From e9c5210bd11bb1954f607a56795df73aa4e8396b Mon Sep 17 00:00:00 2001 From: Egil Ballestad Date: Fri, 26 Jan 2024 13:20:03 +0100 Subject: [PATCH 1/4] wip commit --- build.gradle | 2 ++ .../no/fintlabs/AuthorizationController.java | 22 +++++++++++++++++++ .../resources/application-local-staging.yaml | 7 ++++++ 3 files changed, 31 insertions(+) create mode 100644 src/main/java/no/fintlabs/AuthorizationController.java diff --git a/build.gradle b/build.gradle index f826d6c..9c0958d 100644 --- a/build.gradle +++ b/build.gradle @@ -37,6 +37,8 @@ dependencies { implementation 'no.fintlabs:fint-kafka:4.0.1' + implementation 'no.fintlabs:fint-flyt-resource-server:2.0.0' + compileOnly 'org.projectlombok:lombok' runtimeOnly 'io.micrometer:micrometer-registry-prometheus' annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor' diff --git a/src/main/java/no/fintlabs/AuthorizationController.java b/src/main/java/no/fintlabs/AuthorizationController.java new file mode 100644 index 0000000..1a1bd12 --- /dev/null +++ b/src/main/java/no/fintlabs/AuthorizationController.java @@ -0,0 +1,22 @@ +package no.fintlabs; + +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import static no.fintlabs.resourceserver.UrlPaths.INTERNAL_API; + +@RestController +@RequestMapping(INTERNAL_API + "/authorization") +public class AuthorizationController { + + public AuthorizationController() { + } + + @GetMapping() + public ResponseEntity checkAuthorization() { + return ResponseEntity.ok("OK"); + } + +} diff --git a/src/main/resources/application-local-staging.yaml b/src/main/resources/application-local-staging.yaml index c712004..cc64f16 100644 --- a/src/main/resources/application-local-staging.yaml +++ b/src/main/resources/application-local-staging.yaml @@ -1,5 +1,12 @@ fint: org-id: fintlabs.no + flyt: + resource-server: + security: + api: + internal: + enabled: true + authorized-org-id-role-pairs-json: "{\"vigo.no\":[\"https://role-catalog.vigoiks.no/vigo/flyt/developer\"]}" kafka: default-replicas: 1 spring: From 153efe8e03702aa710d2b2524712923aa5c2e33c Mon Sep 17 00:00:00 2001 From: Egil Ballestad Date: Fri, 26 Jan 2024 16:03:24 +0100 Subject: [PATCH 2/4] add new endpoint dedicated for checking authorization --- kustomize/base/flais.yaml | 5 +++++ kustomize/overlays/afk-no/api/kustomization.yaml | 8 ++++++++ kustomize/overlays/afk-no/beta/kustomization.yaml | 8 ++++++++ kustomize/overlays/agderfk-no/api/kustomization.yaml | 8 ++++++++ kustomize/overlays/agderfk-no/beta/kustomization.yaml | 8 ++++++++ kustomize/overlays/bfk-no/api/kustomization.yaml | 8 ++++++++ kustomize/overlays/bfk-no/beta/kustomization.yaml | 8 ++++++++ kustomize/overlays/ffk-no/api/kustomization.yaml | 8 ++++++++ kustomize/overlays/ffk-no/beta/kustomization.yaml | 8 ++++++++ kustomize/overlays/fintlabs-no/beta/kustomization.yaml | 8 ++++++++ .../overlays/innlandetfylke-no/api/kustomization.yaml | 8 ++++++++ .../overlays/innlandetfylke-no/beta/kustomization.yaml | 8 ++++++++ kustomize/overlays/mrfylke-no/api/kustomization.yaml | 8 ++++++++ kustomize/overlays/mrfylke-no/beta/kustomization.yaml | 8 ++++++++ kustomize/overlays/nfk-no/api/kustomization.yaml | 8 ++++++++ kustomize/overlays/nfk-no/beta/kustomization.yaml | 8 ++++++++ kustomize/overlays/ofk-no/api/kustomization.yaml | 8 ++++++++ kustomize/overlays/ofk-no/beta/kustomization.yaml | 8 ++++++++ kustomize/overlays/rogfk-no/api/kustomization.yaml | 8 ++++++++ kustomize/overlays/rogfk-no/beta/kustomization.yaml | 8 ++++++++ .../overlays/telemarkfylke-no/api/kustomization.yaml | 8 ++++++++ .../overlays/telemarkfylke-no/beta/kustomization.yaml | 8 ++++++++ kustomize/overlays/tromsfylke-no/api/kustomization.yaml | 8 ++++++++ kustomize/overlays/tromsfylke-no/beta/kustomization.yaml | 8 ++++++++ .../overlays/trondelagfylke-no/api/kustomization.yaml | 8 ++++++++ .../overlays/trondelagfylke-no/beta/kustomization.yaml | 8 ++++++++ .../overlays/vestfoldfylke-no/api/kustomization.yaml | 8 ++++++++ .../overlays/vestfoldfylke-no/beta/kustomization.yaml | 8 ++++++++ kustomize/overlays/vlfk-no/api/kustomization.yaml | 8 ++++++++ kustomize/overlays/vlfk-no/beta/kustomization.yaml | 8 ++++++++ src/main/java/no/fintlabs/AuthorizationController.java | 2 +- 31 files changed, 238 insertions(+), 1 deletion(-) diff --git a/kustomize/base/flais.yaml b/kustomize/base/flais.yaml index c415773..1a67c18 100644 --- a/kustomize/base/flais.yaml +++ b/kustomize/base/flais.yaml @@ -24,6 +24,11 @@ spec: env: - name: JAVA_TOOL_OPTIONS value: '-XX:+ExitOnOutOfMemoryError -Xmx1840M' + - name: fint.flyt.resource-server.security.api.internal.authorized-org-id-role-pairs-json + value: | + { + "fintlabs.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } - name: fint.flyt.resource-server.security.api.internal.enabled value: 'true' onePassword: diff --git a/kustomize/overlays/afk-no/api/kustomization.yaml b/kustomize/overlays/afk-no/api/kustomization.yaml index 8f7f035..d0cc476 100644 --- a/kustomize/overlays/afk-no/api/kustomization.yaml +++ b/kustomize/overlays/afk-no/api/kustomization.yaml @@ -21,6 +21,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "afk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } - op: add path: "/spec/envFrom/0" value: diff --git a/kustomize/overlays/afk-no/beta/kustomization.yaml b/kustomize/overlays/afk-no/beta/kustomization.yaml index 3a63f2d..cdf2d1e 100644 --- a/kustomize/overlays/afk-no/beta/kustomization.yaml +++ b/kustomize/overlays/afk-no/beta/kustomization.yaml @@ -21,6 +21,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "afk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } - op: add path: "/spec/envFrom/0" value: diff --git a/kustomize/overlays/agderfk-no/api/kustomization.yaml b/kustomize/overlays/agderfk-no/api/kustomization.yaml index e049805..76a4183 100644 --- a/kustomize/overlays/agderfk-no/api/kustomization.yaml +++ b/kustomize/overlays/agderfk-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "agderfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/agderfk-no/beta/kustomization.yaml b/kustomize/overlays/agderfk-no/beta/kustomization.yaml index 7ebb394..956bac2 100644 --- a/kustomize/overlays/agderfk-no/beta/kustomization.yaml +++ b/kustomize/overlays/agderfk-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "agderfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/bfk-no/api/kustomization.yaml b/kustomize/overlays/bfk-no/api/kustomization.yaml index 270fca1..a9af139 100644 --- a/kustomize/overlays/bfk-no/api/kustomization.yaml +++ b/kustomize/overlays/bfk-no/api/kustomization.yaml @@ -21,6 +21,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "bfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } - op: add path: "/spec/envFrom/0" value: diff --git a/kustomize/overlays/bfk-no/beta/kustomization.yaml b/kustomize/overlays/bfk-no/beta/kustomization.yaml index 0448324..db9f64e 100644 --- a/kustomize/overlays/bfk-no/beta/kustomization.yaml +++ b/kustomize/overlays/bfk-no/beta/kustomization.yaml @@ -21,6 +21,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "bfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } - op: add path: "/spec/envFrom/0" value: diff --git a/kustomize/overlays/ffk-no/api/kustomization.yaml b/kustomize/overlays/ffk-no/api/kustomization.yaml index bce85d9..696834b 100644 --- a/kustomize/overlays/ffk-no/api/kustomization.yaml +++ b/kustomize/overlays/ffk-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "ffk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/ffk-no/beta/kustomization.yaml b/kustomize/overlays/ffk-no/beta/kustomization.yaml index 17abc6f..83330fd 100644 --- a/kustomize/overlays/ffk-no/beta/kustomization.yaml +++ b/kustomize/overlays/ffk-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "ffk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/fintlabs-no/beta/kustomization.yaml b/kustomize/overlays/fintlabs-no/beta/kustomization.yaml index 39f9022..b0a1197 100644 --- a/kustomize/overlays/fintlabs-no/beta/kustomization.yaml +++ b/kustomize/overlays/fintlabs-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "fintlabs.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/innlandetfylke-no/api/kustomization.yaml b/kustomize/overlays/innlandetfylke-no/api/kustomization.yaml index babec50..9b0cf87 100644 --- a/kustomize/overlays/innlandetfylke-no/api/kustomization.yaml +++ b/kustomize/overlays/innlandetfylke-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "innlandetfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/innlandetfylke-no/beta/kustomization.yaml b/kustomize/overlays/innlandetfylke-no/beta/kustomization.yaml index 39cfd05..8001d6d 100644 --- a/kustomize/overlays/innlandetfylke-no/beta/kustomization.yaml +++ b/kustomize/overlays/innlandetfylke-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "innlandetfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/mrfylke-no/api/kustomization.yaml b/kustomize/overlays/mrfylke-no/api/kustomization.yaml index 8c5135c..a63ba90 100644 --- a/kustomize/overlays/mrfylke-no/api/kustomization.yaml +++ b/kustomize/overlays/mrfylke-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "mrfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/mrfylke-no/beta/kustomization.yaml b/kustomize/overlays/mrfylke-no/beta/kustomization.yaml index c5e519f..5756aad 100644 --- a/kustomize/overlays/mrfylke-no/beta/kustomization.yaml +++ b/kustomize/overlays/mrfylke-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "mrfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/nfk-no/api/kustomization.yaml b/kustomize/overlays/nfk-no/api/kustomization.yaml index aaa64ce..434e3d6 100644 --- a/kustomize/overlays/nfk-no/api/kustomization.yaml +++ b/kustomize/overlays/nfk-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "nfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/nfk-no/beta/kustomization.yaml b/kustomize/overlays/nfk-no/beta/kustomization.yaml index 288e918..d1ce26a 100644 --- a/kustomize/overlays/nfk-no/beta/kustomization.yaml +++ b/kustomize/overlays/nfk-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "nfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/ofk-no/api/kustomization.yaml b/kustomize/overlays/ofk-no/api/kustomization.yaml index 0d6eaca..fb06ed3 100644 --- a/kustomize/overlays/ofk-no/api/kustomization.yaml +++ b/kustomize/overlays/ofk-no/api/kustomization.yaml @@ -21,6 +21,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "ofk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } - op: add path: "/spec/envFrom/0" value: diff --git a/kustomize/overlays/ofk-no/beta/kustomization.yaml b/kustomize/overlays/ofk-no/beta/kustomization.yaml index dc0b49c..03eab77 100644 --- a/kustomize/overlays/ofk-no/beta/kustomization.yaml +++ b/kustomize/overlays/ofk-no/beta/kustomization.yaml @@ -21,6 +21,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "ofk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } - op: add path: "/spec/envFrom/0" value: diff --git