diff --git a/apps/etterlatte-proxy/.nais/dev.yaml b/apps/etterlatte-proxy/.nais/dev.yaml index 9291cbfc..209aa5ef 100644 --- a/apps/etterlatte-proxy/.nais/dev.yaml +++ b/apps/etterlatte-proxy/.nais/dev.yaml @@ -41,24 +41,20 @@ spec: azure: application: enabled: true - tokenx: - enabled: true webproxy: true env: - name: STS_REST_URL value: http://security-token-service.default.svc.nais.local/rest/v1/sts/token - name: STS_SOAP_URL value: https://sts-q1.preprod.local/SecurityTokenServiceProvider/ - - name: INNTEKTSKOMPONENTEN_URL - value: https://app-q2.adeo.no/inntektskomponenten-ws/rs/api/v1/hentinntektliste - - name: AAREG_URL - value: https://aareg-services.dev.intern.nav.no/api/v2 - name: REGOPPSLAG_URL value: https://regoppslag.dev.intern.nav.no/rest - name: INSTITUSJONSOPPHOLD_URL value: https://inst2-q2.dev.intern.nav.no - name: INSTITUSJONSOPPHOLD_AZURE_SCOPE value: api://dev-fss.team-rocket.inst2-q2/.default + - name: TILBAKEKREVING_URL + value: https://cics-q1.adeo.no/oppdrag/K231CW80 prometheus: enabled: true path: /internal/prometheus @@ -74,12 +70,12 @@ spec: - application: sjekk-adressebeskyttelse namespace: etterlatte cluster: dev-gcp - - application: etterlatte-pdltjenester - namespace: etterlatte - cluster: dev-gcp - application: etterlatte-brev-api namespace: etterlatte cluster: dev-gcp - application: etterlatte-institusjonsopphold + namespace: etterlatte + cluster: dev-gcp + - application: etterlatte-tilbakekreving namespace: etterlatte cluster: dev-gcp \ No newline at end of file diff --git a/apps/etterlatte-proxy/.nais/prod.yaml b/apps/etterlatte-proxy/.nais/prod.yaml index 7711166b..e2fb5de2 100644 --- a/apps/etterlatte-proxy/.nais/prod.yaml +++ b/apps/etterlatte-proxy/.nais/prod.yaml @@ -41,12 +41,8 @@ spec: azure: application: enabled: true - tokenx: - enabled: true webproxy: true env: - - name: AAREG_URL - value: https://aareg-services.intern.nav.no/api/v2 - name: REGOPPSLAG_URL value: https://regoppslag.intern.nav.no/rest - name: STS_REST_URL @@ -57,6 +53,8 @@ spec: value: https://inst2.intern.nav.no - name: INSTITUSJONSOPPHOLD_AZURE_SCOPE value: api://prod-fss.team-rocket.inst2/.default + - name: TILBAKEKREVING_URL + value: https://cics.adeo.no/oppdrag/K231CW80 prometheus: enabled: true path: /internal/prometheus @@ -76,5 +74,8 @@ spec: namespace: etterlatte cluster: prod-gcp - application: etterlatte-institusjonsopphold + namespace: etterlatte + cluster: prod-gcp + - application: etterlatte-tilbakekreving namespace: etterlatte cluster: prod-gcp \ No newline at end of file diff --git a/apps/etterlatte-proxy/build.gradle.kts b/apps/etterlatte-proxy/build.gradle.kts index 081aa425..26cd44ed 100644 --- a/apps/etterlatte-proxy/build.gradle.kts +++ b/apps/etterlatte-proxy/build.gradle.kts @@ -1,5 +1,3 @@ -import java.net.URI - plugins { id("etterlatte.common") } @@ -30,17 +28,13 @@ dependencies { implementation(Ktor.OkHttp) implementation(NavFelles.NavFellesTokenClientCore) implementation(NavFelles.TjenestespesifikasjonerTilbakekreving) - implementation(Cxf.cxfLogging) - implementation(Cxf.cxfJaxWs) - implementation(Cxf.cxfTransportsHttp) - implementation(Cxf.cxfWsSecurity) - + implementation(Cxf.CxfLogging) + implementation(Cxf.CxfJaxWs) + implementation(Cxf.CxfTransportsHttp) + implementation(Cxf.CxfWsSecurity) + implementation(Micrometer.Prometheus) implementation(Jackson.jacksonDatatypejsr310) testImplementation(NavFelles.MockOauth2Server) - testImplementation(Ktor.ServerTests) - - implementation(Micrometer.Prometheus) - implementation("org.json:json:20180813") } diff --git a/apps/etterlatte-proxy/src/main/kotlin/Application.kt b/apps/etterlatte-proxy/src/main/kotlin/Application.kt index 76fdd6a4..c5754d0b 100644 --- a/apps/etterlatte-proxy/src/main/kotlin/Application.kt +++ b/apps/etterlatte-proxy/src/main/kotlin/Application.kt @@ -17,8 +17,6 @@ import no.nav.etterlatte.auth.installAuthentication import no.nav.etterlatte.auth.sts.StsRestClient import no.nav.etterlatte.config.TilbakekrevingConfig import no.nav.etterlatte.config.load -import no.nav.etterlatte.routes.aaregRoute -import no.nav.etterlatte.routes.inntektskomponentenRoute import no.nav.etterlatte.routes.institusjonsoppholdRoute import no.nav.etterlatte.routes.internalRoute import no.nav.etterlatte.routes.regoppslagRoute @@ -28,12 +26,11 @@ import java.util.* fun main(args: Array): Unit = io.ktor.server.netty.EngineMain.main(args) -@Suppress("unused") // Referenced in application.conf fun Application.module() { val config = runBlocking { environment.config.load() } val stsClient = StsRestClient(config.sts) - installAuthentication(config.aad, config.tokenX) + installAuthentication(config.aad) install(ContentNegotiation) { jackson() } install(IgnoreTrailingSlash) install(CallLogging) { @@ -52,8 +49,6 @@ fun Application.module() { authenticate("aad") { route("/aad") { - inntektskomponentenRoute(config, stsClient) - aaregRoute(config, stsClient) regoppslagRoute(config, stsClient) institusjonsoppholdRoute(config) tilbakekrevingRoute(TilbakekrevingConfig(config).createTilbakekrevingService()) diff --git a/apps/etterlatte-proxy/src/main/kotlin/auth/Authentication.kt b/apps/etterlatte-proxy/src/main/kotlin/auth/Authentication.kt index 48202f50..55024c50 100644 --- a/apps/etterlatte-proxy/src/main/kotlin/auth/Authentication.kt +++ b/apps/etterlatte-proxy/src/main/kotlin/auth/Authentication.kt @@ -10,14 +10,7 @@ import no.nav.etterlatte.config.Config import java.net.URL import java.util.concurrent.TimeUnit -fun Application.installAuthentication(configAad: Config.AAD, configTokeX: Config.TokenX) { - val jwkProvider = JwkProviderBuilder(URL(configTokeX.metadata.jwksUri)) - // cache up to 10 JWKs for 24 hours - .cached(10, 24, TimeUnit.HOURS) - // if not cached, only allow max 10 different keys per minute to be fetched from external provider - .rateLimited(10, 1, TimeUnit.MINUTES) - .build() - +fun Application.installAuthentication(configAad: Config.AAD) { val jwkProviderAad = JwkProviderBuilder(URL(configAad.metadata.jwksUri)) // cache up to 10 JWKs for 24 hours .cached(10, 24, TimeUnit.HOURS) @@ -26,22 +19,6 @@ fun Application.installAuthentication(configAad: Config.AAD, configTokeX: Config .build() install(Authentication) { - jwt("tokenX") { - verifier(jwkProvider, configTokeX.metadata.issuer) - validate { credentials -> - try { - requireNotNull(credentials.payload.audience) { - "Auth: Missing audience in token" - } - require(credentials.payload.audience.contains(configTokeX.clientId)) { - "Auth: Valid audience not found in