Skip to content

Commit

Permalink
Fjern resten av sts
Browse files Browse the repository at this point in the history
  • Loading branch information
tu55eladd committed Sep 12, 2024
1 parent b6017d0 commit cc12e99
Show file tree
Hide file tree
Showing 11 changed files with 15 additions and 105 deletions.
5 changes: 0 additions & 5 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -192,11 +192,6 @@
<artifactId>client</artifactId>
<version>${common.version}</version>
</dependency>
<dependency>
<groupId>com.github.navikt.common-java-modules</groupId>
<artifactId>sts</artifactId>
<version>${common.version}</version>
</dependency>
<dependency>
<groupId>com.github.navikt.common-java-modules</groupId>
<artifactId>auth</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,12 @@
import no.nav.common.audit_log.log.AuditLoggerImpl;
import no.nav.common.auth.context.AuthContextHolder;
import no.nav.common.auth.context.AuthContextHolderThreadLocal;
import no.nav.common.cxf.StsConfig;
import no.nav.common.job.leader_election.LeaderElectionClient;
import no.nav.common.job.leader_election.ShedLockLeaderElectionClient;
import no.nav.common.metrics.InfluxClient;
import no.nav.common.metrics.MetricsClient;
import no.nav.common.metrics.SensuConfig;
import no.nav.common.rest.client.RestClient;
import no.nav.common.sts.NaisSystemUserTokenProvider;
import no.nav.common.sts.SystemUserTokenProvider;
import no.nav.common.token_client.builder.AzureAdTokenClientBuilder;
import no.nav.common.token_client.client.AzureAdMachineToMachineTokenClient;
import no.nav.common.utils.Credentials;
Expand Down Expand Up @@ -84,33 +81,12 @@ public AuthContextHolder authContextHolder() {
return AuthContextHolderThreadLocal.instance();
}

/*
TODO brukes STS av noen lenger?
- bruker i batch/kafka consumer for å sette authcontext
@see no.nav.veilarboppfolging.service.IservService.finnBrukereOgAvslutt
@see no.nav.veilarboppfolging.service.KafkaConsumerService.consumeEndringPaOppfolgingBruker
Kan vi bruker en azureMachineTokenProvider som en drop-in erstatning? Må vi i så fall legge til veilarboppfolging i inbound access policy?
*/
@Bean
public SystemUserTokenProvider systemUserTokenProvider(EnvironmentProperties properties, Credentials serviceUserCredentials) {
return new NaisSystemUserTokenProvider(properties.getNaisStsDiscoveryUrl(), serviceUserCredentials.username, serviceUserCredentials.password);
}

@Bean
public AzureAdMachineToMachineTokenClient azureAdMachineToMachineTokenClient() {
return AzureAdTokenClientBuilder.builder()
.withNaisDefaults()
.buildMachineToMachineTokenClient();
}
@Bean
public static StsConfig stsConfig(EnvironmentProperties properties, Credentials serviceUserCredentials) {
return StsConfig.builder()
.url(properties.getSoapStsUrl())
.username(serviceUserCredentials.username)
.password(serviceUserCredentials.password)
.build();
}

@Bean
AuditLogger auditLogger() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@ public void doFilter(ServletRequest servletRequest, ServletResponse response, Fi
tokenType = "IDPORTEN";
} else if (AuthService.isTokenX(claims)) {
tokenType = "TOKENX";
} else if (tokenIssuer.contains("security-token-service")) {
tokenType = "STS";
} else {
tokenType = "UKJENT";
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
import no.nav.common.client.norg2.CachedNorg2Client;
import no.nav.common.client.norg2.Norg2Client;
import no.nav.common.client.norg2.NorgHttp2Client;
import no.nav.common.cxf.StsConfig;
import no.nav.common.rest.client.RestClient;
import no.nav.common.token_client.builder.AzureAdTokenClientBuilder;
import no.nav.common.token_client.client.AzureAdMachineToMachineTokenClient;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,27 +14,18 @@ public class EnvironmentProperties {

private String naisAadIssuer;


private String tokenxClientId;

private String tokenxDiscoveryUrl;


private String loginserviceIdportenAudience;

private String loginserviceIdportenDiscoveryUrl;


private String naisStsDiscoveryUrl;

private String naisStsClientId;

private String norg2Url;

private String aktorregisterUrl;

private String soapStsUrl;

private String arbeidsrettetDialogUrl;

private String kafkaBrokersUrl;
Expand Down
27 changes: 3 additions & 24 deletions src/main/java/no/nav/veilarboppfolging/service/IservService.java
Original file line number Diff line number Diff line change
@@ -1,14 +1,8 @@
package no.nav.veilarboppfolging.service;

import com.nimbusds.jwt.JWTParser;
import lombok.extern.slf4j.Slf4j;
import no.nav.common.auth.context.AuthContext;
import no.nav.common.auth.context.AuthContextHolder;
import no.nav.common.auth.context.UserRole;
import no.nav.common.sts.SystemUserTokenProvider;
import no.nav.common.types.identer.AktorId;
import no.nav.common.types.identer.Fnr;
import no.nav.pto_schema.kafka.json.topic.onprem.EndringPaaOppfoelgingsBrukerV2;
import no.nav.veilarboppfolging.domain.AvslutningStatusData;
import no.nav.veilarboppfolging.repository.UtmeldingRepository;
import no.nav.veilarboppfolging.repository.entity.UtmeldingEntity;
Expand All @@ -22,7 +16,6 @@
import java.util.List;

import static java.util.Optional.ofNullable;
import static java.util.stream.Collectors.toList;
import static no.nav.veilarboppfolging.config.ApplicationConfig.SYSTEM_USER_NAME;
import static no.nav.veilarboppfolging.service.IservService.AvslutteOppfolgingResultat.*;
import static no.nav.veilarboppfolging.utils.ArenaUtils.erIserv;
Expand All @@ -39,23 +32,17 @@ enum AvslutteOppfolgingResultat {
AVSLUTTET_FEILET
}

private final AuthContextHolder authContextHolder;
private final SystemUserTokenProvider systemUserTokenProvider;
private final MetricsService metricsService;
private final UtmeldingRepository utmeldingRepository;
private final OppfolgingService oppfolgingService;
private final AuthService authService;

public IservService(
AuthContextHolder authContextHolder,
SystemUserTokenProvider systemUserTokenProvider,
MetricsService metricsService,
UtmeldingRepository utmeldingRepository,
OppfolgingService oppfolgingService,
AuthService authService
) {
this.authContextHolder = authContextHolder;
this.systemUserTokenProvider = systemUserTokenProvider;
this.metricsService = metricsService;
this.utmeldingRepository = utmeldingRepository;
this.oppfolgingService = oppfolgingService;
Expand Down Expand Up @@ -99,17 +86,9 @@ private List<AvslutteOppfolgingResultat> finnBrukereOgAvslutt() {
List<UtmeldingEntity> iservert28DagerBrukere = utmeldingRepository.finnBrukereMedIservI28Dager();
log.info("Fant {} brukere som har vært ISERV mer enn 28 dager", iservert28DagerBrukere.size());


var context = new AuthContext(
UserRole.SYSTEM,
JWTParser.parse(systemUserTokenProvider.getSystemUserToken())
);

authContextHolder.withContext(context, () ->
resultater.addAll(iservert28DagerBrukere.stream()
.map(utmeldingEntity -> avslutteOppfolging(AktorId.of(utmeldingEntity.aktor_Id)))
.collect(toList()))
);
resultater.addAll(iservert28DagerBrukere.stream()
.map(utmeldingEntity -> avslutteOppfolging(AktorId.of(utmeldingEntity.aktor_Id)))
.toList());

} catch (Exception e) {
secureLog.error("Feil ved automatisk avslutning av brukere", e);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,7 @@
import no.nav.common.auth.context.UserRole;
import no.nav.common.client.aktoroppslag.AktorOppslagClient;
import no.nav.common.client.aktorregister.IngenGjeldendeIdentException;
import no.nav.common.sts.SystemUserTokenProvider;
import no.nav.common.types.identer.Fnr;
import no.nav.paw.arbeidssokerregisteret.api.v1.Periode;
import no.nav.pto_schema.kafka.json.topic.onprem.EndringPaaOppfoelgingsBrukerV2;
import no.nav.veilarboppfolging.service.utmelding.KanskjeIservBruker;
import org.apache.kafka.clients.consumer.ConsumerRecord;
Expand All @@ -30,8 +28,6 @@ public class KafkaConsumerService {

private final AuthContextHolder authContextHolder;

