Uploaded image for project: 'Hawkular'
  1. Hawkular
  2. HAWKULAR-549

Metrics doesn't seem to be requiring authentication

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 1.0.0.Alpha 11
    • 1.0.0.Alpha3
    • Metrics
    • None

    Description

      It is possible to get metrics from a tenant knowing only a few pieces of information, all of which are "public":

      Example:

      $ curl --ciphers ecdhe_rsa_aes_128_gcm_sha_256 'https://hawkular.kroehling.de/hawkular/metrics/gauges/a79e7b485cd04b90ce1a6ba87f62f039.status.duration/data?buckets=1&end=1439465926443&start=1439462326443' -H 'Hawkular-Tenant: e2f89c8b-5957-4325-94fb-8504f6f734a5' 
[{"start":1439462326443,"end":1439465926443,"value":"NaN","min":489.0,"avg":550.9333333333333,"median":523.0,"max":1955.0,"percentile95th":654.8999999999997,"empty":false}]

      Note the lack of Bearer token or any other auth mechanism (user/pass, for instance).

      Attachments

        Issue Links

          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. HAWKULAR-1032 Remove Hawkular-Tenant from pinger

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. HAWKULAR-1039 Avail creator must use Metrics input queues

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. HAWKULAR-1025 Access-Control-Allow-Origin multiple values

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              rhn-engineering-tsegismo Thomas Segismont
              jpkroehling@redhat.com Juraci Paixão Kröhling (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: