Setter registreringsdato til dagen etter stiftelsesdato for nye org (#…

…3439) * Setter registreringsdato til dagen etter stiftelsesdato for nye organisasjoner * Ereg batch status spør mot modapp isteden på q2 * Mer logging og svarer med 404 dersom kall ikke kommer gjennom, slik at org-service ikke blir stuck i loop * Refaktor av batch status henting fra modapp-q2 * Skrevet om ereg-batch-status-service til reactive * Lagt til modapp ereg proxy * Endret oppsett for ereg-batch-status-service og flyttet den til gcp * Refaktorert apper til å fungere med nye ereg-batch-status-service i dev-gcp * Refaktorert org-bestilling-service
navikt · Mar 21, 2024 · d48b5e0 · d48b5e0
1 parent c9ece8e
commit d48b5e0
Show file tree

Hide file tree

Showing 42 changed files with 982 additions and 133 deletions.
diff --git a/.github/workflows/app.ereg-batch-status-service.yml b/.github/workflows/app.ereg-batch-status-service.yml
@@ -14,7 +14,7 @@ jobs:
   workflow:
     uses: ./.github/workflows/common.workflow.backend.yml
     with:
-      cluster: "dev-fss"
+      cluster: "dev-gcp"
       working-directory: "apps/ereg-batch-status-service"
       deploy-tag: "#deploy-ereg-batch-status-service"
     permissions:

diff --git a/.github/workflows/proxy.modapp-ereg-proxy.yml b/.github/workflows/proxy.modapp-ereg-proxy.yml
@@ -0,0 +1,23 @@
+name: modapp-ereg-proxy
+
+on:
+  push:
+    paths:
+      - libs/reactive-core
+      - libs/reactive-proxy
+      - libs/reactive-security
+      - libs/security-core
+      - proxies/modapp-ereg-proxy/**
+      - .github/workflows/proxy.modapp-ereg-proxy.yml
+
+jobs:
+  workflow:
+    uses: ./.github/workflows/common.workflow.backend.yml
+    with:
+      cluster: "dev-fss"
+      working-directory: "proxies/modapp-ereg-proxy"
+      deploy-tag: "#deploy-proxy"
+    permissions:
+      contents: read
+      id-token: write
+    secrets: inherit
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
 *.idea/
 *target/
 *.iml
+*.http
 
 # See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
 

diff --git a/apps/ereg-batch-status-service/README.md b/apps/ereg-batch-status-service/README.md
@@ -2,7 +2,7 @@
 App for å hente ut batch status.
 
 ## Swagger
-Swagger finnes under [/swagger](https://ereg-batch-status-service.dev.intern.nav.no/swagger) -endepunktet til applikasjonen.
+Swagger finnes under [/swagger](https://testnav-ereg-batch-status-service.intern.dev.nav.no/swagger) -endepunktet til applikasjonen.
 
 ## Lokal kjøring
 Ha naisdevice kjørende og kjør EregBatchServiceServiceApplicationStarter med følgende argumenter:

diff --git a/apps/ereg-batch-status-service/build.gradle b/apps/ereg-batch-status-service/build.gradle
@@ -44,21 +44,21 @@ dependencies {
 
     implementation 'no.nav.testnav.libs:data-transfer-objects'
     implementation 'no.nav.testnav.libs:reactive-core'
-    implementation 'no.nav.testnav.libs:servlet-core'
-    implementation 'no.nav.testnav.libs:servlet-security'
+    implementation 'no.nav.testnav.libs:reactive-security'
+    implementation 'no.nav.testnav.libs:security-core'
 
     implementation 'org.springframework.boot:spring-boot-starter-webflux'
-    implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
     implementation 'org.springframework.boot:spring-boot-starter-security'
 
+    implementation 'org.springframework.cloud:spring-cloud-starter-gateway'
     implementation 'org.springframework.cloud:spring-cloud-starter-vault-config'
 
