From 77d32512d06fd017cf8f8b33effabfbeb5b638bb Mon Sep 17 00:00:00 2001
From: Cato Olsen <olsen.cato@gmail.com>
Date: Wed, 18 Dec 2024 02:16:23 +0100
Subject: [PATCH] Added a set of conditionals to avoid
 ClientCredentialAutoConfiguration and TokenServiceAutoConfiguration having
 different conditionals.

---
 .../TokenServiceAutoConfiguration.java        | 12 ++----
 .../ClientCredentialAutoConfiguration.java    |  7 ++--
 ...lOnDollyApplicationConfiguredForAzure.java | 39 ++++++++++++++++++
 ...nalOnDollyApplicationConfiguredForNav.java | 40 +++++++++++++++++++
 ...yApplicationConfiguredForTrygdeetaten.java | 40 +++++++++++++++++++
 .../src/test/resources/application-test.yml   | 12 +++---
 6 files changed, 132 insertions(+), 18 deletions(-)
 create mode 100644 libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java
 create mode 100644 libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java
 create mode 100644 libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java

diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java
index e276b594d9f..9e8c3ae8f44 100644
--- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java
+++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java
@@ -6,14 +6,10 @@
 import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureAdTokenService;
 import no.nav.testnav.libs.reactivesecurity.exchange.azuread.NavAzureAdTokenService;
 import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureTrygdeetatenClientCredential;
-import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredentialAutoConfiguration;
+import no.nav.testnav.libs.securitycore.domain.azuread.*;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.util.Assert;
 
@@ -24,7 +20,7 @@ public class TokenServiceAutoConfiguration {
     private String proxyHost;
 
     @Bean
-    @ConditionalOnProperty("spring.security.oauth2.resourceserver.aad.issuer-uri")
+    @ConditionalOnDollyApplicationConfiguredForAzure
     @ConditionalOnMissingBean(AzureAdTokenService.class)
     AzureAdTokenService azureAdTokenService(
             @Value("${AAD_ISSUER_URI:#{null}}") String issuerUrl,
@@ -36,7 +32,7 @@ AzureAdTokenService azureAdTokenService(
     }
 
     @Bean
-    @ConditionalOnProperty("AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT")
+    @ConditionalOnDollyApplicationConfiguredForNav
     @ConditionalOnMissingBean(NavAzureAdTokenService.class)
     NavAzureAdTokenService azureNavTokenService(
             AzureNavClientCredential azureNavClientCredential
@@ -45,7 +41,7 @@ NavAzureAdTokenService azureNavTokenService(
     }
 
     @Bean
-    @ConditionalOnProperty("AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT")
+    @ConditionalOnDollyApplicationConfiguredForTrygdeetaten
     @ConditionalOnMissingBean(TrygdeetatenAzureAdTokenService.class)
     TrygdeetatenAzureAdTokenService trygdeetatenAzureAdTokenService(
             AzureTrygdeetatenClientCredential clientCredential,
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java
index 3afdcb23df1..27d1151d731 100644
--- a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java
@@ -3,7 +3,6 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Primary;
 import org.springframework.context.annotation.Profile;
@@ -28,7 +27,7 @@ AzureClientCredential azureClientCredentialTest() {
     }
 
     @Bean("azureClientCredential")
-    @ConditionalOnProperty("AAD_ISSUER_URI")
+    @ConditionalOnDollyApplicationConfiguredForAzure
     @ConditionalOnMissingBean(AzureClientCredential.class)
     AzureClientCredential azureClientCredential(
             @Value("${AAD_ISSUER_URI:#{null}}") String azureTokenEndpoint, // TODO: Not currently used, AAD_ISSUER_URI is hardcoded elsewhere; should be refactored to use AZURE_OPENID_CONFIG_TOKEN_ENDPOINT instead.
@@ -48,7 +47,7 @@ AzureTrygdeetatenClientCredential azureTrygdeetatenClientCredentialTest() {
     }
 
     @Bean("azureTrygdeetatenClientCredential")
-    @ConditionalOnProperty("AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT")
+    @ConditionalOnDollyApplicationConfiguredForTrygdeetaten
     @ConditionalOnMissingBean(AzureTrygdeetatenClientCredential.class)
     AzureTrygdeetatenClientCredential azureTrygdeetatenClientCredential(
             @Value("${AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT:#{null}}") String azureTrygdeetatenTokenEndpoint,
@@ -68,7 +67,7 @@ AzureNavClientCredential azureNavClientCredentialTest() {
     }
 
