Make basic auth configurable in acm

Allow user to switch on/off basicAuth from application.yaml

Issue-ID: POLICY-5044
Change-Id: I96a91152667efc5e26196239bc0808913a5ee06c
Signed-off-by: saul.gill <saul.gill@est.tech>

diff --git a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
index e32eacb..2e75db1 100644 (file)
--- a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
+++ b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
@@ -1,6 +1,6 @@
 /*-
  * ============LICENSE_START=======================================================
- *  Copyright (C) 2021,2023 Nordix Foundation.
+ *  Copyright (C) 2021,2023-2024 Nordix Foundation.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,8 +34,8 @@ import org.springframework.security.web.SecurityFilterChain;
 @Configuration
 public class SecurityConfig {
 
-    @Value("${metrics.security.disabled}")
-    private boolean disableMetricsSecurity;
+    @Value("${basicAuth:true}")
+    private boolean useBasicAuth;
 
     /**
      * Return the configuration of how access to this module's REST end points is secured.
@@ -48,11 +48,10 @@ public class SecurityConfig {
         http
             .httpBasic(Customizer.withDefaults())
             .authorizeHttpRequests(authorize -> {
-                if (disableMetricsSecurity) {
-                    authorize.requestMatchers("/prometheus").permitAll()
-                        .anyRequest().authenticated();
-                } else {
+                if (useBasicAuth) {
                     authorize.anyRequest().authenticated();
+                } else {
+                    authorize.anyRequest().permitAll();
                 }
             })
             .csrf(AbstractHttpConfigurer::disable);

diff --git a/runtime-acm/src/main/resources/application.yaml b/runtime-acm/src/main/resources/application.yaml
index 58e590b..0e2585d 100644 (file)
--- a/runtime-acm/src/main/resources/application.yaml
+++ b/runtime-acm/src/main/resources/application.yaml
@@ -28,10 +28,6 @@ spring:
       hibernate:
         format_sql: true
 
-metrics:
-  security:
-    disabled: false
-
 server:
   port: 6969
   servlet:

diff --git a/runtime-acm/src/test/resources/application-prometheus-noauth.yaml b/runtime-acm/src/test/resources/application-prometheus-noauth.yaml
index 620e753..57da3af 100644 (file)
--- a/runtime-acm/src/test/resources/application-prometheus-noauth.yaml
+++ b/runtime-acm/src/test/resources/application-prometheus-noauth.yaml
@@ -10,10 +10,6 @@ spring:
       ddl-auto: create
     open-in-view: false
 
-metrics:
-  security:
-    disabled: true
-
 server:
   servlet:
     context-path: /onap/policy/clamp/acm
@@ -52,4 +48,6 @@ tracing:
     protocol: http
   sampler:
     jaeger-remote:
-      endpoint: http://jaeger:14250
\ No newline at end of file
+      endpoint: http://jaeger:14250
+
+basicAuth: false
\ No newline at end of file

diff --git a/runtime-acm/src/test/resources/application-test.yaml b/runtime-acm/src/test/resources/application-test.yaml
index 5d616d5..31e5473 100644 (file)
--- a/runtime-acm/src/test/resources/application-test.yaml
+++ b/runtime-acm/src/test/resources/application-test.yaml
@@ -10,10 +10,6 @@ spring:
       ddl-auto: create
     open-in-view: false
 
-metrics:
-  security:
-    disabled: false
-
 server:
   servlet:
     context-path: /onap/policy/clamp/acm