Merge pull request #11 from FINTLabs/FFS-816-lage-dedikert-endepunkt-…

…for-a-sjekke-autentisering-i-authorization-service

Ffs 816 lage dedikert endepunkt for a sjekke autentisering i authorization service

build.gradle

@@ -37,6 +37,8 @@ dependencies {
 
     implementation 'no.fintlabs:fint-kafka:4.0.1'
 
+    implementation 'no.fintlabs:fint-flyt-resource-server:2.0.0'
+
     compileOnly 'org.projectlombok:lombok'
     runtimeOnly 'io.micrometer:micrometer-registry-prometheus'
     annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor'

kustomize/base/flais.yaml

@@ -21,9 +21,22 @@ spec:
     acls:
       - permission: admin
         topic: 'no-permission'
+  url:
+    hostname: flyt.vigoiks.no
+    basePath: path
+  ingress:
+    enabled: true
+    basePath: path
+    middlewares:
+      - fint-flyt-auth-forward-sso
   env:
     - name: JAVA_TOOL_OPTIONS
       value: '-XX:+ExitOnOutOfMemoryError -Xmx1840M'
+    - name: fint.flyt.resource-server.security.api.internal.authorized-org-id-role-pairs-json
+      value: |
+        {
+          "fintlabs.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+        }
     - name: fint.flyt.resource-server.security.api.internal.enabled
       value: 'true'
   onePassword:

kustomize/overlays/afk-no/api/kustomization.yaml

@@ -21,6 +21,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "afk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
       - op: add
         path: "/spec/envFrom/0"
         value:

kustomize/overlays/afk-no/beta/kustomization.yaml

@@ -21,6 +21,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "afk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
       - op: add
         path: "/spec/envFrom/0"
         value:

kustomize/overlays/agderfk-no/api/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "agderfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/agderfk-no/beta/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "agderfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/bfk-no/api/kustomization.yaml

@@ -21,6 +21,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "bfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
       - op: add
         path: "/spec/envFrom/0"
         value:

kustomize/overlays/bfk-no/beta/kustomization.yaml

@@ -21,6 +21,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "bfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
       - op: add
         path: "/spec/envFrom/0"
         value:

kustomize/overlays/ffk-no/api/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "ffk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/ffk-no/beta/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "ffk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/fintlabs-no/beta/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "fintlabs.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/innlandetfylke-no/api/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "innlandetfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/innlandetfylke-no/beta/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "innlandetfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/mrfylke-no/api/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "mrfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/mrfylke-no/beta/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "mrfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/nfk-no/api/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "nfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/nfk-no/beta/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "nfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/ofk-no/api/kustomization.yaml

@@ -21,6 +21,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "ofk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
       - op: add
         path: "/spec/envFrom/0"
         value:

kustomize/overlays/ofk-no/beta/kustomization.yaml

@@ -21,6 +21,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "ofk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
       - op: add
         path: "/spec/envFrom/0"
         value:

kustomize/overlays/rogfk-no/api/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "rogfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/rogfk-no/beta/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "rogfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/telemarkfylke-no/api/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "telemarkfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/telemarkfylke-no/beta/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "telemarkfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/tromsfylke-no/api/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "tromsfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/tromsfylke-no/beta/kustomization.yaml

@@ -20,6 +20,14 @@ patches:
       - op: replace
         path: "/spec/onePassword/itemPath"
         value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client"
+      - op: replace
+        path: "/spec/env/1/value"
+        value: |
+          {
+            "tromsfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"],
+            "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
+            "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
+          }
     target:
       kind: Application
       name: fint-flyt-authorization-service