SONAR-15688 add prometheus web API endpoint

author: Pierre <pierre.guillot@sonarsource.com> 2021-11-30 11:01:21 +0100
committer: sonartech <sonartech@sonarsource.com> 2021-12-07 20:03:17 +0000
commit: 05f25e35b7b489874e8c0cf24ea70196dee90ddb (patch)
tree: 51e524eafd5b24d2c6a9594ce2a643848936050b /server/sonar-webserver-auth/src
parent: 645467493df74d9569cd27d8ffd3da993ab5595c (diff)
download: sonarqube-05f25e35b7b489874e8c0cf24ea70196dee90ddb.tar.gz
sonarqube-05f25e35b7b489874e8c0cf24ea70196dee90ddb.zip
4 files changed, 127 insertions, 1 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
index fd82dca2318..3cdb9e30dce 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java
@@ -63,7 +63,8 @@ public class UserSessionInitializer {
     "/api/ce/info", "/api/ce/pause",
     "/api/ce/resume", "/api/system/health",
     "/api/system/analytics", "/api/system/migrate_es",
-    "/api/system/liveness");
+    "/api/system/liveness",
+    "/api/monitoring/metrics");
 
   private static final UrlPattern URL_PATTERN = UrlPattern.builder()
     .includes("/*")
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/BearerPasscode.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/BearerPasscode.java
new file mode 100644
index 00000000000..1eaa485845e
--- /dev/null
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/BearerPasscode.java
@@ -0,0 +1,53 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2021 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.user;
+
+import java.util.Optional;
+import org.apache.commons.lang.StringUtils;
+import org.sonar.api.config.Configuration;
+import org.sonar.api.server.ws.Request;
+
+import static org.sonar.process.ProcessProperties.Property.WEB_SYSTEM_PASS_CODE;
+
+public class BearerPasscode {
+
+  public static final String PASSCODE_HTTP_HEADER = "Authorization";
+
+  private final Configuration configuration;
+
+  public BearerPasscode(Configuration configuration) {
+    this.configuration = configuration;
+  }
+
+  public boolean isValid(Request request) {
+    Optional<String> passcodeOpt = configuration.get(WEB_SYSTEM_PASS_CODE.getKey()).map(StringUtils::trimToNull);
+
+    if (passcodeOpt.isEmpty()) {
+      return false;
+    }
+
+    String configuredPasscode = passcodeOpt.get();
+    return request.header(PASSCODE_HTTP_HEADER)
+      .map(s -> s.replace("Bearer ", ""))
+      .map(configuredPasscode::equals)
+      .orElse(false);
+  }
+
+}
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java
index 36daa93dba6..cb045d683e3 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java
@@ -104,6 +104,7 @@ public class UserSessionInitializerTest {
     assertPathIsIgnoredWithAnonymousAccess("/api/ce/resume");
     assertPathIsIgnoredWithAnonymousAccess("/api/system/health");
     assertPathIsIgnoredWithAnonymousAccess("/api/system/liveness");
+    assertPathIsIgnoredWithAnonymousAccess("/api/monitoring/metrics");
 
     // exclude static resources
     assertPathIsIgnored("/css/style.css");
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/BearerPasscodeTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/BearerPasscodeTest.java
new file mode 100644
index 00000000000..2a429bbed94
--- /dev/null
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/BearerPasscodeTest.java
@@ -0,0 +1,71 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2021 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.user;
+
+import org.junit.Test;
+import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.impl.ws.SimpleGetRequest;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class BearerPasscodeTest {
+
+  private final MapSettings settings = new MapSettings();
+  private final BearerPasscode underTest = new BearerPasscode(settings.asConfig());
+
+  @Test
+  public void isValid_is_true_if_request_header_matches_configured_passcode() {
+    verifyIsValid(true, "foo", "foo");
+  }
+
+  @Test
+  public void isValid_is_false_if_request_header_matches_configured_passcode_with_different_case() {
+    verifyIsValid(false, "foo", "FOO");
+  }
+
+  @Test
+  public void isValid_is_false_if_request_header_does_not_match_configured_passcode() {
+    verifyIsValid(false, "foo", "bar");
+  }
+
+  @Test
+  public void isValid_is_false_if_request_header_is_defined_but_passcode_is_not_configured() {
+    verifyIsValid(false, null, "foo");
+  }
+
+  @Test
+  public void isValid_is_false_if_request_header_is_empty() {
+    verifyIsValid(false, "foo", "");
+  }
+
+  private void verifyIsValid(boolean expectedResult, String configuredPasscode, String token) {
+    configurePasscode(configuredPasscode);
+
+    SimpleGetRequest request = new SimpleGetRequest();
+    request.setHeader("Authorization", "Bearer " + token);
+
+    assertThat(underTest.isValid(request)).isEqualTo(expectedResult);
+  }
+
+  private void configurePasscode(String propertyValue) {
+    settings.setProperty("sonar.web.systemPasscode", propertyValue);
+  }
+
+}
author	Pierre <pierre.guillot@sonarsource.com>	2021-11-30 11:01:21 +0100
committer	sonartech <sonartech@sonarsource.com>	2021-12-07 20:03:17 +0000
commit	05f25e35b7b489874e8c0cf24ea70196dee90ddb (patch)
tree	51e524eafd5b24d2c6a9594ce2a643848936050b /server/sonar-webserver-auth/src
parent	645467493df74d9569cd27d8ffd3da993ab5595c (diff)
download	sonarqube-05f25e35b7b489874e8c0cf24ea70196dee90ddb.tar.gz sonarqube-05f25e35b7b489874e8c0cf24ea70196dee90ddb.zip