Open ABHINAV-SUREKA opened 5 days ago
This issue is probably better moved to https://github.com/grafana/tempo/issues fyi @grafana/tempo
That config is a prometheus remote write config:
We do some manipulation of it here, but I don't think anything that would impact your auth config:
The function just adds headers and makes other adjustments based on per tenant configurations:
Then we feed it into prom remote storage here:
Do we know if prom supports this? It's definitely possible we are doing something that is breaking this type of auth, but it seems like we're using prom remote write code in a fairly straight forward way.
What happened?
In grafana tempo helm-chart, at
metricsGenerator.config.storage.remote_write
(helm-chart link), if I provide the following:I get the error log:
It seems that grafana/tempo metricsGenerator calculates signature based on the Access Key etc. But it fails when only the
role_arn
has been provided._Note: This doesn't seem to be the access issue else the error would have been something like - the role doesn't have permissions to assume the provided rolearn.
What did you expect to happen?
The metrics generator should have written metrics to the provided AMP backend endpoint without any errors.
Did this work before?
No. Testing this out for the first time.
How do we reproduce it?
metricsGenerator.config.storage.remote_write
with the above providedsigv4
configuration.Is the bug inside a dashboard panel?
No response
Environment (with versions)?
Grafana Tempo: IMAGE_NAME = grafana/tempo IMAGE_VERSION = 2.3.1
Grafana platform?
Kubernetes
Datasource(s)?
No response