Skip to content

Introduce @ConditonalOnExposedEndpoint to avoid auto-configuring endpoints that cannot be accessed #16093

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bclozel opened this issue Mar 4, 2019 · 4 comments
Closed

Introduce @ConditonalOnExposedEndpoint to avoid auto-configuring endpoints that cannot be accessed #16093

bclozel opened this issue Mar 4, 2019 · 4 comments
Assignees
@bclozel
Labels
type: enhancement A general enhancement
Milestone
2.2.0.M1

Comments

@bclozel
Copy link
Member

bclozel commented Mar 4, 2019

Since #16090, the spring.jmx.enabled property has been set to false by default.

With that change, we should re-evaluate default enablement of Actuator endpoints since:

  • by default only "info" and "health" are exposed over HTTP
  • it doesn't make sense to consume resources to create those endpoints if they're not exposed in any way (JMX nor HTTP)

We could in this case avoid creating endpoints when possible; we should refine OnEnabledEndpointCondition and decide to enable a given endpoint with the following conditions (for example, with the "env" endpoint):

  1. Enable/disable the endpoint if explicitly configured with "management.endpoint.env.enabled"
  2. Enable/disable all endpoints if explicitly configured with "management.endpoints.enabled-by-default"
  3. Enable the endpoint if it is enabled by default with @Endpoint(id = "env", enableByDefault = true) and it is exposed as an HTTP endpoint (see "management.endpoints.web.exposure.include") or JMX is enabled and this endpoint is exposed over JMX (see "spring.jmx.enabled" and "management.endpoints.jmx.exposure.include")
  4. Otherwise, disable this endpoint

With this improvement, we don't need to change the defaults on @Endpoint annotations, as we still want to retain the difference between enablement and exposure; fr example, the "shutdown" endpoint is not enabled by default.
@bclozel bclozel added the type: enhancement A general enhancement label Mar 4, 2019
@bclozel bclozel added this to the 2.2.x milestone Mar 4, 2019
@bclozel bclozel self-assigned this Mar 4, 2019
@wilkinsona
Copy link
Member

I’m not sure about point 3. Exposure and enablement are two distinct concepts at the moment and I think that’s a good thing. Exposure builds on top of enablement – an endpoint has to be enabled for it to be possible for it to be exposed. If the enabled condition take exposure into account we’ll lose the distinction and it feels the wrong way round for enablement to be aware of exposure.

I wonder if we need a new condition for exposure? This could either consider both exposure and enablement or it could just consider exposure and we’d use it and the enabled condition in most (all?) cases.

@bclozel
Copy link
Member Author

bclozel commented Mar 5, 2019

Good points @wilkinsona , I'll rework that with a OnExposedEndpointCondition. Mixing both concerns in a single condition would make things hard to test and reason about.

bclozel added a commit to bclozel/spring-boot that referenced this issue Mar 6, 2019
@bclozel
Add @ConditionalOnExposedEndpoint condition
615b339 
Prior to this commit, Actuator `Endpoint` instantiations would be
guarded by `@ConditionalOnEnabledEnpoint` condition annotations. This
feature saves resources as disabled endpoints aren't unnecessarily
instantiated.

By default, only `"health"` and "`info`" endpoints are exposed over the
web and all endpoints are exposed over JMX.

As of spring-projectsgh-16090, JMX is now disabled by default. This is an opportunity
to avoid instantiating endpoints if they won't be exposed at all, which
is more likely due to the exposure defaults.

This commit adds a new `@ConditionalOnExposedEndpoint` conditional
annotation that checks the `Environment` for configuration properties
under `"management.endpoints.web.exposure.*"` and
`"management.endpoints.jmx.exposure.*"`. In the case of JMX, an
additional check is perfomed, checking that JMX is enabled first.
The rules implemented in the condition itself are following the ones
described in `ExposeExcludePropertyEndpointFilter`.

See spring-projectsgh-16093
bclozel added a commit to bclozel/spring-boot that referenced this issue Mar 6, 2019
@bclozel
Add @ConditionalOnExposedEndpoint condition
be684a0 
Prior to this commit, Actuator `Endpoint` instantiations would be
guarded by `@ConditionalOnEnabledEnpoint` condition annotations. This
feature saves resources as disabled endpoints aren't unnecessarily
instantiated.

By default, only `"health"` and `"info"` endpoints are exposed over the
web and all endpoints are exposed over JMX.

As of spring-projectsgh-16090, JMX is now disabled by default. This is an opportunity
to avoid instantiating endpoints if they won't be exposed at all, which
is more likely due to the exposure defaults.

This commit adds a new `@ConditionalOnExposedEndpoint` conditional
annotation that checks the `Environment` for configuration properties
under `"management.endpoints.web.exposure.*"` and
`"management.endpoints.jmx.exposure.*"`. In the case of JMX, an
additional check is perfomed, checking that JMX is enabled first.
The rules implemented in the condition itself are following the ones
described in `ExposeExcludePropertyEndpointFilter`.

See spring-projectsgh-16093
@bclozel bclozel modified the milestones: 2.2.x, 2.2.0.M1 Mar 7, 2019
bclozel added a commit that referenced this issue Mar 7, 2019
@bclozel
Add @ConditionalOnExposedEndpoint condition
4ffbe6c 
Prior to this commit, Actuator `Endpoint` instantiations would be
guarded by `@ConditionalOnEnabledEnpoint` condition annotations. This
feature saves resources as disabled endpoints aren't unnecessarily
instantiated.

By default, only `"health"` and `"info"` endpoints are exposed over the
web and all endpoints are exposed over JMX.

As of gh-16090, JMX is now disabled by default. This is an opportunity
to avoid instantiating endpoints if they won't be exposed at all, which
is more likely due to the exposure defaults.

This commit adds a new `@ConditionalOnExposedEndpoint` conditional
annotation that checks the `Environment` for configuration properties
under `"management.endpoints.web.exposure.*"` and
`"management.endpoints.jmx.exposure.*"`. In the case of JMX, an
additional check is perfomed, checking that JMX is enabled first.
The rules implemented in the condition itself are following the ones
described in `ExposeExcludePropertyEndpointFilter`.

See gh-16093
@bclozel bclozel closed this as completed in 6586bae Mar 7, 2019
@bclozel
Copy link
Member Author

bclozel commented Mar 8, 2019

The current implementation is completely separating enablement and exposure.
For now, @ConditionalOnEnabledEndpoint and @ConditionalOnExposedEndpoint are used together. It might make sense to revisit that in the next milestone and make @ConditionalOnExposedEndpoint call the other. Right now I'm wondering if it's still best to keep those separated as they are different concepts and there might be cases where we want to let developers reuse/extend existing infrastructure independently of what's happening with the endpoints.

@snicoll
Copy link
Member

snicoll commented Mar 8, 2019

@bclozel should we move that comment to a new issue targeted to M2?

@bclozel bclozel mentioned this issue Mar 8, 2019
Closed
@wilkinsona wilkinsona changed the title Refine Actuator Endpoint conditions now that JMX is disabled by default Introduce @ConditonalOnExposedEndpoint to avoid auto-configuring endpoints that cannot be accessed Mar 8, 2019
@snicoll snicoll mentioned this issue Mar 25, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bclozel bclozel

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
2.2.0.M1
Development

No branches or pull requests
3 participants
@bclozel @snicoll @wilkinsona