-    implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap' // TODO remove legacy bootstrap config
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
 
     implementation 'io.micrometer:micrometer-registry-prometheus'
-    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0'
+    implementation 'org.springdoc:springdoc-openapi-starter-webflux-ui:2.3.0'
     implementation 'io.swagger.core.v3:swagger-annotations-jakarta:2.2.20'
 
     implementation 'net.logstash.logback:logstash-logback-encoder:7.4'

diff --git a/apps/ereg-batch-status-service/config.yml b/apps/ereg-batch-status-service/config.yml
@@ -18,6 +18,9 @@ spec:
           cluster: dev-gcp
         - application: organisasjon-bestilling-service
           cluster: dev-gcp
+    outbound:
+      external:
+        - host: testnav-modapp-ereg-proxy.dev-fss-pub.nais.io
   tokenx:
     enabled: true
   azure:
@@ -48,4 +51,4 @@ spec:
     limits:
       memory: 2048Mi
   ingresses:
-    - "https://ereg-batch-status-service.dev-fss-pub.nais.io"
+    - "https://testnav-ereg-batch-status-service.intern.dev.nav.no"
diff --git a/apps/ereg-batch-status-service/settings.gradle b/apps/ereg-batch-status-service/settings.gradle
@@ -6,8 +6,8 @@ rootProject.name = 'ereg-batch-status-service'
 
 includeBuild '../../libs/data-transfer-objects'
 includeBuild '../../libs/reactive-core'
-includeBuild '../../libs/servlet-core'
-includeBuild '../../libs/servlet-security'
+includeBuild '../../libs/reactive-security'
+includeBuild '../../libs/security-core'
 
 gradleEnterprise {
     buildScan {

diff --git a/.../main/java/no/nav/registre/testnorge/eregbatchstatusservice/config/ApplicationConfig.java b/.../main/java/no/nav/registre/testnorge/eregbatchstatusservice/config/ApplicationConfig.java
@@ -1,14 +1,17 @@
 package no.nav.registre.testnorge.eregbatchstatusservice.config;
 
+import no.nav.testnav.libs.reactivecore.config.CoreConfig;
+import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
+import org.springframework.web.reactive.config.EnableWebFlux;
 
-import no.nav.testnav.libs.servletcore.config.ApplicationCoreConfig;
-import no.nav.testnav.libs.servletsecurity.config.SecureOAuth2ServerToServerConfiguration;
 
 @Configuration
+@EnableWebFlux
 @Import({
-        ApplicationCoreConfig.class,
+        CoreConfig.class,
+        SecurityConfig.class,
         SecureOAuth2ServerToServerConfiguration.class
 })
 public class ApplicationConfig {

diff --git a/...vice/src/main/java/no/nav/registre/testnorge/eregbatchstatusservice/config/Consumers.java b/...vice/src/main/java/no/nav/registre/testnorge/eregbatchstatusservice/config/Consumers.java
@@ -0,0 +1,29 @@
+package no.nav.registre.testnorge.eregbatchstatusservice.config;
+
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import no.nav.testnav.libs.securitycore.domain.ServerProperties;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import static lombok.AccessLevel.PACKAGE;
+
+/**
+ * Samler alle placeholders for ulike {@code consumers.*}-konfigurasjon her, dvs. subklasser av {@code ServerProperties}.
+ * <br/><br/>
+ * Husk at Spring Boot bruker <a href="https://docs.spring.io/spring-boot/docs/current/reference/html/features.html#features.external-config.typesafe-configuration-properties.relaxed-binding">relaxed binding</a>
+ * mellom configuration properties og field names.
+ *
+ * @see ServerProperties
+ */
+@Configuration
+@ConfigurationProperties(prefix = "consumers")
+@NoArgsConstructor(access = PACKAGE)
+@Getter
+@Setter(PACKAGE)
+public class Consumers {
+
+    private ServerProperties modappEregProxy;
+
+}
diff --git a/...src/main/java/no/nav/registre/testnorge/eregbatchstatusservice/config/EregProperties.java b/...src/main/java/no/nav/registre/testnorge/eregbatchstatusservice/config/EregProperties.java
diff --git a/.../src/main/java/no/nav/registre/testnorge/eregbatchstatusservice/config/OpenApiConfig.java b/.../src/main/java/no/nav/registre/testnorge/eregbatchstatusservice/config/OpenApiConfig.java
@@ -7,17 +7,15 @@
 import io.swagger.v3.oas.models.info.License;
 import io.swagger.v3.oas.models.security.SecurityRequirement;
 import io.swagger.v3.oas.models.security.SecurityScheme;
+import no.nav.testnav.libs.reactivecore.config.ApplicationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.http.HttpHeaders;
 
 import java.util.Arrays;
 
