Application execution now uses NaisEnvironmentApplicationContextInitializer, with config cleanup.

Author: rfc3092

apps/adresse-service/src/main/resources/application-local.yml

@@ -1,5 +1,8 @@
-TOKEN_X_CLIENT_ID: dev-gcp:dolly:testnav-adresse-service
-
 spring:
   config:
     import: "sm://"
+  security:
+    oauth2:
+      resourceserver:
+        tokenx:
+          accepted-audience: dev-gcp:dolly:testnav-adresse-service

apps/adresse-service/src/main/resources/application.yml

@@ -35,9 +35,6 @@ management:
         include: prometheus,health
       path-mapping:
         prometheus: metrics
-  endpoint:
-    prometheus:
-      access: read_only
   prometheus:
     metrics:
       export:

apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/Altinn3TilgangServiceApplicationStarter.java

@@ -1,9 +1,10 @@
 package no.nav.testnav.altinn3tilgangservice;
 
+import no.nav.dolly.libs.nais.NaisEnvironmentApplicationContextInitializer;
 import no.nav.testnav.libs.reactivecore.config.CoreConfig;
 import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.context.annotation.Import;
 import org.springframework.data.r2dbc.config.EnableR2dbcAuditing;
 import org.springframework.data.r2dbc.repository.config.EnableR2dbcRepositories;
@@ -20,6 +21,8 @@
 public class Altinn3TilgangServiceApplicationStarter {
 
     public static void main(String[] args) {
-        SpringApplication.run(Altinn3TilgangServiceApplicationStarter.class, args);
+        new SpringApplicationBuilder(Altinn3TilgangServiceApplicationStarter.class)
+                .initializers(new NaisEnvironmentApplicationContextInitializer())
+                .run(args);
     }
 }

apps/altinn3-tilgang-service/src/main/resources/application-local.yml

@@ -1,19 +1,12 @@
 ALTINN_URL: https://platform.tt02.altinn.no
-AZURE_APP_CLIENT_ID: ${sm\://azure-app-client-id}
-AZURE_APP_CLIENT_SECRET: ${sm\://azure-app-client-secret}
 MASKINPORTEN_CLIENT_ID: ef2960de-7fa6-4396-80a5-2eca00e4af28
 MASKINPORTEN_CLIENT_JWK: dummy
 MASKINPORTEN_SCOPES: altinn:resourceregistry/accesslist.read altinn:resourceregistry/accesslist.write altinn:accessmanagement/authorizedparties.resourceowner
 MASKINPORTEN_WELL_KNOWN_URL: https://test.maskinporten.no/.well-known/oauth-authorization-server
-TOKEN_X_ISSUER: dummy
 
 spring:
   cache:
     type: none
-  cloud:
-    gcp:
-      secretmanager:
-        project-id: dolly-dev-ff83
   config:
     import: "sm://"
   flyway:

apps/altinn3-tilgang-service/src/main/resources/application.yml

@@ -1,5 +1,3 @@
-AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b
-
 spring:
   application:
     version: application.version.todo
@@ -9,12 +7,10 @@ spring:
     oauth2:
       resourceserver:
         aad:
-          issuer-uri: ${AAD_ISSUER_URI}/v2.0
-          jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
+          issuer-uri: ${AZURE_OPENID_CONFIG_ISSUER}
           accepted-audience: ${AZURE_APP_CLIENT_ID}, api://${AZURE_APP_CLIENT_ID}
         tokenx:
           issuer-uri: ${TOKEN_X_ISSUER}
-          jwk-set-uri: ${TOKEN_X_JWKS_URI}
           accepted-audience: ${TOKEN_X_CLIENT_ID}
   jackson:
     serialization:

apps/amelding-service/src/main/java/no/nav/registre/testnav/ameldingservice/AMeldingServiceApplicationStarter.java

@@ -1,9 +1,10 @@
 package no.nav.registre.testnav.ameldingservice;
 
+import no.nav.dolly.libs.nais.NaisEnvironmentApplicationContextInitializer;
 import no.nav.testnav.libs.reactivecore.config.CoreConfig;
 import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.context.annotation.Import;
 import org.springframework.web.reactive.config.EnableWebFlux;
 
