new users added

Author: omursahin

dockerfiles/tiltaksgjennomforing-api.dockerfile

@@ -4,20 +4,7 @@ COPY ./dist/tiltaksgjennomforing-api-sut.jar .
 COPY ./dist/jacocoagent.jar .
 
 
-ENV AZURE_APP_WELL_KNOWN_URL="http://mock-oauth2-server:8083/aad/.well-known/openid-configuration"
-ENV TOKEN_X_WELL_KNOWN_URL="http://mock-oauth2-server:8083/tokenx/.well-known/openid-configuration"
-ENV VAULT_TOKEN="VAULT_TOKEN"
-ENV KAFKA_BROKERS="KAFKA_BROKERS"
-ENV KAFKA_TRUSTSTORE_PATH="KAFKA_TRUSTSTORE_PATH"
-ENV KAFKA_CREDSTORE_PASSWORD="KAFKA_CREDSTORE_PASSWORD"
-ENV KAFKA_KEYSTORE_PATH="KAFKA_KEYSTORE_PATH"
-ENV KAFKA_SCHEMA_REGISTRY="KAFKA_SCHEMA_REGISTRY"
-ENV KAFKA_SCHEMA_REGISTRY_USER="KAFKA_SCHEMA_REGISTRY_USER"
-ENV KAFKA_SCHEMA_REGISTRY_PASSWORD="KAFKA_SCHEMA_REGISTRY_PASSWORD"
-ENV AZURE_APP_TENANT_ID="AZURE_APP_TENANT_ID"
-ENV AZURE_APP_CLIENT_ID="aad"
-ENV AZURE_APP_CLIENT_SECRET="secret"
-ENV beslutter.ad.gruppe="99ea78dc-db77-44d0-b193-c5dc22f01e1d"
+
 #ENV TOOL="undefined"
 #ENV RUN="0"
 
@@ -27,4 +14,4 @@ ENTRYPOINT \
 #    -javaagent:jacocoagent.jar=destfile=./jacoco/tiltaksgjennomforing-api__${TOOL}__${RUN}__jacoco.exec,append=false,dumponexit=true \
     -javaagent:jacocoagent.jar=output=tcpserver,address=*,port=6300,append=false,dumponexit=false \
      -jar tiltaksgjennomforing-api-sut.jar \
-    --server.port=8080 --spring.profiles.active=dev-gcp-labs --spring.datasource.driverClassName=org.postgresql.Driver --spring.sql.init.platform=postgres --no.nav.security.jwt.issuer.aad.discoveryurl=http://mock-oauth2-server:8083/aad/.well-known/openid-configuration --no.nav.security.jwt.issuer.tokenx.discoveryurl=http://mock-oauth2-server:8083/tokenx/.well-known/openid-configuration --management.server.port=-1 --server.ssl.enabled=false --spring.datasource.url=jdbc:postgresql://db:5432/tiltaksgjennomforing  --spring.datasource.username=postgres --spring.datasource.password=password --sentry.logging.enabled=false --sentry.environment=local --logging.level.root=OFF --logging.config=classpath:logback-spring.xml --logging.level.org.springframework=INFO
+    --server.port=8080 --spring.profiles.active=dev-gcp-labs --spring.datasource.driverClassName=org.postgresql.Driver --spring.sql.init.platform=postgres --no.nav.security.jwt.issuer.aad.discoveryurl=http://mock-oauth2-server:8083/aad/.well-known/openid-configuration --no.nav.security.jwt.issuer.aad.accepted_audience=aad --no.nav.security.jwt.issuer.system.discoveryurl=http://mock-oauth2-server:8083/system/.well-known/openid-configuration --no.nav.security.jwt.issuer.system.accepted_audience=system --no.nav.security.jwt.issuer.tokenx.discoveryurl=http://mock-oauth2-server:8083/tokenx/.well-known/openid-configuration --no.nav.security.jwt.issuer.tokenx.accepted_audience=tokenx --management.server.port=-1 --server.ssl.enabled=false --spring.datasource.url=jdbc:postgresql://db:5432/tiltaksgjennomforing  --spring.datasource.username=postgres --spring.datasource.password=password --sentry.logging.enabled=false --sentry.environment=local --logging.level.root=OFF --logging.config=classpath:logback-spring.xml --logging.level.org.springframework=INFO

dockerfiles/tiltaksgjennomforing-api.yaml

@@ -9,31 +9,31 @@ services:
     ports:
       - "${HOST_PORT:-8080}:8080"
       - "${JACOCO_PORT:-6300}:6300"
-    depends_on:
-      mock-oauth2-server:
-        condition: service_started
-      db:
-        condition: service_started
 #    volumes:
       # default env does not work on volumes
 #      - ${JACOCODIR}:/jacoco
   db:
     image: postgres:13.13
     tmpfs:
       - '/var/lib/postgresql/data'
+    
+
     environment:
       POSTGRES_PASSWORD: password
       POSTGRES_HOST_AUTH_METHOD: trust
       POSTGRES_DB: tiltaksgjennomforing
+      
+
+
+
 
