Enable HTTP Basic AUTH

* Add quarkus-elytron-security-properties to enable application properties supporting plaintext http * Changes to `application.properties` to use openshift secrets in openshift env and pssaas:pssaas in dev * Clean up of old config options
2 years ago · a39b3f37cc
2 changed files with 17 additions and 18 deletions
--- a/pom.xml
+++ b/pom.xml
@ -97,6 +97,10 @@
      <artifactId>rest-client</artifactId>
      <version>2.5.1</version>
    </dependency>
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-elytron-security-properties-file</artifactId>
+    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-rest-client-reactive-jackson</artifactId>
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -1,25 +1,9 @@
 #Example deploy - mvn deploy -Dquarkus.profile=stage -Dquarkus.kubernetes.deploy=true
-# quarkus.rest-client."rest.CreateScanService".url=https://localhost:8080/
-# quarkus.rest-client."rest.CreateScanService".scope=javax.inject.Singleton
-
-# couchdb.name=scan-results
-# couchdb.url=https://localhost:5984
-
-# quarkus.hibernate-orm.database.generation=drop-and-create

 #temporary fix, we need to enable it with a working devservices setup
 %dev.quarkus.kerberos.enabled=false
-%dev.quarkus.security.auth.enabled-in-dev-mode=false
-#Also tried
-#%dev.quarkus.security.enabled=false
-#%dev.quarkus.http.auth.proactive=false
-#%dev.quarkus.http.auth.basic=false
-#%dev.quarkus.http.auth.permission.permit1.paths=/Ping/Ping
-#%dev.quarkus.http.auth.permission.permit1.policy=permit
-#%dev.quarkus.http.auth.permission.permit1.methods=GET,HEAD
-#%quarkus.arc.unremovable-types=io.quarkiverse.kerberos.*,io.quarkiverse.kerberos.KerberosPrincipal
-#%dev.quarkus.kerberos.keytab-path= HTTP_osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM.keytab
-#%dev.quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM
+%dev.quarkus.security.auth.enabled-in-dev-mode=true
+

 ##########################################
 #   Data Source                          #
@ -137,5 +121,16 @@ tekton.service-account=${quarkus.openshift.service-account}
 ##########################################
 pnc.api-url=http://orch.psi.redhat.com

+##########################################
+#   PSSaaS Kerberos bypass  (OSH-154)    #
+##########################################
+quarkus.http.auth.basic=true
+quarkus.security.users.embedded.enabled=true
+quarkus.security.users.embedded.plain-text=true

+quarkus.openshift.env.mapping.kerb-bypass-password.from-secret=kerb-bypass
+quarkus.openshift.env.mapping.kerb-bypass-password.with-key=PASSWORD

+%prod.quarkus.security.users.embedded.users.pssaas=${kerb-bypass-password}
+%stage.quarkus.security.users.embedded.users.pssaas=${kerb-bypass-password}
+%dev.quarkus.security.users.embedded.users.pssaas=pssaas