Bytter autorisering mot AAREG fra sts til azureAD

deploy/preprod.yaml

@@ -102,4 +102,6 @@ spec:
     - name: AZURE_SCOPE_MEDL
       value: api://dev-fss.team-rocket.medlemskap-medl-api/.default
     - name: AZURE_SCOPE_PDL
-      value: api://dev-fss.pdl.pdl-api/.default
+      value: api://dev-fss.pdl.pdl-api/.default
+    - name: AZURE_SCOPE_AAREG
+      value: api://dev-fss.arbeidsforhold.aareg-services-nais/.default

deploy/prod.yaml

@@ -96,4 +96,6 @@ spec:
     - name: AZURE_SCOPE_MEDL
       value: api://prod-fss.team-rocket.medlemskap-medl-api/.default
     - name: AZURE_SCOPE_PDL
-      value: api://prod-fss.pdl.pdl-api/.default
+      value: api://prod-fss.pdl.pdl-api/.default
+    - name: AZURE_SCOPE_AAREG
+      value: api://prod-fss.arbeidsforhold.aareg-services-nais/.default

src/main/kotlin/no/nav/medlemskap/clients/RestClients.kt

@@ -29,7 +29,7 @@ class RestClients(
 
     private val httpClient = cioHttpClient
 
-    fun aaReg(endpointUrl: String) = AaRegClient(endpointUrl, configuration.sts.username, stsClientRest, httpClient, configuration.register.aaRegApiKey, aaRegRetry)
+    fun aaReg(endpointUrl: String) = AaRegClient(endpointUrl, azureAdClient, httpClient, configuration, configuration.register.aaRegApiKey, aaRegRetry)
     fun medl2(endpointBaseUrl: String) = MedlClient(endpointBaseUrl, azureAdClient, configuration, httpClient, medlRetry)
     fun saf(endpointBaseUrl: String) = SafClient(endpointBaseUrl, stsClientRest, configuration.sts.username, httpClient, configuration.register.safApiKey, safRetry)
     fun oppgaver(endpointBaseUrl: String) = OppgaveClient(endpointBaseUrl, azureAdClient, configuration, httpClient, oppgaveRetry)

src/main/kotlin/no/nav/medlemskap/clients/aareg/AaRegClient.kt

@@ -7,16 +7,17 @@ import io.ktor.client.plugins.*
 import io.ktor.client.request.*
 import io.ktor.http.*
 import mu.KotlinLogging
+import no.nav.medlemskap.clients.azuread.AzureAdClient
 import no.nav.medlemskap.clients.runWithRetryAndMetrics
-import no.nav.medlemskap.clients.sts.StsRestClient
+import no.nav.medlemskap.config.Configuration
 import java.time.LocalDate
 import java.time.format.DateTimeFormatter
 
 class AaRegClient(
     private val baseUrl: String,
-    private val username: String,
-    private val stsClient: StsRestClient,
+    private val azureAdClient: AzureAdClient,
     private val httpClient: HttpClient,
+    private val configuration: Configuration,
     private val aaRegApiKey: String,
     private val retry: Retry? = null
 ) {
@@ -27,16 +28,16 @@ class AaRegClient(
     }
 
     suspend fun hentArbeidsforhold(fnr: String, callId: String, fraOgMed: LocalDate? = null, tilOgMed: LocalDate? = null): List<AaRegArbeidsforhold> {
-        val oidcToken = stsClient.oidcToken()
+        val token = azureAdClient.hentToken(configuration.register.aaregScope)
         return runCatching {
             runWithRetryAndMetrics("AaReg", "ArbeidsforholdV1", retry) {
                 httpClient.get() {
                     url("$baseUrl/v1/arbeidstaker/arbeidsforhold")
-                    header(HttpHeaders.Authorization, "Bearer $oidcToken")
+                    header(HttpHeaders.Authorization, "Bearer ${token.token}")
                     header(HttpHeaders.Accept, ContentType.Application.Json)
                     header("Nav-Call-Id", callId)
                     header("Nav-Personident", fnr)
-                    header("Nav-Consumer-Token", "Bearer $oidcToken")
+                    header("Nav-Consumer-Token", "Bearer ${token.token}")
                     header("x-nav-apiKey", aaRegApiKey)
                     fraOgMed?.let { parameter("ansettelsesperiodeFom", fraOgMed.tilIsoFormat()) }
                     tilOgMed?.let { parameter("ansettelsesperiodeTom", tilOgMed.tilIsoFormat()) }
@@ -63,16 +64,16 @@ class AaRegClient(
     }
 
