-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/riak-cs/stats and admin_auth_enabled=false don't work together correctly. #719
Comments
Authenticated requests also fail with $ ./s3curl.pl --id admin -- -s -v -x demobox:8080 http://riak-cs.s3.amazonaws.com/stats
* About to connect() to proxy demobox port 8080 (#0)
* Trying 192.168.133.4... connected
* Connected to demobox (192.168.133.4) port 8080 (#0)
> GET http://riak-cs.s3.amazonaws.com/stats HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.6.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: riak-cs.s3.amazonaws.com
> Accept: */*
> Proxy-Connection: Keep-Alive
> Date: Mon, 28 Oct 2013 16:23:51 +0000
> Authorization: AWS QPMTYKRTIFEBTB5HPHCC:HnXBhBnNnRgvfEuoMLHnjHw0wrw=
>
< HTTP/1.1 403 Forbidden
< Server: Riak CS
< Date: Mon, 28 Oct 2013 16:23:51 GMT
< Content-Type: application/xml
< Content-Length: 168
<
* Connection #0 to host demobox left intact
* Closing connection #0
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><Resource>/riak-cs/stats</Resource><RequestId></RequestId></Error> |
update: at Riak CS 1.4.2, when |
@kuenishi I just tried to reproduce the scenario with $ riak-cs version
1.4.2
$ grep "admin_auth_enabled" /etc/riak-cs/app.config
{admin_auth_enabled, true},
$ ./s3curl.pl --id admin --contentType application/json -- -s --proxy1.0 localhost:8080 http://s3.amazonaws.com/riak-cs/stats | jsonpp
{
"legend": [
"meter_count",
"meter_rate",
"latency_mean",
"latency_median",
"latency_95",
"latency_99"
],
"block_get": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"block_get_retry": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"block_put": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"block_delete": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"service_get_buckets": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"bucket_list_keys": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"bucket_create": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"bucket_delete": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"bucket_get_acl": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"bucket_put_acl": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_get": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_put": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_head": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_delete": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_get_acl": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"object_put_acl": [
0,
0.0,
0.0,
0.0,
0.0,
0.0
],
"legend": [
"workers",
"overflow",
"size"
],
"request_pool": [
127,
0,
1
],
"bucket_list_pool": [
5,
0,
0
]
}% |
@hectcastro Did you set |
Fmm, in my environment, |
@hectcastro I was able to verify your findings with admin_auth_enabled set to true using both default and custom settings for admin_ip and admin_port. I also tried sending a signed URL with the admin_ip and admin_port commented out, but this returns AccessDenied. That's not a huge problem, but worth mentioning. Thanks! |
@hectcastro Getting ready to parse this data and spit it out to collectd and I noticed that the data structure has 2 "legend" keys with different values and different stats associated with each legend. Perhaps this is a separate issue, but can this craziness be addressed? |
@dansajner A new ticket has been created to track that issue here: #764 |
Fixed by #854 |
Trying to access the
/riak-cs/stats
interface with theadmin_auth_enabled
set tofalse
doesn't work as expected.Would expect to just hit the endpoint without any auth headers, but returns Access Denied. If I add an authorization header with just my key, it returns:
curl demobox:8080/riak-cs/stats -H "Authorization: QPMTYKRTIFEBTB5HPHCC"
The text was updated successfully, but these errors were encountered: