/riak-cs/stats and admin_auth_enabled=false don't work together correctly. #719
Comments
|
Authenticated requests also fail with $ ./s3curl.pl --id admin -- -s -v -x demobox:8080 http://riak-cs.s3.amazonaws.com/stats
* About to connect() to proxy demobox port 8080 (#0)
* Trying 192.168.133.4... connected
* Connected to demobox (192.168.133.4) port 8080 (#0)
> GET http://riak-cs.s3.amazonaws.com/stats HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.6.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: riak-cs.s3.amazonaws.com
> Accept: */*
> Proxy-Connection: Keep-Alive
> Date: Mon, 28 Oct 2013 16:23:51 +0000
> Authorization: AWS QPMTYKRTIFEBTB5HPHCC:HnXBhBnNnRgvfEuoMLHnjHw0wrw=
>
< HTTP/1.1 403 Forbidden
< Server: Riak CS
< Date: Mon, 28 Oct 2013 16:23:51 GMT
< Content-Type: application/xml
< Content-Length: 168
<
* Connection #0 to host demobox left intact
* Closing connection #0
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><Resource>/riak-cs/stats</Resource><RequestId></RequestId></Error> |
|
update: at Riak CS 1.4.2, when |
|
@kuenishi I just tried to reproduce the scenario with $ riak-cs version
1.4.2
$ grep "admin_auth_enabled" /etc/riak-cs/app.config
{admin_auth_enabled, true},
$ ./s3curl.pl --id admin --contentType application/json -- -s --proxy1.0 localhost:8080 http://s3.amazonaws.com/riak-cs/stats | jsonpp
{
"legend": [
"meter_count",
"meter_rate",
"latency_mean",
"latency_median",
"latency_95",
"latency_99"
],
"block_get": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"block_get_retry": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"block_put": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"block_delete": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"service_get_buckets": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"bucket_list_keys": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"bucket_create": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"bucket_delete": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"bucket_get_acl": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"bucket_put_acl": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_get": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_put": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_head": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_delete": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_get_acl": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_put_acl": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"legend": [
"workers",
"overflow",
"size"
],
"request_pool": [
127,
0,
1
],
"bucket_list_pool": [
5,
0,
0
]
}% |
|
@hectcastro Did you set |
|
Fmm, in my environment, |
|
@hectcastro I was able to verify your findings with admin_auth_enabled set to true using both default and custom settings for admin_ip and admin_port. I also tried sending a signed URL with the admin_ip and admin_port commented out, but this returns AccessDenied. That's not a huge problem, but worth mentioning. Thanks! |
|
@hectcastro Getting ready to parse this data and spit it out to collectd and I noticed that the data structure has 2 "legend" keys with different values and different stats associated with each legend. Perhaps this is a separate issue, but can this craziness be addressed? |
|
@dansajner A new ticket has been created to track that issue here: #764 |
|
Fixed by #854 |
Trying to access the
/riak-cs/statsinterface with theadmin_auth_enabledset tofalsedoesn't work as expected.Would expect to just hit the endpoint without any auth headers, but returns Access Denied. If I add an authorization header with just my key, it returns:
curl demobox:8080/riak-cs/stats -H "Authorization: QPMTYKRTIFEBTB5HPHCC"The text was updated successfully, but these errors were encountered: