Merge branch 'master' into change/opensearch_config_cleanup

Author: rfc3092

.github/workflows/proxy.altinn3-tilgang-proxy.yml

@@ -0,0 +1,23 @@
+name: altinn3-tilgang-proxy
+
+on:
+  push:
+    paths:
+      - "plugins/**"
+      - "libs/reactive-core/**"
+      - "libs/reactive-proxy/**"
+      - "libs/security-core/**"
+      - "libs/servlet-insecure-security/**"
+      - "proxies/altinn3-tilgang-proxy/**"
+      - ".github/workflows/proxy.altinn3-tilgang-proxy.yml"
+
+jobs:
+  workflow:
+    uses: ./.github/workflows/common.workflow.backend.yml
+    with:
+      working-directory: "proxies/altinn3-tilgang-proxy"
+      deploy-tag: "#deploy-proxy-altinn3-tilgang"
+    permissions:
+      contents: read
+      id-token: write
+    secrets: inherit

apps/altinn3-tilgang-service/build.gradle

@@ -10,11 +10,8 @@ sonarqube {
 }
 
 dependencies {
-    implementation "com.google.cloud:spring-cloud-gcp-starter-secretmanager:$versions.gcpSecretManager"
-
     implementation "no.nav.testnav.libs:reactive-core"
     implementation "no.nav.testnav.libs:reactive-security"
-    implementation "no.nav.testnav.libs:vault"
 
     implementation "org.springframework.boot:spring-boot-starter-data-r2dbc"
     implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server"
@@ -28,7 +25,6 @@ dependencies {
 
     implementation "ma.glasnost.orika:orika-core:$versions.orika"
 
-    implementation "io.micrometer:micrometer-registry-prometheus"
     implementation "org.springdoc:springdoc-openapi-starter-webflux-ui:$versions.springdoc"
     implementation "io.swagger.core.v3:swagger-annotations-jakarta:$versions.swagger"
 

apps/altinn3-tilgang-service/config.prod.yml

@@ -38,6 +38,8 @@ spec:
           cluster: dev-gcp
         - application: testnav-oversikt-frontend
           cluster: dev-gcp
+        - application: testnav-altinn3-tilgang-proxy
+          cluster: dev-gcp
     outbound:
       external:
         - host: platform.altinn.no

apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/LocalVaultConfig.java

@@ -1,11 +1,11 @@
-TOKEN_X_ISSUER: dummy
-
 ALTINN_URL: https://tt02.altinn.no
-
+AZURE_APP_CLIENT_ID: ${sm://azure-app-client-id}
+AZURE_APP_CLIENT_SECRET: ${sm://azure-app-client-secret}
 MASKINPORTEN_CLIENT_ID: dummy
 MASKINPORTEN_CLIENT_JWK: dummy
 MASKINPORTEN_SCOPES: dummy
 MASKINPORTEN_WELL_KNOWN_URL: https://test.maskinporten.no/.well-known/oauth-authorization-server
+TOKEN_X_ISSUER: dummy
 
 spring:
   cache:

apps/altinn3-tilgang-service/src/main/resources/application-local.yml

@@ -4,24 +4,21 @@ spring:
   application:
     version: application.version.todo
     name: testnav-altinn3-tilgang-service
-    desciption: Tjeneste for å hente og sette tilganger for orgnisasjoner
+    description: Tjeneste for å hente og sette tilganger for orgnisasjoner
   security:
     oauth2:
       resourceserver:
         aad:
           issuer-uri: ${AAD_ISSUER_URI}/v2.0
           jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
-          accepted-audience: ${azure.app.client.id}, api://${azure.app.client.id}
+          accepted-audience: ${AZURE_APP_CLIENT_ID}, api://${AZURE_APP_CLIENT_ID}
         tokenx:
           issuer-uri: ${TOKEN_X_ISSUER}
           jwk-set-uri: ${TOKEN_X_JWKS_URI}
           accepted-audience: ${TOKEN_X_CLIENT_ID}
   jackson:
     serialization:
       write_dates_as_timestamps: false
-  cloud:
-    vault:
-      enabled: false
 
 springdoc:
   swagger-ui:

