From 2fee2bf0fb733667f11cc58ed1a5864c7e4df736 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Tue, 30 Jan 2024 15:28:53 +0100 Subject: [PATCH 01/44] =?UTF-8?q?Lag=20ny=20nais=20app=20spinosaurus=20og?= =?UTF-8?q?=20fjern=20un=C3=B8dvendig=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- deploy/dev-gcp.yaml | 85 +++++++++++++++++++++++++++++ src/main/kotlin/no/nav/syfo/App.kt | 6 +- src/main/resources/application.conf | 10 ---- 3 files changed, 89 insertions(+), 12 deletions(-) create mode 100644 deploy/dev-gcp.yaml diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml new file mode 100644 index 000000000..eaefb8df5 --- /dev/null +++ b/deploy/dev-gcp.yaml @@ -0,0 +1,85 @@ +apiVersion: "nais.io/v1alpha1" +kind: "Application" +metadata: + name: spinosaurus + namespace: helsearbeidsgiver + labels: + team: helsearbeidsgiver +spec: + image: {{image}} + port: 8080 + prometheus: + enabled: false + path: /metrics + liveness: + failureThreshold: 3 + initialDelay: 60 + path: /health/is-alive + periodSeconds: 10 + timeout: 1 + readiness: + failureThreshold: 3 + initialDelay: 60 + path: /health/is-ready + periodSeconds: 10 + timeout: 1 + replicas: + max: 1 + min: 1 + resources: + limits: + memory: "1024Mi" + requests: + cpu: "500m" + memory: "386Mi" + + secureLogs: + enabled: true + kafka: + pool: nav-dev + azure: + application: + enabled: true + + accessPolicy: + inbound: + rules: + - application: im-bro-spinn + namespace: helsearbeidsgiver + cluster: dev-gcp + - application: sparkel-dokumenter + namespace: tbd + cluster: dev-gcp + env: + - name: KOIN_PROFILE + value: "PREPROD" + - name: SRVSYFOINNTEKTSMELDING_USERNAME + value: "srvsyfoinntektsmel" + - name: SECURITY_TOKEN_SERVICE_TOKEN_URL + value: "http://security-token-service.default.svc.nais.local/rest/v1/sts/token" + - name: OPPGAVEBEHANDLING_URL + value: "https://oppgave.nais.preprod.local/api/v1/oppgaver" + - name: OPPRETT_SAK_URL + value: "https://sak-q1.dev.intern.nav.no/api/v1/saker" + - name: SRVAPPSERVER_USERNAME + value: "srvappserver" + - name: SRVAPPSERVER_PASSWORD + value: "" + - name: KAFKA_JOARK_HENDELSE_TOPIC + value: "teamdokumenthandtering.aapen-dok-journalfoering-q1" + - name: KAFKA_UTSATT_OPPGAVE_TOPIC + value: "tbd.spre-oppgaver" + - name: DOKARKIV_URL + value: "https://dokarkiv-q1.dev.intern.nav.no/rest/journalpostapi/v1" + - name: RUN_BACKGROUND_WORKERS + value: "true" + - name: PDL_URL + value: "https://pdl-api.nais.preprod.local/graphql" + - name: NORG2_URL + value: "https://helsearbeidsgiver-proxy.dev-fss-pub.nais.io/norg" + - name: SAF_DOKUMENT_URL + value: "https://saf-q1.dev.intern.nav.no/rest" + - name: SAF_JOURNAL_URL + value: "https://saf-q1.dev.intern.nav.no/graphql" + - name: ENHETSREGISTERET_URL + value: "https://data.brreg.no/enhetsregisteret/api/underenheter/" diff --git a/src/main/kotlin/no/nav/syfo/App.kt b/src/main/kotlin/no/nav/syfo/App.kt index 18fccdcf1..104556f94 100644 --- a/src/main/kotlin/no/nav/syfo/App.kt +++ b/src/main/kotlin/no/nav/syfo/App.kt @@ -46,8 +46,10 @@ class SpinnApplication(val port: Int = 8080) : KoinComponent { } startKoin { modules(selectModuleBasedOnProfile(appConfig)) } migrateDatabase() - configAndStartBackgroundWorkers() - startKafkaConsumer() + if (System.getenv("NAIS_CLUSTER_NAME") != "dev-gcp") { + configAndStartBackgroundWorkers() + startKafkaConsumer() + } configAndStartWebserver() } diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index a058875b7..8b9653682 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -107,15 +107,6 @@ client { } } -aadaccesstoken_url: "https://login.microsoftonline.com/navq.onmicrosoft.com/oauth2/token" -aadaccesstoken_url: ${?AADACCESSTOKEN_URL} - -aad_syfoinntektsmelding_clientid_username: "56813e1b-97db-4da9-bcc1-a53d0a677ca2" -aad_syfoinntektsmelding_clientid_username: ${?AAD_SYFOINNTEKTSMELDING_CLIENTID_USERNAME} - -aad_syfoinntektsmelding_clientid_password: "" -aad_syfoinntektsmelding_clientid_password: ${?AAD_SYFOINNTEKTSMELDING_CLIENTID_PASSWORD} - aad_preauthorized_apps = "[{\"clientId\":\"appId\",\"name\":\"thisapp\"},{\"clientId\":\"appId2\",\"name\":\"otherapp\"}]}" aad_preauthorized_apps = ${?AZURE_APP_PRE_AUTHORIZED_APPS} @@ -125,7 +116,6 @@ opprett_sak_url:"http://sak.teamdokumenthandtering.svc.nais.local/api/v1/saker" opprett_sak_url: ${?OPPRETT_SAK_URL} kafka_bootstrap_servers: "localhost:9092" -kafka_bootstrap_servers: ${?KAFKA_BOOTSTRAP_SERVERS} oppgavebehandling_url: "https://oppgave.nais.preprod.local/api/v1/oppgaver" oppgavebehandling_url: ${?OPPGAVEBEHANDLING_URL} From 728fd5a9549d9eb2c5424d777d0f9afe7e49fff1 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Tue, 30 Jan 2024 15:39:13 +0100 Subject: [PATCH 02/44] enable app i dev-gcp og opprett database i gcp Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- .github/workflows/master-gcp.yml | 78 ++++++++++++++++++++++++++++++++ deploy/dev-gcp.yaml | 22 +++++++-- 2 files changed, 95 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/master-gcp.yml diff --git a/.github/workflows/master-gcp.yml b/.github/workflows/master-gcp.yml new file mode 100644 index 000000000..1e03ff058 --- /dev/null +++ b/.github/workflows/master-gcp.yml @@ -0,0 +1,78 @@ +name: Preprod + +on: + push: + branches: + - master + - 'preprod/**' + +env: + IMAGE: ghcr.io/${{ github.repository }}/syfoinntektsmelding:${{ github.sha }} + +jobs: + # Label of the container job + build: + # You must use a Linux environment when using service containers or container jobs + runs-on: ubuntu-latest + permissions: + packages: write + # Service containers to run with `container-job` + services: + # Label used to access the service container + postgres: + # Docker Hub image + image: postgres + ports: + # Maps tcp port 5432 on service container to the host + - 5432:5432 + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_DB: postgres + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-java@v1 + with: + java-version: '17' + - name: Cache Gradle wrapper + uses: actions/cache@v2 + with: + path: ~/.gradle/wrapper + key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }} + restore-keys: | + ${{ runner.os }}-gradle-wrapper- + - name: Cache Gradle packages + uses: actions/cache@v2 + with: + path: ~/.gradle/caches + key: ${{ runner.os }}-gradle-cache-${{ hashFiles('build.gradle') }} + restore-keys: | + ${{ runner.os }}-gradle-cache- + - name: test and build + run: ./gradlew test build + env: + ORG_GRADLE_PROJECT_githubUser: x-access-token + ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Login to GitHub Packages Docker Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and publish Docker image + run: | + docker build --tag ${IMAGE} . + docker push ${IMAGE} + + deploy: + name: Deploy to PREPROD + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: nais/deploy/actions/deploy@v1 + env: + APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} + CLUSTER: dev-gcp + RESOURCE: deploy/dev-gcp.yaml diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index eaefb8df5..d3dea43a3 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -1,5 +1,5 @@ -apiVersion: "nais.io/v1alpha1" -kind: "Application" +apiVersion: nais.io/v1alpha1 +kind: Application metadata: name: spinosaurus namespace: helsearbeidsgiver @@ -28,10 +28,10 @@ spec: min: 1 resources: limits: - memory: "1024Mi" + memory: 1024Mi requests: - cpu: "500m" - memory: "386Mi" + cpu: 500m + memory: 386Mi secureLogs: enabled: true @@ -41,7 +41,19 @@ spec: application: enabled: true + gcp: + sqlInstances: + - type: POSTGRES_11 + databases: + - name: spinosaurus + diskAutoresize: true + accessPolicy: + outbound: + rules: + - application: helsearbeidsgiver-proxy + namespace: helsearbeidsgiver + cluster: dev-fss inbound: rules: - application: im-bro-spinn From 6d4e01f30a9ae29db9aa69741c346df04f4e691b Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Tue, 30 Jan 2024 16:06:41 +0100 Subject: [PATCH 03/44] ikke bruk vault config i gcp Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- .../no/nav/syfo/koin/PreprodKoinProfile.kt | 33 ++++++++++++++----- src/main/resources/application.conf | 3 ++ 2 files changed, 27 insertions(+), 9 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index 1524730ad..a1b7180e9 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -59,17 +59,32 @@ import javax.sql.DataSource fun preprodConfig(config: ApplicationConfig) = module { externalSystemClients(config) single { - val vaultconfig = HikariConfig() - vaultconfig.jdbcUrl = config.getjdbcUrlFromProperties() - vaultconfig.minimumIdle = 1 - vaultconfig.maximumPoolSize = 2 - HikariCPVaultUtil.createHikariDataSourceWithVaultIntegration( - vaultconfig, - config.getString("database.vault.mountpath"), - config.getString("database.vault.admin"), - ) + if (System.getenv("NAIS_CLUSTER_NAME") != "dev-gcp") { + val hikariConfig = HikariConfig() + hikariConfig.jdbcUrl = config.getjdbcUrlFromProperties() + hikariConfig.minimumIdle = 1 + hikariConfig.maximumPoolSize = 2 + HikariCPVaultUtil.createHikariDataSourceWithVaultIntegration( + hikariConfig, + config.getString("database.vault.mountpath"), + config.getString("database.vault.admin"), + ) + } else { + HikariConfig().apply { + jdbcUrl = config.getjdbcUrlFromProperties() + username = config.getString("database.username") + password = config.getString("database.password") + maximumPoolSize = 2 + minimumIdle = 1 + idleTimeout = 10001 + connectionTimeout = 2000 + maxLifetime = 30001 + driverClassName = "org.postgresql.Driver" + } + } } bind DataSource::class + single { JoarkInntektsmeldingHendelseProsessor( get(), diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index 8b9653682..fc1ce6870 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -47,9 +47,12 @@ security_token { database { username = "spinn" username = ${?DATABASE_USERNAME} + username = ${?NAIS_DATABASE_FRITAKAGP_FRITAKAGP_DB_USERNAME} + password = "spinn" password = ${?DATABASE_PASSWORD} + password = ${?NAIS_DATABASE_FRITAKAGP_FRITAKAGP_DB_PASSWORD} name = "spinn" name = ${?DATABASE_NAME} From 254be5a7f5e876184ddd029fc218432a6d1f0ad2 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Tue, 30 Jan 2024 16:17:09 +0100 Subject: [PATCH 04/44] format ktlint Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- .../no/nav/syfo/koin/PreprodKoinProfile.kt | 38 ++++--------------- 1 file changed, 8 insertions(+), 30 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index a1b7180e9..5dea06ab8 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -87,11 +87,7 @@ fun preprodConfig(config: ApplicationConfig) = module { single { JoarkInntektsmeldingHendelseProsessor( - get(), - get(), - get(), - get(), - get() + get(), get(), get(), get(), get() ) } bind JoarkInntektsmeldingHendelseProsessor::class single { ArbeidsgiverperiodeRepositoryImp(get()) } bind ArbeidsgiverperiodeRepository::class @@ -106,12 +102,7 @@ fun preprodConfig(config: ApplicationConfig) = module { } bind TokenConsumer::class single { InntektsmeldingBehandler( - get(), - get(), - get(), - get(), - get(), - get() + get(), get(), get(), get(), get(), get() ) } bind InntektsmeldingBehandler::class @@ -127,17 +118,12 @@ fun preprodConfig(config: ApplicationConfig) = module { single { JournalpostHendelseConsumer( - joarkAivenProperties(), - config.getString("kafka_joark_hendelse_topic"), - get(), - get(), - get() + joarkAivenProperties(), config.getString("kafka_joark_hendelse_topic"), get(), get(), get() ) } single { UtsattOppgaveConsumer( - utsattOppgaveAivenProperties(), - config.getString("kafka_utsatt_oppgave_topic"), get(), get(), get() + utsattOppgaveAivenProperties(), config.getString("kafka_utsatt_oppgave_topic"), get(), get(), get() ) } @@ -155,8 +141,7 @@ fun preprodConfig(config: ApplicationConfig) = module { single { FjernInntektsmeldingByBehandletProcessor( - InntektsmeldingRepositoryImp(get()), - config.getString("lagringstidMåneder").toInt() + InntektsmeldingRepositoryImp(get()), config.getString("lagringstidMåneder").toInt() ) } bind FjernInntektsmeldingByBehandletProcessor::class single { FinnAlleUtgaandeOppgaverProcessor(get(), get(), get(), get(), get(), get()) } bind FinnAlleUtgaandeOppgaverProcessor::class @@ -168,8 +153,7 @@ fun preprodConfig(config: ApplicationConfig) = module { single { PdlClientImpl( - config.getString("pdl_url"), - RestSTSAccessTokenProvider( + config.getString("pdl_url"), RestSTSAccessTokenProvider( config.getString("security_token.username"), config.getString("security_token.password"), config.getString("security_token_service_token_url"), @@ -196,8 +180,7 @@ fun preprodConfig(config: ApplicationConfig) = module { single { SafJournalpostClient( get(), - config.getString("saf_journal_url"), - RestSTSAccessTokenProvider( + config.getString("saf_journal_url"), RestSTSAccessTokenProvider( config.getString("security_token.username"), config.getString("security_token.password"), config.getString("security_token_service_token_url"), @@ -242,12 +225,7 @@ fun preprodConfig(config: ApplicationConfig) = module { ConsumerConfig.GROUP_ID_CONFIG to "syfoinntektsmelding-im-v1", ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG to StringDeserializer::class.java, ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG to StringDeserializer::class.java - ), - "helsearbeidsgiver.inntektsmelding", - get(), - get(), - get(), - get() + ), "helsearbeidsgiver.inntektsmelding", get(), get(), get(), get() ) } } From 3e615fd9e86a6059be555d630897f13166bcbe31 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Tue, 30 Jan 2024 16:19:10 +0100 Subject: [PATCH 05/44] format ktlint 2 Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- .../kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index 5dea06ab8..e7f3f4b22 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -84,7 +84,6 @@ fun preprodConfig(config: ApplicationConfig) = module { } } bind DataSource::class - single { JoarkInntektsmeldingHendelseProsessor( get(), get(), get(), get(), get() @@ -153,7 +152,8 @@ fun preprodConfig(config: ApplicationConfig) = module { single { PdlClientImpl( - config.getString("pdl_url"), RestSTSAccessTokenProvider( + config.getString("pdl_url"), + RestSTSAccessTokenProvider( config.getString("security_token.username"), config.getString("security_token.password"), config.getString("security_token_service_token_url"), @@ -180,7 +180,8 @@ fun preprodConfig(config: ApplicationConfig) = module { single { SafJournalpostClient( get(), - config.getString("saf_journal_url"), RestSTSAccessTokenProvider( + config.getString("saf_journal_url"), + RestSTSAccessTokenProvider( config.getString("security_token.username"), config.getString("security_token.password"), config.getString("security_token_service_token_url"), @@ -225,7 +226,12 @@ fun preprodConfig(config: ApplicationConfig) = module { ConsumerConfig.GROUP_ID_CONFIG to "syfoinntektsmelding-im-v1", ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG to StringDeserializer::class.java, ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG to StringDeserializer::class.java - ), "helsearbeidsgiver.inntektsmelding", get(), get(), get(), get() + ), + "helsearbeidsgiver.inntektsmelding", + get(), + get(), + get(), + get() ) } } From d485e8d6ff27cbc8790b7dff732d03eb279936b4 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Tue, 30 Jan 2024 16:28:19 +0100 Subject: [PATCH 06/44] Instansier hikariDatasource i koin Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- .../no/nav/syfo/koin/PreprodKoinProfile.kt | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index e7f3f4b22..30eafe77d 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -1,6 +1,7 @@ package no.nav.syfo.koin import com.zaxxer.hikari.HikariConfig +import com.zaxxer.hikari.HikariDataSource import io.ktor.config.ApplicationConfig import no.nav.helse.arbeidsgiver.bakgrunnsjobb.BakgrunnsjobbRepository import no.nav.helse.arbeidsgiver.bakgrunnsjobb.BakgrunnsjobbService @@ -70,17 +71,19 @@ fun preprodConfig(config: ApplicationConfig) = module { config.getString("database.vault.admin"), ) } else { - HikariConfig().apply { - jdbcUrl = config.getjdbcUrlFromProperties() - username = config.getString("database.username") - password = config.getString("database.password") - maximumPoolSize = 2 - minimumIdle = 1 - idleTimeout = 10001 - connectionTimeout = 2000 - maxLifetime = 30001 - driverClassName = "org.postgresql.Driver" - } + HikariDataSource( + HikariConfig().apply { + jdbcUrl = config.getjdbcUrlFromProperties() + username = config.getString("database.username") + password = config.getString("database.password") + maximumPoolSize = 2 + minimumIdle = 1 + idleTimeout = 10001 + connectionTimeout = 2000 + maxLifetime = 30001 + driverClassName = "org.postgresql.Driver" + } + ) } } bind DataSource::class From d9094c0eff5f3fa9e3b503391fe5d4244f6b0c60 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Tue, 30 Jan 2024 16:37:12 +0100 Subject: [PATCH 07/44] bruk injectede database config Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- src/main/resources/application.conf | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index fc1ce6870..62e11b2e4 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -47,23 +47,26 @@ security_token { database { username = "spinn" username = ${?DATABASE_USERNAME} - username = ${?NAIS_DATABASE_FRITAKAGP_FRITAKAGP_DB_USERNAME} + username = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_USERNAME} password = "spinn" password = ${?DATABASE_PASSWORD} - password = ${?NAIS_DATABASE_FRITAKAGP_FRITAKAGP_DB_PASSWORD} + password = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_PASSWORD} name = "spinn" name = ${?DATABASE_NAME} + name = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_DATABASE} host = "localhost" host = ${?DATABASE_HOST} + host = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_HOST} port = 5432 port = ${?DATABASE_PORT} + port = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_PORT} - vault { + vault { role="syfoinntektsmelding-user" admin="syfoinntektsmelding-admin" mountpath = "" From d54103c1772eaae2a6fa3c0703db70869aae9551 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Wed, 31 Jan 2024 09:44:58 +0100 Subject: [PATCH 08/44] =?UTF-8?q?tester=20egne=20database-properties=20for?= =?UTF-8?q?=20dev-gcp=20legg=20inn=20journalpostId'er=20med=20status=20for?= =?UTF-8?q?kastet=20i=20rekj=C3=B8r-liste?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- .../no/nav/syfo/koin/PreprodKoinProfile.kt | 11 +++++++--- src/main/resources/application.conf | 21 +++++++++++++------ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index 30eafe77d..1764f95cd 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -73,9 +73,14 @@ fun preprodConfig(config: ApplicationConfig) = module { } else { HikariDataSource( HikariConfig().apply { - jdbcUrl = config.getjdbcUrlFromProperties() - username = config.getString("database.username") - password = config.getString("database.password") + jdbcUrl = String.format( + "jdbc:postgresql://%s:%s/%s", + config.getString("gcp_database.host"), + config.getString("gcp_database.port"), + config.getString("gcp_database.name") + ) + username = config.getString("gcp_database.username") + password = config.getString("gcp_database.password") maximumPoolSize = 2 minimumIdle = 1 idleTimeout = 10001 diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index 62e11b2e4..646e9a099 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -42,29 +42,38 @@ security_token { password = ${?SRVSYFOINNTEKTSMELDING_PASSWORD} } +gcp_database { + username = "spinn" + username = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_USERNAME} + + password = "spinn" + password = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_PASSWORD} + + name = "spinn" + name = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_DATABASE} + + host = "localhost" + host = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_HOST} + port = 5432 + port = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_PORT} +} database { username = "spinn" username = ${?DATABASE_USERNAME} - username = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_USERNAME} - password = "spinn" password = ${?DATABASE_PASSWORD} - password = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_PASSWORD} name = "spinn" name = ${?DATABASE_NAME} - name = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_DATABASE} host = "localhost" host = ${?DATABASE_HOST} - host = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_HOST} port = 5432 port = ${?DATABASE_PORT} - port = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_PORT} vault { role="syfoinntektsmelding-user" From ef1e3864dfaae3248f22afe8382870d1f2b5e92d Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Wed, 31 Jan 2024 10:04:46 +0100 Subject: [PATCH 09/44] Revert "tester egne database-properties for dev-gcp" This reverts commit d54103c1772eaae2a6fa3c0703db70869aae9551. --- .../no/nav/syfo/koin/PreprodKoinProfile.kt | 11 +++------- src/main/resources/application.conf | 21 ++++++------------- 2 files changed, 9 insertions(+), 23 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index 1764f95cd..30eafe77d 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -73,14 +73,9 @@ fun preprodConfig(config: ApplicationConfig) = module { } else { HikariDataSource( HikariConfig().apply { - jdbcUrl = String.format( - "jdbc:postgresql://%s:%s/%s", - config.getString("gcp_database.host"), - config.getString("gcp_database.port"), - config.getString("gcp_database.name") - ) - username = config.getString("gcp_database.username") - password = config.getString("gcp_database.password") + jdbcUrl = config.getjdbcUrlFromProperties() + username = config.getString("database.username") + password = config.getString("database.password") maximumPoolSize = 2 minimumIdle = 1 idleTimeout = 10001 diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index 646e9a099..62e11b2e4 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -42,38 +42,29 @@ security_token { password = ${?SRVSYFOINNTEKTSMELDING_PASSWORD} } -gcp_database { - username = "spinn" - username = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_USERNAME} - - password = "spinn" - password = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_PASSWORD} - - name = "spinn" - name = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_DATABASE} - - host = "localhost" - host = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_HOST} - port = 5432 - port = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_PORT} -} database { username = "spinn" username = ${?DATABASE_USERNAME} + username = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_USERNAME} + password = "spinn" password = ${?DATABASE_PASSWORD} + password = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_PASSWORD} name = "spinn" name = ${?DATABASE_NAME} + name = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_DATABASE} host = "localhost" host = ${?DATABASE_HOST} + host = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_HOST} port = 5432 port = ${?DATABASE_PORT} + port = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_PORT} vault { role="syfoinntektsmelding-user" From dc56d57604c1566d0276e2bbc2590be58ee682d3 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Wed, 31 Jan 2024 10:06:05 +0100 Subject: [PATCH 10/44] korrekte db properties Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- src/main/resources/application.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index 62e11b2e4..ded18d3ca 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -56,15 +56,15 @@ database { name = "spinn" name = ${?DATABASE_NAME} - name = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_DATABASE} + name = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DATABASE} host = "localhost" host = ${?DATABASE_HOST} - host = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_HOST} + host = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_HOST} port = 5432 port = ${?DATABASE_PORT} - port = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_DB_PORT} + port = ${?NAIS_DATABASE_SPINOSAURUS_SPINOSAURUS_PORT} vault { role="syfoinntektsmelding-user" From 8ff0c42d03348e4dacb79bfdac19128348485162 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Wed, 31 Jan 2024 10:43:50 +0100 Subject: [PATCH 11/44] start kafka og bgjobber bare i dev-gcp Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- deploy/dev-gcp.yaml | 2 ++ src/main/kotlin/no/nav/syfo/App.kt | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index d3dea43a3..2dae86771 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -6,6 +6,8 @@ metadata: labels: team: helsearbeidsgiver spec: + ingresses: + - https://spinosaurus.dev.intern.nav.no image: {{image}} port: 8080 prometheus: diff --git a/src/main/kotlin/no/nav/syfo/App.kt b/src/main/kotlin/no/nav/syfo/App.kt index 104556f94..7ca77bdc5 100644 --- a/src/main/kotlin/no/nav/syfo/App.kt +++ b/src/main/kotlin/no/nav/syfo/App.kt @@ -46,7 +46,7 @@ class SpinnApplication(val port: Int = 8080) : KoinComponent { } startKoin { modules(selectModuleBasedOnProfile(appConfig)) } migrateDatabase() - if (System.getenv("NAIS_CLUSTER_NAME") != "dev-gcp") { + if (System.getenv("NAIS_CLUSTER_NAME") == "dev-gcp") { configAndStartBackgroundWorkers() startKafkaConsumer() } From 8785a89733a320c83b6ba1f86e9dcf6df6d27d7a Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Wed, 31 Jan 2024 10:50:35 +0100 Subject: [PATCH 12/44] dev-gcp: korrekt ingress Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- deploy/dev-gcp.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index 2dae86771..82b39e9fb 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -7,7 +7,7 @@ metadata: team: helsearbeidsgiver spec: ingresses: - - https://spinosaurus.dev.intern.nav.no + - https://spinosaurus.intern.dev.nav.no image: {{image}} port: 8080 prometheus: From 8c8fd27a33b723e39eda69cccf489d0fe6d043d0 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Wed, 31 Jan 2024 14:02:14 +0100 Subject: [PATCH 13/44] dev-gcp: nye urler for pdl og norg2 Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- deploy/dev-gcp.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index 82b39e9fb..5fd6ebcff 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -88,9 +88,9 @@ spec: - name: RUN_BACKGROUND_WORKERS value: "true" - name: PDL_URL - value: "https://pdl-api.nais.preprod.local/graphql" + value: "https://pdl-api.dev-fss-pub.nais.io" - name: NORG2_URL - value: "https://helsearbeidsgiver-proxy.dev-fss-pub.nais.io/norg" + value: "https://norg2.dev-fss-pub.nais.io/norg2/api" - name: SAF_DOKUMENT_URL value: "https://saf-q1.dev.intern.nav.no/rest" - name: SAF_JOURNAL_URL From a37368bd04ccf68d0a8e68cc10db8b2563839873 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Wed, 31 Jan 2024 14:04:08 +0100 Subject: [PATCH 14/44] dev-gcp: fjernet sak-url, brukes ikke lenger Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- deploy/dev-gcp.yaml | 2 -- src/main/resources/application.conf | 3 --- 2 files changed, 5 deletions(-) diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index 5fd6ebcff..19ef84078 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -73,8 +73,6 @@ spec: value: "http://security-token-service.default.svc.nais.local/rest/v1/sts/token" - name: OPPGAVEBEHANDLING_URL value: "https://oppgave.nais.preprod.local/api/v1/oppgaver" - - name: OPPRETT_SAK_URL - value: "https://sak-q1.dev.intern.nav.no/api/v1/saker" - name: SRVAPPSERVER_USERNAME value: "srvappserver" - name: SRVAPPSERVER_PASSWORD diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index ded18d3ca..d964dfbbf 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -118,9 +118,6 @@ aad_preauthorized_apps = ${?AZURE_APP_PRE_AUTHORIZED_APPS} inntektsmelding_lagringstid_maneder: "3" -opprett_sak_url:"http://sak.teamdokumenthandtering.svc.nais.local/api/v1/saker" -opprett_sak_url: ${?OPPRETT_SAK_URL} - kafka_bootstrap_servers: "localhost:9092" oppgavebehandling_url: "https://oppgave.nais.preprod.local/api/v1/oppgaver" From 14ecc51d90d1faacce6d4b5db90e7471e7e9a391 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Wed, 31 Jan 2024 14:14:19 +0100 Subject: [PATCH 15/44] dev-gcp:lagt inn externalHosts og endret oppgaveUrl Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- deploy/dev-gcp.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index 19ef84078..53b14d245 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -56,6 +56,11 @@ spec: - application: helsearbeidsgiver-proxy namespace: helsearbeidsgiver cluster: dev-fss + external: + - host: data.brreg.no + - host: norg2.dev-fss-pub.nais.io + - host: oppgave-q1.dev-fss-pub.nais.io + - host: pdl-api.dev-fss-pub.nais.io inbound: rules: - application: im-bro-spinn @@ -72,7 +77,7 @@ spec: - name: SECURITY_TOKEN_SERVICE_TOKEN_URL value: "http://security-token-service.default.svc.nais.local/rest/v1/sts/token" - name: OPPGAVEBEHANDLING_URL - value: "https://oppgave.nais.preprod.local/api/v1/oppgaver" + value: "https://oppgave-q1.dev-fss-pub.nais.io/api/v1/oppgaver" - name: SRVAPPSERVER_USERNAME value: "srvappserver" - name: SRVAPPSERVER_PASSWORD From 5473f746f61bbd1500e04dd884de76da05935c38 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Wed, 31 Jan 2024 16:09:06 +0100 Subject: [PATCH 16/44] Ikke bruk access token mot norg2 Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt | 3 --- src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt | 6 ------ 2 files changed, 9 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt b/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt index 434a4a6b7..8f0236f8a 100644 --- a/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt +++ b/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt @@ -22,7 +22,6 @@ import java.time.LocalDate */ open class Norg2Client( private val url: String, - private val stsClient: AccessTokenProvider, private val httpClient: HttpClient ) { @@ -30,11 +29,9 @@ open class Norg2Client( * Oppslag av informasjon om ruting av arbeidsoppgaver til enheter. */ open suspend fun hentAlleArbeidsfordelinger(request: ArbeidsfordelingRequest, callId: String?): List { - val stsToken = stsClient.getToken() return runBlocking { httpClient.post>(url + "/arbeidsfordeling/enheter/bestmatch") { contentType(ContentType.Application.Json.withCharset(Charsets.UTF_8)) - header("Authorization", "Bearer $stsToken") header("X-Correlation-ID", callId) body = request } diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index 30eafe77d..21fc14587 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -170,12 +170,6 @@ fun preprodConfig(config: ApplicationConfig) = module { single { Norg2Client( config.getString("norg2_url"), - RestSTSAccessTokenProvider( - config.getString("security_token.username"), - config.getString("security_token.password"), - config.getString("security_token_service_token_url"), - get() - ), get() ) } bind Norg2Client::class From 969ed73f1cc0f92f3503b899100fb92d6498dd8d Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Wed, 31 Jan 2024 16:14:53 +0100 Subject: [PATCH 17/44] bytt ut reststs med azure token Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- deploy/dev-gcp.yaml | 13 +- .../no/nav/syfo/client/OppgaveClient.kt | 10 +- .../kotlin/no/nav/syfo/koin/DevKoinProfile.kt | 195 ++++++++++++++++++ .../no/nav/syfo/koin/ExternalSystemsModule.kt | 84 ++++++++ .../kotlin/no/nav/syfo/koin/KoinProfiles.kt | 1 + .../no/nav/syfo/koin/PreprodKoinProfile.kt | 37 +--- src/main/resources/application.conf | 8 +- 7 files changed, 312 insertions(+), 36 deletions(-) create mode 100644 src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index 53b14d245..91167afdb 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -71,7 +71,7 @@ spec: cluster: dev-gcp env: - name: KOIN_PROFILE - value: "PREPROD" + value: "DEV" - name: SRVSYFOINNTEKTSMELDING_USERNAME value: "srvsyfoinntektsmel" - name: SECURITY_TOKEN_SERVICE_TOKEN_URL @@ -100,3 +100,14 @@ spec: value: "https://saf-q1.dev.intern.nav.no/graphql" - name: ENHETSREGISTERET_URL value: "https://data.brreg.no/enhetsregisteret/api/underenheter/" + - name: DOKARKIV_SCOPE + value: api://dev-fss.teamdokumenthandtering.dokarkiv-q1/.default + - name: SAF_SCOPE + value: api://dev-fss.teamdokumenthandtering.saf-q1/.default + - name: OPPGAVE_SCOPE + value: api://dev-fss.oppgavehandtering.oppgave-q1/.default + - name: PDL_SCOPE + value: api://dev-fss.pdl.pdl-api/.default + - name: PROXY_SCOPE + value: api://dev-fss.helsearbeidsgiver.helsearbeidsgiver-proxy/.default + diff --git a/src/main/kotlin/no/nav/syfo/client/OppgaveClient.kt b/src/main/kotlin/no/nav/syfo/client/OppgaveClient.kt index e6c281b6d..99fa72aa6 100644 --- a/src/main/kotlin/no/nav/syfo/client/OppgaveClient.kt +++ b/src/main/kotlin/no/nav/syfo/client/OppgaveClient.kt @@ -27,18 +27,18 @@ const val BEHANDLINGSTEMA_UTBETALING_TIL_BRUKER = "ab0458" const val BEHANDLINGSTYPE_UTLAND = "ae0106" const val BEHANDLINGSTYPE_NORMAL = "ab0061" -class OppgaveClient constructor( +class OppgaveClient( val oppgavebehndlingUrl: String, - val tokenConsumer: TokenConsumer, val httpClient: HttpClient, - val metrikk: Metrikk + val metrikk: Metrikk, + val getAccessToken: () -> String ) { private val logger = this.logger() private suspend fun opprettOppgave(opprettOppgaveRequest: OpprettOppgaveRequest): OpprettOppgaveResponse = retry("opprett_oppgave") { httpClient.post(oppgavebehndlingUrl) { contentType(ContentType.Application.Json) - this.header("Authorization", "Bearer ${tokenConsumer.token}") + this.header("Authorization", "Bearer ${getAccessToken()}") this.header("X-Correlation-ID", MdcUtils.getCallId()) body = opprettOppgaveRequest } @@ -49,7 +49,7 @@ class OppgaveClient constructor( val callId = MdcUtils.getCallId() logger.info("Henter oppgave med CallId $callId") httpClient.get(oppgavebehndlingUrl) { - this.header("Authorization", "Bearer ${tokenConsumer.token}") + this.header("Authorization", "Bearer ${getAccessToken()}") this.header("X-Correlation-ID", callId) parameter("tema", TEMA) parameter("oppgavetype", oppgavetype) diff --git a/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt new file mode 100644 index 000000000..3846cb5d1 --- /dev/null +++ b/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt @@ -0,0 +1,195 @@ +package no.nav.syfo.koin + +import com.zaxxer.hikari.HikariConfig +import com.zaxxer.hikari.HikariDataSource +import io.ktor.config.ApplicationConfig +import no.nav.helse.arbeidsgiver.bakgrunnsjobb.BakgrunnsjobbRepository +import no.nav.helse.arbeidsgiver.bakgrunnsjobb.BakgrunnsjobbService +import no.nav.helse.arbeidsgiver.bakgrunnsjobb.PostgresBakgrunnsjobbRepository +import no.nav.helse.arbeidsgiver.integrasjoner.AccessTokenProvider +import no.nav.helse.arbeidsgiver.integrasjoner.pdl.PdlClient +import no.nav.helse.arbeidsgiver.integrasjoner.pdl.PdlClientImpl +import no.nav.helse.arbeidsgiver.system.getString +import no.nav.syfo.MetrikkVarsler +import no.nav.syfo.behandling.InntektsmeldingBehandler +import no.nav.syfo.client.BrregClient +import no.nav.syfo.client.BrregClientImp +import no.nav.syfo.client.OppgaveClient +import no.nav.syfo.client.dokarkiv.DokArkivClient +import no.nav.syfo.client.norg.Norg2Client +import no.nav.syfo.client.saf.SafDokumentClient +import no.nav.syfo.client.saf.SafJournalpostClient +import no.nav.syfo.integration.kafka.UtsattOppgaveConsumer +import no.nav.syfo.integration.kafka.commonAivenProperties +import no.nav.syfo.integration.kafka.joarkAivenProperties +import no.nav.syfo.integration.kafka.journalpost.JournalpostHendelseConsumer +import no.nav.syfo.integration.kafka.utsattOppgaveAivenProperties +import no.nav.syfo.producer.InntektsmeldingAivenProducer +import no.nav.syfo.prosesser.FinnAlleUtgaandeOppgaverProcessor +import no.nav.syfo.prosesser.FjernInntektsmeldingByBehandletProcessor +import no.nav.syfo.prosesser.JoarkInntektsmeldingHendelseProsessor +import no.nav.syfo.repository.ArbeidsgiverperiodeRepository +import no.nav.syfo.repository.ArbeidsgiverperiodeRepositoryImp +import no.nav.syfo.repository.DuplikatRepository +import no.nav.syfo.repository.DuplikatRepositoryImpl +import no.nav.syfo.repository.FeiletRepositoryImp +import no.nav.syfo.repository.FeiletService +import no.nav.syfo.repository.InntektsmeldingRepository +import no.nav.syfo.repository.InntektsmeldingRepositoryImp +import no.nav.syfo.repository.UtsattOppgaveRepositoryImp +import no.nav.syfo.service.BehandleInngaaendeJournalConsumer +import no.nav.syfo.service.BehandlendeEnhetConsumer +import no.nav.syfo.service.InngaaendeJournalConsumer +import no.nav.syfo.service.InntektsmeldingService +import no.nav.syfo.service.JournalConsumer +import no.nav.syfo.service.JournalpostService +import no.nav.syfo.simba.InntektsmeldingConsumer +import no.nav.syfo.util.Metrikk +import no.nav.syfo.utsattoppgave.FeiletUtsattOppgaveMeldingProsessor +import no.nav.syfo.utsattoppgave.UtsattOppgaveDAO +import no.nav.syfo.utsattoppgave.UtsattOppgaveService +import org.apache.kafka.clients.consumer.ConsumerConfig +import org.apache.kafka.common.serialization.StringDeserializer +import