Skip to content

Commit

Permalink
Force to specify not empty secret for metrics endpoint
Browse files Browse the repository at this point in the history 
Signed-off-by: Gladkov Alexey <agladkov@redhat.com>
  • Loading branch information
@legionus
legionus committed Apr 25, 2017
1 parent 3271ed1 commit 1aae28d
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
5 changes: 4 additions & 1 deletion images/dockerregistry/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,7 @@ openshift:
version: 1.0
metrics:
enabled: false
secret: TopSecretToken
# secret is used to authenticate to metrics endpoint. It cannot be empty.
# Attention! A weak secret can lead to the leakage of private data.
#
# secret: TopSecretLongToken
3 changes: 3 additions & 0 deletions pkg/cmd/dockerregistry/dockerregistry.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,9 @@ func Execute(configFile io.Reader) {

// Registry extensions endpoint provides prometheus metrics.
if extraConfig.Metrics.Enabled {
if len(extraConfig.Metrics.Secret) == 0 {
context.GetLogger(app).Fatalf("openshift.metrics.secret field cannot be empty when metrics are enabled")
}
server.RegisterMetricHandler(app)
}

Expand Down

0 comments on commit 1aae28d

Please sign in to comment.