claims" - } - JWTPrincipal(credentials.payload) - } catch (e: Throwable) { - null - } - } - } jwt("aad") { verifier(jwkProviderAad, configAad.metadata.issuer) validate { credentials -> diff --git a/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt b/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt index f2d6c2a0..88c4de11 100644 --- a/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt +++ b/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt @@ -5,14 +5,10 @@ import io.ktor.client.call.body import io.ktor.client.request.get import io.ktor.server.config.ApplicationConfig import no.nav.etterlatte.routes.httpClientWithProxy -import no.nav.etterlatte.routes.jsonClient data class Config( val sts: Sts, val aad: AAD, - val tokenX: TokenX, - val inntektskomponentenUrl: String, - val aaregUrl: String, val regoppslagUrl: String, val institusjonsoppholdUrl: String, val tilbakekrevingUrl: String @@ -33,16 +29,6 @@ data class Config( } } - data class TokenX( - val metadata: Metadata, - val clientId: String, - ) { - data class Metadata( - @JsonProperty("issuer") val issuer: String, - @JsonProperty("jwks_uri") val jwksUri: String, - ) - } - data class AAD( val metadata: Metadata, val clientId: String, @@ -55,9 +41,7 @@ data class Config( } suspend fun ApplicationConfig.load() = Config( - inntektskomponentenUrl = property("inntektskomponenten.url").getString(), institusjonsoppholdUrl = property("institusjonsopphold.url").getString(), - aaregUrl = property("aareg.url").getString(), regoppslagUrl = property("regoppslag.url").getString(), tilbakekrevingUrl = property("tilbakekreving.url").getString(), sts = Config.Sts( @@ -71,9 +55,5 @@ suspend fun ApplicationConfig.load() = Config( aad = Config.AAD( metadata = httpClientWithProxy().use { it.get(property("aad.wellKnownUrl").getString()).body() }, clientId = property("aad.clientId").getString() - ), - tokenX = Config.TokenX( - metadata = jsonClient().use { it.get(property("tokenx.wellKnownUrl").getString()).body() }, - clientId = property("tokenx.clientId").getString() ) ) diff --git a/apps/etterlatte-proxy/src/main/kotlin/config/HttpClient.kt b/apps/etterlatte-proxy/src/main/kotlin/config/HttpClient.kt deleted file mode 100644 index 88e70622..00000000 --- a/apps/etterlatte-proxy/src/main/kotlin/config/HttpClient.kt +++ /dev/null @@ -1,65 +0,0 @@ -package no.nav.etterlatte.config - -import com.fasterxml.jackson.databind.DeserializationFeature -import com.fasterxml.jackson.databind.ObjectMapper -import com.fasterxml.jackson.databind.SerializationFeature -import com.fasterxml.jackson.databind.json.JsonMapper -import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule -import com.fasterxml.jackson.module.kotlin.KotlinModule -import com.typesafe.config.Config -import io.ktor.client.HttpClient -import io.ktor.client.engine.okhttp.OkHttp -import io.ktor.client.plugins.auth.Auth -import io.ktor.client.plugins.contentnegotiation.ContentNegotiation -import io.ktor.client.plugins.defaultRequest -import io.ktor.client.request.header -import io.ktor.http.ContentType -import io.ktor.http.HttpHeaders -import io.ktor.serialization.jackson.JacksonConverter -import no.nav.etterlatte.auth.clientCredential -import java.util.* - -fun getInstitusonsOppholdHttpklient(config: Config): HttpClient { - return httpClientClientCredentials( - azureAppClientId = config.getString("aad.clientId"), - azureAppJwk = config.getString("azure.app.jwk"), - azureAppWellKnownUrl = config.getString("aad.wellKnownUrl"), - azureAppScope = config.getString("institusjonsopphold.azure.scope") - ) -} - -fun httpClientClientCredentials( - azureAppClientId: String, - azureAppJwk: String, - azureAppWellKnownUrl: String, - azureAppScope: String, - ekstraJacksoninnstillinger: ((o: ObjectMapper) -> Unit) = { } -) = HttpClient(OkHttp) { - expectSuccess = true - install(ContentNegotiation) { - register(ContentType.Application.Json, JacksonConverter(objectMapper)) - ekstraJacksoninnstillinger(objectMapper) - } - install(Auth) { - clientCredential { - config = mapOf( - "AZURE_APP_CLIENT_ID" to azureAppClientId, - "AZURE_APP_JWK" to azureAppJwk, - "AZURE_APP_WELL_KNOWN_URL" to azureAppWellKnownUrl, - "AZURE_APP_OUTBOUND_SCOPE" to azureAppScope - ) - } - } - defaultRequest { - header(HttpHeaders.XCorrelationId, UUID.randomUUID().toString()) - } -}.also { Runtime.getRuntime().addShutdownHook(Thread { it.close() }) } - -val objectMapper: ObjectMapper = JsonMapper.builder() - .addModule(JavaTimeModule()) - .addModule(KotlinModule()) - .disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) - .disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES) - .enable(DeserializationFeature.FAIL_ON_NULL_FOR_PRIMITIVES) - .enable(DeserializationFeature.FAIL_ON_NUMBERS_FOR_ENUMS) - .build() diff --git a/apps/etterlatte-proxy/src/main/kotlin/routes/AaregRoute.kt b/apps/etterlatte-proxy/src/main/kotlin/routes/AaregRoute.kt deleted file mode 100644 index aa5f9731..00000000 --- a/apps/etterlatte-proxy/src/main/kotlin/routes/AaregRoute.kt +++ /dev/null @@ -1,49 +0,0 @@ -package no.nav.etterlatte.routes - -import io.ktor.client.plugins.ResponseException -import io.ktor.client.request.get -import io.ktor.client.request.header -import io.ktor.http.HttpHeaders -import io.ktor.http.HttpStatusCode -import io.ktor.server.application.call -import io.ktor.server.request.header -import io.ktor.server.response.respondText -import io.ktor.server.routing.Route -import io.ktor.server.routing.get -import io.ktor.server.routing.route -import no.nav.etterlatte.config.Config -import no.nav.etterlatte.auth.sts.StsRestClient -import org.slf4j.LoggerFactory -import java.util.UUID - -fun Route.aaregRoute(config: Config, stsClient: StsRestClient) { - val logger = LoggerFactory.getLogger("no.pensjon.etterlatte") - route("/aareg/arbeidstaker/arbeidsforhold") { - val httpClient = httpClient() - val url = config.aaregUrl + "/arbeidstaker/arbeidsforhold" - - get { - val stsToken = stsClient.getToken() - val callId = call.request.header(HttpHeaders.NavCallId) ?: UUID.randomUUID().toString() - val personIdent = call.request.header("Nav-Personident") - logger.info("personident test: $personIdent") - - try { - val response = httpClient.get(url) { - header(HttpHeaders.Authorization, "Bearer $stsToken") - header(HttpHeaders.NavConsumerToken, stsToken) - header(HttpHeaders.NavPersonident, personIdent) - header(HttpHeaders.NavCallId, callId) - pipeRequest(call) - } - call.pipeResponse(response) - } catch (cause: ResponseException) { - logger.error("Feil i kall mot aareg: ", cause) - call.pipeResponse(cause.response) - } catch (cause: Throwable) { - logger.error("Feil i kall mot aareg: ", cause) - call.respondText(status = HttpStatusCode.InternalServerError) { cause.message ?: "Intern feil" } - } - } - } -} \ No newline at end of file diff --git a/apps/etterlatte-proxy/src/main/kotlin/routes/Http.kt b/apps/etterlatte-proxy/src/main/kotlin/routes/Http.kt index 3552b746..940a1291 100644 --- a/apps/etterlatte-proxy/src/main/kotlin/routes/Http.kt +++ b/apps/etterlatte-proxy/src/main/kotlin/routes/Http.kt @@ -27,11 +27,6 @@ import io.ktor.utils.io.copyAndClose import org.apache.http.impl.conn.SystemDefaultRoutePlanner import java.net.ProxySelector -fun jsonClient() = HttpClient(Apache) { - install(ContentNegotiation) { - jackson { configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false) } - } -} fun httpClient() = HttpClient(Apache){ install(Logging) { diff --git a/apps/etterlatte-proxy/src/main/kotlin/routes/InntektskomponentenRoute.kt b/apps/etterlatte-proxy/src/main/kotlin/routes/InntektskomponentenRoute.kt deleted file mode 100644 index 30d0a5ed..00000000 --- a/apps/etterlatte-proxy/src/main/kotlin/routes/InntektskomponentenRoute.kt +++ /dev/null @@ -1,48 +0,0 @@ -package no.nav.etterlatte.routes - -import io.ktor.client.plugins.ResponseException -import io.ktor.client.request.bearerAuth -import io.ktor.client.request.header -import io.ktor.client.request.post -import io.ktor.http.HttpHeaders -import io.ktor.http.HttpStatusCode -import io.ktor.server.application.call -import io.ktor.server.request.header -import io.ktor.server.response.respondText -import io.ktor.server.routing.Route -import io.ktor.server.routing.post -import io.ktor.server.routing.route -import no.nav.etterlatte.config.Config -import no.nav.etterlatte.auth.sts.StsRestClient -import org.slf4j.LoggerFactory -import java.util.UUID - -fun Route.inntektskomponentenRoute(config: Config, stsClient: StsRestClient) { - val logger = LoggerFactory.getLogger("no.pensjon.etterlatte") - route("/inntektskomponenten") { - val httpClient = httpClient() - val dokUrl = config.inntektskomponentenUrl - - post { - val stsToken = stsClient.getToken() - val callId = call.request.header(HttpHeaders.NavCallId) ?: UUID.randomUUID().toString() - - try { - val response = httpClient.post(dokUrl) { - bearerAuth(stsToken.accessToken) - header(HttpHeaders.NavConsumerId, "barnepensjon") - header(HttpHeaders.NavCallId, callId) - pipeRequest(call) - } - call.pipeResponse(response) - - } catch (cause: ResponseException) { - logger.error("Feil i kall mot inntektskomponenten: ", cause) - call.pipeResponse(cause.response) - } catch (cause: Throwable) { - logger.error("Feil i kall mot inntektskomponenten: ", cause) - call.respondText(status = HttpStatusCode.InternalServerError) { cause.message ?: "Intern feil" } - } - } - } -} diff --git a/apps/etterlatte-proxy/src/main/kotlin/routes/InstitusjonsoppholdRoute.kt b/apps/etterlatte-proxy/src/main/kotlin/routes/InstitusjonsoppholdRoute.kt index d106cd95..9960dbc3 100644 --- a/apps/etterlatte-proxy/src/main/kotlin/routes/InstitusjonsoppholdRoute.kt +++ b/apps/etterlatte-proxy/src/main/kotlin/routes/InstitusjonsoppholdRoute.kt @@ -1,24 +1,37 @@ package no.nav.etterlatte.routes +import