Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upLock down mutating endpoints by default #2173
Comments
brian-brazil
added
the
kind/enhancement
label
Nov 7, 2016
brian-brazil
added this to the
2.x milestone
Nov 7, 2016
brian-brazil
referenced this issue
May 24, 2017
Closed
Prom2: /delete instead of /series/drop_series #2760
This comment has been minimized.
This comment has been minimized.
|
This is done in 2.0, just needs docs. |
brian-brazil
closed this
Jul 12, 2017
This comment has been minimized.
This comment has been minimized.
lock
bot
commented
Mar 23, 2019
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
lock
bot
locked and limited conversation to collaborators
Mar 23, 2019
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
brian-brazil commentedNov 7, 2016
Currently we have mutating endpoints in the form of the DELETE API, reload and shutdown. In future we're also going to have some form of bulk load function.
I propose that we put all mutating endpoints behind a single flag to control all access to them, and to disable access by default. This will keep us in the state where control of the Prometheus config is sufficient to decide what data ends up in Prometheus. Any more granular lockdown then that is up to the user via reverse proxy.
As changing this default breaks existing endpoints, this has to be a 2.0 change.