Merge pull request #248 from JMLindseth/main

Use new app istilgangskontroll
navikt · Nov 28, 2023 · f19adfb · f19adfb
2 parents b911d7d + 9eaf1c8
commit f19adfb
Show file tree

Hide file tree

Showing 14 changed files with 78 additions and 80 deletions.
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ This the high level flow for the application
   graph LR;
         
       smregistrering-backend --- smregistrering;
-      smregistrering-backend -- check caseworker access --- syfo-tilgangskontroll;
+      smregistrering-backend -- check caseworker access --- istilgangskontroll;
       smregistrering-backend -- create,get,complete oppgave --- oppgave;
       smregistrering-backend -- verify token --- azure-AD;
       smregistrering-backend --- id1[(Database)];

diff --git a/naiserator-dev.yaml b/naiserator-dev.yaml
@@ -72,7 +72,7 @@ spec:
           namespace: teamsykmelding
           cluster: dev-gcp
         - application: smtss
-        - application: syfo-tilgangskontroll
+        - application: istilgangskontroll
           namespace: teamsykefravr
           cluster: dev-gcp
         - application: syfohelsenettproxy
@@ -112,8 +112,8 @@ spec:
       value: https://oppgave-q1.dev-fss-pub.nais.io/api/v1/oppgaver
     - name: OPPGAVE_SCOPE
       value: api://dev-fss.oppgavehandtering.oppgave-q1/.default
-    - name: SYFOTILGANGSKONTROLL_SCOPE
-      value: api://dev-gcp.teamsykefravr.syfo-tilgangskontroll/.default
+    - name: ISTILGANGSKONTROLL_SCOPE
+      value: api://dev-gcp.teamsykefravr.istilgangskontroll/.default
     - name: MS_GRAPH_API_URL
       value: https://graph.microsoft.com/v1.0
     - name: MS_GRAPH_API_SCOPE

diff --git a/naiserator-prod.yaml b/naiserator-prod.yaml
@@ -71,7 +71,7 @@ spec:
           namespace: teamsykmelding
           cluster: prod-gcp
         - application: smtss
-        - application: syfo-tilgangskontroll
+        - application: istilgangskontroll
           namespace: teamsykefravr
           cluster: prod-gcp
         - application: syfohelsenettproxy
@@ -111,8 +111,8 @@ spec:
       value: https://oppgave.prod-fss-pub.nais.io/api/v1/oppgaver
     - name: OPPGAVE_SCOPE
       value: api://prod-fss.oppgavehandtering.oppgave/.default
-    - name: SYFOTILGANGSKONTROLL_SCOPE
-      value: api://prod-gcp.teamsykefravr.syfo-tilgangskontroll/.default
+    - name: ISTILGANGSKONTROLL_SCOPE
+      value: api://prod-gcp.teamsykefravr.istilgangskontroll/.default
     - name: MS_GRAPH_API_URL
       value: https://graph.microsoft.com/v1.0
     - name: MS_GRAPH_API_SCOPE

diff --git a/src/main/kotlin/no/nav/syfo/Bootstrap.kt b/src/main/kotlin/no/nav/syfo/Bootstrap.kt
@@ -81,7 +81,7 @@ fun main() {
 
     val sendtSykmeldingService = SendtSykmeldingService(databaseInterface = database)
     val authorizationService =
-        AuthorizationService(httpClients.syfoTilgangsKontrollClient, httpClients.msGraphClient)
+        AuthorizationService(httpClients.istilgangskontrollClient, httpClients.msGraphClient)
     val pdlService =
         PdlPersonService(httpClients.pdlClient, httpClients.azureAdV2Client, env.pdlScope)
     val sykmelderService = SykmelderService(httpClients.norskHelsenettClient, pdlService)

diff --git a/src/main/kotlin/no/nav/syfo/Environment.kt b/src/main/kotlin/no/nav/syfo/Environment.kt
@@ -16,8 +16,8 @@ data class Environment(
     val pdlScope: String = getEnvVar("PDL_SCOPE"),
     val norskHelsenettEndpointURL: String = getEnvVar("HELSENETT_ENDPOINT_URL"),
     val helsenettproxyScope: String = getEnvVar("HELSENETT_SCOPE"),
-    val syfoTilgangsKontrollClientUrl: String = "http://syfo-tilgangskontroll.teamsykefravr",
-    val syfoTilgangsKontrollScope: String = getEnvVar("SYFOTILGANGSKONTROLL_SCOPE"),
+    val istilgangskontrollClientUrl: String = "http://istilgangskontroll.teamsykefravr",
+    val istilgangskontrollScope: String = getEnvVar("ISTILGANGSKONTROLL_SCOPE"),
     val msGraphApiScope: String = getEnvVar("MS_GRAPH_API_SCOPE"),
     val msGraphApiUrl: String = getEnvVar("MS_GRAPH_API_URL"),
     val azureTokenEndpoint: String = getEnvVar("AZURE_OPENID_CONFIG_TOKEN_ENDPOINT"),