org.koin.core.qualifier.named +import org.koin.dsl.bind +import org.koin.dsl.module +import javax.sql.DataSource + +fun devConfig(config: ApplicationConfig) = module { + externalSystemClients(config) + single { + HikariDataSource( + HikariConfig().apply { + jdbcUrl = config.getjdbcUrlFromProperties() + username = config.getString("database.username") + password = config.getString("database.password") + maximumPoolSize = 2 + minimumIdle = 1 + idleTimeout = 10001 + connectionTimeout = 2000 + maxLifetime = 30001 + driverClassName = "org.postgresql.Driver" + } + ) + } bind DataSource::class + + single { + JoarkInntektsmeldingHendelseProsessor( + get(), get(), get(), get(), get() + ) + } bind JoarkInntektsmeldingHendelseProsessor::class + single { ArbeidsgiverperiodeRepositoryImp(get()) } bind ArbeidsgiverperiodeRepository::class + + single { + InntektsmeldingBehandler( + get(), get(), get(), get(), get(), get() + ) + } bind InntektsmeldingBehandler::class + + single { InngaaendeJournalConsumer(get()) } bind InngaaendeJournalConsumer::class + single { BehandleInngaaendeJournalConsumer(get()) } bind BehandleInngaaendeJournalConsumer::class + single { JournalConsumer(get(), get(), get()) } bind JournalConsumer::class + single { Metrikk() } bind Metrikk::class + single { BehandlendeEnhetConsumer(get(), get(), get()) } bind BehandlendeEnhetConsumer::class + single { JournalpostService(get(), get(), get(), get(), get(), get()) } bind JournalpostService::class + + single { InntektsmeldingRepositoryImp(get()) } bind InntektsmeldingRepository::class + single { InntektsmeldingService(get(), get()) } bind InntektsmeldingService::class + + single { + JournalpostHendelseConsumer( + joarkAivenProperties(), config.getString("kafka_joark_hendelse_topic"), get(), get(), get() + ) + } + single { + UtsattOppgaveConsumer( + utsattOppgaveAivenProperties(), config.getString("kafka_utsatt_oppgave_topic"), get(), get(), get() + ) + } + + single { + InntektsmeldingAivenProducer( + commonAivenProperties() + ) + } + + single { DuplikatRepositoryImpl(get()) } bind DuplikatRepository::class + single { UtsattOppgaveDAO(UtsattOppgaveRepositoryImp(get())) } + single { + val tokenProvider = get(qualifier = named("OPPGAVE")) + OppgaveClient(config.getString("oppgavebehandling_url"), get(), get(), tokenProvider::getToken) + } bind OppgaveClient::class + single { UtsattOppgaveService(get(), get(), get(), get(), get(), get()) } bind UtsattOppgaveService::class + single { FeiletUtsattOppgaveMeldingProsessor(get(), get()) } + + single { + FjernInntektsmeldingByBehandletProcessor( + InntektsmeldingRepositoryImp(get()), config.getString("lagringstidMåneder").toInt() + ) + } bind FjernInntektsmeldingByBehandletProcessor::class + single { FinnAlleUtgaandeOppgaverProcessor(get(), get(), get(), get(), get(), get()) } bind FinnAlleUtgaandeOppgaverProcessor::class + + single { FeiletService(FeiletRepositoryImp(get())) } bind FeiletService::class + + single { PostgresBakgrunnsjobbRepository(get()) } bind BakgrunnsjobbRepository::class + single { BakgrunnsjobbService(get(), bakgrunnsvarsler = MetrikkVarsler()) } + + single { + PdlClientImpl( + config.getString("pdl_url"), + get(qualifier = named("PDL")), + get(), + get() + ) + } bind PdlClient::class + + single { + Norg2Client( + config.getString("norg2_url"), + get() + ) + } bind Norg2Client::class + + single { + SafJournalpostClient( + get(), + config.getString("saf_journal_url"), + get(qualifier = named("SAF")), + ) + } bind SafJournalpostClient::class + + single { + SafDokumentClient( + config.getString("saf_dokument_url"), + get(), + get(qualifier = named("SAF")), + ) + } bind SafDokumentClient::class + + single { + DokArkivClient( + config.getString("dokarkiv_url"), + get(qualifier = named("DOKARKIV")), + get() + ) + } bind DokArkivClient::class + + single { BrregClientImp(get(qualifier = named("proxyHttpClient")), config.getString("berreg_enhet_url")) } bind BrregClient::class + + single { + InntektsmeldingConsumer( + commonAivenProperties() + mapOf( + ConsumerConfig.AUTO_OFFSET_RESET_CONFIG to "earliest", + ConsumerConfig.CLIENT_ID_CONFIG to "syfoinntektsmelding-im-consumer", + ConsumerConfig.GROUP_ID_CONFIG to "syfoinntektsmelding-im-v1", + ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG to StringDeserializer::class.java, + ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG to StringDeserializer::class.java + ), + "helsearbeidsgiver.inntektsmelding", + get(), + get(), + get(), + get() + ) + } +} diff --git a/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt b/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt index a8462acd0..9a472529a 100644 --- a/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt +++ b/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt @@ -1,8 +1,13 @@ package no.nav.syfo.koin +import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod import io.ktor.config.ApplicationConfig import no.nav.helse.arbeidsgiver.integrasjoner.AccessTokenProvider import no.nav.helse.arbeidsgiver.integrasjoner.OAuth2TokenProvider +import no.nav.helse.arbeidsgiver.system.getString +import no.nav.security.token.support.client.core.ClientAuthenticationProperties +import no.nav.security.token.support.client.core.ClientProperties +import no.nav.security.token.support.client.core.OAuth2GrantType import no.nav.security.token.support.client.core.oauth2.ClientCredentialsTokenClient import no.nav.security.token.support.client.core.oauth2.OAuth2AccessTokenService import no.nav.security.token.support.client.core.oauth2.OnBehalfOfTokenClient @@ -11,7 +16,10 @@ import no.nav.syfo.integration.oauth2.DefaultOAuth2HttpClient import no.nav.syfo.integration.oauth2.OAuth2ClientPropertiesConfig import no.nav.syfo.integration.oauth2.TokenResolver import org.koin.core.module.Module +import org.koin.core.qualifier.named +import org.koin.core.scope.Scope import org.koin.dsl.bind +import java.net.URI fun Module.externalSystemClients(config: ApplicationConfig) { @@ -29,4 +37,80 @@ fun Module.externalSystemClients(config: ApplicationConfig) { val azureAdConfig = clientConfig.clientConfig["azure_ad"] ?: error("Fant ikke config i application.conf") OAuth2TokenProvider(accessTokenService, azureAdConfig) } bind AccessTokenProvider::class + + single (named("PROXY")){ + oauth2TokenProvider( + config, + config.getString("client.registration.clients[0].proxyscope") + ) + } bind AccessTokenProvider::class + + single (named("OPPGAVE")){ + oauth2TokenProvider( + config, + config.getString("client.registration.clients[0].oppgavescope") + ) + } bind AccessTokenProvider::class + + single (named("DOKARKIV")){ + oauth2TokenProvider( + config, + config.getString("client.registration.clients[0].dokarkivscope") + ) + } bind AccessTokenProvider::class + + single (named("SAF")){ + oauth2TokenProvider( + config, + config.getString("client.registration.clients[0].safscope") + ) + } bind AccessTokenProvider::class + + single (named("PDL")){ + oauth2TokenProvider( + config, + config.getString("client.registration.clients[0].pdlscope") + ) + } bind AccessTokenProvider::class + +} + + +private fun Scope.oauth2TokenProvider(config: ApplicationConfig, scope: String): OAuth2TokenProvider = + OAuth2TokenProvider( + oauth2Service = accessTokenService(this), + clientProperties = config.azureAdConfig(scope) + ) + +private fun accessTokenService(scope: Scope): OAuth2AccessTokenService = + DefaultOAuth2HttpClient(scope.get()).let { + OAuth2AccessTokenService( + TokenResolver(), + OnBehalfOfTokenClient(it), + ClientCredentialsTokenClient(it), + TokenExchangeClient(it) + ) + } + +private fun ApplicationConfig.azureAdConfig(scope: String): ClientProperties { + val prefix = "client.registration.clients[0]" + return ClientProperties( + getString("$prefix.token_endpoint_url").let(::URI), + getString("$prefix.well_known_url").let(::URI), + getString("$prefix.grant_type").let(::OAuth2GrantType), + scope.split(","), + authProps(), + null, + null + ) +} + +private fun ApplicationConfig.authProps(): ClientAuthenticationProperties { + val prefix = "client.registration.clients[0].authentication" + return ClientAuthenticationProperties( + getString("$prefix.client_id"), + getString("$prefix.client_auth_method").let(::ClientAuthenticationMethod), + getString("$prefix.client_secret"), + null + ) } diff --git a/src/main/kotlin/no/nav/syfo/koin/KoinProfiles.kt b/src/main/kotlin/no/nav/syfo/koin/KoinProfiles.kt index bdb2bcf4b..01ee0baeb 100644 --- a/src/main/kotlin/no/nav/syfo/koin/KoinProfiles.kt +++ b/src/main/kotlin/no/nav/syfo/koin/KoinProfiles.kt @@ -26,6 +26,7 @@ fun selectModuleBasedOnProfile(config: ApplicationConfig): List { val envModule = when (config.property("koin.profile").getString()) { "LOCAL" -> localDevConfig(config) "PREPROD" -> preprodConfig(config) + "DEV" -> devConfig(config) "PROD" -> prodConfig(config) else -> localDevConfig(config) } diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index 21fc14587..2e9790365 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -1,7 +1,6 @@ package no.nav.syfo.koin import com.zaxxer.hikari.HikariConfig -import com.zaxxer.hikari.HikariDataSource import io.ktor.config.ApplicationConfig import no.nav.helse.arbeidsgiver.bakgrunnsjobb.BakgrunnsjobbRepository import no.nav.helse.arbeidsgiver.bakgrunnsjobb.BakgrunnsjobbService @@ -60,31 +59,15 @@ import javax.sql.DataSource fun preprodConfig(config: ApplicationConfig) = module { externalSystemClients(config) single { - if (System.getenv("NAIS_CLUSTER_NAME") != "dev-gcp") { - val hikariConfig = HikariConfig() - hikariConfig.jdbcUrl = config.getjdbcUrlFromProperties() - hikariConfig.minimumIdle = 1 - hikariConfig.maximumPoolSize = 2 - HikariCPVaultUtil.createHikariDataSourceWithVaultIntegration( - hikariConfig, - config.getString("database.vault.mountpath"), - config.getString("database.vault.admin"), - ) - } else { - HikariDataSource( - HikariConfig().apply { - jdbcUrl = config.getjdbcUrlFromProperties() - username = config.getString("database.username") - password = config.getString("database.password") - maximumPoolSize = 2 - minimumIdle = 1 - idleTimeout = 10001 - connectionTimeout = 2000 - maxLifetime = 30001 - driverClassName = "org.postgresql.Driver" - } - ) - } + val hikariConfig = HikariConfig() + hikariConfig.jdbcUrl = config.getjdbcUrlFromProperties() + hikariConfig.minimumIdle = 1 + hikariConfig.maximumPoolSize = 2 + HikariCPVaultUtil.createHikariDataSourceWithVaultIntegration( + hikariConfig, + config.getString("database.vault.mountpath"), + config.getString("database.vault.admin"), + ) } bind DataSource::class single { @@ -137,7 +120,7 @@ fun preprodConfig(config: ApplicationConfig) = module { single { DuplikatRepositoryImpl(get()) } bind DuplikatRepository::class single { UtsattOppgaveDAO(UtsattOppgaveRepositoryImp(get())) } - single { OppgaveClient(config.getString("oppgavebehandling_url"), get(), get(), get()) } bind OppgaveClient::class + single { OppgaveClient(config.getString("oppgavebehandling_url"), get(), get()) { get().token } } bind OppgaveClient::class single { UtsattOppgaveService(get(), get(), get(), get(), get(), get()) } bind UtsattOppgaveService::class single { FeiletUtsattOppgaveMeldingProsessor(get(), get()) } diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index d964dfbbf..b647f55ef 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -98,10 +98,12 @@ client { token_endpoint_url: "https://login.microsoftonline.com/966ac572-f5b7-4bbe-aa88-c76419c0f851/oauth2/v2.0/token" token_endpoint_url: ${?AZURE_OPENID_CONFIG_TOKEN_ENDPOINT} grant_type: client_credentials - scope: "api://5ccfebdd-40b0-424b-9306-3383bd0febd7/.default" // UUID=ClientID for proxyappen - scope: ${?PROXY_SCOPE} // UUID=ClientID for proxyappen + proxyscope: ${?PROXY_SCOPE} + oppgavescope: ${?OPPGAVE_SCOPE} + dokarkivscope: ${?DOKARKIV_SCOPE} + safscope: ${?DOKARKIV_SCOPE} + pdlscope: ${?PDL_SCOPE} authentication: { - client_id: "2cf25df8-3940-4c5d-9e8e-8be4b316ddda" client_id: ${?AZURE_APP_CLIENT_ID} client_secret: "secret-injected-by-nais" client_secret: ${?AZURE_APP_CLIENT_SECRET} From e471be9101a09f2b4cdf13f7fcf6b30542dcbe66 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Wed, 31 Jan 2024 16:17:41 +0100 Subject: [PATCH 18/44] ktlint fix Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt b/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt index 8f0236f8a..1498c5b3f 100644 --- a/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt +++ b/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt @@ -7,7 +7,6 @@ import io.ktor.http.ContentType import io.ktor.http.contentType import io.ktor.http.withCharset import kotlinx.coroutines.runBlocking -import no.nav.helse.arbeidsgiver.integrasjoner.AccessTokenProvider import java.time.LocalDate /** From e27f83dbfef07e9554007e85b812b235c363a6cb Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Wed, 31 Jan 2024 16:20:01 +0100 Subject: [PATCH 19/44] ktlint fix 2 Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- .../kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt b/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt index 9a472529a..89ebc0247 100644 --- a/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt +++ b/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt @@ -38,44 +38,42 @@ fun Module.externalSystemClients(config: ApplicationConfig) { OAuth2TokenProvider(accessTokenService, azureAdConfig) } bind AccessTokenProvider::class - single (named("PROXY")){ + single(named("PROXY")) { oauth2TokenProvider( config, config.getString("client.registration.clients[0].proxyscope") ) } bind AccessTokenProvider::class - single (named("OPPGAVE")){ + single(named("OPPGAVE")) { oauth2TokenProvider( config, config.getString("client.registration.clients[0].oppgavescope") ) } bind AccessTokenProvider::class - single (named("DOKARKIV")){ + single(named("DOKARKIV")) { oauth2TokenProvider( config, config.getString("client.registration.clients[0].dokarkivscope") ) } bind AccessTokenProvider::class - single (named("SAF")){ + single(named("SAF")) { oauth2TokenProvider( config, config.getString("client.registration.clients[0].safscope") ) } bind AccessTokenProvider::class - single (named("PDL")){ + single(named("PDL")) { oauth2TokenProvider( config, config.getString("client.registration.clients[0].pdlscope") ) } bind AccessTokenProvider::class - } - private fun Scope.oauth2TokenProvider(config: ApplicationConfig, scope: String): OAuth2TokenProvider = OAuth2TokenProvider( oauth2Service = accessTokenService(this), From f146f511baa3a29fef00ade3e10a403c46e1f1b1 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Wed, 31 Jan 2024 16:23:01 +0100 Subject: [PATCH 20/44] fiks prodkoinprofile Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt index 616b21cd8..cffd9262c 100644 --- a/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt @@ -154,12 +154,6 @@ fun prodConfig(config: ApplicationConfig) = module { single { Norg2Client( config.getString("norg2_url"), - RestSTSAccessTokenProvider( - config.getString("security_token.username"), - config.getString("security_token.password"), - config.getString("security_token_service_token_url"), - get() - ), get() ) } bind Norg2Client::class From 82e081a2dc0821389a0d080de098117f5cab8521 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Wed, 31 Jan 2024 16:24:29 +0100 Subject: [PATCH 21/44] fiks koinprofile for integrasjonstester Co-authored-by: Mikael Bjerga Co-authored-by: Morten Byhring --- src/main/kotlin/no/nav/syfo/koin/Fakes.kt | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/Fakes.kt b/src/main/kotlin/no/nav/syfo/koin/Fakes.kt index ada2cb21f..ca416f298 100644 --- a/src/main/kotlin/no/nav/syfo/koin/Fakes.kt +++ b/src/main/kotlin/no/nav/syfo/koin/Fakes.kt @@ -114,11 +114,6 @@ fun Module.mockExternalDependecies() { single { object : Norg2Client( "", - object : AccessTokenProvider { - override fun getToken(): String { - return "token" - } - }, get() ) { override suspend fun hentAlleArbeidsfordelinger( From 2ad17e5028bc356103833ad3229ff6f81ecc537c Mon Sep 17 00:00:00 2001 From: Mikael Bjerga Date: Wed, 31 Jan 2024 16:46:08 +0100 Subject: [PATCH 22/44] Bytt Gradle-plugin for ktlint --- README.md | 9 ++++----- build.gradle.kts | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index b90e9cd61..c5cf61a5b 100644 --- a/README.md +++ b/README.md @@ -79,16 +79,15 @@ SRVSYFOINNTEKTSMELDING_PASSWORD=dummy Prosjektet bruker en [Ktlint](https://ktlint.github.io/)-plugin for Gradle som håndhever kodestilregler. Nyttige kommandoer er: -- `gradle ktlintCheck` (sier ifra om brudd på kodestilreglene) -- `gradle ktlintFormat` (retter opp i brudd på kodestilreglene) +- `gradle lintKotlin` (sier ifra om brudd på kodestilreglene) +- `gradle formatKotlin` (retter opp i brudd på kodestilreglene) Det anbefales hver utvikler å konfigurere en pre-commit hook som automatisk sjekker endrede filer for brudd på kodestilreglene. Alternativt kan man sette opp automatisk formattering. Kommandoene for dette er: -- `gradle addKtlintCheckGitPreCommitHook` (automatisk sjekk) -- `gradle addKtlintFormatGitPreCommitHook` (automatisk formattering) +- `gradle installKotlinterPrePushHook` (automatisk formattering) -Les mer om pluginen [her](https://github.com/JLLeitschuh/ktlint-gradle). +Les mer om pluginen [her](https://github.com/jeremymailen/kotlinter-gradle). ## Database Applikasjonen bruker Postgres database med JPA grensesnitt OG et JDBC grensesnitt. Skjermbildet nedenfor viser samtlige diff --git a/build.gradle.kts b/build.gradle.kts index 7ae2c92e0..4adb1f91e 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -50,7 +50,7 @@ plugins { kotlin("jvm") version "1.9.21" kotlin("plugin.serialization") version "1.9.21" id("com.github.ben-manes.versions") version "0.50.0" - id("org.jlleitschuh.gradle.ktlint") version "11.0.0" + id("org.jmailen.kotlinter") version "3.8.0" id("org.flywaydb.flyway") version "10.1.0" jacoco application From d17798fb625092b5f18f722d43f320f5c21acba2 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Wed, 31 Jan 2024 16:51:22 +0100 Subject: [PATCH 23/44] fiks feil i OppgaveClientTest Co-authored-by: Mikael Bjerga --- .../no/nav/syfo/client/OppgaveClientTest.kt | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/src/test/kotlin/no/nav/syfo/client/OppgaveClientTest.kt b/src/test/kotlin/no/nav/syfo/client/OppgaveClientTest.kt index 19f1ab7e3..46f853cd9 100644 --- a/src/test/kotlin/no/nav/syfo/client/OppgaveClientTest.kt +++ b/src/test/kotlin/no/nav/syfo/client/OppgaveClientTest.kt @@ -23,7 +23,6 @@ private const val FORDELINGSOPPGAVE_ID = 5678 class OppgaveClientTest { - private var tokenConsumer = mockk(relaxed = true) private var metrikk = mockk(relaxed = true) private lateinit var oppgaveClient: OppgaveClient @@ -32,7 +31,7 @@ class OppgaveClientTest { fun henterEksisterendeOppgave() { runBlocking { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagOppgaveResponse()), metrikk) { "mockToken" } val resultat = oppgaveClient.opprettOppgave("123", "tildeltEnhet", "aktoerid", false, false, BehandlingsTema.REFUSJON_MED_DATO) assertThat(resultat.oppgaveId).isEqualTo(OPPGAVE_ID) assertThat(resultat.duplikat).isTrue @@ -43,7 +42,7 @@ class OppgaveClientTest { fun oppretterNyOppgave() { runBlocking { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) { "mockToken" } val resultat = oppgaveClient.opprettOppgave("123", "tildeltEnhet", "aktoerid", false, false, BehandlingsTema.REFUSJON_MED_DATO) val requestVerdier = hentRequestInnhold(oppgaveClient.httpClient) assertThat(resultat.oppgaveId).isNotEqualTo(OPPGAVE_ID) @@ -58,7 +57,7 @@ class OppgaveClientTest { fun oppretterNyFordelingsOppgave() { runBlocking { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) { "mockToken" } val resultat = oppgaveClient.opprettFordelingsOppgave("journalpostId") val requestVerdier = hentRequestInnhold(oppgaveClient.httpClient) assertThat(resultat.oppgaveId).isNotEqualTo(FORDELINGSOPPGAVE_ID) @@ -72,7 +71,7 @@ class OppgaveClientTest { fun henterEksisterendeFordelingsOppgave() { runBlocking { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagFordelingsOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagFordelingsOppgaveResponse()), metrikk) { "mockToken" } val resultat = oppgaveClient.opprettFordelingsOppgave("journalpostId") assertThat(resultat.oppgaveId).isEqualTo(FORDELINGSOPPGAVE_ID) assertThat(resultat.duplikat).isTrue @@ -83,13 +82,13 @@ class OppgaveClientTest { fun skal_opprette_utland() { runBlocking { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) { "mockToken" } oppgaveClient.opprettOppgave("123", "tildeltEnhet", "aktoerid", true, false, BehandlingsTema.REFUSJON_MED_DATO) val requestVerdier = hentRequestInnhold(oppgaveClient.httpClient) assertThat(requestVerdier?.behandlingstype).isEqualTo("ae0106") } runBlocking { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) { "mockToken" } oppgaveClient.opprettOppgave("123", "tildeltEnhet", "aktoerid", true, false, BehandlingsTema.REFUSJON_UTEN_DATO) val requestVerdier = hentRequestInnhold(oppgaveClient.httpClient) assertThat(requestVerdier?.behandlingstype).isEqualTo("ae0106") @@ -100,7 +99,7 @@ class OppgaveClientTest { fun skal_opprette_speil() { runBlocking { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) { "mockToken" } oppgaveClient.opprettOppgave("123", "tildeltEnhet", "aktoerid", true, true, BehandlingsTema.REFUSJON_UTEN_DATO) val requestVerdier = hentRequestInnhold(oppgaveClient.httpClient) assertThat(requestVerdier?.behandlingstema).isEqualTo("ab0455") @@ -110,7 +109,7 @@ class OppgaveClientTest { @Test fun henterRiktigFerdigstillelsesFrist() { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) { "mockToken" } val onsdag = LocalDate.of(2019, Month.NOVEMBER, 27) val fredag = LocalDate.of(2019, Month.NOVEMBER, 29) val lørdag = LocalDate.of(2019, Month.NOVEMBER, 30) @@ -126,19 +125,19 @@ class OppgaveClientTest { fun skal_utbetale_til_bruker() { runBlocking { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) { "mockToken" } oppgaveClient.opprettOppgave("123", "tildeltEnhet", "aktoerid", false, false, BehandlingsTema.REFUSJON_MED_DATO) val requestVerdier = hentRequestInnhold(oppgaveClient.httpClient) assertThat(requestVerdier?.behandlingstema).isEqualTo("ab0458") } runBlocking { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) { "mockToken" } oppgaveClient.opprettOppgave("123", "tildeltEnhet", "aktoerid", false, false, BehandlingsTema.IKKE_REFUSJON) val requestVerdier = hentRequestInnhold(oppgaveClient.httpClient) assertThat(requestVerdier?.behandlingstema).isEqualTo("ab0458") } runBlocking { - oppgaveClient = OppgaveClient("url", tokenConsumer, buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) + oppgaveClient = OppgaveClient("url", buildHttpClientJson(HttpStatusCode.OK, lagTomOppgaveResponse()), metrikk) { "mockToken" } oppgaveClient.opprettOppgave("123", "tildeltEnhet", "aktoerid", false, false, BehandlingsTema.REFUSJON_LITEN_LØNN) val requestVerdier = hentRequestInnhold(oppgaveClient.httpClient) assertThat(requestVerdier?.behandlingstema).isEqualTo("ab0458") From 0a4b807bd2491789f3bfaf6847896c97c39e4ca2 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Thu, 1 Feb 2024 11:12:04 +0100 Subject: [PATCH 24/44] dev-gcp: fjerner sts-properties --- deploy/dev-gcp.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index 91167afdb..117dda833 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -72,16 +72,8 @@ spec: env: - name: KOIN_PROFILE value: "DEV" - - name: SRVSYFOINNTEKTSMELDING_USERNAME - value: "srvsyfoinntektsmel" - - name: SECURITY_TOKEN_SERVICE_TOKEN_URL - value: "http://security-token-service.default.svc.nais.local/rest/v1/sts/token" - name: OPPGAVEBEHANDLING_URL value: "https://oppgave-q1.dev-fss-pub.nais.io/api/v1/oppgaver" - - name: SRVAPPSERVER_USERNAME - value: "srvappserver" - - name: SRVAPPSERVER_PASSWORD - value: "" - name: KAFKA_JOARK_HENDELSE_TOPIC value: "teamdokumenthandtering.aapen-dok-journalfoering-q1" - name: KAFKA_UTSATT_OPPGAVE_TOPIC From b266f5566a03739c38afe3f19ca5f64a1f22f174 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Thu, 1 Feb 2024 11:15:10 +0100 Subject: [PATCH 25/44] fikser slowtests --- src/test/kotlin/no/nav/syfo/client/norg/Norg2ClientTest.kt | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/test/kotlin/no/nav/syfo/client/norg/Norg2ClientTest.kt b/src/test/kotlin/no/nav/syfo/client/norg/Norg2ClientTest.kt index ddd475755..76d2dc465 100644 --- a/src/test/kotlin/no/nav/syfo/client/norg/Norg2ClientTest.kt +++ b/src/test/kotlin/no/nav/syfo/client/norg/Norg2ClientTest.kt @@ -1,9 +1,7 @@ package no.nav.syfo.client.norg import io.ktor.http.HttpStatusCode -import io.mockk.mockk import kotlinx.coroutines.runBlocking -import no.nav.helse.arbeidsgiver.integrasjoner.AccessTokenProvider import no.nav.syfo.client.buildHttpClientJson import org.assertj.core.api.Assertions.assertThat import org.junit.jupiter.api.Test @@ -13,13 +11,11 @@ class Norg2ClientTest { private lateinit var norgClient: Norg2Client - private val mockStsClient = mockk(relaxed = true) - @Test fun hentAlleArbeidsfordelinger() { runBlocking { - norgClient = Norg2Client("url", mockStsClient, buildHttpClientJson(HttpStatusCode.OK, lagResponse())) + norgClient = Norg2Client("url", buildHttpClientJson(HttpStatusCode.OK, lagResponse())) val arbeidsfordelinger = norgClient.hentAlleArbeidsfordelinger(lagRequest(), "123") assertThat(arbeidsfordelinger.size).isEqualTo(1) assertThat(arbeidsfordelinger[0].enhetNr).isEqualTo("1234") From cf49c3fb0a7ab55dae71c6dccbcddb0e1e12297f Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Thu, 1 Feb 2024 12:44:52 +0100 Subject: [PATCH 26/44] environment PREPROD Co-authored-by: Gustav Berggren --- src/main/kotlin/no/nav/syfo/App.kt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/App.kt b/src/main/kotlin/no/nav/syfo/App.kt index 7ca77bdc5..9c9f097a9 100644 --- a/src/main/kotlin/no/nav/syfo/App.kt +++ b/src/main/kotlin/no/nav/syfo/App.kt @@ -9,8 +9,6 @@ import io.ktor.server.netty.Netty import io.ktor.server.netty.NettyApplicationEngine import no.nav.helse.arbeidsgiver.bakgrunnsjobb.BakgrunnsjobbService import no.nav.helse.arbeidsgiver.kubernetes.KubernetesProbeManager -import no.nav.helse.arbeidsgiver.system.AppEnv -import no.nav.helse.arbeidsgiver.system.getEnvironment import no.nav.helse.arbeidsgiver.system.getString import no.nav.helsearbeidsgiver.utils.log.logger import no.nav.syfo.integration.kafka.UtsattOppgaveConsumer @@ -37,10 +35,11 @@ class SpinnApplication(val port: Int = 8080) : KoinComponent { private var webserver: NettyApplicationEngine? = null private var appConfig: HoconApplicationConfig = HoconApplicationConfig(ConfigFactory.load()) - private val runtimeEnvironment = appConfig.getEnvironment() + private val runtimeEnvironment = appConfig.getString("koin.profile") fun start() { - if (runtimeEnvironment == AppEnv.PREPROD || runtimeEnvironment == AppEnv.PROD) { + logger.info("Environment: $runtimeEnvironment") + if (runtimeEnvironment != "LOCAL" && runtimeEnvironment != "TEST") { logger.info("Sover i 30s i påvente av SQL proxy sidecar") Thread.sleep(30000) } From d27f6c5a9d695c7781953b452630b186c526099b Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Thu, 1 Feb 2024 13:35:21 +0100 Subject: [PATCH 27/44] rettet opp i tokenProvider clientConfig Co-authored-by: Gustav Berggren --- .../no/nav/syfo/koin/ExternalSystemsModule.kt | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt b/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt index 89ebc0247..4ff267313 100644 --- a/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt +++ b/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt @@ -23,6 +23,7 @@ import java.net.URI fun Module.externalSystemClients(config: ApplicationConfig) { + val clientConfig = config.configList("no.nav.security.jwt.client.registration.clients").first() single { val clientConfig = OAuth2ClientPropertiesConfig(config) val tokenResolver = TokenResolver() @@ -39,37 +40,38 @@ fun Module.externalSystemClients(config: ApplicationConfig) { } bind AccessTokenProvider::class single(named("PROXY")) { + oauth2TokenProvider( - config, - config.getString("client.registration.clients[0].proxyscope") + clientConfig, + clientConfig.getString("proxyscope") ) } bind AccessTokenProvider::class single(named("OPPGAVE")) { oauth2TokenProvider( - config, - config.getString("client.registration.clients[0].oppgavescope") + clientConfig, + clientConfig.getString("oppgavescope") ) } bind AccessTokenProvider::class single(named("DOKARKIV")) { oauth2TokenProvider( - config, - config.getString("client.registration.clients[0].dokarkivscope") + clientConfig, + clientConfig.getString("dokarkivscope") ) } bind AccessTokenProvider::class single(named("SAF")) { oauth2TokenProvider( - config, - config.getString("client.registration.clients[0].safscope") + clientConfig, + clientConfig.getString("safscope") ) } bind AccessTokenProvider::class single(named("PDL")) { oauth2TokenProvider( - config, - config.getString("client.registration.clients[0].pdlscope") + clientConfig, + clientConfig.getString("pdlscope") ) } bind AccessTokenProvider::class } @@ -91,11 +93,10 @@ private fun accessTokenService(scope: Scope): OAuth2AccessTokenService = } private fun ApplicationConfig.azureAdConfig(scope: String): ClientProperties { - val prefix = "client.registration.clients[0]" return ClientProperties( - getString("$prefix.token_endpoint_url").let(::URI), - getString("$prefix.well_known_url").let(::URI), - getString("$prefix.grant_type").let(::OAuth2GrantType), + getString("token_endpoint_url").let(::URI), + getString("well_known_url").let(::URI), + getString("grant_type").let(::OAuth2GrantType), scope.split(","), authProps(), null, @@ -104,7 +105,7 @@ private fun ApplicationConfig.azureAdConfig(scope: String): ClientProperties { } private fun ApplicationConfig.authProps(): ClientAuthenticationProperties { - val prefix = "client.registration.clients[0].authentication" + val prefix = "authentication" return ClientAuthenticationProperties( getString("$prefix.client_id"), getString("$prefix.client_auth_method").let(::ClientAuthenticationMethod), From 85bfcd0be37c41159092d7a8355961f880254483 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Thu, 1 Feb 2024 13:45:19 +0100 Subject: [PATCH 28/44] pdl url Co-authored-by: Gustav Berggren --- deploy/dev-gcp.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index 117dda833..ec253f25c 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -83,7 +83,7 @@ spec: - name: RUN_BACKGROUND_WORKERS value: "true" - name: PDL_URL - value: "https://pdl-api.dev-fss-pub.nais.io" + value: "https://pdl-api.dev-fss-pub.nais.io/graphql" - name: NORG2_URL value: "https://norg2.dev-fss-pub.nais.io/norg2/api" - name: SAF_DOKUMENT_URL From b3e16cbbb5e75a815532858fca44d38bf2bba00f Mon Sep 17 00:00:00 2001 From: Mikael Bjerga Date: Thu, 1 Feb 2024 13:47:03 +0100 Subject: [PATCH 29/44] Bump workflows-avhengigheter --- .github/workflows/master-gcp.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/master-gcp.yml b/.github/workflows/master-gcp.yml index 1e03ff058..2c491258f 100644 --- a/.github/workflows/master-gcp.yml +++ b/.github/workflows/master-gcp.yml @@ -30,19 +30,19 @@ jobs: POSTGRES_PASSWORD: postgres POSTGRES_DB: postgres steps: - - uses: actions/checkout@v1 - - uses: actions/setup-java@v1 + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 with: java-version: '17' - name: Cache Gradle wrapper - uses: actions/cache@v2 + uses: actions/cache@v4 with: path: ~/.gradle/wrapper key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle-wrapper- - name: Cache Gradle packages - uses: actions/cache@v2 + uses: actions/cache@v4 with: path: ~/.gradle/caches key: ${{ runner.os }}-gradle-cache-${{ hashFiles('build.gradle') }} @@ -55,7 +55,7 @@ jobs: ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Login to GitHub Packages Docker Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -69,10 +69,11 @@ jobs: name: Deploy to PREPROD needs: build runs-on: ubuntu-latest + permissions: + id-token: write steps: - - uses: actions/checkout@v1 - - uses: nais/deploy/actions/deploy@v1 + - uses: actions/checkout@v4 + - uses: nais/deploy/actions/deploy@v2 env: - APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} CLUSTER: dev-gcp RESOURCE: deploy/dev-gcp.yaml From 5da7f2bd93700b325b9b38dcdce252add0431bea Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Thu, 1 Feb 2024 15:43:12 +0100 Subject: [PATCH 30/44] =?UTF-8?q?norg2Client=20-=20legg=20inn=20accessToke?= =?UTF-8?q?n=20igjen,=20g=C3=A5=20via=20proxy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- deploy/dev-gcp.yaml | 2 +- deploy/prod.yaml | 2 +- src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt | 6 ++++-- src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt | 3 ++- src/main/kotlin/no/nav/syfo/koin/Fakes.kt | 3 ++- src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt | 8 +++++++- src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt | 8 +++++++- .../kotlin/no/nav/syfo/client/norg/Norg2ClientTest.kt | 2 +- 8 files changed, 25 insertions(+), 9 deletions(-) diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index ec253f25c..6f1b30ace 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -85,7 +85,7 @@ spec: - name: PDL_URL value: "https://pdl-api.dev-fss-pub.nais.io/graphql" - name: NORG2_URL - value: "https://norg2.dev-fss-pub.nais.io/norg2/api" + value: https://helsearbeidsgiver-proxy.dev-fss-pub.nais.io/norg - name: SAF_DOKUMENT_URL value: "https://saf-q1.dev.intern.nav.no/rest" - name: SAF_JOURNAL_URL diff --git a/deploy/prod.yaml b/deploy/prod.yaml index f48eb8746..f385b9218 100644 --- a/deploy/prod.yaml +++ b/deploy/prod.yaml @@ -104,7 +104,7 @@ spec: - name: PDL_URL value: "https://pdl-api.nais.adeo.no/graphql" - name: NORG2_URL - value: "https://norg2.nais.adeo.no/norg2/api/v1" + value: "https://norg2.nais.adeo.no/norg2/api/v1/arbeidsfordeling/enheter/bestmatch" - name: SAF_DOKUMENT_URL value: "https://saf.intern.nav.no/rest" - name: SAF_JOURNAL_URL diff --git a/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt b/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt index 1498c5b3f..9f0ac8f0f 100644 --- a/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt +++ b/src/main/kotlin/no/nav/syfo/client/norg/Norg2Client.kt @@ -21,7 +21,8 @@ import java.time.LocalDate */ open class Norg2Client( private val url: String, - private val httpClient: HttpClient + private val httpClient: HttpClient, + private val getAccessToken: () -> String ) { /** @@ -29,9 +30,10 @@ open class Norg2Client( */ open suspend fun hentAlleArbeidsfordelinger(request: ArbeidsfordelingRequest, callId: String?): List { return runBlocking { - httpClient.post>(url + "/arbeidsfordeling/enheter/bestmatch") { + httpClient.post>(url) { contentType(ContentType.Application.Json.withCharset(Charsets.UTF_8)) header("X-Correlation-ID", callId) + header("Authorization", "Bearer ${getAccessToken()}") body = request } } diff --git a/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt index 3846cb5d1..c6a56fe20 100644 --- a/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt @@ -146,7 +146,8 @@ fun devConfig(config: ApplicationConfig) = module { single { Norg2Client( config.getString("norg2_url"), - get() + get(), + get(qualifier = named("PROXY"))::getToken, ) } bind Norg2Client::class diff --git a/src/main/kotlin/no/nav/syfo/koin/Fakes.kt b/src/main/kotlin/no/nav/syfo/koin/Fakes.kt index ca416f298..ce951d5c9 100644 --- a/src/main/kotlin/no/nav/syfo/koin/Fakes.kt +++ b/src/main/kotlin/no/nav/syfo/koin/Fakes.kt @@ -114,7 +114,8 @@ fun Module.mockExternalDependecies() { single { object : Norg2Client( "", - get() + get(), + get()::getToken ) { override suspend fun hentAlleArbeidsfordelinger( request: ArbeidsfordelingRequest, diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index 2e9790365..1f020bd9e 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -153,7 +153,13 @@ fun preprodConfig(config: ApplicationConfig) = module { single { Norg2Client( config.getString("norg2_url"), - get() + get(), + RestSTSAccessTokenProvider( + config.getString("security_token.username"), + config.getString("security_token.password"), + config.getString("security_token_service_token_url"), + get() + )::getToken, ) } bind Norg2Client::class diff --git a/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt index cffd9262c..9a81dc299 100644 --- a/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt @@ -154,7 +154,13 @@ fun prodConfig(config: ApplicationConfig) = module { single { Norg2Client( config.getString("norg2_url"), - get() + get(), + RestSTSAccessTokenProvider( + config.getString("security_token.username"), + config.getString("security_token.password"), + config.getString("security_token_service_token_url"), + get() + )::getToken ) } bind Norg2Client::class diff --git a/src/test/kotlin/no/nav/syfo/client/norg/Norg2ClientTest.kt b/src/test/kotlin/no/nav/syfo/client/norg/Norg2ClientTest.kt index 76d2dc465..f1346a7c7 100644 --- a/src/test/kotlin/no/nav/syfo/client/norg/Norg2ClientTest.kt +++ b/src/test/kotlin/no/nav/syfo/client/norg/Norg2ClientTest.kt @@ -15,7 +15,7 @@ class Norg2ClientTest { fun hentAlleArbeidsfordelinger() { runBlocking { - norgClient = Norg2Client("url", buildHttpClientJson(HttpStatusCode.OK, lagResponse())) + norgClient = Norg2Client("url", buildHttpClientJson(HttpStatusCode.OK, lagResponse())) { "norg-token" } val arbeidsfordelinger = norgClient.hentAlleArbeidsfordelinger(lagRequest(), "123") assertThat(arbeidsfordelinger.size).isEqualTo(1) assertThat(arbeidsfordelinger[0].enhetNr).isEqualTo("1234") From 72a729cab3bad0eed2114569a9a95e3351786531 Mon Sep 17 00:00:00 2001 From: Mikael Bjerga Date: Thu, 1 Feb 2024 15:48:15 +0100 Subject: [PATCH 31/44] =?UTF-8?q?Legg=20til=20n=C3=B8dvendige=20argumenter?