rest-server icon indicating copy to clipboard operation
rest-server copied to clipboard
verified publisher icon restic

Make /metrics available without authentication or give the option for metrics-only usernames

Open strayer opened this issue 5 years ago • 2 comments

Output of rest-server --version

rest-server manually compiled with go1.14.7 on linux/amd64 https://github.com/restic/rest-server/commit/84b6955260d9cbaa9b5b7e1cdde76d1c45a131ed

What should rest-server do differently?

A possible solution could be a parameter making /metrics completely public even when authentication is enabled. Another solution would be a parameter that specifies a username that should only be allowed to access /metrics and not store/read backups.

What are you trying to do? What is your use case?

I want to give a service read-only access to the metrics endpoint and avoid giving it more permissions than it needs to have for its purpose.

strayer avatar Aug 12 '20 09:08 strayer

PR #112 already changes how /metrics permission handling works. I actually want to optionally move the /metrics to a different port so that you can manage access and bind addresses independently.

wojas avatar Aug 12 '20 09:08 wojas

A different port makes a lot of sense for metrics

micah avatar Mar 23 '21 18:03 micah