diff --git a/...syfo/client/SyfoTilgangsKontrollClient.kt → ...v/syfo/client/IstilgangskontrollClient.kt b/...syfo/client/SyfoTilgangsKontrollClient.kt → ...v/syfo/client/IstilgangskontrollClient.kt
@@ -14,32 +14,30 @@ import no.nav.syfo.Environment
 import no.nav.syfo.azuread.v2.AzureAdV2Client
 import no.nav.syfo.log
 
-class SyfoTilgangsKontrollClient(
+class IstilgangskontrollClient(
     environment: Environment,
     private val azureAdV2Client: AzureAdV2Client,
     private val httpClient: HttpClient,
-    private val syfoTilgangsKontrollClientUrl: String = environment.syfoTilgangsKontrollClientUrl,
-    private val scope: String = environment.syfoTilgangsKontrollScope,
-    private val syfoTilgangskontrollCache: Cache<Map<String, String>, Tilgang> =
+    private val istilgangskontrollClientUrl: String = environment.istilgangskontrollClientUrl,
+    private val scope: String = environment.istilgangskontrollScope,
+    private val istilgangskontrollCache: Cache<Map<String, String>, Tilgang> =
         Caffeine.newBuilder().expireAfterWrite(1, TimeUnit.HOURS).maximumSize(100).build(),
 ) {
     companion object {
         const val NAV_PERSONIDENT_HEADER = "nav-personident"
     }
 
     suspend fun hasAccess(accessToken: String, personFnr: String): Tilgang {
-        syfoTilgangskontrollCache.getIfPresent(mapOf(Pair(accessToken, personFnr)))?.let {
-            log.debug("Traff cache for syfotilgangskontroll")
+        istilgangskontrollCache.getIfPresent(mapOf(Pair(accessToken, personFnr)))?.let {
+            log.debug("Traff cache for istilgangskontroll")
             return it
         }
         val oboToken = azureAdV2Client.getOnBehalfOfToken(token = accessToken, scope = scope)
 
         try {
             log.info("Sjekker tilgang for veileder på person")
             val httpResponse =
-                httpClient.get(
-                    "$syfoTilgangsKontrollClientUrl/syfo-tilgangskontroll/api/tilgang/navident/person"
-                ) {
+                httpClient.get("$istilgangskontrollClientUrl/api/tilgang/navident/person") {
                     accept(ContentType.Application.Json)
                     headers {
                         append("Authorization", "Bearer $oboToken")
@@ -49,20 +47,20 @@ class SyfoTilgangsKontrollClient(
             return when (httpResponse.status) {
                 HttpStatusCode.OK -> {
                     val tilgang = httpResponse.body<Tilgang>()
-                    syfoTilgangskontrollCache.put(mapOf(Pair(accessToken, personFnr)), tilgang)
+                    istilgangskontrollCache.put(mapOf(Pair(accessToken, personFnr)), tilgang)
                     tilgang
                 }
                 else -> {
-                    log.warn("syfo-tilgangskontroll svarte med ${httpResponse.status}")
+                    log.warn("istilgangskontroll svarte med ${httpResponse.status}")
                     Tilgang(
-                        harTilgang = false,
+                        erGodkjent = false,
                     )
                 }
             }
         } catch (e: Exception) {
-            log.warn("noe gikk galt ved oppslag mot syfo-tilgangskontroll")
+            log.warn("noe gikk galt ved oppslag mot istilgangskontroll")
             return Tilgang(
-                harTilgang = false,
+                erGodkjent = false,
             )
         }
     }
@@ -74,7 +72,7 @@ class SyfoTilgangsKontrollClient(
             log.info("Sjekker om veileder har utvidet tilgang til smreg")
             val httpResponse =
                 httpClient.get(
-                    "$syfoTilgangsKontrollClientUrl/syfo-tilgangskontroll/api/tilgang/navident/person/papirsykmelding"
+                    "$istilgangskontrollClientUrl/api/tilgang/navident/person/papirsykmelding"
                 ) {
                     accept(ContentType.Application.Json)
                     headers {
@@ -85,29 +83,29 @@ class SyfoTilgangsKontrollClient(
             return when (httpResponse.status) {
                 HttpStatusCode.OK -> {
                     val tilgang = httpResponse.body<Tilgang>()
-                    syfoTilgangskontrollCache.put(mapOf(Pair(accessToken, personFnr)), tilgang)
+                    istilgangskontrollCache.put(mapOf(Pair(accessToken, personFnr)), tilgang)
                     tilgang
                 }
                 else -> {
                     log.warn(
-                        "syfo-tilgangskontroll svarte med ${httpResponse.status} på forespørsel om utvidet tilgang"
+                        "istilgangskontroll svarte med ${httpResponse.status} på forespørsel om utvidet tilgang"
                     )
                     Tilgang(
-                        harTilgang = false,
+                        erGodkjent = false,
                     )
                 }
             }
         } catch (e: Exception) {
             log.warn(
-                "noe gikk galt ved oppslag mot syfo-tilgangskontroll på forespørsel om utvidet tilgang"
+                "noe gikk galt ved oppslag mot istilgangskontroll på forespørsel om utvidet tilgang"
             )
             return Tilgang(
-                harTilgang = false,
+                erGodkjent = false,
             )
         }
     }
 }
 
