From c7dfa4d3deef646a827acd53c849768eb2447225 Mon Sep 17 00:00:00 2001
From: Jesper Paulsen <jesper.gayosso.paulsen@nav.no>
Date: Thu, 8 Feb 2024 14:28:22 +0100
Subject: [PATCH] [KAIZEN-0] Legge til unleash for BFF

---
 .github/workflows/unleash.yml               | 38 +++++++++++++++++++++
 .nais/prod.yaml                             | 10 +++++-
 .nais/qa-template.yaml                      | 10 +++++-
 .nais/unleash/unleash-apitoken-preprod.yaml | 18 ++++++++++
 .nais/unleash/unleash-apitoken-prod.yaml    | 18 ++++++++++
 5 files changed, 92 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/unleash.yml
 create mode 100644 .nais/unleash/unleash-apitoken-preprod.yaml
 create mode 100644 .nais/unleash/unleash-apitoken-prod.yaml

diff --git a/.github/workflows/unleash.yml b/.github/workflows/unleash.yml
new file mode 100644
index 0000000000..051b803431
--- /dev/null
+++ b/.github/workflows/unleash.yml
@@ -0,0 +1,38 @@
+name: "Deploy unleash api token"
+on:
+  push:
+    paths:
+      - .nais/unleash/**
+      - .github/workflows/unleash.yml
+jobs:
+  deploy-unleash-api-token-to-dev:
+    if: github.ref == 'refs/heads/dev'
+    name: Deploy unleash api token to dev-fss
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Deploy unleash api token
+        uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: dev-fss
+          RESOURCE: .nais/unleash/unleash-apitoken-preprod.yaml
+
+  deploy-unleash-api-token-to-prod:
+    if: github.ref == 'refs/heads/master'
+    name: Deploy unleash api-token to prod-fss
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Deploy unleash api token
+        uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: prod-fss
+          RESOURCE: .nais/unleash/unleash-apitoken-prod.yaml
\ No newline at end of file
diff --git a/.nais/prod.yaml b/.nais/prod.yaml
index e029fb3057..ff29126eea 100644
--- a/.nais/prod.yaml
+++ b/.nais/prod.yaml
@@ -46,6 +46,12 @@ spec:
           - id: "ea34edea-1e80-4759-a1d2-fbe696cf1709" # 0000-GA-BD06_ModiaGenerellTilgang
   vault:
     enabled: true
+  accessPolicy:
+    outbound:
+      external:
+        - host: personoversikt-unleash-api.nav.cloud.nais.io
+  envFrom:
+    - secret: modiapersonoversikt-unleash-api-token
   env:
     - name: APP_NAME
       value: "modiapersonoversikt"
@@ -68,4 +74,6 @@ spec:
     - name: DATABASE_JDBC_URL
       value: "jdbc:postgresql://A01DBVL029.adeo.no:5432/modiapersonoversikt"
     - name: VAULT_MOUNTPATH
-      value: "postgresql/prod-fss/"
\ No newline at end of file
+      value: "postgresql/prod-fss/"
+    - name: UNLEASH_ENVIRONMENT
+      value: "production"
\ No newline at end of file
diff --git a/.nais/qa-template.yaml b/.nais/qa-template.yaml
index 4f404d5e55..d3c1119e3c 100644
--- a/.nais/qa-template.yaml
+++ b/.nais/qa-template.yaml
@@ -46,6 +46,12 @@ spec:
           - id: "67a06857-0028-4a90-bf4c-9c9a92c7d733" # 0000-GA-BD06_ModiaGenerellTilgang
   vault:
     enabled: true
+  accessPolicy:
+    outbound:
+      external:
+        - host: personoversikt-unleash-api.nav.cloud.nais.io
+  envFrom:
+    - secret: modiapersonoversikt-unleash-api-token
   env:
     - name: APP_NAME
       value: "modiapersonoversikt"
@@ -72,4 +78,6 @@ spec:
     - name: DATABASE_JDBC_URL
       value: "jdbc:postgresql://b27dbvl030.preprod.local:5432/modiapersonoversikt"
     - name: VAULT_MOUNTPATH
-      value: "postgresql/preprod-fss/"
\ No newline at end of file
+      value: "postgresql/preprod-fss/"
+    - name: UNLEASH_ENVIRONMENT
+      value: "development"
\ No newline at end of file
diff --git a/.nais/unleash/unleash-apitoken-preprod.yaml b/.nais/unleash/unleash-apitoken-preprod.yaml
new file mode 100644
index 0000000000..c4f4a8fc94
--- /dev/null
+++ b/.nais/unleash/unleash-apitoken-preprod.yaml
@@ -0,0 +1,18 @@
+apiVersion: unleash.nais.io/v1
+kind: ApiToken
+metadata:
+  name: modiapersonoversikt
+  namespace: personoversikt
+  labels:
+    team: personoversikt
+spec:
+  unleashInstance:
+    apiVersion: unleash.nais.io/v1
+    kind: RemoteUnleash
+    name: personoversikt
+  secretName: modiapersonoversikt-unleash-api-token
+
+  # Specify which environment the API token should be created for.
+  # Can be one of: development, or production.
+  environment: development
+
diff --git a/.nais/unleash/unleash-apitoken-prod.yaml b/.nais/unleash/unleash-apitoken-prod.yaml
new file mode 100644
index 0000000000..d4c575c165
--- /dev/null
+++ b/.nais/unleash/unleash-apitoken-prod.yaml
@@ -0,0 +1,18 @@
+apiVersion: unleash.nais.io/v1
+kind: ApiToken
+metadata:
+  name: modiapersonoversikt
+  namespace: personoversikt
+  labels:
+    team: personoversikt
+spec:
+  unleashInstance:
+    apiVersion: unleash.nais.io/v1
+    kind: RemoteUnleash
+    name: personoversikt
+  secretName: modiapersonoversikt-unleash-api-token
+
+  # Specify which environment the API token should be created for.
+  # Can be one of: development, or production.
+  environment: production
+