Merge pull request #2376 from tboerger/prometheus-token

Use specific token for prometheus metrics
This commit is contained in:
Brad Rydzewski 2018-03-27 13:23:43 -07:00 committed by GitHub
commit d78cadbbad
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 46 additions and 6 deletions

View file

@ -169,6 +169,12 @@ var flags = []cli.Flag{
Usage: "database driver configuration string",
Value: "drone.sqlite",
},
cli.StringFlag{
EnvVar: "DRONE_PROMETHEUS_AUTH_TOKEN",
Name: "prometheus-auth-token",
Usage: "token to secure prometheus metrics endpoint",
Value: "",
},
//
// resource limit parameters
//
@ -685,6 +691,9 @@ func setupEvilGlobals(c *cli.Context, v store.Store, r remote.Remote) {
// droneserver.Config.Server.Open = cli.Bool("open")
// droneserver.Config.Server.Orgs = sliceToMap(cli.StringSlice("orgs"))
// droneserver.Config.Server.Admins = sliceToMap(cli.StringSlice("admin"))
// prometheus
droneserver.Config.Prometheus.AuthToken = c.String("prometheus-auth-token")
}
type authorizer struct {

View file

@ -178,10 +178,7 @@ func Load(mux *httptreemux.ContextMux, middleware ...gin.HandlerFunc) http.Handl
monitor := e.Group("/metrics")
{
monitor.GET("",
session.MustAdmin(),
metrics.PromHandler(),
)
monitor.GET("", metrics.PromHandler())
}
e.GET("/version", server.Version)

View file

@ -15,14 +15,45 @@
package metrics
import (
"github.com/gin-gonic/gin"
"errors"
"fmt"
"github.com/drone/drone/server"
"github.com/gin-gonic/gin"
"github.com/prometheus/client_golang/prometheus/promhttp"
)
var (
// errInvalidToken is returned when the api request token is invalid.
errInvalidToken = errors.New("Invalid or missing token")
)
// PromHandler will pass the call from /api/metrics/prometheus to prometheus
func PromHandler() gin.HandlerFunc {
handler := promhttp.Handler()
return func(c *gin.Context) {
promhttp.Handler().ServeHTTP(c.Writer, c.Request)
token := server.Config.Prometheus.Token
if token == "" {
handler.ServeHTTP(c.Writer, c.Request)
return
}
header := c.Request.Header.Get("Authorization")
if header == "" {
c.String(401, errInvalidToken.Error())
return
}
bearer := fmt.Sprintf("Bearer %s", token)
if header != bearer {
c.String(401, errInvalidToken.Error())
return
}
handler.ServeHTTP(c.Writer, c.Request)
}
}

View file

@ -80,6 +80,9 @@ var Config = struct {
// Orgs map[string]struct{}
// Admins map[string]struct{}
}
Prometheus struct {
AuthToken string
}
Pipeline struct {
Limits model.ResourceLimit
Volumes []string