From 31c28f59563a25bb9f051eb165778ea76641f58f Mon Sep 17 00:00:00 2001
From: Jonathan Pearlin <jonathan@airbyte.io>
Date: Fri, 6 Jan 2023 14:16:36 -0500
Subject: [PATCH] Use explicit configuration for Micronaut endpoints (#20759)

---
 .../src/main/resources/application.yml        | 29 ++++++++++++++++-
 .../src/main/resources/application.yml        | 32 +++++++++++++++----
 .../controller/HeartbeatController.java       |  3 ++
 .../src/main/resources/application.yml        | 30 +++++++++++++----
 4 files changed, 80 insertions(+), 14 deletions(-)

diff --git a/airbyte-container-orchestrator/src/main/resources/application.yml b/airbyte-container-orchestrator/src/main/resources/application.yml
index fcfbefa0432b..8dbe157dc6c5 100644
--- a/airbyte-container-orchestrator/src/main/resources/application.yml
+++ b/airbyte-container-orchestrator/src/main/resources/application.yml
@@ -3,6 +3,7 @@ micronaut:
     port: 9000
 
 airbyte:
+  config-dir: /config
   acceptance:
     test:
       enabled: ${ACCEPTANCE_TEST_ENABLED:false}
@@ -20,4 +21,30 @@ airbyte:
       auth-header:
         name: ${AIRBYTE_API_AUTH_HEADER_NAME:}
         value: ${AIRBYTE_API_AUTH_HEADER_VALUE:}
-      host: ${INTERNAL_API_HOST}
\ No newline at end of file
+      host: ${INTERNAL_API_HOST}
+
+endpoints:
+  beans:
+    enabled: true
+    sensitive: false
+  env:
+    enabled: true
+    sensitive: false
+  health:
+    enabled: true
+    sensitive: false
+  info:
+    enabled: true
+    sensitive: true
+  loggers:
+    enabled: true
+    sensitive: true
+  refresh:
+    enabled: false
+    sensitive: true
+  routes:
+    enabled: true
+    sensitive: false
+  threaddump:
+    enabled: true
+    sensitive: true
diff --git a/airbyte-cron/src/main/resources/application.yml b/airbyte-cron/src/main/resources/application.yml
index acc280ed2c35..3c9c13175ac7 100644
--- a/airbyte-cron/src/main/resources/application.yml
+++ b/airbyte-cron/src/main/resources/application.yml
@@ -1,12 +1,6 @@
 micronaut:
   application:
     name: airbyte-cron
-  security:
-    intercept-url-map:
-      - pattern: /**
-        httpMethod: GET
-        access:
-          - isAnonymous()
   server:
     port: 9001
 
@@ -32,6 +26,32 @@ datasources:
     username: ${DATABASE_USER}
     password: ${DATABASE_PASSWORD}
 
+endpoints:
+  beans:
+    enabled: true
+    sensitive: false
+  env:
+    enabled: true
+    sensitive: false
+  health:
+    enabled: true
+    sensitive: false
+  info:
+    enabled: true
+    sensitive: true
+  loggers:
+    enabled: true
+    sensitive: true
+  refresh:
+    enabled: false
+    sensitive: true
+  routes:
+    enabled: true
+    sensitive: false
+  threaddump:
+    enabled: true
+    sensitive: true
+
 flyway:
   enabled: true
   datasources:
diff --git a/airbyte-workers/src/main/java/io/airbyte/workers/controller/HeartbeatController.java b/airbyte-workers/src/main/java/io/airbyte/workers/controller/HeartbeatController.java
index 5dd650554f5d..417879db60a2 100644
--- a/airbyte-workers/src/main/java/io/airbyte/workers/controller/HeartbeatController.java
+++ b/airbyte-workers/src/main/java/io/airbyte/workers/controller/HeartbeatController.java
@@ -12,12 +12,15 @@
 import io.micronaut.http.annotation.Get;
 import io.micronaut.http.annotation.Options;
 import io.micronaut.http.annotation.Post;
+import io.micronaut.security.annotation.Secured;
+import io.micronaut.security.rules.SecurityRule;
 import java.util.Map;
 
 /**
  * Heartbeat controller
  */
 @Controller("/")
+@Secured(SecurityRule.IS_ANONYMOUS)
 public class HeartbeatController {
 
   private static final Map<String, String> CORS_FILTER_MAP = Map.of(
diff --git a/airbyte-workers/src/main/resources/application.yml b/airbyte-workers/src/main/resources/application.yml
index 271f7aa5d4cf..7a85827178b6 100644
--- a/airbyte-workers/src/main/resources/application.yml
+++ b/airbyte-workers/src/main/resources/application.yml
@@ -1,12 +1,6 @@
 micronaut:
   application:
     name: airbyte-workers
-  security:
-    intercept-url-map:
-      - pattern: /**
-        httpMethod: GET
-        access:
-          - isAnonymous()
   server:
     port: 9000
 
@@ -217,8 +211,30 @@ docker:
   network: ${DOCKER_NETWORK:host}
 
 endpoints:
-  all:
+  beans:
     enabled: true
+    sensitive: false
+  env:
+    enabled: true
+    sensitive: false
+  health:
+    enabled: true
+    sensitive: false
+  info:
+    enabled: true
+    sensitive: true
+  loggers:
+    enabled: true
+    sensitive: true
+  refresh:
+    enabled: false
+    sensitive: true
+  routes:
+    enabled: true
+    sensitive: false
+  threaddump:
+    enabled: true
+    sensitive: true
 
 google:
   application: