diff --git a/apps/dolly-frontend/config.idporten.yml b/apps/dolly-frontend/config.idporten.yml index c8e3ab59dc5..7d4df05b969 100644 --- a/apps/dolly-frontend/config.idporten.yml +++ b/apps/dolly-frontend/config.idporten.yml @@ -83,7 +83,7 @@ spec: memory: 1024Mi limits: memory: 2048Mi - image: {{image}} + image: "{{image}}" envFrom: - secret: idporten-dolly-prod env: diff --git a/apps/dolly-frontend/config.test.yml b/apps/dolly-frontend/config.test.yml index 263ab599bca..cc88bff6eef 100644 --- a/apps/dolly-frontend/config.test.yml +++ b/apps/dolly-frontend/config.test.yml @@ -91,7 +91,7 @@ spec: memory: 1024Mi limits: memory: 2048Mi - image: {{image}} + image: "{{image}}" env: - name: SPRING_PROFILES_ACTIVE value: dev diff --git a/apps/dolly-frontend/config.unstable.yml b/apps/dolly-frontend/config.unstable.yml index 0a04b820069..c27b7173093 100644 --- a/apps/dolly-frontend/config.unstable.yml +++ b/apps/dolly-frontend/config.unstable.yml @@ -92,7 +92,7 @@ spec: memory: 1024Mi limits: memory: 2048Mi - image: {{image}} + image: "{{image}}" env: - name: SPRING_PROFILES_ACTIVE value: dev \ No newline at end of file diff --git a/apps/dolly-frontend/config.yml b/apps/dolly-frontend/config.yml index 0d5eb04ee34..496cf0d107d 100644 --- a/apps/dolly-frontend/config.yml +++ b/apps/dolly-frontend/config.yml @@ -91,7 +91,7 @@ spec: memory: 1024Mi limits: memory: 2048Mi - image: {{image}} + image: "{{image}}" envFrom: - secret: idporten-dolly-prod env: diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java index 9c0396fdafd..fab5a20388f 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java @@ -30,7 +30,7 @@ public PersonOrganisasjonTilgangConsumer( ObjectMapper objectMapper) { this.accessService = accessService; - serverProperties = consumers.getTestnavOrganisasjonTilgangService(); + serverProperties = consumers.getTestnavPersonOrganisasjonTilgangService(); ExchangeStrategies jacksonStrategy = ExchangeStrategies.builder() .codecs(config -> { config.defaultCodecs() diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/GetPersonOrganisasjonTilgangCommand.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/GetPersonOrganisasjonTilgangCommand.java index 1ecf55e8102..3bdfb86c837 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/GetPersonOrganisasjonTilgangCommand.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/GetPersonOrganisasjonTilgangCommand.java @@ -1,6 +1,7 @@ package no.nav.dolly.web.consumers.command; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; import no.nav.dolly.web.consumers.dto.OrganisasjonDTO; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; @@ -11,7 +12,7 @@ import java.time.Duration; import java.util.concurrent.Callable; - +@Slf4j @RequiredArgsConstructor public class GetPersonOrganisasjonTilgangCommand implements Callable> { private final WebClient webClient; @@ -26,6 +27,10 @@ public Mono call() { .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) .retrieve() .bodyToMono(OrganisasjonDTO.class) + .doOnError(error -> log.error("Feilet å hente organisasjon, status: {}, feilmelding: ", + WebClientFilter.getMessage(error), + WebClientFilter.getMessage(error), + error)) .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) .filter(WebClientFilter::is5xxException)); } diff --git a/apps/dolly-frontend/src/main/resources/application-dev.yml b/apps/dolly-frontend/src/main/resources/application-dev.yml index d6a35d171a8..7e66b2695e0 100644 --- a/apps/dolly-frontend/src/main/resources/application-dev.yml +++ b/apps/dolly-frontend/src/main/resources/application-dev.yml @@ -13,10 +13,6 @@ consumers: testnorge-profil-api: name: testnorge-profil-api-dev url: http://testnorge-profil-api-dev.dolly.svc.cluster.local - testnav-organisasjon-tilgang-service: - name: testnav-organisasjon-tilgang-service - url: http://testnav-organisasjon-tilgang-service.dolly.svc.cluster.local - cluster: dev-gcp testnav-varslinger-service: name: testnav-varslinger-service-dev url: http://testnav-varslinger-service-dev.dolly.svc.cluster.local diff --git a/apps/person-organisasjon-tilgang-service/build.gradle b/apps/person-organisasjon-tilgang-service/build.gradle index e73436cf41f..89857dcdce9 100644 --- a/apps/person-organisasjon-tilgang-service/build.gradle +++ b/apps/person-organisasjon-tilgang-service/build.gradle @@ -72,8 +72,7 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-webflux' implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server' - - implementation 'org.springframework.boot:spring-boot-starter-actuator' + implementation 'org.springframework.cloud:spring-cloud-starter-vault-config' implementation 'io.micrometer:micrometer-registry-prometheus' diff --git a/apps/person-organisasjon-tilgang-service/config.test.yml b/apps/person-organisasjon-tilgang-service/config.test.yml index 20a0d0e1fe6..335a4e36d27 100644 --- a/apps/person-organisasjon-tilgang-service/config.test.yml +++ b/apps/person-organisasjon-tilgang-service/config.test.yml @@ -6,7 +6,7 @@ metadata: labels: team: dolly spec: - image: {{ image }} + image: "{{ image }}" port: 8080 azure: application: @@ -24,24 +24,15 @@ spec: inbound: rules: - application: dolly-frontend-dev - cluster: dev-gcp - application: dolly-idporten - cluster: dev-gcp - application: dolly-frontend-dev-unstable - cluster: dev-gcp - application: team-dolly-lokal-app - cluster: dev-gcp - application: testnav-oversikt-frontend - cluster: dev-gcp - application: testnav-bruker-service-dev - cluster: dev-gcp - application: testnorge-profil-api-dev - cluster: dev-gcp + - application: testnorge-profil-api-dev - application: app-1 - cluster: dev-gcp namespace: plattformsikkerhet - - application: testnorge-profil-api-dev - cluster: dev-gcp outbound: external: - host: tt02.altinn.no diff --git a/apps/person-organisasjon-tilgang-service/config.yml b/apps/person-organisasjon-tilgang-service/config.yml index 68983fa0231..c05b383219b 100644 --- a/apps/person-organisasjon-tilgang-service/config.yml +++ b/apps/person-organisasjon-tilgang-service/config.yml @@ -6,7 +6,7 @@ metadata: labels: team: dolly spec: - image: {{image}} + image: "{{image}}" port: 8080 azure: application: @@ -19,18 +19,17 @@ spec: inbound: rules: - application: dolly-frontend - cluster: dev-gcp - application: dolly-idporten - cluster: dev-gcp - - application: dolly-frontend-dev-unstable - cluster: dev-gcp - application: testnav-bruker-service - cluster: dev-gcp - application: testnorge-profil-api - cluster: dev-gcp + - application: team-dolly-lokal-app + - application: testnorge-profil-api + - application: app-1 + namespace: plattformsikkerhet outbound: external: - host: altinn.no + - host: maskinporten.no liveness: path: /internal/isAlive initialDelay: 4 diff --git a/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/client/altinn/v1/command/GetPersonAccessCommand.java b/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/client/altinn/v1/command/GetPersonAccessCommand.java index 870073507d4..5db7644abc0 100644 --- a/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/client/altinn/v1/command/GetPersonAccessCommand.java +++ b/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/client/altinn/v1/command/GetPersonAccessCommand.java @@ -1,14 +1,19 @@ package no.nav.testnav.apps.persontilgangservice.client.altinn.v1.command; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.apps.persontilgangservice.client.altinn.v1.dto.AccessDTO; +import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; +import reactor.util.retry.Retry; +import java.time.Duration; +import java.util.Arrays; import java.util.concurrent.Callable; -import no.nav.testnav.apps.persontilgangservice.client.altinn.v1.dto.AccessDTO; - +@Slf4j @RequiredArgsConstructor public class GetPersonAccessCommand implements Callable> { private final WebClient webClient; @@ -31,6 +36,13 @@ public Mono call() { .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) .header("ApiKey", apiKey) .retrieve() - .bodyToMono(AccessDTO[].class); + .bodyToMono(AccessDTO[].class) + .doOnNext(response -> Arrays.stream(response) + .forEach(entry -> + log.info("Hentet organisasjon fra Altinn: navn: {}, type: {}, orgnr: {}, orgform: {}, status: {} ", + entry.name(), entry.type(), entry.organizationNumber(), entry.organizationForm(), entry.status()))) + .doOnError(error -> log.error("Henting av \"/reportees\" feilet: {}", WebClientFilter.getMessage(error), error)) + .