[82969] MAP STS token caching

[bramleyjl]

z## Summary

• This PR adds Redis caching to MAP STS tokens requested via vets-api. Token information is stored in via Rails cache with map_sts_token_<application>_icn as its key.
• Cache time is 5 minutes.
• MAP STS Service updated to include cache param, defaulting to true. If cache is false the service will force a query for a new token. Tokens are always cached for future retrieval, regardless of cache param.
• Using the MapServicesController to request a token will always call for a new token - cache is always false.

Related issue(s)

• Add caching capability to MAP::SecurityToken::Service va.gov-team#82969

Testing done

• To test, you will need to create an STS token to validate with:

# create private key from fixture
pem = File.read('spec/fixtures/sign_in/sts_client.pem')
private_key = OpenSSL::PKey::RSA.new(pem)

# build token payload & encode
current_time = Time.now.to_i
token = {
  'iss' => 'http://localhost:3978/api/messages',
  'sub' => 'vets.gov.user+0@gmail.com',
  'aud' => 'http://127.0.0.1:3000/v0/sign_in/token',
  'iat' => current_time,
  'exp' => current_time + 300,
  'scopes' => ['http://localhost:3000/v0/map_services/chatbot/token'],
  'service_account_id' => '88a6d94a3182fd63279ea5565f26bcb4',
  'jti' => '2ed8a21d207adf50eb935e32d25a41ff',
  'user_attributes' => { 'icn' => '1012667122V019349' }
}
JWT.encode(token, private_key, 'RS256')

• Submit a request to /v0/map_services/chatbot/token:

curl --location --request POST 'http://localhost:3000/v0/map_services/chatbot/token' \
--header 'Authorization: Bearer <sts token>

• You should receive a token, and can find a token request log in your Rails console with cached_response => false:

Rails -- [MAP][SecurityToken][Service] token request -- { :application => :chatbot, :icn => "1012667122V019349" }
Rails -- [MAP][SecurityToken][Service] token success -- { :application => :chatbot, :icn => "1012667122V019349", :cached_response => false }

• Change the MapServicesController to use caching when requesting a token:

# app/controllers/v0/map_services_controller.rb
result = MAP::SecurityToken::Service.new.token(application: params[:application].to_sym, icn:, cache: true)

• Repeat your query, you should immediately receive a cached token instead of the result of a new query:

Rails -- [MAP][SecurityToken][Service] token success -- { :application => :chatbot, :icn => "1012667122V019349", :cached_response => false }

What areas of the site does it impact?

MAP STS token requests

Acceptance criteria

• I fixed|updated|added unit tests and integration tests for each feature (if applicable).
• No error nor warning in the console.
• Events are being sent to the appropriate logging solution
• No sensitive information (i.e. PII/credentials/internal URLs/etc.) is captured in logging, hardcoded, or specs
• Feature/bug has a monitor built into Datadog or Grafana (if applicable)
• If app impacted requires authentication, did you login to a local build and verify all authenticated routes work as expected

[bosawt]

Confirmed call to MAP::STS with response and log stating response was not from cache:
2024-05-31 14:32:43.162553 I [5866:12180 service.rb:18] Rails -- [MAP][SecurityToken][Service] token success -- { :application => :chatbot, :icn => "123456", :cached_response => false }

Follow up call confirms response came from cache (cached_response => true)
2024-05-31 14:32:56.283599 I [5866:12180 service.rb:18] Rails -- [MAP][SecurityToken][Service] token success -- { :application => :chatbot, :icn => "123456", :cached_response => true }

Confirmed cached_response => false no matter how many times I call system when cache: false in params