Haar 2376 add service roles

README.md

@@ -69,11 +69,9 @@ Or run tests with the cypress UI:
 
 ## Environment variables
 
-The following environment variables can be set to run the application:
+The following environment variables can be set when running the application:
 
-`ENABLE_AUTHORIZATION_CODE` - set to `true` to enable the authorization code grant type. Default is `false`.
-
-`ENABLE_SERVICE_DETAILS` - set to `true` to enable the service details section. Default is `false`.
+`AUDIT_ENABLED` - Default is `true` - can be set to `false` to disable audit logging locally. Audit statements are sent to the console.
 
 ## Change log
 

feature.env

@@ -10,5 +10,4 @@ API_CLIENT_ID=clientid
 API_CLIENT_SECRET=clientsecret
 SYSTEM_CLIENT_ID=clientid
 SYSTEM_CLIENT_SECRET=clientsecret
-ENVIRONMENT_NAME=dev
-ENABLE_AUTHORIZATION_CODE=true
+ENVIRONMENT_NAME=dev

helm_deploy/values-dev.yaml

@@ -13,8 +13,6 @@ generic-service:
     HMPPS_AUTHORIZATION_SERVER_URL: "https://authorization-server-dev.hmpps.service.justice.gov.uk"
     MANAGE_USERS_API_URL: "https://manage-users-api-dev.hmpps.service.justice.gov.uk"
     TOKEN_VERIFICATION_API_URL: "https://token-verification-api-dev.prison.service.justice.gov.uk"
-    ENABLE_AUTHORIZATION_CODE: "true"
-    ENABLE_SERVICE_DETAILS: "false"
     ENVIRONMENT_NAME: DEV
 
 generic-prometheus-alerts:

helm_deploy/values-preprod.yaml

@@ -12,8 +12,6 @@ generic-service:
     HMPPS_AUTHORIZATION_SERVER_URL: "https://authorization-preprod.hmpps.service.justice.gov.uk"
     MANAGE_USERS_API_URL: "https://manage-users-api-preprod.hmpps.service.justice.gov.uk"
     TOKEN_VERIFICATION_API_URL: "https://token-verification-api-preprod.prison.service.justice.gov.uk"
-    ENABLE_AUTHORIZATION_CODE: "true"
-    ENABLE_SERVICE_DETAILS: "false"
     ENVIRONMENT_NAME: PRE-PRODUCTION
 
 generic-prometheus-alerts:

helm_deploy/values-prod.yaml

@@ -10,8 +10,6 @@ generic-service:
     HMPPS_AUTHORIZATION_SERVER_URL: "https://authorization.hmpps.service.justice.gov.uk"
     MANAGE_USERS_API_URL: "https://manage-users-api.hmpps.service.justice.gov.uk"
     TOKEN_VERIFICATION_API_URL: "https://token-verification-api.prison.service.justice.gov.uk"
-    ENABLE_AUTHORIZATION_CODE: "true"
-    ENABLE_SERVICE_DETAILS: "false"
 
 generic-prometheus-alerts:
   alertSeverity: digital-prison-service

helm_deploy/values-stage.yaml

@@ -14,8 +14,6 @@ generic-service:
     HMPPS_AUTHORIZATION_SERVER_URL: "https://authorization-api-stage.hmpps.service.justice.gov.uk"
     MANAGE_USERS_API_URL: "https://manage-users-api-stage.hmpps.service.justice.gov.uk"
     TOKEN_VERIFICATION_API_URL: "https://token-verification-api-stage.prison.service.justice.gov.uk"
-    ENABLE_AUTHORIZATION_CODE: "true"
-    ENABLE_SERVICE_DETAILS: "false"
     ENVIRONMENT_NAME: STAGE
 
 generic-prometheus-alerts:

integration_tests/e2e/view-base-client.cy.ts

@@ -143,5 +143,9 @@ context('Base client page - authorization-code flow', () => {
     it('User can see config table', () => {
       baseClientsPage.baseClientConfigTable().should('be.visible')
     })
+
+    it('User can see service details panel', () => {
+      baseClientsPage.baseClientServiceDetailsTable().should('be.visible')
+    })
   })
 })

integration_tests/pages/viewBaseClient.ts

@@ -23,6 +23,8 @@ export default class ViewBaseClientPage extends Page {
 
   baseClientConfigTable = () => cy.get('[data-qa="base-client-config-table"]')
 
+  baseClientServiceDetailsTable = () => cy.get('[data-qa="base-client-service-table"]')
+
   baseClientDeploymentContactTable = () => cy.get('[data-qa="base-client-deployment-contact-table"]')
 
   baseClientDeploymentPlatformTable = () => cy.get('[data-qa="base-client-deployment-platform-table"]')

server/config.ts

@@ -48,15 +48,13 @@ export default {
     password: process.env.REDIS_PASSWORD,
     tls_enabled: get('REDIS_TLS_ENABLED', 'false'),
   },
-  enableAuthorizationCode: get('ENABLE_AUTHORIZATION_CODE', 'true') === 'true',
-  enableServiceDetails: get('ENABLE_SERVICE_DETAILS', 'false') === 'true',
   session: {
     secret: get('SESSION_SECRET', 'app-insecure-default-session', requiredInProduction),
     expiryMinutes: Number(get('WEB_SESSION_TIMEOUT_IN_MINUTES', 120)),
   },
   apis: {
     audit: {
-      enabled: get('AUDIT_ENABLED', 'false') === 'true',
+      enabled: get('AUDIT_ENABLED', 'true') === 'true',
       region: get('AUDIT_SQS_REGION', 'eu-west-2', requiredInProduction),
       queueUrl: get('AUDIT_SQS_QUEUE_URL', 'http://localhost:4566/000000000000/mainQueue', requiredInProduction),
       serviceName: get('AUDIT_SERVICE_NAME', 'authorization-ui', requiredInProduction),

server/controllers/baseClientController.test.ts

@@ -177,7 +177,7 @@ describe('BaseClientController', () => {
         await baseClientController.displayNewBaseClient()(request, response, next)
 
         // THEN the choose client type page is rendered
-        expect(response.render).toHaveBeenCalledWith('pages/new-base-client-grant.njk', expect.anything())
+        expect(response.render).toHaveBeenCalledWith('pages/new-base-client-grant.njk')
       })
 
       it('if grant is specified with client-credentials renders the details screen', async () => {
@@ -218,7 +218,7 @@ describe('BaseClientController', () => {
         await baseClientController.displayNewBaseClient()(request, response, next)
 
         // THEN the choose client type page is rendered
-        expect(response.render).toHaveBeenCalledWith('pages/new-base-client-grant.njk', expect.anything())
+        expect(response.render).toHaveBeenCalledWith('pages/new-base-client-grant.njk')
       })
 
       it('if validation fails because no id specified renders the details screen with error message', async () => {

server/controllers/baseClientController.ts

@@ -13,9 +13,6 @@ import baseClientAudit, { BaseClientAuditFunction } from '../audit/baseClientAud
 import { BaseClientEvent } from '../audit/baseClientEvent'
 import { Client } from '../interfaces/baseClientApi/client'
 import { mapFilterToUrlQuery, mapListBaseClientRequest } from '../mappers/baseClientApi/listBaseClients'
-import config from '../config'
-
-const { enableAuthorizationCode } = config
 
 export default class BaseClientController {
   constructor(private readonly baseClientService: BaseClientService) {}
@@ -72,7 +69,7 @@ export default class BaseClientController {
     return async (req, res) => {
       const { grant } = req.query
       if (!(grant === kebab(GrantType.ClientCredentials) || grant === kebab(GrantType.AuthorizationCode))) {
-        res.render('pages/new-base-client-grant.njk', { enableAuthorizationCode })
+        res.render('pages/new-base-client-grant.njk')
         return
       }
       res.render('pages/new-base-client-details.njk', {

