docs: Clarify anonymous authentication details #10227
Conversation
bmorelli25
added
Team:Docs
💚 Build Succeeded
Expand to view the summary
Build stats
🤖 GitHub commentsExpand to view the GitHub comments
To re-run your PR in the CI, just comment with:
|
There was a problem hiding this comment.
I think the only point which is not clear now is explain what happens if APM Server/Integration allows both api key & secret token.
At least from elastic/apm#183 and from some tests we did: the api key is sent out by the agent if both are configured and so the event should be accepted/allowed
The server behaves the same if only the api key or secret token or both are enabled. The differentiator is whether or not any auth is required by enabling at least one of them.
I'm not sure I follow; the apm agent will use whatever is configured for the agent (not in the apm-server) - api key, secret token or nothing, and this can be different between apm agents. |
|
To add to Silvia's response, we mention in the docs that
|
This comment was marked as off-topic.
This comment was marked as off-topic.
bmorelli25
force-pushed
the
anon-auth-clarifications
branch
from
529f93f
to
285732c
Compare
* docs: anon auth clarifications * add yml file to trigger full ci * test * pls work * test gpg (cherry picked from commit b6c8e12) # Conflicts: # docs/legacy/configuration-anonymous.asciidoc
* docs: anon auth clarifications * add yml file to trigger full ci * test * pls work * test gpg (cherry picked from commit b6c8e12)
* docs: anon auth clarifications * add yml file to trigger full ci * test * pls work * test gpg (cherry picked from commit b6c8e12)
|
@Mergifyio backport 8.7 |
✅ Backports have been created
|
|
@Mergifyio backport 8.7 |
✅ Backports have been created
|
* docs: anon auth clarifications * add yml file to trigger full ci * test * pls work * test gpg (cherry picked from commit b6c8e12)
* docs: anon auth clarifications * add yml file to trigger full ci * test * pls work * test gpg (cherry picked from commit b6c8e12)
Summary
The goal of this PR is to better clarify when and why anonymous requests to the APM Server are accepted or rejected. Here's the thought process—and please correct me if I'm wrong:
We have two anonymous authentication pages in the docs. One is for the APM integration and one is for standalone APM Server. This PR updates these pages to clarify that the APM Server’s default response to anonymous requests depends on whether an API key or Secret Token has been configured. If and only if an API key or Secret token has been configured, you can enable anonymous authentication in the APM Server to allow the ingestion of unauthenticated client-side APM data while still requiring authentication for server-side services.
In addition to the above pages, the standalone APM Server documentation has a configuration reference for anonymous authentication. Previously, this page stated:
IIUC, this is only true if a secret token or API key has been configured. I've reworked the text on this page to better reflect this.
I think those are the important bits. Have a good weekend 👋
Related