From a39b3f37cce2a958c3e333d7a351e8301ee356c4 Mon Sep 17 00:00:00 2001
From: Jonathan Christison <jochrist@redhat.com>
Date: Tue, 25 Jul 2023 16:34:38 +0100
Subject: [PATCH] Enable HTTP Basic AUTH

* Add quarkus-elytron-security-properties to enable application properties supporting plaintext http
* Changes to `application.properties` to use openshift secrets in openshift env and pssaas:pssaas in dev
* Clean up of old config options
---
 pom.xml                                   |  4 +++
 src/main/resources/application.properties | 31 ++++++++++-------------
 2 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/pom.xml b/pom.xml
index 83453dc..5dadb77 100644
--- a/pom.xml
+++ b/pom.xml
@@ -97,6 +97,10 @@
       <artifactId>rest-client</artifactId>
       <version>2.5.1</version>
     </dependency>
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-elytron-security-properties-file</artifactId>
+    </dependency>
     <dependency>
       <groupId>io.quarkus</groupId>
       <artifactId>quarkus-rest-client-reactive-jackson</artifactId>
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index fa430cf..e043045 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,25 +1,9 @@
 #Example deploy - mvn deploy -Dquarkus.profile=stage -Dquarkus.kubernetes.deploy=true
-# quarkus.rest-client."rest.CreateScanService".url=https://localhost:8080/
-# quarkus.rest-client."rest.CreateScanService".scope=javax.inject.Singleton
-
-# couchdb.name=scan-results
-# couchdb.url=https://localhost:5984
-
-# quarkus.hibernate-orm.database.generation=drop-and-create
 
 #temporary fix, we need to enable it with a working devservices setup
 %dev.quarkus.kerberos.enabled=false
-%dev.quarkus.security.auth.enabled-in-dev-mode=false
-#Also tried
-#%dev.quarkus.security.enabled=false
-#%dev.quarkus.http.auth.proactive=false
-#%dev.quarkus.http.auth.basic=false
-#%dev.quarkus.http.auth.permission.permit1.paths=/Ping/Ping
-#%dev.quarkus.http.auth.permission.permit1.policy=permit
-#%dev.quarkus.http.auth.permission.permit1.methods=GET,HEAD
-#%quarkus.arc.unremovable-types=io.quarkiverse.kerberos.*,io.quarkiverse.kerberos.KerberosPrincipal
-#%dev.quarkus.kerberos.keytab-path= HTTP_osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM.keytab
-#%dev.quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM
+%dev.quarkus.security.auth.enabled-in-dev-mode=true
+
 
 ##########################################
 #   Data Source                          #
@@ -137,5 +121,16 @@ tekton.service-account=${quarkus.openshift.service-account}
 ##########################################
 pnc.api-url=http://orch.psi.redhat.com
 
+##########################################
+#   PSSaaS Kerberos bypass  (OSH-154)    #
+##########################################
+quarkus.http.auth.basic=true
+quarkus.security.users.embedded.enabled=true
+quarkus.security.users.embedded.plain-text=true
 
+quarkus.openshift.env.mapping.kerb-bypass-password.from-secret=kerb-bypass
+quarkus.openshift.env.mapping.kerb-bypass-password.with-key=PASSWORD
 
+%prod.quarkus.security.users.embedded.users.pssaas=${kerb-bypass-password}
+%stage.quarkus.security.users.embedded.users.pssaas=${kerb-bypass-password}
+%dev.quarkus.security.users.embedded.users.pssaas=pssaas