Merge pull request #2376 from tboerger/prometheus-token
Use specific token for prometheus metrics
This commit is contained in:
Brad Rydzewski
GitHub
commit
d78cadbbad
4 changed files with 46 additions and 6 deletions
|
|
@ -169,6 +169,12 @@ var flags = []cli.Flag{
|
|||
Usage: "database driver configuration string",
|
||||
Value: "drone.sqlite",
|
||||
},
|
||||
cli.StringFlag{
|
||||
EnvVar: "DRONE_PROMETHEUS_AUTH_TOKEN",
|
||||
Name: "prometheus-auth-token",
|
||||
Usage: "token to secure prometheus metrics endpoint",
|
||||
Value: "",
|
||||
},
|
||||
//
|
||||
// resource limit parameters
|
||||
//
|
||||
|
|
@ -685,6 +691,9 @@ func setupEvilGlobals(c *cli.Context, v store.Store, r remote.Remote) {
|
|||
// droneserver.Config.Server.Open = cli.Bool("open")
|
||||
// droneserver.Config.Server.Orgs = sliceToMap(cli.StringSlice("orgs"))
|
||||
// droneserver.Config.Server.Admins = sliceToMap(cli.StringSlice("admin"))
|
||||
|
||||
// prometheus
|
||||
droneserver.Config.Prometheus.AuthToken = c.String("prometheus-auth-token")
|
||||
}
|
||||
|
||||
type authorizer struct {
|
||||
|
|
|
|||
|
|
@ -178,10 +178,7 @@ func Load(mux *httptreemux.ContextMux, middleware ...gin.HandlerFunc) http.Handl
|
|||
|
||||
monitor := e.Group("/metrics")
|
||||
{
|
||||
monitor.GET("",
|
||||
session.MustAdmin(),
|
||||
metrics.PromHandler(),
|
||||
)
|
||||
monitor.GET("", metrics.PromHandler())
|
||||
}
|
||||
|
||||
e.GET("/version", server.Version)
|
||||
|
|
|
|||
|
|
@ -15,14 +15,45 @@
|
|||
package metrics
|
||||
|
||||
import (
|
||||
"github.com/gin-gonic/gin"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/drone/drone/server"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||
)
|
||||
|
||||
var (
|
||||
// errInvalidToken is returned when the api request token is invalid.
|
||||
errInvalidToken = errors.New("Invalid or missing token")
|
||||
)
|
||||
|
||||
// PromHandler will pass the call from /api/metrics/prometheus to prometheus
|
||||
func PromHandler() gin.HandlerFunc {
|
||||
handler := promhttp.Handler()
|
||||
|
||||
return func(c *gin.Context) {
|
||||
promhttp.Handler().ServeHTTP(c.Writer, c.Request)
|
||||
token := server.Config.Prometheus.Token
|
||||
|
||||
if token == "" {
|
||||
handler.ServeHTTP(c.Writer, c.Request)
|
||||
return
|
||||
}
|
||||
|
||||
header := c.Request.Header.Get("Authorization")
|
||||
|
||||
if header == "" {
|
||||
c.String(401, errInvalidToken.Error())
|
||||
return
|
||||
}
|
||||
|
||||
bearer := fmt.Sprintf("Bearer %s", token)
|
||||
|
||||
if header != bearer {
|
||||
c.String(401, errInvalidToken.Error())
|
||||
return
|
||||
}
|
||||
|
||||
handler.ServeHTTP(c.Writer, c.Request)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -80,6 +80,9 @@ var Config = struct {
|
|||
// Orgs map[string]struct{}
|
||||
// Admins map[string]struct{}
|
||||
}
|
||||
Prometheus struct {
|
||||
AuthToken string
|
||||
}
|
||||
Pipeline struct {
|
||||
Limits model.ResourceLimit
|
||||
Volumes []string
|
||||
|
|
|
|||
Loading…
Reference in a new issue