navikt · mortenbyhring · Feb 5, 2024 · Jan 30, 2024 · Jan 30, 2024 · Jan 30, 2024
@@ -30,19 +30,21 @@ jobs:
           POSTGRES_PASSWORD: postgres
           POSTGRES_DB: postgres
     steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-java@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
         with:
-          java-version: '17'
+          java-version: 17
+          distribution: temurin
+          cache: gradle
       - name: Cache Gradle wrapper
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ~/.gradle/wrapper
           key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }}
           restore-keys: |
             ${{ runner.os }}-gradle-wrapper-
       - name: Cache Gradle packages
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ~/.gradle/caches
           key: ${{ runner.os }}-gradle-cache-${{ hashFiles('build.gradle') }}
@@ -55,7 +57,7 @@ jobs:
           ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Login to GitHub Packages Docker Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -69,10 +71,11 @@ jobs:
     name: Deploy to PREPROD
     needs: build
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
-      - uses: actions/checkout@v1
-      - uses: nais/deploy/actions/deploy@v1
+      - uses: actions/checkout@v4
+      - uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-          CLUSTER: dev-fss
-          RESOURCE: deploy/dev.yaml
+          CLUSTER: dev-gcp
+          RESOURCE: deploy/dev-gcp.yaml
@@ -79,16 +79,15 @@ SRVSYFOINNTEKTSMELDING_PASSWORD=dummy
 
 Prosjektet bruker en [Ktlint](https://ktlint.github.io/)-plugin for Gradle som håndhever kodestilregler. Nyttige kommandoer er:
 
-- `gradle ktlintCheck` (sier ifra om brudd på kodestilreglene)
-- `gradle ktlintFormat` (retter opp i brudd på kodestilreglene)
+- `gradle lintKotlin` (sier ifra om brudd på kodestilreglene)
+- `gradle formatKotlin` (retter opp i brudd på kodestilreglene)
 
 Det anbefales hver utvikler å konfigurere en pre-commit hook som automatisk sjekker endrede filer for brudd på kodestilreglene.
 Alternativt kan man sette opp automatisk formattering. Kommandoene for dette er:
 
-- `gradle addKtlintCheckGitPreCommitHook` (automatisk sjekk)
-- `gradle addKtlintFormatGitPreCommitHook` (automatisk formattering)
+- `gradle installKotlinterPrePushHook` (automatisk formattering)
 
-Les mer om pluginen [her](https://github.com/JLLeitschuh/ktlint-gradle).
+Les mer om pluginen [her](https://github.com/jeremymailen/kotlinter-gradle).
 
 ## Database
 Applikasjonen bruker Postgres database med JPA grensesnitt OG et JDBC grensesnitt. Skjermbildet nedenfor viser samtlige 

@@ -50,7 +50,7 @@ plugins {
     kotlin("jvm") version "1.9.21"
     kotlin("plugin.serialization") version "1.9.21"
     id("com.github.ben-manes.versions") version "0.50.0"
-    id("org.jlleitschuh.gradle.ktlint") version "11.0.0"
+    id("org.jmailen.kotlinter") version "3.8.0"
     id("org.flywaydb.flyway") version "10.1.0"
     jacoco
     application

@@ -0,0 +1,105 @@
+apiVersion: nais.io/v1alpha1
+kind: Application
+metadata:
+  name: spinosaurus
+  namespace: helsearbeidsgiver
+  labels:
+    team: helsearbeidsgiver
+spec:
+  ingresses:
+    - https://spinosaurus.intern.dev.nav.no
+  image: {{image}}
+  port: 8080
+  prometheus:
+    enabled: false
+    path: /metrics
+  liveness:
+    failureThreshold: 3
+    initialDelay: 60
+    path: /health/is-alive
+    periodSeconds: 10
+    timeout: 1
+  readiness:
+    failureThreshold: 3
+    initialDelay: 60
+    path: /health/is-ready
+    periodSeconds: 10
+    timeout: 1
+  replicas:
+    max: 1
+    min: 1
+  resources:
+    limits:
+      memory: 1024Mi
+    requests:
+      cpu: 500m
+      memory: 386Mi
+
+  secureLogs:
+    enabled: true
+  kafka:
+    pool: nav-dev
+  azure:
+    application:
+      enabled: true
+
+  gcp:
+    sqlInstances:
+      - type: POSTGRES_11
+        databases:
+          - name: spinosaurus
+        diskAutoresize: true
+
+  accessPolicy:
+    outbound:
+      rules:
+        - application: helsearbeidsgiver-proxy
+          namespace: helsearbeidsgiver
+          cluster: dev-fss
+      external:
+        - host: data.brreg.no
+        - host: norg2.dev-fss-pub.nais.io
+        - host: oppgave-q1.dev-fss-pub.nais.io
+        - host: pdl-api.dev-fss-pub.nais.io
+        - host: dokarkiv.dev-fss-pub.nais.io
+        - host: saf.dev-fss-pub.nais.io
+    inbound:
+      rules:
+        - application: im-bro-spinn
+        - application: sparkel-dokumenter
+          namespace: tbd
+
+  env:
+    - name: KOIN_PROFILE
+      value: "DEV"
+    - name: RUN_BACKGROUND_WORKERS
+      value: "true"
+    - name: KAFKA_JOARK_HENDELSE_TOPIC
+      value: "teamdokumenthandtering.aapen-dok-journalfoering-q1"
+    - name: KAFKA_UTSATT_OPPGAVE_TOPIC
+      value: "tbd.spre-oppgaver"
+    - name: DOKARKIV_URL
+      value: "https://dokarkiv.dev-fss-pub.nais.io/rest/journalpostapi/v1"
+    - name: OPPGAVEBEHANDLING_URL
+      value: "https://oppgave-q1.dev-fss-pub.nais.io/api/v1/oppgaver"
+    - name: PDL_URL
+      value: "https://pdl-api.dev-fss-pub.nais.io/graphql"
+    - name: NORG2_URL
+      value: https://helsearbeidsgiver-proxy.dev-fss-pub.nais.io/norg
+    - name: SAF_DOKUMENT_URL
+      value: "https://saf.dev-fss-pub.nais.io/rest"
+    - name: SAF_JOURNAL_URL
+      value: "https://saf.dev-fss-pub.nais.io/graphql"
+    - name: ENHETSREGISTERET_URL
+      value: "https://data.brreg.no/enhetsregisteret/api/underenheter/"
+    - name: DOKARKIV_SCOPE
+      value: api://dev-fss.teamdokumenthandtering.dokarkiv-q1/.default
+    - name: SAF_SCOPE
+      value: api://dev-fss.teamdokumenthandtering.saf-q1/.default
+    - name: OPPGAVE_SCOPE
+      value: api://dev-fss.oppgavehandtering.oppgave-q1/.default
+    - name: PDL_SCOPE
+      value: api://dev-fss.pdl.pdl-api/.default
+    - name: PROXY_SCOPE
+      value: api://dev-fss.helsearbeidsgiver.helsearbeidsgiver-proxy/.default
+
@@ -104,7 +104,7 @@ spec:
     - name: PDL_URL
       value: "https://pdl-api.nais.adeo.no/graphql"
     - name: NORG2_URL
-      value: "https://norg2.nais.adeo.no/norg2/api/v1"
+      value: "https://norg2.nais.adeo.no/norg2/api/v1/arbeidsfordeling/enheter/bestmatch"
     - name: SAF_DOKUMENT_URL
       value: "https://saf.intern.nav.no/rest"
     - name: SAF_JOURNAL_URL

@@ -1,4 +1,4 @@
-FROM postgres:12
+FROM postgres:14
 
 RUN localedef -i nb_NO -c -f UTF-8 -A /usr/share/locale/locale.alias nb_NO.UTF-8
 ENV LANG nb_NO.utf8

@@ -9,8 +9,6 @@ import io.ktor.server.netty.Netty
 import io.ktor.server.netty.NettyApplicationEngine
 import no.nav.helse.arbeidsgiver.bakgrunnsjobb.BakgrunnsjobbService
 import no.nav.helse.arbeidsgiver.kubernetes.KubernetesProbeManager
-import no.nav.helse.arbeidsgiver.system.AppEnv
-import no.nav.helse.arbeidsgiver.system.getEnvironment
 import no.nav.helse.arbeidsgiver.system.getString
 import no.nav.helsearbeidsgiver.utils.log.logger
 import no.nav.syfo.integration.kafka.UtsattOppgaveConsumer
@@ -37,17 +35,20 @@ class SpinnApplication(val port: Int = 8080) : KoinComponent {
     private var webserver: NettyApplicationEngine? = null
     private var appConfig: HoconApplicationConfig = HoconApplicationConfig(ConfigFactory.load())
 
-    private val runtimeEnvironment = appConfig.getEnvironment()
+    private val runtimeEnvironment = appConfig.getString("koin.profile")
 
     fun start() {
-        if (runtimeEnvironment == AppEnv.PREPROD || runtimeEnvironment == AppEnv.PROD) {
+        logger.info("Environment: $runtimeEnvironment")
+        if (runtimeEnvironment != "LOCAL" && runtimeEnvironment != "TEST") {
             logger.info("Sover i 30s i påvente av SQL proxy sidecar")
             Thread.sleep(30000)
         }
         startKoin { modules(selectModuleBasedOnProfile(appConfig)) }
         migrateDatabase()
-        configAndStartBackgroundWorkers()
-        startKafkaConsumer()
+        if (System.getenv("NAIS_CLUSTER_NAME") != "prod-gcp") {
+            configAndStartBackgroundWorkers()
+            startKafkaConsumer()
+        }
         configAndStartWebserver()
     }
 

