Skip to content

Commit

Permalink
Merge pull request #149 from navikt/TokenChanges
Browse files Browse the repository at this point in the history 
AzureAD token and other refactorings
  • Loading branch information
@stianStensli
stianStensli authored Sep 9, 2022
2 parents 1cff518 + 2cda914 commit 4eb7a23
Show file tree
Hide file tree
Showing 15 changed files with 146 additions and 120 deletions.
54 changes: 54 additions & 0 deletions .github/workflows/build-deploy-feature-branch-dev.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: Deploy til Dev
on:
workflow_dispatch:
env:
IMAGE_TAG: ${{ github.sha }}
IMAGE: ghcr.io/${{ github.repository }}/veilarbfilter
PRINT_PAYLOAD: true

jobs:
build-and-push:
name: Build and push
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'temurin'
- name: Set up cache
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-
- name: Build maven artifacts
run: mvn -B package -D skipTests
- name: Login to Docker
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
uses: docker/build-push-action@v2
with:
context: .
push: true
tags: ${{ env.IMAGE }}:${{ env.IMAGE_TAG }}
deploy-dev:
name: Deploy application to dev
needs: build-and-push
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Deploy application
uses: nais/deploy/actions/deploy@v1
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: dev-fss
RESOURCE: nais-dev.yaml
VAR: version=${{ env.IMAGE_TAG }}
39 changes: 22 additions & 17 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@ name: Build, push and deploy
on: push
env:
IMAGE_TAG: ${{ github.sha }}
IMAGE: docker.pkg.github.com/${{ github.repository }}/veilarbfilter
IMAGE: ghcr.io/${{ github.repository }}/veilarbfilter
PRINT_PAYLOAD: true
jobs:
link-to-trello:
runs-on: ubuntu-latest
name: Trello update
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Get trello card id
id: card
uses: navikt/veilarbtrelloactions/[email protected]
Expand All @@ -33,14 +33,14 @@ jobs:
if: github.ref != 'refs/heads/main'
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v2
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'temurin'
- name: Set up cache
uses: actions/cache@v1
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
Expand All @@ -55,50 +55,55 @@ jobs:
if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main'
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v2
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'temurin'
- name: Set up cache
uses: actions/cache@v1
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-
- name: Build maven artifacts
run: mvn -B package -D skipTests
- name: Login to Docker
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo ${GITHUB_TOKEN} | docker login docker.pkg.github.com -u ${GITHUB_REPOSITORY} --password-stdin
docker build -t ${IMAGE}:${IMAGE_TAG} .
docker push ${IMAGE}:${IMAGE_TAG}
uses: docker/build-push-action@v2
with:
context: .
push: true
tags: ${{ env.IMAGE }}:${{ env.IMAGE_TAG }}
deploy-dev:
name: Deploy application to dev
if: github.ref == 'refs/heads/dev'
needs: build-and-push
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Deploy application
uses: nais/deploy/actions/deploy@v1
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: dev-fss
RESOURCE: nais-dev.yaml
VAR: version=${{ env.IMAGE_TAG }},namespace=pto
VAR: version=${{ env.IMAGE_TAG }}
deploy-prod:
name: Deploy application to prod
if: github.ref == 'refs/heads/main'
needs: build-and-push
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Deploy application
uses: nais/deploy/actions/deploy@v1
env:
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
FROM docker.pkg.github.com/navikt/pus-nais-java-app/pus-nais-java-app:java17
FROM ghcr.io/navikt/pus-nais-java-app/pus-nais-java-app:java17
COPY /target/veilarbfilter.jar app.jar
8 changes: 3 additions & 5 deletions nais-dev.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,15 @@ metadata:
labels:
team: pto
spec:
image: docker.pkg.github.com/navikt/veilarbfilter/veilarbfilter:{{version}}
image: ghcr.io/navikt/veilarbfilter/veilarbfilter:{{version}}
replicas:
min: 1
max: 1
cpuThresholdPercentage: 50
port: 8080
ingresses:
- https://veilarbfilter.dev-fss-pub.nais.io
- https://veilarbfilter-q1.nais.preprod.local
- https://app-q1.adeo.no/veilarbfilter
- https://app-q1.dev.adeo.no/veilarbfilter
- https://veilarbfilter.dev.intern.nav.no
webproxy: true
secureLogs:
enabled: true
Expand Down Expand Up @@ -44,7 +42,7 @@ spec:
enabled: true
claims:
extra:
- "NAVident"
- NAVident
accessPolicy:
inbound:
rules:
Expand Down
7 changes: 3 additions & 4 deletions nais-prod.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
labels:
team: pto
spec:
image: docker.pkg.github.com/navikt/veilarbfilter/veilarbfilter:{{version}}
image: ghcr.io/navikt/veilarbfilter/veilarbfilter:{{version}}
port: 8080
vault:
enabled: true
Expand All @@ -28,7 +28,7 @@ spec:
enabled: true
claims:
extra:
- "NAVident"
- NAVident
accessPolicy:
inbound:
rules:
Expand All @@ -44,8 +44,7 @@ spec:
memory: 1Gi
ingresses:
- https://veilarbfilter.prod-fss-pub.nais.io
- https://veilarbfilter.nais.adeo.no
- https://app.adeo.no/veilarbfilter
- https://veilarbfilter.intern.nav.no
webproxy: true
replicas:
min: 1
Expand Down
22 changes: 11 additions & 11 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