server/data/localMockData/baseClientsResponseMock.ts

@@ -45,6 +45,7 @@ export const getBaseClientResponseMock: (grantType: GrantType) => GetBaseClientR
     jiraNumber: 'jiraNumber',
     validDays: 1,
     accessTokenValiditySeconds: 3600,
+    serviceAuthorities: ['ROLE_ONE', 'ROLE_TWO'],
     deployment: {
       clientType: 'service',
       team: 'deployment team',

server/interfaces/baseClientApi/baseClient.ts

@@ -34,7 +34,7 @@ interface AuthorisationCodeDetails {
 interface ServiceDetails {
   serviceName: string
   description: string
-  authorisedRoles: string[]
+  serviceRoles: string[]
   url: string
   contact: string
   status: string

server/interfaces/baseClientApi/baseClientResponse.ts

@@ -40,6 +40,7 @@ export interface GetBaseClientResponse {
     secretKey: string
     deploymentInfo: string
   }
+  serviceAuthorities?: string[]
 }
 
 export interface ClientSecretsResponse {

server/mappers/baseClientApi/getBaseClient.ts

@@ -2,11 +2,11 @@ import { GetBaseClientResponse } from '../../interfaces/baseClientApi/baseClient
 import { BaseClient, DeploymentDetails } from '../../interfaces/baseClientApi/baseClient'
 import { ClientType } from '../../data/enums/clientTypes'
 import { HostingType } from '../../data/enums/hostingTypes'
-import { snake } from '../../utils/utils'
+import { snake, toBaseClientId } from '../../utils/utils'
 
 export default (response: GetBaseClientResponse): BaseClient => {
   return {
-    baseClientId: response.clientId,
+    baseClientId: toBaseClientId(response.clientId),
     accessTokenValidity: response.accessTokenValiditySeconds ? response.accessTokenValiditySeconds : 0,
     scopes: response.scopes ? response.scopes : [],
     grantType: snake(response.grantType),
@@ -26,7 +26,7 @@ export default (response: GetBaseClientResponse): BaseClient => {
     service: {
       serviceName: '',
       description: '',
-      authorisedRoles: [],
+      serviceRoles: response.serviceAuthorities ? response.serviceAuthorities : [],
       url: '',
       contact: '',
       status: '',

server/mappers/baseClientApi/listBaseClients.ts

@@ -75,7 +75,7 @@ export default (response: ListBaseClientsResponse): BaseClient[] => {
         service: {
           serviceName: client.teamName || '',
           description: '',
-          authorisedRoles: multiSeparatorSplit(client.roles, [' ', ',', '\n']),
+          serviceRoles: [],
           url: '',
           contact: '',
           status: '',

server/mappers/forms/mapCreateBaseClientForm.ts

@@ -34,7 +34,7 @@ export default (request: Request): BaseClient => {
     service: {
       serviceName: '',
       description: '',
-      authorisedRoles: [],
+      serviceRoles: [],
       url: '',
       contact: '',
       status: '',

server/testutils/factories/baseClient.ts

@@ -27,7 +27,7 @@ export default Factory.define<BaseClient>(() => ({
   service: {
     serviceName: 'service name',
     description: 'service description',
-    authorisedRoles: ['ROLE_CLIENT_CREDENTIALS'],
+    serviceRoles: ['ROLE_CLIENT_CREDENTIALS'],
     url: 'https://localhost:3000',
     contact: 'service contact',
     status: 'ACTIVE',

server/views/pages/base-client.njk

@@ -228,9 +228,35 @@
             "data-qa": "base-client-authorization-code-table"
           }
         }) }}
+
+        {{ govukTable({
+          firstCellIsHeader: false,
+          head: [
+            {
+              text: "Service details",
+              classes: "govuk-!-width-one-half"
+            },{
+              text: ""
+            }],
+          rows: [
+            [
+              {
+                text: "Service roles",
+                classes: "govuk-!-width-one-half"
+              },{
+              html: toLinesHtml(baseClient.service.serviceRoles)
+            }
+            ]
+          ],
+          attributes: {
+            "data-qa": "base-client-service-table"
+          }
+        }) }}
       {% endif %}
 
