navikt
diff --git a/‎.github/workflows/bekreftelse-backup.yaml
+104 b/‎.github/workflows/bekreftelse-backup.yaml
+104
diff --git a/‎apps/bekreftelse-backup/README.md
+60 b/‎apps/bekreftelse-backup/README.md
+60
diff --git a/‎apps/bekreftelse-backup/build.gradle.kts
+90 b/‎apps/bekreftelse-backup/build.gradle.kts
+90
diff --git a/‎apps/bekreftelse-backup/nais/nais-dev.yaml
+43 b/‎apps/bekreftelse-backup/nais/nais-dev.yaml
+43
diff --git a/‎apps/bekreftelse-backup/nais/nais-prod.yaml
+43 b/‎apps/bekreftelse-backup/nais/nais-prod.yaml
+43
diff --git a/‎apps/bekreftelse-backup/src/main/kotlin/no/nav/paw/arbeidssoekerregisteret/bekreftelse/backup/HwmRebalanceListener.kt
+51 b/‎apps/bekreftelse-backup/src/main/kotlin/no/nav/paw/arbeidssoekerregisteret/bekreftelse/backup/HwmRebalanceListener.kt
+51
@@ -0,0 +1,104 @@
+name: bekreftelse-backup
+
+on:
+  push:
+    branches:
+      - main
+      - dev/*
+    paths:
+      - 'apps/bekreftelse-backup/**'
+      - 'lib/**'
+      - 'domain/**'
+      - '.github/workflows/bekreftelse-backup.yaml'
+      - 'gradle/**'
+      - 'settings.gradle.kts'
+      - 'gradle.properties'
+      - 'gradlew'
+      - 'gradlew.bat'
+
+env:
+  IMAGE: europe-north1-docker.pkg.dev/${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}/paw/paw-arbeidssoekerregisteret-bekreftelse-backup
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    outputs:
+      image: ${{ steps.docker-build-push.outputs.image }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: 21
+          distribution: temurin
+          cache: gradle
+      - name: Set module
+        run: echo "MODULE=bekreftelse-backup" >> $GITHUB_ENV
+      - name: Set version
+        run: echo "VERSION=$(date +'%y.%m.%d').${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV
+      - name: Login GAR
+        uses: nais/login@v0
+        with:
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          team: paw
+      - name: Build with Gradle
+        id: docker-build-push
+        working-directory: ./
+        run: |
+          echo "image=${{ env.IMAGE }}:${{ env.VERSION }}" >> $GITHUB_OUTPUT
+          echo -Pversion=${{ env.VERSION }} -Pimage=${{ env.IMAGE }} :apps:${{ env.MODULE }}:build :apps:${{ env.MODULE }}:jib
+          ./gradlew -Pversion=${{ env.VERSION }} -Pimage=${{ env.IMAGE }} :apps:${{ env.MODULE }}:build :apps:${{ env.MODULE }}:jib
+          echo "DIGEST=$(cat apps/${{ env.MODULE }}/build/jib-image.digest)" >> $GITHUB_ENV
+        env:
+          ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }}
+      - name: Attest and sign image
+        uses: nais/[email protected]
+        with:
+          image_ref: ${{ env.IMAGE }}@${{ env.DIGEST }}
+
+  deploy-dev:
+    if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/dev')
+    name: Deploy to dev-gcp
+    needs:
+      - build
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Deploy to GCP
+        uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: dev-gcp
+          RESOURCE: apps/bekreftelse-backup/nais/nais-dev.yaml
+          VAR: image=${{ needs.build.outputs.image }},kafka=nav-dev
+
+#  deploy-prod:
+#    if: github.ref == 'refs/heads/main'
+#    name: Deploy to prod-gcp
+#    needs:
+#      - build
+#      - deploy-dev
+#    permissions:
+#      contents: read
+#      id-token: write
+#    runs-on: ubuntu-latest
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v4
+#      - name: Deploy to GCP
+#        uses: nais/deploy/actions/deploy@v2
+#        env:
+#          TEAM: paw
+#          CLUSTER: prod-gcp
+#          RESOURCE: apps/bekreftelse-backup/nais/nais-prod.yaml
+#          VAR: image=${{ needs.build.outputs.image }},kafka=nav-prod
@@ -0,0 +1,60 @@
+# Hendelselogg backup
+Denne applikasjonen lagrer forløpende innholdet i topicene 'paw.arbeidssoker-bekreftelse-hendelseslogg-v2', 'paw.arbeidssoker-bekreftelse-v1' og 'paw.arbeidssoker-bekreftelse-paavegneav-v2' til postgres. Dette gjøres for å sikre oss mot feilaktig sletting av alt eller deler av innholdet i denne topicen. NAIS platformen kjører daglig backup av Postgres datarbaser.
+
+## Løsnings beskrivelse
+Applikasjonen kjører uten å committe offset til kafka. Istedenfor brukes en egen HWM tabell som som oppdateres i samme transaksjon som dataen blir skrevet til databasen. Det er også lagt inn støtte for versjonering slik at ved å endre 'InitApplication.CURRENT_VERSION' vil løsningen starte på nytt og lagre data på nytt uten å røre eksisterende data.