<properties>
<java.version>17</java.version>
<common.version>2.2022.07.01_07.12-6a0864fa6938</common.version>
<common.version>2.2022.09.02_11.04-2530dd139a0a</common.version>
<confluent.version>5.5.1</confluent.version>
<avro.version>1.11.0</avro.version>
<jaxb.version>2.3.1</jaxb.version>
Expand Down Expand Up @@ -95,7 +95,7 @@
<dependency>
<groupId>no.nav</groupId>
<artifactId>vault-jdbc</artifactId>
<version>1.3.9</version>
<version>1.3.10</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
Expand Down Expand Up @@ -141,11 +141,6 @@
<artifactId>metrics</artifactId>
<version>${common.version}</version>
</dependency>
<dependency>
<groupId>no.nav.common</groupId>
<artifactId>cxf</artifactId>
<version>${common.version}</version>
</dependency>
<dependency>
<groupId>no.nav.common</groupId>
<artifactId>feature-toggle</artifactId>
Expand All @@ -158,12 +153,12 @@
</dependency>
<dependency>
<groupId>no.nav.common</groupId>
<artifactId>sts</artifactId>
<artifactId>log</artifactId>
<version>${common.version}</version>
</dependency>
<dependency>
<groupId>no.nav.common</groupId>
<artifactId>log</artifactId>
<artifactId>token-client</artifactId>
<version>${common.version}</version>
</dependency>

Expand All @@ -190,6 +185,11 @@
</dependency>

<!--Diverse-->
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.15</version>
</dependency>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
Expand All @@ -199,7 +199,7 @@
<dependency>
<groupId>net.javacrumbs.shedlock</groupId>
<artifactId>shedlock-provider-jdbc-template</artifactId>
<version>4.36.0</version>
<version>4.37.0</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
Expand All @@ -222,7 +222,7 @@
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
<version>1.9.0</version>
<version>1.9.1</version>
</dependency>

<!--TEST-->
Expand Down
37 changes: 22 additions & 15 deletions src/main/java/no/nav/pto/veilarbfilter/client/VeilarbveilederClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,34 +6,43 @@
import lombok.extern.slf4j.Slf4j;
import no.nav.common.rest.client.RestClient;
import no.nav.common.rest.client.RestUtils;
import no.nav.common.sts.SystemUserTokenProvider;
import no.nav.common.token_client.client.AzureAdMachineToMachineTokenClient;
import no.nav.common.types.identer.EnhetId;
import no.nav.pto.veilarbfilter.config.EnvironmentProperties;
import no.nav.common.utils.EnvironmentUtils;
import no.nav.common.utils.UrlUtils;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;

import static java.lang.String.format;
import static no.nav.common.client.utils.CacheUtils.tryCacheFirst;
import static no.nav.common.utils.UrlUtils.joinPaths;
import static org.springframework.http.HttpHeaders.AUTHORIZATION;

@Slf4j
@Service

public class VeilarbveilederClient {
private SystemUserTokenProvider systemUserTokenProvider;
private String url;
private OkHttpClient client;
private Cache<EnhetId, List<String>> hentVeilederePaaEnhetCache;
private final String veilarbveilederBaseUrl;
private final OkHttpClient client;
private final Cache<EnhetId, List<String>> hentVeilederePaaEnhetCache;
private final Supplier<String> systemUserTokenProvider;

public VeilarbveilederClient(EnvironmentProperties environmentProperties, SystemUserTokenProvider systemUserTokenProvider) {
this.url = environmentProperties.getVeilarbVeilederUrl();
@Autowired
public VeilarbveilederClient(AzureAdMachineToMachineTokenClient tokenClient) {
final String appName = "veilarbveileder";
final String namespace = "pto";
this.veilarbveilederBaseUrl = UrlUtils.createServiceUrl(appName, namespace, true);
this.client = RestClient.baseClient();
this.systemUserTokenProvider = systemUserTokenProvider;
systemUserTokenProvider = () ->
tokenClient.createMachineToMachineToken(String.format("api://%s-fss.%s.%s/.default",
(EnvironmentUtils.isProduction().orElseThrow()) ? "prod" : "dev", namespace, appName)
);

hentVeilederePaaEnhetCache = Caffeine.newBuilder()
.expireAfterWrite(5, TimeUnit.MINUTES)
.maximumSize(600)
Expand All @@ -47,11 +56,9 @@ public List<String> hentVeilederePaaEnhet(EnhetId enhet) {

@SneakyThrows
private List<String> hentVeilederePaaEnhetQuery(EnhetId enhet) {
String path = format("/enhet/%s/identer", enhet);

Request request = new Request.Builder()
.header(AUTHORIZATION, "Bearer " + systemUserTokenProvider.getSystemUserToken())
.url(url + path)
.header(AUTHORIZATION, "Bearer " + systemUserTokenProvider.get())
.url(joinPaths(veilarbveilederBaseUrl, "/api/enhet/", enhet.get(), "/identer"))
.build();

try (Response response = client.newCall(request).execute()) {
Expand Down
Loading

0 comments on commit 4eb7a23

Please sign in to comment.