From bf2a4bd85ef8bdc61c8ff2688814590e1a9c8ec5 Mon Sep 17 00:00:00 2001 From: "Stian S. Douzette" Date: Tue, 11 Jun 2024 07:33:29 +0200 Subject: [PATCH] Bytter autorisering mot AAREG fra sts til azureAD --- deploy/preprod.yaml | 4 ++- deploy/prod.yaml | 4 ++- .../no/nav/medlemskap/clients/RestClients.kt | 2 +- .../medlemskap/clients/aareg/AaRegClient.kt | 19 +++++----- .../no/nav/medlemskap/config/Configuration.kt | 4 ++- .../clients/aareg/AaregClientTest.kt | 35 ++++++++++--------- 6 files changed, 39 insertions(+), 29 deletions(-) diff --git a/deploy/preprod.yaml b/deploy/preprod.yaml index cb8523de7..458778423 100644 --- a/deploy/preprod.yaml +++ b/deploy/preprod.yaml @@ -102,4 +102,6 @@ spec: - name: AZURE_SCOPE_MEDL value: api://dev-fss.team-rocket.medlemskap-medl-api/.default - name: AZURE_SCOPE_PDL - value: api://dev-fss.pdl.pdl-api/.default \ No newline at end of file + value: api://dev-fss.pdl.pdl-api/.default + - name: AZURE_SCOPE_AAREG + value: api://dev-fss.arbeidsforhold.aareg-services-nais/.default \ No newline at end of file diff --git a/deploy/prod.yaml b/deploy/prod.yaml index 046c117e3..2413d29ff 100644 --- a/deploy/prod.yaml +++ b/deploy/prod.yaml @@ -96,4 +96,6 @@ spec: - name: AZURE_SCOPE_MEDL value: api://prod-fss.team-rocket.medlemskap-medl-api/.default - name: AZURE_SCOPE_PDL - value: api://prod-fss.pdl.pdl-api/.default \ No newline at end of file + value: api://prod-fss.pdl.pdl-api/.default + - name: AZURE_SCOPE_AAREG + value: api://prod-fss.arbeidsforhold.aareg-services-nais/.default \ No newline at end of file diff --git a/src/main/kotlin/no/nav/medlemskap/clients/RestClients.kt b/src/main/kotlin/no/nav/medlemskap/clients/RestClients.kt index 31e5a187e..f58d1b864 100644 --- a/src/main/kotlin/no/nav/medlemskap/clients/RestClients.kt +++ b/src/main/kotlin/no/nav/medlemskap/clients/RestClients.kt @@ -29,7 +29,7 @@ class RestClients( private val httpClient = cioHttpClient - fun aaReg(endpointUrl: String) = AaRegClient(endpointUrl, configuration.sts.username, stsClientRest, httpClient, configuration.register.aaRegApiKey, aaRegRetry) + fun aaReg(endpointUrl: String) = AaRegClient(endpointUrl, azureAdClient, httpClient, configuration, configuration.register.aaRegApiKey, aaRegRetry) fun medl2(endpointBaseUrl: String) = MedlClient(endpointBaseUrl, azureAdClient, configuration, httpClient, medlRetry) fun saf(endpointBaseUrl: String) = SafClient(endpointBaseUrl, stsClientRest, configuration.sts.username, httpClient, configuration.register.safApiKey, safRetry) fun oppgaver(endpointBaseUrl: String) = OppgaveClient(endpointBaseUrl, azureAdClient, configuration, httpClient, oppgaveRetry) diff --git a/src/main/kotlin/no/nav/medlemskap/clients/aareg/AaRegClient.kt b/src/main/kotlin/no/nav/medlemskap/clients/aareg/AaRegClient.kt index 254308244..5da6fb4b1 100644 --- a/src/main/kotlin/no/nav/medlemskap/clients/aareg/AaRegClient.kt +++ b/src/main/kotlin/no/nav/medlemskap/clients/aareg/AaRegClient.kt @@ -7,16 +7,17 @@ import io.ktor.client.plugins.* import io.ktor.client.request.* import io.ktor.http.* import mu.KotlinLogging +import no.nav.medlemskap.clients.azuread.AzureAdClient import no.nav.medlemskap.clients.runWithRetryAndMetrics -import no.nav.medlemskap.clients.sts.StsRestClient +import no.nav.medlemskap.config.Configuration import java.time.LocalDate import java.time.format.DateTimeFormatter class AaRegClient( private val baseUrl: String, - private val username: String, - private val stsClient: StsRestClient, + private val azureAdClient: AzureAdClient, private val httpClient: HttpClient, + private val configuration: Configuration, private val aaRegApiKey: String, private val retry: Retry? = null ) { @@ -27,16 +28,16 @@ class AaRegClient( } suspend fun hentArbeidsforhold(fnr: String, callId: String, fraOgMed: LocalDate? = null, tilOgMed: LocalDate? = null): List { - val oidcToken = stsClient.oidcToken() + val token = azureAdClient.hentToken(configuration.register.aaregScope) return runCatching { runWithRetryAndMetrics("AaReg", "ArbeidsforholdV1", retry) { httpClient.get() { url("$baseUrl/v1/arbeidstaker/arbeidsforhold") - header(HttpHeaders.Authorization, "Bearer $oidcToken") + header(HttpHeaders.Authorization, "Bearer ${token.token}") header(HttpHeaders.Accept, ContentType.Application.Json) header("Nav-Call-Id", callId) header("Nav-Personident", fnr) - header("Nav-Consumer-Token", "Bearer $oidcToken") + header("Nav-Consumer-Token", "Bearer ${token.token}") header("x-nav-apiKey", aaRegApiKey) fraOgMed?.let { parameter("ansettelsesperiodeFom", fraOgMed.tilIsoFormat()) } tilOgMed?.let { parameter("ansettelsesperiodeTom", tilOgMed.tilIsoFormat()) } @@ -63,16 +64,16 @@ class AaRegClient( } suspend fun hentArbeidsforholdV2(fnr: String, callId: String, fraOgMed: LocalDate? = null, tilOgMed: LocalDate? = null): List { - val oidcToken = stsClient.oidcToken() + val token = azureAdClient.hentToken(configuration.register.aaregScope) return runCatching { runWithRetryAndMetrics("AaReg", "ArbeidsforholdV2", retry) { httpClient.get() { url("$baseUrl/v2/arbeidstaker/arbeidsforhold") - header(HttpHeaders.Authorization, "Bearer $oidcToken") + header(HttpHeaders.Authorization, "Bearer ${token.token}") header(HttpHeaders.Accept, ContentType.Application.Json) header("Nav-Call-Id", callId) header("Nav-Personident", fnr) - header("Nav-Consumer-Token", "Bearer $oidcToken") + header("Nav-Consumer-Token", "Bearer ${token.token}") header("x-nav-apiKey", aaRegApiKey) parameter("historikk", "true") parameter("arbeidsforholdstatus", "AKTIV,AVSLUTTET,FREMTIDIG") diff --git a/src/main/kotlin/no/nav/medlemskap/config/Configuration.kt b/src/main/kotlin/no/nav/medlemskap/config/Configuration.kt index 23877501d..717ff392f 100644 --- a/src/main/kotlin/no/nav/medlemskap/config/Configuration.kt +++ b/src/main/kotlin/no/nav/medlemskap/config/Configuration.kt @@ -45,7 +45,8 @@ private val defaultProperties = ConfigurationMap( "AZURE_SCOPE_OPPGAVE" to "", "AZURE_SCOPE_UDI" to "", "AZURE_SCOPE_MEDL" to "", - "AZURE_SCOPE_PDL" to "" + "AZURE_SCOPE_PDL" to "", + "AZURE_SCOPE_AAREG" to "" ) ) @@ -93,6 +94,7 @@ data class Configuration( val udiProxyApiKey: String = "UDI_PROXY_API_KEY".configProperty(), // Venter på bestilling - legges inn i secrets val udiBaseUrl: String = "UDI_BASE_URL".configProperty(), val oppgaveScope: String = "AZURE_SCOPE_OPPGAVE".configProperty(), + val aaregScope: String = "AZURE_SCOPE_AAREG".configProperty(), val udiScope: String = "AZURE_SCOPE_UDI".configProperty(), val medlScope: String = "AZURE_SCOPE_MEDL".configProperty(), val pdlScope: String = "AZURE_SCOPE_PDL".configProperty() diff --git a/src/test/kotlin/no/nav/medlemskap/clients/aareg/AaregClientTest.kt b/src/test/kotlin/no/nav/medlemskap/clients/aareg/AaregClientTest.kt index 35d57e424..ad256be1b 100644 --- a/src/test/kotlin/no/nav/medlemskap/clients/aareg/AaregClientTest.kt +++ b/src/test/kotlin/no/nav/medlemskap/clients/aareg/AaregClientTest.kt @@ -7,17 +7,20 @@ import com.github.tomakehurst.wiremock.client.WireMock.equalTo import com.github.tomakehurst.wiremock.core.WireMockConfiguration import io.ktor.client.plugins.* import io.ktor.http.* +import io.ktor.serialization.* import io.mockk.coEvery import io.mockk.mockk import kotlinx.coroutines.runBlocking -import no.nav.medlemskap.clients.sts.StsRestClient +import no.nav.medlemskap.clients.azuread.AzureAdClient import no.nav.medlemskap.common.cioHttpClient +import no.nav.medlemskap.config.Configuration import org.junit.jupiter.api.* import java.time.LocalDate import java.time.LocalDateTime class AaregClientTest { + private val config = Configuration() val username = "Stian" companion object { val server: WireMockServer = WireMockServer(WireMockConfiguration.options().dynamicPort()) @@ -44,8 +47,8 @@ class AaregClientTest { fun `tester response`() { val callId = "12345" - val stsClient: StsRestClient = mockk() - coEvery { stsClient.oidcToken() } returns "dummytoken" + val azureAdClient: AzureAdClient = mockk() + coEvery { azureAdClient.hentToken(config.register.aaregScope).token } returns "dummytoken" WireMock.stubFor( queryMapping.willReturn( @@ -56,7 +59,7 @@ class AaregClientTest { ) ) - val client = createAaRegClient(stsClient) + val client = createAaRegClient(azureAdClient) val response = runBlocking { client.hentArbeidsforhold("26104635775", callId, LocalDate.of(2010, 1, 1), LocalDate.of(2016, 1, 1)) } @@ -89,8 +92,8 @@ class AaregClientTest { @Test fun `tester ServerResponseException`() { val callId = "12345" - val stsClient: StsRestClient = mockk() - coEvery { stsClient.oidcToken() } returns "dummytoken" + val azureAdClient: AzureAdClient = mockk() + coEvery { azureAdClient.hentToken(config.register.aaregScope).token } returns "dummytoken" WireMock.stubFor( queryMapping.willReturn( @@ -100,7 +103,7 @@ class AaregClientTest { ) ) - val client = AaRegClient(server.baseUrl(), username, stsClient, cioHttpClient, "123") + val client = AaRegClient(server.baseUrl(), azureAdClient, cioHttpClient, config, "123") Assertions.assertThrows(ServerResponseException::class.java) { runBlocking { client.hentArbeidsforhold("26104635775", callId, LocalDate.of(2010, 1, 1), LocalDate.of(2016, 1, 1)) } @@ -110,8 +113,8 @@ class AaregClientTest { @Test fun `tester ClientRequestException`() { val callId = "12345" - val stsClient: StsRestClient = mockk() - coEvery { stsClient.oidcToken() } returns "dummytoken" + val azureAdClient: AzureAdClient = mockk() + coEvery { azureAdClient.hentToken(config.register.aaregScope).token } returns "dummytoken" WireMock.stubFor( queryMapping.willReturn( @@ -122,7 +125,7 @@ class AaregClientTest { ) ) - val client = createAaRegClient(stsClient) + val client = createAaRegClient(azureAdClient) Assertions.assertThrows(ClientRequestException::class.java) { runBlocking { client.hentArbeidsforhold("26104635775", callId, LocalDate.of(2010, 1, 1), LocalDate.of(2016, 1, 1)) } @@ -132,8 +135,8 @@ class AaregClientTest { @Test fun `404 gir tom liste`() { val callId = "12345" - val stsClient: StsRestClient = mockk() - coEvery { stsClient.oidcToken() } returns "dummytoken" + val azureAdClient: AzureAdClient = mockk() + coEvery { azureAdClient.hentToken(config.register.aaregScope).token } returns "dummytoken" WireMock.stubFor( queryMapping.willReturn( @@ -144,17 +147,17 @@ class AaregClientTest { ) ) - val client = createAaRegClient(stsClient) + val client = createAaRegClient(azureAdClient) val response = runBlocking { client.hentArbeidsforhold("26104635775", callId, LocalDate.of(2010, 1, 1), LocalDate.of(2016, 1, 1)) } Assertions.assertEquals(0, response.size) } - private fun createAaRegClient(stsClient: StsRestClient): AaRegClient { + private fun createAaRegClient(azureAdClient: AzureAdClient): AaRegClient { return AaRegClient( baseUrl = server.baseUrl(), - username = username, - stsClient = stsClient, + azureAdClient = azureAdClient, + configuration = config, httpClient = cioHttpClient, aaRegApiKey = "123" )