diff options
author | saul.gill <saul.gill@est.tech> | 2023-08-21 10:55:10 +0100 |
---|---|---|
committer | saul.gill <saul.gill@est.tech> | 2023-08-25 13:56:51 +0100 |
commit | f731e76cfc03640104e3a9786239a62e6524ccdd (patch) | |
tree | 7d77987b2274ee5f016cd94f5c4145d395512467 /runtime-acm | |
parent | ea5f81815a19d0b902e3c80f15d1b17c122bce76 (diff) |
Make auth optional for prometheus metrics
Issue-ID: POLICY-4802
Change-Id: Ib0c3aa1b75812d48a26296ba5acc3ea01147f9b4
Signed-off-by: saul.gill <saul.gill@est.tech>
Diffstat (limited to 'runtime-acm')
5 files changed, 128 insertions, 6 deletions
diff --git a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java index d38771d78..e8b28079b 100644 --- a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java +++ b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java @@ -20,6 +20,7 @@ package org.onap.policy.clamp.acm.runtime.config; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -30,20 +31,35 @@ import org.springframework.security.web.SecurityFilterChain; */ @Configuration public class SecurityConfig { + @Value("${metrics.security.disabled}") + private boolean disableMetricsSecurity; /** * Return the configuration of how access to this module's REST end points is secured. * * @param http the HTTP security settings * @return the HTTP security settings */ + @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http - .httpBasic() - .and() - .authorizeHttpRequests().anyRequest().authenticated() - .and() - .csrf().disable(); + if (disableMetricsSecurity) { + http + .httpBasic() + .and() + .authorizeHttpRequests(request -> + request + .antMatchers("/prometheus").permitAll() + .anyRequest().authenticated()) + .csrf().disable(); + } else { + http + .httpBasic() + .and() + .authorizeHttpRequests().anyRequest().authenticated() + .and() + .csrf().disable(); + } + return http.build(); } } diff --git a/runtime-acm/src/main/resources/application.yaml b/runtime-acm/src/main/resources/application.yaml index 8dd4b574a..6a0213720 100755 --- a/runtime-acm/src/main/resources/application.yaml +++ b/runtime-acm/src/main/resources/application.yaml @@ -29,6 +29,10 @@ spring: dialect: org.hibernate.dialect.MariaDB103Dialect format_sql: true +metrics: + security: + disabled: false + security: enable-csrf: false diff --git a/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/main/rest/PrometheusNoAuthTest.java b/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/main/rest/PrometheusNoAuthTest.java new file mode 100644 index 000000000..87b5549d7 --- /dev/null +++ b/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/main/rest/PrometheusNoAuthTest.java @@ -0,0 +1,58 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2023 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.clamp.acm.runtime.main.rest; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +import javax.ws.rs.client.Invocation; +import javax.ws.rs.core.Response; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.onap.policy.clamp.acm.runtime.util.rest.CommonRestController; +import org.springframework.boot.test.autoconfigure.actuate.metrics.AutoConfigureMetrics; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.web.server.LocalServerPort; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.junit.jupiter.SpringExtension; + +@AutoConfigureMetrics +@ExtendWith(SpringExtension.class) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@ActiveProfiles({ "prometheus-noauth", "default" }) +public class PrometheusNoAuthTest extends CommonRestController { + private static final String PROMETHEUS_ENDPOINT = "prometheus"; + + @LocalServerPort + private int randomServerPort; + + @BeforeEach + public void setUpPort() { + super.setHttpPrefix(randomServerPort); + } + + @Test + void testGetPrometheusNoAuth() { + Invocation.Builder invocationBuilder = super.sendNoAuthActRequest(PROMETHEUS_ENDPOINT); + Response rawresp = invocationBuilder.buildGet().invoke(); + assertEquals(Response.Status.OK.getStatusCode(), rawresp.getStatus()); + } +} diff --git a/runtime-acm/src/test/resources/application-prometheus-noauth.yaml b/runtime-acm/src/test/resources/application-prometheus-noauth.yaml new file mode 100644 index 000000000..25daf49fc --- /dev/null +++ b/runtime-acm/src/test/resources/application-prometheus-noauth.yaml @@ -0,0 +1,40 @@ +spring: + datasource: + url: jdbc:h2:mem:testdb + driverClassName: org.h2.Driver + hikari: + maxLifetime: 1800000 + maximumPoolSize: 3 + jpa: + hibernate: + ddl-auto: create + properties: + hibernate: + dialect: org.hibernate.dialect.HSQLDialect + +metrics: + security: + disabled: true + +server: + servlet: + context-path: /onap/policy/clamp/acm + +runtime: + participantParameters: + updateParameters: + maxRetryCount: 3 + topicParameterGroup: + topicSources: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - localhost + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + topicSinks: + - + topicCommInfrastructure: dmaap + servers: + - localhost + topic: POLICY-ACRUNTIME-PARTICIPANT
\ No newline at end of file diff --git a/runtime-acm/src/test/resources/application-test.yaml b/runtime-acm/src/test/resources/application-test.yaml index 2179cdf5e..e6fed2475 100644 --- a/runtime-acm/src/test/resources/application-test.yaml +++ b/runtime-acm/src/test/resources/application-test.yaml @@ -12,6 +12,10 @@ spring: hibernate: dialect: org.hibernate.dialect.HSQLDialect +metrics: + security: + disabled: false + server: servlet: context-path: /onap/policy/clamp/acm |