Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Saksbehandlerprofil: bytt fra ldap til fp-tilgang som kilde #2101

Merged
merged 4 commits into from
Aug 8, 2024
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .deploy/dev-fss-teamforeldrepenger.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
"oracleconfigkv": "/oracle/data/dev/config/fplos_q1",
"oraclecredskv": "/oracle/data/dev/creds/fplos_q1-fplos_q1",
"serviceuserkv": "/serviceuser/data/dev/srvfplos",
"ldapuserkv": "/serviceuser/data/dev/srvssolinux",
"ingresses": [
"https://fplos.dev-fss-pub.nais.io"
],
Expand Down
2 changes: 0 additions & 2 deletions .deploy/naiserator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,6 @@ spec:
mountPath: /var/run/secrets/nais.io/defaultDSconfig
- kvPath: {{serviceuserkv}}
mountPath: /var/run/secrets/nais.io/serviceuser
- kvPath: {{ldapuserkv}}
mountPath: /var/run/secrets/nais.io/ldap
azure:
application:
enabled: true
Expand Down
1 change: 0 additions & 1 deletion .deploy/prod-fss-teamforeldrepenger.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
"oracleconfigkv": "/oracle/data/prod/config/fplos_p",
"oraclecredskv": "/oracle/data/prod/creds/fplos_p-fplos_p",
"serviceuserkv": "/serviceuser/data/prod/srvfplos",
"ldapuserkv": "/serviceuser/data/prod/srvssolinux",
"ingresses": [
"https://fplos.prod-fss-pub.nais.io"
],
Expand Down
Original file line number Diff line number Diff line change
@@ -1,14 +1,10 @@
package no.nav.foreldrepenger.los.organisasjon.ansatt;

import java.time.Duration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import no.nav.foreldrepenger.los.domene.typer.aktør.OrganisasjonsEnhet;
Expand All @@ -19,8 +15,6 @@
@ApplicationScoped
public class AnsattTjeneste {

private static final Logger LOG = LoggerFactory.getLogger(AnsattTjeneste.class);

private static final LRUCache<String, BrukerProfil> ANSATT_PROFIL = new LRUCache<>(1000, TimeUnit.MILLISECONDS.convert(24 * 7, TimeUnit.HOURS));
private static final LRUCache<String, List<String>> ANSATT_ENHETER = new LRUCache<>(1000, TimeUnit.MILLISECONDS.convert(25, TimeUnit.HOURS));
private static final Map<String, String> ENHETSNUMMER_AVDELINGSNAVN_MAP = new HashMap<>();
Expand All @@ -30,8 +24,6 @@ public class AnsattTjeneste {
private List<String> aktuelleEnhetIder;




AnsattTjeneste() {
// for CDI proxy
}
Expand All @@ -48,37 +40,12 @@ public BrukerProfil hentBrukerProfil(String ident) {
if (ANSATT_PROFIL.get(ident) == null) {
//TODO: Her bør vi egentlig tenke om NOM er ikke riktigere å bruke - bør være raskere å slå opp navn og epost.
// Jeg har sjekket med NOM (01.07.2024) og de støtter en så lenge ikke Z-identer i dev. Men prod brukere er tilgjengelig.
var før = System.nanoTime();
var ldapRespons = new LdapBrukeroppslag().hentBrukerProfil(ident);
LOG.info("LDAP bruker profil oppslag: {}ms. ", Duration.ofNanos(System.nanoTime() - før).toMillis());
var ansattEnhet = avdeling(ldapRespons.ansattEnhet());
if (ansattEnhet == null) {
LOG.info("PROFIL LDAP: brukers enhet {} ikke blant saksbehandlingsenhetene", ldapRespons.ansattEnhet());
}
var brukerProfil = new BrukerProfil(ldapRespons.ident(), ldapRespons.navn(), ldapRespons.fornavnEtternavn(), ldapRespons.epostAdresse(),
ansattEnhet);
sammenlignMedAzureGraphFailSoft(ident, brukerProfil);
var brukerProfil = mapTilDomene(new AzureBrukerKlient().brukerProfil(ident));
ANSATT_PROFIL.put(ident, brukerProfil);
}
return ANSATT_PROFIL.get(ident);
}

private static void sammenlignMedAzureGraphFailSoft(String ident, BrukerProfil ldapBrukerInfo) {
LOG.info("PROFIL Azure. Henter fra azure.");
try {
var før = System.nanoTime();
var azureBrukerProfil = mapTilDomene(new AzureBrukerKlient().brukerProfil(ident));
if (!ldapBrukerInfo.equals(azureBrukerProfil)) {
LOG.info("PROFIL Azure. Profiler fra ldap og azure er ikke like. Azure: {} != LDAP: {}", azureBrukerProfil, ldapBrukerInfo);
} else {
LOG.info("PROFIL Azure. Azure == LDAP :)");
}
LOG.info("Azure bruker profil oppslag: {}ms. ", Duration.ofNanos(System.nanoTime() - før).toMillis());
} catch (Exception ex) {
LOG.info("PROFIL Azure. Klienten feilet med exception: {}", ex.getMessage());
}
}

public List<String> hentAvdelingerNavnForAnsatt(String ident) {
if (aktuelleEnhetIder == null) {
aktuelleEnhetIder = organisasjonRepository.hentAktiveAvdelinger().stream().map(Avdeling::getAvdelingEnhet).toList();
Expand All @@ -96,7 +63,7 @@ public List<String> hentAvdelingerNavnForAnsatt(String ident) {
}

private static BrukerProfil mapTilDomene(AzureBrukerKlient.BrukerProfilResponse klientResponse) {
return new BrukerProfil(klientResponse.ident(), klientResponse.navn(), klientResponse.fornavnEtternavn(), klientResponse.epost(),
return new BrukerProfil(klientResponse.ident(), klientResponse.fornavnEtternavn(), klientResponse.fornavnEtternavn(), klientResponse.epost(),
dijjal marked this conversation as resolved.
Show resolved Hide resolved
avdeling(klientResponse.ansattVedEnhetId()));
}

Expand Down

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ private String hentNavn(String ident) {
if (ident == null) {
return null;
}
return tryOrEmpty(() -> ansattTjeneste.hentBrukerProfil(ident), "ldap")
return tryOrEmpty(() -> ansattTjeneste.hentBrukerProfil(ident), "brukerprofil")
.map(BrukerProfil::navn)
.orElse("Ukjent");
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ private Optional<SaksbehandlerMedAvdelingerDto> tilSaksbehandlerMedAvdelingerDto
}

public SaksbehandlerMedAvdelingerDto lagKjentOgUkjentSaksbehandlerMedAvdelingerDto(Saksbehandler saksbehandler) {
// saksbehandler kan eksistere i basen men være ukjent i ldap
// saksbehandler kan eksistere i basen men være ukjent i azuread
var ident = saksbehandler.getSaksbehandlerIdent();
var saksbehandlerDto = tilSaksbehandlerDto(ident);
if (saksbehandlerDto.isPresent()) {
Expand Down
7 changes: 0 additions & 7 deletions src/main/resources/application-dev-fss.properties
Original file line number Diff line number Diff line change
@@ -1,10 +1,3 @@
# LDAP
ldap.url=ldaps://ldapgw.preprod.local
ldap.basedn=dc=preprod,dc=local
ldap.domain=PREPROD.LOCAL
ldap.user.basedn=ou=NAV,ou=BusinessUnits,dc=preprod,dc=local
ldap.serviceuser.basedn=ou=ServiceAccounts,dc=preprod,dc=local

# Database
# defaultDS.username=<leses inn fra vault ved oppstart gjennom 05-import-users.sh>
# defaultDS.password=<leses inn fra vault ved oppstart gjennom 05-import-users.sh>
Expand Down
7 changes: 0 additions & 7 deletions src/main/resources/application-prod-fss.properties
Original file line number Diff line number Diff line change
@@ -1,10 +1,3 @@
# LDAP
ldap.url=ldaps://ldapgw.adeo.no
ldap.basedn=dc=adeo,dc=no
ldap.domain=ADEO.NO
ldap.user.basedn=ou=NAV,ou=BusinessUnits,dc=adeo,dc=no
ldap.serviceuser.basedn=ou=ServiceAccounts,dc=adeo,dc=no

# Database
# defaultDS.username=<leses inn fra vault ved oppstart gjennom 05-import-users.sh>
# defaultDS.password=<leses inn fra vault ved oppstart gjennom 05-import-users.sh>
Expand Down
5 changes: 0 additions & 5 deletions src/test/resources/application-vtp.properties
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,6 @@ azure.app.well.known.url=http://authserver:8060/rest/azuread/.well-known/openid-
AZURE_APP_CLIENT_ID=vtp
NAIS_CLUSTER_NAME=vtp

# LDAP
ldap.url=ldap://localhost:8389/
ldap.auth=none
ldap.user.basedn=ou\=NAV,ou\=BusinessUnits,dc\=test,dc\=local

task.manager.polling.wait=5
task.manager.polling.delay=5
task.manager.polling.tasks.size=1
Expand Down