feat: Merge pull request #142 from pagopa/release-uat

feat: Release uat

Author: antonioT90

.grype.yaml

@@ -1,6 +1,6 @@
 ignore:
   # false positive match on reactor-netty packages due to a bug on grype: https://github.com/anchore/grype/issues/431
-  # Actually we are using netty 4.1.100
+  # Actually we are using netty 4.1.104
   - vulnerability: CVE-2014-3488  # solved in netty 3.9.2
   - vulnerability: CVE-2015-2156  # solved in netty 4.1.42
   - vulnerability: CVE-2019-16869 # solved in netty 4.1.42

Dockerfile

@@ -1,7 +1,7 @@
 #
 # Build
 #
-FROM maven:3.9.5-amazoncorretto-17-al2023@sha256:eeaa7ab572d931f7273fc5cf31429923f172091ae388969e11f42ec6dd817d74 AS buildtime
+FROM maven:3.9.6-amazoncorretto-17-al2023@sha256:9ace9c9e506877b0e1877a7f709fa9dc7895d5fbdcc93d4170dfb3d25e2839e9 AS buildtime
 
 WORKDIR /build
 COPY . .
@@ -11,10 +11,7 @@ RUN mvn clean package -DskipTests
 #
 # Docker RUNTIME
 #
-FROM amazoncorretto:17.0.9-alpine3.18@sha256:df48bf2e183230040890460ddb4359a10aa6c7aad24bd88899482c52053c7e17 AS runtime
-
-# security fixes
-RUN apk update && apk upgrade --no-cache libcrypto3 libssl3
+FROM amazoncorretto:17.0.9-alpine3.18@sha256:ed14b8c2f00dbb7b94446aa01d00583976ff0eda2577f5474035f3b4cf078dfd AS runtime
 
 RUN apk --no-cache add shadow
 RUN useradd --uid 10000 runner
@@ -24,7 +21,7 @@ WORKDIR /app
 
 COPY --from=buildtime /build/target/*.jar /app/app.jar
 # The agent is enabled at runtime via JAVA_TOOL_OPTIONS.
-ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.4.18/applicationinsights-agent-3.4.18.jar /app/applicationinsights-agent.jar
+ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.4.19/applicationinsights-agent-3.4.19.jar /app/applicationinsights-agent.jar
 
 RUN chown -R runner:runner /app
 

pom.xml

@@ -5,14 +5,14 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.1.5</version>
+		<version>3.1.7</version>
 	</parent>
 
 	<groupId>it.gov.pagopa</groupId>
 	<artifactId>idpay-transactions</artifactId>
 	<name>idpay-transactions</name>
 	<description>Transactions Microservice</description>
-	<version>1.1.4</version>
+	<version>1.2.0</version>
 
 	<properties>
 		<java.version>17</java.version>
@@ -44,6 +44,11 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-aop</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springdoc</groupId>
+			<artifactId>springdoc-openapi-starter-webflux-ui</artifactId>
+			<version>2.3.0</version>
+		</dependency>
 
 		<!--3rd party library-->
 		<dependency>
@@ -55,17 +60,12 @@
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-text</artifactId>
-			<version>1.10.0</version>
-		</dependency>
-		<dependency>
-			<groupId>org.springdoc</groupId>
-			<artifactId>springdoc-openapi-starter-webflux-ui</artifactId>
-			<version>2.2.0</version>
+			<version>1.11.0</version>
 		</dependency>
 		<dependency>
 			<groupId>org.codehaus.janino</groupId>
 			<artifactId>janino</artifactId>
-			<version>3.1.10</version>
+			<version>3.1.11</version>
 		</dependency>
 