-import no.nav.testnav.libs.servletcore.config.ApplicationProperties;
-
 @Configuration
-public class OpenApiConfig implements WebMvcConfigurer {
+public class OpenApiConfig {
 
     @Bean
     public OpenAPI openApi(ApplicationProperties applicationProperties) {
@@ -27,7 +25,7 @@ public OpenAPI openApi(ApplicationProperties applicationProperties) {
                         .scheme("bearer")
                         .bearerFormat("JWT")
                         .in(SecurityScheme.In.HEADER)
-                        .name("Authorization")
+                        .name(HttpHeaders.AUTHORIZATION)
                 ))
                 .addSecurityItem(
                         new SecurityRequirement().addList("bearer-jwt", Arrays.asList("read", "write")))
@@ -47,9 +45,4 @@ public OpenAPI openApi(ApplicationProperties applicationProperties) {
                         )
                 );
     }
-
-    @Override
-    public void addViewControllers(ViewControllerRegistry registry) {
-        registry.addViewController("/swagger").setViewName("redirect:/swagger-ui.html");
-    }
 }
diff --git a/...src/main/java/no/nav/registre/testnorge/eregbatchstatusservice/config/SecurityConfig.java b/...src/main/java/no/nav/registre/testnorge/eregbatchstatusservice/config/SecurityConfig.java
@@ -1,26 +1,30 @@
 package no.nav.registre.testnorge.eregbatchstatusservice.config;
 
+import lombok.RequiredArgsConstructor;
+import no.nav.testnav.libs.reactivesecurity.manager.JwtReactiveAuthenticationManager;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
 
-@EnableWebSecurity
 @Configuration
+@EnableWebFluxSecurity
+@EnableReactiveMethodSecurity
+@RequiredArgsConstructor
 @Profile({ "prod", "dev" })
 public class SecurityConfig {
 
+    private final JwtReactiveAuthenticationManager jwtReactiveAuthenticationManager;
+
     @Bean
-    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
+    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity httpSecurity) {
 
-        httpSecurity.sessionManagement(sessionConfig -> sessionConfig.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .csrf(AbstractHttpConfigurer::disable)
-                .authorizeHttpRequests(authorizeConfig -> authorizeConfig.requestMatchers(
+        return httpSecurity
+                .csrf(ServerHttpSecurity.CsrfSpec::disable)
+                .authorizeExchange(authorizeConfig -> authorizeConfig.pathMatchers(
                         "/internal/**",
                         "/webjars/**",
                         "/swagger-resources/**",
@@ -29,10 +33,9 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
                         "/swagger",
                         "/error",
                         "/swagger-ui.html"
-                ).permitAll().requestMatchers("/api/**").fullyAuthenticated())
-                .oauth2ResourceServer(oauth2RSConfig -> oauth2RSConfig.jwt(Customizer.withDefaults()));
-
-        return httpSecurity.build();
+                ).permitAll().anyExchange().authenticated())
+                .oauth2ResourceServer(oauth2RSConfig -> oauth2RSConfig.jwt(jwtSpec -> jwtSpec.authenticationManager(jwtReactiveAuthenticationManager)))
+                .build();
     }
 }
 
diff --git a/...src/main/java/no/nav/registre/testnorge/eregbatchstatusservice/consumer/EregConsumer.java b/...src/main/java/no/nav/registre/testnorge/eregbatchstatusservice/consumer/EregConsumer.java
@@ -1,38 +1,37 @@
 package no.nav.registre.testnorge.eregbatchstatusservice.consumer;
 
 import lombok.extern.slf4j.Slf4j;
-import no.nav.registre.testnorge.eregbatchstatusservice.config.EregProperties;
+import no.nav.registre.testnorge.eregbatchstatusservice.config.Consumers;
 import no.nav.registre.testnorge.eregbatchstatusservice.consumer.command.GetBatchStatusCommand;
+import no.nav.testnav.libs.reactivesecurity.exchange.TokenExchange;
+import no.nav.testnav.libs.securitycore.domain.ServerProperties;
 import org.springframework.stereotype.Component;
 import org.springframework.web.reactive.function.client.WebClient;
-
-import java.util.Map;
-import java.util.stream.Collectors;
+import reactor.core.publisher.Mono;
 
