Project

General

Profile

Bug #44753

mgr/dashboard: Secure the Alertmanger receiver endpoint

Added by Stephan Müller 7 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
dashboard/backend
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature:

Description

Currently it is possible send push notification unauthenticated to the dashboard and the push notifications are not verified if they actually are coming from an Alertmanager instance.

To see whats configurable see https://prometheus.io/docs/alerting/configuration/#http_config

Removing the endpoint is not a solution to be considered as ceph orchestrator is configuring every Alertmanager instance to talk to the receiver of the dashboard.

The receiver is at the moment the only part that can handle multiple Altermanger instances.

Also available in: Atom PDF