From e483fa505ca831c00db7c08b2e949b0a67f4e8ec Mon Sep 17 00:00:00 2001 From: Jan Berktold Date: Wed, 24 Apr 2019 23:53:01 +0200 Subject: [PATCH] Add DRONE_PROMETHEUS_ANONYMOUS_ACCESS configuration option --- CHANGELOG.md | 3 ++- cmd/drone-server/config/config.go | 27 ++++++++++++++++----------- cmd/drone-server/wire_gen.go | 2 +- metric/handler.go | 9 ++++++--- 4 files changed, 25 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 72de277b..33839130 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - endpoint to trigger new build for default branch, by [@bradrydzewski](https://github.com/bradrydzewski). [#2679](https://github.com/drone/drone/issues/2679). - endpoint to trigger new build for branch, by [@bradrydzewski](https://github.com/bradrydzewski). [#2679](https://github.com/drone/drone/issues/2679). - endpoint to trigger new build for branch and sha, by [@bradrydzewski](https://github.com/bradrydzewski). [#2679](https://github.com/drone/drone/issues/2679). - +- DRONE_PROMETHEUS_ANONYMOUS_ACCESS configuration option, by [@janberktold](https://github.com/janberktold) +- ## [1.1.0] - 2019-04-23 ### Added diff --git a/cmd/drone-server/config/config.go b/cmd/drone-server/config/config.go index e77a61df..3cdd4bfc 100644 --- a/cmd/drone-server/config/config.go +++ b/cmd/drone-server/config/config.go @@ -46,17 +46,17 @@ type ( Config struct { License string `envconfig:"DRONE_LICENSE"` - Authn Authentication - Agent Agent - Cron Cron - Cloning Cloning - Database Database - Datadog Datadog - Docker Docker - HTTP HTTP - Jsonnet Jsonnet - Logging Logging - // Prometheus Prometheus + Authn Authentication + Agent Agent + Cron Cron + Cloning Cloning + Database Database + Datadog Datadog + Docker Docker + HTTP HTTP + Jsonnet Jsonnet + Logging Logging + Prometheus Prometheus Proxy Proxy Registration Registration Registries Registries @@ -162,6 +162,11 @@ type ( Text bool `envconfig:"DRONE_LOGS_TEXT"` } + // Prometheus provides the prometheus configuration. + Prometheus struct { + EnableAnonymousAccess bool `envconfig:"DRONE_PROMETHEUS_ANONYMOUS_ACCESS" default:"false"` + } + // Repository provides the repository configuration. Repository struct { Filter []string `envconfig:"DRONE_REPOSITORY_FILTER"` diff --git a/cmd/drone-server/wire_gen.go b/cmd/drone-server/wire_gen.go index 415edb57..d8be4735 100644 --- a/cmd/drone-server/wire_gen.go +++ b/cmd/drone-server/wire_gen.go @@ -93,7 +93,7 @@ func InitializeApplication(config2 config.Config) (application, error) { options := provideServerOptions(config2) webServer := web.New(admissionService, buildStore, client, hookParser, coreLicense, licenseService, middleware, repositoryStore, session, syncer, triggerer, userStore, userService, webhookSender, options, system) handler := provideRPC(buildManager, config2) - metricServer := metric.NewServer(session) + metricServer := metric.NewServer(session, config2) mux := provideRouter(server, webServer, handler, metricServer) serverServer := provideServer(mux, config2) mainApplication := newApplication(cronScheduler, datadog, runner, serverServer, userStore) diff --git a/metric/handler.go b/metric/handler.go index 66c5ef7f..19749f3c 100644 --- a/metric/handler.go +++ b/metric/handler.go @@ -10,6 +10,7 @@ import ( "errors" "net/http" + "github.com/drone/drone/cmd/drone-server/config" "github.com/drone/drone/core" "github.com/prometheus/client_golang/prometheus/promhttp" @@ -26,13 +27,15 @@ var errAccessDenied = errors.New("Access denied") type Server struct { metrics http.Handler session core.Session + config config.Config } // NewServer returns a new metrics server. -func NewServer(session core.Session) *Server { +func NewServer(session core.Session, config config.Config) *Server { return &Server{ metrics: promhttp.Handler(), session: session, + config: config, } } @@ -41,9 +44,9 @@ func NewServer(session core.Session) *Server { func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { user, _ := s.session.Get(r) switch { - case user == nil: + case !s.config.Prometheus.EnableAnonymousAccess && user == nil: http.Error(w, errInvalidToken.Error(), 401) - case !user.Admin && !user.Machine: + case !s.config.Prometheus.EnableAnonymousAccess && !user.Admin && !user.Machine: http.Error(w, errAccessDenied.Error(), 403) default: s.metrics.ServeHTTP(w, r)