feat: allow trustification to use default authentication

deploy/exhort.yaml

@@ -35,6 +35,16 @@ spec:
             secretKeyRef:
               name: exhort-secret
               key: api-snyk-token
+        - name: API_OSSINDEX_TRUSTIFICATION_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: exhort-secret
+              key: api-ossindex-trustification-token
+        - name: API_OSSINDEX_TRUSTIFICATION_USER
+          valueFrom:
+            secretKeyRef:
+              name: exhort-secret
+              key: api-ossindex-trustification-user  
         - name: MONITORING_ENABLED
           value: "true"
         - name: MONITORING_SENTRY_DSN

deploy/openshift/template.yaml

@@ -148,6 +148,16 @@ objects:
                     secretKeyRef:
                       name: exhort-secret
                       key: api-snyk-token
+                - name: API_OSSINDEX_TRUSTIFICATION_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: exhort-secret
+                      key: api-ossindex-trustification-token
+                - name: API_OSSINDEX_TRUSTIFICATION_USER
+                  valueFrom:
+                    secretKeyRef:
+                      name: exhort-secret
+                      key: api-ossindex-trustification-user               
                 - name: TELEMETRY_WRITE_KEY
                   valueFrom:
                     secretKeyRef:

src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexIntegration.java

@@ -20,6 +20,7 @@
 
 import java.util.Base64;
 import java.util.List;
+import java.util.Optional;
 
 import org.apache.camel.Exchange;
 import org.apache.camel.builder.AggregationStrategies;
@@ -39,9 +40,17 @@
 @ApplicationScoped
 public class OssIndexIntegration extends EndpointRouteBuilder {
 
-  @ConfigProperty(name = "api.ossindex.timeout", defaultValue = "1000s")
+  private static final String TRUSTIFICATION_SOURCE = "trustification";
+
+  @ConfigProperty(name = "api.ossindex.timeout", defaultValue = "10s")
   String timeout;
 
+  @ConfigProperty(name = "api.ossindex.trustification.user")
+  Optional<String> trustificationUser;
+
+  @ConfigProperty(name = "api.ossindex.trustification.token")
+  Optional<String> trustificationToken;
+
   @Inject VulnerabilityProvider vulnerabilityProvider;
 
   @Inject OssIndexResponseHandler responseHandler;
@@ -55,6 +64,7 @@ public void configure() {
     from(direct("ossIndexScan"))
       .routeId("ossIndexScan")
       .transform(method(OssIndexRequestBuilder.class, "split"))
+      .process(this::authenticateTrustificationSource)
       .choice()
         .when(method(OssIndexRequestBuilder.class, "missingAuthHeaders"))
           .setBody(method(OssIndexResponseHandler.class, "unauthenticatedResponse"))
@@ -117,4 +127,17 @@ private void processComponentRequest(Exchange exchange) {
     message.removeHeader(Constants.OSS_INDEX_USER_HEADER);
     message.removeHeader(Constants.OSS_INDEX_TOKEN_HEADER);
   }
+
+  private void authenticateTrustificationSource(Exchange exchange) {
+    var headers = exchange.getIn().getHeaders();
+    var source = headers.get(Constants.RHDA_SOURCE_HEADER);
+    if (!TRUSTIFICATION_SOURCE.equals(source)) {
+      return;
+    }
+    if (!headers.containsKey(Constants.OSS_INDEX_USER_HEADER)
+        && !headers.containsKey(Constants.OSS_INDEX_TOKEN_HEADER)) {
+      headers.put(Constants.OSS_INDEX_USER_HEADER, trustificationUser.orElse(null));
+      headers.put(Constants.OSS_INDEX_TOKEN_HEADER, trustificationToken.orElse(null));
+    }
+  }
 }