[Weaver] Suggestion: Disable Auth Key

[kohlerdominik]

I think it would be great if the auth_key could be disabled. We are using Athena in a k8s-Cluster, so its not available from outside. With that in mind, it just makes the auth an extra failure cause.

I think this could be as easy as adding the environment-variable WEAVER_DISABLE_AUTH and just checking it in the middleware. Sadly, i don't have any skills in go, so i can't make my own PR. However, i hope someone else can put me out of this misery.

[POD666]

You can try to do it without deep skills in Go:

1. Define WEAVER_DISABLE_AUTH here in the same way as other variables.
2. Add condition on this line using config defined in previous step.

[MrSaints]

The original rationale for having an authentication key was to prevent accidental public / unprotected exposure of the service. But in hindsight, this was probably not the most brilliant solution as we set a default key which many will probably leave unchanged. I'd be up for removing it entirely in a newer / major version with a disclaimer that no authentication is shipped. With the increasing popularity of service mesh, and API gateways, I think a "saner" way to operate this microservice is probably by moving authentication to the edge. Either:

1. Exposed publicly, but accessed via an Ingress with authentication
2. Exposed privately, and accessed through a service mesh