nacos icon indicating copy to clipboard operation
nacos copied to clipboard

Published 20 hours ago verified publisher icon alibaba

Prometheus sd api security is not compatiable with nacos original security configs

Open Joey777210 opened this issue 1 year ago • 7 comments

Describe the bug I'm a bit confused of how to use the prometheus auth. Has anyone tested the code in PrometheusAuthFilter and PrometheusSecurityConfiguration ? nacos.core.auth.enabled=false is not working for PrometheusAuthFilter. And it seems not compatible with the original security configs either.

Joey777210 avatar Jul 08 '23 14:07 Joey777210

I think we have to re-design auth module for prometheus sd. Use nacos's org Annotation @Secured seems to be the easy way.

Joey777210 avatar Jul 08 '23 15:07 Joey777210

prometheus support OAuth and Basic Auth, But nacos' auth is self system, not OAuth and Basic Auth implementation.

So prometheus module should not use nacos' auth

KomachiSion avatar Jul 10 '23 02:07 KomachiSion

ok,but how current security codes in prometheus modul works?

Joey777210 avatar Jul 12 '23 07:07 Joey777210

Added from https://github.com/alibaba/nacos/pull/9912 .

It seems use spring security directly to support standard Basic Auth.

The original PR author has AFK and no submit usage document.

I think you can help community to enhance the auth usage if it can't work like other issue and add more document about this feature.

KomachiSion avatar Jul 13 '23 02:07 KomachiSion

@Joey777210 any process?

KomachiSion avatar Aug 17 '23 03:08 KomachiSion

If no process for this issue, I suggest add current usage document first and close #10662 . Keep this issue todo in next version.

KomachiSion avatar Aug 17 '23 03:08 KomachiSion

@i will solve it@

karsonto avatar Nov 15 '23 10:11 karsonto