search

yabeda-rb / yabeda-prometheus

Adapter to expose metrics collected by Yabeda plugins to Prometheus
MIT License
110 stars 17 forks source link

Authentication bearer token #29

Open Traver72 opened 3 days ago

Traver72 commented 3 days ago

Thanks for all the work on this great gem. Is there a simple way to protect the "/metrics" endpoint using a bearer token? Or is it the way to go to use a middleware for this? As far as I know, it is possible to configure prometheus server so that you can use bearer token for scraping servers.

Envek commented 3 days ago

Yabeda exporter extends exporter from Prometheus Ruby client which is a Rack middleware.

Probably, easiest way is to just place bearer checking middleware (like this one: https://github.com/yujideveloper/rack-bearer_auth) before exporter with the same path.

Something like this:

use Rack::BearerAuth::Middleware do
  match path: "/metrics", token: "very_secret"
end

use Yabeda::Prometheus::Exporter
Traver72 commented 3 days ago

Thank you very much for your quick reply. I may rephrase my question. What is the best practice not to make the metrics path publicly accessible? Especially via a bearer token, or is another way more common?