private final SystemUserTokenProvider systemUserTokenProvider;

private final KvpService kvpService;

private final IservService iservService;
Expand All @@ -47,15 +43,13 @@ public class KafkaConsumerService {
@Autowired
public KafkaConsumerService(
AuthContextHolder authContextHolder,
SystemUserTokenProvider systemUserTokenProvider,
@Lazy KvpService kvpService,
@Lazy IservService iservService,
OppfolgingsenhetEndringService oppfolgingsenhetEndringService,
@Lazy OppfolgingEndringService oppfolgingEndringService,
AktorOppslagClient aktorOppslagClient,
SisteEndringPaaOppfolgingBrukerService sisteEndringPaaOppfolgingBrukerService) {
this.authContextHolder = authContextHolder;
this.systemUserTokenProvider = systemUserTokenProvider;
this.kvpService = kvpService;
this.iservService = iservService;
this.oppfolgingsenhetEndringService = oppfolgingsenhetEndringService;
Expand All @@ -81,18 +75,11 @@ public void consumeEndringPaOppfolgingBruker(ConsumerRecord<String, EndringPaaOp
"Denne loggmeldingen er kun til informasjon slik at vi eventuelt kan fange opp dette scenariet til ettertid.");
}

var context = new AuthContext(
UserRole.SYSTEM,
JWTParser.parse(systemUserTokenProvider.getSystemUserToken())
);

authContextHolder.withContext(context, () -> {
kvpService.avsluttKvpVedEnhetBytte(endringPaBruker);
iservService.oppdaterUtmeldingsStatus(KanskjeIservBruker.Companion.of(endringPaBruker));
oppfolgingsenhetEndringService.behandleBrukerEndring(endringPaBruker);
oppfolgingEndringService.oppdaterOppfolgingMedStatusFraArena(endringPaBruker);
sisteEndringPaaOppfolgingBrukerService.lagreSisteEndring(brukerFnr, endringPaBruker.getSistEndretDato());
});
kvpService.avsluttKvpVedEnhetBytte(endringPaBruker);
iservService.oppdaterUtmeldingsStatus(KanskjeIservBruker.Companion.of(endringPaBruker));
oppfolgingsenhetEndringService.behandleBrukerEndring(endringPaBruker);
oppfolgingEndringService.oppdaterOppfolgingMedStatusFraArena(endringPaBruker);
sisteEndringPaaOppfolgingBrukerService.lagreSisteEndring(brukerFnr, endringPaBruker.getSistEndretDato());
}

private boolean erEndringGammel(Fnr fnr, ZonedDateTime nyEndringTidspunkt) {
Expand Down
3 changes: 0 additions & 3 deletions src/main/resources/application.properties
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,7 @@ spring.data.jdbc.repositories.enabled=false
# From config map "pto-config"
app.env.norg2Url=${NORG2_URL:null}
app.env.aktorregisterUrl=${AKTOERREGISTER_API_V1_URL:null}
app.env.soapStsUrl=${SECURITYTOKENSERVICE_URL:null}
app.env.arbeidsrettetDialogUrl=${ARBEIDSRETTET_DIALOG_URL:null}
app.env.naisStsDiscoveryUrl=${SECURITY_TOKEN_SERVICE_DISCOVERY_URL:null}
app.env.naisStsClientId=${SECURITY_TOKEN_SERVICE_CLIENT_ID:null}
app.env.ytelseskontraktV3Endpoint=${VIRKSOMHET_YTELSESKONTRAKT_V3_ENDPOINTURL:null}
app.env.varselOppgaveV1Endpoint=${VARSELOPPGAVE_V1_ENDPOINTURL:null}
app.env.behandleArbeidssoekerV1Endpoint=${VIRKSOMHET_BEHANDLEARBEIDSSOEKER_V1_ENDPOINTURL:null}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
import no.nav.common.auth.context.AuthContextHolder;
import no.nav.common.auth.context.AuthContextHolderThreadLocal;
import no.nav.common.job.leader_election.LeaderElectionClient;
import no.nav.common.sts.SystemUserTokenProvider;
import no.nav.common.token_client.client.AzureAdOnBehalfOfTokenClient;
import no.nav.common.utils.Credentials;
import no.nav.poao_tilgang.client.PoaoTilgangClient;
Expand Down Expand Up @@ -53,11 +52,6 @@ public AzureAdOnBehalfOfTokenClient azureAdOnBehalfOfTokenClient() {
return mock(AzureAdOnBehalfOfTokenClient.class);
}