     @Bean("azureNavClientCredential")
-    @ConditionalOnProperty("AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT")
+    @ConditionalOnDollyApplicationConfiguredForNav
     @ConditionalOnMissingBean(AzureNavClientCredential.class)
     AzureNavClientCredential azureNavClientCredential(
             @Value("${AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT:#{null}}") String azureNavTokenEndpoint,
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java
new file mode 100644
index 00000000000..96084aad6e6
--- /dev/null
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java
@@ -0,0 +1,39 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+import org.springframework.util.StringUtils;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Conditional that matches if the application is configured for Azure.
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Conditional(OnDollyApplicationConfiguredForAzureCondition.class)
+public @interface ConditionalOnDollyApplicationConfiguredForAzure {
+}
+
+class OnDollyApplicationConfiguredForAzureCondition extends SpringBootCondition {
+
+    @Override
+    public ConditionOutcome getMatchOutcome(
+            ConditionContext context,
+            AnnotatedTypeMetadata metadata
+    ) {
+        var issuerUri = context
+                .getEnvironment()
+                .getProperty("AAD_ISSUER_URI");
+        // Check for AZURE_APP_CLIENT_ID/AZURE_APP_CLIENT_SECRET?
+        var match = StringUtils.hasText(issuerUri);
+        var message = match ? "Dolly application configured for Azure." : "Dolly application not configured for Azure. Missing required property 'AAD_ISSUER_URI'";
+        return new ConditionOutcome(match, message);
+    }
+}
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java
new file mode 100644
index 00000000000..db60a8c4403
--- /dev/null
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java
@@ -0,0 +1,40 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+import org.springframework.util.StringUtils;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+
+/**
+ * Conditional that matches if the application is configured for Nav.
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Conditional(OnDollyApplicationConfiguredForNavCondition.class)
+public @interface ConditionalOnDollyApplicationConfiguredForNav {
+}
+
+class OnDollyApplicationConfiguredForNavCondition extends SpringBootCondition {
+
+    @Override
+    public ConditionOutcome getMatchOutcome(
+            ConditionContext context,
+            AnnotatedTypeMetadata metadata
+    ) {
+        var issuerUri = context
+                .getEnvironment()
+                .getProperty("AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT");
+        // Check for AZURE_NAV_APP_CLIENT_ID/AZURE_NAV_APP_CLIENT_SECRET?
+        var match = StringUtils.hasText(issuerUri);
+        var message = match ? "Dolly application configured for Nav." : "Dolly application not configured for Nav. Missing required property 'AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT'";
+        return new ConditionOutcome(match, message);
+    }
+}
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java
new file mode 100644
index 00000000000..dc078308ce3
--- /dev/null
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java
@@ -0,0 +1,40 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+import org.springframework.util.StringUtils;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+
+/**
+ * Conditional that matches if the application is configured for Trygdeetaten.
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Conditional(OnDollyApplicationConfiguredForTrygdeetatenCondition.class)
+public @interface ConditionalOnDollyApplicationConfiguredForTrygdeetaten {
+}
+
+class OnDollyApplicationConfiguredForTrygdeetatenCondition extends SpringBootCondition {
+
+    @Override
+    public ConditionOutcome getMatchOutcome(
+            ConditionContext context,
+            AnnotatedTypeMetadata metadata
+    ) {
+        var issuerUri = context
+                .getEnvironment()
+                .getProperty("AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT");
+        // Check for AZURE_TRYGDEETATEN_APP_CLIENT_ID/AZURE_TRYGDEETATEN_APP_CLIENT_SECRET?
+        var match = StringUtils.hasText(issuerUri);
+        var message = match ? "Dolly application configured for Trygdeetaten." : "Dolly application not configured for Trygdeetaten. Missing required property 'AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT'";
+        return new ConditionOutcome(match, message);
+    }
+}
diff --git a/proxies/pdl-proxy/src/test/resources/application-test.yml b/proxies/pdl-proxy/src/test/resources/application-test.yml
index c5ae7d15b28..9608936c232 100644
--- a/proxies/pdl-proxy/src/test/resources/application-test.yml
+++ b/proxies/pdl-proxy/src/test/resources/application-test.yml
@@ -1,9 +1,9 @@
-TOKEN_X_ISSUER:
-AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT:
+TOKEN_X_ISSUER: placeholder
+AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT: placeholder
 
 app:
   elastic:
-    username:
-    password:
-  hendelse.lager.api.key:
-  person.aktor.api.key:
\ No newline at end of file
+    username: placeholder
+    password: placeholder
+  hendelse.lager.api.key: placeholder
+  person.aktor.api.key: placeholder
\ No newline at end of file