[Feature Request] Basic Authentication for Control Socket

[ivanov17]

Hello team,

I have an idea. I think it will be safer to secure the Control API with Basic Authentication when using a TCP socket. This would be useful when using a containerized application, since in this case it is impractical to accept API connections only from the localhost. This will also avoid the need to use an additional proxy just for Basic Authentication for API connections.

What do you think?

[lcrilly]

Nice idea, but I think it is insufficient without also making the transport confidential (with TLS).

Is this for local development using Docker, or production-like environments?
Are you looking to make changes to the running configuration and/or monitor Unit with the /status API endpoint?

[ivanov17]

Hello, Liam. I believe this could be used in production-like environments to sent configuration changes using authentication from configuration-management software such as Ansible that operates on the host. At the same time, the need for authentication can protect against unwanted changes that may be sent from an infected container in the same container network. If I'm wrong please correct me.

I think there should be a choice about which endpoints to protect, since it might be desirable for the /status endpoint to be accessible without authentication, e.g. for monitoring purposes. In other cases, the administrator may also want to use authentication to access statistics.

[ivanov17]

Also, if Unit had a separate /metrics endpoint for metrics in Prometheus format, we could just protect the Prometheus endpoint and API endpoints using different flags for them, since Prometheus also uses Basic Authentication to access protected target endpoints. I think if the API endpoints already have basic authentication implemented, it will be easier to implement Prometheus endpoint protection in the future.