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) + .filter(WebClientFilter::is5xxException)); } } diff --git a/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/config/LocalVaultConfig.java b/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/config/LocalVaultConfig.java new file mode 100644 index 00000000000..c4a0f0e1aba --- /dev/null +++ b/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/config/LocalVaultConfig.java @@ -0,0 +1,36 @@ +package no.nav.testnav.apps.persontilgangservice.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.vault.annotation.VaultPropertySource; +import org.springframework.vault.authentication.ClientAuthentication; +import org.springframework.vault.authentication.TokenAuthentication; +import org.springframework.vault.client.VaultEndpoint; +import org.springframework.vault.config.AbstractVaultConfiguration; + +import static io.micrometer.common.util.StringUtils.isBlank; + +@Configuration +@Profile("local") +@VaultPropertySource(value = "secret/dolly/lokal", ignoreSecretNotFound = false) +public class LocalVaultConfig extends AbstractVaultConfiguration { + + private static final String VAULT_TOKEN = "spring.cloud.vault.token"; + + @Override + public VaultEndpoint vaultEndpoint() { + return VaultEndpoint.create("vault.adeo.no", 443); + } + + @Override + public ClientAuthentication clientAuthentication() { + if (System.getenv().containsKey("VAULT_TOKEN")) { + System.setProperty(VAULT_TOKEN, System.getenv("VAULT_TOKEN")); + } + var token = System.getProperty(VAULT_TOKEN); + if (isBlank(token)) { + throw new IllegalArgumentException("Påkrevet property 'spring.cloud.vault.token' er ikke satt."); + } + return new TokenAuthentication(System.getProperty(VAULT_TOKEN)); + } +} \ No newline at end of file diff --git a/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/controller/PersonOrganisasjonController.java b/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/controller/PersonOrganisasjonController.java index 9a18e95427b..230f4be2db1 100644 --- a/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/controller/PersonOrganisasjonController.java +++ b/apps/person-organisasjon-tilgang-service/src/main/java/no/nav/testnav/apps/persontilgangservice/controller/PersonOrganisasjonController.java @@ -1,6 +1,9 @@ package no.nav.testnav.apps.persontilgangservice.controller; import lombok.RequiredArgsConstructor; +import no.nav.testnav.apps.persontilgangservice.controller.dto.OrganisasjonDTO; +import no.nav.testnav.apps.persontilgangservice.domain.Access; +import no.nav.testnav.apps.persontilgangservice.service.PersonOrganisasjonService; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -9,10 +12,6 @@ import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; -import no.nav.testnav.apps.persontilgangservice.controller.dto.OrganisasjonDTO; -import no.nav.testnav.apps.persontilgangservice.domain.Access; -import no.nav.testnav.apps.persontilgangservice.service.PersonOrganisasjonService; - @RestController @RequestMapping("/api/v1/person/organisasjoner") @RequiredArgsConstructor diff --git a/apps/person-organisasjon-tilgang-service/src/main/resources/application-local.yml b/apps/person-organisasjon-tilgang-service/src/main/resources/application-local.yml index 1cee299994c..619ed0070da 100644 --- a/apps/person-organisasjon-tilgang-service/src/main/resources/application-local.yml +++ b/apps/person-organisasjon-tilgang-service/src/main/resources/application-local.yml @@ -1,2 +1,10 @@ ACCEPTED_AUDIENCE: dev-gcp:dolly:testnav-person-tilgang-service-dev -ALTINN_URL: https://tt02.altinn.no \ No newline at end of file +ALTINN_URL: https://tt02.altinn.no + +TOKENDINGS_URL: dummy +ALTINN_API_KEY: dummy + +MASKINPORTEN_CLIENT_ID: dummy +MASKINPORTEN_CLIENT_JWK: dummy +MASKINPORTEN_SCOPES: dummy +MASKINPORTEN_WELL_KNOWN_URL: dummy \ No newline at end of file diff --git a/apps/person-organisasjon-tilgang-service/src/main/resources/application.yml b/apps/person-organisasjon-tilgang-service/src/main/resources/application.yml index c4fa87e0c20..eb37aab219f 100644 --- a/apps/person-organisasjon-tilgang-service/src/main/resources/application.yml +++ b/apps/person-organisasjon-tilgang-service/src/main/resources/application.yml @@ -1,3 +1,4 @@ + spring: application: version: application.version.todo @@ -13,6 +14,9 @@ spring: jackson: serialization: write_dates_as_timestamps: false + cloud: + vault: + enabled: false springdoc: swagger-ui: