How to exclude endpoints?

Question

How to exclude endpoints?

mittal-umang opened this issue 2 years ago · 6 comments

mittal-umang commented 2 years ago

Is there a way I can exclude certain endpoints in my application. I'm using the FastAPI implementation of pyctuator.

SteffiHerbst commented a year ago

+1

Answer 1 · 2023-03-11T22:34:18.000Z

Can you give an example for an endpoint you want to exclude?

Answer 2 · 2023-03-12T05:44:54.000Z

I would want to make my production environment's env endpoint excluded so that secrets are not visible.

Answer 3 · 2023-11-05T09:29:22.000Z

Sorry for the delay.
@mittal-umang I'm still not sure what are you asking for.

Do you want to be able to toggle pyctuator endpoints?
If so, can you give an example for pyctuator endpoint you want to exclude.

Or do you want to exclude some env-variables from being returned by pyctuator?

Another option is to run expose pyctuator on a separate port altogether as can be done when using spring-boot.
If this is what you are looking for, guess you need two instances of fastapi.

Answer 4 · 2024-01-06T01:32:01.000Z

Hey @michaelyaakoby I needed the same functionality as @mittal-umang and I did my implementation for it.

What we want is to turn on or off certain sensitive endpoints. For example, we don't want /env to be exposed in production but we still need other actuators. I ended up adding a configuration called enabled_endpoints when initializing the Pyctuator class that lets us do that.

You can check it out in my forked repo https://github.com/joeraad/pyctuator/tree/toggle_enabled_endpoints

I am only experienced in FastAPI, so currently it's only supported there. I'll need some help with properly adding this feature to the main repo.

Answer 5 · 2024-01-06T21:48:42.000Z

Hi @joeraad,
Thanks for the clarification and first attempt implementing this - its a good start.

I reviewed your fork, please see my comments to your commit.

Regarding extending support to all frameworks, please start with adding a test to tests/test_pyctuator_e2e.py that disables an endpoints and asserts its not returned in the list of links and if you explicitly try to read it you get 404.
Once you have this test, you'll be able to get feedback for all supported web-frameworks.

Specifically:

Tornado - in tornado_pyctuator.TornadoHttpPyctuator, need to filter the handlers being registered.
Flask - is very similar to FastAPI
Aiohttp - need to filter the handlers registered by add_router

Will be great if you can "fix" the issues I pointed out and complete this feature - i will try to help.

Thanks,
Michael