FFS-1079, FFS-1111, FFS-1113

build.gradle

@@ -31,18 +31,24 @@ repositories {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
     implementation 'org.springframework.boot:spring-boot-starter-webflux'
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
 
     implementation 'org.springframework.kafka:spring-kafka'
     implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
     implementation 'io.netty:netty-resolver-dns-native-macos:4.1.72.Final:osx-aarch_64'
 
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     runtimeOnly 'org.postgresql:postgresql'
-    implementation 'org.flywaydb:flyway-core'
 
+    implementation 'org.flywaydb:flyway-core'
     implementation 'no.fintlabs:fint-kafka:4.0.1'
+    implementation 'no.fintlabs:fint-flyt-resource-server:2.1.0'
+
+    implementation 'javax.validation:validation-api'
+    implementation 'org.hibernate.validator:hibernate-validator'
 
-    implementation 'no.fintlabs:fint-flyt-resource-server:2.1.0-rc-3'
+    implementation 'com.azure:azure-identity:1.10.2'
+    implementation 'com.microsoft.graph:microsoft-graph:5.80.0'
 
     compileOnly 'org.projectlombok:lombok'
     runtimeOnly 'io.micrometer:micrometer-registry-prometheus'

kustomize/base/flais.yaml

@@ -41,6 +41,8 @@ spec:
         }
     - name: fint.flyt.resource-server.security.api.internal.enabled
       value: 'true'
+    - name: fint.flyt.azure-ad-gateway.enabled
+      value: 'true'
   onePassword:
     itemPath: path
   envFrom: []

kustomize/base/kustomization.yaml

@@ -1,4 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - flais.yaml
+  - flais.yaml
+  - onePassword.yaml

kustomize/base/onePassword.yaml

@@ -0,0 +1,7 @@
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: fint-flyt-authorization-service
+spec:
+  itemPath: "path set in overlay"
+

kustomize/overlays/afk-no/api/kustomization.yaml

@@ -41,6 +41,18 @@ patches:
         value:
           secretRef:
             name: fint-flyt-acos-oauth2-client
+      - op: add
+        path: "/spec/envFrom/1"
+        value:
+          secretRef:
+            name: fint-flyt-authorization-service
     target:
       kind: Application
+      name: fint-flyt-authorization-service
+  - patch: |-
+      - op: replace
+        path: "/spec/itemPath"
+        value: "vaults/aks-api-vault/items/fint-flyt-authorization-service-afk-no"
+    target:
+      kind: OnePasswordItem
       name: fint-flyt-authorization-service

kustomize/overlays/agderfk-no/api/kustomization.yaml

@@ -34,6 +34,9 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: replace
+        path: "/spec/env/3/value"
+        value: 'false'
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/bfk-no/api/kustomization.yaml

@@ -41,6 +41,18 @@ patches:
         value:
           secretRef:
             name: fint-flyt-acos-oauth2-client
+      - op: add
+        path: "/spec/envFrom/1"
+        value:
+          secretRef:
+            name: fint-flyt-authorization-service
     target:
       kind: Application
+      name: fint-flyt-authorization-service
+  - patch: |-
+      - op: replace
+        path: "/spec/itemPath"
+        value: "vaults/aks-api-vault/items/fint-flyt-authorization-service-bfk-no"
+    target:
+      kind: OnePasswordItem
       name: fint-flyt-authorization-service

kustomize/overlays/ffk-no/api/kustomization.yaml

@@ -34,6 +34,9 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: replace
+        path: "/spec/env/3/value"
+        value: 'false'
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/fintlabs-no/beta/kustomization.yaml

@@ -51,6 +51,18 @@ patches:
         value:
           secretRef:
             name: fint-flyt-vigo-oauth2-client
+      - op: add
+        path: "/spec/envFrom/2"
+        value:
+          secretRef:
+            name: fint-flyt-authorization-service
     target:
       kind: Application
+      name: fint-flyt-authorization-service
+  - patch: |-
+      - op: replace
+        path: "/spec/itemPath"
+        value: "vaults/aks-beta-vault/items/fint-flyt-authorization-service-fintlabs-no"
+    target:
+      kind: OnePasswordItem
       name: fint-flyt-authorization-service

kustomize/overlays/innlandetfylke-no/api/kustomization.yaml

@@ -34,6 +34,18 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: add
+        path: "/spec/envFrom/0"
+        value:
+          secretRef:
+            name: fint-flyt-authorization-service
     target:
       kind: Application
+      name: fint-flyt-authorization-service
+  - patch: |-
+      - op: replace
+        path: "/spec/itemPath"
+        value: "vaults/aks-api-vault/items/fint-flyt-authorization-service-innlandetfylke-no"
+    target:
+      kind: OnePasswordItem
       name: fint-flyt-authorization-service

kustomize/overlays/mrfylke-no/api/kustomization.yaml

@@ -34,6 +34,9 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: replace
+        path: "/spec/env/3/value"
+        value: 'false'
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/nfk-no/api/kustomization.yaml