@@ -16,6 +17,9 @@
 public class AMeldingServiceApplicationStarter {
 
     public static void main(String[] args) {
-        SpringApplication.run(AMeldingServiceApplicationStarter.class, args);
+        new SpringApplicationBuilder(AMeldingServiceApplicationStarter.class)
+                .initializers(new NaisEnvironmentApplicationContextInitializer())
+                .run(args);
     }
+
 }

apps/amelding-service/src/main/resources/application-local.yml

@@ -1,6 +1,3 @@
-AZURE_APP_CLIENT_ID: ${sm\://azure-app-client-id}
-AZURE_APP_CLIENT_SECRET: ${sm\://azure-app-client-secret}
-
 spring:
   config:
     import: "sm://"

apps/amelding-service/src/main/resources/application.yml

@@ -1,5 +1,3 @@
-AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b
-
 spring:
   application:
     name: testnav-amelding-service
@@ -9,8 +7,7 @@ spring:
     oauth2:
       resourceserver:
         aad:
-          issuer-uri: ${AAD_ISSUER_URI}/v2.0
-          jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
+          issuer-uri: ${AZURE_OPENID_CONFIG_ISSUER}
           accepted-audience:  ${AZURE_APP_CLIENT_ID}, api:// ${AZURE_APP_CLIENT_ID}
 
 springdoc:

apps/app-tilgang-analyse-service/src/main/java/no/nav/testnav/apps/apptilganganalyseservice/AppTilgangAnalyseServiceApplicationStarter.java

@@ -1,9 +1,10 @@
 package no.nav.testnav.apps.apptilganganalyseservice;
 
+import no.nav.dolly.libs.nais.NaisEnvironmentApplicationContextInitializer;
 import no.nav.testnav.libs.reactivecore.config.CoreConfig;
 import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.context.annotation.Import;
 import org.springframework.web.reactive.config.EnableWebFlux;
 
@@ -16,6 +17,8 @@
 public class AppTilgangAnalyseServiceApplicationStarter {
 
     public static void main(String[] args) {
-        SpringApplication.run(AppTilgangAnalyseServiceApplicationStarter.class, args);
+        new SpringApplicationBuilder(AppTilgangAnalyseServiceApplicationStarter.class)
+                .initializers(new NaisEnvironmentApplicationContextInitializer())
+                .run(args);
     }
 }

apps/app-tilgang-analyse-service/src/main/resources/application-local.yml

@@ -1,5 +1,4 @@
-AZURE_APP_CLIENT_ID: ${sm\://azure-app-client-id}
-AZURE_APP_CLIENT_SECRET: ${sm\://azure-app-client-secret}
+DOLLY_READER_TOKEN: dummy
 
 spring:
   config:

apps/app-tilgang-analyse-service/src/main/resources/application-localdb.yml

@@ -1,5 +1,4 @@
-AZURE_APP_CLIENT_ID: ${sm\://azure-app-client-id}
-AZURE_APP_CLIENT_SECRET: ${sm\://azure-app-client-secret}
+DOLLY_READER_TOKEN: dummy
 
 spring:
   config:

apps/app-tilgang-analyse-service/src/main/resources/application.yml

@@ -1,20 +1,15 @@
-AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b
-
 spring:
   application:
-    version: application.version.todo #TODO Finn ut hvordan denne kan settes fra gradle
     name: testnav-app-tilgang-analyse-service
     description: API for å app tilgang analyse
   security:
     oauth2:
       resourceserver:
         aad:
-          issuer-uri: ${AAD_ISSUER_URI}/v2.0
-          jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
+          issuer-uri: ${AZURE_OPENID_CONFIG_ISSUER}
           accepted-audience:  ${AZURE_APP_CLIENT_ID}, api:// ${AZURE_APP_CLIENT_ID}
         tokenx:
-          issuer-uri: ${TOKEN_X_ISSUER} 
-          jwk-set-uri: ${TOKEN_X_JWKS_URI}
+          issuer-uri: ${TOKEN_X_ISSUER}
           accepted-audience: ${TOKEN_X_CLIENT_ID}
 
 springdoc:

apps/arbeidsforhold-service/src/main/java/no/nav/registre/testnorge/arbeidsforholdservice/ArbeidsforholdApiApplicationStarter.java

@@ -1,12 +1,15 @@
 package no.nav.registre.testnorge.arbeidsforholdservice;
 
