Disable Kerberos and other Auths in dev profile

Added a /ping endpoint to return "pong", this should help test auth If in dev: * Disables kerberos specific endpoint (runtime injection issues) * Disable Security altogether
3 years ago · 094c81bc47
5 changed files with 39 additions and 4 deletions
--- a/pom.xml
+++ b/pom.xml
@ -40,6 +40,11 @@
    <artifactId>tekton-client</artifactId>
    <version>6.7.2</version>
  </dependency>
+  <dependency>
+    <groupId>io.quarkiverse.kerberos</groupId>
+    <artifactId>quarkus-kerberos</artifactId>
+    <version>1.0.0</version>
+  </dependency>
  <dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-openshift</artifactId>
--- a/src/main/java/rest/CreateGetResource.java
+++ b/src/main/java/rest/CreateGetResource.java
@ -2,6 +2,8 @@ package rest;

 import dto.ConnectDB;
 import dto.ScanObj;
+import io.quarkus.arc.profile.UnlessBuildProfile;
+
 import io.quarkiverse.kerberos.KerberosPrincipal;
 import io.quarkus.security.Authenticated;
 import io.quarkus.security.identity.SecurityIdentity;
@ -59,4 +61,4 @@ public class CreateGetResource {
        }
        return Scans;
    }
-}
+}
--- a/src/main/java/rest/CreateScanResource.java
+++ b/src/main/java/rest/CreateScanResource.java
@ -9,13 +9,21 @@ import org.json.JSONObject;
 import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
+import javax.ws.rs.GET;
 import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+
 import java.net.URISyntaxException;
 import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;

+import io.quarkiverse.kerberos.KerberosPrincipal;
+import io.quarkus.security.Authenticated;
+import io.quarkus.security.identity.SecurityIdentity;
+
+@Authenticated
@Path("/")
 public class CreateScanResource {

@ -41,4 +49,11 @@ public class CreateScanResource {
        } 
        return scanObj;
    }
+
+    @Path("/ping")
+    @GET
+    @Produces("text/plain")
+    public String ping() {
+        return "pong";
+    }
 }
--- a/src/main/java/rest/UsersResource.java
+++ b/src/main/java/rest/UsersResource.java
@ -2,6 +2,7 @@ package rest;

 import dto.ConnectDB;
 import dto.ScanObj;
+import io.quarkus.arc.profile.UnlessBuildProfile;
 import io.quarkiverse.kerberos.KerberosPrincipal;
 import io.quarkus.security.Authenticated;
 import io.quarkus.security.identity.SecurityIdentity;
@ -19,6 +20,7 @@ import java.util.LinkedHashMap;
 import java.util.Set;
 import javax.ws.rs.Produces;

+@UnlessBuildProfile("dev")
@Path("/testKerberos")
@Authenticated
 public class UsersResource {
@ -33,4 +35,4 @@ public class UsersResource {
    public String me() {
        return identity.getPrincipal().getName();
    }
-}
+}
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -7,8 +7,19 @@

 # quarkus.hibernate-orm.database.generation=drop-and-create

-%dev.quarkus.kerberos.keytab-path= HTTP_osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM.keytab
-%dev.quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM
+#temporary fix, we need to enable it with a working devservices setup
+%dev.quarkus.kerberos.enabled=false
+%dev.quarkus.security.auth.enabled-in-dev-mode=false
+#Also tried
+#%dev.quarkus.security.enabled=false
+#%dev.quarkus.http.auth.proactive=false
+#%dev.quarkus.http.auth.basic=false
+#%dev.quarkus.http.auth.permission.permit1.paths=/Ping/Ping
+#%dev.quarkus.http.auth.permission.permit1.policy=permit
+#%dev.quarkus.http.auth.permission.permit1.methods=GET,HEAD
+#%quarkus.arc.unremovable-types=io.quarkiverse.kerberos.*,io.quarkiverse.kerberos.KerberosPrincipal
+#%dev.quarkus.kerberos.keytab-path= HTTP_osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM.keytab
+#%dev.quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM

 %stage.quarkus.openshift.name=osh
 %stage.quarkus.openshift.labels.env=stage