Refactor Altinn access integration and update service dependencies

Replaces PersonOrganisasjonTilgang functionality with Altinn3Tilgang integration, including adjustments to DTOs, commands, service logic, and configuration. Renamed classes and endpoints to reflect the updated functionality. Added dependency on shared data-transfer-objects library for streamlined DTO management.
navikt · Dec 20, 2024 · 705b34d · 705b34d
1 parent d2cc324
commit 705b34d
Show file tree

Hide file tree

Showing 16 changed files with 100 additions and 192 deletions.
diff --git a/...er/PersonOrganisasjonTilgangConsumer.java → ...onsumer/AltinnTilgangServiceConsumer.java b/...er/PersonOrganisasjonTilgangConsumer.java → ...onsumer/AltinnTilgangServiceConsumer.java
@@ -11,14 +11,14 @@
 import reactor.core.publisher.Mono;
 
 @Component
-public class PersonOrganisasjonTilgangConsumer {
+public class AltinnTilgangServiceConsumer {
 
     private final WebClient webClient;
     private final ServerProperties serverProperties;
     private final TokenExchange tokenExchange;
     private final GetAuthenticatedUserId getAuthenticatedUserId;
 
-    public PersonOrganisasjonTilgangConsumer(
+    public AltinnTilgangServiceConsumer(
             Consumers consumers,
             TokenExchange tokenExchange,
             WebClient.Builder webClientBuilder,

diff --git a/...uker-service/src/main/java/no/nav/testnav/apps/brukerservice/service/ValidateService.java b/...uker-service/src/main/java/no/nav/testnav/apps/brukerservice/service/ValidateService.java
@@ -1,18 +1,19 @@
 package no.nav.testnav.apps.brukerservice.service;
 
 import lombok.RequiredArgsConstructor;
-import no.nav.testnav.apps.brukerservice.consumer.PersonOrganisasjonTilgangConsumer;
+import no.nav.testnav.apps.brukerservice.consumer.AltinnTilgangServiceConsumer;
 import no.nav.testnav.apps.brukerservice.exception.UserHasNoAccessToOrgnisasjonException;
 import org.springframework.stereotype.Service;
 import reactor.core.publisher.Mono;
 
 @Service
 @RequiredArgsConstructor
 public class ValidateService {
-    private final PersonOrganisasjonTilgangConsumer client;
+
+    private final AltinnTilgangServiceConsumer altinnTilgangServiceConsumer;
 
     public Mono<Void> validateOrganiasjonsnummerAccess(String organisasjonsnummer) {
-        return client
+        return altinnTilgangServiceConsumer
                 .getOrganisasjon(organisasjonsnummer)
                 .doOnNext(organisasjon -> {
                     if (!organisasjon.getOrganisasjonsnummer().equals(organisasjonsnummer)) {

diff --git a/apps/oversikt-frontend/build.gradle b/apps/oversikt-frontend/build.gradle
@@ -13,6 +13,7 @@ sonarqube {
 dependencies {
     implementation "io.grpc:grpc-netty:$versions.grpc"
 
+    implementation 'no.nav.testnav.libs:data-transfer-objects'
     implementation "no.nav.testnav.libs:reactive-core"
     implementation "no.nav.testnav.libs:reactive-frontend"
     implementation "no.nav.testnav.libs:reactive-security"

diff --git a/apps/oversikt-frontend/config.yml b/apps/oversikt-frontend/config.yml
@@ -26,65 +26,10 @@ spec:
   accessPolicy:
     outbound:
       rules:
-        - application: dolly-backend
-        - application: dolly-backend-dev
-        - application: generer-navn-service
-        - application: organisasjon-bestilling-service
-        - application: synthdata-amelding
-        - application: synthdata-arena-aap
-        - application: synthdata-arena-dagpenger
-        - application: synthdata-arena-meldekort
-        - application: synthdata-arena-tilleggsstonad
-        - application: synthdata-arena-tiltak
-        - application: synthdata-arena-vedtakshistorikk
-        - application: synthdata-elsam-gcp
-        - application: testnav-adresse-service
-        - application: testnav-amelding-service
-        - application: testnav-app-tilgang-analyse-service
-        - application: testnav-arbeidsforhold-service
-        - application: testnav-arbeidsplassencv-proxy
-        - application: testnav-batch-bestilling-service
-        - application: testnav-bruker-service
         - application: testnav-bruker-service-dev
-        - application: testnav-endringsmelding-service
-        - application: testnav-generer-arbeidsforhold-populasjon-service
-        - application: testnav-generer-organisasjon-populasjon-service
-        - application: testnav-generer-synt-amelding-service
-        - application: testnav-helsepersonell-service
-        - application: testnav-ident-pool
-        - application: testnav-inntektsmelding-generator-service
-        - application: testnav-inntektsmelding-service
-        - application: testnav-jenkins-batch-status-service
-        - application: testnav-joark-dokument-service
-        - application: testnav-kodeverk-service
-        - application: testnav-miljoer-service
-        - application: testnav-oppsummeringsdokument-service
-        - application: testnav-organisasjon-faste-data-service
-        - application: testnav-organisasjon-forvalter
-        - application: testnav-organisasjon-mottak-service
-        - application: testnav-organisasjon-service
-        - application: testnav-organisasjon-tilgang-service
-        - application: testnav-orgnummer-service
-        - application: testnav-pdl-forvalter
-        - application: testnav-pdl-forvalter-dev
-        - application: testnav-person-faste-data-service
-        - application: testnav-person-organisasjon-tilgang-service-dev
-        - application: testnav-person-search-service
-        - application: testnav-person-service
-        - application: testnav-skattekort-service
-        - application: testnav-sykemelding-api
-        - application: testnav-synt-sykemelding-api
-        - application: testnav-synt-vedtakshistorikk-service
-        - application: testnav-tenor-search-service
-        - application: testnav-tps-messaging-service
-        - application: testnav-varslinger-service
-        - application: testnav-varslinger-service-dev
-        - application: testnorge-profil-api
+        - application: testnav-app-tilgang-analyse-service
         - application: testnorge-profil-api-dev
-        - application: testnorge-tilbakemelding-api
-        - application: testnav-levende-arbeidsforhold-ansettelse
-        - application: testnav-levende-arbeidsforhold-service
-        - application: testnav-levende-arbeidsforhold-scheduler
+        - application: testnav-altinn3-tilgang-service
   liveness:
     path: /internal/isAlive
     initialDelay: 4

diff --git a/apps/oversikt-frontend/settings.gradle b/apps/oversikt-frontend/settings.gradle
@@ -6,6 +6,7 @@ rootProject.name = 'oversikt-frontend'
 
 includeBuild "../../plugins/java"
 
+includeBuild '../../libs/data-transfer-objects'
 includeBuild '../../libs/reactive-core'
 includeBuild '../../libs/reactive-frontend'
 includeBuild '../../libs/reactive-security'

diff --git a/...rc/main/java/no/nav/testnav/apps/oversiktfrontend/OversiktFrontendApplicationStarter.java b/...rc/main/java/no/nav/testnav/apps/oversiktfrontend/OversiktFrontendApplicationStarter.java
@@ -44,9 +44,9 @@ public RouteLocator customRouteLocator(RouteLocatorBuilder builder) {
                         addAuthenticationHeaderFilterFrom(consumers.getTestnorgeProfilApi())
                 ))
                 .route(createRoute(
-                        "testnav-organisasjon-tilgang-service",
-                        consumers.getTestnavPersonOrganisasjonTilgangService().getUrl(),
-                        addAuthenticationHeaderFilterFrom(consumers.getTestnavPersonOrganisasjonTilgangService())
+                        "testnav-altinn3-tilgang-service",
+                        consumers.getTestnavAltinn3TilgangService().getUrl(),
+                        addAuthenticationHeaderFilterFrom(consumers.getTestnavAltinn3TilgangService())
                 ))
                 .build();
     }

diff --git a/...versikt-frontend/src/main/java/no/nav/testnav/apps/oversiktfrontend/config/Consumers.java b/...versikt-frontend/src/main/java/no/nav/testnav/apps/oversiktfrontend/config/Consumers.java
@@ -25,7 +25,7 @@
 public class Consumers {
 
     private ServerProperties testnavAppTilgangAnalyseService;
-    private ServerProperties testnavPersonOrganisasjonTilgangService;
+    private ServerProperties testnavAltinn3TilgangService;
     private ServerProperties testnorgeProfilApi;
     private ServerProperties testnavBrukerService;
 

diff --git a/...main/java/no/nav/testnav/apps/oversiktfrontend/consumer/AltinnTilgangServiceConsumer.java b/...main/java/no/nav/testnav/apps/oversiktfrontend/consumer/AltinnTilgangServiceConsumer.java
@@ -0,0 +1,59 @@
+package no.nav.testnav.apps.oversiktfrontend.consumer;
+
+import lombok.extern.slf4j.Slf4j;
+import no.nav.testnav.apps.oversiktfrontend.config.Consumers;
+import no.nav.testnav.apps.oversiktfrontend.consumer.command.GetAltinnBrukertilgangTilgangCommand;
+import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO;
+import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId;
+import no.nav.testnav.libs.reactivesecurity.exchange.TokenExchange;
+import no.nav.testnav.libs.securitycore.domain.ServerProperties;
+import org.springframework.stereotype.Component;
+import org.springframework.web.reactive.function.client.WebClient;
+import org.springframework.web.reactive.function.client.WebClientResponseException;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
+@Slf4j
+@Component
+public class AltinnTilgangServiceConsumer {
+    private final WebClient webClient;
+    private final ServerProperties serverProperties;
+    private final TokenExchange tokenExchange;
+    private final GetAuthenticatedUserId getAuthenticatedUserId;
+
+    public AltinnTilgangServiceConsumer(
+            Consumers consumers,
+            TokenExchange tokenExchange,
+            WebClient.Builder webClientBuilder,
+            GetAuthenticatedUserId getAuthenticatedUserId) {
+
+        serverProperties = consumers.getTestnavAltinn3TilgangService();
+        this.tokenExchange = tokenExchange;
+        this.webClient = webClientBuilder
+                .baseUrl(serverProperties.getUrl())
+                .build();
+        this.getAuthenticatedUserId = getAuthenticatedUserId;
+    }
+
+    public Flux<OrganisasjonDTO> getOrganisasjoner() {
+
+        return getAuthenticatedUserId.call()
+                .flatMapMany(userId -> tokenExchange.exchange(serverProperties)
+                        .flatMapMany(accessToken ->
+                                new GetAltinnBrukertilgangTilgangCommand(webClient, userId, accessToken.getTokenValue()).call()));
+    }
+
+    public Mono<Boolean> hasAccess(String organisasjonsnummer) {
+
+        return Mono.from(getOrganisasjoner()
+                .filter(org -> org.getOrganisasjonsnummer().equals(organisasjonsnummer))
+                .onErrorResume(
+                        WebClientResponseException.class::isInstance,
+                        throwable -> {
+                            log.warn("Person har ikke tilgang til organisasjon {}.", organisasjonsnummer);
+                            return Mono.empty();
+                        })
+                .flatMap(value -> Mono.just(true))
+                .switchIfEmpty(Mono.just(false)));
+    }
+}
diff --git a/...java/no/nav/testnav/apps/oversiktfrontend/consumer/PersonOrganisasjonTilgangConsumer.java b/...java/no/nav/testnav/apps/oversiktfrontend/consumer/PersonOrganisasjonTilgangConsumer.java
diff --git a/...etPersonOrganisasjonerTilgangCommand.java → ...GetAltinnBrukertilgangTilgangCommand.java b/...etPersonOrganisasjonerTilgangCommand.java → ...GetAltinnBrukertilgangTilgangCommand.java
@@ -1,7 +1,8 @@
 package no.nav.testnav.apps.oversiktfrontend.consumer.command;
 
 import lombok.RequiredArgsConstructor;
-import no.nav.testnav.apps.oversiktfrontend.consumer.dto.OrganisasjonDTO;
+import no.nav.testnav.apps.oversiktfrontend.consumer.dto.AltinnBrukerRequest;
+import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO;
 import no.nav.testnav.libs.reactivecore.utils.WebClientFilter;
 import org.springframework.http.HttpHeaders;
 import org.springframework.web.reactive.function.client.WebClient;
@@ -12,16 +13,18 @@
 import java.util.concurrent.Callable;
 