 		<!-- Security fixes -->
@@ -88,22 +88,39 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
+			<exclusions>
+				<exclusion>
+					<groupId>junit</groupId>
+					<artifactId>junit</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.kafka</groupId>
 			<artifactId>spring-kafka-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-contract-wiremock</artifactId>
+			<scope>test</scope>
+		</dependency>
 		<dependency>
 			<groupId>com.github.javafaker</groupId>
 			<artifactId>javafaker</artifactId>
 			<version>1.0.2</version>
 			<scope>test</scope>
+			<exclusions>
+				<exclusion>
+					<groupId>org.yaml</groupId>
+					<artifactId>snakeyaml</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>de.flapdoodle.embed</groupId>
 			<artifactId>de.flapdoodle.embed.mongo.spring30x</artifactId>
-			<version>4.9.3</version>
+			<version>4.11.0</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
@@ -112,12 +129,6 @@
 			<version>4.2.0</version>
 			<scope>test</scope>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.cloud</groupId>
-			<artifactId>spring-cloud-contract-wiremock</artifactId>
-			<version>4.0.4</version>
-			<scope>test</scope>
-		</dependency>
 	</dependencies>
 
 	<dependencyManagement>
@@ -133,15 +144,24 @@
 			<dependency>
 				<groupId>io.netty</groupId>
 				<artifactId>netty-bom</artifactId>
-				<!-- Forced to 4.1.100 due to https://nvd.nist.gov/vuln/detail/CVE-2023-44487 -->
-				<version>4.1.100.Final</version>
+				<!-- Forced to >= 4.1.104 due to https://nvd.nist.gov/vuln/detail/CVE-2023-44487 -->
+				<version>4.1.104.Final</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
+
 	<build>
 		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>3.2.3</version>
+				<configuration>
+					<argLine>@{argLine} -Duser.timezone=Europe/Rome</argLine>
+				</configuration>
+			</plugin>
 			<plugin>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
@@ -157,7 +177,7 @@
 			<plugin>
 				<groupId>io.github.git-commit-id</groupId>
 				<artifactId>git-commit-id-maven-plugin</artifactId>
-				<version>5.0.0</version>
+				<version>7.0.0</version>
 				<executions>
 					<execution>
 						<id>get-the-git-infos</id>

src/main/java/it/gov/pagopa/common/web/exception/ErrorManager.java

@@ -5,30 +5,26 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.lang.Nullable;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.server.ServerWebExchange;
 
+import java.util.Optional;
+
 
 @RestControllerAdvice
 @Slf4j
 public class ErrorManager {
-    private static final ErrorDTO defaultErrorDTO;
-    static {
-        defaultErrorDTO =new ErrorDTO("Error", "Something gone wrong");
+    private final ErrorDTO defaultErrorDTO;
+
+    public ErrorManager(@Nullable ErrorDTO defaultErrorDTO) {
+        this.defaultErrorDTO = Optional.ofNullable(defaultErrorDTO)
+                .orElse(new ErrorDTO("Error", "Something gone wrong"));
     }
     @ExceptionHandler(RuntimeException.class)
     protected ResponseEntity<ErrorDTO> handleException(RuntimeException error, ServerWebExchange exchange) {
-        if(!(error instanceof ClientException clientException) || clientException.isPrintStackTrace() || clientException.getCause() != null){
-            log.error("Something went wrong handling request {}", getRequestDetails(exchange), error);
-        } else {
-            log.info("A {} occurred handling request {}: HttpStatus {} - {} at {}",
-                    clientException.getClass().getSimpleName(),
-                    getRequestDetails(exchange),
-                    clientException.getHttpStatus(),
-                    clientException.getMessage(),
-                    clientException.getStackTrace().length > 0 ? clientException.getStackTrace()[0] : "UNKNOWN");
-        }
+        logClientException(error, exchange);
 
         if(error instanceof ClientExceptionNoBody clientExceptionNoBody){
             return ResponseEntity.status(clientExceptionNoBody.getHttpStatus()).build();
@@ -50,6 +46,27 @@ protected ResponseEntity<ErrorDTO> handleException(RuntimeException error, Serve
         }
     }
 
+    public static void logClientException(RuntimeException error, ServerWebExchange exchange) {
+        String clientExceptionMessage = "";
+        if(error instanceof ClientException clientException) {
+            clientExceptionMessage = ": HttpStatus %s - %s%s".formatted(
+                    clientException.getHttpStatus(),
+                    (clientException instanceof ClientExceptionWithBody clientExceptionWithBody) ? clientExceptionWithBody.getCode() + ": " : "",
+                    clientException.getMessage()
+            );
+        }
+
+        if(!(error instanceof ClientException clientException) || clientException.isPrintStackTrace() || error.getCause() != null){
+            log.error("Something went wrong handling request {}{}", getRequestDetails(exchange), clientExceptionMessage, error);
+        } else {
+            log.info("A {} occurred handling request {}{} at {}",
+                    error.getClass().getSimpleName() ,
+                    getRequestDetails(exchange),
+                    clientExceptionMessage,
+                    error.getStackTrace().length > 0 ? error.getStackTrace()[0] : "UNKNOWN");
+        }
+    }
+
     public static String getRequestDetails(ServerWebExchange exchange) {
         return "%s %s (%s)".formatted(exchange.getRequest().getMethod(), exchange.getRequest().getURI(), exchange.getRequest().getId());
     }

src/main/java/it/gov/pagopa/common/web/exception/MongoExceptionHandler.java

@@ -12,24 +12,33 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.ResponseEntity.BodyBuilder;
+import org.springframework.lang.Nullable;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.server.ServerWebExchange;
 
+import java.util.Optional;
+
 @RestControllerAdvice
 @Slf4j
 @Order(Ordered.HIGHEST_PRECEDENCE)
 public class MongoExceptionHandler {
 
     private final ErrorManager errorManager;
 
-    public MongoExceptionHandler(ErrorManager errorManager) {
+    private final ErrorDTO tooManyRequestsErrorDTO;
+
+    public MongoExceptionHandler(ErrorManager errorManager, @Nullable ErrorDTO tooManyRequestsErrorDTO) {
         this.errorManager = errorManager;
+
+        this.tooManyRequestsErrorDTO = Optional.ofNullable(tooManyRequestsErrorDTO)
+                .orElse(new ErrorDTO("TOO_MANY_REQUESTS", "Too Many Requests"));
     }
 
+
     @ExceptionHandler(DataAccessException.class)
     protected ResponseEntity<ErrorDTO> handleDataAccessException(
-        DataAccessException ex, ServerWebExchange request) {
+            DataAccessException ex, ServerWebExchange request) {
 
         if (MongoRequestRateTooLargeRetryer.isRequestRateTooLargeException(ex)) {
             Long retryAfterMs = MongoRequestRateTooLargeRetryer.getRetryAfterMs(ex);
@@ -66,7 +75,7 @@ private ResponseEntity<ErrorDTO> getErrorDTOResponseEntity(Exception ex,
         }
 
         return bodyBuilder
-                .body(new ErrorDTO("TOO_MANY_REQUESTS", "TOO_MANY_REQUESTS"));
+                .body(tooManyRequestsErrorDTO);
     }
 
-}
+}

src/main/java/it/gov/pagopa/idpay/transactions/config/TransactionErrorManagerConfig.java

@@ -0,0 +1,23 @@
+package it.gov.pagopa.idpay.transactions.config;
+
+import it.gov.pagopa.common.web.dto.ErrorDTO;
+import it.gov.pagopa.idpay.transactions.utils.ExceptionConstants;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class TransactionErrorManagerConfig {
+
+  @Bean
+  ErrorDTO defaultErrorDTO() {
+    return new ErrorDTO(
+        ExceptionConstants.ExceptionCode.GENERIC_ERROR,
+            ExceptionConstants.ExceptionMessage.GENERIC_ERROR
+    );
+  }
+
+  @Bean
+  ErrorDTO tooManyRequestsErrorDTO() {
+    return new ErrorDTO(ExceptionConstants.ExceptionCode.TOO_MANY_REQUESTS, ExceptionConstants.ExceptionMessage.TOO_MANY_REQUESTS);
+  }
+}

src/main/java/it/gov/pagopa/idpay/transactions/controller/TransactionsControllerImpl.java

@@ -3,6 +3,7 @@
 import it.gov.pagopa.common.web.exception.ClientExceptionWithBody;
 import it.gov.pagopa.idpay.transactions.model.RewardTransaction;
 import it.gov.pagopa.idpay.transactions.service.RewardTransactionService;
+import it.gov.pagopa.idpay.transactions.utils.ExceptionConstants;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.data.domain.Pageable;
 import org.springframework.http.HttpStatus;
@@ -28,7 +29,7 @@ public Flux<RewardTransaction> findAll(String idTrxIssuer, String userId, LocalD
         }else if(userId != null && trxDateStart != null && trxDateEnd != null){
             return rewardTransactionService.findByRange(userId, trxDateStart, trxDateEnd, amount, pageable);
         }else {
-            throw new ClientExceptionWithBody(HttpStatus.BAD_REQUEST, "Error","Mandatory filters are missing. Insert one of the following options: 1) idTrxIssuer 2) userId, trxDateStart and trxDateEnd");
+            throw new ClientExceptionWithBody(HttpStatus.BAD_REQUEST, ExceptionConstants.ExceptionCode.TRANSACTIONS_MISSING_MANDATORY_FILTERS,ExceptionConstants.ExceptionMessage.TRANSACTIONS_MISSING_MANDATORY_FILTERS);
         }
     }
 }

src/main/java/it/gov/pagopa/idpay/transactions/utils/ExceptionConstants.java

@@ -0,0 +1,21 @@
+package it.gov.pagopa.idpay.transactions.utils;
+
+public final class ExceptionConstants {
+    private ExceptionConstants(){}
+
+    public static final class ExceptionCode {
+        private ExceptionCode(){}
+
+        public static final String TOO_MANY_REQUESTS = "TRANSACTIONS_TOO_MANY_REQUESTS";
+        public static final String GENERIC_ERROR = "TRANSACTIONS_GENERIC_ERROR";
+        public static final String TRANSACTIONS_MISSING_MANDATORY_FILTERS = "TRANSACTIONS_MISSING_MANDATORY_FILTERS";
+    }
+
+    public static final class ExceptionMessage {
+        private ExceptionMessage(){}
+
+        public static final String TOO_MANY_REQUESTS = "Too Many Requests";
+        public static final String GENERIC_ERROR = "Something gone wrong";
+        public static final String TRANSACTIONS_MISSING_MANDATORY_FILTERS = "Mandatory filters are missing. Insert one of the following options: 1) idTrxIssuer 2) userId, trxDateStart and trxDateEnd";
+    }
+}

src/test/java/it/gov/pagopa/common/kafka/KafkaTestUtilitiesService.java

@@ -65,8 +65,6 @@ public class KafkaTestUtilitiesService {
     private String applicationName;
     @Value("${spring.kafka.bootstrap-servers}")
     private String bootstrapServers;
-    @Value("${spring.cloud.stream.kafka.binder.zkNodes}")
-    private String zkNodes;
 
     @Autowired
     private ObjectMapper objectMapper;
@@ -111,7 +109,7 @@ void clearTopics() {
 
     /** It will return usefull URLs related to embedded kafka */
     public String getKafkaUrls() {
-        return "bootstrapServers: %s, zkNodes: %s".formatted(bootstrapServers, zkNodes);
+        return "bootstrapServers: %s".formatted(bootstrapServers);
     }
 
 //region consume messages
@@ -320,7 +318,7 @@ public void assertCommitOrder(String flowName, int totalSendMessages) {
     }
 //endregion
 
-//region error topic
+    //region error topic
     public void checkErrorsPublished(String topicErrors, Pattern errorUseCaseIdPatternMatch, int expectedErrorMessagesNumber, long maxWaitingMs, List<Pair<Supplier<String>, java.util.function.Consumer<ConsumerRecord<String, String>>>> errorUseCases) {
         final List<ConsumerRecord<String, String>> errors = consumeMessages(topicErrors, expectedErrorMessagesNumber, maxWaitingMs);
         for (final ConsumerRecord<String, String> record : errors) {