search

elastic-ipfs / metrics-collector

collect elastic-ipfs events into metrics
Other
2 stars 0 forks source link

IndexerMetricsCollector checks for authorization #21

Closed gobengo closed 2 years ago

gobengo commented 2 years ago

POST /events shouldn't let just anyone submit an event. It should check for proof of authorization.

For v0 just allow configuring one or more shared secrets that can be used as http basic authorization.

Followup work can add support for zcaps.

AC

gobengo commented 2 years ago

use basic auth instead

base64(user:pass)

gobengo commented 2 years ago

Added. This is configured by the CLIENTS environment variable documented here

The current value for prod is in team secret manager 'metrics-collector production CLIENTS'