   mock-oauth2-server:
     image: ghcr.io/navikt/mock-oauth2-server:2.0.1
-    ports:
-      - "${HOST_MOCK_PORT:-8083}:8083"
-    hostname: host.docker.internal
     environment:
       LOG_LEVEL: VERBOSE
       SERVER_PORT: 8083
       JSON_CONFIG_PATH: /app/mockoauth2.json
     volumes:
       - ../scripts/dockerize/data/additional_files/tiltaksgjennomforing-api/mockoauth2.json:/app/mockoauth2.json
+    ports:
+        - "8083:8083"

jdk_17_maven/em/embedded/rest/tiltaksgjennomforing-api/src/main/java/em/embedded/rest/tiltaksgjennomforing/api/EmbeddedEvoMasterController.java

@@ -6,6 +6,7 @@
 import no.nav.security.mock.oauth2.token.RequestMapping;
 import no.nav.security.mock.oauth2.token.RequestMappingTokenCallback;
 import no.nav.tag.tiltaksgjennomforing.TiltaksgjennomforingApplication;
+import no.nav.tag.tiltaksgjennomforing.autorisasjon.TokenUtils;
 import org.evomaster.client.java.controller.EmbeddedSutController;
 import org.evomaster.client.java.controller.InstrumentedSutStarter;
 import org.evomaster.client.java.controller.api.dto.SutInfoDto;
@@ -49,11 +50,7 @@ public class EmbeddedEvoMasterController extends EmbeddedSutController {
     private List<DbSpecification> dbSpecification;
 
     private MockOAuth2Server oAuth2Server;
-    private final String ISSUER_ID = "aad";
-    private final String DEFAULT_AUDIENCE = "some-audience";
     private final String BESLUTTER_AD_GROUP = "99ea78dc-db77-44d0-b193-c5dc22f01e1d";
-    private final String TOKEN_PARAM = "NAVident";
-    private static final String NAV1 = "Q987654";
 
 
     public EmbeddedEvoMasterController() {
@@ -86,14 +83,14 @@ public String getPackagePrefixesToCover() {
         return "no.nav.tag.tiltaksgjennomforing.";
     }
 
-    private AuthenticationDto getAuthenticationDto(String label, String oauth2Url){
+    private AuthenticationDto getAuthenticationDto(String label, String keyValue, String oauth2Url){
 
         AuthenticationDto dto = new AuthenticationDto(label);
         LoginEndpointDto x = new LoginEndpointDto();
         dto.loginEndpointAuth = x;
 
         x.externalEndpointURL = oauth2Url;
-        x.payloadRaw = TOKEN_PARAM+"="+label+"&grant_type=client_credentials&code=foo&client_id=foo&client_secret=secret";
+        x.payloadRaw = keyValue+"&grant_type=client_credentials&code=foo&client_id=foo&client_secret=secret";
         x.verb = HttpVerb.POST;
         x.contentType = "application/x-www-form-urlencoded";
         x.expectCookies = false;
@@ -109,10 +106,15 @@ private AuthenticationDto getAuthenticationDto(String label, String oauth2Url){
 
     @Override
     public List<AuthenticationDto> getInfoForAuthentication() {
-//        NAVident=Q987654&grant_type=client_credentials&code=foo&client_id=foo&client_secret=secret
-        String url = oAuth2Server.baseUrl() + ISSUER_ID + "/token";
+        String urlAad = oAuth2Server.baseUrl() + "aad/token";
+        String urlSystem = oAuth2Server.baseUrl() + "system/token";
+        String urlTokenX = oAuth2Server.baseUrl() + "tokenx/token";
+
         return Arrays.asList(
-                getAuthenticationDto(NAV1,url)
+                getAuthenticationDto("aad","NAVident=Q987654", urlAad),
+                getAuthenticationDto("system","sub=system", urlSystem),
+                getAuthenticationDto("tokenxLevel3","pid=88888888888", urlTokenX),
+                getAuthenticationDto("tokenxLevel4","pid=99999999999", urlTokenX)
         );
     }
 
@@ -129,49 +131,71 @@ public SutInfoDto.OutputFormat getPreferredOutputFormat() {
         return SutInfoDto.OutputFormat.JAVA_JUNIT_5;
     }
 
-    private RequestMapping getRequestMapping(String id, List<String> groups, String name) {
+    private RequestMapping getRequestMapping(String key, String value, String issuer, String subject, List<String> audience, String navIdent, String acrLevel, List<String> groups, String pid) {
         Map<String,Object> claims = new HashMap<>();
-        claims.put("groups",groups);
-        claims.put("name",name);
-        claims.put("NAVident", id);
-        claims.put("sub","sub");
-        claims.put("aud",Arrays.asList("fake-aad"));
-        claims.put("tid",ISSUER_ID);
-        claims.put("azp",id);
-        claims.put("acr","Level4");
-        claims.put("nonce","myNonce");
-
-        RequestMapping rm = new RequestMapping("NAVident",id, claims, JOSEObjectType.JWT.getType());
+        claims.put("groups", groups);
+        claims.put("NAVident", navIdent);
+        claims.put("sub", subject);
+        claims.put("aud", audience);
+        claims.put("roles", Arrays.asList("access_as_application"));
+        claims.put("pid", pid);
+        claims.put("tid", issuer);
+        claims.put("azp", navIdent);
+        claims.put("acr", acrLevel);
+        claims.put("ver", "1.0");
+        claims.put("nonce", "myNonce");
+
+        RequestMapping rm = new RequestMapping(key, value, claims, JOSEObjectType.JWT.getType());
 
         return rm;
     }
 
     private OAuth2Config getOAuth2Config(){
 
         List<RequestMapping> mappings = Arrays.asList(
-                getRequestMapping(NAV1, Arrays.asList(BESLUTTER_AD_GROUP),"Mock McMockface")
+                getRequestMapping("NAVident", "Q987654", "aad","blablabla", Arrays.asList("aad"), "Q987654", "Level4", Arrays.asList(BESLUTTER_AD_GROUP), "aad")
+        );
+
+        List<RequestMapping> mappingsSystem = Arrays.asList(
+                getRequestMapping("sub", "system", "system","system", Arrays.asList("system"), null, null, null, "system")
+        );
+
+        List<RequestMapping> mappingsTokenx = Arrays.asList(
+                getRequestMapping("pid", "88888888888", "tokenx","tokenx", Arrays.asList("tokenx"), null, "Level3", null, "88888888888"),
+                getRequestMapping("pid", "99999999999", "tokenx","tokenx", Arrays.asList("tokenx"), null, "Level4", null, "99999999999")
         );
 
         RequestMappingTokenCallback callback = new RequestMappingTokenCallback(
-                ISSUER_ID,
+                "aad",
                 mappings,
                 360000
         );
+        RequestMappingTokenCallback callbackSystem = new RequestMappingTokenCallback(
+                "system",
+                mappingsSystem,
+                360000
+        );
+
+        RequestMappingTokenCallback callbackTokenx = new RequestMappingTokenCallback(
+                "tokenx",
+                mappingsTokenx,
+                360000
+        );
 
         Set<RequestMappingTokenCallback> callbacks = Set.of(
-                callback
+                callback,
+                callbackSystem,
+                callbackTokenx
         );
 
-        OAuth2Config config = new OAuth2Config(
+        return new OAuth2Config(
                 true,
                 null,
                 null,
                 false,
                 new no.nav.security.mock.oauth2.token.OAuth2TokenProvider(),
                 callbacks
         );
-
-        return config;
     }
 
     @Override
@@ -182,7 +206,8 @@ public String startSut() {
 
         oAuth2Server = new  MockOAuth2Server(getOAuth2Config());
         oAuth2Server.start(8081); //ephemeral gives issues in generated tests
-        String wellKnownUrl = oAuth2Server.wellKnownUrl(ISSUER_ID).toString();
+        String wellKnownUrl = oAuth2Server.wellKnownUrl("aad").toString();
+        String wellKnownUrlSystem = oAuth2Server.wellKnownUrl("system").toString();
         String wellKnownUrlTokenX = oAuth2Server.wellKnownUrl("tokenx").toString();
 
         //TODO should go through all the environment variables in application properties
@@ -210,7 +235,11 @@ public String startSut() {
                 "--spring.datasource.driverClassName=org.postgresql.Driver",
                 "--spring.sql.init.platform=postgres",
                 "--no.nav.security.jwt.issuer.aad.discoveryurl=" + wellKnownUrl,
+                "--no.nav.security.jwt.issuer.aad.accepted_audience=aad",
+                "--no.nav.security.jwt.issuer.system.discoveryurl=" + wellKnownUrlSystem,
+                "--no.nav.security.jwt.issuer.system.accepted_audience=system",
                 "--no.nav.security.jwt.issuer.tokenx.discoveryurl=" + wellKnownUrlTokenX,
+                "--no.nav.security.jwt.issuer.tokenx.accepted_audience=tokenx",
                 "--management.server.port=-1",
                 "--server.ssl.enabled=false",
                 "--spring.datasource.url=" + postgresURL,