Remove IP filtering code for prometheus metrics (#3059)

Closes #2657
2019-02-20 13:38:16 -05:00
parent 27696d4691
commit 84db9e6fe3
5 changed files with 6 additions and 65 deletions
--- a/config/custom-environment-variables.yml
+++ b/config/custom-environment-variables.yml
@@ -6,7 +6,6 @@ public:
  metrics:
    prometheus:
      enabled: 'METRICS_PROMETHEUS_ENABLED'
-      allowedIps: 'METRICS_PROMETHEUS_ALLOWED_IPS'

  ssl:
    isSecure: 'HTTPS'
--- a/config/default.yml
+++ b/config/default.yml
@@ -5,7 +5,6 @@ public:
  metrics:
    prometheus:
      enabled: false
-      allowedIps: []

  ssl:
    isSecure: false
--- a/core/server/prometheus-metrics.js
+++ b/core/server/prometheus-metrics.js
@@ -2,19 +2,11 @@

 const prometheus = require('prom-client')

-class PrometheusMetrics {
+module.exports = class PrometheusMetrics {
  constructor(config = {}) {
    this.enabled = config.enabled || false
-    const matchNothing = /(?!)/
-    this.allowedIps = config.allowedIps
-      ? new RegExp(config.allowedIps)
-      : matchNothing
    if (this.enabled) {
-      console.log(
-        `Metrics are enabled. Access to /metrics resource is limited to IP addresses matching: ${
-          this.allowedIps
-        }`
-      )
+      console.log('Metrics are enabled.')
    }
  }

@@ -28,16 +20,8 @@ class PrometheusMetrics {

  setRoutes(server, register) {
    server.route(/^\/metrics$/, (data, match, end, ask) => {
-      const ip = ask.req.socket.remoteAddress
-      if (this.allowedIps.test(ip)) {
-        ask.res.setHeader('Content-Type', register.contentType)
-        ask.res.end(register.metrics())
-      } else {
-        ask.res.statusCode = 403
-        ask.res.end()
-      }
+      ask.res.setHeader('Content-Type', register.contentType)
+      ask.res.end(register.metrics())
    })
  }
 }
-
-module.exports = PrometheusMetrics
--- a/core/server/prometheus-metrics.spec.js
+++ b/core/server/prometheus-metrics.spec.js
@@ -43,50 +43,12 @@ describe('Prometheus metrics route', function() {
    expect(await res.text()).to.not.contains('nodejs_version_info')
  })

-  it('returns metrics for allowed IP', async function() {
-    new Metrics({
-      enabled: true,
-      allowedIps: '^(127\\.0\\.0\\.1|::1|::ffff:127\\.0\\.0\\.1)$',
-    }).initialize(camp)
+  it('returns metrics when enabled', async function() {
+    new Metrics({ enabled: true }).initialize(camp)

    const res = await fetch(`${baseUrl}/metrics`)

    expect(res.status).to.be.equal(200)
    expect(await res.text()).to.contains('nodejs_version_info')
  })
-
-  it('returns metrics for request from allowed remote address', async function() {
-    new Metrics({
-      enabled: true,
-      allowedIps: '^(127\\.0\\.0\\.1|::1|::ffff:127\\.0\\.0\\.1)$',
-    }).initialize(camp)
-
-    const res = await fetch(`${baseUrl}/metrics`)
-
-    expect(res.status).to.be.equal(200)
-    expect(await res.text()).to.contains('nodejs_version_info')
-  })
-
-  it('returns 403 for not allowed IP', async function() {
-    new Metrics({
-      enabled: true,
-      allowedIps: '^127\\.0\\.0\\.200$',
-    }).initialize(camp)
-
-    const res = await fetch(`${baseUrl}/metrics`)
-
-    expect(res.status).to.be.equal(403)
-    expect(await res.text()).to.not.contains('nodejs_version_info')
-  })
-
-  it('returns 403 for every request when list with allowed IPs not defined', async function() {
-    new Metrics({
-      enabled: true,
-    }).initialize(camp)
-
-    const res = await fetch(`${baseUrl}/metrics`)
-
-    expect(res.status).to.be.equal(403)
-    expect(await res.text()).to.not.contains('nodejs_version_info')
-  })
 })
--- a/core/server/server.js
+++ b/core/server/server.js
@@ -46,9 +46,6 @@ const publicConfigSchema = Joi.object({
  metrics: {
    prometheus: {
      enabled: Joi.boolean().required(),
-      allowedIps: Joi.array()
-        .items(Joi.string().ip())
-        .required(),
    },
  },
  ssl: {