#144 Deliver prometheus auth token via env

vityaman-edu · Jun 17, 2024 · e7dc902 · e7dc902
1 parent 64bfb18
commit e7dc902
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 1 deletion.
diff --git a/botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/security/SpringJwtAuthManager.kt b/botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/security/SpringJwtAuthManager.kt
@@ -1,6 +1,7 @@
 package ru.vityaman.lms.botalka.app.spring.security
 
 import kotlinx.coroutines.reactor.mono
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.security.authentication.ReactiveAuthenticationManager
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.Authentication
@@ -16,6 +17,9 @@ import ru.vityaman.lms.botalka.core.security.auth.TokenService
 class SpringJwtAuthManager(
     private val tokens: TokenService,
     private val users: UserService,
+
+    @Value("\${security.token.special.prometheus}")
+    private val prometheusToken: String,
 ) : ReactiveAuthenticationManager {
     override fun authenticate(
         authentication: Authentication,
@@ -25,7 +29,7 @@ class SpringJwtAuthManager(
         authentication: Authentication,
     ): Authentication {
         val credentials = authentication.credentials.toString()
-        if (credentials == "prometheus-top-top-top-secret-token") {
+        if (credentials == prometheusToken) {
             return UsernamePasswordAuthenticationToken(null, null, null)
         }
 

diff --git a/botalka/src/main/resources/application-test.yml b/botalka/src/main/resources/application-test.yml
@@ -2,6 +2,8 @@ security:
   token:
     signing:
       secret: lms0security0token0signing0key0secret0very0very0very0long
+    special:
+      prometheus: prometheus-top-top-top-secret-token
 external:
   service:
     yandex:

diff --git a/botalka/src/main/resources/application.yml b/botalka/src/main/resources/application.yml
@@ -62,6 +62,8 @@ security:
     signing:
       secret: ${LMS_SECURITY_TOKEN_SIGNING_SECRET}
     duration: PT2H
+    special:
+      prometheus: ${LMS_PROMETHEUS_ACCESS_TOKEN}
 external:
   service:
     yandex:

diff --git a/compose.yml b/compose.yml
@@ -27,6 +27,7 @@ services:
       LMS_SECURITY_TOKEN_SIGNING_SECRET: ${LMS_SECURITY_TOKEN_SIGNING_SECRET?:err}
       LMS_TEST_TELEGRAM_BOT_API_TOKEN: ${LMS_TEST_TELEGRAM_BOT_API_TOKEN?:err}
       LMS_TEST_TELEGRAM_ADMIN_CHAT_ID: ${LMS_TEST_TELEGRAM_ADMIN_CHAT_ID?:err}
+      LMS_PROMETHEUS_ACCESS_TOKEN: ${LMS_PROMETHEUS_ACCESS_TOKEN?:err}
     networks:
       - lms-network
     depends_on:

diff --git a/infra/env/setup.sh b/infra/env/setup.sh
@@ -0,0 +1,7 @@
+cd "$(dirname "$0")"/../.. || exit
+
+. ./infra/env/local.sh
+. ./infra/env/secret.sh
+
+LMS_PROMETHEUS_ACCESS_TOKEN="$(bash ./infra/prometheus/extract_token.bash)"
+export LMS_PROMETHEUS_ACCESS_TOKEN
diff --git a/infra/prometheus/extract_token.bash b/infra/prometheus/extract_token.bash
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -e
+
+cd "$(dirname "$0")"/../..  || exit
+
+TOKEN="$(awk '$1=="credentials:"{print $2}' infra/prometheus/prometheus.yml)"
+TOKEN="${TOKEN:1:${#TOKEN} - 2}"
+echo "$TOKEN"