AB2D-1040: Migrate CI away from bluebutton.hhsdevcloud (#206)

* Removed references to the BFD in HHS Dev Cloud and replaced with BFD Production Sandbox. Updated Travis configuration (`.travis.yml`) to _securely_ pass the keystore location, password and file itself to the builds (`travis encrypt` and `travis encrypt-file` were used).

* Removed the quotes that were making their way into environment variable values; standardized on keystore location so that both Maven tests (run outside of Docker Compose) and e2e tests (run _inside_ Docker Compose) equally pass.

* Added `AB2D_BFD_URL` to docker-compose.yml for consistency as suggested during PR review.

* Incorrect encrypted `AB2D_BFD_KEYSTORE_PASSWORD` value got into .travis.yml by mistake. Also, modified TestRunner.java to automatically pass system environment variables to the containers; otherwise values set in `.bash_profile` simply were not making it through.

* Did not realize application.bfd.properties under "test" actually referred to environment variables!

* Just realized we are *not* sending coverage information to Code Climate for a good number of modules.

Author: dkrylovsb

.travis.yml

@@ -1,45 +1,60 @@
 env:
   global:
-    # The CC_TEST_REPORTER_ID
-    - secure: OY3JWzy8JxPXXqT/YOnYcwFGm46DgQdGMV5dkhDjrBeKgfb2H7ohY6GkAStQv8vV6LE/yu3N6f+XGuPwH2q27Q3I8daYeNY2MtGMt+wokkqhkJWG/XdqQodr+RbkUYN7BHiYQC6ZQKdh9NIA4JIWsNdh8TKrc7cFxy4WM5ACGO9pf6y96GRVT1CHIlwaYzXna+dE0Khbg3EGSa0tcEwLUmYdPGwK+6hiMeX0wTbhDr4YEh5kdnIAFuDDfj+KKmT9FJeTJXywFc9I6YuuYLL+z1g4GMAWCV7PoZdBOLVZQXzP/A8IE1jN7bSNean2risBRXi+PBKohZuvjpLb4UbTTp1+HR5FzPCKpkNvkLmyHpqaDCbDXfXSzMEwWxbj/6vmDK+hO5fqZrI/iO0rNugixxOKEl/ZPXga2Zf1nVxEGzfI86BVNHMegSL1AfLJ5kI+P/0HGnUBbnSAD/kH8k8Rd7r/PHCqoN7VwUhuirI5C9Ulbd6iMm1C8sgq7lOogJvVoS939lP3IcrtNhqmS3Wyc2YsWUE3RlIiJizOQB4K925el41o8qQmDvxIbB8tiDaqfkas3OjDVCr+JjzczXHgjV6Uze5EQovIQ4SvgNidZkjNyei+piJ+lwHx/34jBAC4GNs7uFgkA+RTrNtZCyHK2f2lv7OyNNzWyC3XMRIyQsM=
-    - codeclimate: true
-    - DOCKER_COMPOSE_VERSION: 1.24.1
-
+  - secure: OY3JWzy8JxPXXqT/YOnYcwFGm46DgQdGMV5dkhDjrBeKgfb2H7ohY6GkAStQv8vV6LE/yu3N6f+XGuPwH2q27Q3I8daYeNY2MtGMt+wokkqhkJWG/XdqQodr+RbkUYN7BHiYQC6ZQKdh9NIA4JIWsNdh8TKrc7cFxy4WM5ACGO9pf6y96GRVT1CHIlwaYzXna+dE0Khbg3EGSa0tcEwLUmYdPGwK+6hiMeX0wTbhDr4YEh5kdnIAFuDDfj+KKmT9FJeTJXywFc9I6YuuYLL+z1g4GMAWCV7PoZdBOLVZQXzP/A8IE1jN7bSNean2risBRXi+PBKohZuvjpLb4UbTTp1+HR5FzPCKpkNvkLmyHpqaDCbDXfXSzMEwWxbj/6vmDK+hO5fqZrI/iO0rNugixxOKEl/ZPXga2Zf1nVxEGzfI86BVNHMegSL1AfLJ5kI+P/0HGnUBbnSAD/kH8k8Rd7r/PHCqoN7VwUhuirI5C9Ulbd6iMm1C8sgq7lOogJvVoS939lP3IcrtNhqmS3Wyc2YsWUE3RlIiJizOQB4K925el41o8qQmDvxIbB8tiDaqfkas3OjDVCr+JjzczXHgjV6Uze5EQovIQ4SvgNidZkjNyei+piJ+lwHx/34jBAC4GNs7uFgkA+RTrNtZCyHK2f2lv7OyNNzWyC3XMRIyQsM=
+  - codeclimate: true
+  - DOCKER_COMPOSE_VERSION: 1.24.1
+  - secure: h8p+gMxYmKLZYrXrd1V3t8WSvrGjiFN2SmYsdQjgtZrZ5Hqm/IY0X18PF70/5nSNxc3h6JF0tfpkANmfdTJEFIF4PNccWpqfhsZc7axR691/pK0ky4kL7xWPVzAs5PP5JdkU2dDfibvb3KFw6sGZYfUdRhDRzFb5cUcNff+qgg0P1A3PRG07MplwUhtB0Xl9gdImaUmqW86kTXmISMpcTJ4bko9KRkX/3dp75B/NvLJqlh0KMaH2T0YtcM49MUPKuSmQOD16huWdZqmzOLN7XJ/rZk6kGWNeyK6yLhy9sd4sNcLZmn8ejxrjfVC1/lHNGRMXvd6oRKBLWK5E2KwYoyMi514t4oTLNA7I1Y44OIq9QE059d81Y+qbcU0eqOXS5MxBZdX7FTVKhH7hirhz+eD0tQIbcvJEhxQL6gWaQuyPgVudsAl6yDwwnSdIUJzdUV9Ri8HTJTAB8zi/sFUIf/aM/8CTzq38I2OJ8SdxQ+n+cd64RIMOSb2qJuI4TWZNudictpHl6f/rVPohpDz+vis1p1HixmfTI5mGl9llgT3U6zqqlcZPXDVkZBCRgf+gbdlB5YnFImU8n/N6RVTmfRFGQMybbDORM6ltZX+Ao913L88FpwTfpTkfb/tqfqD5mwWMtESHxGtVTYZug9+tYk+fUEySSWO01JTvtsj/NAM=
+  - secure: n1NNXk+OkWTys5pLxwH+o1m0LT53HYBMxJz0negjampyLjPg0xPhdnGqdFITejHQ/fUYDdAFfkoJ/2sX2EZppya8B+X8YovqfxVms2F18e3/3zQhutmw3vxFgVuy/Lp5NkzQYDVoggzQOPNLfSJrCCSIo2FVdaKNjLnjCx3V1IFPq2HzFuUoFNliOpgiox6PICgg0HSysifRjhZygnSnlS0t7yTs5F3hipmPyQOhdyos/f7ut0x0ugW6cENDL8Bk+nR2znXzLqsdC6Y/+xjrpOubTdhQQyOHGTgdsHFTYSgfqBgTNiMzh8OorKfHs1gALnGjUtd4zzJg7lXqnHCkAM8RlFGg1aq7AMxLvuNYz+q84xNIfAxdpRjU2xukdMFke0+c2wR4x2eJHit691wMcezoaiJ5py7D3slmsdhEzyWLNOd86fWPpbebS7S18/p9kOwFpvS73YhGPKD/8M7ot/k78ota/2prBRih94RknXYnDj49HGLLzJu5UbXwf/juLdJK4t3ItapsmHef7hoZnrsPt9Nj0ZkWDI1ePVremFfQWbNGBPwIh/mQ4P+V44FAn3gkAjyPkklgC9slpfqZ254djsfejmMCc2QZTqVzJ1lMxrjxU0K1leVQNnvJFDafWgfVTIguhlgeLW7CC1IXB8bp3aJTp0GnbwikExVPOWs=
 dist: bionic
 language: java
 jdk:
 - openjdk13
 cache:
   directories:
   - "$HOME/.m2"
-
 before_install:
-  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
-  - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-  - sudo apt-get update
-  - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
-  - sudo rm /usr/local/bin/docker-compose
-  - curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
-  - chmod +x docker-compose
-  - sudo mv docker-compose /usr/local/bin
-  - docker-compose version
-  - export OKTA_CLIENT_ID=0oa2t0lsrdZw5uWRx297
-  - export OKTA_CLIENT_PASSWORD=HHduWG6LogIvDIQuWgp3Zlo9OYMValTtH5OBcuHw
-  - export SECONDARY_USER_OKTA_CLIENT_ID=0oa2t0lc65ErV8OmY297
-  - export SECONDARY_USER_OKTA_CLIENT_PASSWORD=1Bl3HGO6eglkXUDtjVjto3L-3C0offzTMk2qlz9r
-
+- mkdir -p /tmp/ab2d_efs_mount
+- openssl aes-256-cbc -K $encrypted_27e3c48779c8_key -iv $encrypted_27e3c48779c8_iv
+  -in ab2d_dev_keystore.enc -out /tmp/ab2d_efs_mount/ab2d_dev_keystore -d
+- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu
+  $(lsb_release -cs) stable"
+- sudo apt-get update
+- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
+- sudo rm /usr/local/bin/docker-compose
+- curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname
+  -s`-`uname -m` > docker-compose
+- chmod +x docker-compose
+- sudo mv docker-compose /usr/local/bin
+- docker-compose version
+- export OKTA_CLIENT_ID=0oa2t0lsrdZw5uWRx297
+- export OKTA_CLIENT_PASSWORD=HHduWG6LogIvDIQuWgp3Zlo9OYMValTtH5OBcuHw