com.fasterxml.jackson.databind.DeserializationFeature +import com.fasterxml.jackson.databind.ObjectMapper +import com.fasterxml.jackson.databind.SerializationFeature +import com.fasterxml.jackson.databind.json.JsonMapper +import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule +import com.fasterxml.jackson.module.kotlin.KotlinModule import com.typesafe.config.ConfigFactory +import io.ktor.client.HttpClient +import io.ktor.client.engine.okhttp.OkHttp import io.ktor.client.plugins.ClientRequestException import io.ktor.client.plugins.RedirectResponseException import io.ktor.client.plugins.ResponseException import io.ktor.client.plugins.ServerResponseException +import io.ktor.client.plugins.auth.Auth +import io.ktor.client.plugins.contentnegotiation.ContentNegotiation +import io.ktor.client.plugins.defaultRequest import io.ktor.client.request.get import io.ktor.client.request.header +import io.ktor.http.ContentType import io.ktor.http.HttpHeaders import io.ktor.http.HttpStatusCode +import io.ktor.serialization.jackson.JacksonConverter import io.ktor.server.application.call import io.ktor.server.request.header import io.ktor.server.response.respond import io.ktor.server.response.respondText -import no.nav.etterlatte.config.Config import io.ktor.server.routing.Route import io.ktor.server.routing.get import io.ktor.server.routing.route import kotlinx.coroutines.runBlocking -import no.nav.etterlatte.config.getInstitusonsOppholdHttpklient +import no.nav.etterlatte.auth.clientCredential +import no.nav.etterlatte.config.Config import org.slf4j.LoggerFactory import java.util.* @@ -71,4 +84,49 @@ fun Route.institusjonsoppholdRoute(config: Config) { } } } -} \ No newline at end of file +} + +private fun getInstitusonsOppholdHttpklient(config: com.typesafe.config.Config): HttpClient { + return httpClientClientCredentials( + azureAppClientId = config.getString("aad.clientId"), + azureAppJwk = config.getString("azure.app.jwk"), + azureAppWellKnownUrl = config.getString("aad.wellKnownUrl"), + azureAppScope = config.getString("institusjonsopphold.azure.scope") + ) +} + +fun httpClientClientCredentials( + azureAppClientId: String, + azureAppJwk: String, + azureAppWellKnownUrl: String, + azureAppScope: String, + ekstraJacksoninnstillinger: ((o: ObjectMapper) -> Unit) = { } +) = HttpClient(OkHttp) { + expectSuccess = true + install(ContentNegotiation) { + register(ContentType.Application.Json, JacksonConverter(objectMapper)) + ekstraJacksoninnstillinger(objectMapper) + } + install(Auth) { + clientCredential { + config = mapOf( + "AZURE_APP_CLIENT_ID" to azureAppClientId, + "AZURE_APP_JWK" to azureAppJwk, + "AZURE_APP_WELL_KNOWN_URL" to azureAppWellKnownUrl, + "AZURE_APP_OUTBOUND_SCOPE" to azureAppScope + ) + } + } + defaultRequest { + header(HttpHeaders.XCorrelationId, UUID.randomUUID().toString()) + } +}.also { Runtime.getRuntime().addShutdownHook(Thread { it.close() }) } + +private val objectMapper: ObjectMapper = JsonMapper.builder() + .addModule(JavaTimeModule()) + .addModule(KotlinModule()) + .disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) + .disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES) + .enable(DeserializationFeature.FAIL_ON_NULL_FOR_PRIMITIVES) + .enable(DeserializationFeature.FAIL_ON_NUMBERS_FOR_ENUMS) + .build() \ No newline at end of file diff --git a/apps/etterlatte-proxy/src/main/kotlin/routes/RegoppslagRoute.kt b/apps/etterlatte-proxy/src/main/kotlin/routes/RegoppslagRoute.kt index 8fee50d6..61beb64a 100644 --- a/apps/etterlatte-proxy/src/main/kotlin/routes/RegoppslagRoute.kt +++ b/apps/etterlatte-proxy/src/main/kotlin/routes/RegoppslagRoute.kt @@ -62,11 +62,11 @@ data class AdresseRequest( val tema: String = "PEN" // Todo: mulig bytte tema til et av de nye ) -val objectMapper: ObjectMapper = JsonMapper.builder() +private val objectMapper: ObjectMapper = JsonMapper.builder() .addModule(KotlinModule()) .disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) .disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES) .disable(MapperFeature.ALLOW_FINAL_FIELDS_AS_MUTATORS) .enable(DeserializationFeature.FAIL_ON_NULL_FOR_PRIMITIVES) .enable(DeserializationFeature.FAIL_ON_NUMBERS_FOR_ENUMS) - .build() + .build() \ No newline at end of file diff --git a/apps/etterlatte-proxy/src/main/resources/application.conf b/apps/etterlatte-proxy/src/main/resources/application.conf index 1557dbad..28805ea1 100644 --- a/apps/etterlatte-proxy/src/main/resources/application.conf +++ b/apps/etterlatte-proxy/src/main/resources/application.conf @@ -14,21 +14,11 @@ sts { soapUrl = ${?STS_SOAP_URL} } -pdl { - url = "http://localhost:8089/pdl" - url = ${?PDL_URL} -} - regoppslag { url = "http://localhost:8089/regoppslag" url = ${?REGOPPSLAG_URL} } -inntektskomponenten { - url = "http://localhost:8089/inntektskomponenten" - url = ${?INNTEKTSKOMPONENTEN_URL} -} - institusjonsopphold { url = "http://localhost:8089/inst2" url = ${?INSTITUSJONSOPPHOLD_URL} @@ -39,11 +29,6 @@ tilbakekreving { url = ${?TILBAKEKREVING_URL} } -aareg { - url = "http://localhost:8089/aareg" - url = ${?AAREG_URL} -} - serviceuser { name = "srvbarnepensjon" password = "srv-password" @@ -58,20 +43,12 @@ aad { clientId = ${?AZURE_APP_CLIENT_ID} } -tokenx { - wellKnownUrl = "https://tokendings.dev-gcp.nais.io/.well-known/oauth-authorization-server" - wellKnownUrl = ${?TOKEN_X_WELL_KNOWN_URL} - clientId = "CLIENT_ID" - clientId = ${?TOKEN_X_CLIENT_ID} -} - -azure.app.client = { +azure.app.client.secret = { secret = "somesecret" secret = ${?AZURE_APP_CLIENT_SECRET} }̋ azure.app { - # Dette er kun en dummy jwk generert her: https://mkjwk.org/ jwk = "{"p":"_xCPvqs85ZZVg460Qfot26rQoNRPTOVDo5p4nqH3ep6BK_5TvoU5LFXd26W-1V1Lc5fcvvftClPOT201xgat4DVtliNtoc8od_tWr190A3AzbsAVFOx0nKa5uhLBxP9SsPM84llp6PXF6QTMGFiPYuoLDaQQqL1K4BbHq3ZzF2M","kty":"RSA","q":"7QLqW75zkfSDrn5rMoF50WXyB_ysNx6-2SvaXKGXaOn80IR7QW5vwkleJnsdz_1kr04rJws2p4HBJjUFfSJDi1Dapj7tbIwb0a1szDs6Y2fAa3DlzgXZCkoE2TIrW6UITgs14pI_a7RasclE71FpoZ78XNBvj3NmZugkNLBvRjs","d":"f7aT4poed8uKdcSD95mvbfBdb6X-M86d99su0c390d6gWwYudeilDugH9PMwqUeUhY0tdaRVXr6rDDIKLSE-uEyaYKaramev0cG-J_QWYJU2Lx-4vDGNHAE7gC99o1Ee_LXqMDCBawMYyVcSWx7PxGQfzhSsARsAIbkarO1sg9zsqPS4exSMbK8wyCTPgRbnkB32_UdZSGbdSib1jSYyyoAItZ8oZHiltVsZIlA97kS4AGPtozde043NC7Ik0uEzgB5qJ_tR7vW8MfDrBj6da2NrLh0UH-q28dooBO1vEu0rvKZIescXYk9lk1ZakHhhpZaLykDOGzxCpronzP3_kQ","e":"AQAB","use":"sig","qi":"9kMIR6pEoiwN3M6O0n8bnh6c3KbLMoQQ1j8_Zyir7ZIlmRpWYl6HtK0VnD88zUuNKTrQa7-jfE5uAUa0PubzfRqybACb4S3HIAuSQP00_yCPzCSRrbpGRDFqq-8eWVwI9VdiN4oqkaaWcL1pd54IDcHIbfk-ZtNtZgsOlodeRMo","dp":"VUecSAvI2JpjDRFxg326R2_dQWi6-uLMsq67FY7hx8WnOqZWKaUxcHllLENGguAmkgd8bv1F6-YJXNUO3Z7uE8DJWyGNTkSNK1CFsy0fBOdGywi-A7jrZFT6VBRhZRRY-YDaInPyzUkfWsGX26wAhPnrqCvqxgBEQJhdOh7obDE","alg":"RS256","dq":"7EUfw92T8EhEjUrRKkQQYEK0iGnGdBxePLiOshEUky3PLT8kcBHbr17cUJgjHBiKqofOVNnE3i9nkOMCWcAyfUtY7KmGndL-WIP-FYplpnrjQzgEnuENgEhRlQOCXZWjNcnPKdKJDqF4WAtAgSIznz6SbSQMUoDD8IoyraPFCck","n":"7CU8tTANiN6W_fD9SP1dK2vQvCkf7-nwvBYe5CfANV0_Bb0ZmQb77FVVsl1beJ7EYLz3cJmL8Is1RCHKUK_4ydqihNjEWTyZiQoj1i67pkqk_zRvfQa9raZR4uZbuBxx7dWUoPC6fFH2F_psAlHW0zf90fsLvhB6Aqq3uvO7XXqo8qNl9d_JSG0Rg_2QUYVb0WKmPVbbhgwtkFu0Tyuev-VZ9IzTbbr5wmZwEUVY7YAi73pDJkcZt5r2WjOF_cuIXe-O2vwbOrRgmJfHO9--mVLdATnEyrb6q2oy_75h6JjP-R4-TD1hyoFFoE2gmj-kSS6Z_Gggljs3Aw7--Nh10Q"}" jwk = ${?AZURE_APP_JWK} } diff --git a/apps/etterlatte-proxy/src/test/kotlin/ApplicationTest.kt b/apps/etterlatte-proxy/src/test/kotlin/ApplicationTest.kt index e1326aae..02025aab 100644 --- a/apps/etterlatte-proxy/src/test/kotlin/ApplicationTest.kt +++ b/apps/etterlatte-proxy/src/test/kotlin/ApplicationTest.kt @@ -25,7 +25,6 @@ internal class ApplicationTest { fun beforeAll() { mockOAuth2.start() hoconApplicationConfig = HoconApplicationConfig(ConfigFactory.load() - .withValue("tokenx.wellKnownUrl", ConfigValueFactory.fromAnyRef(mockOAuth2.wellKnownUrl("tokenx").toString())) .withValue("aad.wellKnownUrl", ConfigValueFactory.fromAnyRef(mockOAuth2.wellKnownUrl("aad").toString())) ) @@ -36,7 +35,7 @@ internal class ApplicationTest { } @Test - fun testRoot() { + fun `skal ikke autentisere for routes innenfor internal`() { testApplication { environment { config = hoconApplicationConfig @@ -50,26 +49,26 @@ internal class ApplicationTest { } @Test - fun testAareg() { + fun `skal returnere unauthorized dersom aad-token mangler for regoppslag-route`() { testApplication { environment { config = hoconApplicationConfig } - client.get("aad/aareg/arbeidstaker/arbeidsforhold").also { + client.get("aad/regoppslag/ident").also { assertEquals(HttpStatusCode.Unauthorized, it.status) } } } @Test - fun testInntektskomponenten() { + fun `skal returnere unauthorized dersom aad-token mangler for institusjonsopphold-route`() { testApplication { environment { config = hoconApplicationConfig } - client.post("aad/inntektskomponenten").also { + client.get("aad/inst2/1").also { assertEquals(HttpStatusCode.Unauthorized, it.status) } } diff --git a/buildSrc/src/main/kotlin/Constants.kt b/buildSrc/src/main/kotlin/Constants.kt index ec029491..03dd6bdb 100644 --- a/buildSrc/src/main/kotlin/Constants.kt +++ b/buildSrc/src/main/kotlin/Constants.kt @@ -67,10 +67,10 @@ object MockK { object Cxf { private const val version = "4.0.0" - const val cxfLogging = "org.apache.cxf:cxf-rt-features-logging:$version" - const val cxfJaxWs = "org.apache.cxf:cxf-rt-frontend-jaxws:$version" - const val cxfTransportsHttp = "org.apache.cxf:cxf-rt-transports-http:$version" - const val cxfWsSecurity = "org.apache.cxf:cxf-rt-ws-security:$version" + const val CxfLogging = "org.apache.cxf:cxf-rt-features-logging:$version" + const val CxfJaxWs = "org.apache.cxf:cxf-rt-frontend-jaxws:$version" + const val CxfTransportsHttp = "org.apache.cxf:cxf-rt-transports-http:$version" + const val CxfWsSecurity = "org.apache.cxf:cxf-rt-ws-security:$version" } object Kotest {