     suspend fun hentArbeidsforholdV2(fnr: String, callId: String, fraOgMed: LocalDate? = null, tilOgMed: LocalDate? = null): List<no.nav.medlemskap.clients.aareg.Arbeidsforhold> {
-        val oidcToken = stsClient.oidcToken()
+        val token = azureAdClient.hentToken(configuration.register.aaregScope)
         return runCatching {
             runWithRetryAndMetrics("AaReg", "ArbeidsforholdV2", retry) {
                 httpClient.get() {
                     url("$baseUrl/v2/arbeidstaker/arbeidsforhold")
-                    header(HttpHeaders.Authorization, "Bearer $oidcToken")
+                    header(HttpHeaders.Authorization, "Bearer ${token.token}")
                     header(HttpHeaders.Accept, ContentType.Application.Json)
                     header("Nav-Call-Id", callId)
                     header("Nav-Personident", fnr)
-                    header("Nav-Consumer-Token", "Bearer $oidcToken")
+                    header("Nav-Consumer-Token", "Bearer ${token.token}")
                     header("x-nav-apiKey", aaRegApiKey)
                     parameter("historikk", "true")
                     parameter("arbeidsforholdstatus", "AKTIV,AVSLUTTET,FREMTIDIG")

src/main/kotlin/no/nav/medlemskap/config/Configuration.kt

@@ -45,7 +45,8 @@ private val defaultProperties = ConfigurationMap(
         "AZURE_SCOPE_OPPGAVE" to "",
         "AZURE_SCOPE_UDI" to "",
         "AZURE_SCOPE_MEDL" to "",
-        "AZURE_SCOPE_PDL" to ""
+        "AZURE_SCOPE_PDL" to "",
+        "AZURE_SCOPE_AAREG" to ""
     )
 )
 
@@ -93,6 +94,7 @@ data class Configuration(
         val udiProxyApiKey: String = "UDI_PROXY_API_KEY".configProperty(), // Venter på  bestilling - legges inn i secrets
         val udiBaseUrl: String = "UDI_BASE_URL".configProperty(),
         val oppgaveScope: String = "AZURE_SCOPE_OPPGAVE".configProperty(),
+        val aaregScope: String = "AZURE_SCOPE_AAREG".configProperty(),
         val udiScope: String = "AZURE_SCOPE_UDI".configProperty(),
         val medlScope: String = "AZURE_SCOPE_MEDL".configProperty(),
         val pdlScope: String = "AZURE_SCOPE_PDL".configProperty()

src/test/kotlin/no/nav/medlemskap/clients/aareg/AaregClientTest.kt

@@ -7,17 +7,20 @@ import com.github.tomakehurst.wiremock.client.WireMock.equalTo
 import com.github.tomakehurst.wiremock.core.WireMockConfiguration
 import io.ktor.client.plugins.*
 import io.ktor.http.*
+import io.ktor.serialization.*
 import io.mockk.coEvery
 import io.mockk.mockk
 import kotlinx.coroutines.runBlocking
-import no.nav.medlemskap.clients.sts.StsRestClient
+import no.nav.medlemskap.clients.azuread.AzureAdClient
 import no.nav.medlemskap.common.cioHttpClient
+import no.nav.medlemskap.config.Configuration
 import org.junit.jupiter.api.*
 import java.time.LocalDate
 import java.time.LocalDateTime
 
 class AaregClientTest {
 
+    private val config = Configuration()
     val username = "Stian"
     companion object {
         val server: WireMockServer = WireMockServer(WireMockConfiguration.options().dynamicPort())
@@ -44,8 +47,8 @@ class AaregClientTest {
     fun `tester response`() {
         val callId = "12345"
 
