fix(credentials): query for Agent HTTP credentials without specific userinfo

[andrewazores]

Welcome to Cryostat! 👋

Before contributing, make sure you have:

• Read the contributing guidelines
• Linked a relevant issue which this PR resolves
• Linked any other relevant issues, PR's, or documentation, if any
• Resolved all conflicts, if any
• Rebased your branch PR on top of the latest upstream main branch
• Attached at least one of the following labels to the PR: [chore, ci, docs, feat, fix, test]
• Signed all commits using a GPG signature

To recreate commits with GPG signature git fetch upstream && git rebase --force --gpg-sign upstream/main

---

Fixes: #1673

Description of the change:

When querying for stored credentials by targetId, check if the provided targetId is JMX. If not, assume it is Agent HTTP, and check if there is an exact match for the given targetId as well as if there is a match for that targetId without the userinfo part of the URI.

Motivation for the change:

This way the credentials querying is lenient on clients not including stored credentials in the Agent HTTP URI, which should not normally be expected - the server has those credentials stored in the encrypted database table, provided to it by the Agent instance, so these credentials are not known to the client and the reference to them in the database should also not be required knowledge for the client to perform queries.

How to manually test:

1. Run CRYOSTAT_IMAGE=quay.io... sh smoketest.sh...
2. https -vv --auth=user:pass :8181/api/v2.3/targets/$(echo -n http://localhost:9988/ | jq -sRr @uri)/mbeanMetrics and ensure that the response is a JSON object containing MBean information.

[github-actions]

Hi @andrewazores! Add at least one of the required labels to this PR

Required labels are : chore,ci,cleanup,docs,feat,fix,perf,refactor,style,test

[andrewazores]

/build_test

[andrewazores]

https://github.com/cryostatio/cryostat/actions/runs/6227674079

[github-actions]

ARCH	IMAGE
amd64	ghcr.io/cryostatio/cryostat:pr-1674-6b80549a7de4e3a92d9989b32b221804e3f58993-linux-amd64
arm64	ghcr.io/cryostatio/cryostat:pr-1674-6b80549a7de4e3a92d9989b32b221804e3f58993-linux-arm64

To run smoketest:

# amd64          
CRYOSTAT_IMAGE=ghcr.io/cryostatio/cryostat:pr-1674-6b80549a7de4e3a92d9989b32b221804e3f58993-linux-amd64 sh smoketest.sh

# or arm64
CRYOSTAT_IMAGE=ghcr.io/cryostatio/cryostat:pr-1674-6b80549a7de4e3a92d9989b32b221804e3f58993-linux-arm64 sh smoketest.sh

[aali309]

I get this error:

Accept: */*
Accept-Encoding: gzip, deflate
Authorization: Basic dXNlcjpwYXNz
Connection: keep-alive
Host: localhost:8181
User-Agent: HTTPie/3.2.2


https: error: SSLError: HTTPSConnectionPool(host='localhost', port=8181): Max retries exceeded with url: 
/api/v2.3/targets/http%3A%2F%2Flocalhost%3A9988%2F/mbeanMetrics 
(Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1002)'))) while doing a GET 
request to URL: https://localhost:8181/api/v2.3/targets/http%3A%2F%2Flocalhost%3A9988%2F/mbeanMetrics

[andrewazores]

https://httpie.io/docs/cli/https

Add --verify=no.

[aali309]

Still get the error:

HTTP/1.1 500 Internal Server Error
content-encoding: gzip
content-length: 214
content-type: application/json

{
    "data": {
        "reason": "java.util.concurrent.ExecutionException: java.lang.RuntimeException: java.util.concurrent.CompletionException: java.lang.RuntimeException: org.apache.http.auth.InvalidCredentialsException: No credentials found for agent http://localhost:9988/"
    },
    "meta": {
        "status": "Internal Server Error",
        "type": "text/plain"
    }
}

[andrewazores]

Go to the Security view in th Web UI. Are there stored credentials for that agent connection URL listed?

[mwangggg]

looks good to me - just need to rebase