diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 16c25d9ff37..9351999c60b 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -3,7 +3,6 @@ on: push: paths: - 'apps/bruker-service/**' - - 'apps/person-organisasjon-tilgang-service/**' workflow_dispatch: jobs: @@ -14,11 +13,4 @@ jobs: working-directory: 'apps/bruker-service/' healthcheck: 'http://localhost:8002/internal/isAlive' secrets: - NAV_TOKEN: ${{ secrets.NAV_TOKEN }} - person-organisasjon-tilgang-service: - if: github.event.pull_request.draft == false - uses: ./.github/workflows/common.integration-test.yml - with: - working-directory: 'apps/person-organisasjon-tilgang-service/' - healthcheck: 'http://localhost:8001/internal/isAlive' - secrets: inherit \ No newline at end of file + NAV_TOKEN: ${{ secrets.NAV_TOKEN }} \ No newline at end of file diff --git a/apps/adresse-service/src/main/resources/application.yml b/apps/adresse-service/src/main/resources/application.yml index 5b96088b72e..5b3bf750fca 100644 --- a/apps/adresse-service/src/main/resources/application.yml +++ b/apps/adresse-service/src/main/resources/application.yml @@ -34,12 +34,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/altinn3-tilgang-service/README.md b/apps/altinn3-tilgang-service/README.md index ad8b6f4dd72..baad90dca7e 100644 --- a/apps/altinn3-tilgang-service/README.md +++ b/apps/altinn3-tilgang-service/README.md @@ -10,3 +10,4 @@ Swagger finnes under [/swagger-ui.html](https://testnav-altinn3-tilgang-service. ## Lokal kjøring * [Generelt.](../../docs/local_general.md) * [Secret Manager.](../../docs/local_secretmanager.md) +* [Database i GCP.](../../docs/gcp_db.md) diff --git a/apps/altinn3-tilgang-service/build.gradle b/apps/altinn3-tilgang-service/build.gradle index 1ea7ae40843..cf1162f4ca0 100644 --- a/apps/altinn3-tilgang-service/build.gradle +++ b/apps/altinn3-tilgang-service/build.gradle @@ -10,6 +10,7 @@ sonarqube { } dependencies { + implementation "no.nav.testnav.libs:data-transfer-objects" implementation "no.nav.testnav.libs:reactive-core" implementation "no.nav.testnav.libs:reactive-security" diff --git a/apps/altinn3-tilgang-service/config.dev.yml b/apps/altinn3-tilgang-service/config.dev.yml index b9d45fba561..2c820f19977 100644 --- a/apps/altinn3-tilgang-service/config.dev.yml +++ b/apps/altinn3-tilgang-service/config.dev.yml @@ -23,15 +23,15 @@ spec: consumes: - name: altinn:resourceregistry/accesslist.read - name: altinn:resourceregistry/accesslist.write + - name: altinn:accessmanagement/authorizedparties.resourceowner accessPolicy: inbound: rules: - - application: dolly-frontend - application: dolly-frontend-dev - application: dolly-frontend-dev-unstable - - application: dolly-idporten - application: team-dolly-lokal-app - application: testnav-oversikt-frontend + - application: testnav-bruker-service-dev outbound: external: - host: platform.tt02.altinn.no diff --git a/apps/altinn3-tilgang-service/config.prod.yml b/apps/altinn3-tilgang-service/config.prod.yml index f24efb9735e..ed0e4aff1d6 100644 --- a/apps/altinn3-tilgang-service/config.prod.yml +++ b/apps/altinn3-tilgang-service/config.prod.yml @@ -23,15 +23,12 @@ spec: consumes: - name: altinn:resourceregistry/accesslist.read - name: altinn:resourceregistry/accesslist.write + - name: altinn:accessmanagement/authorizedparties.resourceowner accessPolicy: inbound: rules: - application: dolly-frontend cluster: dev-gcp - - application: dolly-frontend-dev - cluster: dev-gcp - - application: dolly-frontend-dev-unstable - cluster: dev-gcp - application: dolly-idporten cluster: dev-gcp - application: team-dolly-lokal-app diff --git a/apps/altinn3-tilgang-service/docker-compose.yml b/apps/altinn3-tilgang-service/docker-compose.yml new file mode 100644 index 00000000000..b0eb57bd211 --- /dev/null +++ b/apps/altinn3-tilgang-service/docker-compose.yml @@ -0,0 +1,18 @@ +services: + + cloud_sql_proxy: + image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.2 + network_mode: host + command: + - "dolly-dev-ff83:europe-north1:testnav-altinn3-tilgang-local" + - "--credentials-file=/application_default_credentials.json" + - "--run-connection-test" + volumes: + - type: bind + # Set a variable $DOLLY_APPLICATION_CREDENTIALS. We don't use + # GOOGLE_APPLICATION_CREDENTIALS, as this causes an extra step during login. + # + # - $HOME/.config/gcloud/application_default_credentials.json for Linux/macOS. + # - $APPDATA/gcloud/application_default_credentials.json for Windows. + source: $DOLLY_APPLICATION_CREDENTIALS + target: /application_default_credentials.json \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/settings.gradle b/apps/altinn3-tilgang-service/settings.gradle index e7a413ca6d0..d7e1b8e69d7 100644 --- a/apps/altinn3-tilgang-service/settings.gradle +++ b/apps/altinn3-tilgang-service/settings.gradle @@ -6,9 +6,9 @@ rootProject.name = 'altinn3-tilgang-service' includeBuild "../../plugins/java" +includeBuild '../../libs/data-transfer-objects' includeBuild '../../libs/reactive-core' includeBuild '../../libs/reactive-security' -includeBuild '../../libs/vault' develocity { buildScan { diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/Altinn3TilgangServiceApplicationStarter.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/Altinn3TilgangServiceApplicationStarter.java index 15e9ab89905..1f674d70b88 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/Altinn3TilgangServiceApplicationStarter.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/Altinn3TilgangServiceApplicationStarter.java @@ -22,4 +22,4 @@ public class Altinn3TilgangServiceApplicationStarter { public static void main(String[] args) { SpringApplication.run(Altinn3TilgangServiceApplicationStarter.class, args); } -} \ No newline at end of file +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java index ae8f52b3b39..4a6f5de6b53 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java @@ -10,8 +10,11 @@ import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.CreateAccessListeMemberCommand; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.DeleteAccessListMemberCommand; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.GetAccessListMembersCommand; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.GetAuthorizedPartiesCommand; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.GetExchangeTokenCommand; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAccessListResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAuthorizedPartiesRequestDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AuthorizedPartyDTO; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.BrregResponseDTO; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonCreateDTO; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonDeleteDTO; @@ -25,6 +28,7 @@ import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; +import java.util.Arrays; import java.util.List; import java.util.Map; @@ -76,7 +80,7 @@ public Flux delete(String organisasjonsnummer) { return Flux.from(getAccessListMembers() .flatMapMany(value -> Flux.fromIterable(value.getData())) - .map(AltinnResponseDTO.AccessListMembershipDTO::getIdentifiers) + .map(AltinnAccessListResponseDTO.AccessListMembershipDTO::getIdentifiers) .collectList() .map(data -> getIdentifier(data, organisasjonsnummer)) .map(identifier -> @@ -96,9 +100,9 @@ public Flux delete(String organisasjonsnummer) { .flatMap(Flux::from); } - public Flux create(String organisasjonsnummer) { + public Mono create(String organisasjonsnummer) { - return maskinportenConsumer.getAccessToken() + return Mono.from(maskinportenConsumer.getAccessToken() .flatMap(this::exchangeToken) .flatMap(exchangeToken -> new CreateAccessListeMemberCommand( webClient, @@ -106,17 +110,17 @@ public Flux create(String organisasjonsnummer) { new OrganisasjonCreateDTO(organisasjonsnummer), altinnConfig).call()) .flatMapMany(response -> - isBlank(response.getFeilmelding()) ? - Flux.fromIterable(response.getData()) - .map(this::getOrgnummer) - .filter(organisasjonsnummer::equals) - .flatMap(brregConsumer::getEnheter) : - Mono.just(BrregResponseDTO.builder() - .organisasjonsnummer(organisasjonsnummer) - .feilmelding(response.getFeilmelding()) - .status(response.getStatus()) - .build())) - .map(response -> mapperFacade.map(response, Organisasjon.class)); + isBlank(response.getFeilmelding()) ? + Flux.fromIterable(response.getData()) + .map(this::getOrgnummer) + .filter(organisasjonsnummer::equals) + .flatMap(brregConsumer::getEnhet) : + Mono.just(BrregResponseDTO.builder() + .organisasjonsnummer(organisasjonsnummer) + .feilmelding(response.getFeilmelding()) + .status(response.getStatus()) + .build())) + .map(response -> mapperFacade.map(response, Organisasjon.class))); } public Flux getOrganisasjoner() { @@ -125,7 +129,18 @@ public Flux getOrganisasjoner() { .flatMapMany(this::convertToOrganisasjon); } - private Mono getAccessListMembers() { + public Flux getAuthorizedParties(String ident) { + + return maskinportenConsumer.getAccessToken() + .flatMap(this::exchangeToken) + .flatMap(exchangeToken -> new GetAuthorizedPartiesCommand(webClient, + new AltinnAuthorizedPartiesRequestDTO(ident), + exchangeToken).call()) + .map(Arrays::asList) + .flatMapIterable(list -> list); + } + + private Mono getAccessListMembers() { return maskinportenConsumer.getAccessToken() .flatMap(this::exchangeToken) @@ -135,11 +150,11 @@ private Mono getAccessListMembers() { altinnConfig).call()); } - private Flux convertToOrganisasjon(AltinnResponseDTO altInnResponse) { + private Flux convertToOrganisasjon(AltinnAccessListResponseDTO altInnResponse) { return Flux.fromIterable(altInnResponse.getData()) .map(this::getOrgnummer) - .flatMap(brregConsumer::getEnheter) + .flatMap(brregConsumer::getEnhet) .map(response -> mapperFacade.map(response, Organisasjon.class)); } @@ -155,7 +170,7 @@ private OrganisasjonDeleteDTO getIdentifier(List data, String organisa } @SneakyThrows - private String getOrgnummer(AltinnResponseDTO.AccessListMembershipDTO data) { + private String getOrgnummer(AltinnAccessListResponseDTO.AccessListMembershipDTO data) { return data.getIdentifiers() .get(ORGANISASJON_ID) diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java index 997a7b65a70..d665fd9723d 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java @@ -3,7 +3,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.altinn3tilgangservice.config.AltinnConfig; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAccessListResponseDTO; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonCreateDTO; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; @@ -16,7 +16,7 @@ @Slf4j @RequiredArgsConstructor -public class CreateAccessListeMemberCommand implements Callable> { +public class CreateAccessListeMemberCommand implements Callable> { private static final String ALTINN_URL = "/resourceregistry/api/v1/access-lists/{owner}/{identifier}/members"; @@ -27,7 +27,7 @@ public class CreateAccessListeMemberCommand implements Callable call() { + public Mono call() { return webClient .post() @@ -37,14 +37,14 @@ public Mono call() { .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .retrieve() - .bodyToMono(AltinnResponseDTO.class) + .bodyToMono(AltinnAccessListResponseDTO.class) .doOnError(WebClientFilter::logErrorMessage) .doOnSuccess(value -> log.info("Altinn organisasjontilgang opprettet for {}", organisasjon.getData().stream() .map(data -> data.split(":")) .map(data -> data[data.length-1]) .collect(Collectors.joining()))) - .onErrorResume(throwable -> Mono.just(AltinnResponseDTO.builder() + .onErrorResume(throwable -> Mono.just(AltinnAccessListResponseDTO.builder() .status(WebClientFilter.getStatus(throwable)) .feilmelding(WebClientFilter.getMessage(throwable)) .build())); diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java index ddaac4a82da..e685b681507 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java @@ -3,7 +3,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.altinn3tilgangservice.config.AltinnConfig; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAccessListResponseDTO; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonDeleteDTO; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; @@ -19,7 +19,7 @@ @Slf4j @RequiredArgsConstructor -public class DeleteAccessListMemberCommand implements Callable> { +public class DeleteAccessListMemberCommand implements Callable> { private static final String ALTINN_URL = "/resourceregistry/api/v1/access-lists/{owner}/{identifier}/members"; @@ -30,7 +30,7 @@ public class DeleteAccessListMemberCommand implements Callable call() { + public Mono call() { return webClient .method(HttpMethod.DELETE) @@ -41,7 +41,7 @@ public Mono call() { .