From 7f7b2de69dfc9af5180f5981a0243c3bdb466d46 Mon Sep 17 00:00:00 2001 From: stigus Date: Wed, 23 Oct 2024 15:17:24 +0200 Subject: [PATCH 01/28] =?UTF-8?q?*=20Endrer=20litt=20p=C3=A5=20Histark=20P?= =?UTF-8?q?ost=20oppsett=20#deploy-test-dolly-backend?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../no/nav/dolly/bestilling/histark/domain/HistarkResponse.java | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkResponse.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkResponse.java index c69f5f6f22f..76a3324e4c5 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkResponse.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkResponse.java @@ -12,5 +12,6 @@ public class HistarkResponse { private String histarkId; + private String saksmappeId; private String feilmelding; } From eafaec6f451bc8b97af486d1451945b9c6ffbd9e Mon Sep 17 00:00:00 2001 From: stigus Date: Wed, 23 Oct 2024 15:17:29 +0200 Subject: [PATCH 02/28] =?UTF-8?q?*=20Endrer=20litt=20p=C3=A5=20Histark=20P?= =?UTF-8?q?ost=20oppsett=20#deploy-test-dolly-backend?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../dolly/bestilling/histark/command/HistarkPostCommand.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index ad20fb87941..44a9ffa05f9 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -1,5 +1,6 @@ package no.nav.dolly.bestilling.histark.command; +import com.fasterxml.jackson.databind.JsonNode; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.dolly.bestilling.histark.domain.HistarkRequest; @@ -44,10 +45,10 @@ public Flux call() { .header(HttpHeaders.CONTENT_TYPE, MediaType.MULTIPART_FORM_DATA_VALUE) .body(BodyInserters.fromMultipartData(bodyBuilder.build())) .retrieve() - .bodyToMono(String.class) + .bodyToMono(JsonNode.class) .doOnSuccess(response -> log.info("Response mottatt fra Histark service: {}", response)) .map(response -> HistarkResponse.builder() - .histarkId(response.replaceAll("[^\\d-]|-(?=\\D)", "")) + .histarkId(response.get("saksmappeId").asText().replaceAll("[^\\d-]|-(?=\\D)", "")) .build()) .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) .filter(WebClientFilter::is5xxException)) From 43712fc6867d853d4d8a041b514d80bcaf8c127f Mon Sep 17 00:00:00 2001 From: stigus Date: Wed, 23 Oct 2024 16:47:52 +0200 Subject: [PATCH 03/28] =?UTF-8?q?*=20Endrer=20litt=20p=C3=A5=20Histark=20P?= =?UTF-8?q?ost=20oppsett=20#deploy-test-dolly-backend?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../main/java/no/nav/dolly/bestilling/histark/HistarkClient.java | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkClient.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkClient.java index 3a3d585250d..2db66e5830b 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkClient.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkClient.java @@ -56,7 +56,6 @@ public Flux gjenopprett(RsDollyUtvidetBestilling bestilling, Dolly histarkConsumer.postHistark(request) .mapNotNull(status -> getStatus(dollyPerson.getIdent(), bestilling.getId(), status)) : - Mono.just("OK") ) .map(status -> futurePersist(progress, status)); From a0d73e434d7f7dfd5b95242ca5fda556dc0dba6c Mon Sep 17 00:00:00 2001 From: stigus Date: Thu, 24 Oct 2024 09:05:47 +0200 Subject: [PATCH 04/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../java/no/nav/dolly/bestilling/fullmakt/FullmaktClient.java | 2 -- .../java/no/nav/dolly/bestilling/histark/HistarkConsumer.java | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/fullmakt/FullmaktClient.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/fullmakt/FullmaktClient.java index 5b48dade5c8..87c8bd8d144 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/fullmakt/FullmaktClient.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/fullmakt/FullmaktClient.java @@ -28,8 +28,6 @@ @RequiredArgsConstructor public class FullmaktClient implements ClientRegister { - private static final String FULLMAKT_REPRESENTASJON = "FULLMAKT_REPR#"; - private final ErrorStatusDecoder errorStatusDecoder; private final TransactionHelperService transactionHelperService; private final FullmaktConsumer fullmaktConsumer; diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java index 4620666f522..5c683664571 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java @@ -40,7 +40,7 @@ public HistarkConsumer( .build(); } - @Timed(name = "providers", tags = { "operation", "dokarkiv-opprett" }) + @Timed(name = "providers", tags = { "operation", "histark-opprett" }) public Flux postHistark(HistarkRequest histarkRequest) { var callId = getNavCallId(); From 6ece1be9b4813386210819a61bcf754354069db9 Mon Sep 17 00:00:00 2001 From: stigus Date: Thu, 24 Oct 2024 11:18:03 +0200 Subject: [PATCH 05/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../nav/dolly/bestilling/histark/domain/HistarkRequest.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkRequest.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkRequest.java index f3c17399b18..59d5311ce0d 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkRequest.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkRequest.java @@ -41,6 +41,10 @@ public static class HistarkDokument { @Schema(description = "Metadata tilhørende filen som sendes") private HistarkMetadata metadata; + @Override + public String toString() { + return "HistarkDokument{file='%s...', metadata=%s}".formatted(file.substring(0, 10), metadata); + } @Data @Builder From 32baeac4df9280393cd296259acebe8e2b329d26 Mon Sep 17 00:00:00 2001 From: stigus Date: Thu, 24 Oct 2024 11:21:58 +0200 Subject: [PATCH 06/28] =?UTF-8?q?*=20Laget=20egen=20komponent=20for=20?= =?UTF-8?q?=C3=A5=20vise=20feilmeldinger=20fra=20form=20p=C3=A5=20komponen?= =?UTF-8?q?ter=20som=20ikke=20har=20noe=20dedikert=20input=20field=20*=20F?= =?UTF-8?q?ikset=20Histark=20visning=20av=20feil=20i=20form=20og=20lagt=20?= =?UTF-8?q?p=C3=A5=20initialValue=20for=20den=20*=20Benytter=20ny=20feilme?= =?UTF-8?q?lding=20komponent=20istedenfor=20=C3=A5=20gjenbruke=20kode=20ov?= =?UTF-8?q?eralt=20hvor=20det=20trengtes=20#deploy-test-frontend?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../arbeidsplassen/form/initialValues.tsx | 2 +- .../fagsystem/fullmakt/form/FullmaktForm.tsx | 14 ++------ .../fagsystem/histark/form/HistarkForm.tsx | 2 ++ .../pensjon/form/GenerertInntektForm.tsx | 12 ++----- .../components/ui/toast/DisplayFormError.tsx | 32 +++++++++++++++++++ 5 files changed, 40 insertions(+), 22 deletions(-) create mode 100644 apps/dolly-frontend/src/main/js/src/components/ui/toast/DisplayFormError.tsx diff --git a/apps/dolly-frontend/src/main/js/src/components/fagsystem/arbeidsplassen/form/initialValues.tsx b/apps/dolly-frontend/src/main/js/src/components/fagsystem/arbeidsplassen/form/initialValues.tsx index 7ee4eb703e4..72dbfc364cd 100644 --- a/apps/dolly-frontend/src/main/js/src/components/fagsystem/arbeidsplassen/form/initialValues.tsx +++ b/apps/dolly-frontend/src/main/js/src/components/fagsystem/arbeidsplassen/form/initialValues.tsx @@ -218,7 +218,7 @@ export const initialHistark = { tittel: '', antallSider: -1, skanner: '', - skannested: '', + skannested: 'FREDRIKSTAD', skanningsTidspunkt: new Date(), temakoder: [], enhetsnavn: '', diff --git a/apps/dolly-frontend/src/main/js/src/components/fagsystem/fullmakt/form/FullmaktForm.tsx b/apps/dolly-frontend/src/main/js/src/components/fagsystem/fullmakt/form/FullmaktForm.tsx index c707975c021..2ec95eafd97 100644 --- a/apps/dolly-frontend/src/main/js/src/components/fagsystem/fullmakt/form/FullmaktForm.tsx +++ b/apps/dolly-frontend/src/main/js/src/components/fagsystem/fullmakt/form/FullmaktForm.tsx @@ -16,12 +16,12 @@ import { useFullmaktOmraader } from '@/utils/hooks/useFullmakt' import { Omraade } from '@/components/fagsystem/fullmakt/FullmaktType' import { Option } from '@/service/SelectOptionsOppslag' import Loading from '@/components/ui/loading/Loading' -import { ErrorMessage } from '@hookform/error-message' import { validation } from '@/components/fagsystem/fullmakt/form/validation' +import { DisplayFormError } from '@/components/ui/toast/DisplayFormError' interface FullmaktProps { formMethods: UseFormReturn - path?: string + path: string opts?: any eksisterendeNyPerson?: any } @@ -174,15 +174,7 @@ export const Fullmakt = ({ toggleExpansion={!isTestnorgeIdent} eksisterendeNyPerson={eksisterendeNyPerson} /> - {formMethods.formState.errors && ( - ( -

{message}

- )} - /> - )} + ) } diff --git a/apps/dolly-frontend/src/main/js/src/components/fagsystem/histark/form/HistarkForm.tsx b/apps/dolly-frontend/src/main/js/src/components/fagsystem/histark/form/HistarkForm.tsx index e0a02a615be..2ee2621ee3b 100644 --- a/apps/dolly-frontend/src/main/js/src/components/fagsystem/histark/form/HistarkForm.tsx +++ b/apps/dolly-frontend/src/main/js/src/components/fagsystem/histark/form/HistarkForm.tsx @@ -17,6 +17,7 @@ import { FormTextInput } from '@/components/ui/form/inputs/textInput/TextInput' import { Yearpicker } from '@/components/ui/form/inputs/yearpicker/Yearpicker' import { testDatoFom, testDatoTom } from '@/components/fagsystem/utils' import { useFormContext } from 'react-hook-form' +import { DisplayFormError } from '@/components/ui/toast/DisplayFormError' const DokumentInfoListe = React.lazy( () => import('@/components/fagsystem/dokarkiv/modal/DokumentInfoListe'), @@ -168,6 +169,7 @@ export const HistarkForm = () => { /> )} + )} diff --git a/apps/dolly-frontend/src/main/js/src/components/fagsystem/pensjon/form/GenerertInntektForm.tsx b/apps/dolly-frontend/src/main/js/src/components/fagsystem/pensjon/form/GenerertInntektForm.tsx index de7eae9011a..13a96ec158e 100644 --- a/apps/dolly-frontend/src/main/js/src/components/fagsystem/pensjon/form/GenerertInntektForm.tsx +++ b/apps/dolly-frontend/src/main/js/src/components/fagsystem/pensjon/form/GenerertInntektForm.tsx @@ -9,8 +9,8 @@ import { FormDollyFieldArray } from '@/components/ui/form/fieldArray/DollyFieldA import { pensjonGenererPath } from '@/components/fagsystem/pensjon/form/Form' import styled from 'styled-components' import NavButton from '@/components/ui/button/NavButton/NavButton' -import { ErrorMessage } from '@hookform/error-message' import { usePensjonFacadeGenerer } from '@/utils/hooks/usePensjon' +import { DisplayFormError } from '@/components/ui/toast/DisplayFormError' const getTittel = (data) => { const inntektsaar = data?.map((inntekt) => inntekt.ar) @@ -117,15 +117,7 @@ export const GenerertInntektForm = ({ gyldigFraOgMedAar, formMethods }) => { - {formMethods.formState.errors && ( - ( -

{message}

- )} - /> - )} + {formInntekter?.length > 0 && ( diff --git a/apps/dolly-frontend/src/main/js/src/components/ui/toast/DisplayFormError.tsx b/apps/dolly-frontend/src/main/js/src/components/ui/toast/DisplayFormError.tsx new file mode 100644 index 00000000000..f125208cd0f --- /dev/null +++ b/apps/dolly-frontend/src/main/js/src/components/ui/toast/DisplayFormError.tsx @@ -0,0 +1,32 @@ +import 'react-toastify/dist/ReactToastify.css' +import { ErrorMessage } from '@hookform/error-message' +import * as React from 'react' +import { useContext } from 'react' +import { useFormContext } from 'react-hook-form' +import { + ShowErrorContext, + ShowErrorContextType, +} from '@/components/bestillingsveileder/ShowErrorContext' + +type Props = { + path: string + errorMessage?: string +} + +export const DisplayFormError = ({ path, errorMessage }: Props) => { + const formMethods = useFormContext() + const errorContext: ShowErrorContextType = useContext(ShowErrorContext) + + return ( + errorContext.showError && + formMethods.formState.errors && ( + ( +

{errorMessage || message}

+ )} + /> + ) + ) +} From 29b937f12dc6fe68cba86c7076fa3a33017168c6 Mon Sep 17 00:00:00 2001 From: stigus Date: Thu, 24 Oct 2024 14:00:47 +0200 Subject: [PATCH 07/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../dolly/bestilling/histark/command/HistarkPostCommand.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 44a9ffa05f9..1f67d5d7547 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -46,7 +46,7 @@ public Flux call() { .body(BodyInserters.fromMultipartData(bodyBuilder.build())) .retrieve() .bodyToMono(JsonNode.class) - .doOnSuccess(response -> log.info("Response mottatt fra Histark service: {}", response)) + .doOnSuccess(response -> response.fieldNames().forEachRemaining(fieldname -> log.info("Fieldname from histark: {}", fieldname))) .map(response -> HistarkResponse.builder() .histarkId(response.get("saksmappeId").asText().replaceAll("[^\\d-]|-(?=\\D)", "")) .build()) From f6b196959db5c8d7790de5125cbc5caaa0e81354 Mon Sep 17 00:00:00 2001 From: stigus Date: Thu, 24 Oct 2024 14:36:26 +0200 Subject: [PATCH 08/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../bestilling/histark/command/HistarkPostCommand.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 1f67d5d7547..618f6a3c9c1 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -1,6 +1,6 @@ package no.nav.dolly.bestilling.histark.command; -import com.fasterxml.jackson.databind.JsonNode; +import io.swagger.v3.core.util.Json; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.dolly.bestilling.histark.domain.HistarkRequest; @@ -45,10 +45,10 @@ public Flux call() { .header(HttpHeaders.CONTENT_TYPE, MediaType.MULTIPART_FORM_DATA_VALUE) .body(BodyInserters.fromMultipartData(bodyBuilder.build())) .retrieve() - .bodyToMono(JsonNode.class) - .doOnSuccess(response -> response.fieldNames().forEachRemaining(fieldname -> log.info("Fieldname from histark: {}", fieldname))) + .bodyToMono(Object.class) + .doOnSuccess(response -> log.info("Histark response: {}", response)) .map(response -> HistarkResponse.builder() - .histarkId(response.get("saksmappeId").asText().replaceAll("[^\\d-]|-(?=\\D)", "")) + .histarkId(Json.pretty(response)) .build()) .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) .filter(WebClientFilter::is5xxException)) From 6ea56a073041a7f14bfbcaf3a31518181a1e1cc9 Mon Sep 17 00:00:00 2001 From: stigus Date: Thu, 24 Oct 2024 15:20:33 +0200 Subject: [PATCH 09/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../dolly/bestilling/histark/command/HistarkPostCommand.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 618f6a3c9c1..c0aaef95a2a 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -46,7 +46,7 @@ public Flux call() { .body(BodyInserters.fromMultipartData(bodyBuilder.build())) .retrieve() .bodyToMono(Object.class) - .doOnSuccess(response -> log.info("Histark response: {}", response)) + .doOnEach(response -> log.info("Histark response: {}", response)) .map(response -> HistarkResponse.builder() .histarkId(Json.pretty(response)) .build()) From 684419a47b68f18f28cc64be2731ee7bd18e97a7 Mon Sep 17 00:00:00 2001 From: stigus Date: Thu, 24 Oct 2024 15:30:31 +0200 Subject: [PATCH 10/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../dolly/bestilling/histark/command/HistarkPostCommand.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index c0aaef95a2a..cd2403685f8 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -7,6 +7,7 @@ import no.nav.dolly.bestilling.histark.domain.HistarkResponse; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatusCode; import org.springframework.http.MediaType; import org.springframework.http.client.MultipartBodyBuilder; import org.springframework.web.reactive.function.BodyInserters; @@ -45,6 +46,10 @@ public Flux call() { .header(HttpHeaders.CONTENT_TYPE, MediaType.MULTIPART_FORM_DATA_VALUE) .body(BodyInserters.fromMultipartData(bodyBuilder.build())) .retrieve() + .onStatus(HttpStatusCode::is2xxSuccessful, response -> { + log.info("Histark response OK: {}", response); + return Mono.empty(); + }) .bodyToMono(Object.class) .doOnEach(response -> log.info("Histark response: {}", response)) .map(response -> HistarkResponse.builder() From a08f277032b0bd5f389c1a8318786e30ab1723a4 Mon Sep 17 00:00:00 2001 From: stigus Date: Fri, 25 Oct 2024 09:52:27 +0200 Subject: [PATCH 11/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../histark/command/HistarkPostCommand.java | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index cd2403685f8..a2c6d224f0e 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -7,7 +7,6 @@ import no.nav.dolly.bestilling.histark.domain.HistarkResponse; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpStatusCode; import org.springframework.http.MediaType; import org.springframework.http.client.MultipartBodyBuilder; import org.springframework.web.reactive.function.BodyInserters; @@ -46,15 +45,14 @@ public Flux call() { .header(HttpHeaders.CONTENT_TYPE, MediaType.MULTIPART_FORM_DATA_VALUE) .body(BodyInserters.fromMultipartData(bodyBuilder.build())) .retrieve() - .onStatus(HttpStatusCode::is2xxSuccessful, response -> { - log.info("Histark response OK: {}", response); - return Mono.empty(); - }) .bodyToMono(Object.class) - .doOnEach(response -> log.info("Histark response: {}", response)) - .map(response -> HistarkResponse.builder() - .histarkId(Json.pretty(response)) - .build()) + .doOnNext(response -> log.info("Histark response: {}", response)) + .map(response -> { + log.info("Histark response: {}", response); + return HistarkResponse.builder() + .histarkId(Json.pretty(response)) + .build(); + }) .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) .filter(WebClientFilter::is5xxException)) .doOnError(WebClientFilter::logErrorMessage) From cbd01e499fc77739a6859ce34f19dd4a7e498dfa Mon Sep 17 00:00:00 2001 From: stigus Date: Fri, 25 Oct 2024 09:59:58 +0200 Subject: [PATCH 12/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../histark/command/HistarkPostCommand.java | 55 ++++++++++--------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index a2c6d224f0e..7fedafd0309 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -33,32 +33,33 @@ public class HistarkPostCommand implements Callable> { @Override public Flux call() { - return Flux.fromIterable(histarkRequest.getHistarkDokumenter()).flatMap(histarkDokument -> { - var bodyBuilder = new MultipartBodyBuilder(); - bodyBuilder.part("file", histarkDokument.getFile().getBytes(StandardCharsets.UTF_8)); - bodyBuilder.part("metadata", histarkDokument.getMetadata().toString()); - return webClient.post() - .uri(builder -> - builder.path("/api/saksmapper/import").build()) - .header(AUTHORIZATION, "Bearer " + token) - .contentType(MediaType.MULTIPART_FORM_DATA) - .header(HttpHeaders.CONTENT_TYPE, MediaType.MULTIPART_FORM_DATA_VALUE) - .body(BodyInserters.fromMultipartData(bodyBuilder.build())) - .retrieve() - .bodyToMono(Object.class) - .doOnNext(response -> log.info("Histark response: {}", response)) - .map(response -> { - log.info("Histark response: {}", response); - return HistarkResponse.builder() - .histarkId(Json.pretty(response)) - .build(); - }) - .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) - .filter(WebClientFilter::is5xxException)) - .doOnError(WebClientFilter::logErrorMessage) - .onErrorResume(error -> Mono.just(HistarkResponse.builder() - .feilmelding(WebClientFilter.getMessage(error)) - .build())); - }); + return Flux.fromIterable(histarkRequest.getHistarkDokumenter()) + .flatMap(histarkDokument -> { + var bodyBuilder = new MultipartBodyBuilder(); + bodyBuilder.part("file", histarkDokument.getFile().getBytes(StandardCharsets.UTF_8)); + bodyBuilder.part("metadata", histarkDokument.getMetadata().toString()); + return webClient.post() + .uri(builder -> + builder.path("/api/saksmapper/import").build()) + .header(AUTHORIZATION, "Bearer " + token) + .contentType(MediaType.MULTIPART_FORM_DATA) + .header(HttpHeaders.CONTENT_TYPE, MediaType.MULTIPART_FORM_DATA_VALUE) + .body(BodyInserters.fromMultipartData(bodyBuilder.build())) + .retrieve() + .bodyToMono(String.class) + .doOnNext(response -> log.info("Histark response: {}", response)) + .map(response -> { + log.info("Histark response: {}", response); + return HistarkResponse.builder() + .histarkId(Json.pretty(response)) + .build(); + }) + .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) + .filter(WebClientFilter::is5xxException)) + .doOnError(WebClientFilter::logErrorMessage) + .onErrorResume(error -> Mono.just(HistarkResponse.builder() + .feilmelding(WebClientFilter.getMessage(error)) + .build())); + }); } } \ No newline at end of file From ea03f12a9cff443963377f2fe56ef60b778b43e3 Mon Sep 17 00:00:00 2001 From: stigus Date: Fri, 25 Oct 2024 10:17:14 +0200 Subject: [PATCH 13/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../histark/command/HistarkPostCommand.java | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 7fedafd0309..fe39a017def 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -1,6 +1,5 @@ package no.nav.dolly.bestilling.histark.command; -import io.swagger.v3.core.util.Json; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.dolly.bestilling.histark.domain.HistarkRequest; @@ -47,13 +46,10 @@ public Flux call() { .body(BodyInserters.fromMultipartData(bodyBuilder.build())) .retrieve() .bodyToMono(String.class) - .doOnNext(response -> log.info("Histark response: {}", response)) - .map(response -> { - log.info("Histark response: {}", response); - return HistarkResponse.builder() - .histarkId(Json.pretty(response)) - .build(); - }) + .doOnNext(response -> log.info("Histark post response: {}", response)) + .map(response -> HistarkResponse.builder() + .histarkId(response) + .build()) .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) .filter(WebClientFilter::is5xxException)) .doOnError(WebClientFilter::logErrorMessage) From 6a805bbb21a3233b2df97d3eae34a5d75cfefce2 Mon Sep 17 00:00:00 2001 From: stigus Date: Fri, 25 Oct 2024 10:35:04 +0200 Subject: [PATCH 14/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../bestilling/histark/HistarkConsumer.java | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java index 5c683664571..82c1d488e1b 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java @@ -10,6 +10,7 @@ import no.nav.testnav.libs.securitycore.domain.ServerProperties; import no.nav.testnav.libs.standalone.servletsecurity.exchange.TokenExchange; import org.springframework.stereotype.Service; +import org.springframework.web.reactive.function.client.ExchangeFilterFunction; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Flux; @@ -36,6 +37,7 @@ public HistarkConsumer( this.tokenService = tokenService; this.webClient = webClientBuilder .baseUrl(serverProperties.getUrl()) + .filters(exchangeFilterFunctions -> exchangeFilterFunctions.add(logRequest())) .exchangeStrategies(getJacksonStrategy(objectMapper)) .build(); } @@ -51,6 +53,28 @@ public Flux postHistark(HistarkRequest histarkRequest) { token.getTokenValue()).call()); } + private ExchangeFilterFunction logRequest() { + + return (clientRequest, next) -> { + var buffer = new StringBuilder(250) + .append("Request: ") + .append(clientRequest.method()) + .append(' ') + .append(clientRequest.url()) + .append(System.lineSeparator()); + + clientRequest.headers() + .forEach((name, values) -> values + .forEach(value -> buffer.append('\t') + .append(name) + .append('=') + .append(value.contains("Bearer ") ? "Bearer token" : value) + .append(System.lineSeparator()))); + log.trace(buffer.substring(0, buffer.length() - 1)); + return next.exchange(clientRequest); + }; + } + private static String getNavCallId() { return format("%s %s", CONSUMER, UUID.randomUUID()); } From e34e925e848059e2588fe3e1719027e78ecbdab5 Mon Sep 17 00:00:00 2001 From: stigus Date: Fri, 25 Oct 2024 10:50:57 +0200 Subject: [PATCH 15/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../java/no/nav/dolly/bestilling/histark/HistarkConsumer.java | 3 ++- apps/dolly-backend/src/main/resources/logback-spring.xml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java index 82c1d488e1b..0965c7236d5 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/HistarkConsumer.java @@ -17,6 +17,7 @@ import java.util.UUID; import static java.lang.String.format; +import static java.util.Objects.nonNull; import static no.nav.dolly.domain.CommonKeysAndUtils.CONSUMER; import static no.nav.dolly.util.JacksonExchangeStrategyUtil.getJacksonStrategy; @@ -68,7 +69,7 @@ private ExchangeFilterFunction logRequest() { .forEach(value -> buffer.append('\t') .append(name) .append('=') - .append(value.contains("Bearer ") ? "Bearer token" : value) + .append(nonNull(value) && value.contains("Bearer ") ? "Bearer token" : value) .append(System.lineSeparator()))); log.trace(buffer.substring(0, buffer.length() - 1)); return next.exchange(clientRequest); diff --git a/apps/dolly-backend/src/main/resources/logback-spring.xml b/apps/dolly-backend/src/main/resources/logback-spring.xml index 6c4bba7270e..47d2cf6f19d 100644 --- a/apps/dolly-backend/src/main/resources/logback-spring.xml +++ b/apps/dolly-backend/src/main/resources/logback-spring.xml @@ -38,6 +38,7 @@ + From 77deb1b6f1241c1f321ff862020f38f3c38c8b94 Mon Sep 17 00:00:00 2001 From: stigus Date: Fri, 25 Oct 2024 11:30:20 +0200 Subject: [PATCH 16/28] * Mindre endringer for Histark Post oppsett #deploy-test-dolly-backend --- .../dolly/bestilling/histark/command/HistarkPostCommand.java | 4 +++- .../nav/dolly/bestilling/histark/domain/HistarkRequest.java | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index fe39a017def..8d98e097993 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -37,13 +37,15 @@ public Flux call() { var bodyBuilder = new MultipartBodyBuilder(); bodyBuilder.part("file", histarkDokument.getFile().getBytes(StandardCharsets.UTF_8)); bodyBuilder.part("metadata", histarkDokument.getMetadata().toString()); + var body = bodyBuilder.build(); + log.info("Sending histark body: {}", body); return webClient.post() .uri(builder -> builder.path("/api/saksmapper/import").build()) .header(AUTHORIZATION, "Bearer " + token) .contentType(MediaType.MULTIPART_FORM_DATA) .header(HttpHeaders.CONTENT_TYPE, MediaType.MULTIPART_FORM_DATA_VALUE) - .body(BodyInserters.fromMultipartData(bodyBuilder.build())) + .body(BodyInserters.fromMultipartData(body)) .retrieve() .bodyToMono(String.class) .doOnNext(response -> log.info("Histark post response: {}", response)) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkRequest.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkRequest.java index 59d5311ce0d..bbdb16cdb30 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkRequest.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/domain/HistarkRequest.java @@ -43,7 +43,7 @@ public static class HistarkDokument { @Override public String toString() { - return "HistarkDokument{file='%s...', metadata=%s}".formatted(file.substring(0, 10), metadata); + return "HistarkDokument{file='%s...', metadata=%s}".formatted(file.substring(file.length() - 21, file.length() - 1), metadata); } @Data From c7a614b0f8afb800c1d9757634946b84ebbac300 Mon Sep 17 00:00:00 2001 From: stigus Date: Fri, 25 Oct 2024 15:14:24 +0200 Subject: [PATCH 17/28] =?UTF-8?q?*=20=C3=98ker=20buffer=20size=20for=20Bac?= =?UTF-8?q?kend=20og=20Histark=20Proxy=20#deploy-test-dolly-backend=20#dep?= =?UTF-8?q?loy-proxy-histark?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/dolly-backend/config.test.yml | 1 + apps/dolly-backend/config.yml | 1 + .../histark/command/HistarkPostCommand.java | 20 +++++++++---------- proxies/histark-proxy/config.yml | 1 + 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/apps/dolly-backend/config.test.yml b/apps/dolly-backend/config.test.yml index c99e52ac2e3..fc01562b2e1 100644 --- a/apps/dolly-backend/config.test.yml +++ b/apps/dolly-backend/config.test.yml @@ -7,6 +7,7 @@ metadata: team: dolly annotations: nginx.ingress.kubernetes.io/proxy-body-size: "512m" + nginx.ingress.kubernetes.io/proxy-buffer-size: "8m" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" diff --git a/apps/dolly-backend/config.yml b/apps/dolly-backend/config.yml index 441586da91f..0f656c7ab3c 100644 --- a/apps/dolly-backend/config.yml +++ b/apps/dolly-backend/config.yml @@ -9,6 +9,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/proxy-body-size: "512m" + nginx.ingress.kubernetes.io/proxy-buffer-size: "8m" spec: tokenx: diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 8d98e097993..65d4374cddf 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -7,6 +7,7 @@ import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; import org.springframework.http.client.MultipartBodyBuilder; import org.springframework.web.reactive.function.BodyInserters; import org.springframework.web.reactive.function.client.WebClient; @@ -36,9 +37,8 @@ public Flux call() { .flatMap(histarkDokument -> { var bodyBuilder = new MultipartBodyBuilder(); bodyBuilder.part("file", histarkDokument.getFile().getBytes(StandardCharsets.UTF_8)); - bodyBuilder.part("metadata", histarkDokument.getMetadata().toString()); + bodyBuilder.part("metadata", histarkDokument.getMetadata()); var body = bodyBuilder.build(); - log.info("Sending histark body: {}", body); return webClient.post() .uri(builder -> builder.path("/api/saksmapper/import").build()) @@ -46,18 +46,16 @@ public Flux call() { .contentType(MediaType.MULTIPART_FORM_DATA) .header(HttpHeaders.CONTENT_TYPE, MediaType.MULTIPART_FORM_DATA_VALUE) .body(BodyInserters.fromMultipartData(body)) - .retrieve() - .bodyToMono(String.class) - .doOnNext(response -> log.info("Histark post response: {}", response)) - .map(response -> HistarkResponse.builder() - .histarkId(response) - .build()) + .exchangeToMono(clientResponse -> { + log.info("Status fra histark: {}", clientResponse.statusCode()); + return clientResponse.toEntity(HistarkResponse.class); + }) + .mapNotNull(ResponseEntity::getBody) + .doOnNext(response -> log.info("Response fraa histark: {}", response)) .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) .filter(WebClientFilter::is5xxException)) .doOnError(WebClientFilter::logErrorMessage) - .onErrorResume(error -> Mono.just(HistarkResponse.builder() - .feilmelding(WebClientFilter.getMessage(error)) - .build())); + .onErrorResume(throwable -> Mono.empty()); }); } } \ No newline at end of file diff --git a/proxies/histark-proxy/config.yml b/proxies/histark-proxy/config.yml index 6acaba2496b..3b48fe7c890 100644 --- a/proxies/histark-proxy/config.yml +++ b/proxies/histark-proxy/config.yml @@ -7,6 +7,7 @@ metadata: team: dolly annotations: nginx.ingress.kubernetes.io/proxy-body-size: "512m" + nginx.ingress.kubernetes.io/proxy-buffer-size: "8m" nginx.ingress.kubernetes.io/proxy-read-timeout: "300" spec: image: "{{image}}" From 7853535126cbd1b0aa7b40b62154f8f1e2051b01 Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 28 Oct 2024 09:29:57 +0100 Subject: [PATCH 18/28] * Histark mer logging #deploy-test-dolly-backend #deploy-proxy-histark --- .../dolly/bestilling/histark/command/HistarkPostCommand.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 65d4374cddf..9c77a988eb6 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -48,10 +48,11 @@ public Flux call() { .body(BodyInserters.fromMultipartData(body)) .exchangeToMono(clientResponse -> { log.info("Status fra histark: {}", clientResponse.statusCode()); + log.info("Responseheaders fra histark: {}", clientResponse.headers().asHttpHeaders()); return clientResponse.toEntity(HistarkResponse.class); }) .mapNotNull(ResponseEntity::getBody) - .doOnNext(response -> log.info("Response fraa histark: {}", response)) + .doOnNext(response -> log.info("Responsebody fra histark: {}", response)) .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) .filter(WebClientFilter::is5xxException)) .doOnError(WebClientFilter::logErrorMessage) From 425fa18c9d89f72ca8d911156b5fbd0aedc08874 Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 28 Oct 2024 10:25:44 +0100 Subject: [PATCH 19/28] * Histark mer logging #deploy-test-dolly-backend #deploy-proxy-histark --- .../dolly/bestilling/histark/command/HistarkPostCommand.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 9c77a988eb6..10b99651898 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -59,4 +59,4 @@ public Flux call() { .onErrorResume(throwable -> Mono.empty()); }); } -} \ No newline at end of file +} From 6cf9ce332289407c2f7829d56d6bf4f093bbd98f Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 28 Oct 2024 11:01:02 +0100 Subject: [PATCH 20/28] * Histark mer logging #deploy-test-dolly-backend #deploy-proxy-histark --- .../dolly/bestilling/histark/command/HistarkPostCommand.java | 1 + .../no/nav/dolly/provider/api/advice/HttpExceptionAdvice.java | 3 +++ 2 files changed, 4 insertions(+) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 10b99651898..4d29ab6bcd9 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -39,6 +39,7 @@ public Flux call() { bodyBuilder.part("file", histarkDokument.getFile().getBytes(StandardCharsets.UTF_8)); bodyBuilder.part("metadata", histarkDokument.getMetadata()); var body = bodyBuilder.build(); + log.info("Poster body til histark: {}", body); return webClient.post() .uri(builder -> builder.path("/api/saksmapper/import").build()) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/provider/api/advice/HttpExceptionAdvice.java b/apps/dolly-backend/src/main/java/no/nav/dolly/provider/api/advice/HttpExceptionAdvice.java index 6c1d8427a97..cb7d3c6c17c 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/provider/api/advice/HttpExceptionAdvice.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/provider/api/advice/HttpExceptionAdvice.java @@ -6,6 +6,7 @@ import lombok.Data; import lombok.NoArgsConstructor; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; import no.nav.dolly.exceptions.ConstraintViolationException; import no.nav.dolly.exceptions.DollyFunctionalException; import no.nav.dolly.exceptions.KodeverkException; @@ -22,6 +23,7 @@ import java.time.LocalDateTime; @ControllerAdvice +@Slf4j @RequiredArgsConstructor public class HttpExceptionAdvice { @@ -29,6 +31,7 @@ public class HttpExceptionAdvice { private final UrlPathHelper urlPathHelper; private ExceptionInformation informationForException(RuntimeException exception, HttpStatus status) { + log.error("HttpException: ", exception); return ExceptionInformation.builder() .error(status.getReasonPhrase()) .status(status.value()) From c314028ded985db5c4344f2c7d81b7f67044eaaf Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 28 Oct 2024 11:16:37 +0100 Subject: [PATCH 21/28] * Histark mer logging #deploy-test-dolly-backend #deploy-proxy-histark --- .../bestilling/histark/command/HistarkPostCommand.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 4d29ab6bcd9..400d4233265 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -5,7 +5,6 @@ import no.nav.dolly.bestilling.histark.domain.HistarkRequest; import no.nav.dolly.bestilling.histark.domain.HistarkResponse; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; -import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.http.client.MultipartBodyBuilder; @@ -42,10 +41,11 @@ public Flux call() { log.info("Poster body til histark: {}", body); return webClient.post() .uri(builder -> - builder.path("/api/saksmapper/import").build()) + builder.path("/api/saksmapper/import") + .queryParam("metadata", histarkDokument.getMetadata()) + .build()) .header(AUTHORIZATION, "Bearer " + token) .contentType(MediaType.MULTIPART_FORM_DATA) - .header(HttpHeaders.CONTENT_TYPE, MediaType.MULTIPART_FORM_DATA_VALUE) .body(BodyInserters.fromMultipartData(body)) .exchangeToMono(clientResponse -> { log.info("Status fra histark: {}", clientResponse.statusCode()); From e143d6b23414cb286a1ce853f3eb6c160b602f43 Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 28 Oct 2024 11:35:23 +0100 Subject: [PATCH 22/28] * Histark endrer body #deploy-test-dolly-backend #deploy-proxy-histark --- .../histark/command/HistarkPostCommand.java | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 400d4233265..4acc9d5e9f6 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -7,8 +7,6 @@ import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.http.client.MultipartBodyBuilder; -import org.springframework.web.reactive.function.BodyInserters; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; @@ -16,9 +14,11 @@ import java.nio.charset.StandardCharsets; import java.time.Duration; +import java.util.Arrays; import java.util.concurrent.Callable; import static org.springframework.http.HttpHeaders.AUTHORIZATION; +import static org.springframework.web.reactive.function.BodyInserters.fromFormData; @Slf4j @RequiredArgsConstructor @@ -34,11 +34,7 @@ public Flux call() { return Flux.fromIterable(histarkRequest.getHistarkDokumenter()) .flatMap(histarkDokument -> { - var bodyBuilder = new MultipartBodyBuilder(); - bodyBuilder.part("file", histarkDokument.getFile().getBytes(StandardCharsets.UTF_8)); - bodyBuilder.part("metadata", histarkDokument.getMetadata()); - var body = bodyBuilder.build(); - log.info("Poster body til histark: {}", body); + log.info("Sender metadata: {}", histarkDokument.getMetadata().toString()); return webClient.post() .uri(builder -> builder.path("/api/saksmapper/import") @@ -46,7 +42,8 @@ public Flux call() { .build()) .header(AUTHORIZATION, "Bearer " + token) .contentType(MediaType.MULTIPART_FORM_DATA) - .body(BodyInserters.fromMultipartData(body)) + .body(fromFormData("metadata", histarkDokument.getMetadata().toString()) + .with("file", Arrays.toString(histarkDokument.getFile().getBytes(StandardCharsets.UTF_8)))) .exchangeToMono(clientResponse -> { log.info("Status fra histark: {}", clientResponse.statusCode()); log.info("Responseheaders fra histark: {}", clientResponse.headers().asHttpHeaders()); From cd7baa85999f644fcd61443c181187e2d609e10c Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 28 Oct 2024 11:48:14 +0100 Subject: [PATCH 23/28] * Histark endrer body #deploy-test-dolly-backend #deploy-proxy-histark --- .../dolly/bestilling/histark/command/HistarkPostCommand.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index 4acc9d5e9f6..d493b7b041d 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -4,6 +4,7 @@ import lombok.extern.slf4j.Slf4j; import no.nav.dolly.bestilling.histark.domain.HistarkRequest; import no.nav.dolly.bestilling.histark.domain.HistarkResponse; +import no.nav.dolly.exceptions.DollyFunctionalException; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; @@ -47,6 +48,9 @@ public Flux call() { .exchangeToMono(clientResponse -> { log.info("Status fra histark: {}", clientResponse.statusCode()); log.info("Responseheaders fra histark: {}", clientResponse.headers().asHttpHeaders()); + if (clientResponse.statusCode().isError()) { + return Mono.error(new DollyFunctionalException("Feil ved opprettelse av saksmapper i histark")); + } return clientResponse.toEntity(HistarkResponse.class); }) .mapNotNull(ResponseEntity::getBody) From f616743d5941976122b5c4200e510cd1d5e244b2 Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 28 Oct 2024 13:21:40 +0100 Subject: [PATCH 24/28] * Histark endrer body #deploy-test-dolly-backend #deploy-proxy-histark --- .../bestilling/histark/command/HistarkPostCommand.java | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index d493b7b041d..a716a1c3ab2 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -4,10 +4,8 @@ import lombok.extern.slf4j.Slf4j; import no.nav.dolly.bestilling.histark.domain.HistarkRequest; import no.nav.dolly.bestilling.histark.domain.HistarkResponse; -import no.nav.dolly.exceptions.DollyFunctionalException; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; @@ -49,11 +47,12 @@ public Flux call() { log.info("Status fra histark: {}", clientResponse.statusCode()); log.info("Responseheaders fra histark: {}", clientResponse.headers().asHttpHeaders()); if (clientResponse.statusCode().isError()) { - return Mono.error(new DollyFunctionalException("Feil ved opprettelse av saksmapper i histark")); + return Mono.just(HistarkResponse.builder() + .feilmelding("Feil ved opprettelse av saksmappe, status: " + clientResponse.statusCode()) + .build()); } - return clientResponse.toEntity(HistarkResponse.class); + return clientResponse.bodyToMono(HistarkResponse.class); }) - .mapNotNull(ResponseEntity::getBody) .doOnNext(response -> log.info("Responsebody fra histark: {}", response)) .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) .filter(WebClientFilter::is5xxException)) From c05a91fa65f819cdca63e882380edc9406fb1d49 Mon Sep 17 00:00:00 2001 From: stigus Date: Thu, 31 Oct 2024 09:59:28 +0100 Subject: [PATCH 25/28] * Histark endrer body #deploy-test-dolly-backend --- .../dolly/bestilling/histark/command/HistarkPostCommand.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java index a716a1c3ab2..bdde77ece66 100644 --- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java +++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/histark/command/HistarkPostCommand.java @@ -37,7 +37,7 @@ public Flux call() { return webClient.post() .uri(builder -> builder.path("/api/saksmapper/import") - .queryParam("metadata", histarkDokument.getMetadata()) + .queryParam("metadata", histarkDokument.getMetadata().toString()) .build()) .header(AUTHORIZATION, "Bearer " + token) .contentType(MediaType.MULTIPART_FORM_DATA) From 14ed0bd0a6dfd612b6d8ce298a10386e715941b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristen=20H=C3=A6rum?= Date: Thu, 12 Dec 2024 09:00:58 +0100 Subject: [PATCH 26/28] Feature/altinn 3 tilgang (#3667) Add Altinn3 Tilgang Service --- .../app.altinn3-tilgang-service-prod.yml | 24 ++ .../workflows/app.altinn3-tilgang-service.yml | 23 ++ .../99-dolly-convert-to-pk8.sh | 6 + apps/altinn3-tilgang-service/Dockerfile | 9 + apps/altinn3-tilgang-service/README.md | 17 ++ apps/altinn3-tilgang-service/build.gradle | 38 +++ apps/altinn3-tilgang-service/config.dev.yml | 80 ++++++ apps/altinn3-tilgang-service/config.prod.yml | 86 +++++++ .../gradle/wrapper/gradle-wrapper.jar | Bin 0 -> 59536 bytes .../gradle/wrapper/gradle-wrapper.properties | 5 + apps/altinn3-tilgang-service/gradlew | 234 ++++++++++++++++++ apps/altinn3-tilgang-service/gradlew.bat | 89 +++++++ apps/altinn3-tilgang-service/gradlewUpdate.sh | 3 + apps/altinn3-tilgang-service/settings.gradle | 18 ++ ...tinn3TilgangServiceApplicationStarter.java | 25 ++ .../config/AltinnConfig.java | 21 ++ .../config/JacksonConfig.java | 27 ++ .../config/JsonMapperConfig.java | 110 ++++++++ .../config/LocalVaultConfig.java | 10 + .../config/MaskinportenConfig.java | 25 ++ .../config/OpenApiConfig.java | 66 +++++ .../config/SecurityConfig.java | 40 +++ .../consumer/altinn/AltinnConsumer.java | 164 ++++++++++++ .../CreateAccessListeMemberCommand.java | 52 ++++ .../DeleteAccessListMemberCommand.java | 53 ++++ .../command/GetAccessListMembersCommand.java | 39 +++ .../command/GetExchangeTokenCommand.java | 37 +++ .../consumer/altinn/dto/AccessToken.java | 0 .../altinn/dto/AltinnResponseDTO.java | 44 ++++ .../consumer/altinn/dto/BrregResponseDTO.java | 65 +++++ .../altinn/dto/OrganisasjonCreateDTO.java | 18 ++ .../altinn/dto/OrganisasjonDeleteDTO.java | 32 +++ .../consumer/brreg/BrregConsumer.java | 26 ++ .../brreg/command/GetBrregEnheterCommand.java | 37 +++ .../maskinporten/MaskinportenConsumer.java | 74 ++++++ .../command/GetAccessTokenCommand.java | 37 +++ .../command/GetWellKnownCommand.java | 32 +++ .../maskinporten/dto/AccessToken.java | 16 ++ .../consumer/maskinporten/dto/WellKnown.java | 18 ++ .../database/entity/OrganisasjonTilgang.java | 31 +++ .../OrganisasjonTilgangRepository.java | 16 ++ .../domain/Organisasjon.java | 22 ++ .../domain/OrganisasjonResponse.java | 21 ++ .../mapper/BrrregResponseMappingStrategy.java | 49 ++++ .../mapper/MapperFacadeConfig.java | 35 +++ .../mapper/MappingStrategy.java | 19 ++ .../OrganisajonTilgangMappingStrategy.java | 33 +++ .../provider/AltinnTilgangController.java | 50 ++++ .../OrganisasjonMiljoeController.java | 38 +++ .../service/AltinnTilgangService.java | 91 +++++++ .../service/MiljoerOversiktService.java | 63 +++++ .../src/main/resources/application-dev.yml | 17 ++ .../src/main/resources/application-local.yml | 29 +++ .../src/main/resources/application-prod.yml | 17 ++ .../src/main/resources/application.yml | 58 +++++ .../db/migration/V1.0.0__CreateTables.sql | 10 + .../src/main/resources/logback-spring.xml | 32 +++ .../ApplicationContextTest.java | 24 ++ .../src/test/resources/application-test.yml | 7 + apps/dolly-frontend/config.idporten.yml | 3 + apps/dolly-frontend/config.test.yml | 1 + apps/dolly-frontend/config.unstable.yml | 1 + apps/dolly-frontend/config.yml | 4 +- .../web/DollyFrontendApplicationStarter.java | 2 +- .../no/nav/dolly/web/config/Consumers.java | 2 +- apps/dolly-frontend/src/main/js/package.json | 3 +- .../src/main/js/proxy-routes.json | 2 +- .../adminPages/Orgtilgang/OrgOversikt.tsx | 3 - .../adminPages/Orgtilgang/OrgtilgangForm.tsx | 1 - .../Orgtilgang/RedigerOrganisasjon.tsx | 7 +- .../OrganisasjonTilgangService.tsx | 15 +- .../utils/hooks/useOrganisasjonTilgang.tsx | 4 +- .../src/main/resources/application-dev.yml | 7 +- .../src/main/resources/application-local.yml | 8 +- .../src/main/resources/application.yml | 10 +- ...asjonTilgangServiceApplicationStarter.java | 2 +- 76 files changed, 2400 insertions(+), 37 deletions(-) create mode 100644 .github/workflows/app.altinn3-tilgang-service-prod.yml create mode 100644 .github/workflows/app.altinn3-tilgang-service.yml create mode 100644 apps/altinn3-tilgang-service/99-dolly-convert-to-pk8.sh create mode 100644 apps/altinn3-tilgang-service/Dockerfile create mode 100644 apps/altinn3-tilgang-service/README.md create mode 100644 apps/altinn3-tilgang-service/build.gradle create mode 100644 apps/altinn3-tilgang-service/config.dev.yml create mode 100644 apps/altinn3-tilgang-service/config.prod.yml create mode 100644 apps/altinn3-tilgang-service/gradle/wrapper/gradle-wrapper.jar create mode 100644 apps/altinn3-tilgang-service/gradle/wrapper/gradle-wrapper.properties create mode 100755 apps/altinn3-tilgang-service/gradlew create mode 100644 apps/altinn3-tilgang-service/gradlew.bat create mode 100755 apps/altinn3-tilgang-service/gradlewUpdate.sh create mode 100644 apps/altinn3-tilgang-service/settings.gradle create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/Altinn3TilgangServiceApplicationStarter.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/AltinnConfig.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/JacksonConfig.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/JsonMapperConfig.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/LocalVaultConfig.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/MaskinportenConfig.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/OpenApiConfig.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/SecurityConfig.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetExchangeTokenCommand.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnResponseDTO.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/BrregResponseDTO.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/OrganisasjonCreateDTO.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/OrganisasjonDeleteDTO.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/BrregConsumer.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/command/GetBrregEnheterCommand.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/MaskinportenConsumer.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetAccessTokenCommand.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetWellKnownCommand.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/dto/AccessToken.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/dto/WellKnown.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/database/entity/OrganisasjonTilgang.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/database/repository/OrganisasjonTilgangRepository.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/Organisasjon.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/OrganisasjonResponse.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/BrrregResponseMappingStrategy.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/MapperFacadeConfig.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/MappingStrategy.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/OrganisajonTilgangMappingStrategy.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnTilgangController.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/OrganisasjonMiljoeController.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnTilgangService.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java create mode 100644 apps/altinn3-tilgang-service/src/main/resources/application-dev.yml create mode 100644 apps/altinn3-tilgang-service/src/main/resources/application-local.yml create mode 100644 apps/altinn3-tilgang-service/src/main/resources/application-prod.yml create mode 100644 apps/altinn3-tilgang-service/src/main/resources/application.yml create mode 100644 apps/altinn3-tilgang-service/src/main/resources/db/migration/V1.0.0__CreateTables.sql create mode 100644 apps/altinn3-tilgang-service/src/main/resources/logback-spring.xml create mode 100644 apps/altinn3-tilgang-service/src/test/java/no/nav/testnav/altinn3tilgangservice/ApplicationContextTest.java create mode 100644 apps/altinn3-tilgang-service/src/test/resources/application-test.yml diff --git a/.github/workflows/app.altinn3-tilgang-service-prod.yml b/.github/workflows/app.altinn3-tilgang-service-prod.yml new file mode 100644 index 00000000000..6751193d9f0 --- /dev/null +++ b/.github/workflows/app.altinn3-tilgang-service-prod.yml @@ -0,0 +1,24 @@ +name: altinn3-tilgang-service-prod + +on: + push: + paths: + - "plugins/**" + - "libs/reactive-core/**" + - "libs/reactive-security/**" + - "apps/altinn3-tilgang-service/**" + - ".github/workflows/app.altinn3-tilgang-service.yml" + +jobs: + workflow: + uses: ./.github/workflows/common.workflow.backend.yml + with: + working-directory: "apps/altinn3-tilgang-service" + deploy-tag: "#deploy-altinn3-tilgang-service-prod" + nais-manifest: "config.prod.yml" + cluster: "prod-gcp" + permissions: + contents: read + id-token: write + secrets: inherit + diff --git a/.github/workflows/app.altinn3-tilgang-service.yml b/.github/workflows/app.altinn3-tilgang-service.yml new file mode 100644 index 00000000000..33ed8e0eaaa --- /dev/null +++ b/.github/workflows/app.altinn3-tilgang-service.yml @@ -0,0 +1,23 @@ +name: altinn3-tilgang-service + +on: + push: + paths: + - "plugins/**" + - "libs/reactive-core/**" + - "libs/reactive-security/**" + - "apps/altinn3-tilgang-service/**" + - ".github/workflows/app.altinn3-tilgang-service.yml" + +jobs: + workflow: + uses: ./.github/workflows/common.workflow.backend.yml + with: + working-directory: "apps/altinn3-tilgang-service" + deploy-tag: "#deploy-altinn3-tilgang-service" + nais-manifest: "config.dev.yml" + permissions: + contents: read + id-token: write + secrets: inherit + diff --git a/apps/altinn3-tilgang-service/99-dolly-convert-to-pk8.sh b/apps/altinn3-tilgang-service/99-dolly-convert-to-pk8.sh new file mode 100644 index 00000000000..49cfce0b64e --- /dev/null +++ b/apps/altinn3-tilgang-service/99-dolly-convert-to-pk8.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env sh + +# +# Converts NAIS provided key.pem to PKCS#8 PEM format, which can be used by R2dbc. +# +openssl pkey -in /var/run/secrets/nais.io/sqlcertificate/key.pem -out /tmp/pk8.pem \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/Dockerfile b/apps/altinn3-tilgang-service/Dockerfile new file mode 100644 index 00000000000..6114d5f0438 --- /dev/null +++ b/apps/altinn3-tilgang-service/Dockerfile @@ -0,0 +1,9 @@ +FROM ghcr.io/navikt/baseimages/temurin:21 +LABEL maintainer="Team Dolly" + +ENV JAVA_OPTS="--add-opens java.base/java.lang=ALL-UNNAMED" + +COPY 99-dolly-convert-to-pk8.sh /init-scripts/ +COPY /build/libs/app.jar /app/ + +EXPOSE 8080 \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/README.md b/apps/altinn3-tilgang-service/README.md new file mode 100644 index 00000000000..c73ee0493b7 --- /dev/null +++ b/apps/altinn3-tilgang-service/README.md @@ -0,0 +1,17 @@ +## altinn3-tilgang-service + +Service som godkjenner tilganger for en spesifisert organisasjoner mot Dolly ved bruk av bankid. + +## Swagger + +Swagger finnes under [/swagger-ui.html](https://testnav-altinn3-tilgang-service.intern.dev.nav.no/swagger-ui.html) +-endepunktet til applikasjonen. + +## Lokal kjøring + +Ha naisdevice kjørende og kjør Altinn3TilgangServiceApplicationStarter med følgende argumenter: + +``` +-Dspring.profiles.active=local +-Dspring.cloud.vault.token=[vault-token] +``` diff --git a/apps/altinn3-tilgang-service/build.gradle b/apps/altinn3-tilgang-service/build.gradle new file mode 100644 index 00000000000..0967f46878e --- /dev/null +++ b/apps/altinn3-tilgang-service/build.gradle @@ -0,0 +1,38 @@ +plugins { + id "dolly-apps" +} + +sonarqube { + properties { + property "sonar.projectKey", "testnav-altinn3-tilgang-service" + property "sonar.projectName", "testnav-altinn3-tilgang-service" + } +} + +dependencies { + implementation "com.google.cloud:spring-cloud-gcp-starter-secretmanager:$versions.gcpSecretManager" + + implementation "no.nav.testnav.libs:reactive-core" + implementation "no.nav.testnav.libs:reactive-security" + implementation "no.nav.testnav.libs:vault" + + implementation "org.springframework.boot:spring-boot-starter-data-r2dbc" + implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server" + implementation "org.springframework.boot:spring-boot-starter-security" + + implementation "org.flywaydb:flyway-core" + implementation "org.flywaydb:flyway-database-postgresql" + + runtimeOnly "org.postgresql:postgresql" + runtimeOnly "org.postgresql:r2dbc-postgresql" + + implementation "ma.glasnost.orika:orika-core:$versions.orika" + + implementation "io.micrometer:micrometer-registry-prometheus" + implementation "org.springdoc:springdoc-openapi-starter-webflux-ui:$versions.springdoc" + implementation "io.swagger.core.v3:swagger-annotations-jakarta:$versions.swagger" + + implementation "io.r2dbc:r2dbc-h2" + testRuntimeOnly "com.h2database:h2" +} + diff --git a/apps/altinn3-tilgang-service/config.dev.yml b/apps/altinn3-tilgang-service/config.dev.yml new file mode 100644 index 00000000000..b9d45fba561 --- /dev/null +++ b/apps/altinn3-tilgang-service/config.dev.yml @@ -0,0 +1,80 @@ +apiVersion: "nais.io/v1alpha1" +kind: "Application" +metadata: + name: testnav-altinn3-tilgang-service + namespace: dolly + labels: + team: dolly +spec: + tokenx: + enabled: true + image: "{{image}}" + port: 8080 + azure: + application: + enabled: true + tenant: nav.no + claims: + groups: + - id: 9c7efec1-1599-4216-a67e-6fd53a6a951c + maskinporten: + enabled: true + scopes: + consumes: + - name: altinn:resourceregistry/accesslist.read + - name: altinn:resourceregistry/accesslist.write + accessPolicy: + inbound: + rules: + - application: dolly-frontend + - application: dolly-frontend-dev + - application: dolly-frontend-dev-unstable + - application: dolly-idporten + - application: team-dolly-lokal-app + - application: testnav-oversikt-frontend + outbound: + external: + - host: platform.tt02.altinn.no + - host: data.brreg.no + liveness: + path: /internal/isAlive + initialDelay: 10 + periodSeconds: 5 + failureThreshold: 500 + observability: + logging: + destinations: + - id: elastic + autoInstrumentation: + enabled: true + runtime: java + readiness: + path: /internal/isReady + initialDelay: 10 + periodSeconds: 5 + failureThreshold: 500 + prometheus: + enabled: true + path: /internal/metrics + replicas: + min: 1 + max: 1 + resources: + requests: + cpu: 200m + memory: 1024Mi + limits: + memory: 2048Mi + env: + - name: SPRING_PROFILES_ACTIVE + value: dev + ingresses: + - "https://testnav-altinn3-tilgang-service.intern.dev.nav.no" + gcp: + sqlInstances: + - type: POSTGRES_16 + tier: db-custom-1-3840 + name: testnav-altinn3-tilgang + databases: + - name: testnav-altinn3-tilgang + autoBackupHour: 2 \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/config.prod.yml b/apps/altinn3-tilgang-service/config.prod.yml new file mode 100644 index 00000000000..e57c9109b5c --- /dev/null +++ b/apps/altinn3-tilgang-service/config.prod.yml @@ -0,0 +1,86 @@ +apiVersion: "nais.io/v1alpha1" +kind: "Application" +metadata: + name: testnav-altinn3-tilgang-service-prod + namespace: dolly + labels: + team: dolly +spec: + tokenx: + enabled: true + image: "{{image}}" + port: 8080 + azure: + application: + enabled: true + tenant: nav.no + claims: + groups: + - id: 9c7efec1-1599-4216-a67e-6fd53a6a951c + maskinporten: + enabled: true + scopes: + consumes: + - name: altinn:resourceregistry/accesslist.read + - name: altinn:resourceregistry/accesslist.write + accessPolicy: + inbound: + rules: + - application: dolly-frontend + cluster: dev-gcp + - application: dolly-frontend-dev + cluster: dev-gcp + - application: dolly-frontend-dev-unstable + cluster: dev-gcp + - application: dolly-idporten + cluster: dev-gcp + - application: team-dolly-lokal-app + cluster: dev-gcp + - application: testnav-oversikt-frontend + cluster: dev-gcp + outbound: + external: + - host: platform.altinn.no + - host: data.brreg.no + liveness: + path: /internal/isAlive + initialDelay: 10 + periodSeconds: 5 + failureThreshold: 500 + observability: + logging: + destinations: + - id: elastic + autoInstrumentation: + enabled: true + runtime: java + readiness: + path: /internal/isReady + initialDelay: 10 + periodSeconds: 5 + failureThreshold: 500 + prometheus: + enabled: true + path: /internal/metrics + replicas: + min: 1 + max: 1 + resources: + requests: + cpu: 200m + memory: 1024Mi + limits: + memory: 2048Mi + env: + - name: SPRING_PROFILES_ACTIVE + value: prod + ingresses: + - "https://testnav-altinn3-tilgang-service.nav.no" + gcp: + sqlInstances: + - type: POSTGRES_16 + tier: db-custom-1-3840 + name: testnav-altinn3-tilgang + databases: + - name: testnav-altinn3-tilgang + autoBackupHour: 2 \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/gradle/wrapper/gradle-wrapper.jar b/apps/altinn3-tilgang-service/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000000000000000000000000000000000000..7454180f2ae8848c63b8b4dea2cb829da983f2fa GIT binary patch literal 59536 zcma&NbC71ylI~qywr$(CZQJHswz}-9F59+k+g;UV+cs{`J?GrGXYR~=-ydruB3JCa zB64N^cILAcWk5iofq)<(fq;O7{th4@;QxID0)qN`mJ?GIqLY#rX8-|G{5M0pdVW5^ zzXk$-2kQTAC?_N@B`&6-N-rmVFE=$QD?>*=4<|!MJu@}isLc4AW#{m2if&A5T5g&~ ziuMQeS*U5sL6J698wOd)K@oK@1{peP5&Esut<#VH^u)gp`9H4)`uE!2$>RTctN+^u z=ASkePDZA-X8)rp%D;p*~P?*a_=*Kwc<^>QSH|^<0>o37lt^+Mj1;4YvJ(JR-Y+?%Nu}JAYj5 z_Qc5%Ao#F?q32i?ZaN2OSNhWL;2oDEw_({7ZbgUjna!Fqn3NzLM@-EWFPZVmc>(fZ z0&bF-Ch#p9C{YJT9Rcr3+Y_uR^At1^BxZ#eo>$PLJF3=;t_$2|t+_6gg5(j{TmjYU zK12c&lE?Eh+2u2&6Gf*IdKS&6?rYbSEKBN!rv{YCm|Rt=UlPcW9j`0o6{66#y5t9C zruFA2iKd=H%jHf%ypOkxLnO8#H}#Zt{8p!oi6)7#NqoF({t6|J^?1e*oxqng9Q2Cc zg%5Vu!em)}Yuj?kaP!D?b?(C*w!1;>R=j90+RTkyEXz+9CufZ$C^umX^+4|JYaO<5 zmIM3#dv`DGM;@F6;(t!WngZSYzHx?9&$xEF70D1BvfVj<%+b#)vz)2iLCrTeYzUcL z(OBnNoG6Le%M+@2oo)&jdOg=iCszzv59e zDRCeaX8l1hC=8LbBt|k5?CXgep=3r9BXx1uR8!p%Z|0+4Xro=xi0G!e{c4U~1j6!) zH6adq0}#l{%*1U(Cb%4AJ}VLWKBPi0MoKFaQH6x?^hQ!6em@993xdtS%_dmevzeNl z(o?YlOI=jl(`L9^ z0O+H9k$_@`6L13eTT8ci-V0ljDMD|0ifUw|Q-Hep$xYj0hTO@0%IS^TD4b4n6EKDG z??uM;MEx`s98KYN(K0>c!C3HZdZ{+_53DO%9k5W%pr6yJusQAv_;IA}925Y%;+!tY z%2k!YQmLLOr{rF~!s<3-WEUs)`ix_mSU|cNRBIWxOox_Yb7Z=~Q45ZNe*u|m^|)d* zog=i>`=bTe!|;8F+#H>EjIMcgWcG2ORD`w0WD;YZAy5#s{65~qfI6o$+Ty&-hyMyJ z3Ra~t>R!p=5ZpxA;QkDAoPi4sYOP6>LT+}{xp}tk+<0k^CKCFdNYG(Es>p0gqD)jP zWOeX5G;9(m@?GOG7g;e74i_|SmE?`B2i;sLYwRWKLy0RLW!Hx`=!LH3&k=FuCsM=9M4|GqzA)anEHfxkB z?2iK-u(DC_T1};KaUT@3nP~LEcENT^UgPvp!QC@Dw&PVAhaEYrPey{nkcn(ro|r7XUz z%#(=$7D8uP_uU-oPHhd>>^adbCSQetgSG`e$U|7mr!`|bU0aHl_cmL)na-5x1#OsVE#m*+k84Y^+UMeSAa zbrVZHU=mFwXEaGHtXQq`2ZtjfS!B2H{5A<3(nb-6ARVV8kEmOkx6D2x7~-6hl;*-*}2Xz;J#a8Wn;_B5=m zl3dY;%krf?i-Ok^Pal-}4F`{F@TYPTwTEhxpZK5WCpfD^UmM_iYPe}wpE!Djai6_{ z*pGO=WB47#Xjb7!n2Ma)s^yeR*1rTxp`Mt4sfA+`HwZf%!7ZqGosPkw69`Ix5Ku6G z@Pa;pjzV&dn{M=QDx89t?p?d9gna*}jBly*#1!6}5K<*xDPJ{wv4& zM$17DFd~L*Te3A%yD;Dp9UGWTjRxAvMu!j^Tbc}2v~q^59d4bz zvu#!IJCy(BcWTc`;v$9tH;J%oiSJ_i7s;2`JXZF+qd4C)vY!hyCtl)sJIC{ebI*0> z@x>;EzyBv>AI-~{D6l6{ST=em*U( z(r$nuXY-#CCi^8Z2#v#UXOt`dbYN1z5jzNF2 z411?w)whZrfA20;nl&C1Gi+gk<`JSm+{|*2o<< zqM#@z_D`Cn|0H^9$|Tah)0M_X4c37|KQ*PmoT@%xHc3L1ZY6(p(sNXHa&49Frzto& zR`c~ClHpE~4Z=uKa5S(-?M8EJ$zt0&fJk~p$M#fGN1-y$7!37hld`Uw>Urri(DxLa;=#rK0g4J)pXMC zxzraOVw1+kNWpi#P=6(qxf`zSdUC?D$i`8ZI@F>k6k zz21?d+dw7b&i*>Kv5L(LH-?J%@WnqT7j#qZ9B>|Zl+=> z^U-pV@1y_ptHo4hl^cPRWewbLQ#g6XYQ@EkiP z;(=SU!yhjHp%1&MsU`FV1Z_#K1&(|5n(7IHbx&gG28HNT)*~-BQi372@|->2Aw5It z0CBpUcMA*QvsPy)#lr!lIdCi@1k4V2m!NH)%Px(vu-r(Q)HYc!p zJ^$|)j^E#q#QOgcb^pd74^JUi7fUmMiNP_o*lvx*q%_odv49Dsv$NV;6J z9GOXKomA{2Pb{w}&+yHtH?IkJJu~}Z?{Uk++2mB8zyvh*xhHKE``99>y#TdD z&(MH^^JHf;g(Tbb^&8P*;_i*2&fS$7${3WJtV7K&&(MBV2~)2KB3%cWg#1!VE~k#C z!;A;?p$s{ihyojEZz+$I1)L}&G~ml=udD9qh>Tu(ylv)?YcJT3ihapi!zgPtWb*CP zlLLJSRCj-^w?@;RU9aL2zDZY1`I3d<&OMuW=c3$o0#STpv_p3b9Wtbql>w^bBi~u4 z3D8KyF?YE?=HcKk!xcp@Cigvzy=lnFgc^9c%(^F22BWYNAYRSho@~*~S)4%AhEttv zvq>7X!!EWKG?mOd9&n>vvH1p4VzE?HCuxT-u+F&mnsfDI^}*-d00-KAauEaXqg3k@ zy#)MGX!X;&3&0s}F3q40ZmVM$(H3CLfpdL?hB6nVqMxX)q=1b}o_PG%r~hZ4gUfSp zOH4qlEOW4OMUc)_m)fMR_rl^pCfXc{$fQbI*E&mV77}kRF z&{<06AJyJ!e863o-V>FA1a9Eemx6>^F$~9ppt()ZbPGfg_NdRXBWoZnDy2;#ODgf! zgl?iOcF7Meo|{AF>KDwTgYrJLb$L2%%BEtO>T$C?|9bAB&}s;gI?lY#^tttY&hfr# zKhC+&b-rpg_?~uVK%S@mQleU#_xCsvIPK*<`E0fHE1&!J7!xD#IB|SSPW6-PyuqGn3^M^Rz%WT{e?OI^svARX&SAdU77V(C~ zM$H{Kg59op{<|8ry9ecfP%=kFm(-!W&?U0@<%z*+!*<e0XesMxRFu9QnGqun6R_%T+B%&9Dtk?*d$Q zb~>84jEAPi@&F@3wAa^Lzc(AJz5gsfZ7J53;@D<;Klpl?sK&u@gie`~vTsbOE~Cd4 z%kr56mI|#b(Jk&;p6plVwmNB0H@0SmgdmjIn5Ne@)}7Vty(yb2t3ev@22AE^s!KaN zyQ>j+F3w=wnx7w@FVCRe+`vUH)3gW%_72fxzqX!S&!dchdkRiHbXW1FMrIIBwjsai8`CB2r4mAbwp%rrO>3B$Zw;9=%fXI9B{d(UzVap7u z6piC-FQ)>}VOEuPpuqznpY`hN4dGa_1Xz9rVg(;H$5Te^F0dDv*gz9JS<|>>U0J^# z6)(4ICh+N_Q`Ft0hF|3fSHs*?a=XC;e`sJaU9&d>X4l?1W=|fr!5ShD|nv$GK;j46@BV6+{oRbWfqOBRb!ir88XD*SbC(LF}I1h#6@dvK%Toe%@ zhDyG$93H8Eu&gCYddP58iF3oQH*zLbNI;rN@E{T9%A8!=v#JLxKyUe}e}BJpB{~uN zqgxRgo0*-@-iaHPV8bTOH(rS(huwK1Xg0u+e!`(Irzu@Bld&s5&bWgVc@m7;JgELd zimVs`>vQ}B_1(2#rv#N9O`fJpVfPc7V2nv34PC);Dzbb;p!6pqHzvy?2pD&1NE)?A zt(t-ucqy@wn9`^MN5apa7K|L=9>ISC>xoc#>{@e}m#YAAa1*8-RUMKwbm|;5p>T`Z zNf*ph@tnF{gmDa3uwwN(g=`Rh)4!&)^oOy@VJaK4lMT&5#YbXkl`q?<*XtsqD z9PRK6bqb)fJw0g-^a@nu`^?71k|m3RPRjt;pIkCo1{*pdqbVs-Yl>4E>3fZx3Sv44grW=*qdSoiZ9?X0wWyO4`yDHh2E!9I!ZFi zVL8|VtW38}BOJHW(Ax#KL_KQzarbuE{(%TA)AY)@tY4%A%P%SqIU~8~-Lp3qY;U-} z`h_Gel7;K1h}7$_5ZZT0&%$Lxxr-<89V&&TCsu}LL#!xpQ1O31jaa{U34~^le*Y%L za?7$>Jk^k^pS^_M&cDs}NgXlR>16AHkSK-4TRaJSh#h&p!-!vQY%f+bmn6x`4fwTp z$727L^y`~!exvmE^W&#@uY!NxJi`g!i#(++!)?iJ(1)2Wk;RN zFK&O4eTkP$Xn~4bB|q8y(btx$R#D`O@epi4ofcETrx!IM(kWNEe42Qh(8*KqfP(c0 zouBl6>Fc_zM+V;F3znbo{x#%!?mH3`_ANJ?y7ppxS@glg#S9^MXu|FM&ynpz3o&Qh z2ujAHLF3($pH}0jXQsa#?t--TnF1P73b?4`KeJ9^qK-USHE)4!IYgMn-7z|=ALF5SNGkrtPG@Y~niUQV2?g$vzJN3nZ{7;HZHzWAeQ;5P|@Tl3YHpyznGG4-f4=XflwSJY+58-+wf?~Fg@1p1wkzuu-RF3j2JX37SQUc? zQ4v%`V8z9ZVZVqS8h|@@RpD?n0W<=hk=3Cf8R?d^9YK&e9ZybFY%jdnA)PeHvtBe- zhMLD+SSteHBq*q)d6x{)s1UrsO!byyLS$58WK;sqip$Mk{l)Y(_6hEIBsIjCr5t>( z7CdKUrJTrW%qZ#1z^n*Lb8#VdfzPw~OIL76aC+Rhr<~;4Tl!sw?Rj6hXj4XWa#6Tp z@)kJ~qOV)^Rh*-?aG>ic2*NlC2M7&LUzc9RT6WM%Cpe78`iAowe!>(T0jo&ivn8-7 zs{Qa@cGy$rE-3AY0V(l8wjI^uB8Lchj@?L}fYal^>T9z;8juH@?rG&g-t+R2dVDBe zq!K%{e-rT5jX19`(bP23LUN4+_zh2KD~EAYzhpEO3MUG8@}uBHH@4J zd`>_(K4q&>*k82(dDuC)X6JuPrBBubOg7qZ{?x!r@{%0);*`h*^F|%o?&1wX?Wr4b z1~&cy#PUuES{C#xJ84!z<1tp9sfrR(i%Tu^jnXy;4`Xk;AQCdFC@?V%|; zySdC7qS|uQRcH}EFZH%mMB~7gi}a0utE}ZE_}8PQH8f;H%PN41Cb9R%w5Oi5el^fd z$n{3SqLCnrF##x?4sa^r!O$7NX!}&}V;0ZGQ&K&i%6$3C_dR%I7%gdQ;KT6YZiQrW zk%q<74oVBV>@}CvJ4Wj!d^?#Zwq(b$E1ze4$99DuNg?6t9H}k_|D7KWD7i0-g*EO7 z;5{hSIYE4DMOK3H%|f5Edx+S0VI0Yw!tsaRS2&Il2)ea^8R5TG72BrJue|f_{2UHa z@w;^c|K3da#$TB0P3;MPlF7RuQeXT$ zS<<|C0OF(k)>fr&wOB=gP8!Qm>F41u;3esv7_0l%QHt(~+n; zf!G6%hp;Gfa9L9=AceiZs~tK+Tf*Wof=4!u{nIO90jH@iS0l+#%8=~%ASzFv7zqSB^?!@N7)kp0t&tCGLmzXSRMRyxCmCYUD2!B`? zhs$4%KO~m=VFk3Buv9osha{v+mAEq=ik3RdK@;WWTV_g&-$U4IM{1IhGX{pAu%Z&H zFfwCpUsX%RKg);B@7OUzZ{Hn{q6Vv!3#8fAg!P$IEx<0vAx;GU%}0{VIsmFBPq_mb zpe^BChDK>sc-WLKl<6 zwbW|e&d&dv9Wu0goueyu>(JyPx1mz0v4E?cJjFuKF71Q1)AL8jHO$!fYT3(;U3Re* zPPOe%*O+@JYt1bW`!W_1!mN&=w3G9ru1XsmwfS~BJ))PhD(+_J_^N6j)sx5VwbWK| zwRyC?W<`pOCY)b#AS?rluxuuGf-AJ=D!M36l{ua?@SJ5>e!IBr3CXIxWw5xUZ@Xrw z_R@%?{>d%Ld4p}nEsiA@v*nc6Ah!MUs?GA7e5Q5lPpp0@`%5xY$C;{%rz24$;vR#* zBP=a{)K#CwIY%p} zXVdxTQ^HS@O&~eIftU+Qt^~(DGxrdi3k}DdT^I7Iy5SMOp$QuD8s;+93YQ!OY{eB24%xY7ml@|M7I(Nb@K_-?F;2?et|CKkuZK_>+>Lvg!>JE~wN`BI|_h6$qi!P)+K-1Hh(1;a`os z55)4Q{oJiA(lQM#;w#Ta%T0jDNXIPM_bgESMCDEg6rM33anEr}=|Fn6)|jBP6Y}u{ zv9@%7*#RI9;fv;Yii5CI+KrRdr0DKh=L>)eO4q$1zmcSmglsV`*N(x=&Wx`*v!!hn6X-l0 zP_m;X??O(skcj+oS$cIdKhfT%ABAzz3w^la-Ucw?yBPEC+=Pe_vU8nd-HV5YX6X8r zZih&j^eLU=%*;VzhUyoLF;#8QsEfmByk+Y~caBqSvQaaWf2a{JKB9B>V&r?l^rXaC z8)6AdR@Qy_BxQrE2Fk?ewD!SwLuMj@&d_n5RZFf7=>O>hzVE*seW3U?_p|R^CfoY`?|#x9)-*yjv#lo&zP=uI`M?J zbzC<^3x7GfXA4{FZ72{PE*-mNHyy59Q;kYG@BB~NhTd6pm2Oj=_ zizmD?MKVRkT^KmXuhsk?eRQllPo2Ubk=uCKiZ&u3Xjj~<(!M94c)Tez@9M1Gfs5JV z->@II)CDJOXTtPrQudNjE}Eltbjq>6KiwAwqvAKd^|g!exgLG3;wP+#mZYr`cy3#39e653d=jrR-ulW|h#ddHu(m9mFoW~2yE zz5?dB%6vF}+`-&-W8vy^OCxm3_{02royjvmwjlp+eQDzFVEUiyO#gLv%QdDSI#3W* z?3!lL8clTaNo-DVJw@ynq?q!%6hTQi35&^>P85G$TqNt78%9_sSJt2RThO|JzM$iL zg|wjxdMC2|Icc5rX*qPL(coL!u>-xxz-rFiC!6hD1IR%|HSRsV3>Kq~&vJ=s3M5y8SG%YBQ|{^l#LGlg!D?E>2yR*eV%9m$_J6VGQ~AIh&P$_aFbh zULr0Z$QE!QpkP=aAeR4ny<#3Fwyw@rZf4?Ewq`;mCVv}xaz+3ni+}a=k~P+yaWt^L z@w67!DqVf7D%7XtXX5xBW;Co|HvQ8WR1k?r2cZD%U;2$bsM%u8{JUJ5Z0k= zZJARv^vFkmWx15CB=rb=D4${+#DVqy5$C%bf`!T0+epLJLnh1jwCdb*zuCL}eEFvE z{rO1%gxg>1!W(I!owu*mJZ0@6FM(?C+d*CeceZRW_4id*D9p5nzMY&{mWqrJomjIZ z97ZNnZ3_%Hx8dn;H>p8m7F#^2;T%yZ3H;a&N7tm=Lvs&lgJLW{V1@h&6Vy~!+Ffbb zv(n3+v)_D$}dqd!2>Y2B)#<+o}LH#%ogGi2-?xRIH)1!SD)u-L65B&bsJTC=LiaF+YOCif2dUX6uAA|#+vNR z>U+KQekVGon)Yi<93(d!(yw1h3&X0N(PxN2{%vn}cnV?rYw z$N^}_o!XUB!mckL`yO1rnUaI4wrOeQ(+&k?2mi47hzxSD`N#-byqd1IhEoh!PGq>t z_MRy{5B0eKY>;Ao3z$RUU7U+i?iX^&r739F)itdrTpAi-NN0=?^m%?{A9Ly2pVv>Lqs6moTP?T2-AHqFD-o_ znVr|7OAS#AEH}h8SRPQ@NGG47dO}l=t07__+iK8nHw^(AHx&Wb<%jPc$$jl6_p(b$ z)!pi(0fQodCHfM)KMEMUR&UID>}m^(!{C^U7sBDOA)$VThRCI0_+2=( zV8mMq0R(#z;C|7$m>$>`tX+T|xGt(+Y48@ZYu#z;0pCgYgmMVbFb!$?%yhZqP_nhn zy4<#3P1oQ#2b51NU1mGnHP$cf0j-YOgAA}A$QoL6JVLcmExs(kU{4z;PBHJD%_=0F z>+sQV`mzijSIT7xn%PiDKHOujX;n|M&qr1T@rOxTdxtZ!&u&3HHFLYD5$RLQ=heur zb>+AFokUVQeJy-#LP*^)spt{mb@Mqe=A~-4p0b+Bt|pZ+@CY+%x}9f}izU5;4&QFE zO1bhg&A4uC1)Zb67kuowWY4xbo&J=%yoXlFB)&$d*-}kjBu|w!^zbD1YPc0-#XTJr z)pm2RDy%J3jlqSMq|o%xGS$bPwn4AqitC6&e?pqWcjWPt{3I{>CBy;hg0Umh#c;hU3RhCUX=8aR>rmd` z7Orw(5tcM{|-^J?ZAA9KP|)X6n9$-kvr#j5YDecTM6n z&07(nD^qb8hpF0B^z^pQ*%5ePYkv&FabrlI61ntiVp!!C8y^}|<2xgAd#FY=8b*y( zuQOuvy2`Ii^`VBNJB&R!0{hABYX55ooCAJSSevl4RPqEGb)iy_0H}v@vFwFzD%>#I>)3PsouQ+_Kkbqy*kKdHdfkN7NBcq%V{x^fSxgXpg7$bF& zj!6AQbDY(1u#1_A#1UO9AxiZaCVN2F0wGXdY*g@x$ByvUA?ePdide0dmr#}udE%K| z3*k}Vv2Ew2u1FXBaVA6aerI36R&rzEZeDDCl5!t0J=ug6kuNZzH>3i_VN`%BsaVB3 zQYw|Xub_SGf{)F{$ZX5`Jc!X!;eybjP+o$I{Z^Hsj@D=E{MnnL+TbC@HEU2DjG{3-LDGIbq()U87x4eS;JXnSh;lRlJ z>EL3D>wHt-+wTjQF$fGyDO$>d+(fq@bPpLBS~xA~R=3JPbS{tzN(u~m#Po!?H;IYv zE;?8%^vle|%#oux(Lj!YzBKv+Fd}*Ur-dCBoX*t{KeNM*n~ZPYJ4NNKkI^MFbz9!v z4(Bvm*Kc!-$%VFEewYJKz-CQN{`2}KX4*CeJEs+Q(!kI%hN1!1P6iOq?ovz}X0IOi z)YfWpwW@pK08^69#wSyCZkX9?uZD?C^@rw^Y?gLS_xmFKkooyx$*^5#cPqntNTtSG zlP>XLMj2!VF^0k#ole7`-c~*~+_T5ls?x4)ah(j8vo_ zwb%S8qoaZqY0-$ZI+ViIA_1~~rAH7K_+yFS{0rT@eQtTAdz#8E5VpwnW!zJ_^{Utv zlW5Iar3V5t&H4D6A=>?mq;G92;1cg9a2sf;gY9pJDVKn$DYdQlvfXq}zz8#LyPGq@ z+`YUMD;^-6w&r-82JL7mA8&M~Pj@aK!m{0+^v<|t%APYf7`}jGEhdYLqsHW-Le9TL z_hZZ1gbrz7$f9^fAzVIP30^KIz!!#+DRLL+qMszvI_BpOSmjtl$hh;&UeM{ER@INV zcI}VbiVTPoN|iSna@=7XkP&-4#06C};8ajbxJ4Gcq8(vWv4*&X8bM^T$mBk75Q92j z1v&%a;OSKc8EIrodmIiw$lOES2hzGDcjjB`kEDfJe{r}yE6`eZL zEB`9u>Cl0IsQ+t}`-cx}{6jqcANucqIB>Qmga_&<+80E2Q|VHHQ$YlAt{6`Qu`HA3 z03s0-sSlwbvgi&_R8s={6<~M^pGvBNjKOa>tWenzS8s zR>L7R5aZ=mSU{f?ib4Grx$AeFvtO5N|D>9#)ChH#Fny2maHWHOf2G=#<9Myot#+4u zWVa6d^Vseq_0=#AYS(-m$Lp;*8nC_6jXIjEM`omUmtH@QDs3|G)i4j*#_?#UYVZvJ z?YjT-?!4Q{BNun;dKBWLEw2C-VeAz`%?A>p;)PL}TAZn5j~HK>v1W&anteARlE+~+ zj>c(F;?qO3pXBb|#OZdQnm<4xWmn~;DR5SDMxt0UK_F^&eD|KZ=O;tO3vy4@4h^;2 zUL~-z`-P1aOe?|ZC1BgVsL)2^J-&vIFI%q@40w0{jjEfeVl)i9(~bt2z#2Vm)p`V_ z1;6$Ae7=YXk#=Qkd24Y23t&GvRxaOoad~NbJ+6pxqzJ>FY#Td7@`N5xp!n(c!=RE& z&<<@^a$_Ys8jqz4|5Nk#FY$~|FPC0`*a5HH!|Gssa9=~66&xG9)|=pOOJ2KE5|YrR zw!w6K2aC=J$t?L-;}5hn6mHd%hC;p8P|Dgh6D>hGnXPgi;6r+eA=?f72y9(Cf_ho{ zH6#)uD&R=73^$$NE;5piWX2bzR67fQ)`b=85o0eOLGI4c-Tb@-KNi2pz=Ke@SDcPn za$AxXib84`!Sf;Z3B@TSo`Dz7GM5Kf(@PR>Ghzi=BBxK8wRp>YQoXm+iL>H*Jo9M3 z6w&E?BC8AFTFT&Tv8zf+m9<&S&%dIaZ)Aoqkak_$r-2{$d~0g2oLETx9Y`eOAf14QXEQw3tJne;fdzl@wV#TFXSLXM2428F-Q}t+n2g%vPRMUzYPvzQ9f# zu(liiJem9P*?0%V@RwA7F53r~|I!Ty)<*AsMX3J{_4&}{6pT%Tpw>)^|DJ)>gpS~1rNEh z0$D?uO8mG?H;2BwM5a*26^7YO$XjUm40XmBsb63MoR;bJh63J;OngS5sSI+o2HA;W zdZV#8pDpC9Oez&L8loZO)MClRz!_!WD&QRtQxnazhT%Vj6Wl4G11nUk8*vSeVab@N#oJ}`KyJv+8Mo@T1-pqZ1t|?cnaVOd;1(h9 z!$DrN=jcGsVYE-0-n?oCJ^4x)F}E;UaD-LZUIzcD?W^ficqJWM%QLy6QikrM1aKZC zi{?;oKwq^Vsr|&`i{jIphA8S6G4)$KGvpULjH%9u(Dq247;R#l&I0{IhcC|oBF*Al zvLo7Xte=C{aIt*otJD}BUq)|_pdR>{zBMT< z(^1RpZv*l*m*OV^8>9&asGBo8h*_4q*)-eCv*|Pq=XNGrZE)^(SF7^{QE_~4VDB(o zVcPA_!G+2CAtLbl+`=Q~9iW`4ZRLku!uB?;tWqVjB0lEOf}2RD7dJ=BExy=<9wkb- z9&7{XFA%n#JsHYN8t5d~=T~5DcW4$B%3M+nNvC2`0!#@sckqlzo5;hhGi(D9=*A4` z5ynobawSPRtWn&CDLEs3Xf`(8^zDP=NdF~F^s&={l7(aw&EG}KWpMjtmz7j_VLO;@ zM2NVLDxZ@GIv7*gzl1 zjq78tv*8#WSY`}Su0&C;2F$Ze(q>F(@Wm^Gw!)(j;dk9Ad{STaxn)IV9FZhm*n+U} zi;4y*3v%A`_c7a__DJ8D1b@dl0Std3F||4Wtvi)fCcBRh!X9$1x!_VzUh>*S5s!oq z;qd{J_r79EL2wIeiGAqFstWtkfIJpjVh%zFo*=55B9Zq~y0=^iqHWfQl@O!Ak;(o*m!pZqe9 z%U2oDOhR)BvW8&F70L;2TpkzIutIvNQaTjjs5V#8mV4!NQ}zN=i`i@WI1z0eN-iCS z;vL-Wxc^Vc_qK<5RPh(}*8dLT{~GzE{w2o$2kMFaEl&q zP{V=>&3kW7tWaK-Exy{~`v4J0U#OZBk{a9{&)&QG18L@6=bsZ1zC_d{{pKZ-Ey>I> z;8H0t4bwyQqgu4hmO`3|4K{R*5>qnQ&gOfdy?z`XD%e5+pTDzUt3`k^u~SaL&XMe= z9*h#kT(*Q9jO#w2Hd|Mr-%DV8i_1{J1MU~XJ3!WUplhXDYBpJH><0OU`**nIvPIof z|N8@I=wA)sf45SAvx||f?Z5uB$kz1qL3Ky_{%RPdP5iN-D2!p5scq}buuC00C@jom zhfGKm3|f?Z0iQ|K$Z~!`8{nmAS1r+fp6r#YDOS8V*;K&Gs7Lc&f^$RC66O|)28oh`NHy&vq zJh+hAw8+ybTB0@VhWN^0iiTnLsCWbS_y`^gs!LX!Lw{yE``!UVzrV24tP8o;I6-65 z1MUiHw^{bB15tmrVT*7-#sj6cs~z`wk52YQJ*TG{SE;KTm#Hf#a~|<(|ImHH17nNM z`Ub{+J3dMD!)mzC8b(2tZtokKW5pAwHa?NFiso~# z1*iaNh4lQ4TS)|@G)H4dZV@l*Vd;Rw;-;odDhW2&lJ%m@jz+Panv7LQm~2Js6rOW3 z0_&2cW^b^MYW3)@o;neZ<{B4c#m48dAl$GCc=$>ErDe|?y@z`$uq3xd(%aAsX)D%l z>y*SQ%My`yDP*zof|3@_w#cjaW_YW4BdA;#Glg1RQcJGY*CJ9`H{@|D+*e~*457kd z73p<%fB^PV!Ybw@)Dr%(ZJbX}xmCStCYv#K3O32ej{$9IzM^I{6FJ8!(=azt7RWf4 z7ib0UOPqN40X!wOnFOoddd8`!_IN~9O)#HRTyjfc#&MCZ zZAMzOVB=;qwt8gV?{Y2?b=iSZG~RF~uyx18K)IDFLl})G1v@$(s{O4@RJ%OTJyF+Cpcx4jmy|F3euCnMK!P2WTDu5j z{{gD$=M*pH!GGzL%P)V2*ROm>!$Y=z|D`!_yY6e7SU$~a5q8?hZGgaYqaiLnkK%?0 zs#oI%;zOxF@g*@(V4p!$7dS1rOr6GVs6uYCTt2h)eB4?(&w8{#o)s#%gN@BBosRUe z)@P@8_Zm89pr~)b>e{tbPC~&_MR--iB{=)y;INU5#)@Gix-YpgP<-c2Ms{9zuCX|3 z!p(?VaXww&(w&uBHzoT%!A2=3HAP>SDxcljrego7rY|%hxy3XlODWffO_%g|l+7Y_ zqV(xbu)s4lV=l7M;f>vJl{`6qBm>#ZeMA}kXb97Z)?R97EkoI?x6Lp0yu1Z>PS?2{ z0QQ(8D)|lc9CO3B~e(pQM&5(1y&y=e>C^X$`)_&XuaI!IgDTVqt31wX#n+@!a_A0ZQkA zCJ2@M_4Gb5MfCrm5UPggeyh)8 zO9?`B0J#rkoCx(R0I!ko_2?iO@|oRf1;3r+i)w-2&j?=;NVIdPFsB)`|IC0zk6r9c zRrkfxWsiJ(#8QndNJj@{@WP2Ackr|r1VxV{7S&rSU(^)-M8gV>@UzOLXu9K<{6e{T zXJ6b92r$!|lwjhmgqkdswY&}c)KW4A)-ac%sU;2^fvq7gfUW4Bw$b!i@duy1CAxSn z(pyh$^Z=&O-q<{bZUP+$U}=*#M9uVc>CQVgDs4swy5&8RAHZ~$)hrTF4W zPsSa~qYv_0mJnF89RnnJTH`3}w4?~epFl=D(35$ zWa07ON$`OMBOHgCmfO(9RFc<)?$x)N}Jd2A(<*Ll7+4jrRt9w zwGxExUXd9VB#I|DwfxvJ;HZ8Q{37^wDhaZ%O!oO(HpcqfLH%#a#!~;Jl7F5>EX_=8 z{()l2NqPz>La3qJR;_v+wlK>GsHl;uRA8%j`A|yH@k5r%55S9{*Cp%uw6t`qc1!*T za2OeqtQj7sAp#Q~=5Fs&aCR9v>5V+s&RdNvo&H~6FJOjvaj--2sYYBvMq;55%z8^o z|BJDA4vzfow#DO#ZQHh;Oq_{r+qP{R9ox2TOgwQiv7Ow!zjN+A@BN;0tA2lUb#+zO z(^b89eV)D7UVE+h{mcNc6&GtpOqDn_?VAQ)Vob$hlFwW%xh>D#wml{t&Ofmm_d_+; zKDxzdr}`n2Rw`DtyIjrG)eD0vut$}dJAZ0AohZ+ZQdWXn_Z@dI_y=7t3q8x#pDI-K z2VVc&EGq445Rq-j0=U=Zx`oBaBjsefY;%)Co>J3v4l8V(T8H?49_@;K6q#r~Wwppc z4XW0(4k}cP=5ex>-Xt3oATZ~bBWKv)aw|I|Lx=9C1s~&b77idz({&q3T(Y(KbWO?+ zmcZ6?WeUsGk6>km*~234YC+2e6Zxdl~<_g2J|IE`GH%n<%PRv-50; zH{tnVts*S5*_RxFT9eM0z-pksIb^drUq4>QSww=u;UFCv2AhOuXE*V4z?MM`|ABOC4P;OfhS(M{1|c%QZ=!%rQTDFx`+}?Kdx$&FU?Y<$x;j7z=(;Lyz+?EE>ov!8vvMtSzG!nMie zsBa9t8as#2nH}n8xzN%W%U$#MHNXmDUVr@GX{?(=yI=4vks|V)!-W5jHsU|h_&+kY zS_8^kd3jlYqOoiI`ZqBVY!(UfnAGny!FowZWY_@YR0z!nG7m{{)4OS$q&YDyw6vC$ zm4!$h>*|!2LbMbxS+VM6&DIrL*X4DeMO!@#EzMVfr)e4Tagn~AQHIU8?e61TuhcKD zr!F4(kEebk(Wdk-?4oXM(rJwanS>Jc%<>R(siF+>+5*CqJLecP_we33iTFTXr6W^G z7M?LPC-qFHK;E!fxCP)`8rkxZyFk{EV;G-|kwf4b$c1k0atD?85+|4V%YATWMG|?K zLyLrws36p%Qz6{}>7b>)$pe>mR+=IWuGrX{3ZPZXF3plvuv5Huax86}KX*lbPVr}L z{C#lDjdDeHr~?l|)Vp_}T|%$qF&q#U;ClHEPVuS+Jg~NjC1RP=17=aQKGOcJ6B3mp z8?4*-fAD~}sX*=E6!}^u8)+m2j<&FSW%pYr_d|p_{28DZ#Cz0@NF=gC-o$MY?8Ca8 zr5Y8DSR^*urS~rhpX^05r30Ik#2>*dIOGxRm0#0YX@YQ%Mg5b6dXlS!4{7O_kdaW8PFSdj1=ryI-=5$fiieGK{LZ+SX(1b=MNL!q#lN zv98?fqqTUH8r8C7v(cx#BQ5P9W>- zmW93;eH6T`vuJ~rqtIBg%A6>q>gnWb3X!r0wh_q;211+Om&?nvYzL1hhtjB zK_7G3!n7PL>d!kj){HQE zE8(%J%dWLh1_k%gVXTZt zEdT09XSKAx27Ncaq|(vzL3gm83q>6CAw<$fTnMU05*xAe&rDfCiu`u^1)CD<>sx0i z*hr^N_TeN89G(nunZoLBf^81#pmM}>JgD@Nn1l*lN#a=B=9pN%tmvYFjFIoKe_(GF z-26x{(KXdfsQL7Uv6UtDuYwV`;8V3w>oT_I<`Ccz3QqK9tYT5ZQzbop{=I=!pMOCb zCU68`n?^DT%^&m>A%+-~#lvF!7`L7a{z<3JqIlk1$<||_J}vW1U9Y&eX<}l8##6i( zZcTT@2`9(Mecptm@{3A_Y(X`w9K0EwtPq~O!16bq{7c0f7#(3wn-^)h zxV&M~iiF!{-6A@>o;$RzQ5A50kxXYj!tcgme=Qjrbje~;5X2xryU;vH|6bE(8z^<7 zQ>BG7_c*JG8~K7Oe68i#0~C$v?-t@~@r3t2inUnLT(c=URpA9kA8uq9PKU(Ps(LVH zqgcqW>Gm?6oV#AldDPKVRcEyQIdTT`Qa1j~vS{<;SwyTdr&3*t?J)y=M7q*CzucZ&B0M=joT zBbj@*SY;o2^_h*>R0e({!QHF0=)0hOj^B^d*m>SnRrwq>MolNSgl^~r8GR#mDWGYEIJA8B<|{{j?-7p zVnV$zancW3&JVDtVpIlI|5djKq0(w$KxEFzEiiL=h5Jw~4Le23@s(mYyXWL9SX6Ot zmb)sZaly_P%BeX_9 zw&{yBef8tFm+%=--m*J|o~+Xg3N+$IH)t)=fqD+|fEk4AAZ&!wcN5=mi~Vvo^i`}> z#_3ahR}Ju)(Px7kev#JGcSwPXJ2id9%Qd2A#Uc@t8~egZ8;iC{e! z%=CGJOD1}j!HW_sgbi_8suYnn4#Ou}%9u)dXd3huFIb!ytlX>Denx@pCS-Nj$`VO&j@(z!kKSP0hE4;YIP#w9ta=3DO$7f*x zc9M4&NK%IrVmZAe=r@skWD`AEWH=g+r|*13Ss$+{c_R!b?>?UaGXlw*8qDmY#xlR= z<0XFbs2t?8i^G~m?b|!Hal^ZjRjt<@a? z%({Gn14b4-a|#uY^=@iiKH+k?~~wTj5K1A&hU z2^9-HTC)7zpoWK|$JXaBL6C z#qSNYtY>65T@Zs&-0cHeu|RX(Pxz6vTITdzJdYippF zC-EB+n4}#lM7`2Ry~SO>FxhKboIAF#Z{1wqxaCb{#yEFhLuX;Rx(Lz%T`Xo1+a2M}7D+@wol2)OJs$TwtRNJ={( zD@#zTUEE}#Fz#&(EoD|SV#bayvr&E0vzmb%H?o~46|FAcx?r4$N z&67W3mdip-T1RIxwSm_&(%U|+WvtGBj*}t69XVd&ebn>KOuL(7Y8cV?THd-(+9>G7*Nt%T zcH;`p={`SOjaf7hNd(=37Lz3-51;58JffzIPgGs_7xIOsB5p2t&@v1mKS$2D$*GQ6 zM(IR*j4{nri7NMK9xlDy-hJW6sW|ZiDRaFiayj%;(%51DN!ZCCCXz+0Vm#};70nOx zJ#yA0P3p^1DED;jGdPbQWo0WATN=&2(QybbVdhd=Vq*liDk`c7iZ?*AKEYC#SY&2g z&Q(Ci)MJ{mEat$ZdSwTjf6h~roanYh2?9j$CF@4hjj_f35kTKuGHvIs9}Re@iKMxS-OI*`0S z6s)fOtz}O$T?PLFVSeOjSO26$@u`e<>k(OSP!&YstH3ANh>)mzmKGNOwOawq-MPXe zy4xbeUAl6tamnx))-`Gi2uV5>9n(73yS)Ukma4*7fI8PaEwa)dWHs6QA6>$}7?(L8 ztN8M}?{Tf!Zu22J5?2@95&rQ|F7=FK-hihT-vDp!5JCcWrVogEnp;CHenAZ)+E+K5 z$Cffk5sNwD_?4+ymgcHR(5xgt20Z8M`2*;MzOM#>yhk{r3x=EyM226wb&!+j`W<%* zSc&|`8!>dn9D@!pYow~(DsY_naSx7(Z4i>cu#hA5=;IuI88}7f%)bRkuY2B;+9Uep zpXcvFWkJ!mQai63BgNXG26$5kyhZ2&*3Q_tk)Ii4M>@p~_~q_cE!|^A;_MHB;7s#9 zKzMzK{lIxotjc};k67^Xsl-gS!^*m*m6kn|sbdun`O?dUkJ{0cmI0-_2y=lTAfn*Y zKg*A-2sJq)CCJgY0LF-VQvl&6HIXZyxo2#!O&6fOhbHXC?%1cMc6y^*dOS{f$=137Ds1m01qs`>iUQ49JijsaQ( zksqV9@&?il$|4Ua%4!O15>Zy&%gBY&wgqB>XA3!EldQ%1CRSM(pp#k~-pkcCg4LAT zXE=puHbgsw)!xtc@P4r~Z}nTF=D2~j(6D%gTBw$(`Fc=OOQ0kiW$_RDd=hcO0t97h zb86S5r=>(@VGy1&#S$Kg_H@7G^;8Ue)X5Y+IWUi`o;mpvoV)`fcVk4FpcT|;EG!;? zHG^zrVVZOm>1KFaHlaogcWj(v!S)O(Aa|Vo?S|P z5|6b{qkH(USa*Z7-y_Uvty_Z1|B{rTS^qmEMLEYUSk03_Fg&!O3BMo{b^*`3SHvl0 zhnLTe^_vVIdcSHe)SQE}r~2dq)VZJ!aSKR?RS<(9lzkYo&dQ?mubnWmgMM37Nudwo z3Vz@R{=m2gENUE3V4NbIzAA$H1z0pagz94-PTJyX{b$yndsdKptmlKQKaaHj@3=ED zc7L?p@%ui|RegVYutK$64q4pe9+5sv34QUpo)u{1ci?)_7gXQd{PL>b0l(LI#rJmN zGuO+%GO`xneFOOr4EU(Wg}_%bhzUf;d@TU+V*2#}!2OLwg~%D;1FAu=Un>OgjPb3S z7l(riiCwgghC=Lm5hWGf5NdGp#01xQ59`HJcLXbUR3&n%P(+W2q$h2Qd z*6+-QXJ*&Kvk9ht0f0*rO_|FMBALen{j7T1l%=Q>gf#kma zQlg#I9+HB+z*5BMxdesMND`_W;q5|FaEURFk|~&{@qY32N$G$2B=&Po{=!)x5b!#n zxLzblkq{yj05#O7(GRuT39(06FJlalyv<#K4m}+vs>9@q-&31@1(QBv82{}Zkns~K ze{eHC_RDX0#^A*JQTwF`a=IkE6Ze@j#-8Q`tTT?k9`^ZhA~3eCZJ-Jr{~7Cx;H4A3 zcZ+Zj{mzFZbVvQ6U~n>$U2ZotGsERZ@}VKrgGh0xM;Jzt29%TX6_&CWzg+YYMozrM z`nutuS)_0dCM8UVaKRj804J4i%z2BA_8A4OJRQ$N(P9Mfn-gF;4#q788C@9XR0O3< zsoS4wIoyt046d+LnSCJOy@B@Uz*#GGd#+Ln1ek5Dv>(ZtD@tgZlPnZZJGBLr^JK+!$$?A_fA3LOrkoDRH&l7 zcMcD$Hsjko3`-{bn)jPL6E9Ds{WskMrivsUu5apD z?grQO@W7i5+%X&E&p|RBaEZ(sGLR@~(y^BI@lDMot^Ll?!`90KT!JXUhYS`ZgX3jnu@Ja^seA*M5R@f`=`ynQV4rc$uT1mvE?@tz)TN<=&H1%Z?5yjxcpO+6y_R z6EPuPKM5uxKpmZfT(WKjRRNHs@ib)F5WAP7QCADvmCSD#hPz$V10wiD&{NXyEwx5S z6NE`3z!IS^$s7m}PCwQutVQ#~w+V z=+~->DI*bR2j0^@dMr9`p>q^Ny~NrAVxrJtX2DUveic5vM%#N*XO|?YAWwNI$Q)_) zvE|L(L1jP@F%gOGtnlXtIv2&1i8q<)Xfz8O3G^Ea~e*HJsQgBxWL(yuLY+jqUK zRE~`-zklrGog(X}$9@ZVUw!8*=l`6mzYLtsg`AvBYz(cxmAhr^j0~(rzXdiOEeu_p zE$sf2(w(BPAvO5DlaN&uQ$4@p-b?fRs}d7&2UQ4Fh?1Hzu*YVjcndqJLw0#q@fR4u zJCJ}>_7-|QbvOfylj+e^_L`5Ep9gqd>XI3-O?Wp z-gt*P29f$Tx(mtS`0d05nHH=gm~Po_^OxxUwV294BDKT>PHVlC5bndncxGR!n(OOm znsNt@Q&N{TLrmsoKFw0&_M9$&+C24`sIXGWgQaz=kY;S{?w`z^Q0JXXBKFLj0w0U6P*+jPKyZHX9F#b0D1$&(- zrm8PJd?+SrVf^JlfTM^qGDK&-p2Kdfg?f>^%>1n8bu&byH(huaocL>l@f%c*QkX2i znl}VZ4R1en4S&Bcqw?$=Zi7ohqB$Jw9x`aM#>pHc0x z0$!q7iFu zZ`tryM70qBI6JWWTF9EjgG@>6SRzsd}3h+4D8d~@CR07P$LJ}MFsYi-*O%XVvD@yT|rJ+Mk zDllJ7$n0V&A!0flbOf)HE6P_afPWZmbhpliqJuw=-h+r;WGk|ntkWN(8tKlYpq5Ow z(@%s>IN8nHRaYb*^d;M(D$zGCv5C|uqmsDjwy4g=Lz>*OhO3z=)VD}C<65;`89Ye} zSCxrv#ILzIpEx1KdLPlM&%Cctf@FqTKvNPXC&`*H9=l=D3r!GLM?UV zOxa(8ZsB`&+76S-_xuj?G#wXBfDY@Z_tMpXJS7^mp z@YX&u0jYw2A+Z+bD#6sgVK5ZgdPSJV3>{K^4~%HV?rn~4D)*2H!67Y>0aOmzup`{D zzDp3c9yEbGCY$U<8biJ_gB*`jluz1ShUd!QUIQJ$*1;MXCMApJ^m*Fiv88RZ zFopLViw}{$Tyhh_{MLGIE2~sZ)t0VvoW%=8qKZ>h=adTe3QM$&$PO2lfqH@brt!9j ziePM8$!CgE9iz6B<6_wyTQj?qYa;eC^{x_0wuwV~W+^fZmFco-o%wsKSnjXFEx02V zF5C2t)T6Gw$Kf^_c;Ei3G~uC8SM-xyycmXyC2hAVi-IfXqhu$$-C=*|X?R0~hu z8`J6TdgflslhrmDZq1f?GXF7*ALeMmOEpRDg(s*H`4>_NAr`2uqF;k;JQ+8>A|_6ZNsNLECC%NNEb1Y1dP zbIEmNpK)#XagtL4R6BC{C5T(+=yA-(Z|Ap}U-AfZM#gwVpus3(gPn}Q$CExObJ5AC z)ff9Yk?wZ}dZ-^)?cbb9Fw#EjqQ8jxF4G3=L?Ra zg_)0QDMV1y^A^>HRI$x?Op@t;oj&H@1xt4SZ9(kifQ zb59B*`M99Td7@aZ3UWvj1rD0sE)d=BsBuW*KwkCds7ay(7*01_+L}b~7)VHI>F_!{ zyxg-&nCO?v#KOUec0{OOKy+sjWA;8rTE|Lv6I9H?CI?H(mUm8VXGwU$49LGpz&{nQp2}dinE1@lZ1iox6{ghN&v^GZv9J${7WaXj)<0S4g_uiJ&JCZ zr8-hsu`U%N;+9N^@&Q0^kVPB3)wY(rr}p7{p0qFHb3NUUHJb672+wRZs`gd1UjKPX z4o6zljKKA+Kkj?H>Ew63o%QjyBk&1!P22;MkD>sM0=z_s-G{mTixJCT9@_|*(p^bz zJ8?ZZ&;pzV+7#6Mn`_U-)k8Pjg?a;|Oe^us^PoPY$Va~yi8|?+&=y$f+lABT<*pZr zP}D{~Pq1Qyni+@|aP;ixO~mbEW9#c0OU#YbDZIaw=_&$K%Ep2f%hO^&P67hApZe`x zv8b`Mz@?M_7-)b!lkQKk)JXXUuT|B8kJlvqRmRpxtQDgvrHMXC1B$M@Y%Me!BSx3P z#2Eawl$HleZhhTS6Txm>lN_+I`>eV$&v9fOg)%zVn3O5mI*lAl>QcHuW6!Kixmq`X zBCZ*Ck6OYtDiK!N47>jxI&O2a9x7M|i^IagRr-fmrmikEQGgw%J7bO|)*$2FW95O4 zeBs>KR)izRG1gRVL;F*sr8A}aRHO0gc$$j&ds8CIO1=Gwq1%_~E)CWNn9pCtBE}+`Jelk4{>S)M)`Ll=!~gnn1yq^EX(+y*ik@3Ou0qU`IgYi3*doM+5&dU!cho$pZ zn%lhKeZkS72P?Cf68<#kll_6OAO26bIbueZx**j6o;I0cS^XiL`y+>{cD}gd%lux} z)3N>MaE24WBZ}s0ApfdM;5J_Ny}rfUyxfkC``Awo2#sgLnGPewK};dORuT?@I6(5~ z?kE)Qh$L&fwJXzK){iYx!l5$Tt|^D~MkGZPA}(o6f7w~O2G6Vvzdo*a;iXzk$B66$ zwF#;wM7A+(;uFG4+UAY(2`*3XXx|V$K8AYu#ECJYSl@S=uZW$ksfC$~qrrbQj4??z-)uz0QL}>k^?fPnJTPw% zGz)~?B4}u0CzOf@l^um}HZzbaIwPmb<)< zi_3@E9lc)Qe2_`*Z^HH;1CXOceL=CHpHS{HySy3T%<^NrWQ}G0i4e1xm_K3(+~oi$ zoHl9wzb?Z4j#90DtURtjtgvi7uw8DzHYmtPb;?%8vb9n@bszT=1qr)V_>R%s!92_` zfnHQPANx z<#hIjIMm#*(v*!OXtF+w8kLu`o?VZ5k7{`vw{Yc^qYclpUGIM_PBN1+c{#Vxv&E*@ zxg=W2W~JuV{IuRYw3>LSI1)a!thID@R=bU+cU@DbR^_SXY`MC7HOsCN z!dO4OKV7(E_Z8T#8MA1H`99?Z!r0)qKW_#|29X3#Jb+5+>qUidbeP1NJ@)(qi2S-X zao|f0_tl(O+$R|Qwd$H{_ig|~I1fbp_$NkI!0E;Y z6JrnU{1Ra6^on{9gUUB0mwzP3S%B#h0fjo>JvV~#+X0P~JV=IG=yHG$O+p5O3NUgG zEQ}z6BTp^Fie)Sg<){Z&I8NwPR(=mO4joTLHkJ>|Tnk23E(Bo`FSbPc05lF2-+)X? z6vV3*m~IBHTy*^E!<0nA(tCOJW2G4DsH7)BxLV8kICn5lu6@U*R`w)o9;Ro$i8=Q^V%uH8n3q=+Yf;SFRZu z!+F&PKcH#8cG?aSK_Tl@K9P#8o+jry@gdexz&d(Q=47<7nw@e@FFfIRNL9^)1i@;A z28+$Z#rjv-wj#heI|<&J_DiJ*s}xd-f!{J8jfqOHE`TiHHZVIA8CjkNQ_u;Ery^^t zl1I75&u^`1_q)crO+JT4rx|z2ToSC>)Or@-D zy3S>jW*sNIZR-EBsfyaJ+Jq4BQE4?SePtD2+jY8*%FsSLZ9MY>+wk?}}}AFAw)vr{ml)8LUG-y9>^t!{~|sgpxYc0Gnkg`&~R z-pilJZjr@y5$>B=VMdZ73svct%##v%wdX~9fz6i3Q-zOKJ9wso+h?VME7}SjL=!NUG{J?M&i!>ma`eoEa@IX`5G>B1(7;%}M*%-# zfhJ(W{y;>MRz!Ic8=S}VaBKqh;~7KdnGEHxcL$kA-6E~=!hrN*zw9N+_=odt<$_H_8dbo;0=42wcAETPCVGUr~v(`Uai zb{=D!Qc!dOEU6v)2eHSZq%5iqK?B(JlCq%T6av$Cb4Rko6onlG&?CqaX7Y_C_cOC3 zYZ;_oI(}=>_07}Oep&Ws7x7-R)cc8zfe!SYxJYP``pi$FDS)4Fvw5HH=FiU6xfVqIM!hJ;Rx8c0cB7~aPtNH(Nmm5Vh{ibAoU#J6 zImRCr?(iyu_4W_6AWo3*vxTPUw@vPwy@E0`(>1Qi=%>5eSIrp^`` zK*Y?fK_6F1W>-7UsB)RPC4>>Ps9)f+^MqM}8AUm@tZ->j%&h1M8s*s!LX5&WxQcAh z8mciQej@RPm?660%>{_D+7er>%zX_{s|$Z+;G7_sfNfBgY(zLB4Ey}J9F>zX#K0f6 z?dVNIeEh?EIShmP6>M+d|0wMM85Sa4diw1hrg|ITJ}JDg@o8y>(rF9mXk5M z2@D|NA)-7>wD&wF;S_$KS=eE84`BGw3g0?6wGxu8ys4rwI?9U=*^VF22t3%mbGeOh z`!O-OpF7#Vceu~F`${bW0nYVU9ecmk31V{tF%iv&5hWofC>I~cqAt@u6|R+|HLMMX zVxuSlMFOK_EQ86#E8&KwxIr8S9tj_goWtLv4f@!&h8;Ov41{J~496vp9vX=(LK#j! zAwi*21RAV-LD>9Cw3bV_9X(X3)Kr0-UaB*7Y>t82EQ%!)(&(XuAYtTsYy-dz+w=$ir)VJpe!_$ z6SGpX^i(af3{o=VlFPC);|J8#(=_8#vdxDe|Cok+ANhYwbE*FO`Su2m1~w+&9<_9~ z-|tTU_ACGN`~CNW5WYYBn^B#SwZ(t4%3aPp z;o)|L6Rk569KGxFLUPx@!6OOa+5OjQLK5w&nAmwxkC5rZ|m&HT8G%GVZxB_@ME z>>{rnXUqyiJrT(8GMj_ap#yN_!9-lO5e8mR3cJiK3NE{_UM&=*vIU`YkiL$1%kf+1 z4=jk@7EEj`u(jy$HnzE33ZVW_J4bj}K;vT?T91YlO(|Y0FU4r+VdbmQ97%(J5 zkK*Bed8+C}FcZ@HIgdCMioV%A<*4pw_n}l*{Cr4}a(lq|injK#O?$tyvyE`S%(1`H z_wwRvk#13ElkZvij2MFGOj`fhy?nC^8`Zyo%yVcUAfEr8x&J#A{|moUBAV_^f$hpaUuyQeY3da^ zS9iRgf87YBwfe}>BO+T&Fl%rfpZh#+AM?Dq-k$Bq`vG6G_b4z%Kbd&v>qFjow*mBl z-OylnqOpLg}or7_VNwRg2za3VBK6FUfFX{|TD z`Wt0Vm2H$vdlRWYQJqDmM?JUbVqL*ZQY|5&sY*?!&%P8qhA~5+Af<{MaGo(dl&C5t zE%t!J0 zh6jqANt4ABdPxSTrVV}fLsRQal*)l&_*rFq(Ez}ClEH6LHv{J#v?+H-BZ2)Wy{K@9 z+ovXHq~DiDvm>O~r$LJo!cOuwL+Oa--6;UFE2q@g3N8Qkw5E>ytz^(&($!O47+i~$ zKM+tkAd-RbmP{s_rh+ugTD;lriL~`Xwkad#;_aM?nQ7L_muEFI}U_4$phjvYgleK~`Fo`;GiC07&Hq1F<%p;9Q;tv5b?*QnR%8DYJH3P>Svmv47Y>*LPZJy8_{9H`g6kQpyZU{oJ`m%&p~D=K#KpfoJ@ zn-3cqmHsdtN!f?~w+(t+I`*7GQA#EQC^lUA9(i6=i1PqSAc|ha91I%X&nXzjYaM{8$s&wEx@aVkQ6M{E2 zfzId#&r(XwUNtPcq4Ngze^+XaJA1EK-%&C9j>^9(secqe{}z>hR5CFNveMsVA)m#S zk)_%SidkY-XmMWlVnQ(mNJ>)ooszQ#vaK;!rPmGKXV7am^_F!Lz>;~{VrIO$;!#30XRhE1QqO_~#+Ux;B_D{Nk=grn z8Y0oR^4RqtcYM)7a%@B(XdbZCOqnX#fD{BQTeLvRHd(irHKq=4*jq34`6@VAQR8WG z^%)@5CXnD_T#f%@-l${>y$tfb>2LPmc{~5A82|16mH)R?&r#KKLs7xpN-D`=&Cm^R zvMA6#Ahr<3X>Q7|-qfTY)}32HkAz$_mibYV!I)u>bmjK`qwBe(>za^0Kt*HnFbSdO z1>+ryKCNxmm^)*$XfiDOF2|{-v3KKB?&!(S_Y=Ht@|ir^hLd978xuI&N{k>?(*f8H z=ClxVJK_%_z1TH0eUwm2J+2To7FK4o+n_na)&#VLn1m;!+CX+~WC+qg1?PA~KdOlC zW)C@pw75_xoe=w7i|r9KGIvQ$+3K?L{7TGHwrQM{dCp=Z*D}3kX7E-@sZnup!BImw z*T#a=+WcTwL78exTgBn|iNE3#EsOorO z*kt)gDzHiPt07fmisA2LWN?AymkdqTgr?=loT7z@d`wnlr6oN}@o|&JX!yPzC*Y8d zu6kWlTzE1)ckyBn+0Y^HMN+GA$wUO_LN6W>mxCo!0?oiQvT`z$jbSEu&{UHRU0E8# z%B^wOc@S!yhMT49Y)ww(Xta^8pmPCe@eI5C*ed96)AX9<>))nKx0(sci8gwob_1}4 z0DIL&vsJ1_s%<@y%U*-eX z5rN&(zef-5G~?@r79oZGW1d!WaTqQn0F6RIOa9tJ=0(kdd{d1{<*tHT#cCvl*i>YY zH+L7jq8xZNcTUBqj(S)ztTU!TM!RQ}In*n&Gn<>(60G7}4%WQL!o>hbJqNDSGwl#H z`4k+twp0cj%PsS+NKaxslAEu9!#U3xT1|_KB6`h=PI0SW`P9GTa7caD1}vKEglV8# zjKZR`pluCW19c2fM&ZG)c3T3Um;ir3y(tSCJ7Agl6|b524dy5El{^EQBG?E61H0XY z`bqg!;zhGhyMFl&(o=JWEJ8n~z)xI}A@C0d2hQGvw7nGv)?POU@(kS1m=%`|+^ika zXl8zjS?xqW$WlO?Ewa;vF~XbybHBor$f<%I&*t$F5fynwZlTGj|IjZtVfGa7l&tK} zW>I<69w(cZLu)QIVG|M2xzW@S+70NinQzk&Y0+3WT*cC)rx~04O-^<{JohU_&HL5XdUKW!uFy|i$FB|EMu0eUyW;gsf`XfIc!Z0V zeK&*hPL}f_cX=@iv>K%S5kL;cl_$v?n(Q9f_cChk8Lq$glT|=e+T*8O4H2n<=NGmn z+2*h+v;kBvF>}&0RDS>)B{1!_*XuE8A$Y=G8w^qGMtfudDBsD5>T5SB;Qo}fSkkiV ze^K^M(UthkwrD!&*tTsu>Dacdj_q`~V%r_twr$(Ct&_dKeeXE?fA&4&yASJWJ*}~- zel=@W)tusynfC_YqH4ll>4Eg`Xjs5F7Tj>tTLz<0N3)X<1px_d2yUY>X~y>>93*$) z5PuNMQLf9Bu?AAGO~a_|J2akO1M*@VYN^VxvP0F$2>;Zb9;d5Yfd8P%oFCCoZE$ z4#N$^J8rxYjUE_6{T%Y>MmWfHgScpuGv59#4u6fpTF%~KB^Ae`t1TD_^Ud#DhL+Dm zbY^VAM#MrAmFj{3-BpVSWph2b_Y6gCnCAombVa|1S@DU)2r9W<> zT5L8BB^er3zxKt1v(y&OYk!^aoQisqU zH(g@_o)D~BufUXcPt!Ydom)e|aW{XiMnes2z&rE?og>7|G+tp7&^;q?Qz5S5^yd$i z8lWr4g5nctBHtigX%0%XzIAB8U|T6&JsC4&^hZBw^*aIcuNO47de?|pGXJ4t}BB`L^d8tD`H`i zqrP8?#J@8T#;{^B!KO6J=@OWKhAerih(phML`(Rg7N1XWf1TN>=Z3Do{l_!d~DND&)O)D>ta20}@Lt77qSnVsA7>)uZAaT9bsB>u&aUQl+7GiY2|dAEg@%Al3i316y;&IhQL^8fw_nwS>f60M_-m+!5)S_6EPM7Y)(Nq^8gL7(3 zOiot`6Wy6%vw~a_H?1hLVzIT^i1;HedHgW9-P#)}Y6vF%C=P70X0Tk^z9Te@kPILI z_(gk!k+0%CG)%!WnBjjw*kAKs_lf#=5HXC00s-}oM-Q1aXYLj)(1d!_a7 z*Gg4Fe6F$*ujVjI|79Z5+Pr`us%zW@ln++2l+0hsngv<{mJ%?OfSo_3HJXOCys{Ug z00*YR-(fv<=&%Q!j%b-_ppA$JsTm^_L4x`$k{VpfLI(FMCap%LFAyq;#ns5bR7V+x zO!o;c5y~DyBPqdVQX)8G^G&jWkBy2|oWTw>)?5u}SAsI$RjT#)lTV&Rf8;>u*qXnb z8F%Xb=7#$m)83z%`E;49)t3fHInhtc#kx4wSLLms!*~Z$V?bTyUGiS&m>1P(952(H zuHdv=;o*{;5#X-uAyon`hP}d#U{uDlV?W?_5UjJvf%11hKwe&(&9_~{W)*y1nR5f_ z!N(R74nNK`y8>B!0Bt_Vr!;nc3W>~RiKtGSBkNlsR#-t^&;$W#)f9tTlZz>n*+Fjz z3zXZ;jf(sTM(oDzJt4FJS*8c&;PLTW(IQDFs_5QPy+7yhi1syPCarvqrHFcf&yTy)^O<1EBx;Ir`5W{TIM>{8w&PB>ro4;YD<5LF^TjTb0!zAP|QijA+1Vg>{Afv^% zmrkc4o6rvBI;Q8rj4*=AZacy*n8B{&G3VJc)so4$XUoie0)vr;qzPZVbb<#Fc=j+8CGBWe$n|3K& z_@%?{l|TzKSlUEO{U{{%Fz_pVDxs7i9H#bnbCw7@4DR=}r_qV!Zo~CvD4ZI*+j3kO zW6_=|S`)(*gM0Z;;}nj`73OigF4p6_NPZQ-Od~e$c_);;4-7sR>+2u$6m$Gf%T{aq zle>e3(*Rt(TPD}03n5)!Ca8Pu!V}m6v0o1;5<1h$*|7z|^(3$Y&;KHKTT}hV056wuF0Xo@mK-52~r=6^SI1NC%c~CC?n>yX6wPTgiWYVz!Sx^atLby9YNn1Rk{g?|pJaxD4|9cUf|V1_I*w zzxK)hRh9%zOl=*$?XUjly5z8?jPMy%vEN)f%T*|WO|bp5NWv@B(K3D6LMl!-6dQg0 zXNE&O>Oyf%K@`ngCvbGPR>HRg5!1IV$_}m@3dWB7x3t&KFyOJn9pxRXCAzFr&%37wXG;z^xaO$ekR=LJG ztIHpY8F5xBP{mtQidqNRoz= z@){+N3(VO5bD+VrmS^YjG@+JO{EOIW)9=F4v_$Ed8rZtHvjpiEp{r^c4F6Ic#ChlC zJX^DtSK+v(YdCW)^EFcs=XP7S>Y!4=xgmv>{S$~@h=xW-G4FF9?I@zYN$e5oF9g$# zb!eVU#J+NjLyX;yb)%SY)xJdvGhsnE*JEkuOVo^k5PyS=o#vq!KD46UTW_%R=Y&0G zFj6bV{`Y6)YoKgqnir2&+sl+i6foAn-**Zd1{_;Zb7Ki=u394C5J{l^H@XN`_6XTKY%X1AgQM6KycJ+= zYO=&t#5oSKB^pYhNdzPgH~aEGW2=ec1O#s-KG z71}LOg@4UEFtp3GY1PBemXpNs6UK-ax*)#$J^pC_me;Z$Je(OqLoh|ZrW*mAMBFn< zHttjwC&fkVfMnQeen8`Rvy^$pNRFVaiEN4Pih*Y3@jo!T0nsClN)pdrr9AYLcZxZ| zJ5Wlj+4q~($hbtuY zVQ7hl>4-+@6g1i`1a)rvtp-;b0>^`Dloy(#{z~ytgv=j4q^Kl}wD>K_Y!l~ zp(_&7sh`vfO(1*MO!B%<6E_bx1)&s+Ae`O)a|X=J9y~XDa@UB`m)`tSG4AUhoM=5& znWoHlA-(z@3n0=l{E)R-p8sB9XkV zZ#D8wietfHL?J5X0%&fGg@MH~(rNS2`GHS4xTo7L$>TPme+Is~!|79=^}QbPF>m%J zFMkGzSndiPO|E~hrhCeo@&Ea{M(ieIgRWMf)E}qeTxT8Q#g-!Lu*x$v8W^M^>?-g= zwMJ$dThI|~M06rG$Sv@C@tWR>_YgaG&!BAbkGggVQa#KdtDB)lMLNVLN|51C@F^y8 zCRvMB^{GO@j=cHfmy}_pCGbP%xb{pNN>? z?7tBz$1^zVaP|uaatYaIN+#xEN4jBzwZ|YI_)p(4CUAz1ZEbDk>J~Y|63SZaak~#0 zoYKruYsWHoOlC1(MhTnsdUOwQfz5p6-D0}4;DO$B;7#M{3lSE^jnTT;ns`>!G%i*F?@pR1JO{QTuD0U+~SlZxcc8~>IB{)@8p`P&+nDxNj`*gh|u?yrv$phpQcW)Us)bi`kT%qLj(fi{dWRZ%Es2!=3mI~UxiW0$-v3vUl?