diff --git a/deploy/exhort.yaml b/deploy/exhort.yaml index 01d65d1f..49c288ce 100644 --- a/deploy/exhort.yaml +++ b/deploy/exhort.yaml @@ -35,6 +35,16 @@ spec: secretKeyRef: name: exhort-secret key: api-snyk-token + - name: API_OSSINDEX_TRUSTIFICATION_TOKEN + valueFrom: + secretKeyRef: + name: exhort-secret + key: api-ossindex-trustification-token + - name: API_OSSINDEX_TRUSTIFICATION_USER + valueFrom: + secretKeyRef: + name: exhort-secret + key: api-ossindex-trustification-user - name: MONITORING_ENABLED value: "true" - name: MONITORING_SENTRY_DSN diff --git a/deploy/openshift/template.yaml b/deploy/openshift/template.yaml index bea66dab..df9b50b2 100644 --- a/deploy/openshift/template.yaml +++ b/deploy/openshift/template.yaml @@ -148,6 +148,16 @@ objects: secretKeyRef: name: exhort-secret key: api-snyk-token + - name: API_OSSINDEX_TRUSTIFICATION_TOKEN + valueFrom: + secretKeyRef: + name: exhort-secret + key: api-ossindex-trustification-token + - name: API_OSSINDEX_TRUSTIFICATION_USER + valueFrom: + secretKeyRef: + name: exhort-secret + key: api-ossindex-trustification-user - name: TELEMETRY_WRITE_KEY valueFrom: secretKeyRef: diff --git a/src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexIntegration.java b/src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexIntegration.java index b834c59a..2598b887 100644 --- a/src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexIntegration.java +++ b/src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexIntegration.java @@ -20,6 +20,7 @@ import java.util.Base64; import java.util.List; +import java.util.Optional; import org.apache.camel.Exchange; import org.apache.camel.builder.AggregationStrategies; @@ -39,9 +40,17 @@ @ApplicationScoped public class OssIndexIntegration extends EndpointRouteBuilder { - @ConfigProperty(name = "api.ossindex.timeout", defaultValue = "1000s") + private static final String TRUSTIFICATION_SOURCE = "trustification"; + + @ConfigProperty(name = "api.ossindex.timeout", defaultValue = "10s") String timeout; + @ConfigProperty(name = "api.ossindex.trustification.user") + Optional trustificationUser; + + @ConfigProperty(name = "api.ossindex.trustification.token") + Optional trustificationToken; + @Inject VulnerabilityProvider vulnerabilityProvider; @Inject OssIndexResponseHandler responseHandler; @@ -55,6 +64,7 @@ public void configure() { from(direct("ossIndexScan")) .routeId("ossIndexScan") .transform(method(OssIndexRequestBuilder.class, "split")) + .process(this::authenticateTrustificationSource) .choice() .when(method(OssIndexRequestBuilder.class, "missingAuthHeaders")) .setBody(method(OssIndexResponseHandler.class, "unauthenticatedResponse")) @@ -117,4 +127,17 @@ private void processComponentRequest(Exchange exchange) { message.removeHeader(Constants.OSS_INDEX_USER_HEADER); message.removeHeader(Constants.OSS_INDEX_TOKEN_HEADER); } + + private void authenticateTrustificationSource(Exchange exchange) { + var headers = exchange.getIn().getHeaders(); + var source = headers.get(Constants.RHDA_SOURCE_HEADER); + if (!TRUSTIFICATION_SOURCE.equals(source)) { + return; + } + if (!headers.containsKey(Constants.OSS_INDEX_USER_HEADER) + && !headers.containsKey(Constants.OSS_INDEX_TOKEN_HEADER)) { + headers.put(Constants.OSS_INDEX_USER_HEADER, trustificationUser.orElse(null)); + headers.put(Constants.OSS_INDEX_TOKEN_HEADER, trustificationToken.orElse(null)); + } + } }