Make it possible to add password protection to expose-metrics-as-json

[dtanzer]

The documentation for the ring extras says "WARNING: this URL will not be protected by a username or password in any way (yet), so if you have sensitive metrics you might want to think twice about using it (or protect it yourself)."

IMHO, the easiest way for adding password protection myself would be to add a route to composure that reads like

(GET "/metrics" [] (with-admin-privileges metrics-json))

instead of expose-metrics-as-json (where with-admin-privileges would ensure protection). But for this, "metrics-json" from the ring extras would have to be public. Can you make this method public so I can define the routes myself? Or did I misunderstand / miss something here?

[michaelklishin]

This has gotten easier in 2.1.0: metrics.ring.expose/serve-metrics can be wrapped and used as a route function easily now. I'll leave this issue open because we may end up adding built-in support
for basic HTTP authentication. If not, this stuff needs to be documented.