-import org.springframework.boot.SpringApplication;
+import no.nav.dolly.libs.nais.NaisEnvironmentApplicationContextInitializer;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
 
 @SpringBootApplication
 public class ArbeidsforholdApiApplicationStarter {
 
     public static void main(String[] args) {
-        SpringApplication.run(ArbeidsforholdApiApplicationStarter.class, args);
+        new SpringApplicationBuilder(ArbeidsforholdApiApplicationStarter.class)
+                .initializers(new NaisEnvironmentApplicationContextInitializer())
+                .run(args);
     }
 }

apps/arbeidsforhold-service/src/main/resources/application-local.yml

@@ -1,11 +1,3 @@
-AZURE_APP_CLIENT_ID: ${sm\://azure-app-client-id}
-AZURE_APP_CLIENT_SECRET: ${sm\://azure-app-client-secret}
-
 spring:
   config:
-    import: "sm://"
-  security:
-    oauth2:
-      resourceserver:
-        aad:
-          accepted-audience: ${sm\://azure-app-client-id}, api://${sm\://azure-app-client-id}
+    import: "sm://"

apps/arbeidsforhold-service/src/main/resources/application.yml

@@ -1,5 +1,3 @@
-AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b
-
 spring:
   application:
     name: testnav-arbeidsforhold-service
@@ -8,12 +6,10 @@ spring:
     oauth2:
       resourceserver:
         aad:
-          issuer-uri: ${AAD_ISSUER_URI}/v2.0
-          jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
+          issuer-uri: ${AZURE_OPENID_CONFIG_ISSUER}
           accepted-audience:  ${AZURE_APP_CLIENT_ID}, api:// ${AZURE_APP_CLIENT_ID}
         tokenx:
-          issuer-uri: ${TOKEN_X_ISSUER} 
-          jwk-set-uri: ${TOKEN_X_JWKS_URI}
+          issuer-uri: ${TOKEN_X_ISSUER}
           accepted-audience: ${TOKEN_X_CLIENT_ID}
 
 springdoc:

apps/batch-bestilling-service/src/main/java/no/nav/registre/testnorge/batchbestillingservice/BatchBestillingServiceApplicationStarter.java

@@ -1,11 +1,14 @@
 package no.nav.registre.testnorge.batchbestillingservice;
 
-import org.springframework.boot.SpringApplication;
+import no.nav.dolly.libs.nais.NaisEnvironmentApplicationContextInitializer;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
 
 @SpringBootApplication
 public class BatchBestillingServiceApplicationStarter {
     public static void main(String[] args) {
-        SpringApplication.run(BatchBestillingServiceApplicationStarter.class, args);
+        new SpringApplicationBuilder(BatchBestillingServiceApplicationStarter.class)
+                .initializers(new NaisEnvironmentApplicationContextInitializer())
+                .run(args);
     }
 }

apps/batch-bestilling-service/src/main/resources/application-local.yml

@@ -1,6 +1,3 @@
-AZURE_APP_CLIENT_ID: ${sm\://azure-app-client-id}
-AZURE_APP_CLIENT_SECRET: ${sm\://azure-app-client-secret}
-
 spring:
   config:
     import: "sm://"

apps/batch-bestilling-service/src/main/resources/application.yml

@@ -1,21 +1,15 @@
-AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b
-
 spring:
-  main:
-    banner-mode: off
   application:
     name: batch-bestilling-service
     description: App for å sende batch bestillinger til backend
   security:
     oauth2:
       resourceserver:
         aad:
-          issuer-uri: ${AAD_ISSUER_URI}/v2.0
-          jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
+          issuer-uri: ${AZURE_OPENID_CONFIG_ISSUER}
           accepted-audience:  ${AZURE_APP_CLIENT_ID}, api:// ${AZURE_APP_CLIENT_ID}
         tokenx:
-          issuer-uri: ${TOKEN_X_ISSUER} 
-          jwk-set-uri: ${TOKEN_X_JWKS_URI}
+          issuer-uri: ${TOKEN_X_ISSUER}
           accepted-audience: ${TOKEN_X_CLIENT_ID}
 
 springdoc:

apps/brreg-stub/src/main/java/no/nav/brregstub/BrregApplicationLauncher.java

@@ -1,16 +1,19 @@
 package no.nav.brregstub;
 
+import no.nav.dolly.libs.nais.NaisEnvironmentApplicationContextInitializer;
 import no.nav.testnav.libs.vault.VaultUtils;
-import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
 
 
 @SpringBootApplication
 public class BrregApplicationLauncher {
 
     public static void main(String[] args) {
         VaultUtils.initCloudVaultToken("prod");
-        SpringApplication.run(BrregApplicationLauncher.class, args);
+        new SpringApplicationBuilder(BrregApplicationLauncher.class)
+                .initializers(new NaisEnvironmentApplicationContextInitializer())
+                .run(args);
     }
 
 }

apps/brreg-stub/src/main/resources/application-prod.yml

@@ -2,8 +2,6 @@
 spring:
   flyway:
     locations: classpath:db/migration/postgresql
-  main:
-    banner-mode: off
   datasource:
     url: jdbc:postgresql://b27dbvl032.preprod.local:5432/testnav-brregstub?useUnicode=yes&characterEncoding=UTF-8
     hikari:

apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/BrukerServiceApplicationStarter.java

@@ -1,9 +1,10 @@
 package no.nav.testnav.apps.brukerservice;
 
+import no.nav.dolly.libs.nais.NaisEnvironmentApplicationContextInitializer;
 import no.nav.testnav.libs.reactivecore.config.CoreConfig;
 import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.context.annotation.Import;
 import org.springframework.web.reactive.config.EnableWebFlux;
 
@@ -17,6 +18,8 @@
 public class BrukerServiceApplicationStarter {
 
     public static void main(String[] args) {
-        SpringApplication.run(BrukerServiceApplicationStarter.class, args);
+        new SpringApplicationBuilder(BrukerServiceApplicationStarter.class)
+                .initializers(new NaisEnvironmentApplicationContextInitializer())
+                .run(args);
     }
 }

apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/service/JwtService.java

@@ -28,7 +28,7 @@ public JwtService(
             GetAuthenticatedUserId getAuthenticatedUserId,
             CryptographyService cryptographyService,
             @Value("${JWT_SECRET}") String secretKey,
-            @Value("${TOKEN_X_CLIENT_ID}") String issuer) {
+            @Value("${spring.security.oauth2.resourceserver.tokenx.accepted-audience}") String issuer) {
         this.getAuthenticatedUserId = getAuthenticatedUserId;
         this.cryptographyService = cryptographyService;
         this.secretKey = secretKey;

apps/bruker-service/src/main/resources/application-local.yml

@@ -1,20 +1,17 @@
-
-AZURE_APP_CLIENT_ID: ${sm\://azure-app-client-id}
-AZURE_APP_CLIENT_SECRET: ${sm\://azure-app-client-secret}
-CRYPTOGRAPHY_SECRET: DUMMY SUPER SECRET CRYPTOGRAPHY KEY THAT IS NOT SECURE
-JWT_SECRET: DUMMY SUPER SECRET JWT KEY THAT IS NOT SECURE
-
 TOKEN_X_CLIENT_ID: dev-gcp:dolly:testnav-bruker-service-dev
 
 spring:
-  application:
-    name: testnav-bruker-service-dev
   config:
     import: "sm://"
   flyway:
     url: jdbc:h2:mem:testdb
     username: sa
     password:
+  security:
+    oauth2:
+      resourceserver:
+        tokenx:
+          accepted-audience: ${TOKEN_X_CLIENT_ID}
 
 consumers:
   testnav-altinn3-tilgang-service:

apps/bruker-service/src/main/resources/application.yml

@@ -1,5 +1,3 @@
-AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b
-
 spring:
   application:
     version: application.version.todo
@@ -9,9 +7,10 @@ spring:
     oauth2:
       resourceserver:
         aad:
-          issuer-uri: ${AAD_ISSUER_URI}/v2.0
-          jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
+          issuer-uri: ${AZURE_OPENID_CONFIG_ISSUER}
           accepted-audience: ${AZURE_APP_CLIENT_ID}, api://${AZURE_APP_CLIENT_ID}
+        tokenx:
+          accepted-audience: ${TOKEN_X_CLIENT_ID}
   jackson:
     serialization:
       write_dates_as_timestamps: