fix(prometheus): Disable authorization for metrics scraping endpoint

CHANGES-5.0.md

@@ -0,0 +1,5 @@
+# 5.0.1
+
+## Enhancements
+
+* Removed management API auth for prometheus scraping endpoint /api/v5/prometheus/stats [PR](https://github.com/emqx/emqx/pull/8299)

apps/emqx_authn/src/emqx_authn.appup.src

@@ -1,8 +1,5 @@
+%% -*- mode: erlang -*-
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
-  [{"0.1.0",
-    [{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]},
-   {<<".*">>,[]}],
-  [{"0.1.0",
-    [{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]},
-   {<<".*">>,[]}]}.
+  [{"0.1.0",[{load_module,emqx_authn_utils,brutal_purge,soft_purge,[]}]}],
+  [{"0.1.0",[{load_module,emqx_authn_utils,brutal_purge,soft_purge,[]}]}]}.

apps/emqx_authz/src/emqx_authz.appup.src

@@ -1,8 +1,7 @@
+%% -*- mode: erlang -*-
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
-  [{"0.1.1",
-    [{load_module,emqx_authn_utils,brutal_purge,soft_purge,[]}]},
-   {<<".*">>,[]}],
-  [{"0.1.1",
-    [{load_module,emqx_authn_utils,brutal_purge,soft_purge,[]}]},
-   {<<".*">>,[]}]}.
+  [{"0.1.0",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]},
+   {"0.1.1",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}],
+  [{"0.1.0",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]},
+   {"0.1.1",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}]}.

apps/emqx_prometheus/src/emqx_prometheus.app.src

@@ -2,7 +2,7 @@
 {application, emqx_prometheus, [
     {description, "Prometheus for EMQX"},
     % strict semver, bump manually!
-    {vsn, "5.0.0"},
+    {vsn, "5.0.1"},
     {modules, []},
     {registered, [emqx_prometheus_sup]},
     {applications, [kernel, stdlib, prometheus, emqx]},

apps/emqx_prometheus/src/emqx_prometheus.appup.src

@@ -0,0 +1,5 @@
+%% -*- mode: erlang -*-
+%% Unless you know what you are doing, DO NOT edit manually!!
+{VSN,
+  [{"5.0.0",[{load_module,emqx_prometheus_api,brutal_purge,soft_purge,[]}]}],
+  [{"5.0.0",[{load_module,emqx_prometheus_api,brutal_purge,soft_purge,[]}]}]}.

apps/emqx_prometheus/src/emqx_prometheus_api.erl

@@ -67,6 +67,7 @@ schema("/prometheus/stats") ->
         get =>
             #{
                 description => <<"Get Prometheus Data">>,
+                security => [],
                 responses =>
                     #{200 => prometheus_data_schema()}
             }

scripts/update-appup.sh

@@ -8,6 +8,11 @@
 set -euo pipefail
 set -x
 
+[ -d _checkouts ] && {
+    echo "Checkouts directory has been found, the resulting appup files will be incorrect. Exiting."
+    exit 1
+}
+
 usage() {
     echo "$0 PROFILE"
 }

scripts/update_appup.escript

@@ -479,18 +479,20 @@ check_appup(App, Upgrade, Downgrade, OldUpgrade, OldDowngrade) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 render_appup(App, File, Up, Down) ->
-    IsCheck = getopt(check),
-    case do_read_appup(File) of
-        {ok, {U, D}} when U =:= Up andalso D =:= Down ->
-            ok;
-        {ok, {OldU, OldD}} when IsCheck ->
-            check_appup(App, Up, Down, OldU, OldD);
-        {ok, {_, _}} ->
-            do_render_appup(File, Up, Down);
-        {error, enoent} when IsCheck ->
-            %% failed to read old file, exit
-            log("ERROR: ~s is missing", [File]),
-            set_invalid()
+    case getopt(check) of
+        true ->
+            case do_read_appup(File) of
+                {ok, {U, D}} when U =:= Up andalso D =:= Down ->
+                    ok;
+                {ok, {OldU, OldD}} ->
+                    check_appup(App, Up, Down, OldU, OldD);
+                {error, enoent} ->
+                    %% failed to read old file, exit
+                    log("ERROR: ~s is missing", [File]),
+                    set_invalid()
+            end;
+        false ->
+            do_render_appup(File, Up, Down)
     end.
 
 do_render_appup(File, Up, Down) ->