Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12684

Calls to the Prometheus monitoring endpoint are not audited

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.0.0
    • Fix Version/s: None
    • Component/s: audit logging, monitoring
    • Labels:
    • Support Ticket IDs:

      Description

      Bug description

      HTTP calls to the Prometheus endpoint for reading metrics are not recorded in the access audit logs.

      How to reproduce the issue

      1. Login to AM as amadmin
      2. Navigate to Configure > Global Services > Monitoring
      3. Ensure "Monitoring Status" is enabled
      4. Navigate to "Secondary Configurations" and select "prometheus"
      5. Ensure the status is enabled
      6. Read metrics from the Prometheus endpoint using the following script:
      #!/bin/bash
      
      set -x
      set -e
      
      openam_url="http://openam1.example.com:18080/openam"
      
      # read metrics
      curl --request GET \
          "$openam_url/json/metrics/prometheus" \
          --user prometheus:prometheus
      
      Expected behaviour
      Audit event is recorded in ~/openam/openam/log/access.audit.json
      
      Current behaviour
      No audit event is recorded in ~/openam/openam/log/access.audit.json
      

      Work around

      N/A

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              craig.mcdonnell Craig McDonnell
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: