Skip to content

Commit

Permalink
Feature/altinn 3 tilgang (#3667)
Browse files Browse the repository at this point in the history
 Add Altinn3 Tilgang Service
  • Loading branch information
krharum authored Dec 12, 2024
1 parent cc262c9 commit 14ed0bd
Show file tree
Hide file tree
Showing 76 changed files with 2,400 additions and 37 deletions.
24 changes: 24 additions & 0 deletions .github/workflows/app.altinn3-tilgang-service-prod.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: altinn3-tilgang-service-prod

on:
push:
paths:
- "plugins/**"
- "libs/reactive-core/**"
- "libs/reactive-security/**"
- "apps/altinn3-tilgang-service/**"
- ".github/workflows/app.altinn3-tilgang-service.yml"

jobs:
workflow:
uses: ./.github/workflows/common.workflow.backend.yml
with:
working-directory: "apps/altinn3-tilgang-service"
deploy-tag: "#deploy-altinn3-tilgang-service-prod"
nais-manifest: "config.prod.yml"
cluster: "prod-gcp"
permissions:
contents: read
id-token: write
secrets: inherit

23 changes: 23 additions & 0 deletions .github/workflows/app.altinn3-tilgang-service.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: altinn3-tilgang-service

on:
push:
paths:
- "plugins/**"
- "libs/reactive-core/**"
- "libs/reactive-security/**"
- "apps/altinn3-tilgang-service/**"
- ".github/workflows/app.altinn3-tilgang-service.yml"

jobs:
workflow:
uses: ./.github/workflows/common.workflow.backend.yml
with:
working-directory: "apps/altinn3-tilgang-service"
deploy-tag: "#deploy-altinn3-tilgang-service"
nais-manifest: "config.dev.yml"
permissions:
contents: read
id-token: write
secrets: inherit

6 changes: 6 additions & 0 deletions apps/altinn3-tilgang-service/99-dolly-convert-to-pk8.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/usr/bin/env sh

#
# Converts NAIS provided key.pem to PKCS#8 PEM format, which can be used by R2dbc.
#
openssl pkey -in /var/run/secrets/nais.io/sqlcertificate/key.pem -out /tmp/pk8.pem
9 changes: 9 additions & 0 deletions apps/altinn3-tilgang-service/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
FROM ghcr.io/navikt/baseimages/temurin:21
LABEL maintainer="Team Dolly"

ENV JAVA_OPTS="--add-opens java.base/java.lang=ALL-UNNAMED"

COPY 99-dolly-convert-to-pk8.sh /init-scripts/
COPY /build/libs/app.jar /app/

EXPOSE 8080
17 changes: 17 additions & 0 deletions apps/altinn3-tilgang-service/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
## altinn3-tilgang-service

Service som godkjenner tilganger for en spesifisert organisasjoner mot Dolly ved bruk av bankid.

## Swagger

Swagger finnes under [/swagger-ui.html](https://testnav-altinn3-tilgang-service.intern.dev.nav.no/swagger-ui.html)
-endepunktet til applikasjonen.

## Lokal kjøring

Ha naisdevice kjørende og kjør Altinn3TilgangServiceApplicationStarter med følgende argumenter:

```
-Dspring.profiles.active=local
-Dspring.cloud.vault.token=[vault-token]
```
38 changes: 38 additions & 0 deletions apps/altinn3-tilgang-service/build.gradle
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
plugins {
id "dolly-apps"
}

sonarqube {
properties {
property "sonar.projectKey", "testnav-altinn3-tilgang-service"
property "sonar.projectName", "testnav-altinn3-tilgang-service"
}
}

dependencies {
implementation "com.google.cloud:spring-cloud-gcp-starter-secretmanager:$versions.gcpSecretManager"

implementation "no.nav.testnav.libs:reactive-core"
implementation "no.nav.testnav.libs:reactive-security"
implementation "no.nav.testnav.libs:vault"

implementation "org.springframework.boot:spring-boot-starter-data-r2dbc"
implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server"
implementation "org.springframework.boot:spring-boot-starter-security"

implementation "org.flywaydb:flyway-core"
implementation "org.flywaydb:flyway-database-postgresql"

runtimeOnly "org.postgresql:postgresql"
runtimeOnly "org.postgresql:r2dbc-postgresql"

implementation "ma.glasnost.orika:orika-core:$versions.orika"

