-
Notifications
You must be signed in to change notification settings - Fork 840
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prometheus HTTP endpoint can have custom authentication #6013
Comments
Related: The upstream |
@fstab 6105 has several major drawbacks discussed with @jack-berg at #5940 which makes it too big of an obstacle to merge IMO. Specifically in this issue, supporting an |
What's going on now? the |
PRs to extend |
I've moved on to another company and don't have time to continue implementing this, sorry. |
Is your feature request related to a problem? Please describe.
Prometheus HTTP endpoint today is unauthenticated. Some attributes may contain sensitive data, hence having the ability to customize access to it would solve that.
Describe the solution you'd like
Ability to customize the
HttpContext
created for metrics handler, using a functional interface (Consumer<HttpContext>
) given in the builder ofProtheusHttpServer
. This will allow setting authentication usingFilter
orAutheticator
.Describe alternatives you've considered
Let the apps wrap them selfs with another proxy implementing the authentication. Aside from the complexity of adding another process doing the authentication, there are cases when the authentication is already implemented inside the app for all other HTTP Endpoints, thus it makes sense to do the authentication in the same app using same code and data. Apache Pulsar is an example. Users can provide an
AuthenticationProvider
plugin, and each request to Pulsar will use it for authentication. Forcing Pulsar users to spin up a proxy which implements the Pulsar code for authentication is awfully complicated.The text was updated successfully, but these errors were encountered: