Merge pull request #9 from navikt/vault

Vault

Author: nutgaard

consumer/src/main/java/no/nav/sbl/dialogarena/modiabrukerdialog/consumer/config/endpoint/v1/norg/NorgEndpointFelles.java

@@ -10,9 +10,12 @@
 import java.util.Map;
 
 public class NorgEndpointFelles {
+    public static final String KJERNEINFO_TJENESTEBUSS_USERNAME = "SRV_KJERNEINFO_TJENESTEBUSS_USERNAME";
+    public static final String KJERNEINFO_TJENESTEBUSS_PASSWORD = "SRV_KJERNEINFO_TJENESTEBUSS_PASSWORD";
+
     public static Map<String, Object> getSecurityProps() {
-        final String user = EnvironmentUtils.getRequiredProperty("ctjenestebuss.username", "SRV_KJERNEINFO_TJENESTEBUSS_USERNAME");
-        final String password = EnvironmentUtils.getRequiredProperty("ctjenestebuss.password", "SRV_KJERNEINFO_TJENESTEBUSS_PASSWORD");
+        final String user = EnvironmentUtils.getRequiredProperty("ctjenestebuss.username", KJERNEINFO_TJENESTEBUSS_USERNAME);
+        final String password = EnvironmentUtils.getRequiredProperty("ctjenestebuss.password", KJERNEINFO_TJENESTEBUSS_PASSWORD);
 
         Map<String, Object> props = new HashMap<>();
         props.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);

consumer/src/main/java/no/nav/sbl/dialogarena/modiabrukerdialog/consumer/service/ldap/LdapContextProvider.java

@@ -13,12 +13,15 @@ public class LdapContextProvider {
     @SuppressWarnings("PMD")
     private static Hashtable<String, String> env = new Hashtable<>();
 
+    public static final String LDAP_USERNAME = "LDAP_USERNAME";
+    public static final String LDAP_PASSWORD = "LDAP_PASSWORD";
+
     static {
         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
         env.put(Context.SECURITY_AUTHENTICATION, "simple");
         env.put(Context.PROVIDER_URL, EnvironmentUtils.getRequiredProperty("LDAP_URL"));
-        env.put(Context.SECURITY_PRINCIPAL, EnvironmentUtils.getRequiredProperty("LDAP_USERNAME"));
-        env.put(Context.SECURITY_CREDENTIALS, EnvironmentUtils.getRequiredProperty("LDAP_PASSWORD"));
+        env.put(Context.SECURITY_PRINCIPAL, EnvironmentUtils.getRequiredProperty(LDAP_USERNAME));
+        env.put(Context.SECURITY_CREDENTIALS, EnvironmentUtils.getRequiredProperty(LDAP_PASSWORD));
     }
 
     public LdapContext getInitialLdapContext() {

deploy/naiserator-q0.yaml

@@ -39,4 +39,13 @@ spec:
     max: 4
     cpuThresholdPercentage: 60
   vault:
-    enabled: true
+    enabled: true
+    paths:
+      - kvPath: /kv/preprod/fss/modiapersonoversikt-api/q0
+        mountPath: /var/run/secrets/nais.io/vault
+      - kvPath: /serviceuser/data/dev/srvmodiabrukerdialog
+        mountPath: /var/run/secrets/nais.io/service_user
+      - kvPath: /serviceuser/data/dev/srvssolinux
+        mountPath: /var/run/secrets/nais.io/ldap_user
+      - kvPath: /serviceuser/data/dev/srvgosys
+        mountPath: /var/run/secrets/nais.io/gosys_user

deploy/naiserator-q1.yaml

@@ -39,4 +39,13 @@ spec:
     max: 2
     cpuThresholdPercentage: 60
   vault:
-    enabled: true
+    enabled: true
+    paths:
+      - kvPath: /kv/preprod/fss/modiapersonoversikt-api/q1
+        mountPath: /var/run/secrets/nais.io/vault
+      - kvPath: /serviceuser/data/dev/srvmodiabrukerdialog
+        mountPath: /var/run/secrets/nais.io/service_user
+      - kvPath: /serviceuser/data/dev/srvssolinux
+        mountPath: /var/run/secrets/nais.io/ldap_user
+      - kvPath: /serviceuser/data/dev/srvgosys
+        mountPath: /var/run/secrets/nais.io/gosys_user