implementation "io.micrometer:micrometer-registry-prometheus"
implementation "org.springdoc:springdoc-openapi-starter-webflux-ui:$versions.springdoc"
implementation "io.swagger.core.v3:swagger-annotations-jakarta:$versions.swagger"

implementation "io.r2dbc:r2dbc-h2"
testRuntimeOnly "com.h2database:h2"
}

80 changes: 80 additions & 0 deletions apps/altinn3-tilgang-service/config.dev.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
apiVersion: "nais.io/v1alpha1"
kind: "Application"
metadata:
name: testnav-altinn3-tilgang-service
namespace: dolly
labels:
team: dolly
spec:
tokenx:
enabled: true
image: "{{image}}"
port: 8080
azure:
application:
enabled: true
tenant: nav.no
claims:
groups:
- id: 9c7efec1-1599-4216-a67e-6fd53a6a951c
maskinporten:
enabled: true
scopes:
consumes:
- name: altinn:resourceregistry/accesslist.read
- name: altinn:resourceregistry/accesslist.write
accessPolicy:
inbound:
rules:
- application: dolly-frontend
- application: dolly-frontend-dev
- application: dolly-frontend-dev-unstable
- application: dolly-idporten
- application: team-dolly-lokal-app
- application: testnav-oversikt-frontend
outbound:
external:
- host: platform.tt02.altinn.no
- host: data.brreg.no
liveness:
path: /internal/isAlive
initialDelay: 10
periodSeconds: 5
failureThreshold: 500
observability:
logging:
destinations:
- id: elastic
autoInstrumentation:
enabled: true
runtime: java
readiness:
path: /internal/isReady
initialDelay: 10
periodSeconds: 5
failureThreshold: 500
prometheus:
enabled: true
path: /internal/metrics
replicas:
min: 1
max: 1
resources:
requests:
cpu: 200m
memory: 1024Mi
limits:
memory: 2048Mi
env:
- name: SPRING_PROFILES_ACTIVE
value: dev
ingresses:
- "https://testnav-altinn3-tilgang-service.intern.dev.nav.no"
gcp:
sqlInstances:
- type: POSTGRES_16
tier: db-custom-1-3840
name: testnav-altinn3-tilgang
databases:
- name: testnav-altinn3-tilgang
autoBackupHour: 2
86 changes: 86 additions & 0 deletions apps/altinn3-tilgang-service/config.prod.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
apiVersion: "nais.io/v1alpha1"
kind: "Application"
metadata:
name: testnav-altinn3-tilgang-service-prod
namespace: dolly
labels:
team: dolly
spec:
tokenx:
enabled: true
image: "{{image}}"
port: 8080
azure:
application:
enabled: true
tenant: nav.no
claims:
groups:
- id: 9c7efec1-1599-4216-a67e-6fd53a6a951c
maskinporten:
enabled: true
scopes:
consumes:
- name: altinn:resourceregistry/accesslist.read
- name: altinn:resourceregistry/accesslist.write
accessPolicy:
inbound:
rules:
- application: dolly-frontend
cluster: dev-gcp
- application: dolly-frontend-dev
cluster: dev-gcp
- application: dolly-frontend-dev-unstable
cluster: dev-gcp
- application: dolly-idporten
cluster: dev-gcp
- application: team-dolly-lokal-app
cluster: dev-gcp
- application: testnav-oversikt-frontend
cluster: dev-gcp
outbound:
external:
- host: platform.altinn.no
- host: data.brreg.no
liveness:
path: /internal/isAlive
initialDelay: 10
periodSeconds: 5
failureThreshold: 500
observability:
logging:
destinations:
- id: elastic
autoInstrumentation:
enabled: true
runtime: java
readiness:
path: /internal/isReady
initialDelay: 10
periodSeconds: 5
failureThreshold: 500
prometheus:
enabled: true
path: /internal/metrics
replicas:
min: 1
max: 1
resources:
requests:
cpu: 200m
memory: 1024Mi
limits:
memory: 2048Mi
env:
- name: SPRING_PROFILES_ACTIVE
value: prod
ingresses:
- "https://testnav-altinn3-tilgang-service.nav.no"
gcp:
sqlInstances:
- type: POSTGRES_16
tier: db-custom-1-3840
name: testnav-altinn3-tilgang
databases:
- name: testnav-altinn3-tilgang
autoBackupHour: 2
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
Loading

0 comments on commit 14ed0bd

Please sign in to comment.