You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Speaking with @electrum on slack he suggested this would be a reasonable addition.
The UI has access to a few end points that the HTTP API does not. I would like access, via HTTP API, access to the same information.
For example, @PATH("/ui/api/[stats|worker|cluser]")
For security reasons we've been unable to open access to the UI, but have mTLS for the /v1/ API.
I'd like to get to the server/cluster information that the /ui/api has special access to. Those end points appears to have UI only access. @ResourceSecurity(WEB_UI)
It is unclear to me why the UI has special API end points that an fully authenticated user cannot access.
It seems reasonable to get to the same information but via the HTTP API - the /v1/ end points. That way code has access to all information for any authenticated user.
For example here is some of the information I was unable to find any place else.
In particular the /ui/api/cluster which returns this JSON { "runningQueries": 3, "blockedQueries": 0, "queuedQueries": 0, "activeCoordinators": 1, "activeWorkers": 4, "runningDrivers": 206, "totalAvailableProcessors": 192, "reservedMemory": 84954223, "totalInputRows": 271204063181, "totalInputBytes": 6332166616579, "totalCpuTimeSecs": 619767 }
I see similar information in system.runtime.queries (but not drivers), and system.runtime.tasks(also no drivers).
====
I am not versed in springboot at all (I think that is what is being used), but looking through code I see that there are @paths set. Is it in the realm of adding a new path and resource security to some of the UI end points, thus allowing access to both APIs? Or perhaps combining them into a single API which both HTTP and the UI can call?
Speaking with @electrum on slack he suggested this would be a reasonable addition.
The UI has access to a few end points that the HTTP API does not. I would like access, via HTTP API, access to the same information.
For example,
@PATH("/ui/api/[stats|worker|cluser]")For security reasons we've been unable to open access to the UI, but have mTLS for the /v1/ API.
I'd like to get to the server/cluster information that the /ui/api has special access to. Those end points appears to have UI only access.
@ResourceSecurity(WEB_UI)It is unclear to me why the UI has special API end points that an fully authenticated user cannot access.
It seems reasonable to get to the same information but via the HTTP API - the /v1/ end points. That way code has access to all information for any authenticated user.
For example here is some of the information I was unable to find any place else.
In particular the
/ui/api/clusterwhich returns this JSON{ "runningQueries": 3, "blockedQueries": 0, "queuedQueries": 0, "activeCoordinators": 1, "activeWorkers": 4, "runningDrivers": 206, "totalAvailableProcessors": 192, "reservedMemory": 84954223, "totalInputRows": 271204063181, "totalInputBytes": 6332166616579, "totalCpuTimeSecs": 619767 }I see similar information in system.runtime.queries (but not drivers), and system.runtime.tasks(also no drivers).
====
I am not versed in springboot at all (I think that is what is being used), but looking through code I see that there are @paths set. Is it in the realm of adding a new path and resource security to some of the UI end points, thus allowing access to both APIs? Or perhaps combining them into a single API which both HTTP and the UI can call?
or similar?
The text was updated successfully, but these errors were encountered: