Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add section on different ways to authenticate to the Prometheus API #1718

Merged
merged 9 commits into from
Jul 25, 2024
Merged

Add section on different ways to authenticate to the Prometheus API #1718

merged 9 commits into from
Jul 25, 2024

Conversation

Roadmaster
Copy link
Contributor

Summary of changes

  • Explain how to create a non-bearer macaroon token with restrictions (per org, read-only)
  • Explain how to pass a macaroon token in the Authorization header

This process is known internally and we share it with customers who require it but a customer pointed out it's not documented which makes it difficult to discover.

andie787
andie787 reviewed Jul 25, 2024
View reviewed changes
Copy link
Contributor

@andie787 andie787 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this info! Left some feedback to consider.

monitoring/metrics.html.md Outdated Show resolved Hide resolved
monitoring/metrics.html.md Outdated Show resolved Hide resolved
monitoring/metrics.html.md Outdated Show resolved Hide resolved
monitoring/metrics.html.md Outdated Show resolved Hide resolved
monitoring/metrics.html.md Outdated Show resolved Hide resolved
monitoring/metrics.html.md Outdated
fly token create readonly
```

Note that the read-only token still has access to all organizations in your account (although it cannot modify anything, only read data). These two can be combined to create a read-only token that is restricted to a single organization:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The read-only token you create with fly token create readonly is already an org scoped token, so you don't need to do this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I'll remove this part entirely :)

Roadmaster and others added 6 commits July 25, 2024 11:27
@Roadmaster @andie787
Update monitoring/metrics.html.md
0af82b7 
I update it thus.

Co-authored-by: Andrea Anderson <andrea@fly.io>
@Roadmaster @andie787
Update monitoring/metrics.html.md
5620efc 
Co-authored-by: Andrea Anderson <andrea@fly.io>
@Roadmaster @andie787
Update monitoring/metrics.html.md
8dc6219 
Co-authored-by: Andrea Anderson <andrea@fly.io>
@Roadmaster @andie787
Update monitoring/metrics.html.md
d8d8632 
Co-authored-by: Andrea Anderson <andrea@fly.io>
@Roadmaster @andie787
Update monitoring/metrics.html.md
5a7a2bc 
Co-authored-by: Andrea Anderson <andrea@fly.io>
@Roadmaster
Remove incorrect instructions
92ab681
@Roadmaster Roadmaster merged commit a0ce70a into main Jul 25, 2024
2 checks passed
@Roadmaster Roadmaster deleted the prometheus-org-token-non-bearer branch July 25, 2024 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andie787 andie787 andie787 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Roadmaster @andie787