only setting up admin HTTP handlers if authentication is enabled

codeslayer1 · May 24, 2019 · 0e73b90 · 0e73b90
1 parent 15e193a
commit 0e73b90
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 25 deletions.
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
@@ -34,6 +34,8 @@ type AuthResponse struct {
 }
 
 type Authenticator interface {
+	// indicates whether authentication is enabled
+	Enabled() bool
 	Authenticate(req *AuthRequest) (*AuthResponse, error)
 	GenerateToken(u User) (*AuthResponse, error)
 }
@@ -68,6 +70,10 @@ var (
 	ErrUnauthorized = errors.New("unauthorized")
 )
 
+func (a *DefaultAuthenticator) Enabled() bool {
+	return a.opts.Username != "" && a.opts.Password != ""
+}
+
 func (a *DefaultAuthenticator) Authenticate(req *AuthRequest) (*AuthResponse, error) {
 
 	switch req.AuthType {

diff --git a/pkg/http/http.go b/pkg/http/http.go
@@ -121,38 +121,44 @@ func (s *TriggerServer) registerRoutes(mux *mux.Router) {
 		DebugHandler{}.AddRoutes(mux)
 	}
 
+	s.registerWebhookRoutes(mux)
+
 	// health endpoint for k8s to be happy
 	mux.HandleFunc("/healthz", s.healthHandler).Methods("GET", "OPTIONS")
 	// version handler
 	mux.HandleFunc("/version", s.versionHandler).Methods("GET", "OPTIONS")
 
-	// auth
-	mux.HandleFunc("/v1/auth/login", s.loginHandler).Methods("POST", "OPTIONS")
-	mux.HandleFunc("/v1/auth/info", s.requireAdminAuthorization(s.userInfoHandler)).Methods("GET", "OPTIONS")
-	mux.HandleFunc("/v1/auth/user", s.requireAdminAuthorization(s.userInfoHandler)).Methods("GET", "OPTIONS")
-	mux.HandleFunc("/v1/auth/logout", s.requireAdminAuthorization(s.logoutHandler)).Methods("POST", "GET", "OPTIONS")
-	mux.HandleFunc("/v1/auth/refresh", s.requireAdminAuthorization(s.refreshHandler)).Methods("GET", "OPTIONS")
-
-	// approvals
-	mux.HandleFunc("/v1/approvals", s.requireAdminAuthorization(s.approvalsHandler)).Methods("GET", "OPTIONS")
-	// approving/rejecting
-	mux.HandleFunc("/v1/approvals", s.requireAdminAuthorization(s.approvalApproveHandler)).Methods("POST", "OPTIONS")
-	// updating required approvals count
-	mux.HandleFunc("/v1/approvals", s.requireAdminAuthorization(s.approvalSetHandler)).Methods("PUT", "OPTIONS")
-
-	// available resources
-	mux.HandleFunc("/v1/resources", s.requireAdminAuthorization(s.resourcesHandler)).Methods("GET", "OPTIONS")
-
-	mux.HandleFunc("/v1/policies", s.requireAdminAuthorization(s.policyUpdateHandler)).Methods("PUT", "OPTIONS")
-
-	// tracked images
-	mux.HandleFunc("/v1/tracked", s.requireAdminAuthorization(s.trackedHandler)).Methods("GET", "OPTIONS")
-	mux.HandleFunc("/v1/audit", s.requireAdminAuthorization(s.adminAuditLogHandler)).Methods("GET", "OPTIONS")
-	mux.HandleFunc("/v1/stats", s.requireAdminAuthorization(s.statsHandler)).Methods("GET", "OPTIONS")
-
 	mux.Handle("/metrics", promhttp.Handler())
 
-	s.registerWebhookRoutes(mux)
+	if s.authenticator.Enabled() {
+		log.Info("authentication enabled, setting up admin HTTP handlers")
+		// auth
+		mux.HandleFunc("/v1/auth/login", s.loginHandler).Methods("POST", "OPTIONS")
+		mux.HandleFunc("/v1/auth/info", s.requireAdminAuthorization(s.userInfoHandler)).Methods("GET", "OPTIONS")
+		mux.HandleFunc("/v1/auth/user", s.requireAdminAuthorization(s.userInfoHandler)).Methods("GET", "OPTIONS")
+		mux.HandleFunc("/v1/auth/logout", s.requireAdminAuthorization(s.logoutHandler)).Methods("POST", "GET", "OPTIONS")
+		mux.HandleFunc("/v1/auth/refresh", s.requireAdminAuthorization(s.refreshHandler)).Methods("GET", "OPTIONS")
+
+		// approvals
+		mux.HandleFunc("/v1/approvals", s.requireAdminAuthorization(s.approvalsHandler)).Methods("GET", "OPTIONS")
+		// approving/rejecting
+		mux.HandleFunc("/v1/approvals", s.requireAdminAuthorization(s.approvalApproveHandler)).Methods("POST", "OPTIONS")
+		// updating required approvals count
+		mux.HandleFunc("/v1/approvals", s.requireAdminAuthorization(s.approvalSetHandler)).Methods("PUT", "OPTIONS")
+
+		// available resources
+		mux.HandleFunc("/v1/resources", s.requireAdminAuthorization(s.resourcesHandler)).Methods("GET", "OPTIONS")
+
+		mux.HandleFunc("/v1/policies", s.requireAdminAuthorization(s.policyUpdateHandler)).Methods("PUT", "OPTIONS")
+
+		// tracked images
+		mux.HandleFunc("/v1/tracked", s.requireAdminAuthorization(s.trackedHandler)).Methods("GET", "OPTIONS")
+		mux.HandleFunc("/v1/audit", s.requireAdminAuthorization(s.adminAuditLogHandler)).Methods("GET", "OPTIONS")
+		mux.HandleFunc("/v1/stats", s.requireAdminAuthorization(s.statsHandler)).Methods("GET", "OPTIONS")
+	} else {
+		log.Info("authentication is not enabled, admin HTTP handlers are not initialized")
+	}
+
 }
 
 func (s *TriggerServer) registerWebhookRoutes(mux *mux.Router) {