a/kustomize/overlays/rogfk-no/api/kustomization.yaml b/kustomize/overlays/rogfk-no/api/kustomization.yaml index 325ad00..9b45507 100644 --- a/kustomize/overlays/rogfk-no/api/kustomization.yaml +++ b/kustomize/overlays/rogfk-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "rogfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/rogfk-no/beta/kustomization.yaml b/kustomize/overlays/rogfk-no/beta/kustomization.yaml index 8d5de72..cd5e157 100644 --- a/kustomize/overlays/rogfk-no/beta/kustomization.yaml +++ b/kustomize/overlays/rogfk-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "rogfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/telemarkfylke-no/api/kustomization.yaml b/kustomize/overlays/telemarkfylke-no/api/kustomization.yaml index ff6c83b..af25c8b 100644 --- a/kustomize/overlays/telemarkfylke-no/api/kustomization.yaml +++ b/kustomize/overlays/telemarkfylke-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "telemarkfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/telemarkfylke-no/beta/kustomization.yaml b/kustomize/overlays/telemarkfylke-no/beta/kustomization.yaml index 96c1daf..2f3d8e7 100644 --- a/kustomize/overlays/telemarkfylke-no/beta/kustomization.yaml +++ b/kustomize/overlays/telemarkfylke-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "telemarkfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/tromsfylke-no/api/kustomization.yaml b/kustomize/overlays/tromsfylke-no/api/kustomization.yaml index 97c18f4..1a30953 100644 --- a/kustomize/overlays/tromsfylke-no/api/kustomization.yaml +++ b/kustomize/overlays/tromsfylke-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "tromsfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/tromsfylke-no/beta/kustomization.yaml b/kustomize/overlays/tromsfylke-no/beta/kustomization.yaml index 73a8f91..e9c9aa9 100644 --- a/kustomize/overlays/tromsfylke-no/beta/kustomization.yaml +++ b/kustomize/overlays/tromsfylke-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "tromsfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/trondelagfylke-no/api/kustomization.yaml b/kustomize/overlays/trondelagfylke-no/api/kustomization.yaml index c8ac427..2bfff97 100644 --- a/kustomize/overlays/trondelagfylke-no/api/kustomization.yaml +++ b/kustomize/overlays/trondelagfylke-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "trondelagfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/trondelagfylke-no/beta/kustomization.yaml b/kustomize/overlays/trondelagfylke-no/beta/kustomization.yaml index d6c6d80..1eeedcc 100644 --- a/kustomize/overlays/trondelagfylke-no/beta/kustomization.yaml +++ b/kustomize/overlays/trondelagfylke-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "trondelagfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/vestfoldfylke-no/api/kustomization.yaml b/kustomize/overlays/vestfoldfylke-no/api/kustomization.yaml index 40b28cd..46d8b5b 100644 --- a/kustomize/overlays/vestfoldfylke-no/api/kustomization.yaml +++ b/kustomize/overlays/vestfoldfylke-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "vestfoldfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/vestfoldfylke-no/beta/kustomization.yaml b/kustomize/overlays/vestfoldfylke-no/beta/kustomization.yaml index 5e2a3b8..719914c 100644 --- a/kustomize/overlays/vestfoldfylke-no/beta/kustomization.yaml +++ b/kustomize/overlays/vestfoldfylke-no/beta/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "vestfoldfylke.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/vlfk-no/api/kustomization.yaml b/kustomize/overlays/vlfk-no/api/kustomization.yaml index b3f02d8..4661795 100644 --- a/kustomize/overlays/vlfk-no/api/kustomization.yaml +++ b/kustomize/overlays/vlfk-no/api/kustomization.yaml @@ -20,6 +20,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-api-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "vlfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } target: kind: Application name: fint-flyt-authorization-service \ No newline at end of file diff --git a/kustomize/overlays/vlfk-no/beta/kustomization.yaml b/kustomize/overlays/vlfk-no/beta/kustomization.yaml index 8fc9381..58d3b3b 100644 --- a/kustomize/overlays/vlfk-no/beta/kustomization.yaml +++ b/kustomize/overlays/vlfk-no/beta/kustomization.yaml @@ -21,6 +21,14 @@ patches: - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" + - op: replace + path: "/spec/env/1/value" + value: | + { + "vlfk.no":["https://role-catalog.vigoiks.no/vigo/flyt/user"], + "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"], + "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"] + } - op: add path: "/spec/env/-" value: diff --git a/src/main/java/no/fintlabs/AuthorizationController.java b/src/main/java/no/fintlabs/AuthorizationController.java index 1a1bd12..c7dae0d 100644 --- a/src/main/java/no/fintlabs/AuthorizationController.java +++ b/src/main/java/no/fintlabs/AuthorizationController.java @@ -14,7 +14,7 @@ public class AuthorizationController { public AuthorizationController() { } - @GetMapping() + @GetMapping("check-authorized") public ResponseEntity checkAuthorization() { return ResponseEntity.ok("OK"); } From e20d2898f25702611a02875c4514ba1804c0c6d2 Mon Sep 17 00:00:00 2001 From: Egil Ballestad Date: Tue, 30 Jan 2024 14:31:29 +0100 Subject: [PATCH 3/4] add new endpoint dedicated for checking authorization --- kustomize/base/flais.yaml | 8 ++++++++ kustomize/overlays/vlfk-no/beta/kustomization.yaml | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/kustomize/base/flais.yaml b/kustomize/base/flais.yaml index 1a67c18..12d26c1 100644 --- a/kustomize/base/flais.yaml +++ b/kustomize/base/flais.yaml @@ -21,6 +21,14 @@ spec: acls: - permission: admin topic: 'no-permission' + url: + hostname: flyt.vigoiks.no + basePath: path + ingress: + enabled: true + basePath: path + middlewares: + - fint-flyt-auth-forward-sso env: - name: JAVA_TOOL_OPTIONS value: '-XX:+ExitOnOutOfMemoryError -Xmx1840M' diff --git a/kustomize/overlays/vlfk-no/beta/kustomization.yaml b/kustomize/overlays/vlfk-no/beta/kustomization.yaml index 58d3b3b..9bc527d 100644 --- a/kustomize/overlays/vlfk-no/beta/kustomization.yaml +++ b/kustomize/overlays/vlfk-no/beta/kustomization.yaml @@ -18,6 +18,12 @@ patches: - op: replace path: "/spec/orgId" value: "vlfk.no" + - op: replace + path: "/spec/url/basePath" + value: "/beta/vlfk-no" + - op: replace + path: "/spec/ingress/basePath" + value: "/beta/vlfk-no/api/intern/authorization" - op: replace path: "/spec/onePassword/itemPath" value: "vaults/aks-beta-vault/items/fint-flyt-egrunnerverv-oauth2-client" From 47a89aebd8b75942fa72fec86de0794ef5092c76 Mon Sep 17 00:00:00 2001 From: Egil Ballestad Date: Wed, 31 Jan 2024 07:57:41 +0100 Subject: [PATCH 4/4] add new endpoint dedicated for checking authorization --- src/main/java/no/fintlabs/AuthorizationController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/no/fintlabs/AuthorizationController.java b/src/main/java/no/fintlabs/AuthorizationController.java index c7dae0d..6676d56 100644 --- a/src/main/java/no/fintlabs/AuthorizationController.java +++ b/src/main/java/no/fintlabs/AuthorizationController.java @@ -16,7 +16,7 @@ public AuthorizationController() { @GetMapping("check-authorized") public ResponseEntity checkAuthorization() { - return ResponseEntity.ok("OK"); + return ResponseEntity.ok("User authorized"); } }