From f731e76cfc03640104e3a9786239a62e6524ccdd Mon Sep 17 00:00:00 2001 From: "saul.gill" Date: Mon, 21 Aug 2023 10:55:10 +0100 Subject: Make auth optional for prometheus metrics Issue-ID: POLICY-4802 Change-Id: Ib0c3aa1b75812d48a26296ba5acc3ea01147f9b4 Signed-off-by: saul.gill --- .../clamp/acm/runtime/config/SecurityConfig.java | 28 +++++++++++++++++----- runtime-acm/src/main/resources/application.yaml | 4 ++++ 2 files changed, 26 insertions(+), 6 deletions(-) (limited to 'runtime-acm/src/main') diff --git a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java index d38771d78..e8b28079b 100644 --- a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java +++ b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java @@ -20,6 +20,7 @@ package org.onap.policy.clamp.acm.runtime.config; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -30,20 +31,35 @@ import org.springframework.security.web.SecurityFilterChain; */ @Configuration public class SecurityConfig { + @Value("${metrics.security.disabled}") + private boolean disableMetricsSecurity; /** * Return the configuration of how access to this module's REST end points is secured. * * @param http the HTTP security settings * @return the HTTP security settings */ + @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http - .httpBasic() - .and() - .authorizeHttpRequests().anyRequest().authenticated() - .and() - .csrf().disable(); + if (disableMetricsSecurity) { + http + .httpBasic() + .and() + .authorizeHttpRequests(request -> + request + .antMatchers("/prometheus").permitAll() + .anyRequest().authenticated()) + .csrf().disable(); + } else { + http + .httpBasic() + .and() + .authorizeHttpRequests().anyRequest().authenticated() + .and() + .csrf().disable(); + } + return http.build(); } } diff --git a/runtime-acm/src/main/resources/application.yaml b/runtime-acm/src/main/resources/application.yaml index 8dd4b574a..6a0213720 100755 --- a/runtime-acm/src/main/resources/application.yaml +++ b/runtime-acm/src/main/resources/application.yaml @@ -29,6 +29,10 @@ spring: dialect: org.hibernate.dialect.MariaDB103Dialect format_sql: true +metrics: + security: + disabled: false + security: enable-csrf: false -- cgit 1.2.3-korg