NihalJain commented on code in PR #5606: URL: https://github.com/apache/hbase/pull/5606#discussion_r1443864302
########## src/main/asciidoc/_chapters/hbase-default.adoc: ########## @@ -1949,6 +1949,34 @@ If the DFSClient configuration `simple` +[[hbase.security.authentication.ui.metrics.protected]] +*`hbase.security.authentication.ui.metrics.protected`*:: ++ +.Description + + Controls whether or not metrics endpoints are allowed only for admin. + If true, only users listed on "hbase.security.authentication.spnego.admin.users" + or users in group listed on "hbase.security.authentication.spnego.admin.groups" + are allowed to access metrics endpoints. (e.g. /jmx, /metrics, /prometheus) + ++ +.Default +`false` + + +[[hbase.security.authentication.spnego.kerberos.endpoint.whitelist]] +*`hbase.security.authentication.spnego.kerberos.endpoint.whitelist`*:: ++ +.Description + + Controls whether or not secure authentication is enabled for metrics endpoints. + It is valid only when "hbase.security.authentication.ui.metrics.protected" is false. + ++ +.Default +`/jmx,/metrics,/prometheus` Review Comment: Got it, we are passing this via params, sorry for the confusion. But I still think it's better to put the value in param explicitly so that at least we ref the whitelisting property and its value. Currently it's happening under the hood and is cryptic and difficult to make out. Let me know WDYT? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org