apps/altinn3-tilgang-service/src/main/resources/application.yml

@@ -57,8 +57,7 @@ spec:
         - application: testnorge-profil-api
         - application: testnorge-tilbakemelding-api
         - application: testnav-yrkesskade-proxy
-        - application: testnav-altinn3-tilgang-service-prod
-          cluster: prod-gcp
+        - application: testnav-altinn3-tilgang-proxy
       external:
         - host: testnav-pensjon-testdata-facade-proxy.dev-fss-pub.nais.io
         - host: testnav-sigrunstub-proxy.dev-fss-pub.nais.io
@@ -75,7 +74,6 @@ spec:
         - host: testnav-brregstub-proxy.dev-fss-pub.nais.io
         - host: testnav-dokarkiv-proxy.dev-fss-pub.nais.io
         - host: idporten.no
-        - host: testnav-altinn3-tilgang-service.nav.no
 
   liveness:
     path: /internal/isAlive

apps/dolly-frontend/config.idporten.yml

@@ -67,8 +67,7 @@ spec:
         - application: testnav-levende-arbeidsforhold-ansettelse
         - application: testnav-levende-arbeidsforhold-scheduler
         - application: testnav-yrkesskade-proxy
-        - application: testnav-altinn3-tilgang-service-prod
-          cluster: prod-gcp
+        - application: testnav-altinn3-tilgang-proxy
       external:
         - host: testnav-pensjon-testdata-facade-proxy.dev-fss-pub.nais.io
         - host: testnav-sigrunstub-proxy.dev-fss-pub.nais.io
@@ -84,7 +83,6 @@ spec:
         - host: testnav-norg2-proxy.dev-fss-pub.nais.io
         - host: testnav-brregstub-proxy.dev-fss-pub.nais.io
         - host: testnav-dokarkiv-proxy.dev-fss-pub.nais.io
-        - host: testnav-altinn3-tilgang-service.nav.no
   liveness:
     path: /internal/isAlive
     initialDelay: 20

apps/dolly-frontend/config.yml

@@ -26,10 +26,10 @@ spring:
 
 consumers:
   testnav-altinn3-tilgang-service:
-    cluster: prod-gcp
+    cluster: dev-gcp
     namespace: dolly
-    name: testnav-altinn3-tilgang-service-prod
-    url: https://testnav-altinn3-tilgang-service.nav.no
+    name: testnav-altinn3-tilgang-proxy
+    url: http://testnav-altinn3-tilgang-proxy.dolly.svc.cluster.local
   testnav-tps-messaging-service:
     cluster: dev-gcp
     namespace: dolly

apps/dolly-frontend/src/main/resources/application.yml

@@ -22,6 +22,7 @@ spec:
         - application: testnav-pdl-forvalter
         - application: testnav-pdl-forvalter-dev
         - application: testnav-levende-arbeidsforhold-ansettelse
+        - application: testnorge-statisk-data-forvalter
     outbound:
       external:
         - host: kodeverk-api.nav.no

apps/kodeverk-service/config.yml

@@ -71,6 +71,7 @@ spec:
         - application: krr-stub
         - application: synthdata-aareg
           cluster: dev-fss
-        - application: kodeverk
+        - application: testnav-kodeverk-service
+          cluster: dev-gcp
         - application: testnav-aareg-proxy
           cluster: dev-fss

apps/testnorge-statisk-data-forvalter/config.yml

@@ -26,7 +26,7 @@ public class Consumers {
 
     private ServerProperties testnavAaregProxy;
     private ServerProperties genererNavnService;
-    private ServerProperties kodeverkApi;
+    private ServerProperties testnavKodeverkService;
     private ServerProperties testnavOrganisasjonFasteDataService;
     private ServerProperties testnavOrganisasjonService;
     private ServerProperties testnavPersonFasteDataService;

apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/config/Consumers.java

@@ -23,7 +23,7 @@ public KodeverkConsumer(
                                 .maxInMemorySize(16 * 1024 * 1024))
                         .build())
                 .baseUrl(consumers
-                        .getKodeverkApi()
+                        .getTestnavKodeverkService()
                         .getUrl())
                 .build();
     }

apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/consumer/rs/kodeverk/KodeverkConsumer.java

@@ -6,7 +6,11 @@
 import no.nav.registre.sdforvalter.domain.KrrListe;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.ParameterizedTypeReference;
-import org.springframework.http.*;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.RequestEntity;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Component;
 import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;

apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/consumer/rs/krr/KrrConsumer.java

@@ -25,3 +25,6 @@ consumers:
     url: https://testnav-bruker-service-dev.intern.dev.nav.no
   synthdata-aareg:
     url: https://nais-synthdata-aareg.dev.intern.nav.no
+  testnav-kodeverk-service:
+    url: https://testnav-kodeverk-service.intern.dev.nav.no
+

apps/testnorge-statisk-data-forvalter/src/main/resources/application-local.yml

@@ -16,7 +16,7 @@ spring:
         aad:
           issuer-uri: ${AAD_ISSUER_URI}/v2.0
           jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
-          accepted-audience:  ${AZURE_APP_CLIENT_ID}, api:// ${AZURE_APP_CLIENT_ID}
+          accepted-audience: ${AZURE_APP_CLIENT_ID}, api:// ${AZURE_APP_CLIENT_ID}
 
 springdoc:
   swagger-ui:
@@ -59,11 +59,11 @@ consumers:
     url: https://krr-stub-%s.dev.intern.nav.no/api
   synthdata-aareg:
     url: http://nais-synthdata-aareg.dolly.svc.nais.local
-  kodeverk-api:
-    name: kodeverk-api
-    namespace: team-rocket
-    url: https://kodeverk-api.nav.no
-    cluster: prod-gcp
+  testnav-kodeverk-service:
+    name: testnav-kodeverk-service
+    namespace: dolly
+    url: http://testnav-kodeverk-service.dolly.svc.cluster.local
+    cluster: dev-gcp
   testnav-aareg-proxy:
     name: testnav-aareg-proxy
     namespace: dolly

apps/testnorge-statisk-data-forvalter/src/main/resources/application.yml

@@ -47,33 +47,41 @@
 @AutoConfigureMockMvc
 class OrkestreringControllerAaregIntegrationTest {
 
+    private static final String FNR = "01010101010";
+    private static final String ORGNR = "999999999";
+    private static final String MILJOE = "test";
+    private static String syntString;
+    private final KodeverkResponse kodeverkResponse = new KodeverkResponse(Collections.singletonList("yrke"));
+    private final TypeReference<List<RsAaregSyntetiseringsRequest>> syntResponse = new TypeReference<>() {
+    };
     @Autowired
     private MockMvc mvc;
-
     @MockBean
     private TokenExchange tokenExchange;
-
     @Autowired
     private AaregRepository aaregRepository;
-
     @Autowired
     private ObjectMapper objectMapper;
 
-    private static final String FNR = "01010101010";
-    private static final String ORGNR = "999999999";
-    private static final String MILJOE = "test";
-
-    private final KodeverkResponse kodeverkResponse = new KodeverkResponse(Collections.singletonList("yrke"));
-    private static String syntString;
-    private final TypeReference<List<RsAaregSyntetiseringsRequest>> syntResponse = new TypeReference<>() {
-    };
+    @AfterEach
+    public void cleanUp() {
+        reset();
+        aaregRepository.deleteAll();
+    }
 
     @BeforeAll
     public static void setup() {
         syntString = getResourceFileContent("files/enkel_arbeidsforholdmelding.json");
     }
 
-    @Disabled("Fix verify GET on (.*)/kodeverk-api/api/v1/kodeverk/Yrker/koder")
+    private AaregModel createAaregModel() {
+        AaregModel model = new AaregModel();
+        model.setFnr(FNR);
+        model.setOrgId(ORGNR);
+        return model;
+    }
+
+    @Disabled("Fix verify GET on (.*)/testnav-kodeverk-service/api/v1/kodeverk/Yrker/koder")
     @Test
     void shouldInitiateAaregFromDatabase() throws Exception {
         final AaregModel aaregModel = createAaregModel();
@@ -127,7 +135,7 @@ void shouldInitiateAaregFromDatabase() throws Exception {
 
         JsonWiremockHelper
                 .builder(objectMapper)
-                .withUrlPathMatching("(.*)/kodeverk-api/api/v1/kodeverk/Yrker/koder")
+                .withUrlPathMatching("(.*)/testnav-kodeverk-service/api/v1/kodeverk/Yrker/koder")
                 .withResponseBody(kodeverkResponse)
                 .verifyGet();
 
@@ -167,7 +175,7 @@ void shouldNotOppretteAaregWhenAlreadyExists() throws Exception {
 
     }
 
-    @Disabled("Fix verify GET on (.*)/kodeverk-api/api/v1/kodeverk/Yrker/koder")
+    @Disabled("Fix verify GET on (.*)/testnav-kodeverk-service/api/v1/kodeverk/Yrker/koder")
     @Test
     void shouldNotOppretteAaregIfSyntError() throws Exception {
         final AaregModel aaregModel = createAaregModel();
@@ -190,7 +198,7 @@ void shouldNotOppretteAaregIfSyntError() throws Exception {
 
         JsonWiremockHelper
                 .builder(objectMapper)
-                .withUrlPathMatching("(.*)/kodeverk-api/api/v1/kodeverk/Yrker/koder")
+                .withUrlPathMatching("(.*)/testnav-kodeverk-service/api/v1/kodeverk/Yrker/koder")
                 .withResponseBody(kodeverkResponse)
                 .stubGet();
 
@@ -213,22 +221,9 @@ void shouldNotOppretteAaregIfSyntError() throws Exception {
 
         JsonWiremockHelper
                 .builder(objectMapper)
-                .withUrlPathMatching("(.*)/kodeverk-api/api/v1/kodeverk/Yrker/koder")
+                .withUrlPathMatching("(.*)/testnav-kodeverk-service/api/v1/kodeverk/Yrker/koder")
                 .withResponseBody(kodeverkResponse)
                 .verifyGet();
     }
 
-    private AaregModel createAaregModel() {
-        AaregModel model = new AaregModel();
-        model.setFnr(FNR);
-        model.setOrgId(ORGNR);
-        return model;
-    }
-
-    @AfterEach
-    public void cleanUp() {
-        reset();
-        aaregRepository.deleteAll();
-    }
-
 }

apps/testnorge-statisk-data-forvalter/src/test/java/no/nav/registre/sdforvalter/provider/rs/OrkestreringControllerAaregIntegrationTest.java

@@ -46,10 +46,10 @@ consumers:
     url: http://localhost:${wiremock.server.port:0}/krr-stub/api
   synthdata-aareg:
     url: http://localhost:${wiremock.server.port:0}/synt-aareg
-  kodeverk:
-    url: http://localhost:${wiremock.server.port:0}/kodeverk-api
-    name: kodeverk-api
-    namespace: team-rocket
+  testnav-kodeverk-service:
+    url: http://localhost:${wiremock.server.port:0}/testnav-kodeverk-service
+    name: testnav-kodeverk-service
+    namespace: dolly
     cluster: dummy
   testnav-aareg-proxy:
     url: http://localhost:${wiremock.server.port:0}/aareg

apps/testnorge-statisk-data-forvalter/src/test/resources/application-test.yml

@@ -0,0 +1,8 @@
+FROM ghcr.io/navikt/baseimages/temurin:21
+LABEL maintainer="Team Dolly"
+
+ENV JAVA_OPTS="-Dspring.profiles.active=prod"
+
+COPY /build/libs/app.jar /app/app.jar
+
+EXPOSE 8080

proxies/altinn3-tilgang-proxy/Dockerfile

@@ -0,0 +1,3 @@
+## Lokal kjøring
+* [Generelt.](../../docs/local_general.md)
+* [Secret Manager.](../../docs/local_secretmanager.md)

proxies/altinn3-tilgang-proxy/README.md

@@ -0,0 +1,19 @@
+plugins {
+    id "dolly-proxies"
+}
+
+sonarqube {
+    properties {
+        property "sonar.projectKey", "testnav-altinn3-tilgang-proxy"
+        property "sonar.projectName", "testnav-altinn3-tilgang-proxy"
+    }
+}
+
+dependencies {
+    implementation "no.nav.testnav.libs:security-core"
+    implementation "no.nav.testnav.libs:reactive-core"
+    implementation "no.nav.testnav.libs:reactive-proxy"
+    implementation "no.nav.testnav.libs:servlet-insecure-security"
+
+    implementation "org.springframework.boot:spring-boot-starter-webflux"
+}