navikt · sebassonav · Dec 4, 2024 · Nov 29, 2024
@@ -119,33 +119,18 @@ spec:
         - application: arbeid-og-inntekt
           namespace: team-inntekt
           cluster: dev-fss
-          permissions:
-            roles:
-              - les-oms-sak-for-person
         - application: arbeid-og-inntekt-q1
           namespace: team-inntekt
           cluster: dev-fss
-          permissions:
-            roles:
-              - les-oms-sak-for-person
         - application: arbeid-og-inntekt-q2
           namespace: team-inntekt
           cluster: dev-fss
-          permissions:
-            roles:
-              - les-oms-sak-for-person
         - application: arbeid-og-inntekt-q4
           namespace: team-inntekt
           cluster: dev-fss
-          permissions:
-            roles:
-              - les-oms-sak-for-person
         - application: arbeid-og-inntekt-ascension
           namespace: team-inntekt
           cluster: dev-fss
-          permissions:
-            roles:
-              - les-oms-sak-for-person
         - application: pensjon-pen-q0
           namespace: pensjon-q0
           cluster: dev-fss

@@ -117,9 +117,6 @@ spec:
         - application: arbeid-og-inntekt
           namespace: team-inntekt
           cluster: prod-fss
-          permissions:
-            roles:
-              - les-oms-sak-for-person
         - application: pensjon-pen
           namespace: pensjondeployer
           cluster: prod-fss

@@ -16,23 +16,19 @@ import no.nav.etterlatte.libs.ktor.route.SAKID_CALL_PARAMETER
 import no.nav.etterlatte.libs.ktor.route.sakId
 import no.nav.etterlatte.libs.ktor.token.Issuer
 
-private fun generateRoles(config: Config): Set<String> {
-    val defaultRoles =
-        setOf(
-            config.getString("roller.pensjon-saksbehandler"),
-            config.getString("roller.gjenny-saksbehandler"),
-        )
-    // TODO: les-oms-sak-for-person kan fjernes siden de kaller oss med OBO......
-    return defaultRoles + "les-oms-sak-for-person"
-}
+private fun generateGjennyRoller(config: Config): Set<String> =
+    setOf(
+        config.getString("roller.pensjon-saksbehandler"),
+        config.getString("roller.gjenny-saksbehandler"),
+    )
 
 fun Route.behandlingSakRoutes(
     behandlingService: BehandlingService,
     config: Config,
 ) {
     route("api/oms") {
         install(AuthorizationPlugin) {
-            accessPolicyRolesEllerAdGrupper = generateRoles(config)
+            accessPolicyRolesEllerAdGrupper = generateGjennyRoller(config)
             issuers = setOf(Issuer.AZURE.issuerName)
         }
 

@@ -108,30 +108,6 @@ class BehandlingSakRoutesTest {
         }
     }
 
-    @Test
-    fun `skal gi 500 når body mangler rolle les-oms-sak-for-person(kun dev)`() {
-        val conff = configMedRoller(mockOAuth2Server.config.httpServer.port(), Issuer.AZURE.issuerName)
-        testApplication {
-            runServerWithConfig(applicationConfig = conff) {
-                behandlingSakRoutes(
-                    behandlingService = behandlingService,
-                    config = conff,
-                )
-            }
-
-            val response =
-                client.post("api/oms/person/sak") {
-                    contentType(ContentType.Application.Json)
-                    header(
-                        HttpHeaders.Authorization,
-                        "Bearer ${mockOAuth2Server.issueSaksbehandlerToken(groups = listOf("les-oms-sak-for-person"))}",
-                    )
-                }
-            response.status shouldBe HttpStatusCode.InternalServerError
-            coVerify(exactly = 0) { behandlingService.hentSakforPerson(any()) }
-        }
-    }
-
     @Test
     fun `skal gi 500 når body mangler pensjonSaksbehandler`() {
         val pensjonSaksbehandler = UUID.randomUUID().toString()