cf-gitbot
commented
8 years ago We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/115925329.
Closed hsiliev closed 8 years ago
cf-gitbot
commented
8 years ago We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/115925329.
hsiliev
commented
8 years ago Can we simply disable the endpoints (via environment variable for instance) until we find a better approach for monitoring?
KRuelY
commented
8 years ago I looked at turbine's github and it seems that the latest pull request is enabling basic auth to turbine. What we can do is secure the /hystrix.stream with basic auth.
hsiliev
commented
8 years ago Latest dashboard and Eureka also support basic auth, so it seems we can use basic for healthcheck and stream endpoints.
KRuelY
commented
8 years ago Okay I think securing them with basic auth is the way to go. The problem with turbine is we're using version 1.x, or at least that's what we have in the monitor doc The basic auth is only in the turbine version 2.x.
KRuelY
commented
8 years ago From the basic token, Abacus will get the bearer token from authorization server and authorize the user if the user has abacus.system.read. Closing.
We expose /hystrix.stream and /health endpoints that are not secured. They expose a lot of information about the internals of Abacus pipeline.
IMHO they should be secured with abacus.system token, but this will break Eureka and Turbine.
More around monitoring secure Abacus installation: https://github.com/cloudfoundry-incubator/cf-abacus/blob/master/doc/monitor.md#secured-installation