Merge pull request #291 from navikt/dev

Prodsetting av fjerning av midlertidig logging
navikt · Mar 27, 2023 · 89b2316 · 89b2316
2 parents c59e58b + cd61b9f
commit 89b2316
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 38 deletions.
diff --git a/nais-dev.yaml b/nais-dev.yaml
@@ -104,5 +104,3 @@ spec:
       value: https://poao-tilgang.dev.intern.nav.no
     - name: POAO_TILGANG_SCOPE
       value: api://dev-gcp.poao.poao-tilgang/.default
-  secureLogs:
-    enabled: true
diff --git a/nais-prod.yaml b/nais-prod.yaml
@@ -101,5 +101,3 @@ spec:
       value: https://poao-tilgang.intern.nav.no
     - name: POAO_TILGANG_SCOPE
       value: api://prod-gcp.poao.poao-tilgang/.default
-  secureLogs:
-    enabled: true
diff --git a/src/main/java/no/nav/veilarbarena/service/AuthService.java b/src/main/java/no/nav/veilarbarena/service/AuthService.java
@@ -6,11 +6,8 @@
 import no.nav.common.abac.Pep;
 import no.nav.common.abac.domain.request.ActionId;
 import no.nav.common.auth.context.AuthContextHolder;
-import no.nav.common.auth.context.UserRole;
 import no.nav.common.types.identer.Fnr;
 import no.nav.poao_tilgang.client.*;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Service;
@@ -35,8 +32,6 @@ public class AuthService {
 
     private final UnleashService unleashService;
 
-    public static Logger secureLog = LoggerFactory.getLogger("SecureLog");
-
     @Autowired
     public AuthService(AuthContextHolder authContextHolder, Pep veilarbPep, PoaoTilgangClient poaoTilgangClient, UnleashService unleashService) {
         this.authContextHolder = authContextHolder;
@@ -46,33 +41,26 @@ public AuthService(AuthContextHolder authContextHolder, Pep veilarbPep, PoaoTilg
     }
 
     public void sjekkTilgang(Fnr fnr) {
-        String requestId = UUID.randomUUID().toString();
-        String userRole = authContextHolder.getRole().map(UserRole::name).orElse("UKJENT");
         String innloggetBrukerToken = authContextHolder.requireIdTokenString();
-        Boolean abacDecision = veilarbPep.harTilgangTilPerson(innloggetBrukerToken, ActionId.READ, fnr);
-
         if (unleashService.skalBrukePoaoTilgang() && !erSystembruker()) {
             if (authContextHolder.erEksternBruker()) {
                 harSikkerhetsNivaa4();
                 Decision desicion = poaoTilgangClient.evaluatePolicy(new EksternBrukerTilgangTilEksternBrukerPolicyInput(
                         hentInnloggetPersonIdent(), fnr.get()
                 )).getOrThrow();
-                secureLog.info("abacDecision = {}, EksternBrukerTilgangTilEksternBrukerPolicyInput = {}, hvor userRole = {}, pid = {}, requestId = {} ", abacDecision, desicion.getType(), userRole, hentInnloggetPersonIdent(), requestId);
                 if (desicion.isDeny()) {
                     throw new ResponseStatusException(HttpStatus.FORBIDDEN);
                 }
             } else {
                 Decision desicion = poaoTilgangClient.evaluatePolicy(new NavAnsattTilgangTilEksternBrukerPolicyInput(
                         hentInnloggetVeilederUUID(), TilgangType.LESE, fnr.get()
                 )).getOrThrow();
-                secureLog.info("abacDecision = {}, NavAnsattTilgangTilEksternBrukerPolicyInput decision = {}, hvor userRole = {}, uuid = {}, pid = {}, NavIdent = {}, subject = {}, innloggetBrukerToken = {}, requestId = {}", abacDecision, desicion.getType(), userRole, hentInnloggetVeilederUUIDOrElseNull(), hentInnloggetPersonIdent(), hentInnloggetVeilederNavIdent(), hentInnloggetVeilederSubject(), innloggetBrukerToken, requestId);
                 if (desicion.isDeny()) {
                     throw new ResponseStatusException(HttpStatus.FORBIDDEN);
                 }
             }
-
         } else {
-            if (!abacDecision) {
+            if (!veilarbPep.harTilgangTilPerson(innloggetBrukerToken, ActionId.READ, fnr)) {
                 throw new ResponseStatusException(HttpStatus.FORBIDDEN);
             }
         }
@@ -109,32 +97,12 @@ public UUID hentInnloggetVeilederUUID() {
                 .orElseThrow(() -> new ResponseStatusException(HttpStatus.FORBIDDEN, "Fant ikke oid for innlogget veileder"));
     }
 
-
-    public UUID hentInnloggetVeilederUUIDOrElseNull() {
-        return authContextHolder.getIdTokenClaims()
-                .flatMap(claims -> getStringClaimOrEmpty(claims, "oid"))
-                .map(UUID::fromString)
-                .orElse(null);
-    }
-
     public String hentInnloggetPersonIdent() {
         return authContextHolder.getIdTokenClaims()
                 .flatMap(claims -> getStringClaimOrEmpty(claims, "pid"))
                 .orElse(null);
     }
 
-    public String hentInnloggetVeilederNavIdent() {
-        return authContextHolder.getIdTokenClaims()
-                .flatMap(claims -> getStringClaimOrEmpty(claims, "NAVident"))
-                .orElse(null);
-    }
-
-    public String hentInnloggetVeilederSubject() {
-        return authContextHolder.getIdTokenClaims()
-                .flatMap(claims -> getStringClaimOrEmpty(claims, "sub"))
-                .orElse(null);
-    }
-
     public void harSikkerhetsNivaa4() {
         Optional<String> acrClaim = authContextHolder.getIdTokenClaims()
                 .flatMap(claims -> getStringClaimOrEmpty(claims, "acr"));

diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
@@ -3,5 +3,4 @@
     <include resource="no/nav/common/log/logback-stdout-json.xml"/>
     <include resource="no/nav/common/log/logback-naudit.xml"/>
     <include resource="no/nav/common/log/logback-cxf.xml"/>
-    <include resource="no/nav/common/log/logback-securelogs.xml"/>
 </configuration>