feat(discoveryplugin): look up plugin callback credentials in database (

#1377)

* feat(discoveryplugin): copy callback userinfo to auth header, if any

* fix failed callback ping handling bug

* handle plugins refreshing with new userinfo in callback

* use callback userinfo scheme to reference stored credentials for plugin ping auth

* fix needless boxing

* remove no longer used methods

* configure samples to prefer JMX. one has it enabled, the other does not

smoketest.sh

@@ -152,6 +152,7 @@ runDemoApps() {
         --env CRYOSTAT_AGENT_BASEURI="${protocol}://localhost:${webPort}/" \
         --env CRYOSTAT_AGENT_TRUST_ALL="true" \
         --env CRYOSTAT_AGENT_AUTHORIZATION="Basic $(echo user:pass | base64)" \
+        --env CRYOSTAT_AGENT_REGISTRATION_PREFER_JMX="true" \
         --env CRYOSTAT_AGENT_HARVESTER_PERIOD_MS=60000 \
         --env CRYOSTAT_AGENT_HARVESTER_MAX_FILES=10 \
         --rm -d quay.io/andrewazores/quarkus-test:latest
@@ -171,6 +172,7 @@ runDemoApps() {
         --env CRYOSTAT_AGENT_BASEURI="${protocol}://localhost:${webPort}/" \
         --env CRYOSTAT_AGENT_TRUST_ALL="true" \
         --env CRYOSTAT_AGENT_AUTHORIZATION="Basic $(echo user:pass | base64)" \
+        --env CRYOSTAT_AGENT_REGISTRATION_PREFER_JMX="true" \
         --rm -d quay.io/andrewazores/quarkus-test:latest
 
     # copy a jboss-client.jar into /clientlib first

src/main/java/io/cryostat/configuration/CredentialsManager.java

@@ -214,6 +214,10 @@ public Optional<String> get(int id) {
         return dao.get(id).map(StoredCredentials::getMatchExpression);
     }
 
+    public Optional<StoredCredentials> getById(int id) {
+        return dao.get(id);
+    }
+
     public Set<ServiceRef> resolveMatchingTargets(int id) {
         Optional<String> matchExpression = get(id);
         if (matchExpression.isEmpty()) {

src/main/java/io/cryostat/configuration/StoredCredentials.java

@@ -89,15 +89,15 @@ public class StoredCredentials {
         this(0, matchExpression, credentials);
     }
 
-    String getMatchExpression() {
+    public String getMatchExpression() {
         return this.matchExpression;
     }
 
     public int getId() {
         return id;
     }
 
-    Credentials getCredentials() {
+    public Credentials getCredentials() {
         return new Credentials(username, password);
     }
 

src/main/java/io/cryostat/discovery/DiscoveryStorage.java

@@ -54,6 +54,7 @@
 
 import io.cryostat.VerticleDeployer;
 import io.cryostat.configuration.CredentialsManager;
+import io.cryostat.configuration.StoredCredentials;
 import io.cryostat.core.log.Logger;
 import io.cryostat.core.net.discovery.JvmDiscoveryClient.EventKind;
 import io.cryostat.net.web.http.AbstractAuthenticatedRequestHandler;
@@ -73,9 +74,13 @@
 import io.vertx.core.CompositeFuture;
 import io.vertx.core.Future;
 import io.vertx.core.Promise;
+import io.vertx.core.buffer.Buffer;
 import io.vertx.core.http.HttpMethod;
+import io.vertx.ext.auth.authentication.UsernamePasswordCredentials;
+import io.vertx.ext.web.client.HttpRequest;
 import io.vertx.ext.web.client.HttpResponse;
 import io.vertx.ext.web.client.WebClient;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 
 public class DiscoveryStorage extends AbstractPlatformClientVerticle {
@@ -205,11 +210,33 @@ private Future<Boolean> ping(HttpMethod mtd, URI uri) {
         if (Objects.equals(uri, NO_CALLBACK)) {
             return Future.succeededFuture(true);
         }
-        return http.request(mtd, uri.getPort(), uri.getHost(), uri.getPath())
-                .ssl("https".equals(uri.getScheme()))
-                .timeout(1_000)
-                .followRedirects(true)
-                .send()
+        HttpRequest<Buffer> req =
+                http.request(mtd, uri.getPort(), uri.getHost(), uri.getPath())
+                        .ssl("https".equals(uri.getScheme()))
+                        .timeout(1_000)
+                        .followRedirects(true);
+        String userInfo = uri.getUserInfo();
+        if (StringUtils.isNotBlank(userInfo) && userInfo.contains(":")) {
+            String[] parts = userInfo.split(":");
+            if ("storedcredentials".equals(parts[0])) {
+                logger.info(
+                        "Using stored credentials id:{} referenced in ping callback userinfo",
+                        parts[1]);
+                Optional<StoredCredentials> opt =
+                        credentialsManager.get().getById(Integer.parseInt(parts[1]));
+                if (opt.isEmpty()) {
+                    logger.warn("Could not find such credentials!");
+                    return Future.succeededFuture(false);
+                }
+                StoredCredentials credentials = opt.get();
+                req =
+                        req.authentication(
+                                new UsernamePasswordCredentials(
+                                        credentials.getCredentials().getUsername(),
+                                        credentials.getCredentials().getPassword()));
+            }
+        }
+        return req.send()
                 .onComplete(
                         ar -> {
                             if (ar.failed()) {
@@ -246,7 +273,8 @@ public UUID register(String realm, URI callback) throws RegistrationException {
         Objects.requireNonNull(realm, "realm");
         try {
             CompletableFuture<Boolean> cf = new CompletableFuture<>();
-            ping(HttpMethod.GET, callback).onComplete(ar -> cf.complete(ar.succeeded()));
+            ping(HttpMethod.GET, callback)
+                    .onComplete(ar -> cf.complete(ar.succeeded() && ar.result()));
             if (!cf.get()) {
                 throw new Exception("callback ping failure");
             }