New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Moved /api/cluster/leadership handler under public routes (requires no authentication) #3101
Conversation
Thanks @aantono! |
Thanks for your contribution! WDYT about keeping |
that would serve the use case too |
@juliens do you mean to disable auth on just |
@aantono yes, we need to keep auth on /api/* but no auth on /api/cluster/leader As this endpoint was introduce in 1.6.0, can you put it in 1.6.0 to fix the auth bug ? |
You bet. Can you point me to the right place to tweak that config? Looked for it myself, but can’t find the right nobs to turn ;) |
You need two things:
|
be01d17
to
8617671
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
8617671
to
29a651e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
29a651e
to
787e37f
Compare
As it was brought up in Slack, the
/cluster/leadership
URL is mostly being called from various load balancers and other sources that don't typically do authentication. Having/cluster
handler be under API endpoint, which otherwise might need to be guarded with authentication, prevents access to/cluster/leadership
URL from load balancers. Moving it underPing
endpoint, will solve this problem, and, as it seems from the intent of/cluster/leadership
URL, it actually belongs underPing
to begin with, as it serves similar purpose.