From 84db9e6fe36e92be4804bcad3a8734531ec3510a Mon Sep 17 00:00:00 2001
From: Paul Melnikow <github@paulmelnikow.com>
Date: Wed, 20 Feb 2019 13:38:16 -0500
Subject: [PATCH] Remove IP filtering code for prometheus metrics (#3059)

Closes #2657
---
 config/custom-environment-variables.yml |  1 -
 config/default.yml                      |  1 -
 core/server/prometheus-metrics.js       | 24 +++-----------
 core/server/prometheus-metrics.spec.js  | 42 ++-----------------------
 core/server/server.js                   |  3 --
 5 files changed, 6 insertions(+), 65 deletions(-)

diff --git a/config/custom-environment-variables.yml b/config/custom-environment-variables.yml
index dcdf4a2e85..352d72dd4c 100644
--- a/config/custom-environment-variables.yml
+++ b/config/custom-environment-variables.yml
@@ -6,7 +6,6 @@ public:
   metrics:
     prometheus:
       enabled: 'METRICS_PROMETHEUS_ENABLED'
-      allowedIps: 'METRICS_PROMETHEUS_ALLOWED_IPS'
 
   ssl:
     isSecure: 'HTTPS'
diff --git a/config/default.yml b/config/default.yml
index 3774c44487..7adbce874e 100644
--- a/config/default.yml
+++ b/config/default.yml
@@ -5,7 +5,6 @@ public:
   metrics:
     prometheus:
       enabled: false
-      allowedIps: []
 
   ssl:
     isSecure: false
diff --git a/core/server/prometheus-metrics.js b/core/server/prometheus-metrics.js
index 1ea9242712..939dd31944 100644
--- a/core/server/prometheus-metrics.js
+++ b/core/server/prometheus-metrics.js
@@ -2,19 +2,11 @@
 
 const prometheus = require('prom-client')
 
-class PrometheusMetrics {
+module.exports = class PrometheusMetrics {
   constructor(config = {}) {
     this.enabled = config.enabled || false
-    const matchNothing = /(?!)/
-    this.allowedIps = config.allowedIps
-      ? new RegExp(config.allowedIps)
-      : matchNothing
     if (this.enabled) {
-      console.log(
-        `Metrics are enabled. Access to /metrics resource is limited to IP addresses matching: ${
-          this.allowedIps
-        }`
-      )
+      console.log('Metrics are enabled.')
     }
   }
 
@@ -28,16 +20,8 @@ class PrometheusMetrics {
 
   setRoutes(server, register) {
     server.route(/^\/metrics$/, (data, match, end, ask) => {
-      const ip = ask.req.socket.remoteAddress
-      if (this.allowedIps.test(ip)) {
-        ask.res.setHeader('Content-Type', register.contentType)
-        ask.res.end(register.metrics())
-      } else {
-        ask.res.statusCode = 403
-        ask.res.end()
-      }
+      ask.res.setHeader('Content-Type', register.contentType)
+      ask.res.end(register.metrics())
     })
   }
 }
-
-module.exports = PrometheusMetrics
diff --git a/core/server/prometheus-metrics.spec.js b/core/server/prometheus-metrics.spec.js
index e6d9759dcd..e69f2eb0d8 100644
--- a/core/server/prometheus-metrics.spec.js
+++ b/core/server/prometheus-metrics.spec.js
@@ -43,50 +43,12 @@ describe('Prometheus metrics route', function() {
     expect(await res.text()).to.not.contains('nodejs_version_info')
   })
 
-  it('returns metrics for allowed IP', async function() {
-    new Metrics({
-      enabled: true,
-      allowedIps: '^(127\\.0\\.0\\.1|::1|::ffff:127\\.0\\.0\\.1)$',
-    }).initialize(camp)
+  it('returns metrics when enabled', async function() {
+    new Metrics({ enabled: true }).initialize(camp)
 
     const res = await fetch(`${baseUrl}/metrics`)
 
     expect(res.status).to.be.equal(200)
     expect(await res.text()).to.contains('nodejs_version_info')
   })
-
-  it('returns metrics for request from allowed remote address', async function() {
-    new Metrics({
-      enabled: true,
-      allowedIps: '^(127\\.0\\.0\\.1|::1|::ffff:127\\.0\\.0\\.1)$',
-    }).initialize(camp)
-
-    const res = await fetch(`${baseUrl}/metrics`)
-
-    expect(res.status).to.be.equal(200)
-    expect(await res.text()).to.contains('nodejs_version_info')
-  })
-
-  it('returns 403 for not allowed IP', async function() {
-    new Metrics({
-      enabled: true,
-      allowedIps: '^127\\.0\\.0\\.200$',
-    }).initialize(camp)
-
-    const res = await fetch(`${baseUrl}/metrics`)
-
-    expect(res.status).to.be.equal(403)
-    expect(await res.text()).to.not.contains('nodejs_version_info')
-  })
-
-  it('returns 403 for every request when list with allowed IPs not defined', async function() {
-    new Metrics({
-      enabled: true,
-    }).initialize(camp)
-
-    const res = await fetch(`${baseUrl}/metrics`)
-
-    expect(res.status).to.be.equal(403)
-    expect(await res.text()).to.not.contains('nodejs_version_info')
-  })
 })
diff --git a/core/server/server.js b/core/server/server.js
index 903b5e71c1..898be6cf0f 100644
--- a/core/server/server.js
+++ b/core/server/server.js
@@ -46,9 +46,6 @@ const publicConfigSchema = Joi.object({
   metrics: {
     prometheus: {
       enabled: Joi.boolean().required(),
-      allowedIps: Joi.array()
-        .items(Joi.string().ip())
-        .required(),
     },
   },
   ssl: {
-- 
GitLab