@Bean
public SystemUserTokenProvider systemUserTokenProvider() {
return () -> new PlainJWT(new JWTClaimsSet.Builder().build()).serialize();
}

@Bean
public Credentials serviceUserCredentials() {
return new Credentials("username", "password");
Expand Down
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
package no.nav.veilarboppfolging.service;

import no.nav.common.auth.context.AuthContextHolderThreadLocal;
import no.nav.common.auth.context.UserRole;
import no.nav.common.test.auth.AuthTestUtils;
import no.nav.common.types.identer.AktorId;
import no.nav.common.types.identer.Fnr;
import no.nav.pto_schema.enums.arena.Formidlingsgruppe;
Expand Down Expand Up @@ -55,12 +52,7 @@ public void setup() {

utmeldingRepository = new UtmeldingRepository(db);

iservService = new IservService(
AuthContextHolderThreadLocal.instance(),
() -> AuthTestUtils.createAuthContext(UserRole.SYSTEM, "srvtest").getIdToken().serialize(),
mock(MetricsService.class),
utmeldingRepository, oppfolgingService, authService
);
iservService = new IservService(mock(MetricsService.class), utmeldingRepository, oppfolgingService, authService);
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,8 @@ class ArbeidssøkerperiodeConsumerServiceTest: IntegrationTest() {
.setIserv_fra_dato(ISERV_FRA_DATO.atZone(ZoneId.systemDefault())))
)
val nyPeriode = arbeidssøkerperiode(fnr, periodeStartet = arbeidsøkerPeriodeStartet.atZone(ZoneId.systemDefault()).toInstant())
val oppfolginsBrukerEndretTilISERV = ConsumerRecord("topic", 0, 0, "key", oppfølgingsBrukerEndret(ISERV_FRA_DATO.toLocalDate()))
val oppfolginsBrukerEndretTilISERV = ConsumerRecord("topic", 0, 0, "key", oppfølgingsBrukerEndret(
ISERV_FRA_DATO.toLocalDate(), formidlingsgruppe = Formidlingsgruppe.ISERV))
val melding = ConsumerRecord("topic", 0, 0, "dummyKey", nyPeriode)

kafkaConsumerService.consumeEndringPaOppfolgingBruker(oppfolginsBrukerEndretTilISERV)
Expand All @@ -211,7 +212,8 @@ class ArbeidssøkerperiodeConsumerServiceTest: IntegrationTest() {
.setIserv_fra_dato(ISERV_FRA_DATO.atZone(ZoneId.systemDefault())))
)
val nyPeriode = arbeidssøkerperiode(fnr, periodeStartet = arbeidsøkerPeriodeStartet.atZone(ZoneId.systemDefault()).toInstant())
val oppfolginsBrukerEndretTilISERV = ConsumerRecord("topic", 0, 0, "key", oppfølgingsBrukerEndret(ISERV_FRA_DATO.toLocalDate()))
val oppfolginsBrukerEndretTilISERV = ConsumerRecord("topic", 0, 0, "key", oppfølgingsBrukerEndret(
ISERV_FRA_DATO.toLocalDate(), formidlingsgruppe = Formidlingsgruppe.ISERV))
val melding = ConsumerRecord("topic", 0, 0, "dummyKey", nyPeriode)

kafkaConsumerService.consumeEndringPaOppfolgingBruker(oppfolginsBrukerEndretTilISERV)
Expand Down Expand Up @@ -275,10 +277,10 @@ class ArbeidssøkerperiodeConsumerServiceTest: IntegrationTest() {
}
}

private fun oppfølgingsBrukerEndret(iservFraDato: LocalDate): EndringPaaOppfoelgingsBrukerV2 {
private fun oppfølgingsBrukerEndret(iservFraDato: LocalDate, formidlingsgruppe: Formidlingsgruppe = Formidlingsgruppe.ARBS): EndringPaaOppfoelgingsBrukerV2 {
return EndringPaaOppfoelgingsBrukerV2(
fnr,
Formidlingsgruppe.ARBS,
formidlingsgruppe,
iservFraDato,
"Sig",
":)",
Expand Down

0 comments on commit cc12e99

Please sign in to comment.