From: gururajarao79 Date: Mon, 21 Apr 2025 15:15:23 +0000 (+0200) Subject: secure endpoints X-Git-Tag: 1.0.5~5 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=8d8627b922df484d7733f1c1c89a318ecd2389a5;p=policy%2Fopa-pdp.git secure endpoints Issue-ID: POLICY-5340 Change-Id: Id4c71dbd76aa2c7427e683ce63a8ba999826e946 Signed-off-by: gururajarao79 --- diff --git a/api/register-handlers.go b/api/register-handlers.go index f7ec9d9..1bd1815 100644 --- a/api/register-handlers.go +++ b/api/register-handlers.go @@ -27,7 +27,6 @@ import ( "policy-opa-pdp/pkg/data" "policy-opa-pdp/pkg/decision" "policy-opa-pdp/pkg/healthcheck" - "policy-opa-pdp/pkg/log" "policy-opa-pdp/pkg/metrics" "policy-opa-pdp/pkg/opasdk" "time" @@ -42,10 +41,6 @@ func RegisterHandlers() { opaDecisionHandler := http.HandlerFunc(decision.OpaDecision) http.Handle("/policy/pdpo/v1/decision", basicAuth(trackDecisionResponseTime(opaDecisionHandler))) - // Handler for kubernetes readiness probe - readinessProbeHandler := http.HandlerFunc(readinessProbe) - http.Handle("/ready", readinessProbeHandler) - // Handler for health checks healthCheckHandler := http.HandlerFunc(healthcheck.HealthCheckHandler) http.HandleFunc("/policy/pdpo/v1/healthcheck", basicAuth(healthCheckHandler)) @@ -55,16 +50,20 @@ func RegisterHandlers() { http.HandleFunc("/policy/pdpo/v1/statistics", basicAuth(statisticsReportHandler)) listPoliciesHandler := http.HandlerFunc(opasdk.ListPolicies) - http.Handle("/opa/listpolicies", listPoliciesHandler) + http.Handle("/opa/listpolicies", basicAuth(listPoliciesHandler)) dataHandler := http.HandlerFunc(data.DataHandler) http.Handle("/policy/pdpo/v1/data/", basicAuth(trackDataResponseTime(dataHandler))) http.Handle("/policy/pdpo/v1/data", basicAuth(trackDataResponseTime(dataHandler))) - //Handler for prometheus - http.Handle("/metrics", promhttp.Handler()) + http.Handle("/metrics", basicAuth(http.HandlerFunc(metricsHandler))) + +} +// Define the metrics handler function +func metricsHandler(w http.ResponseWriter, r *http.Request) { + promhttp.Handler().ServeHTTP(w, r) } //Track Decision response time metrics @@ -105,12 +104,3 @@ func validateCredentials(username, password string) bool { validPass := cfg.Password return username == validUser && password == validPass } - -// handles readiness probe endpoint -func readinessProbe(res http.ResponseWriter, req *http.Request) { - res.WriteHeader(http.StatusOK) - _, err := res.Write([]byte("Ready")) - if err != nil { - log.Errorf("Failed to write response: %v", err) - } -} diff --git a/api/register-handlers_test.go b/api/register-handlers_test.go index 2e682a0..92ad776 100644 --- a/api/register-handlers_test.go +++ b/api/register-handlers_test.go @@ -45,7 +45,6 @@ func TestRegisterHandlers(t *testing.T) { statusCode int }{ {"/policy/pdpo/v1/decision", decision.OpaDecision, http.StatusUnauthorized}, - {"/ready", readinessProbe, http.StatusOK}, {"/policy/pdpo/v1/healthcheck", healthcheck.HealthCheckHandler, http.StatusUnauthorized}, } @@ -95,26 +94,6 @@ func TestBasicAuth(t *testing.T) { } } -func TestReadinessProbe(t *testing.T) { - req, err := http.NewRequest("GET", "/ready", nil) - if err != nil { - t.Fatalf("Failed to create request: %v", err) - } - - rr := httptest.NewRecorder() - handler := http.HandlerFunc(readinessProbe) - handler.ServeHTTP(rr, req) - - if status := rr.Code; status != http.StatusOK { - t.Errorf("readinessProbe returned wrong status code: got %v want %v", status, http.StatusOK) - } - - expected := "Ready" - if rr.Body.String() != expected { - t.Errorf("readinessProbe returned unexpected body: got %v want %v", rr.Body.String(), expected) - } -} - type mockObserver struct { observedDuration float64