Actuator endpoints should only declare simple type in the signature
of an operation. In particular, nested types are not supported. While
this is enforced in Spring MVC and Spring Webflux, the Jersey
implementation leniently allowed to bind such types prior to this
commit.
This commit adapts the expectation in the Jersey implementation so that
it rejects such request as well.
Closes gh-43209
This commit reworks the support for enabling and disabling endpoints,
replacing the on/off support that it provided with a finer-grained
access model that supports only allowing read-only access to endpoint
operations in addition to disabling an endpoint (access of none) and
fully enabling it (access of unrestricted).
The following properties are deprecated:
- management.endpoints.enabled-by-default
- management.endpoint.<id>.enabled
Their replacements are:
- management.endpoints.access.default
- management.endpoint.<id>.access
Similarly, the enableByDefault attribute on @Endpoint has been
deprecated with a new defaultAccess attribute replacing it.
Additionally, a new property has been introduced that allows an
operator to control the level of access to Actuator endpoints
that is permitted:
- management.endpoints.access.max-permitted
This property caps any access that may has been configured for
an endpoint. For example, if
management.endpoints.access.max-permitted is set to read-only and
management.endpoint.loggers.access is set to unrestricted, only
read-only access to the loggers endpoint will be allowed.
Closes gh-39046
Add `toAdditionalPaths(...)` methods on the servlet and reactive
`EndpointRequest` classes to support matching of additional paths.
A new `AdditionalPathsMapper` interface provides the mappings between
endpoint IDs and any additional paths that they might use. The existing
`AutoConfiguredHealthEndpointGroups` class has been updated to implement
the interface.
Auto-configurations have also been updated so that additional health
endpoint paths (typically `/livez` and `/readyz`) are permitted
when using Spring Security without any custom configuration.
Fixes gh-40962
Deprecate `EndpointExposure.CLOUD_FOUNDRY` and introduce an alternative
implementation based on a pluggable abstraction.
The new `EndpointExposureOutcomeContributor` interface may now be used
to influence `@OnAvailableEndpointCondition` exposure results. Several
infrastructure beans that previously used the condition have been
refactored to always be registered, but tolerate missing endpoints.
A new smoke test application has been added that demonstrates how the
abstraction can be used by a third-party.
Closes gh-41135
Co-authored-by: Phillip Webb <phil.webb@broadcom.com>
As of spring-projects/spring-framework#24560, Spring provides additional
metadata for scheduled tasks:
* next execution time
* last execution outcome (including status, time and raised exception)
This commit leverages this information to enhance the existing
`scheduledtasks` Actuator endpoint.
Closes gh-17585
