You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "Thomas Tauber-Marshall (Jira)" <ji...@apache.org> on 2020/09/03 22:50:00 UTC
[jira] [Resolved] (IMPALA-10010) Allow unathenticated access to
some webui endpoints
[ https://issues.apache.org/jira/browse/IMPALA-10010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Tauber-Marshall resolved IMPALA-10010.
---------------------------------------------
Fix Version/s: Impala 4.0
Resolution: Fixed
> Allow unathenticated access to some webui endpoints
> ---------------------------------------------------
>
> Key: IMPALA-10010
> URL: https://issues.apache.org/jira/browse/IMPALA-10010
> Project: IMPALA
> Issue Type: Task
> Components: Clients
> Reporter: Thomas Tauber-Marshall
> Assignee: Thomas Tauber-Marshall
> Priority: Major
> Fix For: Impala 4.0
>
>
> Currently, when security is turned on for the webui, eg. with --webserver_require_ldap or --webserver_require_spnego, authentication is applied to all webui endpoints.
> However, there are some endpoints that expose low-sensitivity info, eg. /healthz, and which are scraped by other systems that it may be difficult to get credentials to in order to be able to authenticate, eg. a Kubernetes health check or prometheus monitoring. It would be useful to provide a way to allow unauthenticated access to those endpoints.
> One option would be to run another instance of the webserver on another port. This instance could be unsecured and only expose a few low-sensitivity endpoints. This would allow for a configuration where Impala is run in a private network and the main webserver port could be exposed externally, eg. through an nginx gateway, while keeping the port for the second webserver only available to internal systems.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org