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .bodyValue(identifiers) .retrieve() - .bodyToMono(AltinnResponseDTO.class) + .bodyToMono(AltinnAccessListResponseDTO.class) .doOnSuccess(value -> log.info("Altinn organisasjontilgang slettet for {}", identifiers.getData().stream() .filter(data -> data.contains(ORGANISASJON_ID)) diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java index 1c615118bf7..19f63d2f8db 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java @@ -3,7 +3,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.altinn3tilgangservice.config.AltinnConfig; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAccessListResponseDTO; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; @@ -14,7 +14,7 @@ @Slf4j @RequiredArgsConstructor -public class GetAccessListMembersCommand implements Callable> { +public class GetAccessListMembersCommand implements Callable> { private static final String ALTINN_URL = "/resourceregistry/api/v1/access-lists/{owner}/{identifier}/members"; @@ -23,7 +23,7 @@ public class GetAccessListMembersCommand implements Callable call() { + public Mono call() { return webClient .get() @@ -32,7 +32,7 @@ public Mono call() { .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .retrieve() - .bodyToMono(AltinnResponseDTO.class) + .bodyToMono(AltinnAccessListResponseDTO.class) .doOnError(WebClientFilter::logErrorMessage) .doOnSuccess(value -> log.info("Altinn-tilgang hentet")); } diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAuthorizedPartiesCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAuthorizedPartiesCommand.java new file mode 100644 index 00000000000..d58693bacb2 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAuthorizedPartiesCommand.java @@ -0,0 +1,40 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.command; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAuthorizedPartiesRequestDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AuthorizedPartyDTO; +import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; + +import java.util.concurrent.Callable; + +@Slf4j +@RequiredArgsConstructor +public class GetAuthorizedPartiesCommand implements Callable> { + + private static final String ALTINN_URL = "/accessmanagement/api/v1/resourceowner/authorizedparties"; + + private final WebClient webClient; + private final AltinnAuthorizedPartiesRequestDTO request; + private final String token; + + @Override + public Mono call() { + + log.info("Spørring på bruker {}", request); + return webClient + .post() + .uri(builder -> builder.path(ALTINN_URL) + .build()) + .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) + .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) + .bodyValue(request) + .retrieve() + .bodyToMono(AuthorizedPartyDTO[].class) + .doOnError(WebClientFilter::logErrorMessage); + } +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnResponseDTO.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAccessListResponseDTO.java similarity index 95% rename from apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnResponseDTO.java rename to apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAccessListResponseDTO.java index 720fec9136f..6521fa55049 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnResponseDTO.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAccessListResponseDTO.java @@ -17,7 +17,7 @@ @Builder @NoArgsConstructor @AllArgsConstructor -public class AltinnResponseDTO { +public class AltinnAccessListResponseDTO { private List data; private String feilmelding; diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAuthorizedPartiesRequestDTO.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAuthorizedPartiesRequestDTO.java new file mode 100644 index 00000000000..7e2eecded37 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAuthorizedPartiesRequestDTO.java @@ -0,0 +1,18 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto; + +import lombok.Data; + +@Data +public class AltinnAuthorizedPartiesRequestDTO { + + private static final String IDENT_IDENTIFIKATOR = "urn:altinn:person:identifier-no"; + + private String type; + private String value; + + public AltinnAuthorizedPartiesRequestDTO(String ident) { + + this.type = IDENT_IDENTIFIKATOR; + this.value = ident; + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AuthorizedPartyDTO.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AuthorizedPartyDTO.java new file mode 100644 index 00000000000..0fe03486d57 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AuthorizedPartyDTO.java @@ -0,0 +1,42 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.ArrayList; +import java.util.List; + +import static java.util.Objects.isNull; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class AuthorizedPartyDTO { + + private String name; + private String organizationNumber; + private String unitType; + private Boolean isDeleted; + private List authorizedResources; + private List subunits; + + public List getAuthorizedResources() { + + if (isNull(authorizedResources)) { + authorizedResources = new ArrayList<>(); + } + return authorizedResources; + } + + public List getSubunits() { + + if (isNull(subunits)) { + subunits = new ArrayList<>(); + } + return subunits; + } +} + diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/BrregConsumer.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/BrregConsumer.java index 65c7c90466c..bb536729142 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/BrregConsumer.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/BrregConsumer.java @@ -19,7 +19,7 @@ public BrregConsumer(WebClient.Builder webClientBuilder) { .build(); } - public Mono getEnheter(String orgnummer) { + public Mono getEnhet(String orgnummer) { return new GetBrregEnheterCommand(webClient, orgnummer).call(); } diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/PersonRequest.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/PersonRequest.java new file mode 100644 index 00000000000..40f9ef759f0 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/PersonRequest.java @@ -0,0 +1,13 @@ +package no.nav.testnav.altinn3tilgangservice.domain; + +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@NoArgsConstructor +@AllArgsConstructor +public class PersonRequest { + + private String ident; +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnBrukerTilgangController.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnBrukerTilgangController.java new file mode 100644 index 00000000000..55893774beb --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnBrukerTilgangController.java @@ -0,0 +1,33 @@ +package no.nav.testnav.altinn3tilgangservice.provider; + +import lombok.RequiredArgsConstructor; +import no.nav.testnav.altinn3tilgangservice.domain.PersonRequest; +import no.nav.testnav.altinn3tilgangservice.service.AltinnBrukerTilgangService; +import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; +import no.nav.testnav.libs.dto.altinn3.v1.PersonDTO; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; +import reactor.core.publisher.Flux; +import reactor.core.publisher.Mono; + +@RestController +@RequestMapping("/api/v1/brukertilgang") +@RequiredArgsConstructor +public class AltinnBrukerTilgangController { + + private final AltinnBrukerTilgangService brukerTilgangService; + + @PostMapping + public Flux getPersonOrganisasjonTilgang(@RequestBody PersonRequest request) { + + return brukerTilgangService.getPersonOrganisasjonTilgang(request.getIdent()); + } + + @PostMapping("/detaljert") + public Mono getPersonOrganisasjonDetaljertTilgang(@RequestBody PersonRequest request) { + + return brukerTilgangService.getPersonOrganisasjonDetaljertTilgang(request.getIdent()); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnTilgangController.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnOrganisasjonTilgangController.java similarity index 84% rename from apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnTilgangController.java rename to apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnOrganisasjonTilgangController.java index 140f414c701..5c83bf67abd 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnTilgangController.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnOrganisasjonTilgangController.java @@ -4,7 +4,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.altinn3tilgangservice.domain.OrganisasjonResponse; -import no.nav.testnav.altinn3tilgangservice.service.AltinnTilgangService; +import no.nav.testnav.altinn3tilgangservice.service.AltinnOrganisasjonTilgangService; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -13,6 +13,7 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import reactor.core.publisher.Flux; +import reactor.core.publisher.Mono; import java.util.Comparator; @@ -20,9 +21,9 @@ @RestController @RequestMapping("/api/v1/organisasjoner") @RequiredArgsConstructor -public class AltinnTilgangController { +public class AltinnOrganisasjonTilgangController { - private final AltinnTilgangService altinnTilgangService; + private final AltinnOrganisasjonTilgangService altinnTilgangService; @GetMapping @Operation(description = "Henter alle organisasjoner med Altinn-tilgang") @@ -34,7 +35,7 @@ public Flux getAll() { @PostMapping("/{organisasjonsnummer}") @Operation(description = "Oppretter Altinn-tilgang for organisasjon") - public Flux create(@PathVariable String organisasjonsnummer, + public Mono create(@PathVariable String organisasjonsnummer, @RequestParam String miljoe) { return altinnTilgangService diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnBrukerTilgangService.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnBrukerTilgangService.java new file mode 100644 index 00000000000..ba468bb4273 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnBrukerTilgangService.java @@ -0,0 +1,108 @@ +package no.nav.testnav.altinn3tilgangservice.service; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.AltinnConsumer; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AuthorizedPartyDTO; +import no.nav.testnav.altinn3tilgangservice.domain.Organisasjon; +import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; +import no.nav.testnav.libs.dto.altinn3.v1.PersonDTO; +import org.springframework.stereotype.Service; +import reactor.core.publisher.Flux; +import reactor.core.publisher.Mono; +import reactor.util.function.Tuple2; + +import java.util.List; + +@Slf4j +@Service +@RequiredArgsConstructor +public class AltinnBrukerTilgangService { + + private static final String DOLLY_RESOURCE = "nav_dolly_tilgang-samarbeidspartnere"; + private final AltinnConsumer altinnConsumer; + + public Flux getPersonOrganisasjonTilgang(String ident) { + + return Flux.zip( + altinnConsumer.getAuthorizedParties(ident).collectList(), + altinnConsumer.getOrganisasjoner().collectList()) + .flatMap(this::getOrganisasjon); + } + + private Flux getOrganisasjon(Tuple2, List> organisasjoner) { + + return Flux.fromIterable(organisasjoner.getT1()) + .doOnNext(org -> log.info("Organisasjon {}", org)) + .filter(party -> party.getAuthorizedResources().contains(DOLLY_RESOURCE)) + .filter(party -> organisasjoner.getT2().stream() + .anyMatch(organisasjon -> organisasjon.getOrganisasjonsnummer().equals(party.getOrganizationNumber()))) + .map(part -> OrganisasjonDTO.builder() + .navn(part.getName()) + .organisasjonsnummer(part.getOrganizationNumber()) + .organisasjonsform(part.getUnitType()) + .build()); + } + + public Mono getPersonOrganisasjonDetaljertTilgang(String ident) { + + return Mono.zip( + altinnConsumer.getAuthorizedParties(ident).collectList(), + altinnConsumer.getOrganisasjoner().collectList()) + .flatMapMany(this::getTilpassetOrganisasjon) + .collectList() + .map(organisasjoner -> PersonDTO.builder() + .ident(ident) + .organisasjoner(organisasjoner) + .build()); + } + + private Flux getTilpassetOrganisasjon(Tuple2, List> organisasjoner) { + + return Flux.fromIterable(organisasjoner.getT1()) + .map(party -> PersonDTO.OrganisasjonDTO.builder() + .navn(party.getName()) + .organisasjonsnummer(party.getOrganizationNumber()) + .organisasjonsform(party.getUnitType()) + .hasAltinnDollyTilgang(hasAltinnDollyTilgang(party)) + .hasDollyOrganisasjonTilgang(hasDollyOrganisasjonTilgang(organisasjoner.getT2(), party)) + .melding(getMelding(party.getName(), party.getOrganizationNumber(), + hasAltinnDollyTilgang(party), hasDollyOrganisasjonTilgang(organisasjoner.getT2(), party))) + .build()); + } + + private