 @RequiredArgsConstructor
-public class GetPersonOrganisasjonerTilgangCommand implements Callable<Flux<OrganisasjonDTO>> {
+public class GetAltinnBrukertilgangTilgangCommand implements Callable<Flux<OrganisasjonDTO>> {
     private final WebClient webClient;
+    private final String ident;
     private final String token;
 
     @Override
-    public Flux<OrganisasjonDTO> call() {
+    public Flux<no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO> call() {
         return webClient
-                .get()
-                .uri("/api/v1/person/organisasjoner")
+                .post()
+                .uri("/api/v1/brukertilgang")
                 .header(HttpHeaders.AUTHORIZATION, "Bearer " + token)
+                .bodyValue(new AltinnBrukerRequest(ident))
                 .retrieve()
                 .bodyToFlux(OrganisasjonDTO.class)
                 .retryWhen(Retry.backoff(3, Duration.ofSeconds(5))

diff --git a/...v/testnav/apps/oversiktfrontend/consumer/command/GetPersonOrganisasjonTilgangCommand.java b/...v/testnav/apps/oversiktfrontend/consumer/command/GetPersonOrganisasjonTilgangCommand.java
diff --git a/.../src/main/java/no/nav/testnav/apps/oversiktfrontend/consumer/dto/AltinnBrukerRequest.java b/.../src/main/java/no/nav/testnav/apps/oversiktfrontend/consumer/dto/AltinnBrukerRequest.java
@@ -0,0 +1,11 @@
+package no.nav.testnav.apps.oversiktfrontend.consumer.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+@Data
+@AllArgsConstructor
+public class AltinnBrukerRequest {
+
+    private String ident;
+}
diff --git a/...tend/src/main/java/no/nav/testnav/apps/oversiktfrontend/consumer/dto/OrganisasjonDTO.java b/...tend/src/main/java/no/nav/testnav/apps/oversiktfrontend/consumer/dto/OrganisasjonDTO.java
diff --git a/...kt-frontend/src/main/java/no/nav/testnav/apps/oversiktfrontend/service/AccessService.java b/...kt-frontend/src/main/java/no/nav/testnav/apps/oversiktfrontend/service/AccessService.java
@@ -1,16 +1,16 @@
 package no.nav.testnav.apps.oversiktfrontend.service;
 
 import lombok.RequiredArgsConstructor;
-import no.nav.testnav.apps.oversiktfrontend.consumer.PersonOrganisasjonTilgangConsumer;
+import no.nav.testnav.apps.oversiktfrontend.consumer.AltinnTilgangServiceConsumer;
 import org.springframework.stereotype.Service;
 import reactor.core.publisher.Mono;
 
 @Service
 @RequiredArgsConstructor
 public class AccessService {
-    private final PersonOrganisasjonTilgangConsumer personOrganisasjonTilgangConsumer;
+    private final AltinnTilgangServiceConsumer altinnTilgangServiceConsumer;
 
     public Mono<Boolean> hasAccess(String organisasjonsnummer) {
-        return personOrganisasjonTilgangConsumer.hasAccess(organisasjonsnummer);
+        return altinnTilgangServiceConsumer.hasAccess(organisasjonsnummer);
     }
 }
diff --git a/apps/oversikt-frontend/src/main/resources/application-local.yml b/apps/oversikt-frontend/src/main/resources/application-local.yml
@@ -14,7 +14,7 @@ consumers:
     url: https://testnorge-profil-api-dev.intern.dev.nav.no/api
   testnav-app-tilgang-analyse-service:
     url: https://testnav-app-tilgang-analyse-service.intern.dev.nav.no
-  testnav-person-organisasjon-tilgang-service:
-    url: https://testnav-person-organisasjon-tilgang-service-dev.intern.dev.nav.no
+  testnav-altinn3-tilgang-service:
+    url: https://testnav-altinn3-tilgang-service.intern.dev.nav.no
   testnav-bruker-service:
     url: https://testnav-bruker-service-dev.intern.dev.nav.no