Closed greenpau closed 4 years ago
One way to get this working ...
Add is_valid_token
below to prometheus_exporter.py
:
from functools import wraps
from flask import request, abort
def is_valid_token(f):
@wraps(f)
def decorated_function(*args, **kwargs):
auth_header = None
auth_headers = ['Authorization', 'X-Auth-Token', 'X-Token', 'x-token', 'access_token']
for h in auth_headers:
if h in request.headers:
auth_header = h
break
if not auth_header:
abort(401)
data = request.headers[auth_header].encode('ascii','ignore')
token = str.replace(str(data), 'Bearer ','').replace('bearer ','')
if token != '8d4648d9-f7cd-4c88-b80f-72f699afa695':
abort(401)
return f(*args, **kwargs)
return decorated_function
Then add is_valid_token
decorator to the index
function:
class Metrics(BaseView):
@expose('/')
@is_valid_token
def index(self):
return Response(generate_latest(), mimetype='text/plain')
Then, access the interface with the token:
curl -H 'X-Auth-Token: 8d4648d9-f7cd-4c88-b80f-72f699afa695' -v https://localhost/admin/metrics/
# TYPE python_info gauge
python_info{implementation="CPython",major="2",minor="7",patchlevel="5",version="2.7.5"} 1.0
There is probably an easy way to store the token in airflow config file. Will look it up.
Also, this method has to (but does not) account for someone viewing the metrics from UI. If a UI user have a valid session, then allow them in.
With the latest commit, the exporter allows authenticated users to view Metrics page.
Closing this with "wont fix", I believe that metrics are a part of infrastructure, if you need to limit access, use any pre-existing reverse http-proxy like nginx or caddy to setup http auth.
What is the quickest way to add authentication to the plugin? e.g. modifying the path?