 data class Tilgang(
-    val harTilgang: Boolean,
+    val erGodkjent: Boolean,
 )
diff --git a/src/main/kotlin/no/nav/syfo/clients/HttpClients.kt b/src/main/kotlin/no/nav/syfo/clients/HttpClients.kt
@@ -18,12 +18,12 @@ import io.ktor.serialization.jackson.jackson
 import no.nav.syfo.Environment
 import no.nav.syfo.azuread.v2.AzureAdV2Client
 import no.nav.syfo.client.DokArkivClient
+import no.nav.syfo.client.IstilgangskontrollClient
 import no.nav.syfo.client.MSGraphClient
 import no.nav.syfo.client.NorskHelsenettClient
 import no.nav.syfo.client.OppgaveClient
 import no.nav.syfo.client.RegelClient
 import no.nav.syfo.client.SmtssClient
-import no.nav.syfo.client.SyfoTilgangsKontrollClient
 import no.nav.syfo.clients.exception.ServiceUnavailableException
 import no.nav.syfo.log
 import no.nav.syfo.pdl.client.PdlClient
@@ -96,8 +96,8 @@ class HttpClients(env: Environment) {
     internal val regelClient =
         RegelClient(env.regelEndpointURL, azureAdV2Client, env.syfosmpapirregelScope, httpClient)
 
-    internal val syfoTilgangsKontrollClient =
-        SyfoTilgangsKontrollClient(
+    internal val istilgangskontrollClient =
+        IstilgangskontrollClient(
             environment = env,
             azureAdV2Client = azureAdV2Client,
             httpClient = httpClient,

diff --git a/src/main/kotlin/no/nav/syfo/service/AuthorizationService.kt b/src/main/kotlin/no/nav/syfo/service/AuthorizationService.kt
@@ -1,28 +1,28 @@
 package no.nav.syfo.service
 
+import no.nav.syfo.client.IstilgangskontrollClient
 import no.nav.syfo.client.MSGraphClient
-import no.nav.syfo.client.SyfoTilgangsKontrollClient
 
 class AuthorizationService(
-    private val syfoTilgangsKontrollClient: SyfoTilgangsKontrollClient,
+    private val istilgangskontrollClient: IstilgangskontrollClient,
     private val msGraphClient: MSGraphClient,
 ) {
     suspend fun hasAccess(accessToken: String, pasientFnr: String): Boolean {
-        return syfoTilgangsKontrollClient
+        return istilgangskontrollClient
             .hasAccess(
                 accessToken,
                 pasientFnr,
             )
-            .harTilgang
+            .erGodkjent
     }
 
     suspend fun hasSuperuserAccess(accessToken: String, pasientFnr: String): Boolean {
-        return syfoTilgangsKontrollClient
+        return istilgangskontrollClient
             .hasSuperuserAccess(
                 accessToken,
                 pasientFnr,
             )
-            .harTilgang
+            .erGodkjent
     }
 
     suspend fun getVeileder(accessToken: String): Veileder {

diff --git a/src/test/kotlin/no/nav/syfo/api/AuthenticateTest.kt b/src/test/kotlin/no/nav/syfo/api/AuthenticateTest.kt
@@ -25,8 +25,8 @@ import java.time.OffsetDateTime
 import no.nav.syfo.Environment
 import no.nav.syfo.aksessering.api.hentPapirSykmeldingManuellOppgave
 import no.nav.syfo.application.setupAuth
+import no.nav.syfo.client.IstilgangskontrollClient
 import no.nav.syfo.client.OppgaveClient
-import no.nav.syfo.client.SyfoTilgangsKontrollClient
 import no.nav.syfo.client.Tilgang
 import no.nav.syfo.controllers.SendTilGosysController
 import no.nav.syfo.log
@@ -63,7 +63,7 @@ internal class AuthenticateTest {
 
     private val manuellOppgaveDAO = ManuellOppgaveDAO(database)
     private val safDokumentClient = mockk<SafDokumentClient>()
-    private val syfoTilgangsKontrollClient = mockk<SyfoTilgangsKontrollClient>()
+    private val istilgangskontrollClient = mockk<IstilgangskontrollClient>()
     private val authorizationService = mockk<AuthorizationService>()
     private val oppgaveClient = mockk<OppgaveClient>()
     private val oppgaveService = OppgaveService(oppgaveClient)
@@ -85,7 +85,7 @@ internal class AuthenticateTest {
 
             coEvery { safDokumentClient.hentDokument(any(), any(), any(), any(), any()) } returns
                 ByteArray(1)
-            coEvery { syfoTilgangsKontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
+            coEvery { istilgangskontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
             coEvery { authorizationService.hasAccess(any(), any()) } returns true
             coEvery { pdlService.getPdlPerson(any(), any()) } returns
                 PdlPerson(

diff --git a/src/test/kotlin/no/nav/syfo/api/AvvisOppgaveRestTest.kt b/src/test/kotlin/no/nav/syfo/api/AvvisOppgaveRestTest.kt
@@ -24,8 +24,8 @@ import java.time.OffsetDateTime
 import no.nav.syfo.Environment
 import no.nav.syfo.application.setupAuth
 import no.nav.syfo.client.DokArkivClient
+import no.nav.syfo.client.IstilgangskontrollClient
 import no.nav.syfo.client.OppgaveClient
-import no.nav.syfo.client.SyfoTilgangsKontrollClient
 import no.nav.syfo.client.Tilgang
 import no.nav.syfo.controllers.AvvisPapirsykmeldingController
 import no.nav.syfo.log
@@ -67,7 +67,7 @@ class AvvisOppgaveRestTest {
     private val oppgaveClient = mockk<OppgaveClient>()
     private val oppgaveService = OppgaveService(oppgaveClient)
     private val dokArkivClient = mockk<DokArkivClient>()
-    private val syfoTilgangsKontrollClient = mockk<SyfoTilgangsKontrollClient>()
+    private val istilgangskontrollClient = mockk<IstilgangskontrollClient>()
     private val authorizationService = mockk<AuthorizationService>()
     private val pdlPersonService = mockk<PdlPersonService>()
     private val sykmelderService = mockk<SykmelderService>()
@@ -116,7 +116,7 @@ class AvvisOppgaveRestTest {
                     throw cause
                 }
             }
-            coEvery { syfoTilgangsKontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
+            coEvery { istilgangskontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
 
             coEvery { authorizationService.hasAccess(any(), any()) } returns true
             coEvery { authorizationService.getVeileder(any()) } returns Veileder("U1337")
@@ -334,7 +334,7 @@ class AvvisOppgaveRestTest {
                     throw cause
                 }
             }
-            coEvery { syfoTilgangsKontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
+            coEvery { istilgangskontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
 
             coEvery { authorizationService.hasAccess(any(), any()) } returns true
             coEvery { authorizationService.getVeileder(any()) } returns Veileder("U1337")

diff --git a/src/test/kotlin/no/nav/syfo/api/HentPapirSykmeldingTest.kt b/src/test/kotlin/no/nav/syfo/api/HentPapirSykmeldingTest.kt
@@ -30,10 +30,10 @@ import no.nav.syfo.aksessering.api.hentPapirSykmeldingManuellOppgave
 import no.nav.syfo.aksessering.db.hentManuellOppgaver
 import no.nav.syfo.application.setupAuth
 import no.nav.syfo.client.DokArkivClient
+import no.nav.syfo.client.IstilgangskontrollClient
 import no.nav.syfo.client.OppgaveClient
 import no.nav.syfo.client.RegelClient
 import no.nav.syfo.client.SmtssClient
-import no.nav.syfo.client.SyfoTilgangsKontrollClient
 import no.nav.syfo.client.Tilgang
 import no.nav.syfo.clients.KafkaProducers
 import no.nav.syfo.controllers.SendTilGosysController
@@ -78,7 +78,7 @@ internal class HentPapirSykmeldingTest {
     private val smTssClient = mockk<SmtssClient>()
     private val dokArkivClient = mockk<DokArkivClient>()
     private val regelClient = mockk<RegelClient>()
-    private val syfoTilgangsKontrollClient = mockk<SyfoTilgangsKontrollClient>()
+    private val istilgangskontrollClient = mockk<IstilgangskontrollClient>()
     private val authorizationService = mockk<AuthorizationService>()
     private val sendTilGosysController =
         SendTilGosysController(authorizationService, manuellOppgaveDAO, oppgaveService)
@@ -97,7 +97,7 @@ internal class HentPapirSykmeldingTest {
 
             coEvery { safDokumentClient.hentDokument(any(), any(), any(), any(), any()) } returns
                 ByteArray(1)
-            coEvery { syfoTilgangsKontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
+            coEvery { istilgangskontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
 
             coEvery { authorizationService.hasAccess(any(), any()) } returns true
             coEvery { authorizationService.getVeileder(any()) } returns Veileder("U1337")
@@ -383,7 +383,7 @@ internal class HentPapirSykmeldingTest {
                     any(),
                 )
             } throws SafNotFoundException("Saf returnerte: httpstatus 200")
-            coEvery { syfoTilgangsKontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
+            coEvery { istilgangskontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
 
             coEvery { authorizationService.hasAccess(any(), any()) } returns true
             coEvery { authorizationService.getVeileder(any()) } returns Veileder("U1337")
@@ -541,7 +541,7 @@ internal class HentPapirSykmeldingTest {
                 )
             } throws SafForbiddenException("Du har ikke tilgang")
             coEvery {
-                syfoTilgangsKontrollClient.hasAccess(
+                istilgangskontrollClient.hasAccess(
                     any(),
                     any(),
                 )

diff --git a/src/test/kotlin/no/nav/syfo/api/SendOppgaveTilGosysRestTest.kt b/src/test/kotlin/no/nav/syfo/api/SendOppgaveTilGosysRestTest.kt
@@ -22,7 +22,7 @@ import java.time.LocalDate
 import java.time.OffsetDateTime
 import no.nav.syfo.Environment
 import no.nav.syfo.application.setupAuth
-import no.nav.syfo.client.SyfoTilgangsKontrollClient
+import no.nav.syfo.client.IstilgangskontrollClient
 import no.nav.syfo.client.Tilgang
 import no.nav.syfo.controllers.SendTilGosysController
 import no.nav.syfo.log
@@ -52,7 +52,7 @@ class SendOppgaveTilGosysRestTest {
     private val jwkProvider = JwkProviderBuilder(uri).build()
     private val manuellOppgaveDAO = mockk<ManuellOppgaveDAO>()
     private val oppgaveService = mockk<OppgaveService>()
-    private val syfoTilgangsKontrollClient = mockk<SyfoTilgangsKontrollClient>()
+    private val istilgangskontrollClient = mockk<IstilgangskontrollClient>()
     private val authorizationService = mockk<AuthorizationService>()
     private val sendTilGosysController =
         SendTilGosysController(authorizationService, manuellOppgaveDAO, oppgaveService)
@@ -90,7 +90,7 @@ class SendOppgaveTilGosysRestTest {
                     throw cause
                 }
             }
-            coEvery { syfoTilgangsKontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
+            coEvery { istilgangskontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
 
             coEvery { authorizationService.hasAccess(any(), any()) } returns true
             coEvery { authorizationService.getVeileder(any()) } returns Veileder("U1337")
@@ -246,7 +246,7 @@ class SendOppgaveTilGosysRestTest {
                     throw cause
                 }
             }
-            coEvery { syfoTilgangsKontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
+            coEvery { istilgangskontrollClient.hasAccess(any(), any()) } returns Tilgang(true)
 
             coEvery { authorizationService.hasAccess(any(), any()) } returns true
             coEvery { authorizationService.getVeileder(any()) } returns Veileder("U1337")