+import uk.gov.justice.digital.hmpps.message.MessageAttributes
 import uk.gov.justice.digital.hmpps.message.Notification
 import uk.gov.justice.digital.hmpps.messaging.NotificationHandler
+import uk.gov.justice.digital.hmpps.test.MockMvcExtensions.objectMapper
 import java.util.concurrent.CompletionException
 
 @ExtendWith(MockitoExtension::class)
 class AwsNotificationListenerTest {
     @Mock
     lateinit var handler: NotificationHandler<Any>
 
-    @Mock
-    lateinit var objectMapper: ObjectMapper
-
-    @InjectMocks
     lateinit var listener: AwsNotificationListener
 
     @BeforeEach
     fun setUp() {
-        whenever(objectMapper.readValue(any<String>(), any<TypeReference<Notification<String>>>()))
-            .thenReturn(Notification("message"))
+        listener = AwsNotificationListener(handler, objectMapper, listOf("my-sensitive-event-type"), "my-queue")
     }
 
     @Test
     fun `messages are dispatched to handler`() {
-        listener.receive("message")
-        verify(handler).handle("message")
+        val notification = objectMapper.writeValueAsString(Notification("message"))
+        listener.receive(notification)
+        verify(handler).handle(notification)
     }
 
     @Test
     fun `errors are captured and rethrown`() {
         mockStatic(Sentry::class.java).use {
             val exception = RuntimeException("error")
-            whenever(handler.handle("message")).thenThrow(exception)
+            whenever(handler.handle(any<String>())).thenThrow(exception)
 
             assertThat(
                 assertThrows<RuntimeException> {
-                    listener.receive("message")
+                    listener.receive(objectMapper.writeValueAsString(Notification("message")))
                 },
                 equalTo(exception)
             )
@@ -73,16 +69,50 @@ class AwsNotificationListenerTest {
                     ListenerExecutionFailedException("listener failure", meaningfulException, GenericMessage("test"))
                 )
             )
-            whenever(handler.handle("message")).thenThrow(wrappedException)
+            whenever(handler.handle(any<String>())).thenThrow(wrappedException)
 
             assertThat(
                 assertThrows<CompletionException> {
-                    listener.receive("message")
+                    listener.receive(objectMapper.writeValueAsString(Notification("message")))
                 },
                 equalTo(wrappedException)
             )
 
             it.verify { Sentry.captureException(meaningfulException) }
         }
     }
+
+    @Test
+    fun `sensitive messages are not logged`() {
+        val span = mock(Span::class.java, CALLS_REAL_METHODS)
+        mockStatic(Span::class.java, CALLS_REAL_METHODS).use {
+            it.`when`<Span> { Span.current() }.thenReturn(span)
+            listener.receive(
+                objectMapper.writeValueAsString(
+                    Notification(
+                        "my message",
+                        MessageAttributes("my-sensitive-event-type")
+                    )
+                )
+            )
+            verify(span, never()).setAttribute(eq("message"), any<String>())
+        }
+    }
+
+    @Test
+    fun `non-sensitive messages are logged`() {
+        val span = mock(Span::class.java, CALLS_REAL_METHODS)
+        mockStatic(Span::class.java, CALLS_REAL_METHODS).use {
+            it.`when`<Span> { Span.current() }.thenReturn(span)
+            listener.receive(
+                objectMapper.writeValueAsString(
+                    Notification(
+                        "my message",
+                        MessageAttributes("some-other-event-type")
+                    )
+                )
+            )
+            verify(span).setAttribute(eq("message"), any<String>())
+        }
+    }
 }

projects/approved-premises-and-delius/deploy/values-dev.yml

@@ -7,15 +7,12 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/oauth/token
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
     INTEGRATIONS_APPROVED-PREMISES-API_URL: https://approved-premises-api-dev.hmpps.service.justice.gov.uk
     INTEGRATIONS_ALFRESCO_URL: https://hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk/alfresco/service/noms-spg/
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
 
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/arns-and-delius/deploy/values-dev.yml

@@ -7,13 +7,9 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
 
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
-
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/assessment-summary-and-delius/deploy/values-dev.yml

@@ -7,12 +7,8 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
-    INTEGRATIONS_ORDS_URL: https://t2.oasys.service.justice.gov.uk/eor/oasys
-
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
     LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
+    INTEGRATIONS_ORDS_URL: https://t2.oasys.service.justice.gov.uk/eor/oasys
 
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/cas2-and-delius/deploy/values-dev.yml

@@ -7,12 +7,9 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/oauth/token
     EVENT_EXCEPTION_THROWNOTFOUND: false
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
 
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/cas3-and-delius/deploy/values-dev.yml

@@ -7,13 +7,10 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/oauth/token
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
 
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/common-platform-and-delius/deploy/values-dev.yml

@@ -9,12 +9,8 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
-    SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/oauth/token
-
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
     LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
+    SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/oauth/token
 
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/common-platform-and-delius/src/main/resources/application.yml

@@ -30,6 +30,9 @@ spring:
 
 delius.db.username: CommonPlatformAndDelius # Should match value in [deploy/database/access.yml].
 
+messaging.consumer.sensitive-event-types:
+  - COMMON_PLATFORM_HEARING
+
 management:
   endpoints.web:
     base-path: /

projects/core-person-record-and-delius/deploy/values-dev.yml

@@ -7,13 +7,9 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
 
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
-
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/court-case-and-delius/deploy/values-dev.yml

@@ -7,14 +7,10 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
     SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/oauth/token
-
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     COMMUNITY-API_URL: https://community-api.test.probation.service.justice.gov.uk
     INTEGRATIONS_ALFRESCO_URL: https://hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk/alfresco/service/noms-spg/
 

projects/create-and-vary-a-licence-and-delius/deploy/values-dev.yml

@@ -7,14 +7,10 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/oauth/token
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
 
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
-
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/custody-key-dates-and-delius/deploy/values-dev.yml

@@ -7,13 +7,11 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_HMPPS-AUTH_TOKEN-URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/oauth/token
     INTEGRATIONS_PRISON-API_URL: https://prison-api-dev.prison.service.justice.gov.uk
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
 
 bulk-update:
   enabled: false

projects/domain-events-and-delius/deploy/values-dev.yml

@@ -6,14 +6,11 @@ generic-service:
     enabled: true
 
   env:
+    SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     DOMAIN_EVENTS_BASE_URL: https://domain-events-and-delius-dev.hmpps.service.justice.gov.uk
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
-    SENTRY_ENVIRONMENT: dev
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
 
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/dps-and-delius/deploy/values-dev.yml

@@ -7,14 +7,10 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
     INTEGRATIONS_ALFRESCO_URL: https://hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk/alfresco/service/noms-spg
 
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
-
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/effective-proposal-framework-and-delius/deploy/values-dev.yml

@@ -7,13 +7,9 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
 
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
-
 generic-prometheus-alerts:
   businessHoursOnly: true

projects/external-api-and-delius/deploy/values-dev.yml

@@ -7,13 +7,9 @@ generic-service:
 
   env:
     SENTRY_ENVIRONMENT: dev
+    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://hmpps-auth.hmpps-auth-dev.svc.cluster.local/auth/.well-known/jwks.json
     SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: https://sign-in-dev.hmpps.service.justice.gov.uk/auth/issuer
 
-    SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE: 5
-    SPRING_DATASOURCE_HIKARI_MINIMUMIDLE: 0
-
-    LOGGING_LEVEL_UK_GOV_DIGITAL_JUSTICE_HMPPS: DEBUG
-
 generic-prometheus-alerts:
   businessHoursOnly: true