Informasjonsforvaltning · NilsOveTen · Jan 9, 2025 · Jan 8, 2025 · Jan 8, 2025 · Jan 8, 2025
diff --git a/.github/workflows/deploy-prod&demo.yaml b/.github/workflows/deploy-prod&demo.yaml
@@ -16,7 +16,6 @@ jobs:
       environment: prod
     secrets:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        GCP_SA_DIGDIR_FDK_GCR_KEY: ${{ secrets.GCP_SA_DIGDIR_FDK_GCR_KEY }}
         CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
   deploy-prod:

diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml
@@ -18,7 +18,6 @@ jobs:
       environment: staging
     secrets:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GCP_SA_DIGDIR_FDK_GCR_KEY: ${{ secrets.GCP_SA_DIGDIR_FDK_GCR_KEY }}
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
   deploy:

diff --git a/Dockerfile b/Dockerfile
@@ -6,4 +6,4 @@ RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 VOLUME /tmp
 COPY /target/fdk-dataservice-harvester.jar app.jar
 
-CMD java -jar $JAVA_OPTS app.jar
+CMD ["sh", "-c", "java -jar $JAVA_OPTS app.jar"]
diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml
@@ -6,5 +6,5 @@ resources:
   - fdk-dataservice-harvester-service.yaml
 images:
   - name: fdk-dataservice-harvester
-    newName: eu.gcr.io/digdir-fdk-infra/fdk-dataservice-harvester
+    newName: ghcr.io/informasjonsforvaltning/fdk-dataservice-harvester
     newTag: $(GIT_COMMIT_SHA)
diff --git a/deploy/demo/env.yaml b/deploy/demo/env.yaml
@@ -51,3 +51,5 @@ spec:
               secretKeyRef:
                 name: fdk-harvest-admin
                 key: API_KEY
+          - name: CORS_ORIGIN_PATTERNS
+            value: https://demo.fellesdatakatalog.digdir.no,https://*.demo.fellesdatakatalog.digdir.no
diff --git a/deploy/prod/env.yaml b/deploy/prod/env.yaml
@@ -51,3 +51,5 @@ spec:
               secretKeyRef:
                 name: fdk-harvest-admin
                 key: API_KEY
+          - name: CORS_ORIGIN_PATTERNS
+            value: https://fellesdatakatalog.digdir.no,https://*.fellesdatakatalog.digdir.no,https://data.norge.no,https://data.transportportal.no,https://transportportal.no
diff --git a/deploy/staging/env.yaml b/deploy/staging/env.yaml
@@ -51,3 +51,5 @@ spec:
               secretKeyRef:
                 name: fdk-harvest-admin
                 key: API_KEY
+          - name: CORS_ORIGIN_PATTERNS
+            value: https://staging.fellesdatakatalog.digdir.no,https://*.staging.fellesdatakatalog.digdir.no,http://localhost:*
diff --git a/.../digdir/informasjonsforvaltning/fdk_dataservice_harvester/configuration/SecurityConfig.kt b/.../digdir/informasjonsforvaltning/fdk_dataservice_harvester/configuration/SecurityConfig.kt
@@ -1,5 +1,6 @@
 package no.digdir.informasjonsforvaltning.fdk_dataservice_harvester.configuration
 
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@@ -10,14 +11,29 @@ import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator
 import org.springframework.security.oauth2.jwt.*
 import org.springframework.security.oauth2.jwt.JwtClaimNames.AUD
 import org.springframework.security.web.SecurityFilterChain
+import org.springframework.web.cors.CorsConfiguration
+import org.springframework.web.cors.CorsConfigurationSource
 
 @Configuration
-open class SecurityConfig {
+open class SecurityConfig(
+    @Value("\${application.cors.originPatterns}")
+    val corsOriginPatterns: Array<String>
+) {
 
     @Bean
     open fun filterChain(http: HttpSecurity): SecurityFilterChain {
         http {
-            cors { }
+            cors {
+                configurationSource = CorsConfigurationSource {
+                    val config = CorsConfiguration()
+                    config.allowCredentials = false
+                    config.allowedHeaders = listOf("*")
+                    config.maxAge = 3600L
+                    config.allowedOriginPatterns = corsOriginPatterns.toList()
+                    config.allowedMethods = listOf("GET", "POST", "OPTIONS", "DELETE")
+                    config
+                }
+            }
             csrf { disable() }
             authorizeHttpRequests {
                 authorize(HttpMethod.OPTIONS, "/**", permitAll)

diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -11,6 +11,7 @@ application:
   catalogUri: ${FDK_DATASERVICE_HARVESTER_URI:https://dataservices.staging.fellesdatakatalog.digdir.no}/catalogs
   harvestAdminRootUrl: ${HARVEST_ADMIN_ROOT_URL:http://new-harvest-admin:8080}
   harvestAdminApiKey: ${ADMIN_API_KEY}
+  cors.originPatterns: "${CORS_ORIGIN_PATTERNS}"
 spring:
   security.oauth2.resourceserver.jwt:
     jwk-set-uri: ${SSO_HOST:https://sso.staging.fellesdatakatalog.digdir.no}/auth/realms/fdk/protocol/openid-connect/certs
@@ -46,6 +47,7 @@ application:
   catalogUri: https://dataservices.staging.fellesdatakatalog.digdir.no/catalogs
   harvestAdminRootUrl: https://admin-api.staging.fellesdatakatalog.digdir.no
   harvestAdminApiKey: test-key
+  cors.originPatterns: "*"
 
 ---
 spring:
@@ -63,4 +65,5 @@ application:
   catalogUri: http://localhost:5050/catalogs
   harvestAdminRootUrl: http://localhost:5050
   harvestAdminApiKey: test-key
+  cors.originPatterns: "*"
 server.port: 5555