= =?UTF-8?q?=20i=20workflow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/master-gcp.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/master-gcp.yml b/.github/workflows/master-gcp.yml index 2c491258f..e53ed5b8a 100644 --- a/.github/workflows/master-gcp.yml +++ b/.github/workflows/master-gcp.yml @@ -33,7 +33,9 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-java@v4 with: - java-version: '17' + java-version: 17 + distribution: temurin + cache: gradle - name: Cache Gradle wrapper uses: actions/cache@v4 with: From 0809df050e7cbf9aee5236718d978f0d900d7c19 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Fri, 2 Feb 2024 12:49:52 +0100 Subject: [PATCH 32/44] bump postgres versjon i slowtester Co-authored-by: Morten Byhring --- docker/local/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/local/Dockerfile b/docker/local/Dockerfile index ff53cf2e6..e8e4ce59b 100644 --- a/docker/local/Dockerfile +++ b/docker/local/Dockerfile @@ -1,4 +1,4 @@ -FROM postgres:12 +FROM postgres:14 RUN localedef -i nb_NO -c -f UTF-8 -A /usr/share/locale/locale.alias nb_NO.UTF-8 ENV LANG nb_NO.utf8 From 4c6569a32c7a96d5bec9fb2d3c4b0cb786230de5 Mon Sep 17 00:00:00 2001 From: Gustav Berggren Date: Fri, 2 Feb 2024 13:57:22 +0100 Subject: [PATCH 33/44] bruk riktig ingresser for saf og dokarkiv Co-authored-by: Morten Byhring --- deploy/dev-gcp.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index 6f1b30ace..0629a68e7 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -61,6 +61,8 @@ spec: - host: norg2.dev-fss-pub.nais.io - host: oppgave-q1.dev-fss-pub.nais.io - host: pdl-api.dev-fss-pub.nais.io + - host: dokarkiv.dev-fss-pub.nais.io + - host: saf.dev-fss-pub.nais.io inbound: rules: - application: im-bro-spinn @@ -79,7 +81,7 @@ spec: - name: KAFKA_UTSATT_OPPGAVE_TOPIC value: "tbd.spre-oppgaver" - name: DOKARKIV_URL - value: "https://dokarkiv-q1.dev.intern.nav.no/rest/journalpostapi/v1" + value: "https://dokarkiv.dev-fss-pub.nais.io/rest/journalpostapi/v1" - name: RUN_BACKGROUND_WORKERS value: "true" - name: PDL_URL @@ -87,9 +89,9 @@ spec: - name: NORG2_URL value: https://helsearbeidsgiver-proxy.dev-fss-pub.nais.io/norg - name: SAF_DOKUMENT_URL - value: "https://saf-q1.dev.intern.nav.no/rest" + value: "https://saf.dev-fss-pub.nais.io/rest" - name: SAF_JOURNAL_URL - value: "https://saf-q1.dev.intern.nav.no/graphql" + value: "https://saf.dev-fss-pub.nais.io/graphql" - name: ENHETSREGISTERET_URL value: "https://data.brreg.no/enhetsregisteret/api/underenheter/" - name: DOKARKIV_SCOPE From fc52ded127ee321bfdd7c166e4e30655be9e5f4a Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Fri, 2 Feb 2024 15:41:28 +0100 Subject: [PATCH 34/44] korrekt saf_scope! Co-authored-by: Gustav Berggren --- src/main/resources/application.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index b647f55ef..b845f6390 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -101,7 +101,7 @@ client { proxyscope: ${?PROXY_SCOPE} oppgavescope: ${?OPPGAVE_SCOPE} dokarkivscope: ${?DOKARKIV_SCOPE} - safscope: ${?DOKARKIV_SCOPE} + safscope: ${?SAF_SCOPE} pdlscope: ${?PDL_SCOPE} authentication: { client_id: ${?AZURE_APP_CLIENT_ID} From 6c26c19897e9fac7ef7d3074b740e72a8640a5e9 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Mon, 5 Feb 2024 09:59:52 +0100 Subject: [PATCH 35/44] fjerner gammel workflow for deploy til dev-fss Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- .github/workflows/master.yml | 78 ------------------------------------ 1 file changed, 78 deletions(-) delete mode 100644 .github/workflows/master.yml diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml deleted file mode 100644 index fe4f243f1..000000000 --- a/.github/workflows/master.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: Preprod - -on: - push: - branches: - - master - - 'preprod/**' - -env: - IMAGE: ghcr.io/${{ github.repository }}/syfoinntektsmelding:${{ github.sha }} - -jobs: - # Label of the container job - build: - # You must use a Linux environment when using service containers or container jobs - runs-on: ubuntu-latest - permissions: - packages: write - # Service containers to run with `container-job` - services: - # Label used to access the service container - postgres: - # Docker Hub image - image: postgres - ports: - # Maps tcp port 5432 on service container to the host - - 5432:5432 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - POSTGRES_DB: postgres - steps: - - uses: actions/checkout@v1 - - uses: actions/setup-java@v1 - with: - java-version: '17' - - name: Cache Gradle wrapper - uses: actions/cache@v2 - with: - path: ~/.gradle/wrapper - key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }} - restore-keys: | - ${{ runner.os }}-gradle-wrapper- - - name: Cache Gradle packages - uses: actions/cache@v2 - with: - path: ~/.gradle/caches - key: ${{ runner.os }}-gradle-cache-${{ hashFiles('build.gradle') }} - restore-keys: | - ${{ runner.os }}-gradle-cache- - - name: test and build - run: ./gradlew test build - env: - ORG_GRADLE_PROJECT_githubUser: x-access-token - ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Login to GitHub Packages Docker Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and publish Docker image - run: | - docker build --tag ${IMAGE} . - docker push ${IMAGE} - - deploy: - name: Deploy to PREPROD - needs: build - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - uses: nais/deploy/actions/deploy@v1 - env: - APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} - CLUSTER: dev-fss - RESOURCE: deploy/dev.yaml From 3a8c5fe9b810a3c8b7f07f6278415f879ed9de2d Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Mon, 5 Feb 2024 10:08:57 +0100 Subject: [PATCH 36/44] rydder i properties Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- deploy/dev-gcp.yaml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/deploy/dev-gcp.yaml b/deploy/dev-gcp.yaml index 0629a68e7..48236528b 100644 --- a/deploy/dev-gcp.yaml +++ b/deploy/dev-gcp.yaml @@ -66,24 +66,22 @@ spec: inbound: rules: - application: im-bro-spinn - namespace: helsearbeidsgiver - cluster: dev-gcp - application: sparkel-dokumenter namespace: tbd - cluster: dev-gcp + env: - name: KOIN_PROFILE value: "DEV" - - name: OPPGAVEBEHANDLING_URL - value: "https://oppgave-q1.dev-fss-pub.nais.io/api/v1/oppgaver" + - name: RUN_BACKGROUND_WORKERS + value: "true" - name: KAFKA_JOARK_HENDELSE_TOPIC value: "teamdokumenthandtering.aapen-dok-journalfoering-q1" - name: KAFKA_UTSATT_OPPGAVE_TOPIC value: "tbd.spre-oppgaver" - name: DOKARKIV_URL value: "https://dokarkiv.dev-fss-pub.nais.io/rest/journalpostapi/v1" - - name: RUN_BACKGROUND_WORKERS - value: "true" + - name: OPPGAVEBEHANDLING_URL + value: "https://oppgave-q1.dev-fss-pub.nais.io/api/v1/oppgaver" - name: PDL_URL value: "https://pdl-api.dev-fss-pub.nais.io/graphql" - name: NORG2_URL From a99462501bc66bbfa4257124aa4b26abfe288dcf Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Mon, 5 Feb 2024 10:15:14 +0100 Subject: [PATCH 37/44] start kafka og bgjobber i prod-fss og dev, ikke i prod-gcp Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- src/main/kotlin/no/nav/syfo/App.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/kotlin/no/nav/syfo/App.kt b/src/main/kotlin/no/nav/syfo/App.kt index 9c9f097a9..a28b8bf19 100644 --- a/src/main/kotlin/no/nav/syfo/App.kt +++ b/src/main/kotlin/no/nav/syfo/App.kt @@ -45,7 +45,7 @@ class SpinnApplication(val port: Int = 8080) : KoinComponent { } startKoin { modules(selectModuleBasedOnProfile(appConfig)) } migrateDatabase() - if (System.getenv("NAIS_CLUSTER_NAME") == "dev-gcp") { + if (System.getenv("NAIS_CLUSTER_NAME") != "prod-gcp") { configAndStartBackgroundWorkers() startKafkaConsumer() } From f549c019782b84ed5bdbb8d9a06b93ebcdcb6e7b Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Mon, 5 Feb 2024 10:19:03 +0100 Subject: [PATCH 38/44] lagt til TODO Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index 1f020bd9e..974cd08d6 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -56,6 +56,7 @@ import org.koin.dsl.bind import org.koin.dsl.module import javax.sql.DataSource +//TODO: kan fjernes fun preprodConfig(config: ApplicationConfig) = module { externalSystemClients(config) single { From b962cb1bc3f655788c73dd22f58bd7d195bf6369 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Mon, 5 Feb 2024 10:40:52 +0100 Subject: [PATCH 39/44] lagt til TODO Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt index c6a56fe20..d7ce0e03b 100644 --- a/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt @@ -176,7 +176,7 @@ fun devConfig(config: ApplicationConfig) = module { } bind DokArkivClient::class single { BrregClientImp(get(qualifier = named("proxyHttpClient")), config.getString("berreg_enhet_url")) } bind BrregClient::class - +//TODO: trekk ut topic og consumerConfig-properties single { InntektsmeldingConsumer( commonAivenProperties() + mapOf( From e8c2a85cf94d3796f0f2890f1d8edfbee41e41e6 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Mon, 5 Feb 2024 10:41:30 +0100 Subject: [PATCH 40/44] ktlint Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt | 2 +- src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt index d7ce0e03b..5f03bc055 100644 --- a/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt @@ -176,7 +176,7 @@ fun devConfig(config: ApplicationConfig) = module { } bind DokArkivClient::class single { BrregClientImp(get(qualifier = named("proxyHttpClient")), config.getString("berreg_enhet_url")) } bind BrregClient::class -//TODO: trekk ut topic og consumerConfig-properties +// TODO: trekk ut topic og consumerConfig-properties single { InntektsmeldingConsumer( commonAivenProperties() + mapOf( diff --git a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt index 974cd08d6..50d47be64 100644 --- a/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/PreprodKoinProfile.kt @@ -56,7 +56,7 @@ import org.koin.dsl.bind import org.koin.dsl.module import javax.sql.DataSource -//TODO: kan fjernes +// TODO: kan fjernes fun preprodConfig(config: ApplicationConfig) = module { externalSystemClients(config) single { From b6643ee25198c5957f1cd7bccb168960cee4dde0 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Mon, 5 Feb 2024 10:56:47 +0100 Subject: [PATCH 41/44] midlertidig endring: nye azure tokenproviders opprettes kun i dev Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- .../kotlin/no/nav/syfo/koin/DevKoinProfile.kt | 89 +++++++++++++++++++ .../no/nav/syfo/koin/ExternalSystemsModule.kt | 84 ----------------- 2 files changed, 89 insertions(+), 84 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt index 5f03bc055..67ea201e1 100644 --- a/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/DevKoinProfile.kt @@ -1,5 +1,6 @@ package no.nav.syfo.koin +import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod import com.zaxxer.hikari.HikariConfig import com.zaxxer.hikari.HikariDataSource import io.ktor.config.ApplicationConfig @@ -7,9 +8,17 @@ import no.nav.helse.arbeidsgiver.bakgrunnsjobb.BakgrunnsjobbRepository import no.nav.helse.arbeidsgiver.bakgrunnsjobb.BakgrunnsjobbService import no.nav.helse.arbeidsgiver.bakgrunnsjobb.PostgresBakgrunnsjobbRepository import no.nav.helse.arbeidsgiver.integrasjoner.AccessTokenProvider +import no.nav.helse.arbeidsgiver.integrasjoner.OAuth2TokenProvider import no.nav.helse.arbeidsgiver.integrasjoner.pdl.PdlClient import no.nav.helse.arbeidsgiver.integrasjoner.pdl.PdlClientImpl import no.nav.helse.arbeidsgiver.system.getString +import no.nav.security.token.support.client.core.ClientAuthenticationProperties +import