 @Slf4j
 @Component
 public class EregConsumer {
-    private final Map<String, WebClient> envWebClientMap;
+    private final ServerProperties serverProperties;
+    private final WebClient webClient;
+    private final TokenExchange tokenService;
+
 
-    public EregConsumer(EregProperties eregProperties) {
+    public EregConsumer(TokenExchange tokenService,
+                        Consumers consumers
+    ) {
 
-        this.envWebClientMap = eregProperties
-                .getEnvHostMap()
-                .entrySet()
-                .stream()
-                .collect(Collectors.toMap(
-                        Map.Entry::getKey,
-                        entry -> WebClient.builder()
-                                .baseUrl(entry.getValue())
-                                .build()
-                ));
+        this.tokenService = tokenService;
+        this.serverProperties = consumers.getModappEregProxy();
+        this.webClient = WebClient.builder()
+                .baseUrl(consumers.getModappEregProxy().getUrl())
+                .build();
     }
 
-    public Long getStatusKode(String miljo, Long id) {
-        if (!envWebClientMap.containsKey(miljo)) {
-            throw new RuntimeException("Stotter ikke miljo: " + miljo + " i EREG.");
-        } else {
-            return new GetBatchStatusCommand(envWebClientMap.get(miljo), id).call();
-        }
+    public Mono<Long> getStatusKode(String miljo, Long id) {
+        return tokenService
+                .exchange(serverProperties)
+                .flatMap(accessToken ->
+                        new GetBatchStatusCommand(webClient, miljo, id, accessToken.getTokenValue()).call());
     }
-}
+}
diff --git a/...nav/registre/testnorge/eregbatchstatusservice/consumer/command/GetBatchStatusCommand.java b/...nav/registre/testnorge/eregbatchstatusservice/consumer/command/GetBatchStatusCommand.java
@@ -1,27 +1,45 @@
 package no.nav.registre.testnorge.eregbatchstatusservice.consumer.command;
 
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import no.nav.registre.testnorge.eregbatchstatusservice.util.WebClientFilter;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.HttpStatusCode;
 import org.springframework.web.reactive.function.client.WebClient;
+import org.springframework.web.server.ResponseStatusException;
+import reactor.core.publisher.Mono;
 import reactor.util.retry.Retry;
 
 import java.time.Duration;
 import java.util.concurrent.Callable;
 
+import static org.springframework.http.HttpHeaders.AUTHORIZATION;
+
 @RequiredArgsConstructor
-public class GetBatchStatusCommand implements Callable<Long> {
+@Slf4j
+public class GetBatchStatusCommand implements Callable<Mono<Long>> {
     private final WebClient webClient;
+    private final String miljoe;
     private final Long id;
+    private final String token;
 
     @Override
-    public Long call() {
+    public Mono<Long> call() {
         return webClient
                 .get()
-                .uri(builder -> builder.path("/ereg/internal/batch/poll/{id}").build(id))
+                .uri(builder -> builder.path("/{miljoe}/ereg/internal/batch/poll/{id}").build(miljoe, id))
+                .header(AUTHORIZATION, "Bearer " + token)
                 .retrieve()
+                .onStatus(HttpStatusCode::is4xxClientError, clientResponse -> {
+                    if (clientResponse.statusCode().equals(HttpStatus.UNAUTHORIZED)) {
+                        log.error("Unauthorized error occurred when calling modapp-ereg-proxy");
+                        return Mono.error(new ResponseStatusException(HttpStatus.NOT_FOUND, "Resource not found"));
+                    }
+                    log.error("Client error occurred when calling modapp-ereg-proxy");
+                    return Mono.error(new ResponseStatusException(clientResponse.statusCode(), "Client error occurred"));
+                })
                 .bodyToMono(Long.class)
                 .retryWhen(Retry.backoff(3, Duration.ofSeconds(5))
-                        .filter(WebClientFilter::is5xxException))
-                .block();
+                        .filter(WebClientFilter::is5xxException));
     }
 }