New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
server: ensure correct authorization for debug pages #16341
Conversation
I think you can do this without all the duplication if you use a middleware pattern: write a function that returns a |
These need to be tested. See Review status: 0 of 5 files reviewed at latest revision, all discussions resolved, all commit checks successful. Comments from Reviewable |
@tamird Good call. Done. Review status: 0 of 3 files reviewed at latest revision, all discussions resolved. Comments from Reviewable |
Review status: 0 of 3 files reviewed at latest revision, 1 unresolved discussion. pkg/server/server.go, line 849 at r1 (raw file):
Should statusVars be protected as well? Seems like it should be. Comments from Reviewable |
Review status: 0 of 3 files reviewed at latest revision, 1 unresolved discussion, all commit checks successful. pkg/server/server.go, line 849 at r1 (raw file): Previously, BramGruneir (Bram Gruneir) wrote…
Probably not, we still want monitoring to work and shouldn't be exporting metrics with sensitive information. Comments from Reviewable |
modulo not doing auth for the status vars. Review status: 0 of 3 files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/server/server.go, line 854 at r1 (raw file):
It might be the case that these could have been added to Comments from Reviewable |
Up until now, they have been wide open regardless of the cluster settings.
Review status: 0 of 3 files reviewed at latest revision, 2 unresolved discussions. pkg/server/server.go, line 849 at r1 (raw file): Previously, mberhault (marc) wrote…
Done. pkg/server/server.go, line 854 at r1 (raw file): Previously, petermattis (Peter Mattis) wrote…
noted. Since I'm going to be moving a lot of these to Comments from Reviewable |
Up until now, they have been wide open regardless of the cluster settings.