Make auth optional for prometheus metrics

Issue-ID: POLICY-4802 Change-Id: Ib0c3aa1b75812d48a26296ba5acc3ea01147f9b4 Signed-off-by: saul.gill <saul.gill@est.tech>
author: saul.gill <saul.gill@est.tech> 2023-08-21 10:55:10 +0100
committer: saul.gill <saul.gill@est.tech> 2023-08-25 13:56:51 +0100
commit: f731e76cfc03640104e3a9786239a62e6524ccdd (patch)
tree: 7d77987b2274ee5f016cd94f5c4145d395512467 /runtime-acm/src/main
parent: ea5f81815a19d0b902e3c80f15d1b17c122bce76 (diff)
2 files changed, 26 insertions, 6 deletions
diff --git a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
index d38771d78..e8b28079b 100644
--- a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
+++ b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
@@ -20,6 +20,7 @@
 
 package org.onap.policy.clamp.acm.runtime.config;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -30,20 +31,35 @@ import org.springframework.security.web.SecurityFilterChain;
  */
 @Configuration
 public class SecurityConfig {
+    @Value("${metrics.security.disabled}")
+    private boolean disableMetricsSecurity;
     /**
      * Return the configuration of how access to this module's REST end points is secured.
      *
      * @param http the HTTP security settings
      * @return the HTTP security settings
      */
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http
-            .httpBasic()
-            .and()
-            .authorizeHttpRequests().anyRequest().authenticated()
-            .and()
-            .csrf().disable();
+        if (disableMetricsSecurity) {
+            http
+                    .httpBasic()
+                    .and()
+                    .authorizeHttpRequests(request ->
+                        request
+                                .antMatchers("/prometheus").permitAll()
+                                .anyRequest().authenticated())
+                    .csrf().disable();
+        } else {
+            http
+                    .httpBasic()
+                    .and()
+                    .authorizeHttpRequests().anyRequest().authenticated()
+                    .and()
+                    .csrf().disable();
+        }
+
         return http.build();
     }
 }
diff --git a/runtime-acm/src/main/resources/application.yaml b/runtime-acm/src/main/resources/application.yaml
index 8dd4b574a..6a0213720 100755
--- a/runtime-acm/src/main/resources/application.yaml
+++ b/runtime-acm/src/main/resources/application.yaml
@@ -29,6 +29,10 @@ spring:
         dialect: org.hibernate.dialect.MariaDB103Dialect
         format_sql: true
 
+metrics:
+  security:
+    disabled: false
+
 security:
   enable-csrf: false
author	saul.gill <saul.gill@est.tech>	2023-08-21 10:55:10 +0100
committer	saul.gill <saul.gill@est.tech>	2023-08-25 13:56:51 +0100
commit	f731e76cfc03640104e3a9786239a62e6524ccdd (patch)
tree	7d77987b2274ee5f016cd94f5c4145d395512467 /runtime-acm/src/main
parent	ea5f81815a19d0b902e3c80f15d1b17c122bce76 (diff)