+- export SECONDARY_USER_OKTA_CLIENT_ID=0oa2t0lc65ErV8OmY297
+- export SECONDARY_USER_OKTA_CLIENT_PASSWORD=1Bl3HGO6eglkXUDtjVjto3L-3C0offzTMk2qlz9r
 install: true
-
 before_script:
-  - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
-  - chmod +x ./cc-test-reporter
-  - ./cc-test-reporter before-build
+- curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64
+  > ./cc-test-reporter
+- chmod +x ./cc-test-reporter
+- "./cc-test-reporter before-build"
 script:
-  - mvn clean verify
+- mvn clean verify
 after_script:
-  - export JACOCO_SOURCE_PATH=./api/src/main/java; ./cc-test-reporter format-coverage ./api/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.api.json
-  - export JACOCO_SOURCE_PATH=./common/src/main/java; ./cc-test-reporter format-coverage ./common/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.common.json
-  - export JACOCO_SOURCE_PATH=./hpms/src/main/java; ./cc-test-reporter format-coverage ./hpms/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.hpms.json
-  - export JACOCO_SOURCE_PATH=./bfd/src/main/java; ./cc-test-reporter format-coverage ./bfd/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.bfd.json
-  - ./cc-test-reporter sum-coverage codeclimate.*.json -o coverage/codeclimate.json
-  - if [[ "$TRAVIS_TEST_RESULT" == 0 ]]; then ./cc-test-reporter upload-coverage; fi
+- export JACOCO_SOURCE_PATH=./api/src/main/java; ./cc-test-reporter format-coverage
+  ./api/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.api.json
+- export JACOCO_SOURCE_PATH=./audit/src/main/java; ./cc-test-reporter format-coverage
+  ./audit/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.audit.json
+- export JACOCO_SOURCE_PATH=./common/src/main/java; ./cc-test-reporter format-coverage
+  ./common/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.common.json
+- export JACOCO_SOURCE_PATH=./filter/src/main/java; ./cc-test-reporter format-coverage
+  ./filter/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.filter.json
+- export JACOCO_SOURCE_PATH=./hpms/src/main/java; ./cc-test-reporter format-coverage
+  ./hpms/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.hpms.json
+- export JACOCO_SOURCE_PATH=./optout/src/main/java; ./cc-test-reporter format-coverage
+  ./optout/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.optout.json
+- export JACOCO_SOURCE_PATH=./bfd/src/main/java; ./cc-test-reporter format-coverage
+  ./bfd/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.bfd.json
+- export JACOCO_SOURCE_PATH=./worker/src/main/java; ./cc-test-reporter format-coverage
+  ./worker/target/site/jacoco/jacoco.xml --input-type jacoco -o codeclimate.worker.json
+- "./cc-test-reporter sum-coverage codeclimate.*.json -o coverage/codeclimate.json"
+- if [[ "$TRAVIS_TEST_RESULT" == 0 ]]; then ./cc-test-reporter upload-coverage; fi

ab2d_dev_keystore.enc

@@ -1,6 +1,6 @@
 bfd.keystore.password=${AB2D_BFD_KEYSTORE_PASSWORD:#{'changeit'}}
 bfd.keystore.location=${AB2D_BFD_KEYSTORE_LOCATION:#{'/bb.keystore'}}
-bfd.serverBaseUrl=${AB2D_BFD_URL:#{'https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/'}}
+bfd.serverBaseUrl=${AB2D_BFD_URL:#{'https://prod-sbx.bfdcloud.net/v1/fhir/'}}
 bfd.hicn.hash=https://bluebutton.cms.gov/resources/identifier/hicn-hash
 bfd.connectionTimeout=${AB2D_BFD_CONNECTION_TIMEOUT:#{5000}}
 bfd.socketTimeout=${AB2D_BFD_SOCKET_TIMEOUT:#{10000}}

bfd/src/main/resources/application.bfd.properties

@@ -1,5 +1,5 @@
-bfd.keystore.password=${AB2D_BFD_KEYSTORE_PASSWORD:#{'changeit'}}
-bfd.keystore.location=${AB2D_BFD_KEYSTORE_LOCATION:#{'/bb.keystore'}}
+bfd.keystore.password=changeit
+bfd.keystore.location=/bb.keystore
 bfd.serverBaseUrl=http://localhost:8083/v1/fhir/
 bfd.connectionTimeout=5000
 bfd.hicn.hash=https://bluebutton.cms.gov/resources/identifier/hicn-hash

bfd/src/test/resources/application.bfd.properties

@@ -7,7 +7,7 @@
    <total value="1"/>
    <link>
       <relation value="self"/>
-      <url value="https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/ExplanationOfBenefit?patient=20140000009893&amp;excludeSAMHSA=true"/>
+      <url value="https://prod-sbx.bfdcloud.net/v1/fhir/ExplanationOfBenefit?patient=-20140000009893&amp;excludeSAMHSA=true"/>
    </link>
    <entry>
       <resource>

bfd/src/test/resources/bb-test-data/eob/20140000009893.xml

@@ -47,6 +47,9 @@ services:
       - AB2D_DB_USER=ab2d
       - AB2D_DB_PASSWORD=ab2d
       - AB2D_EFS_MOUNT=/tmp/ab2d_efs_mount
+      - AB2D_BFD_URL=https://prod-sbx.bfdcloud.net/v1/fhir/
+      - AB2D_BFD_KEYSTORE_PASSWORD=${AB2D_BFD_KEYSTORE_PASSWORD}
+      - AB2D_BFD_KEYSTORE_LOCATION=${AB2D_BFD_KEYSTORE_LOCATION}
       - NEW_RELIC_LICENSE_KEY="${NEW_RELIC_LICENSE_KEY}"
       - NEW_RELIC_APP_NAME="${NEW_RELIC_APP_NAME}"
     depends_on:
@@ -57,3 +60,8 @@ services:
 # This needs a shared volume so that both the API and worker module can access the ndjson files being generated
 volumes:
   tmp-volume:
+    driver: local
+    driver_opts:
+      type: none
+      device: /tmp/ab2d_efs_mount
+      o: bind

docker-compose.yml

@@ -9,10 +9,10 @@
 import org.json.JSONException;
 import org.json.JSONObject;
 import org.junit.Assert;
-import org.junit.jupiter.api.*;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.testcontainers.containers.DockerComposeContainer;
-import org.testcontainers.containers.output.Slf4jLogConsumer;
 import org.testcontainers.containers.wait.strategy.HostPortWaitStrategy;
 import org.testcontainers.junit.jupiter.Testcontainers;
 import org.yaml.snakeyaml.Yaml;
@@ -26,14 +26,12 @@
 import java.net.http.HttpResponse;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
-
 import java.time.Duration;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.*;
 import java.util.zip.GZIPInputStream;
 
-import static gov.cms.ab2d.common.util.Constants.API_PREFIX;
 import static gov.cms.ab2d.e2etest.APIClient.PATIENT_EXPORT_PATH;
 import static java.time.temporal.ChronoUnit.SECONDS;
 import static org.hamcrest.Matchers.matchesPattern;
@@ -75,6 +73,7 @@ public void init() throws IOException, InterruptedException, JSONException {
         if(environment.isUsesDockerCompose()) {
             DockerComposeContainer container = new DockerComposeContainer(
                     new File("../docker-compose.yml"))
+                    .withEnv(System.getenv())
                     .withScaledService("worker", 2)
                     .withExposedService("db", 5432)
                     .withExposedService("api", 8080, new HostPortWaitStrategy()

e2e-test/src/test/java/gov/cms/ab2d/e2etest/TestRunner.java

@@ -15,8 +15,6 @@
 import java.util.List;
 import java.util.stream.Collectors;
 
-import static org.apache.commons.lang3.StringUtils.contains;
-
 /**
  * This is a stub implementation that we can use till the BFD API becomes available.
  * The rightmost 3 characters of the contractNumber being passed in must be numeric.
@@ -112,8 +110,7 @@ private List<String> getFromSampleFile(int rowsToRetrieve) {
                         .limit(rowsToRetrieve)
                         // This is kind of a hack, I know, but this is a mock,
                         // and it's not going to be around for much longer anyway.
-                        .map(row -> contains(serverBaseUrl,
-                                "hhsdevcloud") ? row : "-"
+                        .map(row -> "-"
                                 .concat(row))
                         .collect(Collectors.toList());