Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nacos permissions that this set here besides nacos account and other access is 403 / nacos/v1 / ns/operator/metrics #2866

Closed
purgeyao opened this issue May 22, 2020 · 6 comments · Fixed by #3984
Closed

Nacos permissions that this set here besides nacos account and other access is 403 / nacos/v1 / ns/operator/metrics #2866

purgeyao opened this issue May 22, 2020 · 6 comments · Fixed by #3984
Assignees
@KomachiSion
Labels
kind/bug Category issues or prs related to bug.
Projects
Nacos
Milestone
1.4.0

Comments

@purgeyao
Copy link

nacos 权限这这块 ,这里设置除了nacos账号,其他访问都是403 /nacos/v1/ns/operator/metrics

导致/actuator/health 里的nacosDiscovery状态为DOWN 这个请求整体"status": "DOWN",
我们的监控监控无法正常。

Nacos permissions that this set here besides nacos account and other access is 403 / nacos/v1 / ns/operator/metrics

... '> cause the nacosDiscovery status in/in /health to be DOWN. This request overall "status": "DOWN",
Our surveillance is not working.

A4BC698D-361C-44A2-A73B-1694DBC87C8C

855F3F9B-8594-41BD-8306-15CB88294CE5

270F12F3-5994-49DB-98BF-1872D7F6F510
@chuntaojun chuntaojun added this to To do in Nacos via automation May 22, 2020
@chuntaojun chuntaojun added this to the 1.3.0 milestone May 22, 2020
@chuntaojun
Copy link
Collaborator

com.alibaba.nacos.naming.controllers.OperatorController#metrics

@chuntaojun chuntaojun self-assigned this May 25, 2020
@chuntaojun chuntaojun mentioned this issue May 26, 2020
Closed
5 tasks
@xiaoxiangzhenyu
Copy link

『/nacos/v1/ns/operator/metrics 403』这个问题确实存在,原因是AuthFilter.doFilter()方法中的『String resource = secured.resource()』,在获取到OperatorController.metrics()的secured注解配置的resource="naming/metrics"后,没有考虑命名空间和分组,因为Permission中resource由namespaceId:groupName:serviceName的格式组成,导致最终在NacosRoleServiceImpl.hasPermission()方法中用正则匹配时不通过!

具体详情可以看下另外一位网友的帖子:https://www.jianshu.com/p/560ba0d67c50

@purgeyao
Copy link
Author

@xiaoxiangzhenyu 首先感谢回答,是这样的。这个issue正在努力推进中

@KomachiSion KomachiSion modified the milestones: 1.3.0, 1.3.1 Jun 10, 2020
@chuntaojun chuntaojun added the priority/high Very important, need to be worked with soon but not very urgent label Jun 11, 2020
@KomachiSion KomachiSion modified the milestones: 1.3.1, 1.3.2 Jun 28, 2020
@KomachiSion KomachiSion mentioned this issue Jul 20, 2020
Closed
@wpt191
Copy link

wpt191 commented Jul 20, 2020

首先感谢阿里大佬们的辛苦,此问题预计解决时间,这边方便告知下不。

@KomachiSion KomachiSion mentioned this issue Jul 23, 2020
Closed
@David-wu91
Copy link
Contributor

此问题在1.3.1版本中还没得到修复,请问各位阿里大佬方便告知一下此问题的修复计划吗?

@KomachiSion KomachiSion modified the milestones: 1.3.2, 1.4.0 Aug 3, 2020
@KomachiSion KomachiSion mentioned this issue Aug 19, 2020
Closed
@wpt191
Copy link

wpt191 commented Aug 19, 2020

用户授权相关的,是需要等1.4.0版本吗?

@KomachiSion KomachiSion added kind/bug Category issues or prs related to bug. and removed priority/high Very important, need to be worked with soon but not very urgent labels Sep 14, 2020
This was referenced Sep 14, 2020
Closed
Closed
@KomachiSion KomachiSion linked a pull request Oct 14, 2020 that will close this issue
Fix issue 2866 #3984
Merged
5 tasks
Nacos automation moved this from To do to Done Oct 14, 2020
@realJackSun realJackSun mentioned this issue Jun 15, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KomachiSion KomachiSion

Labels
kind/bug Category issues or prs related to bug.
Projects
Nacos
  
Done
Milestone
1.4.0
Development

Successfully merging a pull request may close this issue.

Fix issue 2866 chuntaojun/nacos
7 participants
@xiaoxiangzhenyu @yanlinly @chuntaojun @purgeyao @KomachiSion @wpt191 @David-wu91