deploy/naiserator-q6.yaml

@@ -39,4 +39,13 @@ spec:
     max: 2
     cpuThresholdPercentage: 60
   vault:
-    enabled: true
+    enabled: true
+    paths:
+      - kvPath: /kv/preprod/fss/modiapersonoversikt-api/q6
+        mountPath: /var/run/secrets/nais.io/vault
+      - kvPath: /serviceuser/data/dev/srvmodiabrukerdialog
+        mountPath: /var/run/secrets/nais.io/service_user
+      - kvPath: /serviceuser/data/dev/srvssolinux
+        mountPath: /var/run/secrets/nais.io/ldap_user
+      - kvPath: /serviceuser/data/dev/srvgosys
+        mountPath: /var/run/secrets/nais.io/gosys_user

deploy/naiserator.yaml

@@ -38,4 +38,13 @@ spec:
   prometheus:
     enabled: false
   vault:
-    enabled: true
+    enabled: true
+    paths:
+      - kvPath: /kv/prod/fss/modiapersonoversikt-api/default
+        mountPath: /var/run/secrets/nais.io/vault
+      - kvPath: /serviceuser/data/prod/srvmodiabrukerdialog
+        mountPath: /var/run/secrets/nais.io/service_user
+      - kvPath: /serviceuser/data/prod/srvssolinux
+        mountPath: /var/run/secrets/nais.io/ldap_user
+      - kvPath: /serviceuser/data/prod/srvgosys
+        mountPath: /var/run/secrets/nais.io/gosys_user

web/src/main/java/Main.java

@@ -1,6 +1,9 @@
 
 import no.nav.apiapp.ApiApp;
-import no.nav.sbl.dialogarena.common.cxf.StsSecurityConstants;
+import no.nav.brukerdialog.tools.SecurityConstants;
+import no.nav.common.utils.NaisUtils;
+import no.nav.sbl.dialogarena.common.abac.pep.CredentialConstants;
+import no.nav.sbl.dialogarena.modiabrukerdialog.consumer.service.ldap.LdapContextProvider;
 import no.nav.sbl.dialogarena.modiabrukerdialog.web.config.ModiaApplicationContext;
 import no.nav.sbl.util.EnvironmentUtils;
 import org.slf4j.Logger;
@@ -13,7 +16,10 @@
 import java.util.HashSet;
 import java.util.Properties;
 
-import static java.util.stream.Collectors.toSet;
+import static no.nav.sbl.dialogarena.modiabrukerdialog.consumer.config.endpoint.v1.norg.NorgEndpointFelles.KJERNEINFO_TJENESTEBUSS_PASSWORD;
+import static no.nav.sbl.dialogarena.modiabrukerdialog.consumer.config.endpoint.v1.norg.NorgEndpointFelles.KJERNEINFO_TJENESTEBUSS_USERNAME;
+import static no.nav.sbl.util.EnvironmentUtils.Type.PUBLIC;
+import static no.nav.sbl.util.EnvironmentUtils.Type.SECRET;
 import static no.nav.sbl.util.EnvironmentUtils.getRequiredProperty;
 
 public class Main {
@@ -28,12 +34,26 @@ public static void main(String... args) throws FileNotFoundException {
         );
 
         // Overstyrer appnavn slik at vi er sikre på at vi later som vi er modiabrukerdialog. ;)
-        System.setProperty("NAIS_APP_NAME", "modiabrukerdialog");
+        EnvironmentUtils.setProperty("NAIS_APP_NAME", "modiabrukerdialog", PUBLIC);
 
         ApiApp.runApp(ModiaApplicationContext.class, args);
     }
 
     private static void loadVaultSecrets() throws FileNotFoundException {
+        NaisUtils.Credentials serviceUser = NaisUtils.getCredentials("service_user");
+        EnvironmentUtils.setProperty(CredentialConstants.SYSTEMUSER_USERNAME, serviceUser.username, PUBLIC);
+        EnvironmentUtils.setProperty(CredentialConstants.SYSTEMUSER_PASSWORD, serviceUser.password, SECRET);
+        EnvironmentUtils.setProperty(SecurityConstants.SYSTEMUSER_USERNAME, serviceUser.username, PUBLIC);
+        EnvironmentUtils.setProperty(SecurityConstants.SYSTEMUSER_PASSWORD, serviceUser.password, SECRET);
+
+        NaisUtils.Credentials ldapUser = NaisUtils.getCredentials("ldap_user");
+        EnvironmentUtils.setProperty(LdapContextProvider.LDAP_USERNAME, ldapUser.username, PUBLIC);
+        EnvironmentUtils.setProperty(LdapContextProvider.LDAP_PASSWORD, ldapUser.password, SECRET);
+
+        NaisUtils.Credentials gosysUser = NaisUtils.getCredentials("gosys_user");
+        EnvironmentUtils.setProperty(KJERNEINFO_TJENESTEBUSS_USERNAME, gosysUser.username, PUBLIC);
+        EnvironmentUtils.setProperty(KJERNEINFO_TJENESTEBUSS_PASSWORD, gosysUser.password, SECRET);
+
         loadFromInputStream(new FileInputStream(VAULT_APPLICATION_PROPERTIES_PATH), true);
     }
 

web/src/main/resources/configurations/p.properties

@@ -165,4 +165,4 @@ VISORGANISASJONENHETKONTAKTINFORMASJON=true
 FEATURE_AKTIVERPERSONRESTAPI=true
 FEATURE_NYTTVISITTKORT=true
 HASTEKASSERING_TILGANG=Z992323,Z990366,Z990083
-OIDC_REDIRECT_URL=https\://modapp.adeo.no/modiabrukerdialog/rest/login
+OIDC_REDIRECT_URL=https\://app.adeo.no/modiapersonoversikt-api/rest/login

web/src/main/resources/configurations/q0.properties

@@ -165,4 +165,4 @@ VISORGANISASJONENHETKONTAKTINFORMASJON=true
 FEATURE_AKTIVERPERSONRESTAPI=true
 FEATURE_NYTTVISITTKORT=true
 HASTEKASSERING_TILGANG=Z992323,Z990366,Z990083
-OIDC_REDIRECT_URL=https\://modapp-q0.adeo.no/modiabrukerdialog/rest/login
+OIDC_REDIRECT_URL=https\://app-q0.adeo.no/modiapersonoversikt-api/rest/login

web/src/main/resources/configurations/q1.properties

@@ -165,4 +165,4 @@ VISORGANISASJONENHETKONTAKTINFORMASJON=true
 FEATURE_AKTIVERPERSONRESTAPI=true
 FEATURE_NYTTVISITTKORT=true
 HASTEKASSERING_TILGANG=Z992323,Z990366,Z990083
-OIDC_REDIRECT_URL=https\://modapp-q1.adeo.no/modiabrukerdialog/rest/login
+OIDC_REDIRECT_URL=https\://app-q1.adeo.no/modiapersonoversikt-api/rest/login

web/src/main/resources/configurations/q6.properties

@@ -165,4 +165,4 @@ VISORGANISASJONENHETKONTAKTINFORMASJON=true
 FEATURE_AKTIVERPERSONRESTAPI=true
 FEATURE_NYTTVISITTKORT=true
 HASTEKASSERING_TILGANG=Z992323,Z990366,Z990083
-OIDC_REDIRECT_URL=https\://modapp-q6.adeo.no/modiabrukerdialog/rest/login
+OIDC_REDIRECT_URL=https\://app-q6.adeo.no/modiapersonoversikt-api/rest/login