no.nav.security.token.support.client.core.ClientProperties +import no.nav.security.token.support.client.core.OAuth2GrantType +import no.nav.security.token.support.client.core.oauth2.ClientCredentialsTokenClient +import no.nav.security.token.support.client.core.oauth2.OAuth2AccessTokenService +import no.nav.security.token.support.client.core.oauth2.OnBehalfOfTokenClient +import no.nav.security.token.support.client.core.oauth2.TokenExchangeClient import no.nav.syfo.MetrikkVarsler import no.nav.syfo.behandling.InntektsmeldingBehandler import no.nav.syfo.client.BrregClient @@ -24,6 +33,8 @@ import no.nav.syfo.integration.kafka.commonAivenProperties import no.nav.syfo.integration.kafka.joarkAivenProperties import no.nav.syfo.integration.kafka.journalpost.JournalpostHendelseConsumer import no.nav.syfo.integration.kafka.utsattOppgaveAivenProperties +import no.nav.syfo.integration.oauth2.DefaultOAuth2HttpClient +import no.nav.syfo.integration.oauth2.TokenResolver import no.nav.syfo.producer.InntektsmeldingAivenProducer import no.nav.syfo.prosesser.FinnAlleUtgaandeOppgaverProcessor import no.nav.syfo.prosesser.FjernInntektsmeldingByBehandletProcessor @@ -51,11 +62,51 @@ import no.nav.syfo.utsattoppgave.UtsattOppgaveService import org.apache.kafka.clients.consumer.ConsumerConfig import org.apache.kafka.common.serialization.StringDeserializer import org.koin.core.qualifier.named +import org.koin.core.scope.Scope import org.koin.dsl.bind import org.koin.dsl.module +import java.net.URI import javax.sql.DataSource fun devConfig(config: ApplicationConfig) = module { + + val clientConfig = config.configList("no.nav.security.jwt.client.registration.clients").first() + single(named("PROXY")) { + + oauth2TokenProvider( + clientConfig, + clientConfig.getString("proxyscope") + ) + } bind AccessTokenProvider::class + + single(named("OPPGAVE")) { + oauth2TokenProvider( + clientConfig, + clientConfig.getString("oppgavescope") + ) + } bind AccessTokenProvider::class + + single(named("DOKARKIV")) { + oauth2TokenProvider( + clientConfig, + clientConfig.getString("dokarkivscope") + ) + } bind AccessTokenProvider::class + + single(named("SAF")) { + oauth2TokenProvider( + clientConfig, + clientConfig.getString("safscope") + ) + } bind AccessTokenProvider::class + + single(named("PDL")) { + oauth2TokenProvider( + clientConfig, + clientConfig.getString("pdlscope") + ) + } bind AccessTokenProvider::class + externalSystemClients(config) single { HikariDataSource( @@ -194,3 +245,41 @@ fun devConfig(config: ApplicationConfig) = module { ) } } + +private fun Scope.oauth2TokenProvider(config: ApplicationConfig, scope: String): OAuth2TokenProvider = + OAuth2TokenProvider( + oauth2Service = accessTokenService(this), + clientProperties = config.azureAdConfig(scope) + ) + +private fun accessTokenService(scope: Scope): OAuth2AccessTokenService = + DefaultOAuth2HttpClient(scope.get()).let { + OAuth2AccessTokenService( + TokenResolver(), + OnBehalfOfTokenClient(it), + ClientCredentialsTokenClient(it), + TokenExchangeClient(it) + ) + } + +private fun ApplicationConfig.azureAdConfig(scope: String): ClientProperties { + return ClientProperties( + getString("token_endpoint_url").let(::URI), + getString("well_known_url").let(::URI), + getString("grant_type").let(::OAuth2GrantType), + scope.split(","), + authProps(), + null, + null + ) +} + +private fun ApplicationConfig.authProps(): ClientAuthenticationProperties { + val prefix = "authentication" + return ClientAuthenticationProperties( + getString("$prefix.client_id"), + getString("$prefix.client_auth_method").let(::ClientAuthenticationMethod), + getString("$prefix.client_secret"), + null + ) +} diff --git a/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt b/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt index 4ff267313..5f211488c 100644 --- a/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt +++ b/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt @@ -1,13 +1,8 @@ package no.nav.syfo.koin -import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod import io.ktor.config.ApplicationConfig import no.nav.helse.arbeidsgiver.integrasjoner.AccessTokenProvider import no.nav.helse.arbeidsgiver.integrasjoner.OAuth2TokenProvider -import no.nav.helse.arbeidsgiver.system.getString -import no.nav.security.token.support.client.core.ClientAuthenticationProperties -import no.nav.security.token.support.client.core.ClientProperties -import no.nav.security.token.support.client.core.OAuth2GrantType import no.nav.security.token.support.client.core.oauth2.ClientCredentialsTokenClient import no.nav.security.token.support.client.core.oauth2.OAuth2AccessTokenService import no.nav.security.token.support.client.core.oauth2.OnBehalfOfTokenClient @@ -16,14 +11,10 @@ import no.nav.syfo.integration.oauth2.DefaultOAuth2HttpClient import no.nav.syfo.integration.oauth2.OAuth2ClientPropertiesConfig import no.nav.syfo.integration.oauth2.TokenResolver import org.koin.core.module.Module -import org.koin.core.qualifier.named -import org.koin.core.scope.Scope import org.koin.dsl.bind -import java.net.URI fun Module.externalSystemClients(config: ApplicationConfig) { - val clientConfig = config.configList("no.nav.security.jwt.client.registration.clients").first() single { val clientConfig = OAuth2ClientPropertiesConfig(config) val tokenResolver = TokenResolver() @@ -34,82 +25,7 @@ fun Module.externalSystemClients(config: ApplicationConfig) { ClientCredentialsTokenClient(oauthHttpClient), TokenExchangeClient(oauthHttpClient) ) - val azureAdConfig = clientConfig.clientConfig["azure_ad"] ?: error("Fant ikke config i application.conf") OAuth2TokenProvider(accessTokenService, azureAdConfig) } bind AccessTokenProvider::class - - single(named("PROXY")) { - - oauth2TokenProvider( - clientConfig, - clientConfig.getString("proxyscope") - ) - } bind AccessTokenProvider::class - - single(named("OPPGAVE")) { - oauth2TokenProvider( - clientConfig, - clientConfig.getString("oppgavescope") - ) - } bind AccessTokenProvider::class - - single(named("DOKARKIV")) { - oauth2TokenProvider( - clientConfig, - clientConfig.getString("dokarkivscope") - ) - } bind AccessTokenProvider::class - - single(named("SAF")) { - oauth2TokenProvider( - clientConfig, - clientConfig.getString("safscope") - ) - } bind AccessTokenProvider::class - - single(named("PDL")) { - oauth2TokenProvider( - clientConfig, - clientConfig.getString("pdlscope") - ) - } bind AccessTokenProvider::class -} - -private fun Scope.oauth2TokenProvider(config: ApplicationConfig, scope: String): OAuth2TokenProvider = - OAuth2TokenProvider( - oauth2Service = accessTokenService(this), - clientProperties = config.azureAdConfig(scope) - ) - -private fun accessTokenService(scope: Scope): OAuth2AccessTokenService = - DefaultOAuth2HttpClient(scope.get()).let { - OAuth2AccessTokenService( - TokenResolver(), - OnBehalfOfTokenClient(it), - ClientCredentialsTokenClient(it), - TokenExchangeClient(it) - ) - } - -private fun ApplicationConfig.azureAdConfig(scope: String): ClientProperties { - return ClientProperties( - getString("token_endpoint_url").let(::URI), - getString("well_known_url").let(::URI), - getString("grant_type").let(::OAuth2GrantType), - scope.split(","), - authProps(), - null, - null - ) -} - -private fun ApplicationConfig.authProps(): ClientAuthenticationProperties { - val prefix = "authentication" - return ClientAuthenticationProperties( - getString("$prefix.client_id"), - getString("$prefix.client_auth_method").let(::ClientAuthenticationMethod), - getString("$prefix.client_secret"), - null - ) } From acda40046fe552c11785ed38e0d621516e169565 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Mon, 5 Feb 2024 10:58:57 +0100 Subject: [PATCH 42/44] fjerner preprod fra koinprofiles Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- src/main/kotlin/no/nav/syfo/koin/KoinProfiles.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/KoinProfiles.kt b/src/main/kotlin/no/nav/syfo/koin/KoinProfiles.kt index 01ee0baeb..e59beade4 100644 --- a/src/main/kotlin/no/nav/syfo/koin/KoinProfiles.kt +++ b/src/main/kotlin/no/nav/syfo/koin/KoinProfiles.kt @@ -25,7 +25,6 @@ import org.koin.dsl.module fun selectModuleBasedOnProfile(config: ApplicationConfig): List { val envModule = when (config.property("koin.profile").getString()) { "LOCAL" -> localDevConfig(config) - "PREPROD" -> preprodConfig(config) "DEV" -> devConfig(config) "PROD" -> prodConfig(config) else -> localDevConfig(config) From e951f327eabaa1202fdd79e4ca12f9d21dce6676 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Mon, 5 Feb 2024 11:07:15 +0100 Subject: [PATCH 43/44] =?UTF-8?q?riktig=20konstrukt=C3=B8r=20for=20Oppgave?= =?UTF-8?q?Client=20i=20prod=20og=20local=20env?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- src/main/kotlin/no/nav/syfo/koin/LocalKoinProfile.kt | 2 +- src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/koin/LocalKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/LocalKoinProfile.kt index 9725e6f41..7423caa8c 100644 --- a/src/main/kotlin/no/nav/syfo/koin/LocalKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/LocalKoinProfile.kt @@ -103,7 +103,7 @@ fun localDevConfig(config: ApplicationConfig) = module { single { BehandlendeEnhetConsumer(get(), get(), get()) } bind BehandlendeEnhetConsumer::class single { DuplikatRepositoryImpl(get()) } bind DuplikatRepository::class single { UtsattOppgaveDAO(UtsattOppgaveRepositoryMockk()) } - single { OppgaveClient(config.getString("oppgavebehandling_url"), get(), get(), get()) } bind OppgaveClient::class + single { OppgaveClient(config.getString("oppgavebehandling_url"), get(), get(), get()::token) } bind OppgaveClient::class single { UtsattOppgaveService(get(), get(), get(), get(), get(), get()) } bind UtsattOppgaveService::class single { FeiletUtsattOppgaveMeldingProsessor(get(), get()) } diff --git a/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt b/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt index 9a81dc299..02031c806 100644 --- a/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt +++ b/src/main/kotlin/no/nav/syfo/koin/ProdKoinProfile.kt @@ -120,7 +120,7 @@ fun prodConfig(config: ApplicationConfig) = module { single { DuplikatRepositoryImpl(get()) } bind DuplikatRepository::class single { UtsattOppgaveDAO(UtsattOppgaveRepositoryImp(get())) } - single { OppgaveClient(config.getString("oppgavebehandling_url"), get(), get(), get()) } bind OppgaveClient::class + single { OppgaveClient(config.getString("oppgavebehandling_url"), get(), get(), get()::token) } bind OppgaveClient::class single { UtsattOppgaveService(get(), get(), get(), get(), get(), get()) } bind UtsattOppgaveService::class single { FeiletUtsattOppgaveMeldingProsessor(get(), get()) } From 9141eaf315f1f86ec185bdeac459a27db719fba9 Mon Sep 17 00:00:00 2001 From: Morten Byhring Date: Mon, 5 Feb 2024 11:17:19 +0100 Subject: [PATCH 44/44] erstatt scope med proxyscope i oauthClient config Co-authored-by: Gustav Berggren Co-authored-by: Mikael Bjerga --- .../syfo/integration/oauth2/OAuth2ClientPropertiesConfig.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/kotlin/no/nav/syfo/integration/oauth2/OAuth2ClientPropertiesConfig.kt b/src/main/kotlin/no/nav/syfo/integration/oauth2/OAuth2ClientPropertiesConfig.kt index a9ced6191..e32a250f2 100644 --- a/src/main/kotlin/no/nav/syfo/integration/oauth2/OAuth2ClientPropertiesConfig.kt +++ b/src/main/kotlin/no/nav/syfo/integration/oauth2/OAuth2ClientPropertiesConfig.kt @@ -6,7 +6,7 @@ import no.nav.security.token.support.client.core.ClientAuthenticationProperties import no.nav.security.token.support.client.core.ClientProperties import no.nav.security.token.support.client.core.OAuth2GrantType import java.net.URI - +// TODO: Kan fjernes etter hvert, ligger som private funksjoner i DevKoinProfile (må verifiseres) class OAuth2ClientPropertiesConfig( applicationConfig: ApplicationConfig ) { @@ -19,7 +19,7 @@ class OAuth2ClientPropertiesConfig( URI(clientConfig.propertyToString("token_endpoint_url")), wellKnownUrl?.let { URI(it) }, OAuth2GrantType(clientConfig.propertyToString("grant_type")), - clientConfig.propertyToStringOrNull("scope")?.split(","), + clientConfig.propertyToStringOrNull("proxyscope")?.split(","), ClientAuthenticationProperties( clientConfig.propertyToString("authentication.client_id"), ClientAuthenticationMethod(