#g{p6eF zMEUAqo5-L0Ar(s{VlR9g=j7+lt!gP!UN2ICMokAZ5(Agd>})#gkA2w|5+<%-CuEP# zqgcM}u@3(QIC^Gx<2dbLj?cFSws_f3e%f4jeR?4M^M3cx1f+Qr6ydQ>n)kz1s##2w zk}UyQc+Z5G-d-1}{WzjkLXgS-2P7auWSJ%pSnD|Uivj5u!xk0 z_^-N9r9o;(rFDt~q1PvE#iJZ_f>J3gcP$)SOqhE~pD2|$=GvpL^d!r z6u=sp-CrMoF7;)}Zd7XO4XihC4ji?>V&(t^?@3Q&t9Mx=qex6C9d%{FE6dvU6%d94 zIE;hJ1J)cCqjv?F``7I*6bc#X)JW2b4f$L^>j{*$R`%5VHFi*+Q$2;nyieduE}qdS{L8y8F08yLs?w}{>8>$3236T-VMh@B zq-nujsb_1aUv_7g#)*rf9h%sFj*^mIcImRV*k~Vmw;%;YH(&ylYpy!&UjUVqqtfG` zox3esju?`unJJA_zKXRJP)rA3nXc$m^{S&-p|v|-0x9LHJm;XIww7C#R$?00l&Yyj z=e}gKUOpsImwW?N)+E(awoF@HyP^EhL+GlNB#k?R<2>95hz!h9sF@U20DHSB3~WMa zk90+858r@-+vWwkawJ)8ougd(i#1m3GLN{iSTylYz$brAsP%=&m$mQQrH$g%3-^VR zE%B`Vi&m8f3T~&myTEK28BDWCVzfWir1I?03;pX))|kY5ClO^+bae z*7E?g=3g7EiisYOrE+lA)2?Ln6q2*HLNpZEWMB|O-JI_oaHZB%CvYB(%=tU= zE*OY%QY58fW#RG5=gm0NR#iMB=EuNF@)%oZJ}nmm=tsJ?eGjia{e{yuU0l3{d^D@)kVDt=1PE)&tf_hHC%0MB znL|CRCPC}SeuVTdf>-QV70`0(EHizc21s^sU>y%hW0t!0&y<7}Wi-wGy>m%(-jsDj zP?mF|>p_K>liZ6ZP(w5(|9Ga%>tLgb$|doDDfkdW>Z z`)>V2XC?NJT26mL^@ zf+IKr27TfM!UbZ@?zRddC7#6ss1sw%CXJ4FWC+t3lHZupzM77m^=9 z&(a?-LxIq}*nvv)y?27lZ{j zifdl9hyJudyP2LpU$-kXctshbJDKS{WfulP5Dk~xU4Le4c#h^(YjJit4#R8_khheS z|8(>2ibaHES4+J|DBM7I#QF5u-*EdN{n=Kt@4Zt?@Tv{JZA{`4 zU#kYOv{#A&gGPwT+$Ud}AXlK3K7hYzo$(fBSFjrP{QQ zeaKg--L&jh$9N}`pu{Bs>?eDFPaWY4|9|foN%}i;3%;@4{dc+iw>m}{3rELqH21G! z`8@;w-zsJ1H(N3%|1B@#ioLOjib)j`EiJqPQVSbPSPVHCj6t5J&(NcWzBrzCiDt{4 zdlPAUKldz%6x5II1H_+jv)(xVL+a;P+-1hv_pM>gMRr%04@k;DTokASSKKhU1Qms| zrWh3a!b(J3n0>-tipg{a?UaKsP7?+|@A+1WPDiQIW1Sf@qDU~M_P65_s}7(gjTn0X zucyEm)o;f8UyshMy&>^SC3I|C6jR*R_GFwGranWZe*I>K+0k}pBuET&M~ z;Odo*ZcT?ZpduHyrf8E%IBFtv;JQ!N_m>!sV6ly$_1D{(&nO~w)G~Y`7sD3#hQk%^ zp}ucDF_$!6DAz*PM8yE(&~;%|=+h(Rn-=1Wykas_-@d&z#=S}rDf`4w(rVlcF&lF! z=1)M3YVz7orwk^BXhslJ8jR);sh^knJW(Qmm(QdSgIAIdlN4Te5KJisifjr?eB{FjAX1a0AB>d?qY4Wx>BZ8&}5K0fA+d{l8 z?^s&l8#j7pR&ijD?0b%;lL9l$P_mi2^*_OL+b}4kuLR$GAf85sOo02?Y#90}CCDiS zZ%rbCw>=H~CBO=C_JVV=xgDe%b4FaEFtuS7Q1##y686r%F6I)s-~2(}PWK|Z8M+Gu zl$y~5@#0Ka%$M<&Cv%L`a8X^@tY&T7<0|(6dNT=EsRe0%kp1Qyq!^43VAKYnr*A5~ zsI%lK1ewqO;0TpLrT9v}!@vJK{QoVa_+N4FYT#h?Y8rS1S&-G+m$FNMP?(8N`MZP zels(*?kK{{^g9DOzkuZXJ2;SrOQsp9T$hwRB1(phw1c7`!Q!by?Q#YsSM#I12RhU{$Q+{xj83axHcftEc$mNJ8_T7A-BQc*k(sZ+~NsO~xAA zxnbb%dam_fZlHvW7fKXrB~F&jS<4FD2FqY?VG?ix*r~MDXCE^WQ|W|WM;gsIA4lQP zJ2hAK@CF*3*VqPr2eeg6GzWFlICi8S>nO>5HvWzyZTE)hlkdC_>pBej*>o0EOHR|) z$?};&I4+_?wvL*g#PJ9)!bc#9BJu1(*RdNEn>#Oxta(VWeM40ola<0aOe2kSS~{^P zDJBd}0L-P#O-CzX*%+$#v;(x%<*SPgAje=F{Zh-@ucd2DA(yC|N_|ocs*|-!H%wEw z@Q!>siv2W;C^^j^59OAX03&}&D*W4EjCvfi(ygcL#~t8XGa#|NPO+*M@Y-)ctFA@I z-p7npT1#5zOLo>7q?aZpCZ=iecn3QYklP;gF0bq@>oyBq94f6C=;Csw3PkZ|5q=(c zfs`aw?II0e(h=|7o&T+hq&m$; zBrE09Twxd9BJ2P+QPN}*OdZ-JZV7%av@OM7v!!NL8R;%WFq*?{9T3{ct@2EKgc8h) zMxoM$SaF#p<`65BwIDfmXG6+OiK0e)`I=!A3E`+K@61f}0e z!2a*FOaDrOe>U`q%K!QN`&=&0C~)CaL3R4VY(NDt{Xz(Xpqru5=r#uQN1L$Je1*dkdqQ*=lofQaN%lO!<5z9ZlHgxt|`THd>2 zsWfU$9=p;yLyJyM^t zS2w9w?Bpto`@H^xJpZDKR1@~^30Il6oFGfk5%g6w*C+VM)+%R@gfIwNprOV5{F^M2 zO?n3DEzpT+EoSV-%OdvZvNF+pDd-ZVZ&d8 zKeIyrrfPN=EcFRCPEDCVflX#3-)Ik_HCkL(ejmY8vzcf-MTA{oHk!R2*36`O68$7J zf}zJC+bbQk--9Xm!u#lgLvx8TXx2J258E5^*IZ(FXMpq$2LUUvhWQPs((z1+2{Op% z?J}9k5^N=z;7ja~zi8a_-exIqWUBJwohe#4QJ`|FF*$C{lM18z^#hX6!5B8KAkLUX ziP=oti-gpV(BsLD{0(3*dw}4JxK23Y7M{BeFPucw!sHpY&l%Ws4pSm`+~V7;bZ%Dx zeI)MK=4vC&5#;2MT7fS?^ch9?2;%<8Jlu-IB&N~gg8t;6S-#C@!NU{`p7M8@2iGc& zg|JPg%@gCoCQ&s6JvDU&`X2S<57f(k8nJ1wvBu{8r?;q3_kpZZ${?|( z+^)UvR33sjSd)aT!UPkA;ylO6{aE3MQa{g%Mcf$1KONcjO@&g5zPHWtzM1rYC{_K> zgQNcs<{&X{OA=cEWw5JGqpr0O>x*Tfak2PE9?FuWtz^DDNI}rwAaT0(bdo-<+SJ6A z&}S%boGMWIS0L}=S>|-#kRX;e^sUsotry(MjE|3_9duvfc|nwF#NHuM-w7ZU!5ei8 z6Mkf>2)WunY2eU@C-Uj-A zG(z0Tz2YoBk>zCz_9-)4a>T46$(~kF+Y{#sA9MWH%5z#zNoz)sdXq7ZR_+`RZ%0(q zC7&GyS_|BGHNFl8Xa%@>iWh%Gr?=J5<(!OEjauj5jyrA-QXBjn0OAhJJ9+v=!LK`` z@g(`^*84Q4jcDL`OA&ZV60djgwG`|bcD*i50O}Q{9_noRg|~?dj%VtKOnyRs$Uzqg z191aWoR^rDX#@iSq0n z?9Sg$WSRPqSeI<}&n1T3!6%Wj@5iw5`*`Btni~G=&;J+4`7g#OQTa>u`{4ZZ(c@s$ zK0y;ySOGD-UTjREKbru{QaS>HjN<2)R%Nn-TZiQ(Twe4p@-saNa3~p{?^V9Nixz@a zykPv~<@lu6-Ng9i$Lrk(xi2Tri3q=RW`BJYOPC;S0Yly%77c727Yj-d1vF!Fuk{Xh z)lMbA69y7*5ufET>P*gXQrxsW+ zz)*MbHZv*eJPEXYE<6g6_M7N%#%mR{#awV3i^PafNv(zyI)&bH?F}2s8_rR(6%!V4SOWlup`TKAb@ee>!9JKPM=&8g#BeYRH9FpFybxBXQI2|g}FGJfJ+ zY-*2hB?o{TVL;Wt_ek;AP5PBqfDR4@Z->_182W z{P@Mc27j6jE*9xG{R$>6_;i=y{qf(c`5w9fa*`rEzX6t!KJ(p1H|>J1pC-2zqWENF zmm=Z5B4u{cY2XYl(PfrInB*~WGWik3@1oRhiMOS|D;acnf-Bs(QCm#wR;@Vf!hOPJ zgjhDCfDj$HcyVLJ=AaTbQ{@vIv14LWWF$=i-BDoC11}V;2V8A`S>_x)vIq44-VB-v z*w-d}$G+Ql?En8j!~ZkCpQ$|cA0|+rrY>tiCeWxkRGPoarxlGU2?7%k#F693RHT24 z-?JsiXlT2PTqZqNb&sSc>$d;O4V@|b6VKSWQb~bUaWn1Cf0+K%`Q&Wc<>mQ>*iEGB zbZ;aYOotBZ{vH3y<0A*L0QVM|#rf*LIsGx(O*-7)r@yyBIzJnBFSKBUSl1e|8lxU* zzFL+YDVVkIuzFWeJ8AbgN&w(4-7zbiaMn{5!JQXu)SELk*CNL+Fro|2v|YO)1l15t zs(0^&EB6DPMyaqvY>=KL>)tEpsn;N5Q#yJj<9}ImL((SqErWN3Q=;tBO~ExTCs9hB z2E$7eN#5wX4<3m^5pdjm#5o>s#eS_Q^P)tm$@SawTqF*1dj_i#)3};JslbLKHXl_N z)Fxzf>FN)EK&Rz&*|6&%Hs-^f{V|+_vL1S;-1K-l$5xiC@}%uDuwHYhmsV?YcOUlk zOYkG5v2+`+UWqpn0aaaqrD3lYdh0*!L`3FAsNKu=Q!vJu?Yc8n|CoYyDo_`r0mPoo z8>XCo$W4>l(==h?2~PoRR*kEe)&IH{1sM41mO#-36`02m#nTX{r*r`Q5rZ2-sE|nA zhnn5T#s#v`52T5|?GNS`%HgS2;R(*|^egNPDzzH_z^W)-Q98~$#YAe)cEZ%vge965AS_am#DK#pjPRr-!^za8>`kksCAUj(Xr*1NW5~e zpypt_eJpD&4_bl_y?G%>^L}=>xAaV>KR6;^aBytqpiHe%!j;&MzI_>Sx7O%F%D*8s zSN}cS^<{iiK)=Ji`FpO#^zY!_|D)qeRNAtgmH)m;qC|mq^j(|hL`7uBz+ULUj37gj zksdbnU+LSVo35riSX_4z{UX=%n&}7s0{WuZYoSfwAP`8aKN9P@%e=~1`~1ASL-z%# zw>DO&ixr}c9%4InGc*_y42bdEk)ZdG7-mTu0bD@_vGAr*NcFoMW;@r?@LUhRI zCUJgHb`O?M3!w)|CPu~ej%fddw20lod?Ufp8Dmt0PbnA0J%KE^2~AIcnKP()025V> zG>noSM3$5Btmc$GZoyP^v1@Poz0FD(6YSTH@aD0}BXva?LphAiSz9f&Y(aDAzBnUh z?d2m``~{z;{}kZJ>a^wYI?ry(V9hIoh;|EFc0*-#*`$T0DRQ1;WsqInG;YPS+I4{g zJGpKk%%Sdc5xBa$Q^_I~(F97eqDO7AN3EN0u)PNBAb+n+ zWBTxQx^;O9o0`=g+Zrt_{lP!sgWZHW?8bLYS$;1a@&7w9rD9|Ge;Gb?sEjFoF9-6v z#!2)t{DMHZ2@0W*fCx;62d#;jouz`R5Y(t{BT=$N4yr^^o$ON8d{PQ=!O zX17^CrdM~7D-;ZrC!||<+FEOxI_WI3CA<35va%4v>gc zEX-@h8esj=a4szW7x{0g$hwoWRQG$yK{@3mqd-jYiVofJE!Wok1* znV7Gm&Ssq#hFuvj1sRyHg(6PFA5U*Q8Rx>-blOs=lb`qa{zFy&n4xY;sd$fE+<3EI z##W$P9M{B3c3Si9gw^jlPU-JqD~Cye;wr=XkV7BSv#6}DrsXWFJ3eUNrc%7{=^sP> zrp)BWKA9<}^R9g!0q7yWlh;gr_TEOD|#BmGq<@IV;ueg+D2}cjpp+dPf&Q(36sFU&K8}hA85U61faW&{ zlB`9HUl-WWCG|<1XANN3JVAkRYvr5U4q6;!G*MTdSUt*Mi=z_y3B1A9j-@aK{lNvx zK%p23>M&=KTCgR!Ee8c?DAO2_R?B zkaqr6^BSP!8dHXxj%N1l+V$_%vzHjqvu7p@%Nl6;>y*S}M!B=pz=aqUV#`;h%M0rU zHfcog>kv3UZAEB*g7Er@t6CF8kHDmKTjO@rejA^ULqn!`LwrEwOVmHx^;g|5PHm#B zZ+jjWgjJ!043F+&#_;D*mz%Q60=L9Ove|$gU&~As5^uz@2-BfQ!bW)Khn}G+Wyjw- z19qI#oB(RSNydn0t~;tAmK!P-d{b-@@E5|cdgOS#!>%#Rj6ynkMvaW@37E>@hJP^8 z2zk8VXx|>#R^JCcWdBCy{0nPmYFOxN55#^-rlqobe0#L6)bi?E?SPymF*a5oDDeSd zO0gx?#KMoOd&G(2O@*W)HgX6y_aa6iMCl^~`{@UR`nMQE`>n_{_aY5nA}vqU8mt8H z`oa=g0SyiLd~BxAj2~l$zRSDHxvDs;I4>+M$W`HbJ|g&P+$!U7-PHX4RAcR0szJ*( ze-417=bO2q{492SWrqDK+L3#ChUHtz*@MP)e^%@>_&#Yk^1|tv@j4%3T)diEX zATx4K*hcO`sY$jk#jN5WD<=C3nvuVsRh||qDHnc~;Kf59zr0;c7VkVSUPD%NnnJC_ zl3F^#f_rDu8l}l8qcAz0FFa)EAt32IUy_JLIhU_J^l~FRH&6-ivSpG2PRqzDdMWft>Zc(c)#tb%wgmWN%>IOPm zZi-noqS!^Ftb81pRcQi`X#UhWK70hy4tGW1mz|+vI8c*h@ zfFGJtW3r>qV>1Z0r|L>7I3un^gcep$AAWfZHRvB|E*kktY$qQP_$YG60C@X~tTQjB3%@`uz!qxtxF+LE!+=nrS^07hn` zEgAp!h|r03h7B!$#OZW#ACD+M;-5J!W+{h|6I;5cNnE(Y863%1(oH}_FTW})8zYb$7czP zg~Szk1+_NTm6SJ0MS_|oSz%e(S~P-&SFp;!k?uFayytV$8HPwuyELSXOs^27XvK-D zOx-Dl!P|28DK6iX>p#Yb%3`A&CG0X2S43FjN%IB}q(!hC$fG}yl1y9W&W&I@KTg6@ zK^kpH8=yFuP+vI^+59|3%Zqnb5lTDAykf z9S#X`3N(X^SpdMyWQGOQRjhiwlj!0W-yD<3aEj^&X%=?`6lCy~?`&WSWt z?U~EKFcCG_RJ(Qp7j=$I%H8t)Z@6VjA#>1f@EYiS8MRHZphp zMA_5`znM=pzUpBPO)pXGYpQ6gkine{6u_o!P@Q+NKJ}k!_X7u|qfpAyIJb$_#3@wJ z<1SE2Edkfk9C!0t%}8Yio09^F`YGzpaJHGk*-ffsn85@)%4@`;Fv^8q(-Wk7r=Q8p zT&hD`5(f?M{gfzGbbwh8(}G#|#fDuk7v1W)5H9wkorE0ZZjL0Q1=NRGY>zwgfm81DdoaVwNH;or{{eSyybt)m<=zXoA^RALYG-2t zouH|L*BLvmm9cdMmn+KGopyR@4*=&0&4g|FLoreZOhRmh=)R0bg~ zT2(8V_q7~42-zvb)+y959OAv!V$u(O3)%Es0M@CRFmG{5sovIq4%8Ahjk#*5w{+)+ zMWQoJI_r$HxL5km1#6(e@{lK3Udc~n0@g`g$s?VrnQJ$!oPnb?IHh-1qA`Rz$)Ai< z6w$-MJW-gKNvOhL+XMbE7&mFt`x1KY>k4(!KbbpZ`>`K@1J<(#vVbjx@Z@(6Q}MF# zMnbr-f55(cTa^q4+#)=s+ThMaV~E`B8V=|W_fZWDwiso8tNMTNse)RNBGi=gVwgg% zbOg8>mbRN%7^Um-7oj4=6`$|(K7!+t^90a{$18Z>}<#!bm%ZEFQ{X(yBZMc>lCz0f1I2w9Sq zuGh<9<=AO&g6BZte6hn>Qmvv;Rt)*cJfTr2=~EnGD8P$v3R|&1RCl&7)b+`=QGapi zPbLg_pxm`+HZurtFZ;wZ=`Vk*do~$wB zxoW&=j0OTbQ=Q%S8XJ%~qoa3Ea|au5o}_(P;=!y-AjFrERh%8la!z6Fn@lR?^E~H12D?8#ht=1F;7@o4$Q8GDj;sSC%Jfn01xgL&%F2 zwG1|5ikb^qHv&9hT8w83+yv&BQXOQyMVJSBL(Ky~p)gU3#%|blG?IR9rP^zUbs7rOA0X52Ao=GRt@C&zlyjNLv-} z9?*x{y(`509qhCV*B47f2hLrGl^<@SuRGR!KwHei?!CM10Tq*YDIoBNyRuO*>3FU? zHjipIE#B~y3FSfOsMfj~F9PNr*H?0oHyYB^G(YyNh{SxcE(Y-`x5jFMKb~HO*m+R% zrq|ic4fzJ#USpTm;X7K+E%xsT_3VHKe?*uc4-FsILUH;kL>_okY(w`VU*8+l>o>Jm ziU#?2^`>arnsl#)*R&nf_%>A+qwl%o{l(u)M?DK1^mf260_oteV3#E_>6Y4!_hhVD zM8AI6MM2V*^_M^sQ0dmHu11fy^kOqXqzpr?K$`}BKWG`=Es(9&S@K@)ZjA{lj3ea7_MBP zk(|hBFRjHVMN!sNUkrB;(cTP)T97M$0Dtc&UXSec<+q?y>5=)}S~{Z@ua;1xt@=T5 zI7{`Z=z_X*no8s>mY;>BvEXK%b`a6(DTS6t&b!vf_z#HM{Uoy_5fiB(zpkF{})ruka$iX*~pq1ZxD?q68dIo zIZSVls9kFGsTwvr4{T_LidcWtt$u{kJlW7moRaH6+A5hW&;;2O#$oKyEN8kx`LmG)Wfq4ykh+q{I3|RfVpkR&QH_x;t41Uw z`P+tft^E2B$domKT@|nNW`EHwyj>&}K;eDpe z1bNOh=fvIfk`&B61+S8ND<(KC%>y&?>opCnY*r5M+!UrWKxv0_QvTlJc>X#AaI^xo zaRXL}t5Ej_Z$y*|w*$6D+A?Lw-CO-$itm^{2Ct82-<0IW)0KMNvJHgBrdsIR0v~=H z?n6^}l{D``Me90`^o|q!olsF?UX3YSq^6Vu>Ijm>>PaZI8G@<^NGw{Cx&%|PwYrfw zR!gX_%AR=L3BFsf8LxI|K^J}deh0ZdV?$3r--FEX`#INxsOG6_=!v)DI>0q|BxT)z z-G6kzA01M?rba+G_mwNMQD1mbVbNTWmBi*{s_v_Ft9m2Avg!^78(QFu&n6mbRJ2bA zv!b;%yo{g*9l2)>tsZJOOp}U~8VUH`}$ z8p_}t*XIOehezolNa-a2x0BS})Y9}&*TPgua{Ewn-=wVrmJUeU39EKx+%w%=ixQWK zDLpwaNJs65#6o7Ln7~~X+p_o2BR1g~VCfxLzxA{HlWAI6^H;`juI=&r1jQrUv_q0Z z1Ja-tjdktrrP>GOC*#p?*xfQU5MqjMsBe!9lh(u8)w$e@Z|>aUHI5o;MGw*|Myiz3 z-f0;pHg~Q#%*Kx8MxH%AluVXjG2C$)WL-K63@Q`#y9_k_+}eR(x4~dp7oV-ek0H>I zgy8p#i4GN{>#v=pFYUQT(g&b$OeTy-X_#FDgNF8XyfGY6R!>inYn8IR2RDa&O!(6< znXs{W!bkP|s_YI*Yx%4stI`=ZO45IK6rBs`g7sP40ic}GZ58s?Mc$&i`kq_tfci>N zIHrC0H+Qpam1bNa=(`SRKjixBTtm&e`j9porEci!zdlg1RI0Jw#b(_Tb@RQK1Zxr_ z%7SUeH6=TrXt3J@js`4iDD0=IoHhK~I7^W8^Rcp~Yaf>2wVe|Hh1bUpX9ATD#moByY57-f2Ef1TP^lBi&p5_s7WGG9|0T}dlfxOx zXvScJO1Cnq`c`~{Dp;{;l<-KkCDE+pmexJkd}zCgE{eF=)K``-qC~IT6GcRog_)!X z?fK^F8UDz$(zFUrwuR$qro5>qqn>+Z%<5>;_*3pZ8QM|yv9CAtrAx;($>4l^_$_-L z*&?(77!-=zvnCVW&kUcZMb6;2!83si518Y%R*A3JZ8Is|kUCMu`!vxDgaWjs7^0j( ziTaS4HhQ)ldR=r)_7vYFUr%THE}cPF{0H45FJ5MQW^+W>P+eEX2kLp3zzFe*-pFVA zdDZRybv?H|>`9f$AKVjFWJ=wegO7hOOIYCtd?Vj{EYLT*^gl35|HQ`R=ti+ADm{jyQE7K@kdjuqJhWVSks>b^ zxha88-h3s;%3_5b1TqFCPTxVjvuB5U>v=HyZ$?JSk+&I%)M7KE*wOg<)1-Iy)8-K! z^XpIt|0ibmk9RtMmlUd7#Ap3Q!q9N4atQy)TmrhrFhfx1DAN`^vq@Q_SRl|V z#lU<~n67$mT)NvHh`%als+G-)x1`Y%4Bp*6Un5Ri9h=_Db zA-AdP!f>f0m@~>7X#uBM?diI@)Egjuz@jXKvm zJo+==juc9_<;CqeRaU9_Mz@;3e=E4=6TK+c`|uu#pIqhSyNm`G(X)&)B`8q0RBv#> z`gGlw(Q=1Xmf55VHj%C#^1lpc>LY8kfA@|rlC1EA<1#`iuyNO z(=;irt{_&K=i4)^x%;U(Xv<)+o=dczC5H3W~+e|f~{*ucxj@{Yi-cw^MqYr3fN zF5D+~!wd$#al?UfMnz(@K#wn`_5na@rRr8XqN@&M&FGEC@`+OEv}sI1hw>Up0qAWf zL#e4~&oM;TVfjRE+10B_gFlLEP9?Q-dARr3xi6nQqnw>k-S;~b z;!0s2VS4}W8b&pGuK=7im+t(`nz@FnT#VD|!)eQNp-W6)@>aA+j~K*H{$G`y2|QHY z|Hmy+CR@#jWY4~)lr1qBJB_RfHJFfP<}pK5(#ZZGSqcpyS&}01LnTWk5fzmXMGHkJ zTP6L^B+uj;lmB_W<~4=${+v0>z31M!-_O@o-O9GyW)j_mjx}!0@br_LE-7SIuPP84 z;5=O(U*g_um0tyG|61N@d9lEuOeiRd+#NY^{nd5;-CVlw&Ap7J?qwM^?E29wvS}2d zbzar4Fz&RSR(-|s!Z6+za&Z zY#D<5q_JUktIzvL0)yq_kLWG6DO{ri=?c!y!f(Dk%G{8)k`Gym%j#!OgXVDD3;$&v@qy#ISJfp=Vm>pls@9-mapVQChAHHd-x+OGx)(*Yr zC1qDUTZ6mM(b_hi!TuFF2k#8uI2;kD70AQ&di$L*4P*Y-@p`jdm%_c3f)XhYD^6M8&#Y$ZpzQMcR|6nsH>b=*R_Von!$BTRj7yGCXokoAQ z&ANvx0-Epw`QIEPgI(^cS2f(Y85yV@ygI{ewyv5Frng)e}KCZF7JbR(&W618_dcEh(#+^zZFY;o<815<5sOHQdeax9_!PyM&;{P zkBa5xymca0#)c#tke@3KNEM8a_mT&1gm;p&&JlMGH(cL(b)BckgMQ^9&vRwj!~3@l zY?L5}=Jzr080OGKb|y`ee(+`flQg|!lo6>=H)X4`$Gz~hLmu2a%kYW_Uu8x09Pa0J zKZ`E$BKJ=2GPj_3l*TEcZ*uYRr<*J^#5pILTT;k_cgto1ZL-%slyc16J~OH-(RgDA z%;EjEnoUkZ&acS{Q8`{i6T5^nywgqQI5bDIymoa7CSZG|WWVk>GM9)zy*bNih|QIm z%0+(Nnc*a_xo;$=!HQYaapLms>J1ToyjtFByY`C2H1wT#178#4+|{H0BBqtCdd$L% z_3Hc60j@{t9~MjM@LBalR&6@>B;9?r<7J~F+WXyYu*y3?px*=8MAK@EA+jRX8{CG?GI-< z54?Dc9CAh>QTAvyOEm0^+x;r2BWX|{3$Y7)L5l*qVE*y0`7J>l2wCmW zL1?|a`pJ-l{fb_N;R(Z9UMiSj6pQjOvQ^%DvhIJF!+Th7jO2~1f1N+(-TyCFYQZYw z4)>7caf^Ki_KJ^Zx2JUb z&$3zJy!*+rCV4%jqwyuNY3j1ZEiltS0xTzd+=itTb;IPYpaf?8Y+RSdVdpacB(bVQ zC(JupLfFp8y43%PMj2}T|VS@%LVp>hv4Y!RPMF?pp8U_$xCJ)S zQx!69>bphNTIb9yn*_yfj{N%bY)t{L1cs8<8|!f$;UQ*}IN=2<6lA;x^(`8t?;+ST zh)z4qeYYgZkIy{$4x28O-pugO&gauRh3;lti9)9Pvw+^)0!h~%m&8Q!AKX%urEMnl z?yEz?g#ODn$UM`+Q#$Q!6|zsq_`dLO5YK-6bJM6ya>}H+vnW^h?o$z;V&wvuM$dR& zeEq;uUUh$XR`TWeC$$c&Jjau2it3#%J-y}Qm>nW*s?En?R&6w@sDXMEr#8~$=b(gk zwDC3)NtAP;M2BW_lL^5ShpK$D%@|BnD{=!Tq)o(5@z3i7Z){} zGr}Exom_qDO{kAVkZ*MbLNHE666Kina#D{&>Jy%~w7yX$oj;cYCd^p9zy z8*+wgSEcj$4{WxKmCF(5o7U4jqwEvO&dm1H#7z}%VXAbW&W24v-tS6N3}qrm1OnE)fUkoE8yMMn9S$?IswS88tQWm4#Oid#ckgr6 zRtHm!mfNl-`d>O*1~d7%;~n+{Rph6BBy^95zqI{K((E!iFQ+h*C3EsbxNo_aRm5gj zKYug($r*Q#W9`p%Bf{bi6;IY0v`pB^^qu)gbg9QHQ7 zWBj(a1YSu)~2RK8Pi#C>{DMlrqFb9e_RehEHyI{n?e3vL_}L>kYJC z_ly$$)zFi*SFyNrnOt(B*7E$??s67EO%DgoZL2XNk8iVx~X_)o++4oaK1M|ou73vA0K^503j@uuVmLcHH4ya-kOIDfM%5%(E z+Xpt~#7y2!KB&)PoyCA+$~DXqxPxxALy!g-O?<9+9KTk4Pgq4AIdUkl`1<1#j^cJg zgU3`0hkHj_jxV>`Y~%LAZl^3o0}`Sm@iw7kwff{M%VwtN)|~!p{AsfA6vB5UolF~d zHWS%*uBDt<9y!9v2Xe|au&1j&iR1HXCdyCjxSgG*L{wmTD4(NQ=mFjpa~xooc6kju z`~+d{j7$h-;HAB04H!Zscu^hZffL#9!p$)9>sRI|Yovm)g@F>ZnosF2EgkU3ln0bR zTA}|+E(tt)!SG)-bEJi_0m{l+(cAz^pi}`9=~n?y&;2eG;d9{M6nj>BHGn(KA2n|O zt}$=FPq!j`p&kQ8>cirSzkU0c08%8{^Qyqi-w2LoO8)^E7;;I1;HQ6B$u0nNaX2CY zSmfi)F`m94zL8>#zu;8|{aBui@RzRKBlP1&mfFxEC@%cjl?NBs`cr^nm){>;$g?rhKr$AO&6qV_Wbn^}5tfFBry^e1`%du2~o zs$~dN;S_#%iwwA_QvmMjh%Qo?0?rR~6liyN5Xmej8(*V9ym*T`xAhHih-v$7U}8=dfXi2i*aAB!xM(Xekg*ix@r|ymDw*{*s0?dlVys2e)z62u1 z+k3esbJE=-P5S$&KdFp+2H7_2e=}OKDrf( z9-207?6$@f4m4B+9E*e((Y89!q?zH|mz_vM>kp*HGXldO0Hg#!EtFhRuOm$u8e~a9 z5(roy7m$Kh+zjW6@zw{&20u?1f2uP&boD}$#Zy)4o&T;vyBoqFiF2t;*g=|1=)PxB z8eM3Mp=l_obbc?I^xyLz?4Y1YDWPa+nm;O<$Cn;@ane616`J9OO2r=rZr{I_Kizyc zP#^^WCdIEp*()rRT+*YZK>V@^Zs=ht32x>Kwe zab)@ZEffz;VM4{XA6e421^h~`ji5r%)B{wZu#hD}f3$y@L0JV9f3g{-RK!A?vBUA}${YF(vO4)@`6f1 z-A|}e#LN{)(eXloDnX4Vs7eH|<@{r#LodP@Nz--$Dg_Par%DCpu2>2jUnqy~|J?eZ zBG4FVsz_A+ibdwv>mLp>P!(t}E>$JGaK$R~;fb{O3($y1ssQQo|5M;^JqC?7qe|hg zu0ZOqeFcp?qVn&Qu7FQJ4hcFi&|nR!*j)MF#b}QO^lN%5)4p*D^H+B){n8%VPUzi! zDihoGcP71a6!ab`l^hK&*dYrVYzJ0)#}xVrp!e;lI!+x+bfCN0KXwUAPU9@#l7@0& QuEJmfE|#`Dqx|px0L@K;Y5)KL literal 0 HcmV?d00001 diff --git a/apps/altinn3-tilgang-service/gradle/wrapper/gradle-wrapper.properties b/apps/altinn3-tilgang-service/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 00000000000..48c0a02ca41 --- /dev/null +++ b/apps/altinn3-tilgang-service/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,5 @@ +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/apps/altinn3-tilgang-service/gradlew b/apps/altinn3-tilgang-service/gradlew new file mode 100755 index 00000000000..3da45c161b0 --- /dev/null +++ b/apps/altinn3-tilgang-service/gradlew @@ -0,0 +1,234 @@ +#!/bin/sh + +# +# Copyright ? 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions ?$var?, ?${var}?, ?${var:-default}?, ?${var+SET}?, +# ?${var#prefix}?, ?${var%suffix}?, and ?$( cmd )?; +# * compound commands having a testable exit status, especially ?case?; +# * various built-in commands including ?command?, ?set?, and ?ulimit?. +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# +############################################################################## + +# Attempt to set APP_HOME + +# Resolve links: $0 may be a link +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit + +APP_NAME="Gradle" +APP_BASE_NAME=${0##*/} + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/apps/altinn3-tilgang-service/gradlew.bat b/apps/altinn3-tilgang-service/gradlew.bat new file mode 100644 index 00000000000..ac1b06f9382 --- /dev/null +++ b/apps/altinn3-tilgang-service/gradlew.bat @@ -0,0 +1,89 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto execute + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/apps/altinn3-tilgang-service/gradlewUpdate.sh b/apps/altinn3-tilgang-service/gradlewUpdate.sh new file mode 100755 index 00000000000..e5ee6361152 --- /dev/null +++ b/apps/altinn3-tilgang-service/gradlewUpdate.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +gradle wrapper \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/settings.gradle b/apps/altinn3-tilgang-service/settings.gradle new file mode 100644 index 00000000000..e7a413ca6d0 --- /dev/null +++ b/apps/altinn3-tilgang-service/settings.gradle @@ -0,0 +1,18 @@ +plugins { + id "com.gradle.develocity" version "3.17.4" +} + +rootProject.name = 'altinn3-tilgang-service' + +includeBuild "../../plugins/java" + +includeBuild '../../libs/reactive-core' +includeBuild '../../libs/reactive-security' +includeBuild '../../libs/vault' + +develocity { + buildScan { + termsOfUseUrl = "https://gradle.com/terms-of-service" + termsOfUseAgree = "yes" + } +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/Altinn3TilgangServiceApplicationStarter.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/Altinn3TilgangServiceApplicationStarter.java new file mode 100644 index 00000000000..15e9ab89905 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/Altinn3TilgangServiceApplicationStarter.java @@ -0,0 +1,25 @@ +package no.nav.testnav.altinn3tilgangservice; + +import no.nav.testnav.libs.reactivecore.config.CoreConfig; +import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Import; +import org.springframework.data.r2dbc.config.EnableR2dbcAuditing; +import org.springframework.data.r2dbc.repository.config.EnableR2dbcRepositories; +import org.springframework.web.reactive.config.EnableWebFlux; + +@Import({ + CoreConfig.class, + SecureOAuth2ServerToServerConfiguration.class +}) +@EnableWebFlux +@EnableR2dbcAuditing +@EnableR2dbcRepositories +@SpringBootApplication +public class Altinn3TilgangServiceApplicationStarter { + + public static void main(String[] args) { + SpringApplication.run(Altinn3TilgangServiceApplicationStarter.class, args); + } +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/AltinnConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/AltinnConfig.java new file mode 100644 index 00000000000..bcc747c7eba --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/AltinnConfig.java @@ -0,0 +1,21 @@ +package no.nav.testnav.altinn3tilgangservice.config; + +import lombok.Getter; +import lombok.NoArgsConstructor; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Configuration; + +@Getter +@Configuration +@NoArgsConstructor +public class AltinnConfig { + + @Value("${altinn.api.url}") + private String url; + + @Value("${altinn.resource.owner}") + private String owner; + + @Value("${altinn.resource.identifier}") + private String identifier; +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/JacksonConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/JacksonConfig.java new file mode 100644 index 00000000000..fd684bcddc7 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/JacksonConfig.java @@ -0,0 +1,27 @@ +package no.nav.testnav.altinn3tilgangservice.config; + +import com.fasterxml.jackson.databind.ObjectMapper; +import lombok.RequiredArgsConstructor; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.codec.ServerCodecConfigurer; +import org.springframework.http.codec.json.Jackson2JsonDecoder; +import org.springframework.http.codec.json.Jackson2JsonEncoder; +import org.springframework.web.reactive.config.WebFluxConfigurer; + +@Configuration +@RequiredArgsConstructor +public class JacksonConfig implements WebFluxConfigurer { + + private final ObjectMapper objectMapper; + + @Override + public void configureHttpMessageCodecs(ServerCodecConfigurer configurer) { + configurer.defaultCodecs().jackson2JsonEncoder( + new Jackson2JsonEncoder(objectMapper) + ); + + configurer.defaultCodecs().jackson2JsonDecoder( + new Jackson2JsonDecoder(objectMapper) + ); + } +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/JsonMapperConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/JsonMapperConfig.java new file mode 100644 index 00000000000..890a543f0c6 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/JsonMapperConfig.java @@ -0,0 +1,110 @@ +package no.nav.testnav.altinn3tilgangservice.config; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.MapperFeature; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.fasterxml.jackson.databind.json.JsonMapper; +import com.fasterxml.jackson.databind.module.SimpleModule; +import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; +import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateSerializer; +import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer; +import com.fasterxml.jackson.datatype.jsr310.ser.YearMonthSerializer; +import com.fasterxml.jackson.datatype.jsr310.ser.ZonedDateTimeSerializer; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.io.IOException; +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.time.YearMonth; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; + +import static org.apache.commons.lang3.StringUtils.isBlank; + +@Configuration +public class JsonMapperConfig { + + private static final String YEAR_MONTH = "yyyy-MM"; + + @Bean + public ObjectMapper objectMapper() { + + var simpleModule = new SimpleModule() + .addDeserializer(LocalDateTime.class, new DollyLocalDateTimeDeserializer()) + .addSerializer(LocalDateTime.class, new LocalDateTimeSerializer(DateTimeFormatter.ISO_DATE_TIME)) + .addDeserializer(LocalDate.class, new DollyLocalDateDeserializer()) + .addSerializer(LocalDate.class, new LocalDateSerializer(DateTimeFormatter.ISO_DATE)) + .addDeserializer(YearMonth.class, new DollyYearMonthDeserializer()) + .addSerializer(YearMonth.class, new YearMonthSerializer(DateTimeFormatter.ofPattern(YEAR_MONTH))) + .addDeserializer(ZonedDateTime.class, new DollyZonedDateTimeDeserializer()) + .addSerializer(ZonedDateTime.class, new ZonedDateTimeSerializer(DateTimeFormatter.ISO_DATE_TIME)); + return JsonMapper + .builder() + .configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false) + .