Skip to content

Commit

Permalink
Kun tilgang med OBO for a-inntet (#6502)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sebassonav
sebassonav authored Dec 4, 2024
1 parent ae4917b commit 247ad75
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 52 deletions.
15 changes: 0 additions & 15 deletions apps/etterlatte-api/.nais/dev-api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,33 +119,18 @@ spec:
- application: arbeid-og-inntekt
namespace: team-inntekt
cluster: dev-fss
permissions:
roles:
- les-oms-sak-for-person
- application: arbeid-og-inntekt-q1
namespace: team-inntekt
cluster: dev-fss
permissions:
roles:
- les-oms-sak-for-person
- application: arbeid-og-inntekt-q2
namespace: team-inntekt
cluster: dev-fss
permissions:
roles:
- les-oms-sak-for-person
- application: arbeid-og-inntekt-q4
namespace: team-inntekt
cluster: dev-fss
permissions:
roles:
- les-oms-sak-for-person
- application: arbeid-og-inntekt-ascension
namespace: team-inntekt
cluster: dev-fss
permissions:
roles:
- les-oms-sak-for-person
- application: pensjon-pen-q0
namespace: pensjon-q0
cluster: dev-fss
Expand Down
3 changes: 0 additions & 3 deletions apps/etterlatte-api/.nais/prod-api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,9 +117,6 @@ spec:
- application: arbeid-og-inntekt
namespace: team-inntekt
cluster: prod-fss
permissions:
roles:
- les-oms-sak-for-person
- application: pensjon-pen
namespace: pensjondeployer
cluster: prod-fss
Expand Down
16 changes: 6 additions & 10 deletions apps/etterlatte-api/src/main/kotlin/no/nav/etterlatte/behandling/sak/BehandlingSakRoutes.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,23 +16,19 @@ import no.nav.etterlatte.libs.ktor.route.SAKID_CALL_PARAMETER
import no.nav.etterlatte.libs.ktor.route.sakId
import no.nav.etterlatte.libs.ktor.token.Issuer

private fun generateRoles(config: Config): Set<String> {
val defaultRoles =
setOf(
config.getString("roller.pensjon-saksbehandler"),
config.getString("roller.gjenny-saksbehandler"),
)
// TODO: les-oms-sak-for-person kan fjernes siden de kaller oss med OBO......
return defaultRoles + "les-oms-sak-for-person"
}
private fun generateGjennyRoller(config: Config): Set<String> =
setOf(
config.getString("roller.pensjon-saksbehandler"),
config.getString("roller.gjenny-saksbehandler"),
)

fun Route.behandlingSakRoutes(
behandlingService: BehandlingService,
config: Config,
) {
route("api/oms") {
install(AuthorizationPlugin) {
accessPolicyRolesEllerAdGrupper = generateRoles(config)
accessPolicyRolesEllerAdGrupper = generateGjennyRoller(config)
issuers = setOf(Issuer.AZURE.issuerName)
}

Expand Down
24 changes: 0 additions & 24 deletions ...tterlatte-api/src/test/kotlin/no/nav/etterlatte/behandling/sak/BehandlingSakRoutesTest.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,30 +108,6 @@ class BehandlingSakRoutesTest {
}
}

@Test
fun `skal gi 500 når body mangler rolle les-oms-sak-for-person(kun dev)`() {
val conff = configMedRoller(mockOAuth2Server.config.httpServer.port(), Issuer.AZURE.issuerName)
testApplication {
runServerWithConfig(applicationConfig = conff) {
behandlingSakRoutes(
behandlingService = behandlingService,
config = conff,
)
}

val response =
client.post("api/oms/person/sak") {
contentType(ContentType.Application.Json)
header(
HttpHeaders.Authorization,
"Bearer ${mockOAuth2Server.issueSaksbehandlerToken(groups = listOf("les-oms-sak-for-person"))}",
)
}
response.status shouldBe HttpStatusCode.InternalServerError
coVerify(exactly = 0) { behandlingService.hentSakforPerson(any()) }
}
}

@Test
fun `skal gi 500 når body mangler pensjonSaksbehandler`() {
val pensjonSaksbehandler = UUID.randomUUID().toString()
Expand Down

0 comments on commit 247ad75

Please sign in to comment.