EY-2660 Fjernet ubrukte endepunkter for aareg og inntekskomponenten

- Disse brukes ikke, og kan også integreres med uten bruk av vår proxy - La til konfigurasjon for tilbakekreving i nais-filene
navikt · Sep 26, 2023 · 0a7a50f · 0a7a50f
1 parent f9ff0e4
commit 0a7a50f
Show file tree

Hide file tree

Showing 15 changed files with 90 additions and 280 deletions.
diff --git a/apps/etterlatte-proxy/.nais/dev.yaml b/apps/etterlatte-proxy/.nais/dev.yaml
@@ -41,24 +41,20 @@ spec:
   azure:
     application:
       enabled: true
-  tokenx:
-    enabled: true
   webproxy: true
   env:
     - name: STS_REST_URL
       value: http://security-token-service.default.svc.nais.local/rest/v1/sts/token
     - name: STS_SOAP_URL
       value: https://sts-q1.preprod.local/SecurityTokenServiceProvider/
-    - name: INNTEKTSKOMPONENTEN_URL
-      value: https://app-q2.adeo.no/inntektskomponenten-ws/rs/api/v1/hentinntektliste
-    - name: AAREG_URL
-      value: https://aareg-services.dev.intern.nav.no/api/v2
     - name: REGOPPSLAG_URL
       value: https://regoppslag.dev.intern.nav.no/rest
     - name: INSTITUSJONSOPPHOLD_URL
       value: https://inst2-q2.dev.intern.nav.no
     - name: INSTITUSJONSOPPHOLD_AZURE_SCOPE
       value: api://dev-fss.team-rocket.inst2-q2/.default
+    - name: TILBAKEKREVING_URL
+      value: https://cics-q1.adeo.no/oppdrag/K231CW80
   prometheus:
     enabled: true
     path: /internal/prometheus
@@ -74,12 +70,12 @@ spec:
         - application: sjekk-adressebeskyttelse
           namespace: etterlatte
           cluster: dev-gcp
-        - application: etterlatte-pdltjenester
-          namespace: etterlatte
-          cluster: dev-gcp
         - application: etterlatte-brev-api
           namespace: etterlatte
           cluster: dev-gcp
         - application: etterlatte-institusjonsopphold
+          namespace: etterlatte
+          cluster: dev-gcp
+        - application: etterlatte-tilbakekreving
           namespace: etterlatte
           cluster: dev-gcp
diff --git a/apps/etterlatte-proxy/.nais/prod.yaml b/apps/etterlatte-proxy/.nais/prod.yaml
@@ -41,12 +41,8 @@ spec:
   azure:
     application:
       enabled: true
-  tokenx:
-    enabled: true
   webproxy: true
   env:
-    - name: AAREG_URL
-      value: https://aareg-services.intern.nav.no/api/v2
     - name: REGOPPSLAG_URL
       value: https://regoppslag.intern.nav.no/rest
     - name: STS_REST_URL
@@ -57,6 +53,8 @@ spec:
       value: https://inst2.intern.nav.no
     - name: INSTITUSJONSOPPHOLD_AZURE_SCOPE
       value: api://prod-fss.team-rocket.inst2/.default
+    - name: TILBAKEKREVING_URL
+      value: https://cics.adeo.no/oppdrag/K231CW80
   prometheus:
     enabled: true
     path: /internal/prometheus
@@ -76,5 +74,8 @@ spec:
           namespace: etterlatte
           cluster: prod-gcp
         - application: etterlatte-institusjonsopphold
+          namespace: etterlatte
+          cluster: prod-gcp
+        - application: etterlatte-tilbakekreving
           namespace: etterlatte
           cluster: prod-gcp
diff --git a/apps/etterlatte-proxy/build.gradle.kts b/apps/etterlatte-proxy/build.gradle.kts
@@ -1,5 +1,3 @@
-import java.net.URI
-
 plugins {
     id("etterlatte.common")
 }
@@ -30,17 +28,13 @@ dependencies {
     implementation(Ktor.OkHttp)
     implementation(NavFelles.NavFellesTokenClientCore)
     implementation(NavFelles.TjenestespesifikasjonerTilbakekreving)
-    implementation(Cxf.cxfLogging)
-    implementation(Cxf.cxfJaxWs)
-    implementation(Cxf.cxfTransportsHttp)
-    implementation(Cxf.cxfWsSecurity)
-
+    implementation(Cxf.CxfLogging)
+    implementation(Cxf.CxfJaxWs)
+    implementation(Cxf.CxfTransportsHttp)
+    implementation(Cxf.CxfWsSecurity)
+    implementation(Micrometer.Prometheus)
     implementation(Jackson.jacksonDatatypejsr310)
 
     testImplementation(NavFelles.MockOauth2Server)
-
     testImplementation(Ktor.ServerTests)
-
-    implementation(Micrometer.Prometheus)
-    implementation("org.json:json:20180813")
 }
diff --git a/apps/etterlatte-proxy/src/main/kotlin/Application.kt b/apps/etterlatte-proxy/src/main/kotlin/Application.kt
@@ -17,8 +17,6 @@ import no.nav.etterlatte.auth.installAuthentication
 import no.nav.etterlatte.auth.sts.StsRestClient
 import no.nav.etterlatte.config.TilbakekrevingConfig
 import no.nav.etterlatte.config.load
-import no.nav.etterlatte.routes.aaregRoute
-import no.nav.etterlatte.routes.inntektskomponentenRoute
 import no.nav.etterlatte.routes.institusjonsoppholdRoute
 import no.nav.etterlatte.routes.internalRoute
 import no.nav.etterlatte.routes.regoppslagRoute
@@ -28,12 +26,11 @@ import java.util.*
 
 fun main(args: Array<String>): Unit = io.ktor.server.netty.EngineMain.main(args)
 
-@Suppress("unused") // Referenced in application.conf
 fun Application.module() {
     val config = runBlocking { environment.config.load() }
     val stsClient = StsRestClient(config.sts)
 
-    installAuthentication(config.aad, config.tokenX)
+    installAuthentication(config.aad)
     install(ContentNegotiation) { jackson() }
     install(IgnoreTrailingSlash)
     install(CallLogging) {
@@ -52,8 +49,6 @@ fun Application.module() {
 
         authenticate("aad") {
             route("/aad") {
-                inntektskomponentenRoute(config, stsClient)
-                aaregRoute(config, stsClient)
                 regoppslagRoute(config, stsClient)
                 institusjonsoppholdRoute(config)
                 tilbakekrevingRoute(TilbakekrevingConfig(config).createTilbakekrevingService())

diff --git a/apps/etterlatte-proxy/src/main/kotlin/auth/Authentication.kt b/apps/etterlatte-proxy/src/main/kotlin/auth/Authentication.kt
@@ -10,14 +10,7 @@ import no.nav.etterlatte.config.Config
 import java.net.URL
 import java.util.concurrent.TimeUnit
 
-fun Application.installAuthentication(configAad: Config.AAD, configTokeX: Config.TokenX) {
-    val jwkProvider = JwkProviderBuilder(URL(configTokeX.metadata.jwksUri))
-        // cache up to 10 JWKs for 24 hours
-        .cached(10, 24, TimeUnit.HOURS)
-        // if not cached, only allow max 10 different keys per minute to be fetched from external provider
-        .rateLimited(10, 1, TimeUnit.MINUTES)
-        .build()
-
+fun Application.installAuthentication(configAad: Config.AAD) {
     val jwkProviderAad = JwkProviderBuilder(URL(configAad.metadata.jwksUri))
         // cache up to 10 JWKs for 24 hours
         .cached(10, 24, TimeUnit.HOURS)
@@ -26,22 +19,6 @@ fun Application.installAuthentication(configAad: Config.AAD, configTokeX: Config
         .build()
 
     install(Authentication) {
-        jwt("tokenX") {
-            verifier(jwkProvider, configTokeX.metadata.issuer)
-            validate { credentials ->
-                try {
-                    requireNotNull(credentials.payload.audience) {
-                        "Auth: Missing audience in token"
-                    }
-                    require(credentials.payload.audience.contains(configTokeX.clientId)) {
-                        "Auth: Valid audience not found in claims"
-                    }
-                    JWTPrincipal(credentials.payload)
-                } catch (e: Throwable) {
-                    null
-                }
-            }
-        }
         jwt("aad") {
             verifier(jwkProviderAad, configAad.metadata.issuer)
             validate { credentials ->

diff --git a/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt b/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt
@@ -5,14 +5,10 @@ import io.ktor.client.call.body
 import io.ktor.client.request.get
 import io.ktor.server.config.ApplicationConfig
 import no.nav.etterlatte.routes.httpClientWithProxy
-import no.nav.etterlatte.routes.jsonClient
 
 data class Config(
     val sts: Sts,
     val aad: AAD,
-    val tokenX: TokenX,
-    val inntektskomponentenUrl: String,
-    val aaregUrl: String,
     val regoppslagUrl: String,
     val institusjonsoppholdUrl: String,
     val tilbakekrevingUrl: String
@@ -33,16 +29,6 @@ data class Config(
         }
     }
 
-    data class TokenX(
-        val metadata: Metadata,
-        val clientId: String,
-    ) {
-        data class Metadata(
-            @JsonProperty("issuer") val issuer: String,
-            @JsonProperty("jwks_uri") val jwksUri: String,
-        )
-    }
-
     data class AAD(
         val metadata: Metadata,
         val clientId: String,
@@ -55,9 +41,7 @@ data class Config(
 }
 
 suspend fun ApplicationConfig.load() = Config(
-    inntektskomponentenUrl = property("inntektskomponenten.url").getString(),
     institusjonsoppholdUrl = property("institusjonsopphold.url").getString(),
-    aaregUrl = property("aareg.url").getString(),
     regoppslagUrl = property("regoppslag.url").getString(),
     tilbakekrevingUrl = property("tilbakekreving.url").getString(),
     sts = Config.Sts(
@@ -71,9 +55,5 @@ suspend fun ApplicationConfig.load() = Config(
     aad = Config.AAD(
         metadata = httpClientWithProxy().use { it.get(property("aad.wellKnownUrl").getString()).body() },
         clientId = property("aad.clientId").getString()
-    ),
-    tokenX = Config.TokenX(
-        metadata = jsonClient().use { it.get(property("tokenx.wellKnownUrl").getString()).body() },
-        clientId = property("tokenx.clientId").getString()
     )
 )
diff --git a/apps/etterlatte-proxy/src/main/kotlin/config/HttpClient.kt b/apps/etterlatte-proxy/src/main/kotlin/config/HttpClient.kt
diff --git a/apps/etterlatte-proxy/src/main/kotlin/routes/AaregRoute.kt b/apps/etterlatte-proxy/src/main/kotlin/routes/AaregRoute.kt
diff --git a/apps/etterlatte-proxy/src/main/kotlin/routes/Http.kt b/apps/etterlatte-proxy/src/main/kotlin/routes/Http.kt
@@ -27,11 +27,6 @@ import io.ktor.utils.io.copyAndClose
 import org.apache.http.impl.conn.SystemDefaultRoutePlanner
 import java.net.ProxySelector
 
-fun jsonClient() =  HttpClient(Apache) {
-    install(ContentNegotiation) {
-        jackson { configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false) }
-    }
-}
 
 fun httpClient() = HttpClient(Apache){
     install(Logging) {