Erstattet PAT med token-support, java 21 + dep bumps (#891)

* Erstattet PAT med token-support, java 21 + dep bumps

* Lagt til callId, webproxy og fjernet deprecated ingress

* Lagt tilbake logfilter med ALL the things

.github/workflows/master.yml

@@ -25,7 +25,7 @@ jobs:
       - name: Sette opp Java
         uses: actions/setup-java@v4
         with:
-          java-version: 17
+          java-version: 21
           distribution: temurin
           cache: maven
 

.github/workflows/pull-requests.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Sette opp Java
         uses: actions/setup-java@v4
         with:
-          java-version: 17
+          java-version: 21
           distribution: temurin
           cache: maven
       - name: Bygge JAR

.github/workflows/release-kontrakt.yml

@@ -14,7 +14,7 @@ jobs:
       - uses: actions/setup-java@v4
         with:
           distribution: temurin
-          java-version: 17
+          java-version: 21
           cache: maven
       - name: Publish artifacts
         shell: bash

Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/navikt/baseimages/temurin:17-appdynamics
+FROM ghcr.io/navikt/baseimages/temurin:21-appdynamics
 ENV APPD_ENABLED=true
 LABEL org.opencontainers.image.source=https://github.com/navikt/pleiepenger-barn-uttak
 

nais/dev-fss-k9saksbehandling.yml

@@ -8,6 +8,15 @@ metadata:
 spec:
   image: {{image}}
   port: 8080
+  azure:
+    application:
+      enabled: true
+  accessPolicy:
+    inbound:
+      rules:
+        - application: k9-sak
+        - application: k9-formidling
+  webproxy: true
   replicas:
     min: 2
     max: 4
@@ -39,8 +48,7 @@ spec:
   secureLogs:
     enabled: true
   ingresses:
-    - https://pleiepenger-barn-uttak.q1.nais.preprod.local
-    - https://pleiepenger-barn-uttak.nais.preprod.local
+    - https://k9-psb-uttak.dev.intern.nav.no
   env:
     - name: APP_NAME
       value: "pleiepenger-barn-uttak"

nais/prod-fss-k9saksbehandling.yml

@@ -8,6 +8,15 @@ metadata:
 spec:
   image: {{image}}
   port: 8080
+  azure:
+    application:
+      enabled: true
+  accessPolicy:
+    inbound:
+      rules:
+        - application: k9-sak
+        - application: k9-formidling
+  webproxy: true
   replicas:
     min: 2
     max: 4

server/pom.xml

@@ -12,10 +12,11 @@
     <artifactId>server</artifactId>
 
     <properties>
-        <springdoc.version>1.7.0</springdoc.version>
+        <springdoc.version>2.3.0</springdoc.version>
         <logback.logstash.version>7.4</logback.logstash.version>
         <postgres.version>42.7.1</postgres.version>
         <micrometer.version>1.12.2</micrometer.version>
+        <tokensupport.version>4.1.0</tokensupport.version>
     </properties>
 
     <dependencies>
@@ -46,22 +47,15 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.springframework.boot</groupId>
-                    <artifactId>spring-boot-starter-tomcat</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-jetty</artifactId>
+            <artifactId>spring-boot-starter-validation</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
-
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-jdbc</artifactId>
@@ -96,7 +90,7 @@
         <!-- Spring Doc -->
         <dependency>
             <groupId>org.springdoc</groupId>
-            <artifactId>springdoc-openapi-ui</artifactId>
+            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
             <version>${springdoc.version}</version>
         </dependency>
 
@@ -112,13 +106,26 @@
             <version>${micrometer.version}</version>
         </dependency>
 
+        <!-- Token support -->
+        <dependency>
+            <groupId>no.nav.security</groupId>
+            <artifactId>token-validation-spring</artifactId>
+            <version>${tokensupport.version}</version>
+        </dependency>
+
         <!-- Testing -->
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>postgresql</artifactId>
             <version>1.19.3</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>no.nav.security</groupId>
+            <artifactId>token-validation-spring-test</artifactId>
+            <version>${tokensupport.version}</version>
+            <scope>test</scope>
+        </dependency>
 
