Merge pull request #95 from navikt/feature/flytte_til_gcp

[KAIZEN-0] flytte til gcp

Author: abrhanav

.github/workflows/main.yml

@@ -74,6 +74,23 @@ jobs:
           RESOURCE: .nais/preprod.yml
           VAR: image=${{ needs.build-and-push.outputs.image }}
 
+  deploy-dev-gcp:
+    name: Deploy to dev-gcp
+    needs: build-and-push
+    if: github.ref == 'refs/heads/dev'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: nais/deploy/actions/deploy@v2
+        env:
+          PRINT_PAYLOAD: true
+          CLUSTER: dev-gcp
+          RESOURCE: .nais/dev.yml
+          VAR: image=${{ needs.build-and-push.outputs.image }}
+
   deploy-prod:
     name: Deploy to prod
     needs: build-and-push

.nais/dev.yml

@@ -0,0 +1,107 @@
+apiVersion: "nais.io/v1alpha1"
+kind: "Application"
+metadata:
+  name: modia-robot-api
+  namespace: personoversikt
+  labels:
+    team: personoversikt
+spec:
+  image: {{image}}
+  port: 7070
+  liveness:
+    path: /internal/isAlive
+    initialDelay: 20
+    timeout: 1
+    periodSeconds: 5
+    failureThreshold: 10
+  readiness:
+    path: /internal/isReady
+    initialDelay: 20
+    timeout: 1
+  prometheus:
+    enabled: true
+    path: /internal/metrics
+  secureLogs:
+    enabled: true
+  resources:
+    requests:
+      cpu: 50m
+      memory: 256Mi
+    limits:
+      cpu: 2000m
+      memory: 512Mi
+  ingresses:
+    - https://modia-robot-api.intern.dev.nav.no
+  replicas:
+    min: 1
+    max: 1
+    cpuThresholdPercentage: 90
+  azure:
+    application:
+      enabled: true
+      tenant: trygdeetaten.no
+      allowAllUsers: true
+      claims:
+        extra:
+          - "NAVident"
+  accessPolicy:
+    outbound:
+      external:
+        - host: veilarboppfolging.dev-fss-pub.nais.io
+        - host: nom-api.intern.dev.nav.no
+        - host: pdl-api.dev-fss-pub.nais.io
+        - host: saf-q1.dev-fss-pub.nais.io
+        - host: digdir-krr-proxy.intern.dev.nav.no
+        - host: sokos-utbetaldata.dev-fss-pub.nais.io
+        - host: sf-henvendelse-api-proxy.dev-fss-pub.nais.io
+        - host: sokos-kontoregister-person.intern.dev.nav.no
+    inbound:
+      rules:
+        - application: rpa-medlemskap-og-avgift
+          namespace: team-rpa
+          cluster: dev-fss
+        - application: ida
+          cluster: prod-fss
+          namespace: traktor
+        - application: rpa-nav-okonomi-stonad
+          cluster: dev-fss
+          namespace: team-rpa-nos
+  env:
+    - name: IDENT_ALLOW_LIST
+      value: "R154727,R156418,R158345,R158346,R160569,R165950,R165951,R165952,R150818,R150819,R155645,R162552,Z994123,Z990351,Z992779,Z990949,Z990467,Z991629,Z990237,Z994673,Z994818,Z990715,Z990715"
+    - name: OPPFOLGING_URL
+      value: "https://veilarboppfolging.dev-fss-pub.nais.io/veilarboppfolging/api"
+    - name: OPPFOLGING_SCOPE
+      value: "dev-fss:pto:veilarboppfolging"
+    - name: NOM_URL
+      value: "https://nom-api.intern.dev.nav.no"
+    - name: NOM_SCOPE
+      value: "dev-gcp:nom:nom-api"
+    - name: PDL_URL
+      value: "https://pdl-api.dev-fss-pub.nais.io/graphql"
+    - name: PDL_SCOPE
+      value: "dev-fss:pdl:pdl-api"
+    - name: SAF_URL
+      value: "https://saf-q1.dev-fss-pub.nais.io/graphql"
+    - name: SAF_SCOPE
+      value: "dev-fss:teamdokumenthandtering:saf"
+    - name: SKRIVESTOTTE_URL
+      value: "https://modiapersonoversikt-skrivestotte.intern.dev.nav.no"
+    - name: DIGDIR_KRR_URL
+      value: "https://digdir-krr-proxy.intern.dev.nav.no/"
+    - name: DIGDIR_KRR_SCOPE
+      value: "dev-gcp:team-rocket:digdir-krr-proxy"
+    - name: UTBETALDATA_SOKOS_URL
+      value: "https://sokos-utbetaldata.dev-fss-pub.nais.io/utbetaldata/api"
+    - name: UTBETAL_SOKOS_SCOPE
+      value: "dev-fss:okonomi:sokos-utbetaldata"
+    - name: SF_HENVENDELSE_URL
+      value: "https://sf-henvendelse-api-proxy.dev-fss-pub.nais.io/api"
+    - name: SF_HENVENDELSE_SCOPE
+      value: "dev-fss:teamnks:sf-henvendelse-api-proxy"
+    - name: KONTOREGISTER_REST_URL
+      value: "https://sokos-kontoregister-person.intern.dev.nav.no/api/system"
+    - name: KONTOREGISTER_SCOPE
+      value: "dev-gcp:okonomi:sokos-kontoregister-person"
+    - name: CXF_SECURE_LOG
+      value: "enabled"

.nais/preprod.yml

@@ -71,14 +71,10 @@ spec:
   env:
     - name: IDENT_ALLOW_LIST
       value: "R154727,R156418,R158345,R158346,R160569,R165950,R165951,R165952,R150818,R150819,R155645,R162552,Z994123,Z990351,Z992779,Z990949,Z990467,Z991629,Z990237,Z994673,Z994818,Z990715,Z990715"
-    - name: SECURITYTOKENSERVICE_URL
-      value: "https://sts-q1.preprod.local/SecurityTokenServiceProvider/"
     - name: OPPFOLGING_URL
       value: "https://veilarboppfolging.dev.intern.nav.no/veilarboppfolging/api"
     - name: OPPFOLGING_SCOPE
       value: "dev-fss:pto:veilarboppfolging"
-    - name: TPS_PERSONV3_URL
-      value: "https://app-q1.adeo.no/tpsws-aura/ws/Person/v3"
     - name: NOM_URL
       value: "https://nom-api.intern.dev.nav.no"
     - name: NOM_SCOPE
@@ -105,5 +101,9 @@ spec:
       value: "https://sf-henvendelse.dev.intern.nav.no/api"
     - name: SF_HENVENDELSE_SCOPE
       value: "dev-fss:teamcrm:sf-henvendelse"
+    - name: KONTOREGISTER_REST_URL
+      value: "https://sokos-kontoregister-person.intern.dev.nav.no/api/system"
+    - name: KONTOREGISTER_SCOPE
+      value: "dev-gcp:okonomi:sokos-kontoregister-person"
     - name: CXF_SECURE_LOG
       value: "enabled"

.nais/prod.yml

@@ -59,14 +59,10 @@ spec:
   env:
     - name: IDENT_ALLOW_LIST
       value: "R154727,R156418,R158345,R158346,R160569,R165950,R165951,R165952,R150818,R150819,R155645,R162552,D159483,U143410"
-    - name: SECURITYTOKENSERVICE_URL
-      value: "https://sts.adeo.no/SecurityTokenServiceProvider/"
     - name: OPPFOLGING_URL
       value: "https://veilarboppfolging.intern.nav.no/veilarboppfolging/api"
     - name: OPPFOLGING_SCOPE
       value: "prod-fss:pto:veilarboppfolging"
-    - name: TPS_PERSONV3_URL
-      value: "https://app.adeo.no/tpsws-aura/ws/Person/v3"
     - name: NOM_URL
       value: "https://nom-api.intern.nav.no"
     - name: NOM_SCOPE
@@ -93,5 +89,9 @@ spec:
       value: "https://sf-henvendelse.intern.nav.no/api"
     - name: SF_HENVENDELSE_SCOPE
       value: "prod-fss:teamcrm:sf-henvendelse"
+    - name: KONTOREGISTER_REST_URL
+      value: "https://sokos-kontoregister-person.intern.nav.no/api/system"
+    - name: KONTOREGISTER_SCOPE
+      value: "prod-gcp:okonomi:sokos-kontoregister-person"
     - name: CXF_SECURE_LOG
       value: "enabled"

