Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add env var for specifying (or disabling) /metrics endpoint auth #2371

Closed
gtaylor opened this issue Mar 14, 2018 · 1 comment · Fixed by #2376
Closed

Add env var for specifying (or disabling) /metrics endpoint auth #2371

gtaylor opened this issue Mar 14, 2018 · 1 comment · Fixed by #2376

Comments

@gtaylor
Copy link

gtaylor commented Mar 14, 2018

Currently the /metrics endpoint always requires an auth token for a user that is an admin. This is problematic in that the user being disabled/de-adminned or removed causes metric exporting to break with 403s.

Instead, we can set the auth token as an env var, DRONE_PROMETHEUS_TOKEN:

  • If DRONE_PROMETHEUS_TOKEN is set to an empty string or not set at all, /metrics requires no authentication.
  • If DRONE_PROMETHEUS_TOKEN is specified and is not an empty string, requests to /metrics must contain a token matching the value of DRONE_PROMETHEUS_TOKEN.
@bradrydzewski
Copy link

We do something similar with the autoscaler, for reference:

// HandleMetrics returns an http.HandlerFunc that writes
// metrics to the response body in plain text format.
func HandleMetrics(token string) http.HandlerFunc {
	handler := promhttp.Handler()
	return func(w http.ResponseWriter, r *http.Request) {
		// if a bearer token is not configured we should
		// just server the http request.
		if token == "" {
			handler.ServeHTTP(w, r)
			return
		}
		header := r.Header.Get("Authorization")
		if header == "" {
			http.Error(w, errInvalidToken.Error(), 401)
			return
		}
		if header != "Bearer "+token {
			http.Error(w, errInvalidToken.Error(), 401)
			return
		}
		handler.ServeHTTP(w, r)
	}
}

[1] https://github.com/drone/autoscaler/blob/master/server/metrics.go
[2] https://github.com/drone/autoscaler/blob/master/server/metrics_test.go

@tboerger tboerger mentioned this issue Mar 21, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use specific token for prometheus metrics
2 participants
@gtaylor @bradrydzewski