summaryrefslogtreecommitdiffstats
path: root/runtime-acm/src/main
diff options
context:
space:
mode:
authorsaul.gill <saul.gill@est.tech>2023-08-21 10:55:10 +0100
committersaul.gill <saul.gill@est.tech>2023-08-25 13:56:51 +0100
commitf731e76cfc03640104e3a9786239a62e6524ccdd (patch)
tree7d77987b2274ee5f016cd94f5c4145d395512467 /runtime-acm/src/main
parentea5f81815a19d0b902e3c80f15d1b17c122bce76 (diff)
Make auth optional for prometheus metrics
Issue-ID: POLICY-4802 Change-Id: Ib0c3aa1b75812d48a26296ba5acc3ea01147f9b4 Signed-off-by: saul.gill <saul.gill@est.tech>
Diffstat (limited to 'runtime-acm/src/main')
-rw-r--r--runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java28
-rwxr-xr-xruntime-acm/src/main/resources/application.yaml4
2 files changed, 26 insertions, 6 deletions
diff --git a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
index d38771d78..e8b28079b 100644
--- a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
+++ b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
@@ -20,6 +20,7 @@
package org.onap.policy.clamp.acm.runtime.config;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -30,20 +31,35 @@ import org.springframework.security.web.SecurityFilterChain;
*/
@Configuration
public class SecurityConfig {
+ @Value("${metrics.security.disabled}")
+ private boolean disableMetricsSecurity;
/**
* Return the configuration of how access to this module's REST end points is secured.
*
* @param http the HTTP security settings
* @return the HTTP security settings
*/
+
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
- http
- .httpBasic()
- .and()
- .authorizeHttpRequests().anyRequest().authenticated()
- .and()
- .csrf().disable();
+ if (disableMetricsSecurity) {
+ http
+ .httpBasic()
+ .and()
+ .authorizeHttpRequests(request ->
+ request
+ .antMatchers("/prometheus").permitAll()
+ .anyRequest().authenticated())
+ .csrf().disable();
+ } else {
+ http
+ .httpBasic()
+ .and()
+ .authorizeHttpRequests().anyRequest().authenticated()
+ .and()
+ .csrf().disable();
+ }
+
return http.build();
}
}
diff --git a/runtime-acm/src/main/resources/application.yaml b/runtime-acm/src/main/resources/application.yaml
index 8dd4b574a..6a0213720 100755
--- a/runtime-acm/src/main/resources/application.yaml
+++ b/runtime-acm/src/main/resources/application.yaml
@@ -29,6 +29,10 @@ spring:
dialect: org.hibernate.dialect.MariaDB103Dialect
format_sql: true
+metrics:
+ security:
+ disabled: false
+
security:
enable-csrf: false