mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-04-26 21:44:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2376 from tboerger/prometheus-token

Browse source 
Use specific token for prometheus metrics
This commit is contained in:
Brad Rydzewski 2018-03-27 13:23:43 -07:00 committed by GitHub
commit d78cadbbad
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 46 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
cmd/drone-server/server.go
View file

@ -169,6 +169,12 @@ var flags = []cli.Flag{
Usage: "database driver configuration string", Usage: "database driver configuration string",
Value: "drone.sqlite", Value: "drone.sqlite",
}, },
cli.StringFlag{
EnvVar: "DRONE_PROMETHEUS_AUTH_TOKEN",
Name: "prometheus-auth-token",
Usage: "token to secure prometheus metrics endpoint",
Value: "",
},
// //
// resource limit parameters // resource limit parameters
// //
@ -685,6 +691,9 @@ func setupEvilGlobals(c *cli.Context, v store.Store, r remote.Remote) {
// droneserver.Config.Server.Open = cli.Bool("open") // droneserver.Config.Server.Open = cli.Bool("open")
// droneserver.Config.Server.Orgs = sliceToMap(cli.StringSlice("orgs")) // droneserver.Config.Server.Orgs = sliceToMap(cli.StringSlice("orgs"))
// droneserver.Config.Server.Admins = sliceToMap(cli.StringSlice("admin")) // droneserver.Config.Server.Admins = sliceToMap(cli.StringSlice("admin"))
// prometheus
droneserver.Config.Prometheus.AuthToken = c.String("prometheus-auth-token")
} }
type authorizer struct { type authorizer struct {

5
router/router.go
View file

@ -178,10 +178,7 @@ func Load(mux *httptreemux.ContextMux, middleware ...gin.HandlerFunc) http.Handl
monitor := e.Group("/metrics") monitor := e.Group("/metrics")
{ {
monitor.GET("", monitor.GET("", metrics.PromHandler())
session.MustAdmin(),
metrics.PromHandler(),
)
} }
e.GET("/version", server.Version) e.GET("/version", server.Version)

35
server/metrics/prometheus.go
View file

@ -15,14 +15,45 @@
package metrics package metrics
import ( import (
"github.com/gin-gonic/gin" "errors"
"fmt"
"github.com/drone/drone/server"
"github.com/gin-gonic/gin"
"github.com/prometheus/client_golang/prometheus/promhttp" "github.com/prometheus/client_golang/prometheus/promhttp"
) )
var (
// errInvalidToken is returned when the api request token is invalid.
errInvalidToken = errors.New("Invalid or missing token")
)
// PromHandler will pass the call from /api/metrics/prometheus to prometheus // PromHandler will pass the call from /api/metrics/prometheus to prometheus
func PromHandler() gin.HandlerFunc { func PromHandler() gin.HandlerFunc {
handler := promhttp.Handler()
return func(c *gin.Context) { return func(c *gin.Context) {
promhttp.Handler().ServeHTTP(c.Writer, c.Request) token := server.Config.Prometheus.Token
if token == "" {
handler.ServeHTTP(c.Writer, c.Request)
return
}
header := c.Request.Header.Get("Authorization")
if header == "" {
c.String(401, errInvalidToken.Error())
return
}
bearer := fmt.Sprintf("Bearer %s", token)
if header != bearer {
c.String(401, errInvalidToken.Error())
return
}
handler.ServeHTTP(c.Writer, c.Request)
} }
} }

3
server/rpc.go
View file

@ -80,6 +80,9 @@ var Config = struct {
// Orgs map[string]struct{} // Orgs map[string]struct{}
// Admins map[string]struct{} // Admins map[string]struct{}
} }
Prometheus struct {
AuthToken string
}
Pipeline struct { Pipeline struct {
Limits model.ResourceLimit Limits model.ResourceLimit
Volumes []string Volumes []string