Prometheus metrics endpoint is protected by basic auth

[zhangluva]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Overview of the Issue

When config Metrics to use prometheus, the /metrics endpoint is protected if basic auth is enabled

Reproduction Steps

• Config Atlantis to enable basic auth.
• Config Atlantis to enable metrics and uses prometheus
• Start server
• Hit the configured metrics endpoint curl localhost:4141/metrics, it will result in 401 error.

Logs

Logs

{"level":"debug","ts":"2022-07-15T15:03:41.448Z","caller":"server/middleware.go:44","msg":"GET /metrics – from 127.0.0.1:58576","json":{}}
{"level":"debug","ts":"2022-07-15T15:03:41.448Z","caller":"server/middleware.go:70","msg":"GET /metrics – respond HTTP 401","json":{}}

Environment details

• Atlantis version: v0.19.6
• If not running the latest Atlantis version have you tried to reproduce this issue on the latest version:
• Atlantis flags: --repo-allowlist '*' --repo-config /etc/repo.yaml --log-level debug

Atlantis server-side config file:

# config file
metrics:
  prometheus:
    endpoint: /metrics

Repo atlantis.yaml file:

# config file

Additional Context

[evkuzin]

Hit the same issue and realised that the solution would be a one-line PR.

[xavixendit]

The solution is not to hardcode the endpoints to be omit on the Auth as it doesnt follow the concept of Secure by Default. --skip-web-auth="/a,/b,/c" something like that may work better.