         <dependency>
             <groupId>org.jetbrains.kotlin</groupId>

server/src/main/kotlin/no/nav/pleiepengerbarn/uttak/server/App.kt

@@ -1,6 +1,5 @@
 package no.nav.pleiepengerbarn.uttak.server
 
-import org.slf4j.LoggerFactory
 import org.springframework.boot.Banner
 import org.springframework.boot.autoconfigure.SpringBootApplication
 import org.springframework.boot.autoconfigure.domain.EntityScan
@@ -11,7 +10,6 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.ComponentScan
 import org.springframework.context.support.PropertySourcesPlaceholderConfigurer
 import org.springframework.core.io.ClassPathResource
-import java.util.*
 
 
 @SpringBootApplication
@@ -20,8 +18,6 @@ import java.util.*
 @ComponentScan("no.nav.pleiepengerbarn.uttak")
 class App {
 
-    private val logger = LoggerFactory.getLogger(App::class.java)
-
     @Bean
     fun logFilter(): FilterRegistrationBean<LogFilter> {
         // Registrer CallId MDC propageringsfilter

server/src/main/kotlin/no/nav/pleiepengerbarn/uttak/server/SecurityConfig.kt

@@ -0,0 +1,8 @@
+package no.nav.pleiepengerbarn.uttak.server
+
+import no.nav.security.token.support.spring.api.EnableJwtTokenValidation
+import org.springframework.context.annotation.Configuration
+
+@EnableJwtTokenValidation
+@Configuration
+class SecurityConfig

server/src/main/kotlin/no/nav/pleiepengerbarn/uttak/server/UttakplanApi.kt

@@ -8,6 +8,8 @@ import no.nav.pleiepengerbarn.uttak.kontrakter.*
 import no.nav.pleiepengerbarn.uttak.regler.*
 import no.nav.pleiepengerbarn.uttak.regler.mapper.GrunnlagMapper
 import no.nav.pleiepengerbarn.uttak.server.db.UttakRepository
+import no.nav.security.token.support.core.api.Protected
+import no.nav.security.token.support.core.api.Unprotected
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.beans.factory.annotation.Value
@@ -18,6 +20,7 @@ import org.springframework.web.util.UriComponentsBuilder
 import java.util.*
 
 @RestController
+@Protected
 @Tag(name = "Uttak API", description = "Operasjoner for uttak pleiepenger barn")
 class UttakplanApi {
 

server/src/main/resources/application.yml

@@ -3,46 +3,19 @@ server:
   servlet:
     context-path: /pleiepenger-barn-uttak
 
-no.nav:
-  navn: 'Pleiepenger Barn Uttak'
-  versjon: '@project.version@'
-  beskrivelse: 'Håndterer uttak av pleiepenger barn på tvers av omsorgspersoner.'
-  security:
-    jwt:
-      issuer:
-        azure:
-          accepted_audience: 'pleiepenger-barn-uttak'
 
+no.nav.security.jwt:
+  issuer:
+    azure:
+      discoveryurl: ${AZURE_APP_WELL_KNOWN_URL}
+      accepted_audience: ${AZURE_APP_CLIENT_ID}
 
 management:
-  metrics:
-    web:
-      server:
-        request:
-          autotime:
-            enabled: true
-  health :
-    diskspace:
-      enabled: false
   endpoint:
     health:
-      show-details : always
+      show-details: always
   endpoints:
     web:
       exposure:
         include: info, health, prometheus
-      base-path: /internal/actuator
-
-springdoc:
-  api-docs:
-    path: /internal/api-docs
-  swagger-ui:
-    path: /internal/swagger
-
-info:
-  app:
-    name: Pleiepenger barn uttak
-    version: @project.version@
-    encoding: @project.build.sourceEncoding@
-    java:
-      version: @java.version@
+      base-path: /internal/actuator

server/src/test/kotlin/no/nav/pleiepengerbarn/uttak/server/NedjusteringAvUttaksgradTest.kt

