FpApplications kan utlede scope for interne apps (#1183)

* FpApplications kan utlede scope for interne apps * Flere metoder og scopes for FpApplication * Mer presedenssjekk
navikt · Sep 20, 2022 · b627f40 · b627f40
1 parent 3dce111
commit b627f40
Show file tree

Hide file tree

Showing 4 changed files with 119 additions and 11 deletions.
diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/TokenProvider.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/TokenProvider.java
@@ -39,6 +39,9 @@ public static OpenIDToken getTokenFor(SikkerhetContext context, OpenIDProvider p
     }
 
     public static OpenIDToken getTokenFromCurrent(SikkerhetContext context, String scopes) {
+        if (!BrukerTokenProvider.harSattBrukerOidcToken() && BrukerTokenProvider.harSattBrukerSamlToken()) {
+            return getStsSystemToken();
+        }
         var token = BrukerTokenProvider.getToken();
         return switch (context) {
             case BRUKER -> getTokenFraContextFor(token, scopes);
@@ -108,13 +111,10 @@ private static OpenIDToken getTokenFraContextFor(OpenIDProvider provider, String
     }
 
     private static OpenIDToken getTokenFraContextFor(OpenIDToken incoming, String scopes) {
-        var providerIncoming = getProvider(incoming);
-        if (!BrukerTokenProvider.harSattBrukerOidcToken() && BrukerTokenProvider.harSattBrukerSamlToken()) {
-            return OpenIDProvider.AZUREAD.equals(providerIncoming) ? getAzureSystemToken(scopes) : getStsSystemToken();
-        }
         if (incoming == null || incoming.token() == null) {
             return incoming;
         }
+        var providerIncoming = getProvider(incoming);
         var identType = Optional.ofNullable(BrukerTokenProvider.getIdentType()).orElse(IdentType.InternBruker);
         if (OpenIDProvider.AZUREAD.equals(providerIncoming)) {
             return identType.erSystem() ? getAzureSystemToken(scopes) : veksleAzureAccessToken(incoming, scopes);

diff --git a/...rasjon/rest-klient/src/main/java/no/nav/vedtak/felles/integrasjon/rest/FpApplication.java b/...rasjon/rest-klient/src/main/java/no/nav/vedtak/felles/integrasjon/rest/FpApplication.java
@@ -4,6 +4,7 @@
 
 import no.nav.foreldrepenger.konfig.Cluster;
 import no.nav.foreldrepenger.konfig.Environment;
+import no.nav.foreldrepenger.konfig.Namespace;
 
 public enum FpApplication {
     FPSAK,
@@ -16,10 +17,12 @@ public enum FpApplication {
     FPLOS,
     FPOPPDRAG,
     FPTILBAKE,
+    FPDOKGEN,
     NONFP
     ;
 
     private static final Cluster CLUSTER = Environment.current().getCluster();
+    private static final Namespace NAMESPACE = Environment.current().getNamespace();
     /*
      * Utelatt fpabonnent:8065, fpinfo:8040
      */
@@ -31,6 +34,7 @@ public enum FpApplication {
         FpApplication.FPOPPDRAG, 8070,
         FpApplication.FPTILBAKE, 8030,
         FpApplication.FPFORDEL, 8090,
+        FpApplication.FPDOKGEN, 8291,
         FpApplication.FPLOS, 8071
     );
 
@@ -48,7 +52,7 @@ public static String contextPathFor(FpApplication application) {
         };
     }
 
-    public static String scopesFor(@SuppressWarnings("unused") FpApplication application) {
-        return null; // TODO Elaborer når azure innføres
+    public static String scopesFor(FpApplication application) {
+        return "api://" + CLUSTER.clusterName() + "." + NAMESPACE.getName() + "." + application.name().toLowerCase() + "/.default";
     }
 }
diff --git a/integrasjon/rest-klient/src/main/java/no/nav/vedtak/felles/integrasjon/rest/RestConfig.java b/integrasjon/rest-klient/src/main/java/no/nav/vedtak/felles/integrasjon/rest/RestConfig.java
@@ -7,7 +7,10 @@
 import no.nav.foreldrepenger.konfig.Environment;
 
 /**
- * Methods to extract information from RestClientConfig annotations
+ * Methods to extract information from RestClientConfig annotations. Presedence
+ * - endpointProperty and scopesProperty if specified and the property contains a value
+ * - derived from FpApplication if specified. The endpoint is the contextPath, and rarely of direct use
+ * - endpointDefault end scopesDefault
  */
 public final class RestConfig {
 
@@ -19,6 +22,12 @@ public static URI endpointFromAnnotation(Class<?> clazz) {
             .orElseThrow(() -> new IllegalArgumentException("Utviklerfeil: mangler endpoint for " + clazz.getSimpleName()));
     }
 
+    public static URI contextPathFromAnnotation(Class<?> clazz) {
+        return fromAnnotation(clazz, FpApplication::contextPathFor, c -> "", c -> "")
+            .map(URI::create)
+            .orElseThrow(() -> new IllegalArgumentException("Utviklerfeil: mangler application for " + clazz.getSimpleName()));
+    }
+
     public static Optional<FpApplication> applicationFromAnnotation(Class<?> clazz) {
         return Optional.ofNullable(clazz.getAnnotation(RestClientConfig.class))
             .map(RestClientConfig::application)
@@ -32,19 +41,17 @@ public static TokenFlow tokenConfigFromAnnotation(Class<?> clazz) {
 
     public static String scopesFromAnnotation(Class<?> clazz) {
         return fromAnnotation(clazz, FpApplication::scopesFor, RestClientConfig::scopesProperty, RestClientConfig::scopesDefault)
-            .orElseThrow(() -> new IllegalArgumentException("Utviklerfeil: mangler endpoint for " + clazz.getSimpleName()));
+            .orElseThrow(() -> new IllegalArgumentException("Utviklerfeil: mangler scopes for " + clazz.getSimpleName()));
     }
 
     private static Optional<String> fromAnnotation(Class<?> clazz,
                                                    Function<FpApplication, String> internal,
                                                    Function<RestClientConfig, String> selector,
                                                    Function<RestClientConfig, String> defaultValue) {
         var annotation = Optional.ofNullable(clazz.getAnnotation(RestClientConfig.class));
-        if (annotation.filter(a -> a.application().specified()).isPresent()) {
-            return annotation.map(RestClientConfig::application).map(internal);
-        }
         return annotation.flatMap(a -> nonEmpty(a, selector))
             .map(ENV::getProperty)
+            .or(() -> annotation.filter(a -> a.application().specified()).map(RestClientConfig::application).map(internal))
             .or(() -> annotation.flatMap(a -> nonEmpty(a, defaultValue)));
     }
 

diff --git a/...rest-klient/src/test/java/no/nav/vedtak/felles/integrasjon/rest/TestRestClientConfig.java b/...rest-klient/src/test/java/no/nav/vedtak/felles/integrasjon/rest/TestRestClientConfig.java
@@ -0,0 +1,97 @@
+package no.nav.vedtak.felles.integrasjon.rest;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.net.URI;
+
+import org.junit.jupiter.api.Test;
+
+public class TestRestClientConfig {
+
+    @Test
+    void testCaseA() {
+        assertThat(RestConfig.applicationFromAnnotation(TestA.class)).hasValueSatisfying(v -> assertThat(FpApplication.FPABAKUS).isEqualTo(v));
+        assertThat(RestConfig.scopesFromAnnotation(TestA.class)).isEqualTo("api://local.default.fpabakus/.default");
+        assertThat(RestConfig.contextPathFromAnnotation(TestA.class)).isEqualTo(URI.create(FpApplication.contextPathFor(FpApplication.FPABAKUS)));
+        assertThat(RestConfig.endpointFromAnnotation(TestA.class)).isEqualTo(URI.create(FpApplication.contextPathFor(FpApplication.FPABAKUS)));
+    }
+
+    @Test
+    void testCaseA1() {
+        System.setProperty("non.existent", "http://fpabakus/fpabakus/ekstern/target");
+        assertThat(RestConfig.applicationFromAnnotation(TestA.class)).hasValueSatisfying(v -> assertThat(FpApplication.FPABAKUS).isEqualTo(v));
+        assertThat(RestConfig.scopesFromAnnotation(TestA.class)).isEqualTo(FpApplication.scopesFor(FpApplication.FPABAKUS));
+        assertThat(RestConfig.contextPathFromAnnotation(TestA.class)).isEqualTo(URI.create(FpApplication.contextPathFor(FpApplication.FPABAKUS)));
+        assertThat(RestConfig.endpointFromAnnotation(TestA.class)).isEqualTo(URI.create("http://fpabakus/fpabakus/ekstern/target"));
+        System.clearProperty("non.existent");
+    }
+
+    @Test
+    void testCaseB() {
+        assertThat(RestConfig.applicationFromAnnotation(TestB.class)).hasValueSatisfying(v -> assertThat(FpApplication.FPRISK).isEqualTo(v));
+        assertThat(RestConfig.scopesFromAnnotation(TestB.class)).isEqualTo(FpApplication.scopesFor(FpApplication.FPRISK));
+        assertThat(RestConfig.contextPathFromAnnotation(TestB.class)).isEqualTo(URI.create(FpApplication.contextPathFor(FpApplication.FPRISK)));
+        assertThat(RestConfig.endpointFromAnnotation(TestB.class)).isEqualTo(URI.create(FpApplication.contextPathFor(FpApplication.FPRISK)));
+    }
+
+    @Test
+    void testCaseC() {
+        assertThat(RestConfig.applicationFromAnnotation(TestC.class)).hasValueSatisfying(v -> assertThat(FpApplication.FPFORMIDLING).isEqualTo(v));
+        assertThat(RestConfig.scopesFromAnnotation(TestC.class)).isEqualTo(FpApplication.scopesFor(FpApplication.FPFORMIDLING));
+        assertThat(RestConfig.contextPathFromAnnotation(TestC.class)).isEqualTo(URI.create(FpApplication.contextPathFor(FpApplication.FPFORMIDLING)));
+        assertThat(RestConfig.endpointFromAnnotation(TestC.class)).isEqualTo(URI.create(FpApplication.contextPathFor(FpApplication.FPFORMIDLING)));
+    }
+
+    @Test
+    void testCaseC1() {
+        System.setProperty("non.existent", "api://local.default.fpformidling-local/.default");
+        assertThat(RestConfig.applicationFromAnnotation(TestC.class)).hasValueSatisfying(v -> assertThat(FpApplication.FPFORMIDLING).isEqualTo(v));
+        assertThat(RestConfig.scopesFromAnnotation(TestC.class)).isEqualTo("api://local.default.fpformidling-local/.default");
+        assertThat(RestConfig.contextPathFromAnnotation(TestC.class)).isEqualTo(URI.create(FpApplication.contextPathFor(FpApplication.FPFORMIDLING)));
+        assertThat(RestConfig.endpointFromAnnotation(TestC.class)).isEqualTo(URI.create(FpApplication.contextPathFor(FpApplication.FPFORMIDLING)));
+        System.clearProperty("non.existent");
+    }
+
+    @Test
+    void testCaseD() {
+        assertThat(RestConfig.applicationFromAnnotation(TestD.class)).isEmpty();
+        assertThat(RestConfig.scopesFromAnnotation(TestD.class)).isEqualTo("api://local.teamforeldrepenger.fp-formidling/.default");
+        assertThrows(IllegalArgumentException.class, () -> RestConfig.contextPathFromAnnotation(TestD.class));
+        assertThat(RestConfig.endpointFromAnnotation(TestD.class)).isEqualTo(URI.create("http://fpformidling/fpformidling/default"));
+    }
+
+    @Test
+    void testCaseD1() {
+        System.setProperty("non.existent", "http://fpformidling/fpformidling/ekstern/target");
+        System.setProperty("non.existent2", "api://local.default.fpformidling/.default");
+        assertThat(RestConfig.scopesFromAnnotation(TestD.class)).isEqualTo("api://local.default.fpformidling/.default");
+        assertThat(RestConfig.endpointFromAnnotation(TestD.class)).isEqualTo(URI.create("http://fpformidling/fpformidling/ekstern/target"));
+        System.clearProperty("non.existent");
+        System.clearProperty("non.existent2");
+    }
+
+    @RestClientConfig(application = FpApplication.FPABAKUS, endpointProperty = "non.existent", endpointDefault = "http://fpabakus/fpabakus/ekstern")
+    private static class TestA {
+
+    }
+
+    @RestClientConfig(application = FpApplication.FPRISK)
+    private static class TestB {
+
+    }
+
+    @RestClientConfig(application = FpApplication.FPFORMIDLING, scopesProperty = "non.existent", scopesDefault = "api://local.teamforeldrepenger.fp-formidling/.default")
+    private static class TestC {
+
+    }
+
+    @RestClientConfig(endpointProperty = "non.existent", endpointDefault = "http://fpformidling/fpformidling/default",
+        scopesProperty = "non.existent2", scopesDefault = "api://local.teamforeldrepenger.fp-formidling/.default")
+    private static class TestD {
+
+    }
+
+
+
+}