Added a set of conditionals to avoid ClientCredentialAutoConfiguratio…

…n and TokenServiceAutoConfiguration having different conditionals.
navikt · Dec 18, 2024 · 77d3251 · 77d3251
1 parent cb3200e
commit 77d3251
Show file tree

Hide file tree

Showing 6 changed files with 132 additions and 18 deletions.
diff --git a/...ain/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java b/...ain/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java
@@ -6,14 +6,10 @@
 import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureAdTokenService;
 import no.nav.testnav.libs.reactivesecurity.exchange.azuread.NavAzureAdTokenService;
 import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureTrygdeetatenClientCredential;
-import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredentialAutoConfiguration;
+import no.nav.testnav.libs.securitycore.domain.azuread.*;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.util.Assert;
 
@@ -24,7 +20,7 @@ public class TokenServiceAutoConfiguration {
     private String proxyHost;
 
     @Bean
-    @ConditionalOnProperty("spring.security.oauth2.resourceserver.aad.issuer-uri")
+    @ConditionalOnDollyApplicationConfiguredForAzure
     @ConditionalOnMissingBean(AzureAdTokenService.class)
     AzureAdTokenService azureAdTokenService(
             @Value("${AAD_ISSUER_URI:#{null}}") String issuerUrl,
@@ -36,7 +32,7 @@ AzureAdTokenService azureAdTokenService(
     }
 
     @Bean
-    @ConditionalOnProperty("AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT")
+    @ConditionalOnDollyApplicationConfiguredForNav
     @ConditionalOnMissingBean(NavAzureAdTokenService.class)
     NavAzureAdTokenService azureNavTokenService(
             AzureNavClientCredential azureNavClientCredential
@@ -45,7 +41,7 @@ NavAzureAdTokenService azureNavTokenService(
     }
 
     @Bean
-    @ConditionalOnProperty("AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT")
+    @ConditionalOnDollyApplicationConfiguredForTrygdeetaten
     @ConditionalOnMissingBean(TrygdeetatenAzureAdTokenService.class)
     TrygdeetatenAzureAdTokenService trygdeetatenAzureAdTokenService(
             AzureTrygdeetatenClientCredential clientCredential,

diff --git a/...va/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java b/...va/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java
@@ -3,7 +3,6 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Primary;
 import org.springframework.context.annotation.Profile;
@@ -28,7 +27,7 @@ AzureClientCredential azureClientCredentialTest() {
     }
 
     @Bean("azureClientCredential")
-    @ConditionalOnProperty("AAD_ISSUER_URI")
+    @ConditionalOnDollyApplicationConfiguredForAzure
     @ConditionalOnMissingBean(AzureClientCredential.class)
     AzureClientCredential azureClientCredential(
             @Value("${AAD_ISSUER_URI:#{null}}") String azureTokenEndpoint, // TODO: Not currently used, AAD_ISSUER_URI is hardcoded elsewhere; should be refactored to use AZURE_OPENID_CONFIG_TOKEN_ENDPOINT instead.
@@ -48,7 +47,7 @@ AzureTrygdeetatenClientCredential azureTrygdeetatenClientCredentialTest() {
     }
 
     @Bean("azureTrygdeetatenClientCredential")
-    @ConditionalOnProperty("AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT")
+    @ConditionalOnDollyApplicationConfiguredForTrygdeetaten
     @ConditionalOnMissingBean(AzureTrygdeetatenClientCredential.class)
     AzureTrygdeetatenClientCredential azureTrygdeetatenClientCredential(
             @Value("${AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT:#{null}}") String azureTrygdeetatenTokenEndpoint,
@@ -68,7 +67,7 @@ AzureNavClientCredential azureNavClientCredentialTest() {
     }
 