src/main/kotlin/no/nav/Application.kt

@@ -7,10 +7,10 @@ import io.ktor.server.routing.*
 import no.nav.api.debug.configureDebugRoutes
 import no.nav.api.dialog.configureDialogRoutes
 import no.nav.api.digdir.configureDigdirRoutes
+import no.nav.api.kontonummer.configureKontonummerRegisterRoutes
 import no.nav.api.oppfolging.configureOppfolgingRoutes
 import no.nav.api.pdl.configurePdlRoutes
 import no.nav.api.skrivestotte.configureSkrivestotteRoutes
-import no.nav.api.tps.configureTpsRoutes
 import no.nav.api.utbetalinger.configureUtbetalingerRoutes
 import no.nav.plugins.*
 
@@ -34,7 +34,7 @@ fun startApplication(
                     configureDebugRoutes(consumers.tokenclient)
                     configureOppfolgingRoutes(services.oppfolgingService)
                     configurePdlRoutes(services.pdlService)
-                    configureTpsRoutes(services.tpsService)
+                    configureKontonummerRegisterRoutes(consumers.kontonummerRegister)
                     configureDialogRoutes(services.dialogService)
                     configureDigdirRoutes(services.digdirService)
                     configureSkrivestotteRoutes(services.skrivestotteService)

src/main/kotlin/no/nav/Consumers.kt

@@ -3,45 +3,33 @@ package no.nav
 import no.nav.api.dialog.saf.SafClient
 import no.nav.api.dialog.sf.SFClient
 import no.nav.api.digdir.DigdirClient
+import no.nav.api.kontonummer.KontonummerRegister
 import no.nav.api.oppfolging.Nom
 import no.nav.api.oppfolging.OppfolgingClient
 import no.nav.api.pdl.PdlClient
 import no.nav.api.skrivestotte.SkrivestotteClient
 import no.nav.api.utbetalinger.UtbetalingerClient
 import no.nav.common.client.nom.NomClient
-import no.nav.common.cxf.StsConfig
 import no.nav.common.token_client.builder.AzureAdTokenClientBuilder
 import no.nav.common.token_client.client.MachineToMachineTokenClient
 import no.nav.common.token_client.client.OnBehalfOfTokenClient
-import no.nav.common.utils.NaisUtils
-import no.nav.tjeneste.virksomhet.person.v3.binding.PersonV3
-import no.nav.utils.CXFClient
 import no.nav.utils.bindTo
 
 interface Consumers {
     val tokenclient: MachineToMachineTokenClient
     val oboTokenClient: OnBehalfOfTokenClient
     val oppfolgingClient: OppfolgingClient
-    val tps: PersonV3
     val nom: NomClient
     val skrivestotteClient: SkrivestotteClient
     val pdlClient: PdlClient
     val safClient: SafClient
     val digdirClient: DigdirClient
+    val kontonummerRegister: KontonummerRegister
     val utbetalingerClient: UtbetalingerClient
     val sfClient: SFClient
 }
 
 class ConsumersImpl(env: Env) : Consumers {
-    private val modiaUser = NaisUtils.getCredentials("service_user")
-    private val stsConfig: StsConfig =
-        StsConfig
-            .builder()
-            .url(env.soapStsUrl)
-            .username(modiaUser.username)
-            .password(modiaUser.password)
-            .build()
-
     override val oboTokenClient: OnBehalfOfTokenClient =
         AzureAdTokenClientBuilder
             .builder()
@@ -55,17 +43,14 @@ class ConsumersImpl(env: Env) : Consumers {
             .buildMachineToMachineTokenClient()
 
