Feature/kodeverk send gyldig token (#3343)

* Refaktorert kodeverk-proxy og sender nå med accesstoken etter forespørsel fra de
* Deploy med azure oppsett for nav tenant

proxies/kodeverk-proxy/build.gradle

@@ -53,17 +53,20 @@ dependencies {
     implementation 'no.nav.testnav.libs:reactive-core'
     implementation 'no.nav.testnav.libs:reactive-proxy'
     implementation 'no.nav.testnav.libs:data-transfer-objects'
+    implementation 'no.nav.testnav.libs:security-core'
+    implementation 'no.nav.testnav.libs:reactive-security'
 
     implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
     implementation 'org.springframework.boot:spring-boot-starter-webflux'
-    implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap' // TODO remove legacy bootstrap config
     implementation 'org.springframework.cloud:spring-cloud-starter-vault-config'
     implementation 'org.springframework.cloud:spring-cloud-starter-gateway'
 
-
     implementation 'net.logstash.logback:logstash-logback-encoder:7.4'
     implementation 'org.hibernate.validator:hibernate-validator'
 
+    annotationProcessor 'org.projectlombok:lombok'
+    implementation 'org.projectlombok:lombok'
+
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'org.springframework.cloud:spring-cloud-contract-wiremock'
 }

proxies/kodeverk-proxy/config.yml

@@ -38,6 +38,11 @@ spec:
         - application: app-1
           namespace: plattformsikkerhet
           cluster: dev-gcp
+    outbound:
+      rules:
+        - application: kodeverk-dev
+          cluster: dev-fss
+          namespace: team-rocket
   liveness:
     path: /internal/isAlive
     initialDelay: 4

proxies/kodeverk-proxy/settings.gradle

@@ -8,6 +8,8 @@ rootProject.name = 'kodeverk-proxy'
 includeBuild '../../libs/reactive-core'
 includeBuild '../../libs/reactive-proxy'
 includeBuild '../../libs/data-transfer-objects'
+includeBuild '../../libs/security-core'
+includeBuild '../../libs/reactive-security'
 
 gradleEnterprise {
     buildScan {

proxies/kodeverk-proxy/src/main/java/no/nav/testnav/proxies/kodeverkproxy/Consumers.java

@@ -0,0 +1,28 @@
+package no.nav.testnav.proxies.kodeverkproxy;
+
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import no.nav.testnav.libs.securitycore.domain.ServerProperties;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import static lombok.AccessLevel.PACKAGE;
+
+/**
+ * Samler alle placeholders for ulike {@code consumers.*}-konfigurasjon her, dvs. subklasser av {@code ServerProperties}.
+ * <br/><br/>
+ * Husk at Spring Boot bruker <a href="https://docs.spring.io/spring-boot/docs/current/reference/html/features.html#features.external-config.typesafe-configuration-properties.relaxed-binding">relaxed binding</a>
+ * mellom configuration properties og field names.
+ *
+ * @see ServerProperties
+ */
+@Configuration
+@ConfigurationProperties(prefix = "consumers")
+@NoArgsConstructor(access = PACKAGE)
+@Getter
+@Setter(PACKAGE)
+public class Consumers {
+
+    private ServerProperties kodeverk;
+}

proxies/kodeverk-proxy/src/main/java/no/nav/testnav/proxies/kodeverkproxy/KodeverkProxyApplicationStarter.java

@@ -3,6 +3,10 @@
 import no.nav.testnav.libs.reactivecore.config.CoreConfig;
 import no.nav.testnav.libs.reactiveproxy.config.DevConfig;
 import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
+import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
+import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
+import no.nav.testnav.libs.reactivesecurity.exchange.TokenExchange;
+import no.nav.testnav.libs.securitycore.domain.AccessToken;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.gateway.route.RouteLocator;
@@ -13,21 +17,33 @@
 @Import({
         CoreConfig.class,
         DevConfig.class,
-        SecurityConfig.class
+        SecurityConfig.class,
+        SecureOAuth2ServerToServerConfiguration.class
 })
 @SpringBootApplication
 public class KodeverkProxyApplicationStarter {
-    public static void main(String[] args) {
-        SpringApplication.run(KodeverkProxyApplicationStarter.class, args);
-    }
-
     @Bean
-    public RouteLocator customRouteLocator(RouteLocatorBuilder builder) {
-        return builder.routes()
+    public RouteLocator customRouteLocator(
+            RouteLocatorBuilder builder,
+            TokenExchange tokenExchange,
+            Consumers consumers
+    ) {
+        var addAuthenticationHeaderDevFilter = AddAuthenticationRequestGatewayFilterFactory
+                .bearerAuthenticationHeaderFilter(
+                        () -> tokenExchange
+                                .exchange(consumers.getKodeverk())
+                                .map(AccessToken::getTokenValue));
+        return builder
+                .routes()
                 .route(spec -> spec
                         .path("/**")
-                        .uri("http://kodeverk.org.svc.nais.local/")
+                        .filters(filterSpec -> filterSpec.filter(addAuthenticationHeaderDevFilter))
+                        .uri(consumers.getKodeverk().getUrl())
                 )
                 .build();
     }
-}
+
+    public static void main(String[] args) {
+        SpringApplication.run(KodeverkProxyApplicationStarter.class, args);
+    }
+}

proxies/kodeverk-proxy/src/main/resources/application.yml

@@ -12,10 +12,19 @@ spring:
           jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
           accepted-audience: ${azure.app.client.id}, api://${azure.app.client.id}
         tokenx:
-          issuer-uri: https://tokenx.dev-gcp.nav.cloud.nais.io 
+          issuer-uri: https://tokenx.dev-gcp.nav.cloud.nais.io
           jwk-set-uri: https://tokenx.dev-gcp.nav.cloud.nais.io/jwks
           accepted-audience: ${TOKEN_X_CLIENT_ID}
   cloud:
     gateway:
       httpclient:
         response-timeout: 240s
+    vault:
+      enabled: false
+
+consumers:
+  kodeverk:
+    name: kodeverk-dev
+    namespace: team-rocket
+    url: http://kodeverk.org.svc.nais.local
+    cluster: dev-fss

proxies/kodeverk-proxy/src/main/resources/logback-spring.xml

@@ -8,8 +8,11 @@
                     <maxDepthPerThrowable>256</maxDepthPerThrowable>
                     <maxLength>10280</maxLength>
                     <shortenedClassNameLength>20</shortenedClassNameLength>
-                    <exclude>^sun\.reflect\..*\.invoke</exclude>
-                    <exclude>^net\.sf\.cglib\.proxy\.MethodProxy\.invoke</exclude>
+                    <rootCauseFirst>true</rootCauseFirst>
+                    <exclude>^sun\.</exclude>
+                    <exclude>^net\.sf\.cglib\.</exclude>
+                    <exclude>^java\.lang\.Thread\.</exclude>
+                    <exclude>^java\.io\.</exclude>
                     <exclude>java\.util\.concurrent\..*</exclude>
                     <exclude>org\.apache\.catalina\..*</exclude>
                     <exclude>org\.apache\.coyote\..*</exclude>
@@ -36,5 +39,5 @@
         </root>
     </springProfile>
 
-    <logger level="TRACE" name="no.nav.testnav.libs.reactivecore.filter.RequestLogger" />
+    <logger level="TRACE" name="no.nav.testnav.libs.reactivecore.filter.RequestLogger"/>
 </configuration>