Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configuring basic auth in Distillery #30

Open
acrogenesis opened this issue Apr 21, 2019 · 9 comments
Open

Configuring basic auth in Distillery #30

acrogenesis opened this issue Apr 21, 2019 · 9 comments

Comments

@acrogenesis
Copy link

In my rel/config/config.exs
I set

config :prometheus, ValiotApp.PrometheusExporter,
  auth: {:basic, System.get_env("METRICS_USER"), System.get_env("METRICS_PASS")}

But PrometheusExporter isn't using this configuration. If I instead set it on config/prod.exs it uses the configuration but the env variables aren't set at build time so it has an empty user and password.

I believe it might by related to #25
@acrogenesis
Copy link
Author

acrogenesis commented Apr 21, 2019
edited
Loading

So the problem is evaluated at compile time plug_exporter.ex#L74 I think we could how that particular config is handled, or we could change how deadtrickster/prometheus.ex/lib/prometheus/config.ex#L48 works. The latter seems a better option but a lot more complicated.

@deadtrickster
Copy link
Owner

maybe add a switch for an option, like :runtime t

@acrogenesis
Copy link
Author

I'm trying something along those lines but I'm having trouble with the metaprogramming 🤯

@philipgiuliani
Copy link

Having the same problem. Distillery's REPLACE_OS_VARS=true does not work because of the tuple structure:

config :prometheus, MyApp.Metrics.Plug,
  auth: {:basic, "prometheus", "${PROMETHEUS_PASSWORD}"}

@philipgiuliani
Copy link

Im the meanwhile, I was able to workaround this problem by adding https://github.com/CultivateHQ/basic_auth and handling authentication myself.

config.exs

config :prometheus, MyApp.Metrics.Plug,
  path: "/"

config :myapp, prometheus_basic_auth: [
  username: "prometheus",
  password: "${PROMETHEUS_PASSWORD}"
]

router.ex

  pipeline :metrics do
    plug BasicAuth, use_config: {:myapp, :prometheus_basic_auth}
  end

  scope "/metrics" do
    pipe_through :metrics

    forward "/", MyApp.Metrics.Plug
  end

@acrogenesis
Copy link
Author

Nice idea @philipgiuliani thanks!

@ssajnani
Copy link

Use https://github.com/azohra/ptolemy to get your secrets during runtime and have an external system like vault to manage your secrets.

@xdays
Copy link

xdays commented Apr 21, 2020
edited
Loading

note: you need deleteplug MyApp.MetricsExporter from endpoint.ex if you define you own basic auth plug.

@akoutmos
Copy link

akoutmos commented May 9, 2020

I maintain an Elixir library that I use to conditionally execute Plugs at runtime: https://github.com/akoutmos/unplug

We wrote our own predicate for Unplug and then just conditionally execute the PlugExporter at runtime based on the current request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@deadtrickster @acrogenesis @xdays @akoutmos @philipgiuliani @ssajnani