diff --git a/apps/emqx_prometheus/src/emqx_prometheus_api.erl b/apps/emqx_prometheus/src/emqx_prometheus_api.erl index 3072ab5a7..b08cd8388 100644 --- a/apps/emqx_prometheus/src/emqx_prometheus_api.erl +++ b/apps/emqx_prometheus/src/emqx_prometheus_api.erl @@ -68,12 +68,17 @@ schema("/prometheus/stats") -> #{ description => ?DESC(get_prom_data), tags => ?TAGS, - security => [], + security => security(), responses => #{200 => prometheus_data_schema()} } }. +security() -> + case emqx_config:get([prometheus, enable_basic_auth], false) of + true -> [#{'basicAuth' => []}, #{'bearerAuth' => []}]; + false -> [] + end. %%-------------------------------------------------------------------- %% API Handler funcs %%-------------------------------------------------------------------- diff --git a/apps/emqx_prometheus/src/emqx_prometheus_config.erl b/apps/emqx_prometheus/src/emqx_prometheus_config.erl index 7cc5c7f8b..a3c20a7af 100644 --- a/apps/emqx_prometheus/src/emqx_prometheus_config.erl +++ b/apps/emqx_prometheus/src/emqx_prometheus_config.erl @@ -46,9 +46,10 @@ remove_handler() -> ok = emqx_config_handler:remove_handler(?PROMETHEUS), ok. -post_config_update(?PROMETHEUS, _Req, New, _Old, AppEnvs) -> +post_config_update(?PROMETHEUS, _Req, New, Old, AppEnvs) -> update_prometheus(AppEnvs), - update_push_gateway(New); + update_push_gateway(New), + update_auth(New, Old); post_config_update(_ConfPath, _Req, _NewConf, _OldConf, _AppEnvs) -> ok. @@ -76,6 +77,12 @@ update_push_gateway(Prometheus) -> emqx_prometheus_sup:stop_child(?APP) end. +update_auth(#{enable_basic_auth := New}, #{enable_basic_auth := Old}) when New =/= Old -> + emqx_dashboard_listener:regenerate_minirest_dispatch(), + ok; +update_auth(_, _) -> + ok. + conf() -> emqx_config:get(?PROMETHEUS). diff --git a/apps/emqx_prometheus/test/emqx_prometheus_api_SUITE.erl b/apps/emqx_prometheus/test/emqx_prometheus_api_SUITE.erl index 26957ed23..dc56841ad 100644 --- a/apps/emqx_prometheus/test/emqx_prometheus_api_SUITE.erl +++ b/apps/emqx_prometheus/test/emqx_prometheus_api_SUITE.erl @@ -36,8 +36,8 @@ all() -> groups() -> [ - {new_config, [sequence], [t_stats_api, t_prometheus_api]}, - {legacy_config, [sequence], [t_stats_api, t_legacy_prometheus_api]} + {new_config, [sequence], [t_stats_auth_api, t_stats_no_auth_api, t_prometheus_api]}, + {legacy_config, [sequence], [t_stats_no_auth_api, t_legacy_prometheus_api]} ]. init_per_suite(Config) -> @@ -263,21 +263,34 @@ t_prometheus_api(_) -> ), ok. -t_stats_api(_) -> - Path = emqx_mgmt_api_test_util:api_path(["prometheus", "stats"]), - Auth = emqx_mgmt_api_test_util:auth_header_(), - Headers = [{"accept", "application/json"}, Auth], - {ok, Response} = emqx_mgmt_api_test_util:request_api(get, Path, "", Headers), +t_stats_no_auth_api(_) -> + %% undefined is legacy prometheus + case emqx:get_config([prometheus, enable_basic_auth], undefined) of + true -> + {ok, _} = emqx:update_config([prometheus, enable_basic_auth], false), + emqx_dashboard_listener:regenerate_minirest_dispatch(); + _ -> + ok + end, + emqx_dashboard_listener:regenerate_minirest_dispatch(), + Json = [{"accept", "application/json"}], + request_stats(Json, []). +t_stats_auth_api(_) -> + {ok, _} = emqx:update_config([prometheus, enable_basic_auth], true), + Auth = emqx_mgmt_api_test_util:auth_header_(), + JsonAuth = [{"accept", "application/json"}, Auth], + request_stats(JsonAuth, Auth), + ok. + +request_stats(JsonAuth, Auth) -> + Path = emqx_mgmt_api_test_util:api_path(["prometheus", "stats"]), + {ok, Response} = emqx_mgmt_api_test_util:request_api(get, Path, "", JsonAuth), Data = emqx_utils_json:decode(Response, [return_maps]), ?assertMatch(#{<<"client">> := _, <<"delivery">> := _}, Data), - {ok, _} = emqx_mgmt_api_test_util:request_api(get, Path, "", Auth), - ok = meck:expect(mria_rlog, backend, fun() -> rlog end), - {ok, _} = emqx_mgmt_api_test_util:request_api(get, Path, "", Auth), - - ok. + {ok, _} = emqx_mgmt_api_test_util:request_api(get, Path, "", Auth). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% Internal Functions