Circleci (#20)

Fikser 403-feil i tilgangskontroll og legger tilbake circleci
navikt · Aug 22, 2019 · 8645e75 · 8645e75
1 parent 203ecbb
commit 8645e75
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 11 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -0,0 +1,82 @@
+version: 2.1
+orbs:
+  barkendeploy: navikt/barkendeploy@dev:master
+  slack: circleci/[email protected]
+
+parameters:
+  deploy_branch:
+    type: boolean
+    default: false
+
+jobs:
+  build_jar:
+    docker:
+      - image: "circleci/openjdk:11-jdk"
+    steps:
+      - checkout
+      - setup_remote_docker
+      - barkendeploy/init
+      - barkendeploy/gradle-cache-restore
+      #      - run:
+      #          name: Run tests
+      #          command: ./gradlew test
+      - run:
+          name: Build jar file
+          command: ./gradlew shadowJar -x test
+      - barkendeploy/skip-on-env-var:
+          env_var: '"<< pipeline.parameters.deploy_branch >>"'
+      - barkendeploy/gradle-cache-persist
+      - barkendeploy/docker-build
+      - barkendeploy/docker-login
+      - barkendeploy/docker-push
+  run_tests:
+    machine:
+      image: circleci/classic:201808-01
+      docker_layer_caching: true
+    steps:
+      - checkout
+      - barkendeploy/init
+      - barkendeploy/gradle-cache-restore
+      - run:
+          name: Run tests
+          command: ./gradlew test
+workflows:
+  version: 2
+  build_and_deploy:
+    jobs:
+      - build_jar:
+          context: barkendeploy
+          filters:
+            branches:
+              only: master
+      - barkendeploy/deployment:
+          deployments:
+            - barkendeploy/deploy-create:
+                cluster: dev-fss
+            - barkendeploy/deploy-create:
+                cluster: prod-fss
+          context: barkendeploy
+          requires:
+            - build_jar
+  test_branch:
+    unless: << pipeline.parameters.deploy_branch >>
+    jobs:
+      - run_tests:
+          filters:
+            branches:
+              ignore: master
+  build_branch:
+    when: << pipeline.parameters.deploy_branch >>
+    jobs:
+      - build_jar:
+          context: barkendeploy
+          filters:
+            branches:
+              ignore: master
+      - barkendeploy/deployment:
+          deployments:
+            - barkendeploy/deploy-create:
+                cluster: dev-fss
+          context: barkendeploy
+          requires:
+            - build_jar
diff --git a/src/main/kotlin/no/nav/syfo/personstatus/PersonOversiktStatusApi.kt b/src/main/kotlin/no/nav/syfo/personstatus/PersonOversiktStatusApi.kt
@@ -9,8 +9,7 @@ import no.nav.syfo.auth.isInvalidToken
 import no.nav.syfo.metric.COUNT_PERSONOVERSIKTSTATUS_ENHET_HENTET
 import no.nav.syfo.personstatus.domain.PersonOversiktStatus
 import no.nav.syfo.tilgangskontroll.TilgangskontrollConsumer
-import no.nav.syfo.util.getCallId
-import no.nav.syfo.util.validateEnhet
+import no.nav.syfo.util.*
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 
@@ -23,17 +22,17 @@ fun Route.registerPersonoversiktApi(
     route("/api/v1/personoversikt") {
         get("/enhet/{enhet}") {
                 try {
+                    val callId = getCallId()
                     val token = getTokenFromCookie(call.request.cookies)
 
                     val enhet: String = call.parameters["enhet"]?.takeIf { validateEnhet(it) }
                             ?: throw IllegalArgumentException("Enhet mangler")
 
-
-                    when (tilgangskontrollConsumer.harVeilederTilgangTilEnhet(enhet, token, getCallId())) {
+                    when (tilgangskontrollConsumer.harVeilederTilgangTilEnhet(enhet, token, callId)) {
                         true -> {
                             val personListe: List<PersonOversiktStatus> = personoversiktStatusService
                                     .hentPersonoversiktStatusTilknyttetEnhet(enhet, token)
-                                    .filter { tilgangskontrollConsumer.harVeilederTilgangTilPerson(it.fnr, token, getCallId()) }
+                                    .filter { tilgangskontrollConsumer.harVeilederTilgangTilPerson(it.fnr, token, callId) }
 
                             when {
                                 personListe.isNotEmpty() -> call.respond(personListe)
@@ -42,10 +41,13 @@ fun Route.registerPersonoversiktApi(
 
                             COUNT_PERSONOVERSIKTSTATUS_ENHET_HENTET.inc()
                         }
-                        else -> call.respond(HttpStatusCode.Forbidden)
+                        else -> {
+                            log.error("Veileder mangler tilgang til enhet, {}", CallIdArgument(callId))
+                            call.respond(HttpStatusCode.Forbidden, "Veileder mangler tilgang til enhet")
+                        }
                     }
                 } catch (e: IllegalArgumentException) {
-                    log.warn("Kan ikke hente personoversikt for enhet: {}", e.message, getCallId())
+                    log.warn("Kan ikke hente personoversikt for enhet: {}, {}", e.message, CallIdArgument(getCallId()))
                     call.respond(HttpStatusCode.BadRequest, e.message ?: "Kan ikke hente personoversikt for enhet")
                 }
             }

diff --git a/src/main/kotlin/no/nav/syfo/tilgangskontroll/TilgangskontrollConsumer.kt b/src/main/kotlin/no/nav/syfo/tilgangskontroll/TilgangskontrollConsumer.kt
@@ -4,7 +4,12 @@ import io.ktor.client.HttpClient
 import io.ktor.client.request.*
 import io.ktor.client.response.HttpResponse
 import io.ktor.http.ContentType
+import no.nav.syfo.auth.log
 import no.nav.syfo.util.NAV_CALL_ID_HEADER
+import org.slf4j.LoggerFactory
+
+
+val log = LoggerFactory.getLogger("no.nav.syfo.oversikt.tilgangskontroll")
 
 class TilgangskontrollConsumer(
         private val endpointUrl: String,
@@ -19,8 +24,8 @@ class TilgangskontrollConsumer(
         val response = client.get<HttpResponse>(getTilgangskontrollUrl(pathTilgangTilBruker)) {
             accept(ContentType.Application.Json)
             headers {
-                "Authorization" to "Bearer $token"
-                NAV_CALL_ID_HEADER to callId
+                append("Authorization", "Bearer $token")
+                append(NAV_CALL_ID_HEADER, callId)
             }
             parameter(paramFnr, fnr)
         }
@@ -31,10 +36,11 @@ class TilgangskontrollConsumer(
         val response = client.get<HttpResponse>(getTilgangskontrollUrl(pathTilgangTilEnhet)) {
             accept(ContentType.Application.Json)
             headers {
-                "Authorization" to "Bearer $token"
-                NAV_CALL_ID_HEADER to callId
+                append("Authorization", "Bearer $token")
+                append(NAV_CALL_ID_HEADER, callId)
             }
             parameter(paramEnhet, enhet)
+
         }
         return response.status.value in 200..299
     }

diff --git a/src/main/kotlin/no/nav/syfo/util/RequestUtil.kt b/src/main/kotlin/no/nav/syfo/util/RequestUtil.kt
@@ -1,5 +1,6 @@
 package no.nav.syfo.util
 
+import com.fasterxml.jackson.core.JsonGenerator
 import io.ktor.application.ApplicationCall
 import io.ktor.application.call
 import io.ktor.util.pipeline.PipelineContext