RepoMirrors
/
prometheus
mirror of https://github.com/prometheus/prometheus
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

web: disable Amin APIs by default

This commit is contained in:
Fabian Reinartz 2017-07-10 09:29:41 +02:00
parent ccf9e62972
commit 45ac064669
3 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/prometheus/main.go
View File

@ -127,6 +127,9 @@ func main() {
a.Flag("web.enable-remote-shutdown", "Enable shutdown via HTTP request."). a.Flag("web.enable-remote-shutdown", "Enable shutdown via HTTP request.").
Default("false").BoolVar(&cfg.web.EnableQuit) Default("false").BoolVar(&cfg.web.EnableQuit)
a.Flag("web.enable-admin-api", "Enables API endpoints for admin control actions").
Default("false").BoolVar(&cfg.web.EnableAdminAPI)
a.Flag("web.console.templates", "Path to the console template directory, available at /consoles."). a.Flag("web.console.templates", "Path to the console template directory, available at /consoles.").
Default("consoles").StringVar(&cfg.web.ConsoleTemplatesPath) Default("consoles").StringVar(&cfg.web.ConsoleTemplatesPath)

24
web/api/v2/api.go
View File

@ -44,6 +44,7 @@ import (
// API encapsulates all API services. // API encapsulates all API services.
type API struct { type API struct {
enableAdmin bool
now func() time.Time now func() time.Time
db *tsdb.DB db *tsdb.DB
q func(mint, maxt int64) storage.Querier q func(mint, maxt int64) storage.Querier
@ -59,6 +60,7 @@ func New(
q func(mint, maxt int64) storage.Querier, q func(mint, maxt int64) storage.Querier,
targets func() []*retrieval.Target, targets func() []*retrieval.Target,
alertmanagers func() []*url.URL, alertmanagers func() []*url.URL,
enableAdmin bool,
) *API { ) *API {
return &API{ return &API{
now: now, now: now,
@ -66,12 +68,17 @@ func New(
q: q, q: q,
targets: targets, targets: targets,
alertmanagers: alertmanagers, alertmanagers: alertmanagers,
enableAdmin: enableAdmin,
} }
} }
// RegisterGRPC registers all API services with the given server. // RegisterGRPC registers all API services with the given server.
func (api *API) RegisterGRPC(srv *grpc.Server) { func (api *API) RegisterGRPC(srv *grpc.Server) {
pb.RegisterAdminServer(srv, NewAdmin(api.db)) if api.enableAdmin {
pb.RegisterAdminServer(srv, NewAdmin(api.db))
} else {
pb.RegisterAdminServer(srv, &adminDisabled{})
}
} }
// HTTPHandler returns an HTTP handler for a REST API gateway to the given grpc address. // HTTPHandler returns an HTTP handler for a REST API gateway to the given grpc address.
@ -125,6 +132,21 @@ func labelsToProto(lset labels.Labels) pb.Labels {
return r return r
} }
// adminDisabled implements the administration interface that informs
// that the API endpoints are disbaled.
type adminDisabled struct {
}
// TSDBSnapshot implements pb.AdminServer.
func (s *adminDisabled) TSDBSnapshot(_ context.Context, _ *pb.TSDBSnapshotRequest) (*pb.TSDBSnapshotResponse, error) {
return nil, status.Error(codes.Unavailable, "Admin APIs are disabled")
}
// DeleteSeries imeplements pb.AdminServer.
func (s *adminDisabled) DeleteSeries(_ context.Context, r *pb.SeriesDeleteRequest) (*pb.SeriesDeleteResponse, error) {
return nil, status.Error(codes.Unavailable, "Admin APIs are disabled")
}
// Admin provides an administration interface to Prometheus. // Admin provides an administration interface to Prometheus.
type Admin struct { type Admin struct {
db *tsdb.DB db *tsdb.DB

2
web/web.go
View File

@ -133,6 +133,7 @@ type Options struct {
ConsoleTemplatesPath string ConsoleTemplatesPath string
ConsoleLibrariesPath string ConsoleLibrariesPath string
EnableQuit bool EnableQuit bool
EnableAdminAPI bool
} }
// New initializes a new web Handler. // New initializes a new web Handler.
@ -301,6 +302,7 @@ func (h *Handler) Run(ctx context.Context) error {
func() []*url.URL { func() []*url.URL {
return h.options.Notifier.Alertmanagers() return h.options.Notifier.Alertmanagers()
}, },
h.options.EnableAdminAPI,
) )
av2.RegisterGRPC(grpcSrv) av2.RegisterGRPC(grpcSrv)