dohertj2/lmxopcua
1
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

review(Host): allow-anonymous /metrics + unconditional LDAP validator

Browse Source 
Code review at HEAD 7286d320. Host-001 (High): /metrics was auth-gated on admin
nodes (Prometheus 401) -> AllowAnonymous. Host-002: register LdapOptionsValidator
unconditionally for fail-fast startup validation on admin-only nodes. Host-004: fix
metrics XML doc. Host-003 (docs) left Open.
This commit is contained in:
Joseph Doherty
2026-06-19 10:22:59 -04:00
parent d23e585cdb
commit e4abe186a1
3 changed files with 119 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Server/ZB.MOM.WW.OtOpcUa.Host/Observability/ObservabilityExtensions.cs
+6 -4
View File
@@ -37,14 +37,16 @@ public static class ObservabilityExtensions
}
/// <summary>
/// Mounts the Prometheus scrape endpoint on the existing ASP.NET pipeline. Call after
/// <c>app.UseAuthentication/UseAuthorization</c> if metrics access should require auth;
/// the default leaves it unauthenticated for local Prometheus scrapes.
/// Mounts the Prometheus <c>/metrics</c> scrape endpoint on the existing ASP.NET pipeline.
/// The endpoint is explicitly marked <c>AllowAnonymous</c> so unauthenticated Prometheus
/// scrapers can reach it regardless of the host's auth fallback policy (which on admin-role
/// nodes is <c>RequireAuthenticatedUser</c>). This mirrors the behaviour of
/// <c>MapZbHealth</c>, which also marks its endpoints anonymous.
/// </summary>
/// <param name="app">The endpoint route builder.</param>
public static IEndpointRouteBuilder MapOtOpcUaMetrics(this IEndpointRouteBuilder app)
{
app.MapZbMetrics();
app.MapZbMetrics().AllowAnonymous();
return app;
}
}