From b7ee2ca2262f5969e94c2efb975f68c72d1e6f06 Mon Sep 17 00:00:00 2001
From: Mads Opheim <71336041+madsop-nav@users.noreply.github.com>
Date: Mon, 5 Aug 2024 10:06:35 +0200
Subject: [PATCH] =?UTF-8?q?EY-4245:=20Skriv=20proxyen=20over=20til=20?=
 =?UTF-8?q?=C3=A5=20basere=20seg=20p=C3=A5=20distroless-baseimage=20(#305)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* EY-4245: Flyttar innlesing av filer over i rein kode

* Tar bort innlesing til miljøvariablar no som det ikkje trengs lenger

* Dockerfile for proxyen som baserer seg på distroless

* Revert "Dockerfile for proxyen som baserer seg på distroless"

This reverts commit 2edc4c7661be64d1ac636667f7e6e6d1d4a4cc39.

* Reapply "Dockerfile for proxyen som baserer seg på distroless"

This reverts commit 7aec70564b99b2d8f536f6af74c701df3d1d4018.
---
 apps/etterlatte-proxy/Dockerfile              | 11 ++++++----
 apps/etterlatte-proxy/import-vault-token.sh   | 11 ----------
 .../src/main/kotlin/config/Config.kt          | 20 ++++++++++++++++---
 .../src/main/resources/application.conf       |  7 -------
 4 files changed, 24 insertions(+), 25 deletions(-)
 delete mode 100644 apps/etterlatte-proxy/import-vault-token.sh

diff --git a/apps/etterlatte-proxy/Dockerfile b/apps/etterlatte-proxy/Dockerfile
index 4ccf574c..db5ccd79 100644
--- a/apps/etterlatte-proxy/Dockerfile
+++ b/apps/etterlatte-proxy/Dockerfile
@@ -1,5 +1,8 @@
-FROM ghcr.io/navikt/baseimages/temurin:21
-
-COPY import-vault-token.sh /init-scripts
+FROM gcr.io/distroless/java21
+ENV TZ="Europe/Oslo"
+ENV JDK_JAVA_OPTIONS="-Dhttp.proxyHost=webproxy.nais -Dhttps.proxyHost=webproxy.nais -Dhttp.proxyPort=8088 -Dhttps.proxyPort=8088 -Dhttp.nonProxyHosts=localhost|127.0.0.1|10.254.0.1|*.local|*.adeo.no|*.nav.no|*.aetat.no|*.devillo.no|*.oera.no|*.nais.io|*.aivencloud.com|*.intern.dev.nav.no"
+WORKDIR /app
 COPY build/libs/*.jar ./
-
+EXPOSE 8080
+USER nonroot
+CMD ["app.jar"]
\ No newline at end of file
diff --git a/apps/etterlatte-proxy/import-vault-token.sh b/apps/etterlatte-proxy/import-vault-token.sh
deleted file mode 100644
index afb6a3bc..00000000
--- a/apps/etterlatte-proxy/import-vault-token.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env sh
-
-if test -f /secrets/srvetterlatte/username;
-then
-    export SERVICEUSER_USERNAME=$(cat /secrets/srvetterlatte/username)
-fi
-
-if test -f /secrets/srvetterlatte/password;
-then
-    export SERVICEUSER_PASSWORD=$(cat /secrets/srvetterlatte/password)
-fi
diff --git a/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt b/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt
index 3559fecc..dc01d9ee 100644
--- a/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt
+++ b/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt
@@ -5,6 +5,9 @@ import io.ktor.client.call.body
 import io.ktor.client.request.get
 import io.ktor.server.config.ApplicationConfig
 import no.nav.etterlatte.routes.httpClientWithProxy
+import java.nio.file.Files
+import java.nio.file.Paths
+import kotlin.io.path.exists
 
 data class Config(
     val sts: Sts,
@@ -44,8 +47,8 @@ suspend fun ApplicationConfig.load() =
                 soapUrl = property("sts.soapUrl").getString(),
                 serviceuser =
                     Config.Sts.ServiceUser(
-                        name = property("serviceuser.name").getString(),
-                        password = property("serviceuser.password").getString()
+                        name = name(),
+                        password = password()
                     )
             ),
         aad =
@@ -53,4 +56,15 @@ suspend fun ApplicationConfig.load() =
                 metadata = httpClientWithProxy().use { it.get(property("aad.wellKnownUrl").getString()).body() },
                 clientId = property("aad.clientId").getString()
             )
-    )
\ No newline at end of file
+    )
+
+private fun name() =
+    Paths.get("/secrets/srvetterlatte/username")
+        .takeIf { it.exists() }
+        ?.let { Files.readString(it) }
+        ?: "srvetterlatte"
+
+private fun password() = Paths.get("/secrets/srvetterlatte/password")
+    .takeIf { it.exists() }
+    ?.let { Files.readString(it) }
+    ?: "srv-password"
\ No newline at end of file
diff --git a/apps/etterlatte-proxy/src/main/resources/application.conf b/apps/etterlatte-proxy/src/main/resources/application.conf
index f0d65a03..36da2bc7 100644
--- a/apps/etterlatte-proxy/src/main/resources/application.conf
+++ b/apps/etterlatte-proxy/src/main/resources/application.conf
@@ -22,13 +22,6 @@ simuleringOppdrag {
     url = ${?SIMULERING_OPPDRAG_URL}
 }
 
-serviceuser {
-    name = "srvetterlatte"
-    password = "srv-password"
-    name = ${?SERVICEUSER_USERNAME}
-    password = ${?SERVICEUSER_PASSWORD}
-}
-
 aad {
     wellKnownUrl = "https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b/v2.0/.well-known/openid-configuration"
     wellKnownUrl = ${?AZURE_APP_WELL_KNOWN_URL}