fix actuator security config for sync service

admin-ch · Mar 9, 2022 · 52b05e4 · 52b05e4
1 parent 302c3a5
commit 52b05e4
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 41 deletions.
diff --git a/...ain/java/ch/admin/bag/covidcertificate/backend/verifier/sync/config/ActuatorSecurity.java b/...ain/java/ch/admin/bag/covidcertificate/backend/verifier/sync/config/ActuatorSecurity.java
@@ -10,13 +10,11 @@
 
 package ch.admin.bag.covidcertificate.backend.verifier.sync.config;
 
-import ch.admin.bag.covidcertificate.backend.verifier.sync.config.configbeans.ActuatorSecurityConfig;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.actuate.health.HealthEndpoint;
 import org.springframework.boot.actuate.info.InfoEndpoint;
 import org.springframework.boot.actuate.logging.LoggersEndpoint;
 import org.springframework.boot.actuate.metrics.export.prometheus.PrometheusScrapeEndpoint;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.core.Ordered;
@@ -40,11 +38,6 @@ public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
     @Value("${sync.monitor.prometheus.password}")
     private String password;
 
-    @Bean
-    ActuatorSecurityConfig passwordDefault() {
-        return new ActuatorSecurityConfig(user, password);
-    }
-
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.requestMatcher(
@@ -75,12 +68,10 @@ protected void configure(HttpSecurity http) throws Exception {
         http.csrf().ignoringAntMatchers("/actuator/loggers/**");
     }
 
-    protected void configureGlobal(
-            AuthenticationManagerBuilder auth, ActuatorSecurityConfig securityConfig)
-            throws Exception {
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth.inMemoryAuthentication()
-                .withUser(securityConfig.getUsername())
-                .password(securityConfig.getPassword())
+                .withUser(user)
+                .password(password)
                 .roles(PROMETHEUS_ROLE);
     }
 }
diff --git a/...bag/covidcertificate/backend/verifier/sync/config/configbeans/ActuatorSecurityConfig.java b/...bag/covidcertificate/backend/verifier/sync/config/configbeans/ActuatorSecurityConfig.java
diff --git a/...c/test/java/ch/admin/bag/covidcertificate/backend/verifier/sync/syncer/DgcSyncerTest.java b/...c/test/java/ch/admin/bag/covidcertificate/backend/verifier/sync/syncer/DgcSyncerTest.java
@@ -17,6 +17,8 @@
 import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
 import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo;
 import static org.springframework.test.web.client.response.MockRestResponseCreators.withStatus;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import ch.admin.bag.covidcertificate.backend.verifier.data.VerifierDataService;
 import ch.admin.bag.covidcertificate.backend.verifier.model.exception.DgcSyncException;
@@ -28,12 +30,23 @@
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.client.ExpectedCount;
 import org.springframework.test.web.client.MockRestServiceServer;
+import org.springframework.test.web.servlet.MockMvc;
 
+@SpringBootTest(
+        properties = {
+                "sync.monitor.prometheus.user=prometheus",
+                "sync.monitor.prometheus.password={bcrypt}$2y$10$umg27y0QSdCFuCBP6ibxdeR3CssS7TD5GjjikcLi5sUG1uSK9qe/.",
+                "management.endpoints.enabled-by-default=true",
+                "management.endpoints.web.exposure.include=*"
+        })
+@ActiveProfiles({"actuator-security"})
 class DgcSyncerTest extends BaseDgcTest {
 
     private final String TEST_JSON_CSCA = "src/test/resources/csca.json";
@@ -61,6 +74,31 @@ class DgcSyncerTest extends BaseDgcTest {
     @Autowired DgcCertSyncer dgcSyncer;
 
     @Autowired VerifierDataService verifierDataService;
+    @Autowired MockMvc mockMvc;
+
+    @Test
+    public void testActuatorSecurity() throws Exception {
+        var response =
+                mockMvc.perform(get("/actuator/health"))
+                        .andExpect(status().is2xxSuccessful())
+                        .andReturn()
+                        .getResponse();
+        response =
+                mockMvc.perform(get("/actuator/loggers"))
+                        .andExpect(status().is(401))
+                        .andReturn()
+                        .getResponse();
+        response =
+                mockMvc.perform(
+                                get("/actuator/loggers")
+                                        .header(
+                                                "Authorization",
+                                                "Basic cHJvbWV0aGV1czpwcm9tZXRoZXVz"))
+                        .andExpect(status().isOk())
+                        .andReturn()
+                        .getResponse();
+    }
+
 
     @Test
     void downloadTest() throws Exception {