 
+
+
       {{ govukTable({
         firstCellIsHeader: false,
         head: [
@@ -262,85 +288,12 @@
         }
       }) }}
 
-
-      {% if baseClient.grantType == "authorization_code" and presenter.enableServiceDetails %}
-        <div class="govuk-grid-row">
-          <div class="govuk-grid-column-two-thirds">
-            <h2 class="govuk-heading-l">Service details</h2>
-          </div>
-          <div class="govuk-grid-column-one-third">
-            <a class="govuk-link" href="/clients/{{ baseClient.baseClientId }}/edit-service-details">Change
-              service details</a>
-          </div>
-        </div>
-
-        {{ govukTable({
-          firstCellIsHeader: false,
-          head: [
-            {
-              text: "Service details",
-              classes: "govuk-!-width-one-half"
-            },{
-              text: ""
-            }],
-          rows: [
-            [
-              {
-                text: "Name",
-                classes: "govuk-!-width-one-half"
-              },{
-              text: baseClient.service.serviceName
-            }
-            ],[
-              {
-                text: "Description",
-                classes: "govuk-!-width-one-half"
-              },{
-                text: baseClient.service.description
-              }
-            ],[
-              {
-                text: "Authorised roles",
-                classes: "govuk-!-width-one-half"
-              },{
-                html: toLinesHtml(baseClient.service.authorisedRoles)
-              }
-            ],[
-              {
-                text: "URL",
-                classes: "govuk-!-width-one-half"
-              },{
-                text: baseClient.service.url
-              }
-            ],[
-              {
-                text: "Contact URL/email",
-                classes: "govuk-!-width-one-half"
-              },{
-                text: baseClient.service.contact
-              }
-            ],[
-              {
-                text: "Status",
-                classes: "govuk-!-width-one-half"
-              },{
-                text: presenter.serviceEnabledLabel
-              }
-            ]
-          ],
-          attributes: {
-            "data-qa": "base-client-service-table"
-          }
-        }) }}
-      {% endif %}
-
       <div class="govuk-grid-row">
         <div class="govuk-grid-column-two-thirds">
           <h2 class="govuk-heading-l">Deployment details</h2>
         </div>
         <div class="govuk-grid-column-one-third  govuk-!-text-align-right">
-          <a class="govuk-link" href="/base-clients/{{ baseClient.baseClientId }}/deployment" data-qa='change-deployment-details-link'>Change
-            deployment details</a>
+          <a class="govuk-link" href="/base-clients/{{ baseClient.baseClientId }}/deployment" data-qa='change-deployment-details-link'>Change deployment details</a>
         </div>
       </div>
 

server/views/presenters/viewBaseClientPresenter.ts

@@ -1,7 +1,6 @@
 import { BaseClient } from '../../interfaces/baseClientApi/baseClient'
 import { Client } from '../../interfaces/baseClientApi/client'
 import { dateTimeFormat, daysRemaining } from '../../utils/utils'
-import config from '../../config'
 
 export default (baseClient: BaseClient, clients: Client[]) => {
   return {
@@ -21,6 +20,5 @@ export default (baseClient: BaseClient, clients: Client[]) => {
     ]),
     expiry: baseClient.config.expiryDate ? `Yes - days remaining ${daysRemaining(baseClient.config.expiryDate)}` : 'No',
     skipToAzureField: '',
-    enableServiceDetails: config.enableServiceDetails,
   }
 }