From a9ec193ef8fd7bb41ea4d8e3b6ccc895f9b359ed Mon Sep 17 00:00:00 2001 From: ieQu1 <99872536+ieQu1@users.noreply.github.com> Date: Wed, 22 Jun 2022 14:34:15 +0200 Subject: [PATCH] fix(prometheus): Disable authorization for metrics scraping endpoint --- CHANGES-5.0.md | 5 ++++ apps/emqx_authn/src/emqx_authn.appup.src | 9 +++---- apps/emqx_authz/src/emqx_authz.appup.src | 11 ++++---- .../src/emqx_prometheus.app.src | 2 +- .../src/emqx_prometheus.appup.src | 5 ++++ .../src/emqx_prometheus_api.erl | 1 + scripts/update-appup.sh | 5 ++++ scripts/update_appup.escript | 26 ++++++++++--------- 8 files changed, 39 insertions(+), 25 deletions(-) create mode 100644 CHANGES-5.0.md create mode 100644 apps/emqx_prometheus/src/emqx_prometheus.appup.src diff --git a/CHANGES-5.0.md b/CHANGES-5.0.md new file mode 100644 index 000000000..cc68f1802 --- /dev/null +++ b/CHANGES-5.0.md @@ -0,0 +1,5 @@ +# 5.0.1 + +## Enhancements + +* Removed management API auth for prometheus scraping endpoint /api/v5/prometheus/stats [PR](https://github.com/emqx/emqx/pull/8299) diff --git a/apps/emqx_authn/src/emqx_authn.appup.src b/apps/emqx_authn/src/emqx_authn.appup.src index 54b81ffba..eccbcd60b 100644 --- a/apps/emqx_authn/src/emqx_authn.appup.src +++ b/apps/emqx_authn/src/emqx_authn.appup.src @@ -1,8 +1,5 @@ +%% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"0.1.0", - [{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}, - {<<".*">>,[]}], - [{"0.1.0", - [{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}, - {<<".*">>,[]}]}. + [{"0.1.0",[{load_module,emqx_authn_utils,brutal_purge,soft_purge,[]}]}], + [{"0.1.0",[{load_module,emqx_authn_utils,brutal_purge,soft_purge,[]}]}]}. diff --git a/apps/emqx_authz/src/emqx_authz.appup.src b/apps/emqx_authz/src/emqx_authz.appup.src index 897c78c59..9bf34f5b9 100644 --- a/apps/emqx_authz/src/emqx_authz.appup.src +++ b/apps/emqx_authz/src/emqx_authz.appup.src @@ -1,8 +1,7 @@ +%% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"0.1.1", - [{load_module,emqx_authn_utils,brutal_purge,soft_purge,[]}]}, - {<<".*">>,[]}], - [{"0.1.1", - [{load_module,emqx_authn_utils,brutal_purge,soft_purge,[]}]}, - {<<".*">>,[]}]}. + [{"0.1.0",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}, + {"0.1.1",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}], + [{"0.1.0",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}, + {"0.1.1",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}]}. diff --git a/apps/emqx_prometheus/src/emqx_prometheus.app.src b/apps/emqx_prometheus/src/emqx_prometheus.app.src index de3089524..cc423f7c6 100644 --- a/apps/emqx_prometheus/src/emqx_prometheus.app.src +++ b/apps/emqx_prometheus/src/emqx_prometheus.app.src @@ -2,7 +2,7 @@ {application, emqx_prometheus, [ {description, "Prometheus for EMQX"}, % strict semver, bump manually! - {vsn, "5.0.0"}, + {vsn, "5.0.1"}, {modules, []}, {registered, [emqx_prometheus_sup]}, {applications, [kernel, stdlib, prometheus, emqx]}, diff --git a/apps/emqx_prometheus/src/emqx_prometheus.appup.src b/apps/emqx_prometheus/src/emqx_prometheus.appup.src new file mode 100644 index 000000000..babad329f --- /dev/null +++ b/apps/emqx_prometheus/src/emqx_prometheus.appup.src @@ -0,0 +1,5 @@ +%% -*- mode: erlang -*- +%% Unless you know what you are doing, DO NOT edit manually!! +{VSN, + [{"5.0.0",[{load_module,emqx_prometheus_api,brutal_purge,soft_purge,[]}]}], + [{"5.0.0",[{load_module,emqx_prometheus_api,brutal_purge,soft_purge,[]}]}]}. diff --git a/apps/emqx_prometheus/src/emqx_prometheus_api.erl b/apps/emqx_prometheus/src/emqx_prometheus_api.erl index 01764e1b5..d024c5f69 100644 --- a/apps/emqx_prometheus/src/emqx_prometheus_api.erl +++ b/apps/emqx_prometheus/src/emqx_prometheus_api.erl @@ -67,6 +67,7 @@ schema("/prometheus/stats") -> get => #{ description => <<"Get Prometheus Data">>, + security => [], responses => #{200 => prometheus_data_schema()} } diff --git a/scripts/update-appup.sh b/scripts/update-appup.sh index 28e50ec61..1f2b23435 100755 --- a/scripts/update-appup.sh +++ b/scripts/update-appup.sh @@ -8,6 +8,11 @@ set -euo pipefail set -x +[ -d _checkouts ] && { + echo "Checkouts directory has been found, the resulting appup files will be incorrect. Exiting." + exit 1 +} + usage() { echo "$0 PROFILE" } diff --git a/scripts/update_appup.escript b/scripts/update_appup.escript index 3a3eee3a1..f18659d2b 100755 --- a/scripts/update_appup.escript +++ b/scripts/update_appup.escript @@ -479,18 +479,20 @@ check_appup(App, Upgrade, Downgrade, OldUpgrade, OldDowngrade) -> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% render_appup(App, File, Up, Down) -> - IsCheck = getopt(check), - case do_read_appup(File) of - {ok, {U, D}} when U =:= Up andalso D =:= Down -> - ok; - {ok, {OldU, OldD}} when IsCheck -> - check_appup(App, Up, Down, OldU, OldD); - {ok, {_, _}} -> - do_render_appup(File, Up, Down); - {error, enoent} when IsCheck -> - %% failed to read old file, exit - log("ERROR: ~s is missing", [File]), - set_invalid() + case getopt(check) of + true -> + case do_read_appup(File) of + {ok, {U, D}} when U =:= Up andalso D =:= Down -> + ok; + {ok, {OldU, OldD}} -> + check_appup(App, Up, Down, OldU, OldD); + {error, enoent} -> + %% failed to read old file, exit + log("ERROR: ~s is missing", [File]), + set_invalid() + end; + false -> + do_render_appup(File, Up, Down) end. do_render_appup(File, Up, Down) ->