refactor(jans-cedarling): improve WASM compatibility

[rmarinn]

Prepare

• Read PR guidelines
• Read license information

---

Description

This PR improves WASM compatibility by:

• using the chrono crate which has WASM support instead of std::time for getting the time.
• using replacing reqwest::blocking::Client with reqwest::Client.

Target issue

target issue: refactor(jans-cedarling): improve WASM compatibility #10330

closes #10330

Implementation Details

• the HttpClient create will store a reference to a tokio runtime which it will use to make async requests so compiling to WASM would be possible.

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

This GitHub Pull Request enhances the Janssen Project's development and contribution processes by implementing comprehensive security practices, standardized issue templates, automated dependency updates, and robust GitHub Actions workflows to improve code quality and project security.

Expand for full summary

Summary:

This GitHub Pull Request (PR) contains a series of changes across multiple files, primarily focused on improving the development and contribution processes for the Janssen Project. The changes cover a wide range of areas, including issue templates, code linting, dependency management, and GitHub Actions workflows.

From an application security perspective, the changes demonstrate a strong commitment to security best practices and a proactive approach to maintaining the overall security and integrity of the codebase. Key security-focused aspects include:

1. Standardized Issue Templates: The new issue templates for development items, bug reports, and feature requests help to ensure that important security-related information is captured and tracked during the contribution process.
2. Automated Dependency Updates: The Dependabot configuration ensures that dependencies are regularly updated, addressing known vulnerabilities in a timely manner.
3. Comprehensive Linting and Testing: The various GitHub Actions workflows, such as the Flake8 linter and the build-test workflow, help to enforce code quality standards and catch potential security issues early in the development lifecycle.
4. Secure Development Practices: The PR template and the "ops-pr-ref-issue" workflow promote good development practices, such as the "issue-first" approach, which can help prevent the introduction of security vulnerabilities.
5. Hardened Runner Environments: The use of the "step-security/harden-runner" action across multiple workflows helps to mitigate potential security risks in the GitHub Actions runner environments.

Overall, the changes in this PR demonstrate a strong focus on security and a commitment to maintaining a secure and reliable application. The combination of standardized processes, automated tooling, and security-conscious practices should help to improve the overall security posture of the Janssen Project.

Files Changed:

1. .github/ISSUE_TEMPLATE/development-item.md: This file introduces a new issue template for development items, which includes sections for reading the contribution guidelines, identifying code changes, and documenting the changes.
2. .gitattributes: The changes in this file enable Git's automatic text file normalization feature, which helps to maintain consistent line endings across different operating systems.
3. .github/CODEOWNERS: This file defines the code ownership structure for the Janssen Project, with designated owners for various components and directories.
4. .github/ISSUE_TEMPLATE/bug_report.md: A new issue template for reporting bugs, which includes sections for describing the issue, reproducing the problem, and providing additional context.
5. .github/ISSUE_TEMPLATE/feature_request.md: A new issue template for submitting feature requests, with sections for describing the problem, the desired solution, and any alternative solutions considered.
6. .github/ISSUE_TEMPLATE/failing-tests.md: A new issue template for reporting failing tests or build issues, with sections for providing information about the failure and potential root causes.
7. .github/SECURITY.md: This file outlines the Janssen Project's security policy, including the process for reporting security vulnerabilities and the project's approach to handling them.
8. .github/dependabot.yml: The configuration file for the Dependabot service, which automatically updates dependencies across various ecosystems on a daily basis.
9. .github/pull_request_template.md: The pull request template, which includes sections for describing the target issue, the implementation details, and the testing and documentation of the changes.
10. .github/maven-settings.xml: This file configures Maven to use a GitHub server for authentication, using environment variables for the username and password.
11. .github/workflows/build-docs.yml: The GitHub Actions workflow responsible for publishing the Janssen Project's documentation to GitHub Pages.
12. .github/workflows/build-docker-image.yml: The workflow that builds and publishes Docker images for the Janssen Project's components.
13. .github/workflows/lint-docs.yml: The workflow that lints the documentation files in the "docs/" directory.
14. .github/workflows/build-packages.yml: The workflow that builds and publishes binary and Python-based packages for the Janssen Project.
15. .github/workflows/build-nightly-build.yml: The workflow that creates and publishes nightly builds of the GitHub CLI (gh) project.
16. .github/workflows/ops-docs.yml: The workflow that manages documentation-related changes in the Janssen Project repository.
17. .github/workflows/build-test.yml: The workflow responsible for building, testing, and publishing the Janssen Project's components.
18. `.github/workflows/

Code Analysis

We ran 9 analyzers against 15 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[djellemah]

Locally, there are build failures with cargo test --target wasm32-wasip1 and cargo test --target wasm32-unknown-unknown. Is that expected right now?

Looks to me the cause is jsonwebkey, which pulls in an older version of jsonwebtoken which then pulls in an older version of ring.

[rmarinn]

Locally, there are build failures with cargo test --target wasm32-wasip1 and cargo test --target wasm32-unknown-unknown. Is that expected right now?

Yeah... turns out we need to change more things (other than the jsonwebkey issue) before it compiles correctly which is why i converted this to draft for now.

Looks to me the cause is jsonwebkey, which pulls in an older version of jsonwebtoken which then pulls in an older version of ring.

we're only really using jsonwebkey for tests so I'll probably just replace that when I get the time.

[abaghinyan]

maybe it should be better to use DeserializeText instead of DeserializeJson here

[abaghinyan]

It's a good practice to add a timeout in during an http request like:

let client = Client::builder()
.timeout(Duration::from_sec(20))
.build()
.map_err(HttpClientError::Initialization)?;

[abaghinyan]

In general it's better to use async then block_on. Here you can do something like :

let resp_json = self
            .resp
            .json::<T>()
            .await
            .map_err(HttpClientError::DeserializeJson)?;
        Ok(resp_json)

Moreover, you can remove the lifetime parameter <'rt> from Response.