+
+### Database oversikt:
+
+```sql
+CREATE TABLE bekreftelse_hendelser
+(
+    version smallint NOT NULL,
+    kafka_partition smallint NOT NULL,
+    kafka_offset bigint NOT NULL,
+    record_key bigint NOT NULL,
+    arbeidssoeker_id bigint NOT NULL,
+    traceparent varchar(58),
+    data jsonb NOT NULL,
+    primary key (version, kafka_partition, kafka_offset)
+);
+
+CREATE TABLE bekreftelser
+(
+    version smallint NOT NULL,
+    kafka_partition smallint NOT NULL,
+    kafka_offset bigint NOT NULL,
+    record_key bigint NOT NULL,
+    traceparent varchar(58),
+    data bytea NOT NULL,
+    primary key (version, kafka_partition, kafka_offset)
+);
+
+CREATE TABLE bekreftelse_paa_vegne_av
+(
+    version smallint NOT NULL,
+    kafka_partition smallint NOT NULL,
+    kafka_offset bigint NOT NULL,
+    record_key bigint NOT NULL,
+    traceparent varchar(58),
+    data bytea NOT NULL,
+    primary key (version, kafka_partition, kafka_offset)
+);
+
+CREATE TABLE bekreftelse_hwm
+(
+    version smallint NOT NULL,
+    kafka_partition smallint NOT NULL,
+    kafka_offset bigint NOT NULL,
+    kafka_topic varchar(255) NOT NULL,
+    primary key (version, kafka_partition, kafka_topic)
+);
+
+-- indexes
+CREATE INDEX bekreftelse_hendelser_data_idx ON bekreftelse_hendelser USING GIN (data jsonb_path_ops);
+CREATE INDEX bekreftelse_hendelser_arbeidssoeker_id_idx ON bekreftelse_hendelser (arbeidssoeker_id);
+
+CREATE INDEX bekreftelser_data_idx ON bekreftelser USING GIN (data bytea_ops);
+CREATE INDEX bekreftelse_paa_vegne_av_data_idx ON bekreftelse_paa_vegne_av USING GIN (data bytea_ops);
+
+```
@@ -0,0 +1,90 @@
+import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
+
+plugins {
+    kotlin("jvm")
+    id("org.openapi.generator")
+    application
+    id("jib-distroless")
+}
+
+val jvmMajorVersion: String by project
+
+dependencies {
+    implementation(project(":domain:bekreftelse-interne-hendelser"))
+    implementation(project(":domain:bekreftelse-paavegneav-avro-schema"))
+    implementation(project(":domain:bekreftelsesmelding-avro-schema"))
+    implementation(project(":lib:kafka"))
+    implementation(project(":lib:hoplite-config"))
+    implementation(project(":lib:kafka-key-generator-client"))
+
+    implementation(libs.arrow.core.core)
+    implementation(libs.bundles.ktorServerWithNettyAndMicrometer)
+    implementation(libs.ktor.server.cors)
+    implementation(libs.ktor.server.swagger)
+    implementation(libs.ktor.server.callId)
+    implementation(libs.ktor.server.statusPages)
+    implementation(libs.ktor.server.contentNegotiation)
+    implementation(libs.ktor.client.core)
+    implementation(libs.ktor.client.contentNegotiation)
+    implementation(libs.ktor.serialization.jvm)
+    implementation(libs.ktor.serialization.jackson)
+    implementation(libs.nav.security.tokenValidationKtorV3)
+    implementation(libs.nav.common.tokenClient)
+    implementation(libs.nav.common.tokenClient)
+    implementation(libs.nav.common.auditLog)
+    implementation(libs.nav.common.log)
+
+    implementation(libs.micrometer.registryPrometheus)
+    implementation(libs.opentelemetry.annotations)
+    implementation(libs.hoplite.core)
+    implementation(libs.hoplite.toml)
+    implementation(libs.nav.common.auditLog)
+    implementation(libs.nav.common.log)
+    implementation(libs.logbackClassic)
+    implementation(libs.logstashLogbackEncoder)
+    implementation(libs.kafka.clients)
+    implementation(libs.exposed.core)
+    implementation(libs.exposed.jdbc)
+    implementation(libs.exposed.javaTime)
+    implementation(libs.database.postgres.driver)
+    implementation(libs.database.flyway.core)
+    implementation(libs.database.flyway.postgres)
+
+    implementation(libs.jackson.datatypeJsr310)
+    implementation(libs.jackson.kotlin)
+
+    testImplementation(libs.test.junit5.runner)
+    testImplementation(libs.test.kotest.assertionsCore)
+    testImplementation(libs.test.mockk.core)
+    testImplementation(libs.test.testContainers.core)
+    testImplementation(libs.test.testContainers.postgresql)
+    testImplementation(libs.ktor.server.test.host)
+}
+
+java {
+    toolchain {
+        languageVersion.set(JavaLanguageVersion.of(jvmMajorVersion))
+    }
+}
+
+application {
+    mainClass.set("no.nav.paw.arbeidssoekerregisteret.bekreftelse.backup.StartAppKt")
+}
+
+tasks.withType<KotlinCompile>().configureEach {
+    compilerOptions {
+        allWarningsAsErrors = true
+    }
+}
+
+tasks.named<Test>("test") {
+    useJUnitPlatform()
+}
+
+sourceSets {
+    main {
+        kotlin {
+            srcDir("${layout.buildDirectory.get()}/generated/src/main/kotlin")
+        }
+    }
+}
@@ -0,0 +1,43 @@
+apiVersion: nais.io/v1alpha1
+kind: Application
+metadata:
+  name: paw-arbeidssoekerregisteret-bekreftelse-backup
+  namespace: paw
+  labels:
+    team: paw
+spec:
+  image: {{ image }}
+  port: 8080
+  replicas:
+    min: 1
+    max: 1
+  liveness:
+    path: /internal/isAlive
+    initialDelay: 10
+  readiness:
+    path: /internal/isReady
+    initialDelay: 10
+  prometheus:
+    enabled: true
+    path: /internal/metrics
+  observability:
+    autoInstrumentation:
+      enabled: true
+      runtime: java
+  kafka:
+    pool: {{ kafka }}
+  azure:
+    application:
+      enabled: true
+  resources:
+    limits:
+      memory: 1024Mi
+    requests:
+      memory: 256Mi
+      cpu: 25m
+  gcp:
+    sqlInstances:
+      - type: POSTGRES_17
+        tier: db-custom-1-3840
+        databases:
+          - name: bekreftelse-backup
@@ -0,0 +1,43 @@
+apiVersion: nais.io/v1alpha1
+kind: Application
+metadata:
+  name: paw-arbeidssoekerregisteret-bekreftelse-backup
+  namespace: paw
+  labels:
+    team: paw
+spec:
+  image: {{ image }}
+  port: 8080
+  replicas:
+    min: 1
+    max: 1
+  liveness:
+    path: /internal/isAlive
+    initialDelay: 10
+  readiness:
+    path: /internal/isReady
+    initialDelay: 10
+  prometheus:
+    enabled: true
+    path: /internal/metrics
+  observability:
+    autoInstrumentation:
+      enabled: true
+      runtime: java
+  kafka:
+    pool: {{ kafka }}
+  azure:
+    application:
+      enabled: true
+  resources:
+    limits:
+      memory: 1024Mi
+    requests:
+      memory: 384Mi
+      cpu: 40m
+  gcp:
+    sqlInstances:
+      - type: POSTGRES_17
+        tier: db-custom-1-6144
+        databases:
+          - name: bekreftelse-backup
@@ -0,0 +1,51 @@
+package no.nav.paw.arbeidssoekerregisteret.bekreftelse.backup
+
+import no.nav.paw.arbeidssoekerregisteret.bekreftelse.backup.database.getHwm
+import no.nav.paw.arbeidssoekerregisteret.bekreftelse.backup.database.txContext
+import no.nav.paw.arbeidssoekerregisteret.bekreftelse.backup.vo.ApplicationContext
+import org.apache.kafka.clients.consumer.Consumer
+import org.apache.kafka.clients.consumer.ConsumerRebalanceListener
+import org.apache.kafka.common.TopicPartition
+import org.jetbrains.exposed.sql.transactions.transaction
+import java.util.concurrent.ConcurrentHashMap
+
+class HwmRebalanceListener(
+    private val context: ApplicationContext,
+    private val consumer: Consumer<*, *>,
+    private val topic: String
+) : ConsumerRebalanceListener {
+
+    private val currentPartitions = ConcurrentHashMap<Int, TopicPartition>(6)
+
+    val currentlyAssignedPartitions: Set<Int> get() = currentPartitions.keys
+
+    private val txContext = txContext(context)
+
+    override fun onPartitionsRevoked(partitions: MutableCollection<TopicPartition>?) {
+        context.logger.info("Revoked: $partitions for topic $topic")
+        partitions?.forEach { partition ->
+            currentPartitions.remove(partition.partition())
+        }
+    }
+
+    override fun onPartitionsAssigned(partitions: MutableCollection<TopicPartition>?) {
+        partitions?.forEach { partition ->
+            currentPartitions.putIfAbsent(partition.partition(), partition)
+        }
+        val assignedPartitions = partitions ?: emptyList()
+        context.logger.info("Assigned partitions $assignedPartitions for topic $topic")
+        if (assignedPartitions.isNotEmpty()) {
+            val seekTo = transaction {
+                assignedPartitions.map { partition ->
+                    val offset = requireNotNull(txContext().getHwm(partition.partition(), topic)) {
+                        "No hwm for partition ${partition.partition()} on topic $topic, init not called?"
+                    }
+                    partition to offset
+                }
+            }
+            seekTo.forEach { (partition, offset) ->
+                consumer.seek(partition, offset + 1)
+            }
+        }
+    }
+}