chore(logs): Add an endpoint to publish inbound logs (#3510) (#3511)

(cherry picked from commit 209eb31)

Co-authored-by: Jonathan <[email protected]>

bundle/camunda-saas-bundle/src/main/java/io/camunda/connector/runtime/saas/security/SecurityConfiguration.java

@@ -16,6 +16,8 @@
  */
 package io.camunda.connector.runtime.saas.security;
 
+import static org.springframework.security.web.access.IpAddressAuthorizationManager.hasIpAddress;
+
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -36,6 +38,8 @@
 @Configuration
 public class SecurityConfiguration {
 
+  public static final String LOCALHOST_IPV4 = "127.0.0.1";
+
   @Value("${camunda.connector.auth.audience}")
   private String audience;
 
@@ -63,7 +67,12 @@ public SecurityFilterChain filterChain2(HttpSecurity http) throws Exception {
                     .requestMatchers(HttpMethod.PUT, "/inbound/*")
                     .requestMatchers(HttpMethod.DELETE, "/inbound/*")
                     .requestMatchers("actuator/**"))
-        .authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
+        .authorizeHttpRequests(
+            auth ->
+                auth.requestMatchers("/inbound/logs")
+                    .access(hasIpAddress(LOCALHOST_IPV4))
+                    .anyRequest()
+                    .permitAll())
         .build();
   }
 

bundle/camunda-saas-bundle/src/test/java/io/camunda/connector/runtime/saas/SecurityConfigurationTest.java

@@ -30,6 +30,8 @@
 import io.camunda.zeebe.spring.test.ZeebeSpringTest;
 import java.time.Duration;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -64,16 +66,41 @@
 @ZeebeSpringTest
 public class SecurityConfigurationTest {
 
-  @Autowired private MockMvc mvc;
-
   // needed to access /actuator endpoints
   @Autowired RestTemplateBuilder restTemplateBuilder;
   @LocalManagementPort int managementPort;
+  @Autowired private MockMvc mvc;
 
   @MockBean
   @SuppressWarnings("unused")
   private CamundaOperateClient operateClient;
 
+  @Test
+  public void publishLogsEndpoint_fromLocalhost_returns200() throws Exception {
+    mvc.perform(
+            post("/inbound/logs")
+                .with(
+                    request -> {
+                      request.setRemoteAddr("127.0.0.1");
+                      return request;
+                    }))
+        .andExpect(status().isOk());
+  }
+
+  @ParameterizedTest
+  @ValueSource(strings = {"192.10.1.12", "10.156.23.22"})
+  public void publishLogsEndpoint_fromNonLocalhost_returns403(String unauthorizedIp)
+      throws Exception {
+    mvc.perform(
+            post("/inbound/logs")
+                .with(
+                    request -> {
+                      request.setRemoteAddr(unauthorizedIp);
+                      return request;
+                    }))
+        .andExpect(status().isForbidden());
+  }
+
   @Test
   public void inboundEndpoint_noAuth_returns401() throws Exception {
     mvc.perform(get("/inbound")).andExpect(status().isUnauthorized());

connector-runtime/connector-runtime-spring/src/main/java/io/camunda/connector/runtime/inbound/controller/InboundConnectorRestController.java

@@ -22,6 +22,7 @@
 import io.camunda.connector.runtime.inbound.executable.ActiveExecutableQuery;
 import io.camunda.connector.runtime.inbound.executable.ActiveExecutableResponse;
 import io.camunda.connector.runtime.inbound.executable.InboundExecutableRegistry;
+import io.camunda.connector.runtime.inbound.executable.InboundExecutableRegistryImpl;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
@@ -30,6 +31,7 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -52,6 +54,11 @@ public List<ActiveInboundConnectorResponse> getActiveInboundConnectors(
     return getActiveInboundConnectors(bpmnProcessId, elementId, type, null);
   }
 
+  @PostMapping("/inbound/logs")
+  public void logActiveInboundConnectors() {
+    ((InboundExecutableRegistryImpl) executableRegistry).logStatusReport();
+  }
+
   @GetMapping("/tenants/{tenantId}/inbound")
   public List<ActiveInboundConnectorResponse> getActiveInboundConnectorsForTenantId(
       @PathVariable(value = "tenantId") String tenantId,