@@ -34,6 +34,18 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: add
+        path: "/spec/envFrom/0"
+        value:
+          secretRef:
+            name: fint-flyt-authorization-service
     target:
       kind: Application
+      name: fint-flyt-authorization-service
+  - patch: |-
+      - op: replace
+        path: "/spec/itemPath"
+        value: "vaults/aks-api-vault/items/fint-flyt-authorization-service-nfk-no"
+    target:
+      kind: OnePasswordItem
       name: fint-flyt-authorization-service

kustomize/overlays/ofk-no/api/kustomization.yaml

@@ -47,6 +47,18 @@ patches:
         value:
           secretRef:
             name: fint-flyt-vigo-oauth2-client
+      - op: add
+        path: "/spec/envFrom/2"
+        value:
+          secretRef:
+            name: fint-flyt-authorization-service
     target:
       kind: Application
+      name: fint-flyt-authorization-service
+  - patch: |-
+      - op: replace
+        path: "/spec/itemPath"
+        value: "vaults/aks-api-vault/items/fint-flyt-authorization-service-ofk-no"
+    target:
+      kind: OnePasswordItem
       name: fint-flyt-authorization-service

kustomize/overlays/ofk-no/beta/kustomization.yaml

@@ -47,6 +47,18 @@ patches:
         value:
           secretRef:
             name: fint-flyt-vigo-oauth2-client
+      - op: add
+        path: "/spec/envFrom/2"
+        value:
+          secretRef:
+            name: fint-flyt-authorization-service
     target:
       kind: Application
+      name: fint-flyt-authorization-service
+  - patch: |-
+      - op: replace
+        path: "/spec/itemPath"
+        value: "vaults/aks-beta-vault/items/fint-flyt-authorization-service-ofk-no"
+    target:
+      kind: OnePasswordItem
       name: fint-flyt-authorization-service

kustomize/overlays/rogfk-no/api/kustomization.yaml

@@ -34,6 +34,18 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: add
+        path: "/spec/envFrom/0"
+        value:
+          secretRef:
+            name: fint-flyt-authorization-service
     target:
       kind: Application
+      name: fint-flyt-authorization-service
+  - patch: |-
+      - op: replace
+        path: "/spec/itemPath"
+        value: "vaults/aks-api-vault/items/fint-flyt-authorization-service-rogfk-no"
+    target:
+      kind: OnePasswordItem
       name: fint-flyt-authorization-service

kustomize/overlays/telemarkfylke-no/api/kustomization.yaml

@@ -34,6 +34,18 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: add
+        path: "/spec/envFrom/0"
+        value:
+          secretRef:
+            name: fint-flyt-authorization-service
     target:
       kind: Application
+      name: fint-flyt-authorization-service
+  - patch: |-
+      - op: replace
+        path: "/spec/itemPath"
+        value: "vaults/aks-api-vault/items/fint-flyt-authorization-service-telemarkfylke-no"
+    target:
+      kind: OnePasswordItem
       name: fint-flyt-authorization-service

kustomize/overlays/tromsfylke-no/api/kustomization.yaml

@@ -34,6 +34,9 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: replace
+        path: "/spec/env/3/value"
+        value: 'false'
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/tromsfylke-no/beta/kustomization.yaml

@@ -35,6 +35,9 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: replace
+        path: "/spec/env/3/value"
+        value: 'false'
       - op: add
         path: "/spec/envFrom/0"
         value:

kustomize/overlays/trondelagfylke-no/api/kustomization.yaml

@@ -34,6 +34,9 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: replace
+        path: "/spec/env/3/value"
+        value: 'false'
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/trondelagfylke-no/beta/kustomization.yaml

@@ -34,6 +34,9 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: replace
+        path: "/spec/env/3/value"
+        value: 'false'
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/vestfoldfylke-no/api/kustomization.yaml

@@ -34,6 +34,18 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: add
+        path: "/spec/envFrom/0"
+        value:
+          secretRef:
+            name: fint-flyt-authorization-service
     target:
       kind: Application
+      name: fint-flyt-authorization-service
+  - patch: |-
+      - op: replace
+        path: "/spec/itemPath"
+        value: "vaults/aks-api-vault/items/fint-flyt-authorization-service-vestfoldfylke-no"
+    target:
+      kind: OnePasswordItem
       name: fint-flyt-authorization-service

kustomize/overlays/vlfk-no/api/kustomization.yaml

@@ -34,6 +34,9 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: replace
+        path: "/spec/env/3/value"
+        value: 'false'
     target:
       kind: Application
       name: fint-flyt-authorization-service

kustomize/overlays/vlfk-no/beta/kustomization.yaml

@@ -35,6 +35,9 @@ patches:
             "vigo.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"],
             "novari.no":["https://role-catalog.vigoiks.no/vigo/flyt/developer"]
           }
+      - op: replace
+        path: "/spec/env/3/value"
+        value: 'false'
       - op: add
         path: "/spec/env/-"
         value:

src/main/java/no/fintlabs/Application.java

@@ -2,7 +2,11 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
+import org.springframework.scheduling.annotation.EnableScheduling;
 
+@EnableScheduling
+@ConfigurationPropertiesScan
 @SpringBootApplication
 public class Application {