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false) + .configure(DeserializationFeature.ACCEPT_EMPTY_STRING_AS_NULL_OBJECT, true) + .configure(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY, true) + .enable(MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS) + .disable(SerializationFeature.FAIL_ON_EMPTY_BEANS) + .build() + .registerModule(new JavaTimeModule()) + .registerModule(simpleModule); + + } + + private static class DollyYearMonthDeserializer extends JsonDeserializer { + + @Override + public YearMonth deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + if (isBlank(node.asText())) { + return null; + } + return YearMonth.parse(node.asText(), DateTimeFormatter.ofPattern(YEAR_MONTH)); + } + } + + private static class DollyZonedDateTimeDeserializer extends JsonDeserializer { + + @Override + public ZonedDateTime deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + if (isBlank(node.asText())) { + return null; + } + return ZonedDateTime.parse(node.asText(), DateTimeFormatter.ISO_DATE_TIME); + } + } + + private static class DollyLocalDateDeserializer extends JsonDeserializer { + + @Override + public LocalDate deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + if (isBlank(node.asText())) { + return null; + } + var dateTime = node.asText().length() > 10 ? node.asText().substring(0, 10) : node.asText(); + return LocalDate.parse(dateTime); + } + } + + private static class DollyLocalDateTimeDeserializer extends JsonDeserializer { + + @Override + public LocalDateTime deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + if (isBlank(node.asText())) { + return null; + } + var dateTime = node.asText().length() > 19 ? node.asText().substring(0, 19) : node.asText(); + return dateTime.length() > 10 ? LocalDateTime.parse(dateTime) : LocalDate.parse(dateTime).atStartOfDay(); + } + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/LocalVaultConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/LocalVaultConfig.java new file mode 100644 index 00000000000..11600e1a6bf --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/LocalVaultConfig.java @@ -0,0 +1,10 @@ +package no.nav.testnav.altinn3tilgangservice.config; + +import no.nav.testnav.libs.vault.AbstractLocalVaultConfiguration; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; + +@Configuration +@Profile("local") +public class LocalVaultConfig extends AbstractLocalVaultConfiguration { +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/MaskinportenConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/MaskinportenConfig.java new file mode 100644 index 00000000000..119cc389e30 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/MaskinportenConfig.java @@ -0,0 +1,25 @@ +package no.nav.testnav.altinn3tilgangservice.config; + +import lombok.Getter; +import lombok.NoArgsConstructor; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Configuration; + + +@Getter +@Configuration +@NoArgsConstructor +public class MaskinportenConfig { + + @Value("${MASKINPORTEN_CLIENT_ID}") + private String maskinportenClientId; + + @Value("${MASKINPORTEN_CLIENT_JWK}") + private String maskinportenClientJwk; + + @Value("${MASKINPORTEN_SCOPES}") + private String maskinportenScopes; + + @Value("${MASKINPORTEN_WELL_KNOWN_URL}") + private String maskinportenWellKnownUrl; +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/OpenApiConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/OpenApiConfig.java new file mode 100644 index 00000000000..5cd5983a7f9 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/OpenApiConfig.java @@ -0,0 +1,66 @@ +package no.nav.testnav.altinn3tilgangservice.config; + +import io.swagger.v3.oas.models.Components; +import io.swagger.v3.oas.models.OpenAPI; +import io.swagger.v3.oas.models.info.Contact; +import io.swagger.v3.oas.models.info.Info; +import io.swagger.v3.oas.models.info.License; +import io.swagger.v3.oas.models.security.SecurityRequirement; +import io.swagger.v3.oas.models.security.SecurityScheme; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.util.Arrays; + +import no.nav.testnav.libs.reactivecore.config.ApplicationProperties; +import org.springframework.web.server.ServerWebExchange; +import org.springframework.web.server.WebFilter; +import org.springframework.web.server.WebFilterChain; +import reactor.core.publisher.Mono; + + +@Configuration +public class OpenApiConfig implements WebFilter { + + @Bean + public OpenAPI openApi(ApplicationProperties applicationProperties) { + return new OpenAPI() + .components(new Components().addSecuritySchemes("bearer-jwt", new SecurityScheme() + .type(SecurityScheme.Type.HTTP) + .scheme("bearer") + .bearerFormat("JWT") + .in(SecurityScheme.In.HEADER) + .name("Authorization") + )) + .addSecurityItem( + new SecurityRequirement().addList("bearer-jwt", Arrays.asList("read", "write"))) + .info(new Info() + .title(applicationProperties.getName()) + .version(applicationProperties.getVersion()) + .description(applicationProperties.getDescription()) + .termsOfService("https://nav.no") + .contact(new Contact() + .url("https://nav-it.slack.com/archives/CA3P9NGA2") + .email("dolly@nav.no") + .name("Team Dolly") + ) + .license(new License() + .name("MIT License") + .url("https://opensource.org/licenses/MIT") + ) + ); + } + + @Override + public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { + if (exchange.getRequest().getURI().getPath().equals("/swagger")) { + return chain + .filter(exchange.mutate() + .request(exchange.getRequest() + .mutate().path("/swagger-ui.html").build()) + .build()); + } + + return chain.filter(exchange); + } +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/SecurityConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/SecurityConfig.java new file mode 100644 index 00000000000..1472adbd5c6 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/SecurityConfig.java @@ -0,0 +1,40 @@ +package no.nav.testnav.altinn3tilgangservice.config; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.libs.reactivesecurity.manager.JwtReactiveAuthenticationManager; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity; +import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.web.server.SecurityWebFilterChain; + + +@Slf4j +@Configuration +@EnableWebFluxSecurity +@EnableReactiveMethodSecurity +@RequiredArgsConstructor +public class SecurityConfig { + + private final JwtReactiveAuthenticationManager jwtReactiveAuthenticationManager; + + @Bean + public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity httpSecurity) { + return httpSecurity + .csrf(ServerHttpSecurity.CsrfSpec::disable) + .authorizeExchange(authorizeConfig -> authorizeConfig.pathMatchers( + "/internal/**", + "/webjars/**", + "/swagger-resources/**", + "/v3/api-docs/**", + "/swagger-ui/**", + "/swagger", + "/error", + "/swagger-ui.html" + ).permitAll().anyExchange().authenticated()) + .oauth2ResourceServer(oauth2RSConfig -> oauth2RSConfig.jwt(jwtSpec -> jwtSpec.authenticationManager(jwtReactiveAuthenticationManager))).build(); + } + +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java new file mode 100644 index 00000000000..ae8f52b3b39 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java @@ -0,0 +1,164 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn; + +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import lombok.SneakyThrows; +import lombok.extern.slf4j.Slf4j; +import ma.glasnost.orika.MapperFacade; +import no.nav.testnav.altinn3tilgangservice.config.AltinnConfig; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.CreateAccessListeMemberCommand; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.DeleteAccessListMemberCommand; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.GetAccessListMembersCommand; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.GetExchangeTokenCommand; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.BrregResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonCreateDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonDeleteDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.brreg.BrregConsumer; +import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.MaskinportenConsumer; +import no.nav.testnav.altinn3tilgangservice.domain.Organisasjon; +import org.springframework.http.codec.json.Jackson2JsonDecoder; +import org.springframework.http.codec.json.Jackson2JsonEncoder; +import org.springframework.stereotype.Component; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Flux; +import reactor.core.publisher.Mono; + +import java.util.List; +import java.util.Map; + +import static no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonCreateDTO.ORGANISASJON_ID; +import static org.apache.commons.lang3.StringUtils.isBlank; + +@Slf4j +@Component +public class AltinnConsumer { + + private final WebClient webClient; + private final AltinnConfig altinnConfig; + private final MapperFacade mapperFacade; + private final ObjectMapper objectMapper; + private final MaskinportenConsumer maskinportenConsumer; + private final BrregConsumer brregConsumer; + + public AltinnConsumer( + AltinnConfig altinnConfig, + MaskinportenConsumer maskinportenConsumer, + ObjectMapper objectMapper, + MapperFacade mapperFacade, + WebClient.Builder webClientBuilder, BrregConsumer brregConsumer) { + + this.altinnConfig = altinnConfig; + this.maskinportenConsumer = maskinportenConsumer; + this.webClient = webClientBuilder + .baseUrl(altinnConfig.getUrl()) + .codecs(clientDefaultCodecsConfigurer -> { + clientDefaultCodecsConfigurer + .defaultCodecs() + .jackson2JsonEncoder(new Jackson2JsonEncoder(objectMapper)); + clientDefaultCodecsConfigurer + .defaultCodecs() + .jackson2JsonDecoder(new Jackson2JsonDecoder(objectMapper)); + }) + .build(); + this.brregConsumer = brregConsumer; + this.mapperFacade = mapperFacade; + this.objectMapper = objectMapper; + } + + public Mono exchangeToken(String token) { + + return new GetExchangeTokenCommand(webClient, token).call(); + } + + public Flux delete(String organisasjonsnummer) { + + return Flux.from(getAccessListMembers() + .flatMapMany(value -> Flux.fromIterable(value.getData())) + .map(AltinnResponseDTO.AccessListMembershipDTO::getIdentifiers) + .collectList() + .map(data -> getIdentifier(data, organisasjonsnummer)) + .map(identifier -> + !identifier.getData().isEmpty() ? + maskinportenConsumer.getAccessToken() + .flatMap(this::exchangeToken) + .flatMap(exchangeToken -> new DeleteAccessListMemberCommand( + webClient, + exchangeToken, + identifier, + altinnConfig).call()) + .flatMapMany(this::convertToOrganisasjon) : + Flux.just(Organisasjon.builder() + .organisasjonsnummer(organisasjonsnummer) + .feilmelding("404 Not found: Organisasjon %s ble ikke funnet".formatted(organisasjonsnummer)) + .build()))) + .flatMap(Flux::from); + } + + public Flux create(String organisasjonsnummer) { + + return maskinportenConsumer.getAccessToken() + .flatMap(this::exchangeToken) + .flatMap(exchangeToken -> new CreateAccessListeMemberCommand( + webClient, + exchangeToken, + new OrganisasjonCreateDTO(organisasjonsnummer), + altinnConfig).call()) + .flatMapMany(response -> + isBlank(response.getFeilmelding()) ? + Flux.fromIterable(response.getData()) + .map(this::getOrgnummer) + .filter(organisasjonsnummer::equals) + .flatMap(brregConsumer::getEnheter) : + Mono.just(BrregResponseDTO.builder() + .organisasjonsnummer(organisasjonsnummer) + .feilmelding(response.getFeilmelding()) + .status(response.getStatus()) + .build())) + .map(response -> mapperFacade.map(response, Organisasjon.class)); + } + + public Flux getOrganisasjoner() { + + return getAccessListMembers() + .flatMapMany(this::convertToOrganisasjon); + } + + private Mono getAccessListMembers() { + + return maskinportenConsumer.getAccessToken() + .flatMap(this::exchangeToken) + .flatMap(exchangeToken -> new GetAccessListMembersCommand( + webClient, + exchangeToken, + altinnConfig).call()); + } + + private Flux convertToOrganisasjon(AltinnResponseDTO altInnResponse) { + + return Flux.fromIterable(altInnResponse.getData()) + .map(this::getOrgnummer) + .flatMap(brregConsumer::getEnheter) + .map(response -> mapperFacade.map(response, Organisasjon.class)); + } + + private OrganisasjonDeleteDTO getIdentifier(List data, String organisasjonsnummer) { + + return data.stream() + .filter(identifier -> organisasjonsnummer.equals(identifier.get(ORGANISASJON_ID).asText())) + .map(identifier -> objectMapper.convertValue(identifier, + new TypeReference>() { + })) + .map(OrganisasjonDeleteDTO::new) + .findFirst().orElse(new OrganisasjonDeleteDTO()); + } + + @SneakyThrows + private String getOrgnummer(AltinnResponseDTO.AccessListMembershipDTO data) { + + return data.getIdentifiers() + .get(ORGANISASJON_ID) + .asText(); + } +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java new file mode 100644 index 00000000000..997a7b65a70 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java @@ -0,0 +1,52 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.command; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.config.AltinnConfig; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonCreateDTO; +import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; + +import java.util.concurrent.Callable; +import java.util.stream.Collectors; + +@Slf4j +@RequiredArgsConstructor +public class CreateAccessListeMemberCommand implements Callable> { + + private static final String ALTINN_URL = "/resourceregistry/api/v1/access-lists/{owner}/{identifier}/members"; + + private final WebClient webClient; + private final String token; + private final OrganisasjonCreateDTO organisasjon; + private final AltinnConfig altinnConfig; + + + @Override + public Mono call() { + + return webClient + .post() + .uri(builder -> builder.path(ALTINN_URL) + .build(altinnConfig.getOwner(), altinnConfig.getIdentifier())) + .bodyValue(organisasjon) + .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) + .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) + .retrieve() + .bodyToMono(AltinnResponseDTO.class) + .doOnError(WebClientFilter::logErrorMessage) + .doOnSuccess(value -> log.info("Altinn organisasjontilgang opprettet for {}", + organisasjon.getData().stream() + .map(data -> data.split(":")) + .map(data -> data[data.length-1]) + .collect(Collectors.joining()))) + .onErrorResume(throwable -> Mono.just(AltinnResponseDTO.builder() + .status(WebClientFilter.getStatus(throwable)) + .feilmelding(WebClientFilter.getMessage(throwable)) + .build())); + } +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java new file mode 100644 index 00000000000..ddaac4a82da --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java @@ -0,0 +1,53 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.command; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.config.AltinnConfig; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonDeleteDTO; +import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.MediaType; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; + +import java.util.concurrent.Callable; +import java.util.stream.Collectors; + +import static no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonCreateDTO.ORGANISASJON_ID; + +@Slf4j +@RequiredArgsConstructor +public class DeleteAccessListMemberCommand implements Callable> { + + private static final String ALTINN_URL = "/resourceregistry/api/v1/access-lists/{owner}/{identifier}/members"; + + private final WebClient webClient; + private final String token; + private final OrganisasjonDeleteDTO identifiers; + private final AltinnConfig altinnConfig; + + + @Override + public Mono call() { + + return webClient + .method(HttpMethod.DELETE) + .uri(builder -> builder.path(ALTINN_URL) + .build(altinnConfig.getOwner(), altinnConfig.getIdentifier()) + ) + .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) + .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) + .bodyValue(identifiers) + .retrieve() + .bodyToMono(AltinnResponseDTO.class) + .doOnSuccess(value -> log.info("Altinn organisasjontilgang slettet for {}", + identifiers.getData().stream() + .filter(data -> data.contains(ORGANISASJON_ID)) + .map(data -> data.split(":")) + .map(data -> data[data.length - 1]) + .collect(Collectors.joining()))) + .doOnError(WebClientFilter::logErrorMessage); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java new file mode 100644 index 00000000000..1c615118bf7 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java @@ -0,0 +1,39 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.command; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.config.AltinnConfig; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; +import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; + +import java.util.concurrent.Callable; + +@Slf4j +@RequiredArgsConstructor +public class GetAccessListMembersCommand implements Callable> { + + private static final String ALTINN_URL = "/resourceregistry/api/v1/access-lists/{owner}/{identifier}/members"; + + private final WebClient webClient; + private final String token; + private final AltinnConfig altinnConfig; + + @Override + public Mono call() { + + return webClient + .get() + .uri(builder -> builder.path(ALTINN_URL) + .build(altinnConfig.getOwner(), altinnConfig.getIdentifier())) + .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) + .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) + .retrieve() + .bodyToMono(AltinnResponseDTO.class) + .doOnError(WebClientFilter::logErrorMessage) + .doOnSuccess(value -> log.info("Altinn-tilgang hentet")); + } +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetExchangeTokenCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetExchangeTokenCommand.java new file mode 100644 index 00000000000..b6037f76e01 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetExchangeTokenCommand.java @@ -0,0 +1,37 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.command; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; + +import java.util.concurrent.Callable; + +@Slf4j +@RequiredArgsConstructor +public class GetExchangeTokenCommand implements Callable> { + + private static final String ALTINN_URL = "/authentication/api/v1/exchange/maskinporten"; + + private final WebClient webClient; + private final String token; + + @Override + public Mono call() { + + return webClient + .get() + .uri(builder -> builder.path(ALTINN_URL) + .build() + ) + .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) + .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) + .retrieve() + .bodyToMono(String.class) + .doOnError(WebClientFilter::logErrorMessage) + .doOnSuccess(response -> log.info("Exchange token hentet fra Altinn")); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java new file mode 100644 index 00000000000..e69de29bb2d diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnResponseDTO.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnResponseDTO.java new file mode 100644 index 00000000000..720fec9136f --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnResponseDTO.java @@ -0,0 +1,44 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto; + +import com.fasterxml.jackson.databind.JsonNode; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; +import org.springframework.http.HttpStatus; + +import java.time.LocalDateTime; +import java.util.ArrayList; +import java.util.List; + +import static java.util.Objects.isNull; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class AltinnResponseDTO { + + private List data; + private String feilmelding; + private HttpStatus status; + + public List getData() { + + if (isNull(data)) { + data = new ArrayList<>(); + } + return data; + } + + @Data + @Builder + @NoArgsConstructor + @AllArgsConstructor + public static class AccessListMembershipDTO { + + private String id; + private LocalDateTime since; + private JsonNode identifiers; + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/BrregResponseDTO.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/BrregResponseDTO.java new file mode 100644 index 00000000000..fd94b4134a2 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/BrregResponseDTO.java @@ -0,0 +1,65 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; +import org.springframework.http.HttpStatus; + +import java.util.List; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class BrregResponseDTO { + + private Embedded _embedded; + private Link _links; + + private String organisasjonsnummer; + private String feilmelding; + private HttpStatus status; + + @Data + @NoArgsConstructor + @AllArgsConstructor + public static class Embedded { + + private List enheter; + } + + @Data + @NoArgsConstructor + @AllArgsConstructor + public static class Enhet { + + private String organisasjonsnummer; + private String navn; + private Organisasjonsform organisasjonsform; + } + + @Data + @NoArgsConstructor + @AllArgsConstructor + public static class Organisasjonsform { + + private String kode; + } + + @Data + @NoArgsConstructor + @AllArgsConstructor + public static class Link { + + private Self self; + } + + @Data + @NoArgsConstructor + @AllArgsConstructor + public static class Self { + + private String href; + } +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/OrganisasjonCreateDTO.