Unless someone fixed it, it is correct that the server isn't checking any
credentials at that point. So credentials are not required to send events
to the endpoint.

That said, I do believe it's necessary to have authentication here to avoid
spoofing. Checking for authentication is easy to implement, I simply did
not get to it.

Thanks Philippe!  I appreciate you helping out long after you've left the team :)

I don't really know much about the server-side parts of event_mon.  Can you add some details to issue 471433?  Like, where the code is, where it runs, which team owns it, and how it's deployed.

From a private thread, the action item is to remove the authentication from requests. We expect to remove the Clearcut pipeline from event_mon in favor of BigQuery soon.

Sorry, I don't have time to take on this in the immediate future. Dave, back to you for finding a better owner.

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/infra/+/a46585a5ae7703c31c2c00793db542d7f6423aa8

commit a46585a5ae7703c31c2c00793db542d7f6423aa8
Author: David Sansome <dsansome@chromium.org>
Date: Wed Apr 12 05:34:22 2017

Remove authentication support from event_mon.

Nothing seems to set these flags AFAICT.

Bug:  708920 
Change-Id: Idf9df856b8bfe7613b570ff0608de7ad2df7d938
Reviewed-on: https://chromium-review.googlesource.com/474666
Commit-Queue: Dave Sansome <dsansome@chromium.org>
Reviewed-by: Michael McGreevy <mcgreevy@chromium.org>
Reviewed-by: Katie Thomas <katthomas@google.com>

[modify] https://crrev.com/a46585a5ae7703c31c2c00793db542d7f6423aa8/packages/infra_libs/infra_libs/event_mon/router.py
[modify] https://crrev.com/a46585a5ae7703c31c2c00793db542d7f6423aa8/packages/infra_libs/infra_libs/event_mon/test/router_test.py
[modify] https://crrev.com/a46585a5ae7703c31c2c00793db542d7f6423aa8/packages/infra_libs/infra_libs/event_mon/config.py
[delete] https://crrev.com/b7cfad77a4b8e0d1cf073571ec0eaa7b0b8335dd/packages/infra_libs/infra_libs/event_mon/test/data/valid_creds.json
[modify] https://crrev.com/a46585a5ae7703c31c2c00793db542d7f6423aa8/packages/infra_libs/infra_libs/event_mon/test/config_test.py
[delete] https://crrev.com/b7cfad77a4b8e0d1cf073571ec0eaa7b0b8335dd/packages/infra_libs/infra_libs/event_mon/test/data/README.md

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/infra/puppet/+/b2ff936cd06c4d01033477dbbb12a0d88f244583

commit b2ff936cd06c4d01033477dbbb12a0d88f244583
Author: David Sansome <dsansome@google.com>
Date: Wed May 03 23:40:40 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/infra/+/466ecf749887b37e4c13ebc8b158eb4e7f92937a

commit 466ecf749887b37e4c13ebc8b158eb4e7f92937a
Author: David Sansome <dsansome@chromium.org>
Date: Fri Jun 09 03:47:37 2017

Remove some deprecated flags from event_mon

Bug:  708920 
Change-Id: I2d68b9a885e16707f683b159a6ff73ccda11dcb5
Reviewed-on: https://chromium-review.googlesource.com/527753
Reviewed-by: Andrii Shyshkalov <tandrii@chromium.org>
Commit-Queue: Dave Sansome <dsansome@chromium.org>

[modify] https://crrev.com/466ecf749887b37e4c13ebc8b158eb4e7f92937a/packages/infra_libs/infra_libs/event_mon/config.py

What is this?  It's blocking me rotating creds now... can I remove it?

Removal CL: https://chrome-internal-review.googlesource.com/424371

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/infra/puppet/+/1c568f266f50e0508047805100372a7c2cad8383

commit 1c568f266f50e0508047805100372a7c2cad8383
Author: Elliott Friedman <friedman@google.com>
Date: Fri Aug 04 18:24:32 2017

I think event-mon is gone now...