Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[4920][proxy] Add option to disable authentication for proxy /metrics #4921

Merged
merged 1 commit into from
Aug 12, 2019

Conversation

addisonj
Copy link
Contributor

@addisonj addisonj commented Aug 8, 2019

This commit adds a new option optionally disable authentication for the
/metrics endpoint in the pulsar-proxy.

Currently, authentication is required for the metrics endpoint when
authentication is enabled, which makes monitoring more difficult.
However, rather than just disable it completely and allow for metrics to
be exposed to any unknown user, this makes it opt in.

It could be argued that it should default to false, but as it is likely
that the proxy is the only component potentially exposed to the public internet, we
default to not exposing data.

Fixes #4920

Verifying this change

  • Make sure that the change passes the CI checks.

This change should ideally have tests, but there currently aren't any tests for any proxy endpoint other than client proxy.

Does this pull request potentially affect one of the following parts:

If yes was chosen, please highlight the changes

  • Dependencies (does it add or upgrade a dependency): no
  • The public API: no
  • The schema: no
  • The default values of configurations: yes
  • The wire protocol: no
  • The rest endpoints: no
  • The admin cli options: no
  • Anything that affects deployment: no

Documentation

  • Does this pull request introduce a new feature? yes
  • If yes, how is the feature documented? docs
  • If a feature is not applicable for documentation, explain why?
  • If a feature is not documented yet in this PR, please create a followup issue for adding the documentation

This commit adds a new option optionally disable authentication for the
`/metrics` endpoint in the pulsar-proxy.

Currently, authentication is required for the metrics endpoint when
authentication is enabled, which makes monitoring more difficult.
However, rather than just disable it completely and allow for metrics to
be exposed to any unknown user, this makes it opt in.

It could be argued that it should default to false, but as it is likely
that the proxy is the only component potentially exposed to the public internet, we
default to not exposing data.

Fixes apache#4920
@sijie sijie added doc Your PR contains doc changes, no matter whether the changes are in markdown or code files. area/security component/stats labels Aug 10, 2019
@sijie sijie added this to the 2.5.0 milestone Aug 10, 2019
@sijie
Copy link
Member

sijie commented Aug 10, 2019

run cpp tests

@sijie sijie modified the milestones: 2.5.0, 2.4.1 Aug 12, 2019
@sijie sijie merged commit be7b24f into apache:master Aug 12, 2019
jiazhai pushed a commit that referenced this pull request Aug 28, 2019
This commit adds a new option optionally disable authentication for the
`/metrics` endpoint in the pulsar-proxy.

Currently, authentication is required for the metrics endpoint when
authentication is enabled, which makes monitoring more difficult.
However, rather than just disable it completely and allow for metrics to
be exposed to any unknown user, this makes it opt in.

It could be argued that it should default to false, but as it is likely
that the proxy is the only component potentially exposed to the public internet, we
default to not exposing data.

Fixes #4920
(cherry picked from commit be7b24f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/security doc Your PR contains doc changes, no matter whether the changes are in markdown or code files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

/metrics endpoint in proxy is behind authentication
2 participants