This commit reworks the support for enabling and disabling endpoints,
replacing the on/off support that it provided with a finer-grained
access model that supports only allowing read-only access to endpoint
operations in addition to disabling an endpoint (access of none) and
fully enabling it (access of unrestricted).
The following properties are deprecated:
- management.endpoints.enabled-by-default
- management.endpoint.<id>.enabled
Their replacements are:
- management.endpoints.access.default
- management.endpoint.<id>.access
Similarly, the enableByDefault attribute on @Endpoint has been
deprecated with a new defaultAccess attribute replacing it.
Additionally, a new property has been introduced that allows an
operator to control the level of access to Actuator endpoints
that is permitted:
- management.endpoints.access.max-permitted
This property caps any access that may has been configured for
an endpoint. For example, if
management.endpoints.access.max-permitted is set to read-only and
management.endpoint.loggers.access is set to unrestricted, only
read-only access to the loggers endpoint will be allowed.
Closes gh-39046
Add `toAdditionalPaths(...)` methods on the servlet and reactive
`EndpointRequest` classes to support matching of additional paths.
A new `AdditionalPathsMapper` interface provides the mappings between
endpoint IDs and any additional paths that they might use. The existing
`AutoConfiguredHealthEndpointGroups` class has been updated to implement
the interface.
Auto-configurations have also been updated so that additional health
endpoint paths (typically `/livez` and `/readyz`) are permitted
when using Spring Security without any custom configuration.
Fixes gh-40962
Deprecate `EndpointExposure.CLOUD_FOUNDRY` and introduce an alternative
implementation based on a pluggable abstraction.
The new `EndpointExposureOutcomeContributor` interface may now be used
to influence `@OnAvailableEndpointCondition` exposure results. Several
infrastructure beans that previously used the condition have been
refactored to always be registered, but tolerate missing endpoints.
A new smoke test application has been added that demonstrates how the
abstraction can be used by a third-party.
Closes gh-41135
Co-authored-by: Phillip Webb <phil.webb@broadcom.com>
As of spring-projects/spring-framework#24560, Spring provides additional
metadata for scheduled tasks:
* next execution time
* last execution outcome (including status, time and raised exception)
This commit leverages this information to enhance the existing
`scheduledtasks` Actuator endpoint.
Closes gh-17585
Spring Framework wraps `Task` and `ScheduledTask` runnables to collect
and share metadata about task execution and scheduling.
The `ScheduledTasksEndpoint` descriptors were relying on the fact that
tasks would never be wrapped. Spring Framework already wrapped runnables
in various cases, for methods returning `Callable` or reactive types.
This commit makes use of the `toString()` method to describe the
runnable. Runnable implementations can override this method for
displaying purposes on the actuator endpoint.
See spring-projects/spring-framework#24560
See gh-41177
Replace `DockerImageNames` with a enum and relocate it from the
`testcontainers` to `container` package. The enum now also
becomes a common location that we can use to apply container
configuration such as timeouts.
Closes gh-41164
Co-authored-by: Phillip Webb <phil.webb@broadcom.com>
