Migrate GCP and Postgres

navikt · Jan 5, 2024 · 4390dc3 · 4390dc3
1 parent 3131444
commit 4390dc3
Show file tree

Hide file tree

Showing 13 changed files with 86 additions and 101 deletions.
diff --git a/src/main/kotlin/no/nav/syfo/config/ApplicationConfig.kt b/src/main/kotlin/no/nav/syfo/config/ApplicationConfig.kt
@@ -1,5 +1,6 @@
 package no.nav.syfo.config
 
+import org.springframework.beans.factory.annotation.Qualifier
 import org.springframework.context.annotation.*
 import org.springframework.scheduling.TaskScheduler
 import org.springframework.scheduling.annotation.EnableScheduling
@@ -19,6 +20,10 @@ class ApplicationConfig {
     @Bean
     fun restTemplate() = RestTemplate()
 
+    @Bean
+    @Qualifier("AzureAD")
+    fun restTemplateAzureAd() = RestTemplate()
+
     @Bean
     fun webClient() = WebClient
         .builder()

diff --git a/src/main/kotlin/no/nav/syfo/consumer/azuread/NaisProxyCustomizer.kt b/src/main/kotlin/no/nav/syfo/consumer/azuread/NaisProxyCustomizer.kt
diff --git a/src/main/kotlin/no/nav/syfo/consumer/azuread/RestTemplateWithProxyConfig.kt b/src/main/kotlin/no/nav/syfo/consumer/azuread/RestTemplateWithProxyConfig.kt
diff --git a/src/main/kotlin/no/nav/syfo/consumer/azuread/v2/AzureAdV2TokenConsumer.kt b/src/main/kotlin/no/nav/syfo/consumer/azuread/v2/AzureAdV2TokenConsumer.kt
@@ -12,7 +12,7 @@ import java.util.concurrent.ConcurrentHashMap
 
 @Component
 class AzureAdV2TokenConsumer @Autowired constructor(
-    @Qualifier("restTemplateWithProxy") private val restTemplateWithProxy: RestTemplate,
+    @Qualifier("AzureAD") private val restTemplate: RestTemplate,
     @Value("\${azure.app.client.id}") private val azureAppClientId: String,
     @Value("\${azure.app.client.secret}") private val azureAppClientSecret: String,
     @Value("\${azure.openid.config.token.endpoint}") private val azureTokenEndpoint: String
@@ -22,7 +22,7 @@ class AzureAdV2TokenConsumer @Autowired constructor(
         token: String
     ): String {
         try {
-            val response = restTemplateWithProxy.exchange(
+            val response = restTemplate.exchange(
                 azureTokenEndpoint,
                 HttpMethod.POST,
                 requestEntity(scopeClientId, token),
@@ -49,7 +49,7 @@ class AzureAdV2TokenConsumer @Autowired constructor(
                 val requestEntity = systemTokenRequestEntity(
                     scopeClientId = scopeClientId
                 )
-                val response = restTemplateWithProxy.exchange(
+                val response = restTemplate.exchange(
                     azureTokenEndpoint,
                     HttpMethod.POST,
                     requestEntity,

diff --git a/src/main/kotlin/no/nav/syfo/consumer/behandlendeenhet/BehandlendeEnhetConsumer.kt b/src/main/kotlin/no/nav/syfo/consumer/behandlendeenhet/BehandlendeEnhetConsumer.kt
@@ -5,7 +5,6 @@ import no.nav.syfo.consumer.azuread.v2.AzureAdV2TokenConsumer
 import no.nav.syfo.metric.Metric
 import no.nav.syfo.util.*
 import org.slf4j.LoggerFactory
-import org.springframework.beans.factory.annotation.Qualifier
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.cache.annotation.Cacheable
 import org.springframework.http.*
@@ -19,7 +18,7 @@ class BehandlendeEnhetConsumer(
     private val metric: Metric,
     @Value("\${syfobehandlendeenhet.client.id}") private val syfobehandlendeenhetClientId: String,
     @Value("\${syfobehandlendeenhet.url}") private val baseUrl: String,
-    @Qualifier("restTemplateWithProxy") private val restTemplateWithProxy: RestTemplate
+    private val restTemplate: RestTemplate
 ) {
 
     @Cacheable(cacheNames = [CacheConfig.CACHENAME_BEHANDLENDEENHET_FNR], key = "#fnr", condition = "#fnr != null")
@@ -30,7 +29,7 @@ class BehandlendeEnhetConsumer(
 
         val httpEntity = entity(callId, bearer, fnr)
         try {
-            val response = restTemplateWithProxy.exchange(
+            val response = restTemplate.exchange(
                 "$baseUrl$BEHANDLENDEENHET_PATH",
                 HttpMethod.GET,
                 httpEntity,

diff --git a/src/main/kotlin/no/nav/syfo/consumer/narmesteleder/NarmesteLederClient.kt b/src/main/kotlin/no/nav/syfo/consumer/narmesteleder/NarmesteLederClient.kt
@@ -6,7 +6,6 @@ import no.nav.syfo.util.NAV_CALL_ID_HEADER
 import no.nav.syfo.util.NAV_CONSUMER_ID_HEADER
 import no.nav.syfo.util.NAV_PERSONIDENT_HEADER
 import org.slf4j.LoggerFactory
-import org.springframework.beans.factory.annotation.Qualifier
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.core.ParameterizedTypeReference
 import org.springframework.http.HttpEntity
@@ -24,15 +23,15 @@ class NarmesteLederClient(
     private val azureAdV2TokenConsumer: AzureAdV2TokenConsumer,
     @Value("\${isnarmesteleder.url}") private val baseUrl: String,
     @Value("\${isnarmesteleder.client.id}") private val targetApp: String,
-    @Qualifier("restTemplateWithProxy") private val restTemplateWithProxy: RestTemplate
+    private val restTemplate: RestTemplate
 ) {
     fun getNarmesteledere(fnr: String): List<NarmesteLederRelasjonDTO>? {
         try {
             val token = azureAdV2TokenConsumer.getSystemToken(
                 scopeClientId = targetApp
             )
 
-            val response: ResponseEntity<List<NarmesteLederRelasjonDTO>?> = restTemplateWithProxy.exchange(
+            val response: ResponseEntity<List<NarmesteLederRelasjonDTO>?> = restTemplate.exchange(
                 "$baseUrl/api/system/v1/narmestelederrelasjoner",
                 HttpMethod.GET,
                 entity(token, fnr),

diff --git a/src/main/resources/db/migration/R__grant_to_cloudsqliamuser.sql b/src/main/resources/db/migration/R__grant_to_cloudsqliamuser.sql
@@ -1,4 +1,25 @@
 REVOKE ALL ON ALL TABLES IN SCHEMA public FROM cloudsqliamuser;
+
 -- GRANT SELECT ON ALL TABLES IN SCHEMA public TO cloudsqliamuser;
 GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO cloudsqliamuser;
 GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO cloudsqliamuser;
+
+DO $$
+BEGIN
+  CREATE ROLE cloudsqlsuperuser WITH NOLOGIN;
+  EXCEPTION WHEN DUPLICATE_OBJECT THEN
+  RAISE NOTICE 'not creating role cloudsqlsuperuser -- it already exists';
+END
+$$;
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO cloudsqlsuperuser;
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO cloudsqlsuperuser;
+
+DO $$
+BEGIN
+  CREATE USER "esyfo-analyse";
+  EXCEPTION WHEN DUPLICATE_OBJECT THEN
+  RAISE NOTICE 'not creating role esyfo-analyse -- it already exists';
+END
+$$;
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO "esyfo-analyse";
diff --git a/src/test/kotlin/no/nav/syfo/motebehov/api/MotebehovArbeidsgiverControllerV3Test.kt b/src/test/kotlin/no/nav/syfo/motebehov/api/MotebehovArbeidsgiverControllerV3Test.kt
@@ -83,9 +83,8 @@ class MotebehovArbeidsgiverControllerV3Test {
     private lateinit var dialogmotekandidatDAO: DialogmotekandidatDAO
 