@@ -5,6 +5,8 @@ import no.nav.pleiepengerbarn.uttak.regler.HUNDRE_PROSENT
 import no.nav.pleiepengerbarn.uttak.regler.NULL_PROSENT
 import no.nav.pleiepengerbarn.uttak.regler.ÅTTI_PROSENT
 import no.nav.pleiepengerbarn.uttak.testklient.*
+import no.nav.security.mock.oauth2.MockOAuth2Server
+import no.nav.security.token.support.spring.test.EnableMockOAuth2Server
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.jupiter.api.AfterEach
 import org.junit.jupiter.api.BeforeEach
@@ -26,9 +28,19 @@ import kotlin.test.fail
 @ExtendWith(SpringExtension::class)
 @ActiveProfiles("postgres")
 @Tag("integration")
+@EnableMockOAuth2Server
 class NedjusteringAvUttaksgradTest(@Autowired val restTemplate: TestRestTemplate) {
 
-    private val testClient by lazy { PleiepengerBarnUttakTestClient(restTemplate) }
+    @Autowired
+    private lateinit var mockOAuth2Server: MockOAuth2Server
+
+    private val testClient by lazy {
+        val token = mockOAuth2Server.issueToken(
+            issuerId = "azure",
+            audience = "pleiepenger-barn-uttak"
+        ).serialize()
+        PleiepengerBarnUttakTestClient(restTemplate, token)
+    }
 
     @BeforeEach
     internal fun setUp() {

server/src/test/kotlin/no/nav/pleiepengerbarn/uttak/server/UttakplanApiTest.kt

@@ -7,6 +7,8 @@ import no.nav.pleiepengerbarn.uttak.regler.TJUE_PROSENT
 import no.nav.pleiepengerbarn.uttak.regler.ÅTTI_PROSENT
 import no.nav.pleiepengerbarn.uttak.testklient.*
 import no.nav.pleiepengerbarn.uttak.testklient.FULL_DAG
+import no.nav.security.mock.oauth2.MockOAuth2Server
+import no.nav.security.token.support.spring.test.EnableMockOAuth2Server
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.jupiter.api.AfterEach
 import org.junit.jupiter.api.BeforeEach
@@ -29,9 +31,19 @@ import kotlin.test.fail
 @ExtendWith(SpringExtension::class)
 @ActiveProfiles("postgres")
 @Tag("integration")
+@EnableMockOAuth2Server
 class UttakplanApiTest(@Autowired val restTemplate: TestRestTemplate) {
 
-    private val testClient by lazy { PleiepengerBarnUttakTestClient(restTemplate) }
+    @Autowired
+    private lateinit var mockOAuth2Server: MockOAuth2Server
+
+    private val testClient by lazy {
+        val token = mockOAuth2Server.issueToken(
+            issuerId = "azure",
+            audience = "pleiepenger-barn-uttak"
+        ).serialize()
+        PleiepengerBarnUttakTestClient(restTemplate, token)
+    }
 
     @BeforeEach
     internal fun setUp() {

server/src/test/kotlin/no/nav/pleiepengerbarn/uttak/server/db/UttakRepositoryTest.kt

@@ -4,6 +4,7 @@ import no.nav.pleiepengerbarn.uttak.kontrakter.*
 import no.nav.pleiepengerbarn.uttak.regler.domene.RegelGrunnlag
 import no.nav.pleiepengerbarn.uttak.testklient.FULL_DAG
 import no.nav.pleiepengerbarn.uttak.testklient.nesteSaksnummer
+import no.nav.security.token.support.spring.test.EnableMockOAuth2Server
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.jupiter.api.Tag
 import org.junit.jupiter.api.Test
@@ -26,6 +27,7 @@ import java.util.concurrent.TimeUnit
 @ActiveProfiles("postgres")
 @Tag("integration")
 @Transactional
+@EnableMockOAuth2Server
 internal class UttakRepositoryTest {
 
     private companion object {