     override val oppfolgingClient: OppfolgingClient = OppfolgingClient(env.oppfolgingUrl, oboTokenClient.bindTo(env.oppfolgingScope))
-    override val tps: PersonV3 =
-        CXFClient<PersonV3>()
-            .address(env.tpsPersonV3Url)
-            .configureStsForSystemUser(stsConfig)
-            .build()
     override val nom: NomClient = Nom(env.nomUrl, tokenclient.bindTo(env.nomScope)).client
     override val skrivestotteClient: SkrivestotteClient = SkrivestotteClient(env.skrivestotteUrl)
     override val pdlClient: PdlClient = PdlClient(env.pdlUrl, oboTokenClient.bindTo(env.pdlScope))
     override val safClient: SafClient = SafClient(env.safUrl, oboTokenClient.bindTo(env.safScope))
     override val digdirClient: DigdirClient =
         DigdirClient(env.digdirUrl, tokenclient.bindTo(env.digdirScope), oboTokenClient.bindTo(env.digdirScope))
+    override val kontonummerRegister: KontonummerRegister =
+        KontonummerRegister(env.kontonummerRegisterUrl, oboTokenClient.bindTo(env.kontonummerRegisterScope))
     override val utbetalingerClient: UtbetalingerClient =
         UtbetalingerClient(env.utbetalingSokosUrl, oboTokenClient.bindTo(env.utbetalingSokosScope))
     override val sfClient: SFClient = SFClient(env.sfUrl, oboTokenClient.bindTo(env.sfScope))

src/main/kotlin/no/nav/Env.kt

@@ -9,9 +9,7 @@ interface Env {
         operator fun invoke(): Env = EnvImpl()
     }
 
-    val soapStsUrl: String
     val jwksUrl: String
-    val tpsPersonV3Url: String
     val oppfolgingUrl: String
     val oppfolgingScope: DownstreamApi
     val nomUrl: String
@@ -20,6 +18,8 @@ interface Env {
     val pdlScope: DownstreamApi
     val digdirUrl: String
     val digdirScope: DownstreamApi
+    val kontonummerRegisterUrl: String
+    val kontonummerRegisterScope: DownstreamApi
     val utbetalingSokosUrl: String
     val utbetalingSokosScope: DownstreamApi
     val safUrl: String
@@ -31,9 +31,7 @@ interface Env {
 }
 
 class EnvImpl : Env {
-    override val soapStsUrl: String = getRequiredConfig("SECURITYTOKENSERVICE_URL")
     override val jwksUrl: String = getRequiredConfig("AZURE_OPENID_CONFIG_JWKS_URI")
-    override val tpsPersonV3Url: String = getRequiredConfig("TPS_PERSONV3_URL")
     override val oppfolgingUrl: String = getRequiredConfig("OPPFOLGING_URL")
     override val oppfolgingScope: DownstreamApi = getRequiredConfig("OPPFOLGING_SCOPE").toDownstreamApi()
     override val nomUrl: String = getRequiredConfig("NOM_URL")
@@ -42,6 +40,8 @@ class EnvImpl : Env {
     override val pdlScope: DownstreamApi = getRequiredConfig("PDL_SCOPE").toDownstreamApi()
     override val digdirUrl: String = getRequiredConfig("DIGDIR_KRR_URL")
     override val digdirScope: DownstreamApi = getRequiredConfig("DIGDIR_KRR_SCOPE").toDownstreamApi()
+    override val kontonummerRegisterUrl: String = getRequiredConfig("KONTOREGISTER_REST_URL")
+    override val kontonummerRegisterScope: DownstreamApi = getRequiredConfig("KONTOREGISTER_SCOPE").toDownstreamApi()
     override val utbetalingSokosUrl: String = getRequiredConfig("UTBETALDATA_SOKOS_URL")
     override val utbetalingSokosScope: DownstreamApi = getRequiredConfig("UTBETAL_SOKOS_SCOPE").toDownstreamApi()
     override val safUrl: String = getRequiredConfig("SAF_URL")

src/main/kotlin/no/nav/Services.kt

@@ -7,12 +7,10 @@ import no.nav.api.digdir.DigdirService
 import no.nav.api.oppfolging.OppfolgingService
 import no.nav.api.pdl.PdlService
 import no.nav.api.skrivestotte.SkrivestotteService
-import no.nav.api.tps.TpsService
 import no.nav.api.utbetalinger.UtbetalingerService
 
 interface Services {
     val oppfolgingService: OppfolgingService
-    val tpsService: TpsService
     val skrivestotteService: SkrivestotteService
     val digdirService: DigdirService
     val pdlService: PdlService
@@ -28,7 +26,6 @@ class ServicesImpl(consumers: Consumers) : Services {
             consumers.oppfolgingClient,
             consumers.nom,
         )
-    override val tpsService = TpsService(consumers.tps)
     override val skrivestotteService = SkrivestotteService(consumers.skrivestotteClient)
     override val digdirService = DigdirService(consumers.digdirClient)
     override val pdlService = PdlService(consumers.pdlClient)