-        val stsClient: StsRestClient = mockk()
-        coEvery { stsClient.oidcToken() } returns "dummytoken"
+        val azureAdClient: AzureAdClient = mockk()
+        coEvery { azureAdClient.hentToken(config.register.aaregScope).token } returns "dummytoken"
 
         WireMock.stubFor(
             queryMapping.willReturn(
@@ -56,7 +59,7 @@ class AaregClientTest {
             )
         )
 
-        val client = createAaRegClient(stsClient)
+        val client = createAaRegClient(azureAdClient)
 
         val response = runBlocking { client.hentArbeidsforhold("26104635775", callId, LocalDate.of(2010, 1, 1), LocalDate.of(2016, 1, 1)) }
 
@@ -89,8 +92,8 @@ class AaregClientTest {
     @Test
     fun `tester ServerResponseException`() {
         val callId = "12345"
-        val stsClient: StsRestClient = mockk()
-        coEvery { stsClient.oidcToken() } returns "dummytoken"
+        val azureAdClient: AzureAdClient = mockk()
+        coEvery { azureAdClient.hentToken(config.register.aaregScope).token } returns "dummytoken"
 
         WireMock.stubFor(
             queryMapping.willReturn(
@@ -100,7 +103,7 @@ class AaregClientTest {
 
             )
         )
-        val client = AaRegClient(server.baseUrl(), username, stsClient, cioHttpClient, "123")
+        val client = AaRegClient(server.baseUrl(), azureAdClient, cioHttpClient, config, "123")
 
         Assertions.assertThrows(ServerResponseException::class.java) {
             runBlocking { client.hentArbeidsforhold("26104635775", callId, LocalDate.of(2010, 1, 1), LocalDate.of(2016, 1, 1)) }
@@ -110,8 +113,8 @@ class AaregClientTest {
     @Test
     fun `tester ClientRequestException`() {
         val callId = "12345"
-        val stsClient: StsRestClient = mockk()
-        coEvery { stsClient.oidcToken() } returns "dummytoken"
+        val azureAdClient: AzureAdClient = mockk()
+        coEvery { azureAdClient.hentToken(config.register.aaregScope).token } returns "dummytoken"
 
         WireMock.stubFor(
             queryMapping.willReturn(
@@ -122,7 +125,7 @@ class AaregClientTest {
             )
         )
 
-        val client = createAaRegClient(stsClient)
+        val client = createAaRegClient(azureAdClient)
 
         Assertions.assertThrows(ClientRequestException::class.java) {
             runBlocking { client.hentArbeidsforhold("26104635775", callId, LocalDate.of(2010, 1, 1), LocalDate.of(2016, 1, 1)) }
@@ -132,8 +135,8 @@ class AaregClientTest {
     @Test
     fun `404 gir tom liste`() {
         val callId = "12345"
-        val stsClient: StsRestClient = mockk()
-        coEvery { stsClient.oidcToken() } returns "dummytoken"
+        val azureAdClient: AzureAdClient = mockk()
+        coEvery { azureAdClient.hentToken(config.register.aaregScope).token } returns "dummytoken"
 
         WireMock.stubFor(
             queryMapping.willReturn(
@@ -144,17 +147,17 @@ class AaregClientTest {
             )
         )
 
-        val client = createAaRegClient(stsClient)
+        val client = createAaRegClient(azureAdClient)
         val response = runBlocking { client.hentArbeidsforhold("26104635775", callId, LocalDate.of(2010, 1, 1), LocalDate.of(2016, 1, 1)) }
 
         Assertions.assertEquals(0, response.size)
     }
 
-    private fun createAaRegClient(stsClient: StsRestClient): AaRegClient {
+    private fun createAaRegClient(azureAdClient: AzureAdClient): AaRegClient {
         return AaRegClient(
             baseUrl = server.baseUrl(),
-            username = username,
-            stsClient = stsClient,
+            azureAdClient = azureAdClient,
+            configuration = config,
             httpClient = cioHttpClient,
             aaRegApiKey = "123"
         )