secure endpoints

Issue-ID: POLICY-5340
Change-Id: Id4c71dbd76aa2c7427e683ce63a8ba999826e946
Signed-off-by: gururajarao79 <gb00566633@techmahindra.com>

diff --git a/api/register-handlers.go b/api/register-handlers.go
index f7ec9d9..1bd1815 100644 (file)
--- a/api/register-handlers.go
+++ b/api/register-handlers.go
@@ -27,7 +27,6 @@ import (
        "policy-opa-pdp/pkg/data"
        "policy-opa-pdp/pkg/decision"
        "policy-opa-pdp/pkg/healthcheck"
-       "policy-opa-pdp/pkg/log"
        "policy-opa-pdp/pkg/metrics"
        "policy-opa-pdp/pkg/opasdk"
        "time"
@@ -42,10 +41,6 @@ func RegisterHandlers() {
        opaDecisionHandler := http.HandlerFunc(decision.OpaDecision)
        http.Handle("/policy/pdpo/v1/decision", basicAuth(trackDecisionResponseTime(opaDecisionHandler)))
 
-       // Handler for kubernetes readiness probe
-       readinessProbeHandler := http.HandlerFunc(readinessProbe)
-       http.Handle("/ready", readinessProbeHandler)
-
        // Handler for health checks
        healthCheckHandler := http.HandlerFunc(healthcheck.HealthCheckHandler)
        http.HandleFunc("/policy/pdpo/v1/healthcheck", basicAuth(healthCheckHandler))
@@ -55,16 +50,20 @@ func RegisterHandlers() {
        http.HandleFunc("/policy/pdpo/v1/statistics", basicAuth(statisticsReportHandler))
 
        listPoliciesHandler := http.HandlerFunc(opasdk.ListPolicies)
-       http.Handle("/opa/listpolicies", listPoliciesHandler)
+       http.Handle("/opa/listpolicies", basicAuth(listPoliciesHandler))
 
        dataHandler := http.HandlerFunc(data.DataHandler)
        http.Handle("/policy/pdpo/v1/data/", basicAuth(trackDataResponseTime(dataHandler)))
 
        http.Handle("/policy/pdpo/v1/data", basicAuth(trackDataResponseTime(dataHandler)))
 
-       //Handler for prometheus
-       http.Handle("/metrics", promhttp.Handler())
+        http.Handle("/metrics", basicAuth(http.HandlerFunc(metricsHandler)))
+
+}
 
+// Define the metrics handler function
+func metricsHandler(w http.ResponseWriter, r *http.Request) {
+       promhttp.Handler().ServeHTTP(w, r)
 }
 
 //Track Decision response time metrics
@@ -105,12 +104,3 @@ func validateCredentials(username, password string) bool {
        validPass := cfg.Password
        return username == validUser && password == validPass
 }
-
-// handles readiness probe endpoint
-func readinessProbe(res http.ResponseWriter, req *http.Request) {
-       res.WriteHeader(http.StatusOK)
-       _, err := res.Write([]byte("Ready"))
-       if err != nil {
-               log.Errorf("Failed to write response: %v", err)
-       }
-}

diff --git a/api/register-handlers_test.go b/api/register-handlers_test.go
index 2e682a0..92ad776 100644 (file)
--- a/api/register-handlers_test.go
+++ b/api/register-handlers_test.go
@@ -45,7 +45,6 @@ func TestRegisterHandlers(t *testing.T) {
                statusCode int
        }{
                {"/policy/pdpo/v1/decision", decision.OpaDecision, http.StatusUnauthorized},
-               {"/ready", readinessProbe, http.StatusOK},
                {"/policy/pdpo/v1/healthcheck", healthcheck.HealthCheckHandler, http.StatusUnauthorized},
        }
 
@@ -95,26 +94,6 @@ func TestBasicAuth(t *testing.T) {
        }
 }
 
-func TestReadinessProbe(t *testing.T) {
-       req, err := http.NewRequest("GET", "/ready", nil)
-       if err != nil {
-               t.Fatalf("Failed to create request: %v", err)
-       }
-
-       rr := httptest.NewRecorder()
-       handler := http.HandlerFunc(readinessProbe)
-       handler.ServeHTTP(rr, req)
-
-       if status := rr.Code; status != http.StatusOK {
-               t.Errorf("readinessProbe returned wrong status code: got %v want %v", status, http.StatusOK)
-       }
-
-       expected := "Ready"
-       if rr.Body.String() != expected {
-               t.Errorf("readinessProbe returned unexpected body: got %v want %v", rr.Body.String(), expected)
-       }
-}
-
 
 type mockObserver struct {
        observedDuration float64