@@ -27,18 +27,18 @@ const val BEHANDLINGSTEMA_UTBETALING_TIL_BRUKER = "ab0458"
 const val BEHANDLINGSTYPE_UTLAND = "ae0106"
 const val BEHANDLINGSTYPE_NORMAL = "ab0061"
 
-class OppgaveClient constructor(
+class OppgaveClient(
     val oppgavebehndlingUrl: String,
-    val tokenConsumer: TokenConsumer,
     val httpClient: HttpClient,
-    val metrikk: Metrikk
+    val metrikk: Metrikk,
+    val getAccessToken: () -> String
 ) {
     private val logger = this.logger()
 
     private suspend fun opprettOppgave(opprettOppgaveRequest: OpprettOppgaveRequest): OpprettOppgaveResponse = retry("opprett_oppgave") {
         httpClient.post<OpprettOppgaveResponse>(oppgavebehndlingUrl) {
             contentType(ContentType.Application.Json)
-            this.header("Authorization", "Bearer ${tokenConsumer.token}")
+            this.header("Authorization", "Bearer ${getAccessToken()}")
             this.header("X-Correlation-ID", MdcUtils.getCallId())
             body = opprettOppgaveRequest
         }
@@ -49,7 +49,7 @@ class OppgaveClient constructor(
             val callId = MdcUtils.getCallId()
             logger.info("Henter oppgave med CallId $callId")
             httpClient.get<OppgaveResponse>(oppgavebehndlingUrl) {
-                this.header("Authorization", "Bearer ${tokenConsumer.token}")
+                this.header("Authorization", "Bearer ${getAccessToken()}")
                 this.header("X-Correlation-ID", callId)
                 parameter("tema", TEMA)
                 parameter("oppgavetype", oppgavetype)

@@ -7,7 +7,6 @@ import io.ktor.http.ContentType
 import io.ktor.http.contentType
 import io.ktor.http.withCharset
 import kotlinx.coroutines.runBlocking
-import no.nav.helse.arbeidsgiver.integrasjoner.AccessTokenProvider
 import java.time.LocalDate
 
 /**
@@ -22,20 +21,19 @@ import java.time.LocalDate
  */
 open class Norg2Client(
     private val url: String,
-    private val stsClient: AccessTokenProvider,
-    private val httpClient: HttpClient
+    private val httpClient: HttpClient,
+    private val getAccessToken: () -> String
 ) {
 
     /**
      * Oppslag av informasjon om ruting av arbeidsoppgaver til enheter.
      */
     open suspend fun hentAlleArbeidsfordelinger(request: ArbeidsfordelingRequest, callId: String?): List<ArbeidsfordelingResponse> {
-        val stsToken = stsClient.getToken()
         return runBlocking {
-            httpClient.post<List<ArbeidsfordelingResponse>>(url + "/arbeidsfordeling/enheter/bestmatch") {
+            httpClient.post<List<ArbeidsfordelingResponse>>(url) {
                 contentType(ContentType.Application.Json.withCharset(Charsets.UTF_8))
-                header("Authorization", "Bearer $stsToken")
                 header("X-Correlation-ID", callId)
+                header("Authorization", "Bearer ${getAccessToken()}")
                 body = request
             }
         }

@@ -6,7 +6,7 @@ import no.nav.security.token.support.client.core.ClientAuthenticationProperties
 import no.nav.security.token.support.client.core.ClientProperties
 import no.nav.security.token.support.client.core.OAuth2GrantType
 import java.net.URI
-
+// TODO: Kan fjernes etter hvert, ligger som private funksjoner i DevKoinProfile (må verifiseres)
 class OAuth2ClientPropertiesConfig(
     applicationConfig: ApplicationConfig
 ) {
@@ -19,7 +19,7 @@ class OAuth2ClientPropertiesConfig(
                     URI(clientConfig.propertyToString("token_endpoint_url")),
                     wellKnownUrl?.let { URI(it) },
                     OAuth2GrantType(clientConfig.propertyToString("grant_type")),
-                    clientConfig.propertyToStringOrNull("scope")?.split(","),
+                    clientConfig.propertyToStringOrNull("proxyscope")?.split(","),
                     ClientAuthenticationProperties(
                         clientConfig.propertyToString("authentication.client_id"),
                         ClientAuthenticationMethod(