static boolean hasAltinnDollyTilgang(AuthorizedPartyDTO authorizedParty) { + + return authorizedParty.getAuthorizedResources().contains(DOLLY_RESOURCE); + } + + private static boolean hasDollyOrganisasjonTilgang(List organisasjoner, AuthorizedPartyDTO party) { + + return organisasjoner.stream() + .anyMatch(organisasjon -> organisasjon.getOrganisasjonsnummer().equals(party.getOrganizationNumber())); + } + + private static String getMelding(String orgnavn, String orgnummer, boolean hasAltinnDollyTilgang, boolean hasDollyOrganisasjonTilgang) { + + return new StringBuilder() + .append(!hasAltinnDollyTilgang ? + "Du mangler tilgang i Altinn på følgende tjenste: " + + "\"Tilgang til NAVs Dolly for samarbeidspartnere\" " + + "for organisasjon %s (med orgnummer %s)%n".formatted(orgnavn, orgnummer) : "") + .append(!hasAltinnDollyTilgang && !hasDollyOrganisasjonTilgang ? + " og %n" : "") + .append(!hasDollyOrganisasjonTilgang ? + "Organisasjon %s (med orgnummer %s) " .formatted(orgnavn, orgnummer) + + "mangler tilgang på Dolly syntetiske testdata selvbetjening%n" : "") + .append(!hasAltinnDollyTilgang || !hasDollyOrganisasjonTilgang ? + "Hvis du har til hensikt å bruke Dolly til å generere testdata, gjør følgende:%n" : "") + .append(!hasAltinnDollyTilgang ? + "- Ta kontakt med Altinn-ansvarlig i %s (med orgnummer %s) ".formatted(orgnavn, orgnummer) + + "og spør om vedkommene kan gi deg tilgang til tjenesten: " + + "\"Tilgang til NAVs Dolly for samarbeidspartnere\"%n" : "") + .append(!hasDollyOrganisasjonTilgang ? + "- Ta kontakt med NAV ved Anders Marstrander epost: anders.marstrander@nav.no, og spør om " + + "organisasjon med orgnr %s kan gis tilgang til Dolly syntetiske testdata selvbetjening%n".formatted(orgnummer) : "") + .toString(); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnTilgangService.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnOrganisasjonTilgangService.java similarity index 97% rename from apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnTilgangService.java rename to apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnOrganisasjonTilgangService.java index d4151a28ecf..45b9067b46b 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnTilgangService.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnOrganisasjonTilgangService.java @@ -17,7 +17,7 @@ @Service @RequiredArgsConstructor -public class AltinnTilgangService { +public class AltinnOrganisasjonTilgangService { private static final String ORGANISASJON_TILGANG = "tilgang"; private final AltinnConsumer altinnConsumer; @@ -30,7 +30,7 @@ public Flux getAll() { .flatMap(this::convertResponse); } - public Flux create(String orgnummer, String miljoe) { + public Mono create(String orgnummer, String miljoe) { return altinnConsumer.create(orgnummer) .flatMap(altinnOrg -> { diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java index 81202173881..3774737e83f 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java @@ -4,7 +4,9 @@ import no.nav.testnav.altinn3tilgangservice.consumer.altinn.AltinnConsumer; import no.nav.testnav.altinn3tilgangservice.database.entity.OrganisasjonTilgang; import no.nav.testnav.altinn3tilgangservice.database.repository.OrganisasjonTilgangRepository; +import org.springframework.http.HttpStatus; import org.springframework.stereotype.Service; +import org.springframework.web.server.ResponseStatusException; import reactor.core.publisher.Mono; import static org.apache.commons.lang3.BooleanUtils.isTrue; @@ -47,17 +49,13 @@ public Mono updateMiljoe(String orgnummer, String miljoe) { organisasjon.setMiljoe(miljoe); return organisasjonTilgangRepository.save(organisasjon); }) : - organisasjonTilgangRepository.save(OrganisasjonTilgang.builder() - .organisasjonNummer(orgnummer) - .miljoe(miljoe) - .build())); + + throwError(orgnummer)); } private static Mono throwError(String orgnummer) { - return Mono.just(OrganisasjonTilgang.builder() - .organisasjonNummer(orgnummer) - .feilmelding("404 Not found: Organisasjonsnummer %s ble ikke funnet".formatted(orgnummer)) - .build()); + throw new ResponseStatusException(HttpStatus.NOT_FOUND, + "Organisasjonsnummer %s ble ikke funnet".formatted(orgnummer)); } } diff --git a/apps/altinn3-tilgang-service/src/main/resources/application-local.yml b/apps/altinn3-tilgang-service/src/main/resources/application-local.yml index 7916eb7f7fa..b53b18bab13 100644 --- a/apps/altinn3-tilgang-service/src/main/resources/application-local.yml +++ b/apps/altinn3-tilgang-service/src/main/resources/application-local.yml @@ -1,9 +1,9 @@ -ALTINN_URL: https://tt02.altinn.no +ALTINN_URL: https://platform.tt02.altinn.no AZURE_APP_CLIENT_ID: ${sm://azure-app-client-id} AZURE_APP_CLIENT_SECRET: ${sm://azure-app-client-secret} -MASKINPORTEN_CLIENT_ID: dummy +MASKINPORTEN_CLIENT_ID: ef2960de-7fa6-4396-80a5-2eca00e4af28 MASKINPORTEN_CLIENT_JWK: dummy -MASKINPORTEN_SCOPES: dummy +MASKINPORTEN_SCOPES: altinn:resourceregistry/accesslist.read altinn:resourceregistry/accesslist.write altinn:accessmanagement/authorizedparties.resourceowner MASKINPORTEN_WELL_KNOWN_URL: https://test.maskinporten.no/.well-known/oauth-authorization-server TOKEN_X_ISSUER: dummy diff --git a/apps/altinn3-tilgang-service/src/main/resources/application.yml b/apps/altinn3-tilgang-service/src/main/resources/application.yml index 70a799743f3..654d076c3a4 100644 --- a/apps/altinn3-tilgang-service/src/main/resources/application.yml +++ b/apps/altinn3-tilgang-service/src/main/resources/application.yml @@ -37,12 +37,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: @@ -52,4 +53,5 @@ server: encoding: charset: UTF-8 error: - include-message: always \ No newline at end of file + include-message: always + include-stacktrace: never \ No newline at end of file diff --git a/apps/amelding-service/src/main/resources/application.yml b/apps/amelding-service/src/main/resources/application.yml index e90182fd21e..404bec3cc25 100644 --- a/apps/amelding-service/src/main/resources/application.yml +++ b/apps/amelding-service/src/main/resources/application.yml @@ -30,12 +30,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/app-tilgang-analyse-service/src/main/resources/application.yml b/apps/app-tilgang-analyse-service/src/main/resources/application.yml index ebf58a884c3..829bfd78a09 100644 --- a/apps/app-tilgang-analyse-service/src/main/resources/application.yml +++ b/apps/app-tilgang-analyse-service/src/main/resources/application.yml @@ -32,12 +32,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/arbeidsforhold-service/src/main/resources/application.yml b/apps/arbeidsforhold-service/src/main/resources/application.yml index 9e816896986..f15c64ba7ef 100644 --- a/apps/arbeidsforhold-service/src/main/resources/application.yml +++ b/apps/arbeidsforhold-service/src/main/resources/application.yml @@ -33,12 +33,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/batch-bestilling-service/src/main/resources/application.yml b/apps/batch-bestilling-service/src/main/resources/application.yml index 5e056d09e77..0a85377386b 100644 --- a/apps/batch-bestilling-service/src/main/resources/application.yml +++ b/apps/batch-bestilling-service/src/main/resources/application.yml @@ -28,12 +28,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/brreg-stub/src/main/resources/application.yml b/apps/brreg-stub/src/main/resources/application.yml index de4ff173f11..0667df0b3ea 100644 --- a/apps/brreg-stub/src/main/resources/application.yml +++ b/apps/brreg-stub/src/main/resources/application.yml @@ -12,12 +12,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/bruker-service/config.test.yml b/apps/bruker-service/config.test.yml index 713f06a5a78..48e92b075b5 100644 --- a/apps/bruker-service/config.test.yml +++ b/apps/bruker-service/config.test.yml @@ -22,12 +22,11 @@ spec: rules: - application: dolly-frontend-dev - application: dolly-frontend-dev-unstable - - application: dolly-idporten - application: team-dolly-lokal-app - application: testnav-oversikt-frontend outbound: rules: - - application: testnav-person-organisasjon-tilgang-service-dev + - application: testnav-altinn3-tilgang-service liveness: path: /internal/isAlive initialDelay: 4 diff --git a/apps/bruker-service/config.yml b/apps/bruker-service/config.yml index 58cdf65a2d3..4274825e08f 100644 --- a/apps/bruker-service/config.yml +++ b/apps/bruker-service/config.yml @@ -21,14 +21,11 @@ spec: inbound: rules: - application: dolly-frontend - cluster: dev-gcp - application: dolly-idporten - cluster: dev-gcp - application: testnav-oversikt-frontend - cluster: dev-gcp outbound: rules: - - application: testnav-person-organisasjon-tilgang-service + - application: testnav-altinn3-tilgang-proxy liveness: path: /internal/isAlive initialDelay: 4 diff --git a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/config/Consumers.java b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/config/Consumers.java index 51662bd8e36..e3473bbb710 100644 --- a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/config/Consumers.java +++ b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/config/Consumers.java @@ -9,14 +9,6 @@ import static lombok.AccessLevel.PACKAGE; -/** - * Samler alle placeholders for ulike {@code consumers.*}-konfigurasjon her, dvs. subklasser av {@code ServerProperties}. - *

- * Husk at Spring Boot bruker relaxed binding - * mellom configuration properties og field names. - * - * @see ServerProperties - */ @Configuration @ConfigurationProperties(prefix = "consumers") @NoArgsConstructor(access = PACKAGE) @@ -24,6 +16,6 @@ @Setter(PACKAGE) public class Consumers { - private ServerProperties testnavPersonOrganisasjonTilgangService; + private ServerProperties testnavAltinn3TilgangService; } diff --git a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/config/OpenApiConfig.java b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/config/OpenApiConfig.java index cd656377c3d..66a6a6a178f 100644 --- a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/config/OpenApiConfig.java +++ b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/config/OpenApiConfig.java @@ -13,10 +13,14 @@ import java.util.Arrays; import no.nav.testnav.libs.reactivecore.config.ApplicationProperties; +import org.springframework.web.server.ServerWebExchange; +import org.springframework.web.server.WebFilter; +import org.springframework.web.server.WebFilterChain; +import reactor.core.publisher.Mono; @Configuration -public class OpenApiConfig { +public class OpenApiConfig implements WebFilter { @Bean public OpenAPI openApi(ApplicationProperties applicationProperties) { @@ -46,4 +50,17 @@ public OpenAPI openApi(ApplicationProperties applicationProperties) { ) ); } + + @Override + public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { + if (exchange.getRequest().getURI().getPath().equals("/swagger")) { + return chain + .filter(exchange.mutate() + .request(exchange.getRequest() + .mutate().path("/swagger-ui.html").build()) + .build()); + } + + return chain.filter(exchange); + } } \ No newline at end of file diff --git a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/PersonOrganisasjonTilgangConsumer.java b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/PersonOrganisasjonTilgangConsumer.java index 0a947be0817..b29097a6057 100644 --- a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/PersonOrganisasjonTilgangConsumer.java +++ b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/PersonOrganisasjonTilgangConsumer.java @@ -1,51 +1,44 @@ package no.nav.testnav.apps.brukerservice.consumer; -import com.fasterxml.jackson.databind.ObjectMapper; import no.nav.testnav.apps.brukerservice.config.Consumers; -import no.nav.testnav.apps.brukerservice.consumer.command.GetOrganisasjonCommand; +import no.nav.testnav.apps.brukerservice.consumer.command.GetBrukertilgangCommand; import no.nav.testnav.apps.brukerservice.domain.Organisasjon; +import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId; import no.nav.testnav.libs.reactivesecurity.exchange.TokenExchange; import no.nav.testnav.libs.securitycore.domain.ServerProperties; -import org.springframework.http.MediaType; -import org.springframework.http.codec.json.Jackson2JsonDecoder; -import