feat(auth): remove integrated auth, delegate to proxy

[andrewazores]

Welcome to Cryostat3! 👋

Before contributing, make sure you have:

• Read the contributing guidelines
• Linked a relevant issue which this PR resolves
• Linked any other relevant issues, PR's, or documentation, if any
• Resolved all conflicts, if any
• Rebased your branch PR on top of the latest upstream main branch
• Attached at least one of the following labels to the PR: [chore, ci, docs, feat, fix, test]
• Signed all commits using a GPG signature

To recreate commits with GPG signature git fetch upstream && git rebase --force --gpg-sign upstream/main

---

Related to #208
Depends on cryostatio/cryostat-web#1181

How to manually test:

1. Check out src/main/webui to -web PR above, then build cryostat3 container
2. smoketest.bash -OXgtb
3. After some time, http://localhost:8080 (note 8080, not 8181) should open in your browser. Use user:pass to log in. This is the new authenticating reverse proxy setup which handles authentication/authorization before the user reaches the actual application. The Cryostat server is still listening on port 8181, but you should not be able to reach that anymore - it is bound to localhost only and not exposed from the compose network to your host machine. You can also do ex. http --auth=user:pass :8080/api/v3/targets the same way you would previously have done http --auth=user:pass :8181/api/v3/targets. In any case, this change should be more or less transparent, other than the login screen looking different.

[github-actions]

This PR/issue depends on:

• feat(auth): remove auth negotiation and JMX credentials passthrough cryostat-web#1181
  By Dependent Issues (🤖). Happy coding!

[andrewazores]

/build_test

[github-actions]

Workflow started at 12/14/2023, 10:42:07 AM. View Actions Run.

[github-actions]

CI build and push: All tests pass ✅
https://github.com/cryostatio/cryostat3/actions/runs/7211175159

[github-actions]

CI build and push: All tests pass ✅
https://github.com/cryostatio/cryostat3/actions/runs/7211175159

[andrewazores]

/build_test

[github-actions]

Workflow started at 12/14/2023, 11:47:41 AM. View Actions Run.

[github-actions]

CI build and push: All tests pass ✅
https://github.com/cryostatio/cryostat3/actions/runs/7211943785

[github-actions]

CI build and push: All tests pass ✅
https://github.com/cryostatio/cryostat3/actions/runs/7211943785

[andrewazores]

/build_test

[github-actions]

Workflow started at 12/15/2023, 4:42:45 PM. View Actions Run.

[github-actions]

CI build and push: All tests pass ✅
https://github.com/cryostatio/cryostat3/actions/runs/7227326532

[github-actions]

CI build and push: All tests pass ✅
https://github.com/cryostatio/cryostat3/actions/runs/7227326532

[andrewazores]

/build_test

might not work due to #216

[github-actions]

Workflow started at 12/19/2023, 4:07:00 PM. View Actions Run.

[github-actions]

CI build and push: At least one test failed ❌
https://github.com/cryostatio/cryostat3/actions/runs/7267574753

[github-actions]

CI build and push: All tests pass ✅
https://github.com/cryostatio/cryostat3/actions/runs/7267574753

[ebaron]

Looks good. I noticed the integration tests failed, but it looked like something to do with the web-client. I'm assuming that needs to be fixed once both pieces are merged?

[andrewazores]

I think the tests should pass when both this PR and cryostatio/cryostat-web#1181 are merged - they are mutually dependent.

[andrewazores]

Otherwise, there are currently unrelated CI test failures: #216

[mwangggg]

miwang@unused-10-15-17-161 ~/W/cryostat (main)> podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 400d44328e35 quay.io/cryostat/cryostat-db:latest postgres -c fsync... 20 hours ago Up 20 hours 0.0.0.0:37317->5432/tcp gracious_murdock 9f5ac74463ce quay.io/cryostat/cryostat-db:latest postgres -c fsync... 20 hours ago Up 20 hours 0.0.0.0:34817->5432/tcp gallant_moser e763385abad5 quay.io/cryostat/cryostat-db:latest postgres -c fsync... 20 hours ago Up 20 hours 0.0.0.0:38865->5432/tcp interesting_chandrasekhar 1e002c603591 quay.io/cryostat/cryostat-db:latest postgres -c fsync... 20 hours ago Up 20 hours 0.0.0.0:34821->5432/tcp lucid_poitras 2c5fe61acbc0 quay.io/cryostat/cryostat-db:latest postgres -c fsync... 20 hours ago Up 20 hours 0.0.0.0:45959->5432/tcp youthful_elgamal e7e66a69b8e1 quay.io/cryostat/cryostat-db:latest postgres -c fsync... 32 minutes ago Up 32 minutes 0.0.0.0:38837->5432/tcp dreamy_booth
I can see that the cryostat-db containers are still up and running even after I stop the smoketest.bash script. Should there be something in cleanup that stops them?

[andrewazores]

I noticed the lingering database containers before, but it seems to me these get left behind by test runs (mvn test or mvn verify) rather than the smoketest compose setup. Could you double check what's leaving them behind? It should be safe to clean those up with podman kill and podman rm manually first.

[mwangggg]

Ah yes I just checked and it's not because of the smoketest.bash script

[andrewazores]

See #221

[mwangggg]

looks good to me