Merge pull request #529 from navikt/header_config

Header config

build.gradle.kts

@@ -19,6 +19,7 @@ val mockitoInlineVersion = "5.2.0"
 val testContainersVersion = "1.19.8"
 val mockkVersion = "1.13.10"
 val springMockkVersion = "4.0.2"
+val otelVersion = "1.42.1"
 
 val githubUser: String by project
 val githubPassword: String by project
@@ -52,6 +53,8 @@ dependencies {
 
     implementation("io.micrometer:micrometer-registry-prometheus")
 
+    implementation("io.opentelemetry:opentelemetry-api:$otelVersion")
+
     implementation("org.projectreactor:reactor-spring:1.0.1.RELEASE")
 
     implementation("org.flywaydb:flyway-core")

src/main/kotlin/no/nav/klage/clients/FileClient.kt

@@ -1,5 +1,6 @@
 package no.nav.klage.clients
 
+import no.nav.klage.util.TokenUtil
 import no.nav.klage.util.getLogger
 import org.springframework.http.HttpHeaders
 import org.springframework.http.client.MultipartBodyBuilder
@@ -11,7 +12,7 @@ import org.springframework.web.reactive.function.client.bodyToMono
 @Component
 class FileClient(
     private val fileWebClient: WebClient,
-    private val azureADClient: AzureADClient
+    private val tokenUtil: TokenUtil
 ) {
 
     companion object {
@@ -29,7 +30,7 @@ class FileClient(
         val response = fileWebClient
             .post()
             .uri { it.path("/attachment").build() }
-            .header(HttpHeaders.AUTHORIZATION, "Bearer ${azureADClient.klageFileApiOidcToken()}")
+            .header(HttpHeaders.AUTHORIZATION, "Bearer ${tokenUtil.getAppAccessTokenWithKlageFileApiScope()}")
             .body(BodyInserters.fromMultipartData(bodyBuilder.build()))
             .retrieve()
             .bodyToMono<VedleggResponse>()
@@ -46,7 +47,7 @@ class FileClient(
         logger.debug("Fetching vedlegg file with vedlegg ref {}", vedleggRef)
         return fileWebClient.get()
             .uri { it.path("/attachment/{id}").build(vedleggRef) }
-            .header(HttpHeaders.AUTHORIZATION, "Bearer ${azureADClient.klageFileApiOidcToken()}")
+            .header(HttpHeaders.AUTHORIZATION, "Bearer ${tokenUtil.getAppAccessTokenWithKlageFileApiScope()}")
             .retrieve()
             .bodyToMono<ByteArray>()
             .block() ?: throw RuntimeException("Attachment could not be fetched")
@@ -56,7 +57,7 @@ class FileClient(
         logger.debug("Deleting vedlegg file with vedlegg ref {}", vedleggRef)
         val deletedInFileStore = fileWebClient.delete()
             .uri { it.path("/attachment/{id}").build(vedleggRef) }
-            .header(HttpHeaders.AUTHORIZATION, "Bearer ${azureADClient.klageFileApiOidcToken()}")
+            .header(HttpHeaders.AUTHORIZATION, "Bearer ${tokenUtil.getAppAccessTokenWithKlageFileApiScope()}")
             .retrieve()
             .bodyToMono<Boolean>()
             .block()!!

src/main/kotlin/no/nav/klage/config/FileClientConfiguration.kt

@@ -17,6 +17,5 @@ class FileClientConfiguration(private val webClientBuilder: WebClient.Builder) {
     fun fileWebClient(): WebClient =
         webClientBuilder
             .baseUrl(url)
-            .defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
             .build()
 }

src/main/kotlin/no/nav/klage/config/PdlClientConfiguration.kt

@@ -23,8 +23,6 @@ class PdlClientConfiguration(private val webClientBuilder: WebClient.Builder) {
     fun pdlWebClient(): WebClient {
         return webClientBuilder
             .baseUrl(pdlUrl)
-            .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-            .defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
             .defaultHeader("Nav-Consumer-Id", username)
             .defaultHeader("TEMA", "KLA")
             //Fra behandlingskatalogen

src/main/kotlin/no/nav/klage/config/SafselvbetjeningClientConfiguration.kt

@@ -17,7 +17,5 @@ class SafselvbetjeningClientConfiguration(private val webClientBuilder: WebClien
     fun safselvbetjeningWebClient(): WebClient =
         webClientBuilder
             .baseUrl(url)
-            .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-            .defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
             .build()
 }

src/main/kotlin/no/nav/klage/config/WebClientCustomizer.kt

@@ -0,0 +1,47 @@
+package no.nav.klage.config
+
+import io.opentelemetry.api.trace.Span
+import org.springframework.boot.web.reactive.function.client.WebClientCustomizer
+import org.springframework.http.HttpHeaders
+import org.springframework.http.MediaType
+import org.springframework.http.client.reactive.ReactorClientHttpConnector
+import org.springframework.stereotype.Component
+import org.springframework.web.reactive.function.client.ClientRequest
+import org.springframework.web.reactive.function.client.ExchangeFilterFunction
+import org.springframework.web.reactive.function.client.WebClient
+import reactor.core.publisher.Mono
+import reactor.netty.http.client.HttpClient
+
+/**
+ * Common configuration for all web clients.
+ */
+@Component
+class WebClientCustomizer : WebClientCustomizer {
+
+    override fun customize(webClientBuilder: WebClient.Builder) {
+        val headersWithTraceId = listOf(
+            "Nav-Call-Id",
+            "Nav-Callid",
+            "X-Correlation-ID",
+        )
+
+        webClientBuilder
+            .clientConnector(ReactorClientHttpConnector(HttpClient.newConnection()))
+            .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+            .defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
+            .filter(
+                ExchangeFilterFunction.ofRequestProcessor { request ->
+                    val traceId = Span.current().spanContext.traceId
+                    Mono.just(
+                        ClientRequest.from(request)
+                            .headers { headers ->
+                                headersWithTraceId.forEach { headerName ->
+                                    headers[headerName] = traceId
+                                }
+                            }
+                            .build()
+                    )
+                }
+            )
+    }
+}

src/main/kotlin/no/nav/klage/util/TokenUtil.kt

@@ -72,6 +72,12 @@ class TokenUtil(
         return response.accessToken!!
     }
 
+    fun getAppAccessTokenWithKlageFileApiScope(): String {
+        val clientProperties = clientConfigurationProperties.registration["klage-file-api-maskintilmaskin"]!!
+        val response = oAuth2AccessTokenService.getAccessToken(clientProperties)
+        return response.accessToken!!
+    }
+
     fun getSelvbetjeningExpiry(): Long? = ctxHolder.getTokenValidationContext().getClaims(oldIssuer).expirationTime?.time
 
     fun getAppAccessTokenWithKlageFSSProxyScope(): String {

src/main/resources/application.yml

@@ -92,6 +92,14 @@ no.nav.security.jwt:
           client-auth-method: private_key_jwt
         token-exchange:
           audience: ${SAFSELVBETJENING_AUDIENCE}
+      klage-file-api-maskintilmaskin:
+        token-endpoint-url: https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token
+        grant-type: client_credentials
+        scope: api://${NAIS_CLUSTER_NAME}.${NAIS_NAMESPACE}.${KLAGE_FILE_API_APP_NAME}/.default
+        authentication:
+          client-id: ${AZURE_APP_CLIENT_ID}
+          client-jwk: ${AZURE_APP_JWK}
+          client-auth-method: private_key_jwt
       klage-fss-proxy-maskintilmaskin:
         token-endpoint-url: https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token
         grant-type: client_credentials