org.springframework.http.codec.json.Jackson2JsonEncoder; import org.springframework.stereotype.Component; -import org.springframework.web.reactive.function.client.ExchangeStrategies; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; @Component public class PersonOrganisasjonTilgangConsumer { + private final WebClient webClient; private final ServerProperties serverProperties; private final TokenExchange tokenExchange; + private final GetAuthenticatedUserId getAuthenticatedUserId; public PersonOrganisasjonTilgangConsumer( Consumers consumers, TokenExchange tokenExchange, - ObjectMapper objectMapper, - WebClient.Builder webClientBuilder) { - serverProperties = consumers.getTestnavPersonOrganisasjonTilgangService(); + WebClient.Builder webClientBuilder, + GetAuthenticatedUserId getAuthenticatedUserId) { + + serverProperties = consumers.getTestnavAltinn3TilgangService(); this.tokenExchange = tokenExchange; - ExchangeStrategies jacksonStrategy = ExchangeStrategies - .builder() - .codecs( - config -> { - config.defaultCodecs() - .jackson2JsonEncoder(new Jackson2JsonEncoder(objectMapper, MediaType.APPLICATION_JSON)); - config.defaultCodecs() - .jackson2JsonDecoder(new Jackson2JsonDecoder(objectMapper, MediaType.APPLICATION_JSON)); - }) - .build(); this.webClient = webClientBuilder - .exchangeStrategies(jacksonStrategy) .baseUrl(serverProperties.getUrl()) .build(); + this.getAuthenticatedUserId = getAuthenticatedUserId; } public Mono getOrganisasjon(String orgnummer) { - return tokenExchange.exchange(serverProperties) - .flatMap(accessToken -> new GetOrganisasjonCommand(webClient, orgnummer, accessToken.getTokenValue()).call()) - .map(Organisasjon::new); + + return Mono.from(getAuthenticatedUserId.call() + .flatMapMany(userId -> tokenExchange.exchange(serverProperties) + .flatMapMany(accessToken -> + new GetBrukertilgangCommand(webClient, userId, accessToken.getTokenValue()).call())) + .filter(org -> org.getOrganisasjonsnummer().equals(orgnummer)) + .map(Organisasjon::new)); } } diff --git a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/command/GetOrganisasjonCommand.java b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/command/GetBrukertilgangCommand.java similarity index 53% rename from apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/command/GetOrganisasjonCommand.java rename to apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/command/GetBrukertilgangCommand.java index 2a766f152c8..f3e949dd4e4 100644 --- a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/command/GetOrganisasjonCommand.java +++ b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/command/GetBrukertilgangCommand.java @@ -1,31 +1,35 @@ package no.nav.testnav.apps.brukerservice.consumer.command; import lombok.RequiredArgsConstructor; -import no.nav.testnav.apps.brukerservice.consumer.dto.OrganisasjonDTO; +import no.nav.testnav.apps.brukerservice.consumer.dto.AltinnBrukerRequest; +import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; +import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; import org.springframework.web.reactive.function.client.WebClient; import org.springframework.web.reactive.function.client.WebClientResponseException; +import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; import java.util.concurrent.Callable; @RequiredArgsConstructor -public class GetOrganisasjonCommand implements Callable> { +public class GetBrukertilgangCommand implements Callable> { private final WebClient webClient; - private final String organisasjonsnummer; + private final String ident; private final String token; @Override - public Mono call() { - return webClient.get() - .uri(builder -> builder.path("/api/v1/person/organisasjoner/{organisasjonsnummer}").build(organisasjonsnummer)) + public Flux call() { + return webClient.post() + .uri(builder -> builder.path("/api/v1/brukertilgang").build()) .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) + .bodyValue(new AltinnBrukerRequest(ident)) .retrieve() - .bodyToMono(OrganisasjonDTO.class) + .bodyToFlux(OrganisasjonDTO.class) + .doOnError(WebClientFilter::logErrorMessage) .onErrorResume( throwable -> throwable instanceof WebClientResponseException.NotFound, throwable -> Mono.empty() ); } -} - +} \ No newline at end of file diff --git a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/dto/AltinnBrukerRequest.java b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/dto/AltinnBrukerRequest.java new file mode 100644 index 00000000000..f70ff4216c1 --- /dev/null +++ b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/dto/AltinnBrukerRequest.java @@ -0,0 +1,11 @@ +package no.nav.testnav.apps.brukerservice.consumer.dto; + +import lombok.AllArgsConstructor; +import lombok.Data; + +@Data +@AllArgsConstructor +public class AltinnBrukerRequest { + + private String ident; +} diff --git a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/dto/OrganisasjonDTO.java b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/dto/OrganisasjonDTO.java deleted file mode 100644 index 425b1c3bf5c..00000000000 --- a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/consumer/dto/OrganisasjonDTO.java +++ /dev/null @@ -1,4 +0,0 @@ -package no.nav.testnav.apps.brukerservice.consumer.dto; - -public record OrganisasjonDTO(String navn, String organisasjonsnummer, String organisasjonsfrom) { -} diff --git a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/domain/Organisasjon.java b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/domain/Organisasjon.java index 77904f9ed88..c292fbc5a20 100644 --- a/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/domain/Organisasjon.java +++ b/apps/bruker-service/src/main/java/no/nav/testnav/apps/brukerservice/domain/Organisasjon.java @@ -1,27 +1,23 @@ package no.nav.testnav.apps.brukerservice.domain; -import no.nav.testnav.apps.brukerservice.consumer.dto.OrganisasjonDTO; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; +import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; -public class Organisasjon { - private final String navn; - private final String organisasjonsnummer; - private final String organisasjonsform; - - public Organisasjon(OrganisasjonDTO dto) { - this.navn = dto.navn(); - this.organisasjonsnummer = dto.organisasjonsnummer(); - this.organisasjonsform = dto.organisasjonsfrom(); - } +@Data +@NoArgsConstructor +@AllArgsConstructor - public String getNavn() { - return navn; - } +public class Organisasjon { - public String getOrganisasjonsnummer() { - return organisasjonsnummer; - } + private String navn; + private String organisasjonsnummer; + private String organisasjonsform; - public String getOrganisasjonsform() { - return organisasjonsform; + public Organisasjon(OrganisasjonDTO dto) { + this.navn = dto.getNavn(); + this.organisasjonsnummer = dto.getOrganisasjonsnummer(); + this.organisasjonsform = dto.getOrganisasjonsform(); } } diff --git a/apps/bruker-service/src/main/resources/application-dev.yml b/apps/bruker-service/src/main/resources/application-dev.yml index 9236e224169..35c9fa83539 100644 --- a/apps/bruker-service/src/main/resources/application-dev.yml +++ b/apps/bruker-service/src/main/resources/application-dev.yml @@ -1,6 +1,13 @@ spring: application: name: testnav-bruker-service-dev + security: + oauth2: + resourceserver: + tokenx: + issuer-uri: ${TOKEN_X_ISSUER} + jwk-set-uri: ${TOKEN_X_JWKS_URI} + accepted-audience: ${TOKEN_X_CLIENT_ID} r2dbc: url: r2dbc:postgresql://${NAIS_DATABASE_TESTNAV_BRUKER_SERVICE_DEV_TESTNAV_BRUKER_SERVICE_DEV_DB_HOST}:${NAIS_DATABASE_TESTNAV_BRUKER_SERVICE_DEV_TESTNAV_BRUKER_SERVICE_DEV_DB_PORT}/${NAIS_DATABASE_TESTNAV_BRUKER_SERVICE_DEV_TESTNAV_BRUKER_SERVICE_DEV_DB_DATABASE} username: ${NAIS_DATABASE_TESTNAV_BRUKER_SERVICE_DEV_TESTNAV_BRUKER_SERVICE_DEV_DB_USERNAME} @@ -12,6 +19,6 @@ spring: consumers: - testnav-person-organisasjon-tilgang-service: - url: http://testnav-person-organisasjon-tilgang-service-dev.dolly.svc.cluster.local - name: testnav-person-organisasjon-tilgang-service-dev \ No newline at end of file + testnav-altinn3-tilgang-service: + url: http://testnav-altinn3-tilgang-service.dolly.svc.cluster.local + name: testnav-altinn3-tilgang-service \ No newline at end of file diff --git a/apps/bruker-service/src/main/resources/application-local.yml b/apps/bruker-service/src/main/resources/application-local.yml index c348e6eb2a7..9c14722dfc9 100644 --- a/apps/bruker-service/src/main/resources/application-local.yml +++ b/apps/bruker-service/src/main/resources/application-local.yml @@ -1,9 +1,10 @@ + AZURE_APP_CLIENT_ID: ${sm://azure-app-client-id} AZURE_APP_CLIENT_SECRET: ${sm://azure-app-client-secret} CRYPTOGRAPHY_SECRET: DUMMY SUPER SECRET CRYPTOGRAPHY KEY THAT IS NOT SECURE JWT_SECRET: DUMMY SUPER SECRET JWT KEY THAT IS NOT SECURE + TOKEN_X_CLIENT_ID: dev-gcp:dolly:testnav-bruker-service-dev -TOKENDINGS_URL: ${TOKEN_X_ISSUER} spring: application: @@ -16,6 +17,6 @@ spring: password: consumers: - testnav-person-organisasjon-tilgang-service: - url: https://testnav-person-organisasjon-tilgang-service-dev.intern.dev.nav.no - name: testnav-person-organisasjon-tilgang-service-dev + testnav-altinn3-tilgang-service: + url: https://testnav-altinn3-tilgang-service.intern.dev.nav.no + name: testnav-altinn3-tilgang-service diff --git a/apps/bruker-service/src/main/resources/application-prod.yml b/apps/bruker-service/src/main/resources/application-prod.yml index 455275bd171..e6f872195b9 100644 --- a/apps/bruker-service/src/main/resources/application-prod.yml +++ b/apps/bruker-service/src/main/resources/application-prod.yml @@ -1,4 +1,11 @@ spring: + security: + oauth2: + resourceserver: + tokenx: + issuer-uri: ${TOKEN_X_ISSUER} + jwk-set-uri: ${TOKEN_X_JWKS_URI} + accepted-audience: ${TOKEN_X_CLIENT_ID} r2dbc: url: r2dbc:postgresql://${NAIS_DATABASE_TESTNAV_BRUKER_SERVICE_TESTNAV_BRUKER_SERVICE_DB_HOST}:${NAIS_DATABASE_TESTNAV_BRUKER_SERVICE_TESTNAV_BRUKER_SERVICE_DB_PORT}/${NAIS_DATABASE_TESTNAV_BRUKER_SERVICE_TESTNAV_BRUKER_SERVICE_DB_DATABASE} username: ${NAIS_DATABASE_TESTNAV_BRUKER_SERVICE_TESTNAV_BRUKER_SERVICE_DB_USERNAME} diff --git a/apps/bruker-service/src/main/resources/application.yml b/apps/bruker-service/src/main/resources/application.yml index 9f515a648c1..c08c085bc98 100644 --- a/apps/bruker-service/src/main/resources/application.yml +++ b/apps/bruker-service/src/main/resources/application.yml @@ -1,3 +1,5 @@ +AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b + spring: application: version: application.version.todo @@ -6,10 +8,10 @@ spring: security: oauth2: resourceserver: - tokenx: - issuer-uri: ${TOKEN_X_ISSUER} - jwk-set-uri: ${TOKEN_X_JWKS_URI} - accepted-audience: ${TOKEN_X_CLIENT_ID} + aad: + issuer-uri: ${AAD_ISSUER_URI}/v2.0 + jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys + accepted-audience: ${AZURE_APP_CLIENT_ID}, api://${AZURE_APP_CLIENT_ID} jackson: serialization: write_dates_as_timestamps: @@ -20,23 +22,24 @@ springdoc: url: /v3/api-docs consumers: - testnav-person-organisasjon-tilgang-service: - url: http://testnav-person-organisasjon-tilgang-service.dolly.svc.cluster.local + testnav-altinn3-tilgang-service: + url: http://testnav-altinn3-tilgang-proxy.dolly.svc.cluster.local cluster: dev-gcp namespace: dolly - name: testnav-person-organisasjon-tilgang-service + name: testnav-altinn3-tilgang-proxy management: endpoints: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/dolly-backend/src/main/resources/application.yml b/apps/dolly-backend/src/main/resources/application.yml index 6caad4f8bde..7187259ca47 100644 --- a/apps/dolly-backend/src/main/resources/application.yml +++ b/apps/dolly-backend/src/main/resources/application.yml @@ -64,15 +64,14 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: health: show-components: always show-details: always - heapdump: - enabled: true prometheus: enabled: true prometheus: diff --git a/apps/dolly-frontend/config.idporten.yml b/apps/dolly-frontend/config.idporten.yml index aed20782252..64f2ba53138 100644 --- a/apps/dolly-frontend/config.idporten.yml +++ b/apps/dolly-frontend/config.idporten.yml @@ -17,7 +17,7 @@ spec: tenant: nav.no replicas: min: 1 - max: 2 + max: 1 port: 8080 ingresses: - "https://dolly-idporten.ekstern.dev.nav.no" @@ -42,11 +42,8 @@ spec: - application: testnav-organisasjon-faste-data-service - application: testnav-organisasjon-forvalter - application: testnav-organisasjon-service - - application: testnav-organisasjon-tilgang-service - application: testnav-pdl-forvalter - application: testnav-person-faste-data-service - - application: testnav-person-organisasjon-tilgang-service - - application: testnav-person-organisasjon-tilgang-service-dev - application: testnav-person-search-service - application: testnav-person-service - application: testnav-skattekort-service diff --git a/apps/dolly-frontend/config.test.yml b/apps/dolly-frontend/config.test.yml index 260eafa9a3e..9494c59a1f0 100644 --- a/apps/dolly-frontend/config.test.yml +++ b/apps/dolly-frontend/config.test.yml @@ -46,10 +46,8 @@ spec: - application: testnav-organisasjon-faste-data-service - application: testnav-organisasjon-forvalter - application: testnav-organisasjon-service - - application: testnav-organisasjon-tilgang-service - application: testnav-pdl-forvalter-dev - application: testnav-person-faste-data-service - - application: testnav-person-organisasjon-tilgang-service-dev - application: testnav-person-search-service - application: testnav-person-service - application: testnav-sykemelding-api-dev diff --git a/apps/dolly-frontend/config.unstable.yml b/apps/dolly-frontend/config.unstable.yml index 7a6b3df1dba..19b2a8aa5cc 100644 --- a/apps/dolly-frontend/config.unstable.yml +++ b/apps/dolly-frontend/config.unstable.yml @@ -44,9 +44,7 @@ spec: - application: testnav-organisasjon-faste-data-service - application: testnav-organisasjon-forvalter - application: testnav-organisasjon-service - - application: testnav-organisasjon-tilgang-service - application: testnav-pdl-forvalter-dev - - application: testnav-person-organisasjon-tilgang-service-dev - application: testnav-person-search-service - application: testnav-person-service - application: testnav-tenor-search-service diff --git a/apps/dolly-frontend/config.yml b/apps/dolly-frontend/config.yml index f0429be6a19..2faeb17bc3a 100644 --- a/apps/dolly-frontend/config.yml +++ b/apps/dolly-frontend/config.yml @@ -51,10 +51,8 @@ spec: - application: testnav-organisasjon-faste-data-service - application: testnav-organisasjon-forvalter - application: testnav-organisasjon-service - - application: testnav-organisasjon-tilgang-service - application: testnav-pdl-forvalter - application: testnav-person-faste-data-service - - application: testnav-person-organisasjon-tilgang-service - application: testnav-person-search-service - application: testnav-person-service - application: testnav-skattekort-service diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java index 2df2a6e90d0..8124c6e087f 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java @@ -53,7 +53,6 @@ public class DollyFrontendApplicationStarter { @Bean public RouteLocator customRouteLocator(RouteLocatorBuilder builder) { - return builder .routes() .route(createRoute(consumers.getTestnavKontoregisterPersonProxy())) @@ -85,7 +84,6 @@ public RouteLocator customRouteLocator(RouteLocatorBuilder builder) { .route(createRoute(consumers.getTestnavSigrunstubProxy())) .route(createRoute(consumers.getTestnavPdlForvalter(), "testnav-pdl-forvalter")) .route(createRoute(consumers.getTestnavPersonSearchService())) - .route(createRoute(consumers.getTestnavPersonOrganisasjonTilgangService(), "testnav-person-organisasjon-tilgang-service")) .route(createRoute(consumers.getTestnavSkjermingsregisterProxy())) .route(createRoute(consumers.getTestnavDokarkivProxy())) .route(createRoute(consumers.getTestnavArbeidsplassenCVProxy())) @@ -147,4 +145,4 @@ private Function> createRoute(String segment, St .filters(filter, removeCookiesFilter, addUserJwtHeaderFilter()) ).uri(host); } -} +} \ No newline at end of file diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java index c29e9a91726..86a118efec9 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java @@ -51,7 +51,6 @@ public class Consumers { private ServerProperties testnavOrganisasjonService; private ServerProperties testnavPdlForvalter; private ServerProperties testnavPensjonTestdataFacadeProxy; - private ServerProperties testnavPersonOrganisasjonTilgangService; private ServerProperties testnavPersonSearchService; private ServerProperties testnavPersonService; private ServerProperties testnavSigrunstubProxy; diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/Altinn3PersonOrganisasjonTilgangConsumer.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/Altinn3PersonOrganisasjonTilgangConsumer.java new file mode 100644 index 00000000000..50a38ef30f7 --- /dev/null +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/Altinn3PersonOrganisasjonTilgangConsumer.java @@ -0,0 +1,66 @@ +package no.nav.dolly.web.consumers; + +import lombok.extern.slf4j.Slf4j; +import no.nav.dolly.web.config.Consumers; +import no.nav.dolly.web.consumers.command.PostPersonOrganisasjonTilgangCommand; +import no.nav.dolly.web.service.AccessService; +import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; +import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId; +import no.nav.testnav.libs.securitycore.domain.ServerProperties; +import org.springframework.stereotype.Component; +import org.springframework.web.reactive.function.client.WebClient; +import org.springframework.web.reactive.function.client.WebClientResponseException; +import org.springframework.web.server.ServerWebExchange; +import reactor.core.publisher.Flux; +import reactor.core.publisher.Mono; + +@Slf4j +@Component +public class Altinn3PersonOrganisasjonTilgangConsumer { + + private final WebClient webClient; + private final ServerProperties serverProperties; + private final AccessService accessService; + private final GetAuthenticatedUserId getAuthenticatedUserId; + + public Altinn3PersonOrganisasjonTilgangConsumer( + Consumers consumers, + AccessService accessService, + WebClient.Builder webClientBuilder, + GetAuthenticatedUserId getAuthenticatedUserId) { + + this.accessService = accessService; + serverProperties = consumers.getTestnavAltinn3TilgangService(); + + this.webClient = webClientBuilder + .baseUrl(serverProperties.getUrl()) + .build(); + this.getAuthenticatedUserId = getAuthenticatedUserId; + } + + public Mono hasAccess(String organisasjonsnummer, ServerWebExchange exchange) { + + return getAuthenticatedUserId + .call() + .flatMap(userId -> accessService.getAccessToken(serverProperties, exchange) + .flatMapMany(accessToken -> new PostPersonOrganisasjonTilgangCommand(webClient, userId, accessToken).call()) + .filter(organisasjonDTO -> organisasjonDTO.getOrganisasjonsnummer().equals(organisasjonsnummer)) + .onErrorResume( + WebClientResponseException.class::isInstance, + throwable -> { + log.warn("Person har ikke tilgang til organisasjon {}.", organisasjonsnummer); + return Mono.empty(); + }) + .reduce(Boolean.FALSE, (acc, value) -> Boolean.TRUE)); + } + + public Flux getOrganisasjoner(ServerWebExchange exchange) { + + return getAuthenticatedUserId + .call() + .flatMapMany(userId -> + accessService.getAccessToken(serverProperties, exchange) + .flatMapMany(accessToken -> new PostPersonOrganisasjonTilgangCommand(webClient, userId, accessToken).call())); + } +} + diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java deleted file mode 100644 index cec7481322b..00000000000 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java +++ /dev/null @@ -1,62 +0,0 @@ -package no.nav.dolly.web.consumers; - -import com.fasterxml.jackson.databind.ObjectMapper; -import lombok.extern.slf4j.Slf4j; -import no.nav.dolly.web.config.Consumers; -import no.nav.dolly.web.consumers.command.GetPersonOrganisasjonTilgangCommand; -import no.nav.dolly.web.service.AccessService; -import no.nav.testnav.libs.securitycore.domain.ServerProperties; -import org.springframework.http.MediaType; -import org.springframework.http.codec.json.Jackson2JsonDecoder; -import org.springframework.http.codec.json.Jackson2JsonEncoder; -import org.springframework.stereotype.Component; -import org.springframework.web.reactive.function.client.ExchangeStrategies; -import org.springframework.web.reactive.function.client.WebClient; -import org.springframework.web.reactive.function.client.WebClientResponseException; -import org.springframework.web.server.ServerWebExchange; -import reactor.core.publisher.Mono; - -@Slf4j -@Component -public class PersonOrganisasjonTilgangConsumer { - private final WebClient webClient; - private final ServerProperties serverProperties; - - private final AccessService accessService; - - public PersonOrganisasjonTilgangConsumer( - Consumers consumers, - AccessService accessService, - ObjectMapper objectMapper, - WebClient.Builder webClientBuilder) { - - this.accessService = accessService; - serverProperties = consumers.getTestnavPersonOrganisasjonTilgangService(); - ExchangeStrategies jacksonStrategy = ExchangeStrategies.builder() - .codecs(config -> { - config.defaultCodecs() - .jackson2JsonEncoder(new Jackson2JsonEncoder(objectMapper, MediaType.APPLICATION_JSON)); - config.defaultCodecs() - .jackson2JsonDecoder(new Jackson2JsonDecoder(objectMapper, MediaType.APPLICATION_JSON)); - }).build(); - - this.webClient = webClientBuilder - .exchangeStrategies(jacksonStrategy) - .baseUrl(serverProperties.getUrl()) - .build(); - } - - public Mono hasAccess(String organisasjonsnummer, ServerWebExchange exchange) { - return accessService.getAccessToken(serverProperties, exchange) - .flatMap(accessToken -> new GetPersonOrganisasjonTilgangCommand(webClient, accessToken, organisasjonsnummer).call()) - .onErrorResume( - WebClientResponseException.class::isInstance, - throwable -> { - log.warn("Person har ikke tilgang til organisasjon {}.", organisasjonsnummer); - return Mono.empty(); - }) - .flatMap(value -> Mono.just(true)) - .switchIfEmpty(Mono.just(false)); - } -} - diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/GetPersonOrganisasjonTilgangCommand.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/PostPersonOrganisasjonTilgangCommand.java similarity index 59% rename from apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/GetPersonOrganisasjonTilgangCommand.java rename to apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/PostPersonOrganisasjonTilgangCommand.java index 3bdfb86c837..7b7e5ece269 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/GetPersonOrganisasjonTilgangCommand.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/PostPersonOrganisasjonTilgangCommand.java @@ -2,11 +2,12 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import no.nav.dolly.web.consumers.dto.OrganisasjonDTO; +import no.nav.dolly.web.consumers.dto.AltinnBrukerRequest; +import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; import org.springframework.web.reactive.function.client.WebClient; -import reactor.core.publisher.Mono; +import reactor.core.publisher.Flux; import reactor.util.retry.Retry; import java.time.Duration; @@ -14,21 +15,24 @@ @Slf4j @RequiredArgsConstructor -public class GetPersonOrganisasjonTilgangCommand implements Callable> { +public class PostPersonOrganisasjonTilgangCommand implements Callable> { + private final WebClient webClient; + private final String ident; private final String token; - private final String organisasjonsnummer; @Override - public Mono call() { + public Flux call() { + return webClient - .get() - .uri(builder -> builder.path("/api/v1/person/organisasjoner/{organisasjonsnummer}").build(organisasjonsnummer)) + .post() + .uri(builder -> builder.path("/api/v1/brukertilgang").build()) .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) + .bodyValue(new AltinnBrukerRequest(ident)) .retrieve() - .bodyToMono(OrganisasjonDTO.class) - .doOnError(error -> log.error("Feilet å hente organisasjon, status: {}, feilmelding: ", - WebClientFilter.getMessage(error), + .bodyToFlux(OrganisasjonDTO.class) + .doOnError(error -> log.error("Feilet å hente organisasjon, status: {}, feilmelding: {}", + WebClientFilter.getStatus(error), WebClientFilter.getMessage(error), error)) .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/AltinnBrukerRequest.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/AltinnBrukerRequest.java new file mode 100644 index 00000000000..91dbb8b2a03 --- /dev/null +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/AltinnBrukerRequest.java @@ -0,0 +1,11 @@ +package no.nav.dolly.web.consumers.dto; + +import lombok.AllArgsConstructor; +import lombok.Data; + +@Data +@AllArgsConstructor +public class AltinnBrukerRequest { + + private String ident; +} diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/OrganisasjonDTO.