     @Bean("azureNavClientCredential")
-    @ConditionalOnProperty("AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT")
+    @ConditionalOnDollyApplicationConfiguredForNav
     @ConditionalOnMissingBean(AzureNavClientCredential.class)
     AzureNavClientCredential azureNavClientCredential(
             @Value("${AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT:#{null}}") String azureNavTokenEndpoint,

diff --git a/...nav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java b/...nav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java
@@ -0,0 +1,39 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+import org.springframework.util.StringUtils;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Conditional that matches if the application is configured for Azure.
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Conditional(OnDollyApplicationConfiguredForAzureCondition.class)
+public @interface ConditionalOnDollyApplicationConfiguredForAzure {
+}
+
+class OnDollyApplicationConfiguredForAzureCondition extends SpringBootCondition {
+
+    @Override
+    public ConditionOutcome getMatchOutcome(
+            ConditionContext context,
+            AnnotatedTypeMetadata metadata
+    ) {
+        var issuerUri = context
+                .getEnvironment()
+                .getProperty("AAD_ISSUER_URI");
+        // Check for AZURE_APP_CLIENT_ID/AZURE_APP_CLIENT_SECRET?
+        var match = StringUtils.hasText(issuerUri);
+        var message = match ? "Dolly application configured for Azure." : "Dolly application not configured for Azure. Missing required property 'AAD_ISSUER_URI'";
+        return new ConditionOutcome(match, message);
+    }
+}
diff --git a/...stnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java b/...stnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java
@@ -0,0 +1,40 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+import org.springframework.util.StringUtils;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+
+/**
+ * Conditional that matches if the application is configured for Nav.
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Conditional(OnDollyApplicationConfiguredForNavCondition.class)
+public @interface ConditionalOnDollyApplicationConfiguredForNav {
+}
+
+class OnDollyApplicationConfiguredForNavCondition extends SpringBootCondition {
+
+    @Override
+    public ConditionOutcome getMatchOutcome(
+            ConditionContext context,
+            AnnotatedTypeMetadata metadata
+    ) {
+        var issuerUri = context
+                .getEnvironment()
+                .getProperty("AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT");
+        // Check for AZURE_NAV_APP_CLIENT_ID/AZURE_NAV_APP_CLIENT_SECRET?
+        var match = StringUtils.hasText(issuerUri);
+        var message = match ? "Dolly application configured for Nav." : "Dolly application not configured for Nav. Missing required property 'AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT'";
+        return new ConditionOutcome(match, message);
+    }
+}
diff --git a/...s/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java b/...s/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java
@@ -0,0 +1,40 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+import org.springframework.util.StringUtils;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+
+/**
+ * Conditional that matches if the application is configured for Trygdeetaten.
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Conditional(OnDollyApplicationConfiguredForTrygdeetatenCondition.class)
+public @interface ConditionalOnDollyApplicationConfiguredForTrygdeetaten {
+}
+
+class OnDollyApplicationConfiguredForTrygdeetatenCondition extends SpringBootCondition {
+
+    @Override
+    public ConditionOutcome getMatchOutcome(
+            ConditionContext context,
+            AnnotatedTypeMetadata metadata
+    ) {
+        var issuerUri = context
+                .getEnvironment()
+                .getProperty("AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT");
+        // Check for AZURE_TRYGDEETATEN_APP_CLIENT_ID/AZURE_TRYGDEETATEN_APP_CLIENT_SECRET?
+        var match = StringUtils.hasText(issuerUri);
+        var message = match ? "Dolly application configured for Trygdeetaten." : "Dolly application not configured for Trygdeetaten. Missing required property 'AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT'";
+        return new ConditionOutcome(match, message);
+    }
+}
diff --git a/proxies/pdl-proxy/src/test/resources/application-test.yml b/proxies/pdl-proxy/src/test/resources/application-test.yml
@@ -1,9 +1,9 @@
-TOKEN_X_ISSUER:
-AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT:
+TOKEN_X_ISSUER: placeholder
+AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT: placeholder
 
 app:
   elastic:
-    username:
-    password:
-  hendelse.lager.api.key:
-  person.aktor.api.key:
+    username: placeholder
+    password: placeholder
+  hendelse.lager.api.key: placeholder
+  person.aktor.api.key: placeholder