     @Autowired
-    @Qualifier("restTemplateWithProxy")
-    private lateinit var restTemplateWithProxy: RestTemplate
-    private lateinit var mockRestServiceWithProxyServer: MockRestServiceServer
+    @Qualifier("AzureAD")
+    private lateinit var restTemplateAzureAD: RestTemplate
 
     @Autowired
     private lateinit var restTemplate: RestTemplate
@@ -105,6 +104,7 @@ class MotebehovArbeidsgiverControllerV3Test {
     @MockkBean(relaxed = true)
     private lateinit var personoppgavehendelseProducer: PersonoppgavehendelseProducer
 
+    private lateinit var mockRestServiceServerAzureAD: MockRestServiceServer
     private lateinit var mockRestServiceServer: MockRestServiceServer
 
     private val motebehovGenerator = MotebehovGenerator()
@@ -119,7 +119,7 @@ class MotebehovArbeidsgiverControllerV3Test {
         every { pdlConsumer.isKode6(ARBEIDSTAKER_FNR) } returns false
 
         mockRestServiceServer = MockRestServiceServer.bindTo(restTemplate).build()
-        mockRestServiceWithProxyServer = MockRestServiceServer.bindTo(restTemplateWithProxy).build()
+        mockRestServiceServerAzureAD = MockRestServiceServer.bindTo(restTemplateAzureAD).build()
         tokenValidationUtil.logInAsDialogmoteUser(LEDER_FNR)
         cleanDB()
     }
@@ -513,7 +513,8 @@ class MotebehovArbeidsgiverControllerV3Test {
     private fun submitMotebehovAndSendOversikthendelse(motebehovSvar: MotebehovSvar) {
         mockAndExpectBehandlendeEnhetRequest(
             azureTokenEndpoint,
-            mockRestServiceWithProxyServer,
+            mockRestServiceServerAzureAD,
+            mockRestServiceServer,
             behandlendeenhetUrl,
             ARBEIDSTAKER_FNR,
         )
@@ -533,7 +534,8 @@ class MotebehovArbeidsgiverControllerV3Test {
     private fun lagreMotebehov(innsendtMotebehov: NyttMotebehovArbeidsgiver) {
         mockAndExpectBehandlendeEnhetRequest(
             azureTokenEndpoint,
-            mockRestServiceWithProxyServer,
+            mockRestServiceServerAzureAD,
+            mockRestServiceServer,
             behandlendeenhetUrl,
             innsendtMotebehov.arbeidstakerFnr,
         )
@@ -575,7 +577,7 @@ class MotebehovArbeidsgiverControllerV3Test {
 
     private fun resetMockRestServers() {
         mockRestServiceServer.reset()
-        mockRestServiceWithProxyServer.reset()
+        mockRestServiceServerAzureAD.reset()
     }
 
     private fun cleanDB() {
@@ -590,7 +592,7 @@ class MotebehovArbeidsgiverControllerV3Test {
     private fun mockBehandlendEnhetWithTilgangskontroll(fnr: String) {
         mockAndExpectBehandlendeEnhetRequestWithTilgangskontroll(
             azureTokenEndpoint,
-            mockRestServiceWithProxyServer,
+            mockRestServiceServerAzureAD,
             mockRestServiceServer,
             behandlendeenhetUrl,
             tilgangskontrollUrl,

diff --git a/src/test/kotlin/no/nav/syfo/motebehov/api/MotebehovArbeidstakerControllerV3Test.kt b/src/test/kotlin/no/nav/syfo/motebehov/api/MotebehovArbeidstakerControllerV3Test.kt
@@ -84,9 +84,8 @@ class MotebehovArbeidstakerControllerV3Test {
     private lateinit var dialogmotekandidatDAO: DialogmotekandidatDAO
 