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/OrganisasjonDTO.java deleted file mode 100644 index fdd85cd2839..00000000000 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/OrganisasjonDTO.java +++ /dev/null @@ -1,12 +0,0 @@ -package no.nav.dolly.web.consumers.dto; - -import java.time.LocalDateTime; - -public record OrganisasjonDTO( - String navn, - String orgnisasjonsnummer, - String orgnisasjonsfrom, - LocalDateTime gyldigTil -) { -} - diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/BrukerTilgangController.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/BrukerTilgangController.java new file mode 100644 index 00000000000..829b41b4fab --- /dev/null +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/BrukerTilgangController.java @@ -0,0 +1,29 @@ +package no.nav.dolly.web.provider.web; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.dolly.web.consumers.Altinn3PersonOrganisasjonTilgangConsumer; +import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.server.ServerWebExchange; +import reactor.core.publisher.Mono; + +import java.util.List; + +@Slf4j +@RestController +@RequestMapping("/altinn") +@RequiredArgsConstructor +public class BrukerTilgangController { + + private final Altinn3PersonOrganisasjonTilgangConsumer altinn3PersonOrganisasjonTilgangConsumer; + + @GetMapping("/organisasjoner") + public Mono> getOrganisasjoner(ServerWebExchange exchange) { + + return altinn3PersonOrganisasjonTilgangConsumer.getOrganisasjoner(exchange) + .collectList(); + } +} diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java index 0652790796c..f6222576b25 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java @@ -2,7 +2,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import no.nav.dolly.web.consumers.PersonOrganisasjonTilgangConsumer; +import no.nav.dolly.web.consumers.Altinn3PersonOrganisasjonTilgangConsumer; import no.nav.dolly.web.service.BrukerService; import no.nav.testnav.libs.securitycore.config.UserSessionConstant; import org.springframework.http.HttpStatus; @@ -24,7 +24,7 @@ public class SessionController { private final BrukerService brukerService; - private final PersonOrganisasjonTilgangConsumer personOrganisasjonTilgangConsumer; + private final Altinn3PersonOrganisasjonTilgangConsumer altinn3PersonOrganisasjonTilgangConsumer; /** * Ping endepunkt for aa holde sessionen aapen. @@ -44,7 +44,8 @@ public Mono> delete(ServerWebExchange exchange) { @PutMapping("/user") public Mono> addUserToSession(@RequestParam String organisasjonsnummer, ServerWebExchange exchange) { - return personOrganisasjonTilgangConsumer + + return altinn3PersonOrganisasjonTilgangConsumer .hasAccess(organisasjonsnummer, exchange) .doOnError(e -> log.error("Feil ved sjekk av tilgang til org {}", organisasjonsnummer, e)) .flatMap(hasAccess -> { diff --git a/apps/dolly-frontend/src/main/js/playwright/mocks/BasicMocks.tsx b/apps/dolly-frontend/src/main/js/playwright/mocks/BasicMocks.tsx index 7518f066e45..ce86904ffba 100644 --- a/apps/dolly-frontend/src/main/js/playwright/mocks/BasicMocks.tsx +++ b/apps/dolly-frontend/src/main/js/playwright/mocks/BasicMocks.tsx @@ -23,8 +23,7 @@ export const personOrgTilgangMock = [ { navn: 'testytest', organisasjonsnummer: '12345678', - organisasjonsfrom: 'BEDR', - gyldigTil: '2100-10-10T10:10:10.100Z', + organisasjonsform: 'BEDR', }, ] diff --git a/apps/dolly-frontend/src/main/js/playwright/tests/Bankid.spec.ts b/apps/dolly-frontend/src/main/js/playwright/tests/Bankid.spec.ts index 10d86341dca..f832c6a7883 100644 --- a/apps/dolly-frontend/src/main/js/playwright/tests/Bankid.spec.ts +++ b/apps/dolly-frontend/src/main/js/playwright/tests/Bankid.spec.ts @@ -11,7 +11,7 @@ test.describe('Bankid testing', () => { headers: { 'content-type': 'application/json' }, }) }) - await page.route(new RegExp(/testnav-person-organisasjon-tilgang-service/), async (route) => { + await page.route(new RegExp(/altinn\/organisasjoner/), async (route) => { await route.fulfill({ status: 200, body: JSON.stringify(personOrgTilgangMock), diff --git a/apps/dolly-frontend/src/main/js/proxy-routes.json b/apps/dolly-frontend/src/main/js/proxy-routes.json index 2b7e1cf21bb..ea55ec091c7 100644 --- a/apps/dolly-frontend/src/main/js/proxy-routes.json +++ b/apps/dolly-frontend/src/main/js/proxy-routes.json @@ -29,6 +29,10 @@ "/session/user": { "changeOrigin": false }, + "/altinn/organisasjoner": { + "target": "http://localhost:8020", + "secure": false + }, "/testnav-organisasjon-faste-data-service/api": { "changeOrigin": true }, @@ -113,9 +117,6 @@ "/testnav-person-search-service/api": { "changeOrigin": true }, - "/testnav-person-organisasjon-tilgang-service/api": { - "changeOrigin": true - }, "/testnav-pdl-forvalter/api": { "changeOrigin": true }, diff --git a/apps/dolly-frontend/src/main/js/src/service/services/personOrganisasjonTilgang/PersonOrganisasjonTilgangService.tsx b/apps/dolly-frontend/src/main/js/src/service/services/personOrganisasjonTilgang/PersonOrganisasjonTilgangService.tsx index c67a1f009c7..e079958b6b3 100644 --- a/apps/dolly-frontend/src/main/js/src/service/services/personOrganisasjonTilgang/PersonOrganisasjonTilgangService.tsx +++ b/apps/dolly-frontend/src/main/js/src/service/services/personOrganisasjonTilgang/PersonOrganisasjonTilgangService.tsx @@ -1,8 +1,7 @@ import Request from '@/service/services/Request' import logoutBruker from '@/components/utlogging/logoutBruker' -const personOrgTilgangServiceUrl = - '/testnav-person-organisasjon-tilgang-service/api/v1/person/organisasjoner' +const personOrgTilgangServiceUrl = '/altinn/organisasjoner' export default { getOrganisasjoner() { @@ -15,5 +14,5 @@ export default { .then((response) => { return response }) - }, + } } diff --git a/apps/dolly-frontend/src/main/js/src/utils/hooks/useOrganisasjonTilgang.tsx b/apps/dolly-frontend/src/main/js/src/utils/hooks/useOrganisasjonTilgang.tsx index 98f8d78bfb6..47969f3c8eb 100644 --- a/apps/dolly-frontend/src/main/js/src/utils/hooks/useOrganisasjonTilgang.tsx +++ b/apps/dolly-frontend/src/main/js/src/utils/hooks/useOrganisasjonTilgang.tsx @@ -3,7 +3,7 @@ import { fetcher } from '@/api' import { useBrukerProfil } from '@/utils/hooks/useBruker' const getOrganisasjonMiljoeUrl = (orgnummer: string) => - `/testnav-altinn3-tilgang-service/api/v1/miljoer/organisasjon/orgnummer?orgnummer=${orgnummer}` + `/testnav-altinn3-tilgang-service/api/v1/miljoer/organisasjon/${orgnummer}` const organisasjonTilgangUrl = `/testnav-altinn3-tilgang-service/api/v1/organisasjoner` diff --git a/apps/dolly-frontend/src/main/resources/application-local.yml b/apps/dolly-frontend/src/main/resources/application-local.yml index be0739b2cf1..48b781833ba 100644 --- a/apps/dolly-frontend/src/main/resources/application-local.yml +++ b/apps/dolly-frontend/src/main/resources/application-local.yml @@ -41,9 +41,6 @@ consumers: testnav-varslinger-service: name: testnav-varslinger-service-dev url: http://testnav-varslinger-service-dev.intern.dev.nav.no - testnav-person-organisasjon-tilgang-service: - name: testnav-person-organisasjon-tilgang-service-dev - url: https://testnav-person-organisasjon-tilgang-service.intern.dev.nav.no oppsummeringsdokument-service: url: https://testnav-oppsummeringsdokument-service.intern.dev.nav.no testnav-bruker-service: diff --git a/apps/dolly-frontend/src/main/resources/application.yml b/apps/dolly-frontend/src/main/resources/application.yml index 9653c61db58..d448be506fd 100644 --- a/apps/dolly-frontend/src/main/resources/application.yml +++ b/apps/dolly-frontend/src/main/resources/application.yml @@ -155,11 +155,6 @@ consumers: namespace: dolly name: testnorge-tilbakemelding-api url: http://testnorge-tilbakemelding-api.dolly.svc.cluster.local - testnav-person-organisasjon-tilgang-service: - cluster: dev-gcp - namespace: dolly - name: testnav-person-organisasjon-tilgang-service - url: http://testnav-person-organisasjon-tilgang-service.dolly.svc.cluster.local testnav-bruker-service: cluster: dev-gcp namespace: dolly @@ -251,12 +246,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/dolly-frontend/src/main/resources/logback-spring.xml b/apps/dolly-frontend/src/main/resources/logback-spring.xml index 966dbc796b2..b80ca79b071 100644 --- a/apps/dolly-frontend/src/main/resources/logback-spring.xml +++ b/apps/dolly-frontend/src/main/resources/logback-spring.xml @@ -3,17 +3,9 @@ - - true - 10280 - 20 - ^sun\.reflect\..*\.invoke - ^net\.sf\.cglib\.proxy\.MethodProxy\.invoke - java\.util\.concurrent\..* - org\.apache\.catalina\..* - org\.apache\.coyote\..* - org\.apache\.tomcat\..* - + -1 + true + - diff --git a/apps/dollystatus/src/main/resources/application.yml b/apps/dollystatus/src/main/resources/application.yml index 069adad970b..02b34f3f5a6 100644 --- a/apps/dollystatus/src/main/resources/application.yml +++ b/apps/dollystatus/src/main/resources/application.yml @@ -3,12 +3,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/endringsmelding-frontend/src/main/js/package-lock.json b/apps/endringsmelding-frontend/src/main/js/package-lock.json index 4f842cb844c..b15f54fc4f4 100644 --- a/apps/endringsmelding-frontend/src/main/js/package-lock.json +++ b/apps/endringsmelding-frontend/src/main/js/package-lock.json @@ -3274,16 +3274,15 @@ "license": "MIT" }, "node_modules/nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "version": "3.3.8", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz", + "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==", "funding": [ { "type": "github", "url": "https://github.com/sponsors/ai" } ], - "license": "MIT", "bin": { "nanoid": "bin/nanoid.cjs" }, diff --git a/apps/endringsmelding-frontend/src/main/resources/application.yml b/apps/endringsmelding-frontend/src/main/resources/application.yml index 38f3e2e9a89..0437a6213d6 100644 --- a/apps/endringsmelding-frontend/src/main/resources/application.yml +++ b/apps/endringsmelding-frontend/src/main/resources/application.yml @@ -44,12 +44,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/endringsmelding-service/src/main/resources/application.yml b/apps/endringsmelding-service/src/main/resources/application.yml index d7cdb8c63fc..d552f471d1e 100644 --- a/apps/endringsmelding-service/src/main/resources/application.yml +++ b/apps/endringsmelding-service/src/main/resources/application.yml @@ -45,12 +45,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true health: elasticsearch: enabled: false diff --git a/apps/faste-data-frontend/src/main/resources/application.yml b/apps/faste-data-frontend/src/main/resources/application.yml index 47faf21eb99..6d226e085c8 100644 --- a/apps/faste-data-frontend/src/main/resources/application.yml +++ b/apps/faste-data-frontend/src/main/resources/application.yml @@ -62,12 +62,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/generer-arbeidsforhold-populasjon-service/src/main/resources/application.yml b/apps/generer-arbeidsforhold-populasjon-service/src/main/resources/application.yml index 3c4d2f1263e..716b962f019 100644 --- a/apps/generer-arbeidsforhold-populasjon-service/src/main/resources/application.yml +++ b/apps/generer-arbeidsforhold-populasjon-service/src/main/resources/application.yml @@ -48,12 +48,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/generer-navn-service/src/main/resources/application.yml b/apps/generer-navn-service/src/main/resources/application.yml index 5777e19d691..f470d5ceed7 100644 --- a/apps/generer-navn-service/src/main/resources/application.yml +++ b/apps/generer-navn-service/src/main/resources/application.yml @@ -29,12 +29,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/generer-organisasjon-populasjon-service/src/main/resources/application.yml b/apps/generer-organisasjon-populasjon-service/src/main/resources/application.yml index 241b6cc21ef..c26902af9b9 100644 --- a/apps/generer-organisasjon-populasjon-service/src/main/resources/application.yml +++ b/apps/generer-organisasjon-populasjon-service/src/main/resources/application.yml @@ -41,12 +41,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/generer-synt-amelding-service/src/main/resources/application.yml b/apps/generer-synt-amelding-service/src/main/resources/application.yml index e50b841c107..df0c280972e 100644 --- a/apps/generer-synt-amelding-service/src/main/resources/application.yml +++ b/apps/generer-synt-amelding-service/src/main/resources/application.yml @@ -38,12 +38,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/helsepersonell-service/src/main/resources/application.yml b/apps/helsepersonell-service/src/main/resources/application.yml index 43f90ed6aca..da7af8a8eee 100644 --- a/apps/helsepersonell-service/src/main/resources/application.yml +++ b/apps/helsepersonell-service/src/main/resources/application.yml @@ -29,12 +29,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/inntektsmelding-generator-service/src/main/resources/application.yml b/apps/inntektsmelding-generator-service/src/main/resources/application.yml index 593df4d3e10..edb4821e98f 100644 --- a/apps/inntektsmelding-generator-service/src/main/resources/application.yml +++ b/apps/inntektsmelding-generator-service/src/main/resources/application.yml @@ -24,12 +24,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/inntektsmelding-service/src/main/resources/application.yml b/apps/inntektsmelding-service/src/main/resources/application.yml index dc654d232cf..3e93ae1704b 100644 --- a/apps/inntektsmelding-service/src/main/resources/application.yml +++ b/apps/inntektsmelding-service/src/main/resources/application.yml @@ -40,12 +40,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/jenkins-batch-status-service/src/main/resources/application.yml b/apps/jenkins-batch-status-service/src/main/resources/application.yml index 12bda26837d..38b6be1140a 100644 --- a/apps/jenkins-batch-status-service/src/main/resources/application.yml +++ b/apps/jenkins-batch-status-service/src/main/resources/application.yml @@ -41,12 +41,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/joark-dokument-service/src/main/resources/application.yml b/apps/joark-dokument-service/src/main/resources/application.yml index 50215c47d64..76d160784c6 100644 --- a/apps/joark-dokument-service/src/main/resources/application.yml +++ b/apps/joark-dokument-service/src/main/resources/application.yml @@ -34,12 +34,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/kodeverk-service/src/main/resources/application.yml b/apps/kodeverk-service/src/main/resources/application.yml index 824b314a535..7f880895661 100644 --- a/apps/kodeverk-service/src/main/resources/application.yml +++ b/apps/kodeverk-service/src/main/resources/application.yml @@ -22,12 +22,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/levende-arbeidsforhold-ansettelse/src/main/resources/application.yml b/apps/levende-arbeidsforhold-ansettelse/src/main/resources/application.yml index 29a6a0e10d4..9e676dc80e1 100644 --- a/apps/levende-arbeidsforhold-ansettelse/src/main/resources/application.yml +++ b/apps/levende-arbeidsforhold-ansettelse/src/main/resources/application.yml @@ -28,13 +28,15 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - health.show-details: always - heapdump.enabled: true - prometheus.enabled: true + health: + show-details: always + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/levende-arbeidsforhold-scheduler/src/main/resources/application.yml b/apps/levende-arbeidsforhold-scheduler/src/main/resources/application.yml index e1281b264c9..0ade711cee5 100644 --- a/apps/levende-arbeidsforhold-scheduler/src/main/resources/application.yml +++ b/apps/levende-arbeidsforhold-scheduler/src/main/resources/application.yml @@ -25,12 +25,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/levende-arbeidsforhold-service/src/main/resources/application.yml b/apps/levende-arbeidsforhold-service/src/main/resources/application.yml index bd6d7946969..9366022b2f8 100644 --- a/apps/levende-arbeidsforhold-service/src/main/resources/application.yml +++ b/apps/levende-arbeidsforhold-service/src/main/resources/application.yml @@ -28,12 +28,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/miljoer-service/src/main/resources/application.yml b/apps/miljoer-service/src/main/resources/application.yml index 41fae00bc00..47f1bcc1780 100644 --- a/apps/miljoer-service/src/main/resources/application.yml +++ b/apps/miljoer-service/src/main/resources/application.yml @@ -31,12 +31,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/oppsummeringsdokument-service/src/main/resources/application.yml b/apps/oppsummeringsdokument-service/src/main/resources/application.yml index a3800a156d5..780c6e746f0 100644 --- a/apps/oppsummeringsdokument-service/src/main/resources/application.yml +++ b/apps/oppsummeringsdokument-service/src/main/resources/application.yml @@ -30,12 +30,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/organisasjon-bestilling-service/src/main/resources/application.yml b/apps/organisasjon-bestilling-service/src/main/resources/application.yml index 5d10b138922..e8d0b3a450e 100644 --- a/apps/organisasjon-bestilling-service/src/main/resources/application.yml +++ b/apps/organisasjon-bestilling-service/src/main/resources/application.yml @@ -33,12 +33,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/organisasjon-faste-data-service/src/main/resources/application.yml b/apps/organisasjon-faste-data-service/src/main/resources/application.yml index b35c5e82706..f0e7149af43 100644 --- a/apps/organisasjon-faste-data-service/src/main/resources/application.yml +++ b/apps/organisasjon-faste-data-service/src/main/resources/application.yml @@ -38,12 +38,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/organisasjon-forvalter/src/main/resources/application.yml b/apps/organisasjon-forvalter/src/main/resources/application.yml index 095c0107efa..8e48224db96 100644 --- a/apps/organisasjon-forvalter/src/main/resources/application.yml +++ b/apps/organisasjon-forvalter/src/main/resources/application.yml @@ -63,12 +63,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/organisasjon-mottak-service/src/main/resources/application.yml b/apps/organisasjon-mottak-service/src/main/resources/application.yml index f5454299df6..77d033f0b1c 100644 --- a/apps/organisasjon-mottak-service/src/main/resources/application.yml +++ b/apps/organisasjon-mottak-service/src/main/resources/application.yml @@ -49,12 +49,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/organisasjon-service/src/main/resources/application.yml b/apps/organisasjon-service/src/main/resources/application.yml index 9f897c11c45..64de1fe9017 100644 --- a/apps/organisasjon-service/src/main/resources/application.yml +++ b/apps/organisasjon-service/src/main/resources/application.yml @@ -34,12 +34,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/organisasjon-tilgang-service/src/main/resources/application.yml b/apps/organisasjon-tilgang-service/src/main/resources/application.yml index 543d3d30f23..3f5e8bd26ec 100644 --- a/apps/organisasjon-tilgang-service/src/main/resources/application.yml +++ b/apps/organisasjon-tilgang-service/src/main/resources/application.yml @@ -38,12 +38,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/orgnummer-service/src/main/resources/application.yml b/apps/orgnummer-service/src/main/resources/application.yml index 7928e2c4f00..2de7966ba4c 100644 --- a/apps/orgnummer-service/src/main/resources/application.yml +++ b/apps/orgnummer-service/src/main/resources/application.yml @@ -43,12 +43,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/oversikt-frontend/src/main/resources/application.yml b/apps/oversikt-frontend/src/main/resources/application.yml index cab26a3240a..cdd1bac15de 100644 --- a/apps/oversikt-frontend/src/main/resources/application.yml +++ b/apps/oversikt-frontend/src/main/resources/application.yml @@ -39,12 +39,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/pdl-forvalter/src/main/resources/application.yml b/apps/pdl-forvalter/src/main/resources/application.yml index e2b6c90f4ca..5acfc5165d8 100644 --- a/apps/pdl-forvalter/src/main/resources/application.yml +++ b/apps/pdl-forvalter/src/main/resources/application.yml @@ -56,12 +56,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true health: elasticsearch: enabled: false diff --git a/apps/person-faste-data-service/src/main/resources/application.yml b/apps/person-faste-data-service/src/main/resources/application.yml index 96c6b85b36e..aaa24d49517 100644 --- a/apps/person-faste-data-service/src/main/resources/application.yml +++ b/apps/person-faste-data-service/src/main/resources/application.yml @@ -32,12 +32,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/person-organisasjon-tilgang-service/src/main/resources/application.yml b/apps/person-organisasjon-tilgang-service/src/main/resources/application.yml index 1da5b3b1184..095b0b2f172 100644 --- a/apps/person-organisasjon-tilgang-service/src/main/resources/application.yml +++ b/apps/person-organisasjon-tilgang-service/src/main/resources/application.yml @@ -38,12 +38,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/person-search-service/src/main/resources/application.yml b/apps/person-search-service/src/main/resources/application.yml index 1aecee96702..e2fbb948c45 100644 --- a/apps/person-search-service/src/main/resources/application.yml +++ b/apps/person-search-service/src/main/resources/application.yml @@ -41,12 +41,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/person-service/src/main/resources/application.yml b/apps/person-service/src/main/resources/application.yml index 6a61ab08e39..8c6411c1eaf 100644 --- a/apps/person-service/src/main/resources/application.yml +++ b/apps/person-service/src/main/resources/application.yml @@ -39,12 +39,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/profil-api/src/main/resources/application.yml b/apps/profil-api/src/main/resources/application.yml index 4c9b6cac076..6d87e3d1b3f 100644 --- a/apps/profil-api/src/main/resources/application.yml +++ b/apps/profil-api/src/main/resources/application.yml @@ -41,12 +41,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/skattekort-service/src/main/resources/application.yml b/apps/skattekort-service/src/main/resources/application.yml index 51e2bcada96..72a52109bee 100644 --- a/apps/skattekort-service/src/main/resources/application.yml +++ b/apps/skattekort-service/src/main/resources/application.yml @@ -23,12 +23,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/sykemelding-api/src/main/resources/application.yml b/apps/sykemelding-api/src/main/resources/application.yml index f1e9d0240b5..b49e9a7862a 100644 --- a/apps/sykemelding-api/src/main/resources/application.yml +++ b/apps/sykemelding-api/src/main/resources/application.yml @@ -31,12 +31,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/synt-sykemelding-api/src/main/resources/application.yml b/apps/synt-sykemelding-api/src/main/resources/application.yml index a9ff3f6ba65..70e49cef899 100644 --- a/apps/synt-sykemelding-api/src/main/resources/application.yml +++ b/apps/synt-sykemelding-api/src/main/resources/application.yml @@ -59,12 +59,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/synt-vedtakshistorikk-service/src/main/resources/application.yml b/apps/synt-vedtakshistorikk-service/src/main/resources/application.yml index 12285d7ae0a..3ab20446b84 100644 --- a/apps/synt-vedtakshistorikk-service/src/main/resources/application.yml +++ b/apps/synt-vedtakshistorikk-service/src/main/resources/application.yml @@ -65,12 +65,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/tenor-search-service/src/main/resources/application.yml b/apps/tenor-search-service/src/main/resources/application.yml index 765f641ea55..72f6aa800c2 100644 --- a/apps/tenor-search-service/src/main/resources/application.yml +++ b/apps/tenor-search-service/src/main/resources/application.yml @@ -29,12 +29,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/testnav-ident-pool/src/main/resources/application.yml b/apps/testnav-ident-pool/src/main/resources/application.yml index eec84e92cc7..50680851ade 100644 --- a/apps/testnav-ident-pool/src/main/resources/application.yml +++ b/apps/testnav-ident-pool/src/main/resources/application.yml @@ -15,12 +15,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/testnorge-statisk-data-forvalter/src/main/resources/application.yml b/apps/testnorge-statisk-data-forvalter/src/main/resources/application.yml index fb9d79b9227..52b818eb1db 100644 --- a/apps/testnorge-statisk-data-forvalter/src/main/resources/application.yml +++ b/apps/testnorge-statisk-data-forvalter/src/main/resources/application.yml @@ -83,12 +83,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/tilbakemelding-api/src/main/resources/application.yml b/apps/tilbakemelding-api/src/main/resources/application.yml index f90336663c1..fdf868899a9 100644 --- a/apps/tilbakemelding-api/src/main/resources/application.yml +++ b/apps/tilbakemelding-api/src/main/resources/application.yml @@ -38,12 +38,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/tps-messaging-service/src/main/resources/application.yml b/apps/tps-messaging-service/src/main/resources/application.yml index c36f3d7945a..b7c23264167 100644 --- a/apps/tps-messaging-service/src/main/resources/application.yml +++ b/apps/tps-messaging-service/src/main/resources/application.yml @@ -50,12 +50,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true health: show-details: always health: diff --git a/apps/udi-stub/src/main/resources/application.yml b/apps/udi-stub/src/main/resources/application.yml index 0072dcc00e8..6d4f4085497 100644 --- a/apps/udi-stub/src/main/resources/application.yml +++ b/apps/udi-stub/src/main/resources/application.yml @@ -33,12 +33,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/apps/varslinger-service/src/main/resources/application.yml b/apps/varslinger-service/src/main/resources/application.yml index 2308249ef43..55331eeaa37 100644 --- a/apps/varslinger-service/src/main/resources/application.yml +++ b/apps/varslinger-service/src/main/resources/application.yml @@ -29,12 +29,13 @@ management: enabled-by-default: true web: base-path: /internal - exposure.include: prometheus,heapdump,health + exposure: + include: prometheus,health path-mapping: prometheus: metrics endpoint: - prometheus.enabled: true - heapdump.enabled: true + prometheus: + enabled: true prometheus: metrics: export: diff --git a/docs/solution-description/azure-ad-og-z-ident.md b/docs/solution-description/azure-ad-og-z-ident.md index faf91d76a7c..ee5139cf616 100644 --- a/docs/solution-description/azure-ad-og-z-ident.md +++ b/docs/solution-description/azure-ad-og-z-ident.md @@ -75,9 +75,3 @@ Med access_tokene, som brukes i kommunikasjon fra frontend til backend, vil back Det betyr at vi kan bruke dagens mekanismer for å hente ut epost istedenfor for Z-bruker i Dolly. I Dolly frontend vil vi nå ha mulighet til å hente ut personlige informasjon om brukeren. Som epost, navn osv... som vil hjelpe oss til bedre feilsøkning, og være et steg i å kunne hjelpe personer utenfor NAV. - -### Migererig fra Z-Bruker - -I en periode vil vi legge til funksjonalitet for å kunne kopiere en Z-bruker over til din personlige bruker. På den måten vil ingen miste allerede opprettede brukere. - -[Prototype](https://invis.io/ENXCGRI6XD8#/429665609_Innlogging_Personlig_ident_1) \ No newline at end of file diff --git a/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/OrganisasjonDTO.java b/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/OrganisasjonDTO.java new file mode 100644 index 00000000000..725ba98dfb4 --- /dev/null +++ b/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/OrganisasjonDTO.java @@ -0,0 +1,17 @@ +package no.nav.testnav.libs.dto.altinn3.v1; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class OrganisasjonDTO { + + private String navn; + private String organisasjonsnummer; + private String organisasjonsform; +} \ No newline at end of file diff --git a/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/PersonDTO.java b/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/PersonDTO.java new file mode 100644 index 00000000000..c5a91530fda --- /dev/null +++ b/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/PersonDTO.java @@ -0,0 +1,32 @@ +package no.nav.testnav.libs.dto.altinn3.v1; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.List; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class PersonDTO { + + private String ident; + private List organisasjoner; + + @Data + @Builder + @NoArgsConstructor + @AllArgsConstructor + public static class OrganisasjonDTO { + + private String navn; + private String organisasjonsnummer; + private String organisasjonsform; + private Boolean hasAltinnDollyTilgang; + private Boolean hasDollyOrganisasjonTilgang; + private String melding; + } +} diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedResourceServerType.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedResourceServerType.java index a3596f957d2..8d846ba7708 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedResourceServerType.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedResourceServerType.java @@ -1,7 +1,9 @@ package no.nav.testnav.libs.reactivesecurity.action; import lombok.RequiredArgsConstructor; +import no.nav.testnav.libs.reactivesecurity.properties.ResourceServerProperties; import no.nav.testnav.libs.securitycore.domain.ResourceServerType; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.stereotype.Component; import reactor.core.publisher.Mono; @@ -10,8 +12,6 @@ import java.util.Optional; import java.util.concurrent.Callable; -import no.nav.testnav.libs.reactivesecurity.properties.ResourceServerProperties; - @Component @RequiredArgsConstructor public class GetAuthenticatedResourceServerType extends JwtResolver implements Callable> { @@ -30,11 +30,18 @@ private Optional getResourceTypeForm(JwtAuthenticationToken @Override public Mono call() { + return getJwtAuthenticationToken() .onErrorResume(JwtResolverException.class, throwable -> Mono.empty()) - .flatMap(token -> getResourceTypeForm(token) - .map(Mono::just) - .orElseGet(Mono::empty) - ); + .flatMap(authentication -> { + if (authentication instanceof JwtAuthenticationToken jwtAuthenticationTokentoken) { + return getResourceTypeForm(jwtAuthenticationTokentoken) + .map(Mono::just) + .orElseGet(Mono::empty); + } else if (authentication instanceof OAuth2AuthenticationToken) { + return Mono.just(ResourceServerType.TOKEN_X); + } + return Mono.empty(); + }); } } diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedToken.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedToken.java index bc5f09c71f3..c69106248ed 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedToken.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedToken.java @@ -1,11 +1,18 @@ package no.nav.testnav.libs.reactivesecurity.action; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.libs.securitycore.domain.Token; +import org.springframework.http.HttpStatus; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.stereotype.Component; +import org.springframework.web.server.ResponseStatusException; import reactor.core.publisher.Mono; +import java.time.Instant; import java.util.concurrent.Callable; @Component @@ -21,6 +28,7 @@ public Mono call() { .call() .flatMap(serverType -> switch (serverType) { case TOKEN_X -> getJwtAuthenticationToken() + .map(JwtAuthenticationToken.class::cast) .map(jwt -> Token.builder() .clientCredentials(false) .userId(jwt.getTokenAttributes().get("pid").toString()) @@ -28,6 +36,7 @@ public Mono call() { .expiresAt(jwt.getToken().getExpiresAt()) .build()); case AZURE_AD -> getJwtAuthenticationToken() + .map(JwtAuthenticationToken.class::cast) .map(jwt -> Token.builder() .clientCredentials(jwt.getTokenAttributes().get("oid").equals(jwt.getTokenAttributes().get("sub"))) .userId(jwt.getTokenAttributes().get("oid").toString()) diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedUserId.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedUserId.java index 63193f44bcc..b0636ee9c7d 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedUserId.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedUserId.java @@ -1,11 +1,15 @@ package no.nav.testnav.libs.reactivesecurity.action; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.stereotype.Component; import reactor.core.publisher.Mono; import java.util.concurrent.Callable; +@Slf4j @Component @RequiredArgsConstructor public class GetAuthenticatedUserId extends JwtResolver implements Callable> { @@ -23,6 +27,20 @@ public Mono call() { } private Mono getTokenAttribute(String attribute) { - return getJwtAuthenticationToken().map(value -> value.getTokenAttributes().get(attribute).toString()); + + return getJwtAuthenticationToken() + .map(authentication -> + + switch (authentication) { + + case JwtAuthenticationToken jwtAuthenticationToken -> + jwtAuthenticationToken.getTokenAttributes().get(attribute).toString(); + + case OAuth2AuthenticationToken oauth2AuthenticationToken -> + oauth2AuthenticationToken.getPrincipal().getAttributes().get("pid").toString(); + + default -> ""; + } + ); } } diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/JwtResolver.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/JwtResolver.java index 6f360743c2f..5b19c554aa1 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/JwtResolver.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/JwtResolver.java @@ -1,34 +1,19 @@ package no.nav.testnav.libs.reactivesecurity.action; import lombok.extern.slf4j.Slf4j; -import org.springframework.security.authentication.CredentialsExpiredException; +import org.springframework.security.core.Authentication; import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.oauth2.jwt.Jwt; -import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import reactor.core.publisher.Mono; -import java.time.Instant; -import java.time.ZonedDateTime; - @Slf4j -@SuppressWarnings("java:S1610") abstract class JwtResolver { - Mono getJwtAuthenticationToken() { + Mono getJwtAuthenticationToken() { return ReactiveSecurityContextHolder .getContext() .switchIfEmpty(Mono.error(new JwtResolverException("ReactiveSecurityContext is empty"))) - .map(SecurityContext::getAuthentication) - .map(JwtAuthenticationToken.class::cast) - .doOnError(throwable -> log.warn("Klarte ikke hente Jwt Auth Token", throwable)) - .doOnSuccess(jwtAuthenticationToken -> { - Jwt credentials = (Jwt) jwtAuthenticationToken.getCredentials(); - Instant expiresAt = credentials.getExpiresAt(); - if (expiresAt == null || expiresAt.isBefore(ZonedDateTime.now().toInstant().plusSeconds(120))) { - throw new CredentialsExpiredException("Jwt er utløpt eller utløper innen kort tid"); - } - }); + .doOnNext(context -> log.info("JwtResolver context.authentication {} {}", context.getAuthentication().getClass().getCanonicalName(), context.getAuthentication())) + .map(SecurityContext::getAuthentication); } - } diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/Oauth2Resolver.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/Oauth2Resolver.java new file mode 100644 index 00000000000..68dac390a55 --- /dev/null +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/Oauth2Resolver.java @@ -0,0 +1,35 @@ +package no.nav.testnav.libs.reactivesecurity.action; + +import lombok.experimental.UtilityClass; +import lombok.extern.slf4j.Slf4j; +import org.springframework.security.authentication.CredentialsExpiredException; +import org.springframework.security.core.context.ReactiveSecurityContextHolder; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; +import org.springframework.security.oauth2.jwt.Jwt; +import reactor.core.publisher.Mono; + +import java.time.Instant; +import java.time.ZonedDateTime; + +@Slf4j +@UtilityClass +public class Oauth2Resolver { + + public static Mono getOauth2AuthenticationToken() { + return ReactiveSecurityContextHolder + .getContext() + .switchIfEmpty(Mono.error(new JwtResolverException("ReactiveSecurityContext is empty"))) + .doOnNext(context -> log.info("Oauth2Resolver context.authentication {} {}", context.getAuthentication().getClass().getCanonicalName(), context.getAuthentication())) + .map(SecurityContext::getAuthentication) + .map(OAuth2AuthenticationToken.class::cast) + .doOnError(throwable -> log.warn("Klarte ikke hente Jwt Auth Token", throwable)) + .doOnSuccess(jwtAuthenticationToken -> { + Jwt credentials = (Jwt) jwtAuthenticationToken.getCredentials(); + Instant expiresAt = credentials.getExpiresAt(); + if (expiresAt == null || expiresAt.isBefore(ZonedDateTime.now().toInstant().plusSeconds(120))) { + throw new CredentialsExpiredException("Jwt er utløpt eller utløper innen kort tid"); + } + }); + } +} diff --git a/proxies/altinn3-tilgang-proxy/config.yml b/proxies/altinn3-tilgang-proxy/config.yml index 94091e33059..286fa0d5ab3 100644 --- a/proxies/altinn3-tilgang-proxy/config.yml +++ b/proxies/altinn3-tilgang-proxy/config.yml @@ -24,9 +24,8 @@ spec: - application: team-dolly-lokal-app - application: testnav-oversikt-frontend - application: dolly-frontend - - application: dolly-frontend-dev - - application: dolly-frontend-dev-unstable - application: dolly-idporten + - application: testnav-bruker-service outbound: external: - host: testnav-altinn3-tilgang-service.nav.no