Feature: Route graphite requests via dashboard server to improve security.
Closed this issue · 4 comments
Issue:
Currently, the metrics tab js connects direct to the Graphite server, meaning that in a deployment the Graphite server has to directly exposed to the client, allowing the client to view any metrics in Graphite.
Suggested fix:
Create a new view function that proxies the graphite requests, ensuring that the user is authenticated and that they have the correct permissions to access that app, by checking the .tsuru.<APP_ID> field in the graphite query string.
I'm more than happy to contribute this fix if this is a preferred approach; the other benefit here is that you can run the whole dashboard behind a single SSL certificate.
I believe that to add a view to be a proxy between dashboard and metric backend is the easier way to fix it.
if that starts an overhead in the dashboard we can add a cache to this proxy view.
We (alphagov) started this story but after a conversation this morning after our standup, we decided to park it for now as we didn't feel we had the right answers to the question of how we approach metrics for a platform. The work in progress is available here: https://github.com/alphagov/tsuru-dashboard/tree/f-add_auth_access_proxy but it is not finished; there is no test nor has the client side JS been altered to work with the new api.
If there are any Globo or others thoughts on how to achieve this type of metrics securely and be able to provide isolated read and write to graphite on an App basis, we'd love to hear.
@dhilton do you feel that the proxy is not enough?
closed by f4567d0