     @Autowired
-    @Qualifier("restTemplateWithProxy")
-    private lateinit var restTemplateWithProxy: RestTemplate
-    private lateinit var mockRestServiceWithProxyServer: MockRestServiceServer
+    @Qualifier("AzureAD")
+    private lateinit var restTemplateAzureAD: RestTemplate
 
     @Autowired
     private lateinit var restTemplate: RestTemplate
@@ -103,6 +102,7 @@ class MotebehovArbeidstakerControllerV3Test {
     @MockkBean(relaxed = true)
     private lateinit var personoppgavehendelseProducer: PersonoppgavehendelseProducer
 
+    private lateinit var mockRestServiceServerAzureAD: MockRestServiceServer
     private lateinit var mockRestServiceServer: MockRestServiceServer
 
     private val motebehovGenerator = MotebehovGenerator()
@@ -115,7 +115,7 @@ class MotebehovArbeidstakerControllerV3Test {
         every { pdlConsumer.isKode6(ARBEIDSTAKER_FNR) } returns false
 
         mockRestServiceServer = MockRestServiceServer.bindTo(restTemplate).build()
-        mockRestServiceWithProxyServer = MockRestServiceServer.bindTo(restTemplateWithProxy).build()
+        mockRestServiceServerAzureAD = MockRestServiceServer.bindTo(restTemplateAzureAD).build()
         tokenValidationUtil.logInAsDialogmoteUser(ARBEIDSTAKER_FNR)
         cleanDB()
     }
@@ -479,13 +479,15 @@ class MotebehovArbeidstakerControllerV3Test {
 
         mockAndExpectBehandlendeEnhetRequest(
             azureTokenEndpoint,
-            mockRestServiceWithProxyServer,
+            mockRestServiceServerAzureAD,
+            mockRestServiceServer,
             behandlendeenhetUrl,
             ARBEIDSTAKER_FNR,
         )
         mockAndExpectBehandlendeEnhetRequest(
             azureTokenEndpoint,
-            mockRestServiceWithProxyServer,
+            mockRestServiceServerAzureAD,
+            mockRestServiceServer,
             behandlendeenhetUrl,
             ARBEIDSTAKER_FNR,
         )
@@ -502,7 +504,8 @@ class MotebehovArbeidstakerControllerV3Test {
     private fun submitMotebehovAndSendOversikthendelse(motebehovSvar: MotebehovSvar) {
         mockAndExpectBehandlendeEnhetRequest(
             azureTokenEndpoint,
-            mockRestServiceWithProxyServer,
+            mockRestServiceServerAzureAD,
+            mockRestServiceServer,
             behandlendeenhetUrl,
             ARBEIDSTAKER_FNR,
         )
@@ -518,7 +521,8 @@ class MotebehovArbeidstakerControllerV3Test {
     private fun lagreOgHentMotebehovOgSendOversikthendelse(harBehov: Boolean) {
         mockAndExpectBehandlendeEnhetRequest(
             azureTokenEndpoint,
-            mockRestServiceWithProxyServer,
+            mockRestServiceServerAzureAD,
+            mockRestServiceServer,
             behandlendeenhetUrl,
             ARBEIDSTAKER_FNR,
         )
@@ -554,7 +558,7 @@ class MotebehovArbeidstakerControllerV3Test {
     private fun mockBehandlendEnhetWithTilgangskontroll(fnr: String) {
         mockAndExpectBehandlendeEnhetRequestWithTilgangskontroll(
             azureTokenEndpoint,
-            mockRestServiceWithProxyServer,
+            mockRestServiceServerAzureAD,
             mockRestServiceServer,
             behandlendeenhetUrl,
             tilgangskontrollUrl,
@@ -574,7 +578,7 @@ class MotebehovArbeidstakerControllerV3Test {
 
     private fun resetMockRestServers() {
         mockRestServiceServer.reset()
-        mockRestServiceWithProxyServer.reset()
+        mockRestServiceServerAzureAD.reset()
     }
 
     private fun cleanDB() {