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/OrganisasjonCreateDTO.java new file mode 100644 index 00000000000..af1d881e965 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/OrganisasjonCreateDTO.java @@ -0,0 +1,18 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto; + +import lombok.Data; + +import java.util.List; + +@Data +public class OrganisasjonCreateDTO { + + public static final String ORGANISASJON_ID = "urn:altinn:organization:identifier-no"; + + private List data; + + public OrganisasjonCreateDTO(String orgnummer) { + + this.data = List.of("%s:%s".formatted(ORGANISASJON_ID, orgnummer)); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/OrganisasjonDeleteDTO.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/OrganisasjonDeleteDTO.java new file mode 100644 index 00000000000..16d570268f2 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/OrganisasjonDeleteDTO.java @@ -0,0 +1,32 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto; + +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import static java.util.Objects.isNull; + +@Data +@NoArgsConstructor +public class OrganisasjonDeleteDTO { + + private List data; + + public List getData() { + + if (isNull(data)) { + data = new ArrayList<>(); + } + return data; + } + + public OrganisasjonDeleteDTO(Map organisasjon) { + + data = organisasjon.entrySet().stream() + .map(entry -> "%s:%s".formatted(entry.getKey(), entry.getValue())) + .toList(); + } +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/BrregConsumer.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/BrregConsumer.java new file mode 100644 index 00000000000..65c7c90466c --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/BrregConsumer.java @@ -0,0 +1,26 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.brreg; + +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.BrregResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.brreg.command.GetBrregEnheterCommand; +import org.springframework.stereotype.Service; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; + +@Service +public class BrregConsumer { + + private static final String BRREG_URL = "https://data.brreg.no"; + + private final WebClient webClient; + + public BrregConsumer(WebClient.Builder webClientBuilder) { + this.webClient = webClientBuilder + .baseUrl(BRREG_URL) + .build(); + } + + public Mono getEnheter(String orgnummer) { + + return new GetBrregEnheterCommand(webClient, orgnummer).call(); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/command/GetBrregEnheterCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/command/GetBrregEnheterCommand.java new file mode 100644 index 00000000000..7fca24c0dc0 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/brreg/command/GetBrregEnheterCommand.java @@ -0,0 +1,37 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.brreg.command; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.BrregResponseDTO; +import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; + +import java.util.concurrent.Callable; + +@Slf4j +@RequiredArgsConstructor +public class GetBrregEnheterCommand implements Callable> { + + private static final String BRREG_ENHETER_URL = "/enhetsregisteret/api/enheter"; + + private final WebClient webClient; + private final String organisasjonsnummer; + + @Override + public Mono call() { + + return webClient + .get() + .uri(builder -> builder.path(BRREG_ENHETER_URL) + .queryParam("organisasjonsnummer", organisasjonsnummer) + .build() + ) + .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) + .retrieve() + .bodyToMono(BrregResponseDTO.class) + .doOnError(WebClientFilter::logErrorMessage); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/MaskinportenConsumer.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/MaskinportenConsumer.java new file mode 100644 index 00000000000..4ee44a8b126 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/MaskinportenConsumer.java @@ -0,0 +1,74 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.maskinporten; + +import com.nimbusds.jose.JOSEObjectType; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.crypto.RSASSASigner; +import com.nimbusds.jose.jwk.RSAKey; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.SignedJWT; +import lombok.SneakyThrows; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.config.MaskinportenConfig; +import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.command.GetAccessTokenCommand; +import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.command.GetWellKnownCommand; +import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto.AccessToken; +import org.springframework.stereotype.Component; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; + +import java.time.Instant; +import java.util.Date; +import java.util.UUID; + +@Slf4j +@Component +public class MaskinportenConsumer { + + private final WebClient webClient; + private final MaskinportenConfig maskinportenConfig; + + public MaskinportenConsumer(MaskinportenConfig maskinportenConfig, WebClient.Builder webClientBuilder) { + + this.webClient = webClientBuilder.build(); + this.maskinportenConfig = maskinportenConfig; + } + + public Mono getAccessToken() { + + return new GetWellKnownCommand(webClient, maskinportenConfig).call() + .flatMap(wellKnown -> new GetAccessTokenCommand(webClient, wellKnown, + createJwtClaims(wellKnown.issuer())).call()) + .map(AccessToken::accessToken); + } + + @SneakyThrows + private String createJwtClaims(String audience) { + + var now = Instant.now(); + var rsaKey = RSAKey.parse(maskinportenConfig.getMaskinportenClientJwk()); + return createSignedJWT(rsaKey, + new JWTClaimsSet.Builder() + .audience(audience) + .claim("scope", maskinportenConfig.getMaskinportenScopes()) + .issuer(maskinportenConfig.getMaskinportenClientId()) + .issueTime(Date.from(now)) + .expirationTime(Date.from(now.plusSeconds(120))) + .jwtID(UUID.randomUUID().toString()) + .build()) + .serialize(); + } + + @SneakyThrows + private SignedJWT createSignedJWT(RSAKey rsaJwk, JWTClaimsSet claimsSet) { + + var header = new JWSHeader.Builder(JWSAlgorithm.RS256) + .keyID(rsaJwk.getKeyID()) + .type(JOSEObjectType.JWT); + var signedJWT = new SignedJWT(header.build(), claimsSet); + var signer = new RSASSASigner(rsaJwk.toPrivateKey()); + signedJWT.sign(signer); + + return signedJWT; + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetAccessTokenCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetAccessTokenCommand.java new file mode 100644 index 00000000000..ea87d47f598 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetAccessTokenCommand.java @@ -0,0 +1,37 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.command; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto.AccessToken; +import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto.WellKnown; +import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; +import org.springframework.web.reactive.function.BodyInserters; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; + +import java.time.Duration; +import java.util.concurrent.Callable; + +@Slf4j +@RequiredArgsConstructor +public class GetAccessTokenCommand implements Callable> { + private final WebClient webClient; + private final WellKnown wellKnown; + private final String assertion; + + @Override + public Mono call() { + + return webClient.post() + .uri(wellKnown.tokenEndpoint()) + .body(BodyInserters + .fromFormData("grant_type", wellKnown.grantTypesSupported().getFirst()) + .with("assertion", assertion) + ) + .retrieve() + .bodyToMono(AccessToken.class) + .doOnSuccess(value -> log.info("AccessToken hentet fra maskinporten.")) + .doOnError(WebClientFilter::logErrorMessage) + .cache(Duration.ofSeconds(10L)); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetWellKnownCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetWellKnownCommand.java new file mode 100644 index 00000000000..610d47944ad --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetWellKnownCommand.java @@ -0,0 +1,32 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.command; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.config.MaskinportenConfig; +import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto.WellKnown; +import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; +import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; + +import java.time.Duration; +import java.util.concurrent.Callable; + +@Slf4j +@RequiredArgsConstructor +public class GetWellKnownCommand implements Callable> { + + private final WebClient webClient; + private final MaskinportenConfig maskinportenConfig; + + @Override + public Mono call() { + + return webClient.get() + .uri(maskinportenConfig.getMaskinportenWellKnownUrl()) + .retrieve() + .bodyToMono(WellKnown.class) + .doOnSuccess(value -> log.info("WellKnown hentet for maskinporten.")) + .doOnError(WebClientFilter::logErrorMessage) + .cache(Duration.ofDays(1L)); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/dto/AccessToken.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/dto/AccessToken.java new file mode 100644 index 00000000000..c6e5df1c632 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/dto/AccessToken.java @@ -0,0 +1,16 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public record AccessToken( + @JsonProperty("access_token") + String accessToken, + @JsonProperty("token_type") + String tokenType, + @JsonProperty("expires_in") + Integer expiresIn, + @JsonProperty("scope") + String scope +) { + +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/dto/WellKnown.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/dto/WellKnown.java new file mode 100644 index 00000000000..da3eb6903ce --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/dto/WellKnown.java @@ -0,0 +1,18 @@ +package no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto; + +import com.fasterxml.jackson.annotation.JsonProperty; + +import java.util.List; + +public record WellKnown( + String issuer, + @JsonProperty("token_endpoint") + String tokenEndpoint, + @JsonProperty("jwks_uri") + String jwksUri, + @JsonProperty("token_endpoint_auth_methods_supported") + List tokenEndpointAuthMethodsSupported, + @JsonProperty("grant_types_supported") + List grantTypesSupported +) { +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/database/entity/OrganisasjonTilgang.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/database/entity/OrganisasjonTilgang.java new file mode 100644 index 00000000000..0fe0b183a2a --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/database/entity/OrganisasjonTilgang.java @@ -0,0 +1,31 @@ +package no.nav.testnav.altinn3tilgangservice.database.entity; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; +import org.springframework.data.annotation.Id; +import org.springframework.data.annotation.Transient; +import org.springframework.data.relational.core.mapping.Column; +import org.springframework.data.relational.core.mapping.Table; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +@Table(name = "ORGANISASJON_TILGANG") +public class OrganisasjonTilgang { + + @Id + @Column("ID") + private Long id; + + @Column("ORGANISAJON_NUMMER") + private String organisasjonNummer; + + @Column("miljoe") + private String miljoe; + + @Transient + private String feilmelding; +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/database/repository/OrganisasjonTilgangRepository.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/database/repository/OrganisasjonTilgangRepository.java new file mode 100644 index 00000000000..8b7b3096e23 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/database/repository/OrganisasjonTilgangRepository.java @@ -0,0 +1,16 @@ +package no.nav.testnav.altinn3tilgangservice.database.repository; + +import no.nav.testnav.altinn3tilgangservice.database.entity.OrganisasjonTilgang; +import org.springframework.data.repository.reactive.ReactiveCrudRepository; +import reactor.core.publisher.Mono; + +public interface OrganisasjonTilgangRepository extends ReactiveCrudRepository { + + Mono existsByOrganisasjonNummer(String orgnummer); + + Mono findByOrganisasjonNummer(String orgnummer); + + Mono save(OrganisasjonTilgang organisasjonTilgang); + + Mono deleteByOrganisasjonNummer(String orgnummer); +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/Organisasjon.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/Organisasjon.java new file mode 100644 index 00000000000..69eab5dff90 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/Organisasjon.java @@ -0,0 +1,22 @@ +package no.nav.testnav.altinn3tilgangservice.domain; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; +import org.springframework.http.HttpStatus; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class Organisasjon { + + private String navn; + private String organisasjonsnummer; + private String organisasjonsform; + private String url; + + private String feilmelding; + private HttpStatus status; +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/OrganisasjonResponse.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/OrganisasjonResponse.java new file mode 100644 index 00000000000..20f3b590a87 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/OrganisasjonResponse.java @@ -0,0 +1,21 @@ +package no.nav.testnav.altinn3tilgangservice.domain; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class OrganisasjonResponse { + + private String navn; + private String organisasjonsnummer; + private String organisasjonsform; + private String miljoe; + private String url; + + private String feilmelding; +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/BrrregResponseMappingStrategy.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/BrrregResponseMappingStrategy.java new file mode 100644 index 00000000000..bbbc3432445 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/BrrregResponseMappingStrategy.java @@ -0,0 +1,49 @@ +package no.nav.testnav.altinn3tilgangservice.mapper; + +import ma.glasnost.orika.CustomMapper; +import ma.glasnost.orika.MapperFactory; +import ma.glasnost.orika.MappingContext; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.BrregResponseDTO; +import no.nav.testnav.altinn3tilgangservice.domain.Organisasjon; +import org.springframework.stereotype.Component; + +import static java.util.Objects.nonNull; +import static org.apache.commons.lang3.StringUtils.isBlank; + +@Component +public class BrrregResponseMappingStrategy implements MappingStrategy { + + @Override + public void register(MapperFactory factory) { + factory.classMap(BrregResponseDTO.class, Organisasjon.class) + .customize(new CustomMapper<>() { + @Override + public void mapAtoB(BrregResponseDTO kilde, Organisasjon destinasjon, MappingContext context) { + + if (isBlank(kilde.getFeilmelding())) { + var link = kilde.get_links().getSelf().getHref(); + if (nonNull(kilde.get_embedded())) { + mapperFacade.map(kilde.get_embedded().getEnheter().getFirst(), destinasjon, context); + } else { + destinasjon.setNavn("Ukjent organisasjon hos BRREG"); + destinasjon.setOrganisasjonsform("???"); + destinasjon.setOrganisasjonsnummer(link.substring(link.indexOf('=') + 1)); + } + destinasjon.setUrl(link); + } + } + }) + .byDefault() + .register(); + + factory.classMap(BrregResponseDTO.Enhet.class, Organisasjon.class) + .customize(new CustomMapper<>() { + @Override + public void mapAtoB(BrregResponseDTO.Enhet kilde, Organisasjon destianasjon, MappingContext context) { + + destianasjon.setOrganisasjonsform(kilde.getOrganisasjonsform().getKode()); + } + }).byDefault() + .register(); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/MapperFacadeConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/MapperFacadeConfig.java new file mode 100644 index 00000000000..c0fe7cf844b --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/MapperFacadeConfig.java @@ -0,0 +1,35 @@ +package no.nav.testnav.altinn3tilgangservice.mapper; + +import ma.glasnost.orika.CustomConverter; +import ma.glasnost.orika.MapperFacade; +import ma.glasnost.orika.impl.DefaultMapperFactory; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.util.List; + +import static java.util.Objects.nonNull; + +@Configuration +public class MapperFacadeConfig { + + @Bean + @SuppressWarnings("java:S3740") + MapperFacade mapperFacade(List mappingStrategies, List customConverters) { + DefaultMapperFactory mapperFactory = new DefaultMapperFactory.Builder().build(); + + if (nonNull(mappingStrategies)) { + for (MappingStrategy mapper : mappingStrategies) { + mapper.register(mapperFactory); + } + } + + if (nonNull(customConverters)) { + for (CustomConverter converter : customConverters) { + mapperFactory.getConverterFactory().registerConverter(converter); + } + } + + return mapperFactory.getMapperFacade(); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/MappingStrategy.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/MappingStrategy.java new file mode 100644 index 00000000000..a8e49e743d4 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/MappingStrategy.java @@ -0,0 +1,19 @@ +package no.nav.testnav.altinn3tilgangservice.mapper; + +import ma.glasnost.orika.MapperFactory; + +@FunctionalInterface +public interface MappingStrategy { + + /** + * A callback for registering criteria on the provided {@link MapperFactory}. + *

+ * 

{@code
+     *
+     * @Override public void register(MapperFactory factory) {
+     * factory.registerMapper(arbeidsfordelingToRestArbeidsfordeling());
+     * }
+     * }
+ */ + void register(MapperFactory factory); +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/OrganisajonTilgangMappingStrategy.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/OrganisajonTilgangMappingStrategy.java new file mode 100644 index 00000000000..da0153af926 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/mapper/OrganisajonTilgangMappingStrategy.java @@ -0,0 +1,33 @@ +package no.nav.testnav.altinn3tilgangservice.mapper; + +import ma.glasnost.orika.CustomMapper; +import ma.glasnost.orika.MapperFactory; +import ma.glasnost.orika.MappingContext; +import no.nav.testnav.altinn3tilgangservice.database.entity.OrganisasjonTilgang; +import no.nav.testnav.altinn3tilgangservice.domain.Organisasjon; +import no.nav.testnav.altinn3tilgangservice.domain.OrganisasjonResponse; +import org.springframework.stereotype.Component; + +import static java.util.Objects.nonNull; +import static org.apache.commons.lang3.StringUtils.isNotBlank; + +@Component +public class OrganisajonTilgangMappingStrategy implements MappingStrategy { + @Override + public void register(MapperFactory factory) { + + factory.classMap(Organisasjon.class, OrganisasjonResponse.class) + .customize(new CustomMapper<>() { + + @Override + public void mapAtoB(Organisasjon organisasjon, OrganisasjonResponse response, MappingContext context) { + + var organisasjonTilgang = (OrganisasjonTilgang) context.getProperty("tilgang"); + response.setMiljoe(nonNull(organisasjonTilgang) && isNotBlank(organisasjonTilgang.getMiljoe()) ? + organisasjonTilgang.getMiljoe() : "q1"); + } + }) + .byDefault() + .register(); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnTilgangController.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnTilgangController.java new file mode 100644 index 00000000000..140f414c701 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnTilgangController.java @@ -0,0 +1,50 @@ +package no.nav.testnav.altinn3tilgangservice.provider; + +import io.swagger.v3.oas.annotations.Operation; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.domain.OrganisasjonResponse; +import no.nav.testnav.altinn3tilgangservice.service.AltinnTilgangService; +import org.springframework.web.bind.annotation.DeleteMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RestController; +import reactor.core.publisher.Flux; + +import java.util.Comparator; + +@Slf4j +@RestController +@RequestMapping("/api/v1/organisasjoner") +@RequiredArgsConstructor +public class AltinnTilgangController { + + private final AltinnTilgangService altinnTilgangService; + + @GetMapping + @Operation(description = "Henter alle organisasjoner med Altinn-tilgang") + public Flux getAll() { + + return altinnTilgangService.getAll() + .sort(Comparator.comparing(OrganisasjonResponse::getNavn)); + } + + @PostMapping("/{organisasjonsnummer}") + @Operation(description = "Oppretter Altinn-tilgang for organisasjon") + public Flux create(@PathVariable String organisasjonsnummer, + @RequestParam String miljoe) { + + return altinnTilgangService + .create(organisasjonsnummer, miljoe); + } + + @DeleteMapping("/{organisasjonsnummer}") + @Operation(description = "Sletter Altinn-tilgang for organisasjon") + public Flux delete(@PathVariable String organisasjonsnummer) { + + return altinnTilgangService.delete(organisasjonsnummer); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/OrganisasjonMiljoeController.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/OrganisasjonMiljoeController.java new file mode 100644 index 00000000000..cc91176d3b5 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/OrganisasjonMiljoeController.java @@ -0,0 +1,38 @@ +package no.nav.testnav.altinn3tilgangservice.provider; + +import io.swagger.v3.oas.annotations.Operation; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.altinn3tilgangservice.database.entity.OrganisasjonTilgang; +import no.nav.testnav.altinn3tilgangservice.service.MiljoerOversiktService; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RestController; +import reactor.core.publisher.Mono; + +@Slf4j +@RestController +@RequestMapping("/api/v1/miljoer") +@RequiredArgsConstructor +public class OrganisasjonMiljoeController { + + private final MiljoerOversiktService miljoerOversiktService; + + @GetMapping("/organisasjon/{organisasjonsnummer}") + @Operation(description = "Henter miljøer for organisasjon") + public Mono getOrganisasjon(@PathVariable("organisasjonsnummer") String orgnummer) { + + return miljoerOversiktService.getMiljoe(orgnummer); + } + + @PutMapping("/organisasjon/{organisasjonsnummer}") + @Operation(description = "Endrer miljøer for organisasjon") + public Mono updateOrganisasjon(@PathVariable("organisasjonsnummer") String orgnummer, + @RequestParam String miljoe) { + + return miljoerOversiktService.updateMiljoe(orgnummer, miljoe); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnTilgangService.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnTilgangService.java new file mode 100644 index 00000000000..d4151a28ecf --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnTilgangService.java @@ -0,0 +1,91 @@ +package no.nav.testnav.altinn3tilgangservice.service; + +import lombok.RequiredArgsConstructor; +import ma.glasnost.orika.MapperFacade; +import ma.glasnost.orika.MappingContext; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.AltinnConsumer; +import no.nav.testnav.altinn3tilgangservice.database.entity.OrganisasjonTilgang; +import no.nav.testnav.altinn3tilgangservice.database.repository.OrganisasjonTilgangRepository; +import no.nav.testnav.altinn3tilgangservice.domain.Organisasjon; +import no.nav.testnav.altinn3tilgangservice.domain.OrganisasjonResponse; +import org.springframework.stereotype.Service; +import reactor.core.publisher.Flux; +import reactor.core.publisher.Mono; + +import static org.apache.commons.lang3.BooleanUtils.isTrue; +import static org.apache.commons.lang3.StringUtils.isBlank; + +@Service +@RequiredArgsConstructor +public class AltinnTilgangService { + + private static final String ORGANISASJON_TILGANG = "tilgang"; + private final AltinnConsumer altinnConsumer; + private final OrganisasjonTilgangRepository organisasjonTilgangRepository; + private final MapperFacade mapperFacade; + + public Flux getAll() { + + return altinnConsumer.getOrganisasjoner() + .flatMap(this::convertResponse); + } + + public Flux create(String orgnummer, String miljoe) { + + return altinnConsumer.create(orgnummer) + .flatMap(altinnOrg -> { + if (isBlank(altinnOrg.getFeilmelding())) { + return saveOrganisasjon(orgnummer, miljoe) + .map(tilgang -> { + var context = new MappingContext.Factory().getContext(); + context.setProperty(ORGANISASJON_TILGANG, tilgang); + return mapperFacade.map(altinnOrg, OrganisasjonResponse.class, context); + }); + } else { + var context = new MappingContext.Factory().getContext(); + context.setProperty(ORGANISASJON_TILGANG, OrganisasjonTilgang.builder() + .organisasjonNummer(orgnummer) + .miljoe(miljoe) + .build()); + return Mono.just(mapperFacade.map(altinnOrg, OrganisasjonResponse.class, context)); + } + }); + } + + public Flux delete(String organisasjonsnummer) { + + return organisasjonTilgangRepository.deleteByOrganisasjonNummer(organisasjonsnummer) + .flatMapMany(result -> altinnConsumer.delete(organisasjonsnummer)) + .flatMap(this::convertResponse); + } + + private Mono convertResponse(Organisasjon organisasjon) { + + return organisasjonTilgangRepository + .existsByOrganisasjonNummer(organisasjon.getOrganisasjonsnummer()) + .flatMap(exists -> isTrue(exists) ? + organisasjonTilgangRepository + .findByOrganisasjonNummer(organisasjon.getOrganisasjonsnummer()) : + Mono.just(new OrganisasjonTilgang())) + .map(organisasjonTilgang -> { + var context = new MappingContext.Factory().getContext(); + context.setProperty(ORGANISASJON_TILGANG, organisasjonTilgang); + return mapperFacade.map(organisasjon, OrganisasjonResponse.class, context); + }); + } + + private Mono saveOrganisasjon(String orgnummer, String miljoe) { + + return organisasjonTilgangRepository.existsByOrganisasjonNummer(orgnummer) + .flatMap(exists -> isTrue(exists) ? + organisasjonTilgangRepository.findByOrganisasjonNummer(orgnummer) + .flatMap(organisasjon -> { + organisasjon.setMiljoe(miljoe); + return organisasjonTilgangRepository.save(organisasjon); + }) : + organisasjonTilgangRepository.save(OrganisasjonTilgang.builder() + .organisasjonNummer(orgnummer) + .miljoe(miljoe) + .build())); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java new file mode 100644 index 00000000000..81202173881 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java @@ -0,0 +1,63 @@ +package no.nav.testnav.altinn3tilgangservice.service; + +import lombok.RequiredArgsConstructor; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.AltinnConsumer; +import no.nav.testnav.altinn3tilgangservice.database.entity.OrganisasjonTilgang; +import no.nav.testnav.altinn3tilgangservice.database.repository.OrganisasjonTilgangRepository; +import org.springframework.stereotype.Service; +import reactor.core.publisher.Mono; + +import static org.apache.commons.lang3.BooleanUtils.isTrue; + +@Service +@RequiredArgsConstructor +public class MiljoerOversiktService { + + private final AltinnConsumer altinnConsumer; + private final OrganisasjonTilgangRepository organisasjonTilgangRepository; + + public Mono getMiljoe(String orgnummer) { + + return altinnConsumer.getOrganisasjoner() + .collectList() + .flatMap(bedrifter -> { + + if (bedrifter.stream().anyMatch(bedrift -> + orgnummer.equals(bedrift.getOrganisasjonsnummer()))) { + + return organisasjonTilgangRepository.existsByOrganisasjonNummer(orgnummer) + .flatMap(exists -> isTrue(exists) ? + organisasjonTilgangRepository.findByOrganisasjonNummer(orgnummer) : + Mono.just(OrganisasjonTilgang.builder() + .organisasjonNummer(orgnummer) + .miljoe("q1") + .build())); + } else { + return throwError(orgnummer); + } + }); + } + + public Mono updateMiljoe(String orgnummer, String miljoe) { + + return organisasjonTilgangRepository.existsByOrganisasjonNummer(orgnummer) + .flatMap(exists -> isTrue(exists) ? + organisasjonTilgangRepository.findByOrganisasjonNummer(orgnummer) + .flatMap(organisasjon -> { + organisasjon.setMiljoe(miljoe); + return organisasjonTilgangRepository.save(organisasjon); + }) : + organisasjonTilgangRepository.save(OrganisasjonTilgang.builder() + .organisasjonNummer(orgnummer) + .miljoe(miljoe) + .build())); + } + + private static Mono throwError(String orgnummer) { + + return Mono.just(OrganisasjonTilgang.builder() + .organisasjonNummer(orgnummer) + .feilmelding("404 Not found: Organisasjonsnummer %s ble ikke funnet".formatted(orgnummer)) + .build()); + } +} diff --git a/apps/altinn3-tilgang-service/src/main/resources/application-dev.yml b/apps/altinn3-tilgang-service/src/main/resources/application-dev.yml new file mode 100644 index 00000000000..0335878de67 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/resources/application-dev.yml @@ -0,0 +1,17 @@ +ALTINN_URL: https://platform.tt02.altinn.no + +spring: + flyway: + locations: classpath:db/migration + url: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_JDBC_URL} + user: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_USERNAME} + password: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_PASSWORD} + r2dbc: + url: r2dbc:postgresql://${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_HOST}:${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_PORT}/${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_DATABASE} + username: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_USERNAME} + password: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_PASSWORD} + properties: + sslCert: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_SSLCERT} + sslKey: /tmp/pk8.pem # See Dockerfile and 99-dolly-convert-to-pk8.sh. + sslMode: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_SSLMODE} + sslRootCert: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_SSLROOTCERT} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/resources/application-local.yml b/apps/altinn3-tilgang-service/src/main/resources/application-local.yml new file mode 100644 index 00000000000..7e9211a71ae --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/resources/application-local.yml @@ -0,0 +1,29 @@ +TOKEN_X_ISSUER: dummy + +ALTINN_URL: https://tt02.altinn.no + +MASKINPORTEN_CLIENT_ID: dummy +MASKINPORTEN_CLIENT_JWK: dummy +MASKINPORTEN_SCOPES: dummy +MASKINPORTEN_WELL_KNOWN_URL: https://test.maskinporten.no/.well-known/oauth-authorization-server + +spring: + cache: + type: none + cloud: + gcp: + secretmanager: + project-id: dolly-dev-ff83 + config: + import: "sm://" + flyway: + enabled: true + locations: classpath:db/migration + baseline-on-migrate: true + url: jdbc:postgresql://localhost:5432/testnav-altinn3-tilgang-local + user: testnav-altinn3-tilgang-local + password: ${sm://testnav-altinn3-tilgang-local} + r2dbc: + url: r2dbc:postgresql://localhost:5432/testnav-altinn3-tilgang-local + username: testnav-altinn3-tilgang-local + password: ${sm://testnav-altinn3-tilgang-local} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/resources/application-prod.yml b/apps/altinn3-tilgang-service/src/main/resources/application-prod.yml new file mode 100644 index 00000000000..00fc0d3389d --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/resources/application-prod.yml @@ -0,0 +1,17 @@ +ALTINN_URL: https://platform.altinn.no + +spring: + flyway: + locations: classpath:db/migration + url: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_JDBC_URL} + user: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_USERNAME} + password: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_PASSWORD} + r2dbc: + url: r2dbc:postgresql://${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_HOST}:${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_PORT}/${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_DATABASE} + username: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_USERNAME} + password: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_PASSWORD} + properties: + sslCert: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_SSLCERT} + sslKey: /tmp/pk8.pem # See Dockerfile and 99-dolly-convert-to-pk8.sh. + sslMode: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_SSLMODE} + sslRootCert: ${NAIS_DATABASE_TESTNAV_ALTINN3_TILGANG_TESTNAV_ALTINN3_TILGANG_SSLROOTCERT} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/resources/application.yml b/apps/altinn3-tilgang-service/src/main/resources/application.yml new file mode 100644 index 00000000000..ef6e80ec702 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/resources/application.yml @@ -0,0 +1,58 @@ +AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b + +spring: + application: + version: application.version.todo + name: testnav-altinn3-tilgang-service + desciption: Tjeneste for å hente og sette tilganger for orgnisasjoner + security: + oauth2: + resourceserver: + aad: + issuer-uri: ${AAD_ISSUER_URI}/v2.0 + jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys + accepted-audience: ${azure.app.client.id}, api://${azure.app.client.id} + tokenx: + issuer-uri: ${TOKEN_X_ISSUER} + jwk-set-uri: ${TOKEN_X_JWKS_URI} + accepted-audience: ${TOKEN_X_CLIENT_ID} + jackson: + serialization: + write_dates_as_timestamps: false + cloud: + vault: + enabled: false + +springdoc: + swagger-ui: + disable-swagger-default-url: true + url: /v3/api-docs + +altinn: + api: + url: ${ALTINN_URL} + resource: + owner: nav + identifier: godkjente-dolly-tilganger + +management: + endpoints: + enabled-by-default: true + web: + base-path: /internal + exposure.include: prometheus,heapdump,health + path-mapping: + prometheus: metrics + endpoint: + prometheus.enabled: true + heapdump.enabled: true + prometheus: + metrics: + export: + enabled: true +server: + servlet: + encoding: + charset: UTF-8 + error: + include-message: always \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/resources/db/migration/V1.0.0__CreateTables.sql b/apps/altinn3-tilgang-service/src/main/resources/db/migration/V1.0.0__CreateTables.sql new file mode 100644 index 00000000000..074fa6a3eb9 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/resources/db/migration/V1.0.0__CreateTables.sql @@ -0,0 +1,10 @@ +------------------------------- +-- C R E A T E T A B L E S -- +------------------------------- + +create table organisasjon_tilgang +( + id serial primary key, + organisajon_nummer varchar(50) unique, + miljoe varchar(100) +); \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/resources/logback-spring.xml b/apps/altinn3-tilgang-service/src/main/resources/logback-spring.xml new file mode 100644 index 00000000000..43e833f00b6 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/main/resources/logback-spring.xml @@ -0,0 +1,32 @@ + + + + + + -1 + true + - + + + + + + + + + + + + %d{HH:mm:ss.SSS} | %5p | %logger{25} | %m%n + + utf8 + + + + + + + + + + \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/test/java/no/nav/testnav/altinn3tilgangservice/ApplicationContextTest.java b/apps/altinn3-tilgang-service/src/test/java/no/nav/testnav/altinn3tilgangservice/ApplicationContextTest.java new file mode 100644 index 00000000000..3fed84b2557 --- /dev/null +++ b/apps/altinn3-tilgang-service/src/test/java/no/nav/testnav/altinn3tilgangservice/ApplicationContextTest.java @@ -0,0 +1,24 @@ +package no.nav.testnav.altinn3tilgangservice; + +import com.google.cloud.secretmanager.v1.SecretManagerServiceClient; +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder; +import org.springframework.test.context.ActiveProfiles; + +@SpringBootTest +@ActiveProfiles("test") +class ApplicationContextTest { + + @MockBean + public ReactiveJwtDecoder jwtDecoder; + + @MockBean + public SecretManagerServiceClient secretManagerClient; + + @Test + @SuppressWarnings("java:S2699") + void load_app_context() { + } +} diff --git a/apps/altinn3-tilgang-service/src/test/resources/application-test.yml b/apps/altinn3-tilgang-service/src/test/resources/application-test.yml new file mode 100644 index 00000000000..dfbee67495e --- /dev/null +++ b/apps/altinn3-tilgang-service/src/test/resources/application-test.yml @@ -0,0 +1,7 @@ +ALTINN_URL: http://localhost:8080 +ALTINN_API_KEY: dummy +MASKINPORTEN_CLIENT_ID: dummy +MASKINPORTEN_CLIENT_JWK: dummy +MASKINPORTEN_SCOPES: dummy +MASKINPORTEN_WELL_KNOWN_URL: http://localhost:8080 +TOKEN_X_ISSUER: dummy \ No newline at end of file diff --git a/apps/dolly-frontend/config.idporten.yml b/apps/dolly-frontend/config.idporten.yml index 4d9bce7df8e..2e7cee39d37 100644 --- a/apps/dolly-frontend/config.idporten.yml +++ b/apps/dolly-frontend/config.idporten.yml @@ -57,6 +57,8 @@ spec: - application: testnorge-profil-api - application: testnorge-tilbakemelding-api - application: testnav-yrkesskade-proxy + - application: testnav-altinn3-tilgang-service-prod + cluster: prod-gcp external: - host: testnav-pensjon-testdata-facade-proxy.dev-fss-pub.nais.io - host: testnav-sigrunstub-proxy.dev-fss-pub.nais.io @@ -73,6 +75,7 @@ spec: - host: testnav-brregstub-proxy.dev-fss-pub.nais.io - host: testnav-dokarkiv-proxy.dev-fss-pub.nais.io - host: idporten.no + - host: testnav-altinn3-tilgang-service.nav.no liveness: path: /internal/isAlive diff --git a/apps/dolly-frontend/config.test.yml b/apps/dolly-frontend/config.test.yml index 45bf1b3dbd2..82ee8248030 100644 --- a/apps/dolly-frontend/config.test.yml +++ b/apps/dolly-frontend/config.test.yml @@ -63,6 +63,7 @@ spec: - application: testnav-levende-arbeidsforhold-scheduler - application: testnav-skattekort-service - application: testnav-yrkesskade-proxy + - application: testnav-altinn3-tilgang-service external: - host: testnav-pensjon-testdata-facade-proxy.dev-fss-pub.nais.io - host: testnav-sigrunstub-proxy.dev-fss-pub.nais.io diff --git a/apps/dolly-frontend/config.unstable.yml b/apps/dolly-frontend/config.unstable.yml index 62416c37c82..7a6b3df1dba 100644 --- a/apps/dolly-frontend/config.unstable.yml +++ b/apps/dolly-frontend/config.unstable.yml @@ -56,6 +56,7 @@ spec: - application: testnorge-tilbakemelding-api - application: testnav-skattekort-service - application: testnav-yrkesskade-proxy + - application: testnav-altinn3-tilgang-service external: - host: testnav-pensjon-testdata-facade-proxy.dev-fss-pub.nais.io - host: testnav-sigrunstub-proxy.dev-fss-pub.nais.io diff --git a/apps/dolly-frontend/config.yml b/apps/dolly-frontend/config.yml index 851b7e85ed9..f8681ddb000 100644 --- a/apps/dolly-frontend/config.yml +++ b/apps/dolly-frontend/config.yml @@ -67,7 +67,8 @@ spec: - application: testnav-levende-arbeidsforhold-ansettelse - application: testnav-levende-arbeidsforhold-scheduler - application: testnav-yrkesskade-proxy - + - application: testnav-altinn3-tilgang-service-prod + cluster: prod-gcp external: - host: testnav-pensjon-testdata-facade-proxy.dev-fss-pub.nais.io - host: testnav-sigrunstub-proxy.dev-fss-pub.nais.io @@ -83,6 +84,7 @@ spec: - host: testnav-norg2-proxy.dev-fss-pub.nais.io - host: testnav-brregstub-proxy.dev-fss-pub.nais.io - host: testnav-dokarkiv-proxy.dev-fss-pub.nais.io + - host: testnav-altinn3-tilgang-service.nav.no liveness: path: /internal/isAlive initialDelay: 20 diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java index 265f37443c5..81f13833178 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java @@ -62,7 +62,6 @@ public RouteLocator customRouteLocator(RouteLocatorBuilder builder) { .route(createRoute(consumers.getOppsummeringsdokumentService(), "oppsummeringsdokument-service")) .route(createRoute(consumers.getTestnavOrganisasjonForvalter())) .route(createRoute(consumers.getTestnavVarslingerService(), "testnav-varslinger-service")) - .route(createRoute(consumers.getTestnavOrganisasjonTilgangService(), "testnav-organisasjon-tilgang-service")) .route(createRoute(consumers.getTestnavTpsMessagingService(), "testnav-tps-messaging-service")) .route(createRoute(consumers.getTestnorgeProfilApi(), "testnorge-profil-api")) .route(createRoute(consumers.getTestnavBrukerService(), "testnav-bruker-service")) @@ -98,6 +97,7 @@ public RouteLocator customRouteLocator(RouteLocatorBuilder builder) { .route(createRoute(consumers.getTestnavLevendeArbeidsforholdAnsettelse(), "testnav-levende-arbeidsforhold-ansettelse")) .route(createRoute(consumers.getTestnavLevendeArbeidsforholdScheduler(), "testnav-levende-arbeidsforhold-scheduler")) .route(createRoute(consumers.getTestnavYrkesskadeProxy())) + .route(createRoute(consumers.getTestnavAltinn3TilgangService(), "testnav-altinn3-tilgang-service")) .build(); } diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java index 0217856ea1d..cb6139fe641 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java @@ -49,7 +49,6 @@ public class Consumers { private ServerProperties testnavOrganisasjonFasteDataService; private ServerProperties testnavOrganisasjonForvalter; private ServerProperties testnavOrganisasjonService; - private ServerProperties testnavOrganisasjonTilgangService; private ServerProperties testnavPdlForvalter; private ServerProperties testnavPensjonTestdataFacadeProxy; private ServerProperties testnavPersonOrganisasjonTilgangService; @@ -67,5 +66,6 @@ public class Consumers { private ServerProperties testnavLevendeArbeidsforholdAnsettelse; private ServerProperties testnavLevendeArbeidsforholdScheduler; private ServerProperties testnavYrkesskadeProxy; + private ServerProperties testnavAltinn3TilgangService; } diff --git a/apps/dolly-frontend/src/main/js/package.json b/apps/dolly-frontend/src/main/js/package.json index 846ac1e1cc0..46691e3ea7b 100644 --- a/apps/dolly-frontend/src/main/js/package.json +++ b/apps/dolly-frontend/src/main/js/package.json @@ -114,5 +114,6 @@ "semi": false, "useTabs": true, "printWidth": 100 - } + }, + "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" } diff --git a/apps/dolly-frontend/src/main/js/proxy-routes.json b/apps/dolly-frontend/src/main/js/proxy-routes.json index 843d1003414..f521c3b14b7 100644 --- a/apps/dolly-frontend/src/main/js/proxy-routes.json +++ b/apps/dolly-frontend/src/main/js/proxy-routes.json @@ -144,7 +144,7 @@ "changeOrigin": true, "secure": false }, - "/testnav-organisasjon-tilgang-service/api": { + "/testnav-altinn3-tilgang-service/api": { "target": "http://localhost:8020", "changeOrigin": true, "secure": false diff --git a/apps/dolly-frontend/src/main/js/src/pages/adminPages/Orgtilgang/OrgOversikt.tsx b/apps/dolly-frontend/src/main/js/src/pages/adminPages/Orgtilgang/OrgOversikt.tsx index acbb57d55f5..09586b69d52 100644 --- a/apps/dolly-frontend/src/main/js/src/pages/adminPages/Orgtilgang/OrgOversikt.tsx +++ b/apps/dolly-frontend/src/main/js/src/pages/adminPages/Orgtilgang/OrgOversikt.tsx @@ -34,7 +34,6 @@ export const OrgOversikt = ({ organisasjonTilgang, loading, error, mutate }: Ove Navn Form Miljø - Gyldig til Endre org. @@ -46,7 +45,6 @@ export const OrgOversikt = ({ organisasjonTilgang, loading, error, mutate }: Ove {navn} {organisasjonsform} {miljoe} - {formatDate(gyldigTil)} diff --git a/apps/dolly-frontend/src/main/js/src/pages/adminPages/Orgtilgang/OrgtilgangForm.tsx b/apps/dolly-frontend/src/main/js/src/pages/adminPages/Orgtilgang/OrgtilgangForm.tsx index bb56706201b..85d2358504b 100644 --- a/apps/dolly-frontend/src/main/js/src/pages/adminPages/Orgtilgang/OrgtilgangForm.tsx +++ b/apps/dolly-frontend/src/main/js/src/pages/adminPages/Orgtilgang/OrgtilgangForm.tsx @@ -86,7 +86,6 @@ export const OrgtilgangForm = ({ mutate }: any) => { isMulti={true} size="medium" /> -