Open csterwa opened 9 months ago
I think this is probably a duplicate of https://github.com/spring-projects/spring-boot/pull/29596.
I think so as well. Marking as a duplicate of #29596
We're reopening this to consider as part of our 3.4 actuator theme. We want to offer restrictions based on the operations, not necessarily the technologies used to expose them.
Problem Statement
There are situations where actuators are added to applications for enhancing troubleshooting and runtime management to Spring Boot applications. These actuators could have PUT, POST and DELETE endpoints (
@WriteOperation
) that could be accessed on that application's actuator port. There are concerns about keeping these actuators, or even worse accidentally, getting into production environments with these accessible.Is it possible for actuators to automatically add a configuration option to enable/disable read or write operations? It would be nice to have this be configurable on:
/actuator/logging
Current Operations
Currently, there is
@ReadOperation
and@WriteOperation
annotations that map to HTTP verbs. Perhaps having the option of disabling write operations would help with this need.