search

grafana / k6-cloud-feature-requests

The place to propose, dicuss and vote for k6 Cloud features and ideas.
9 stars 1 forks source link

Add Google Oath support for Prometheus authentication #27

Closed AbdulAmrinSubair closed 9 months ago

AbdulAmrinSubair commented 3 years ago

We want to scrape K6 metrics to prometheus.

Context:- We have prometheus deployed on premise and we have also google oauth in front of it for security purpose. So what we wanted to know was if there is possibility to add like header based auth to connect to prometheus as well along with token and HTTP basic auth

robingustafsson commented 3 years ago

Hi @AbdulAmrinSubair, thanks for creating the feature request!

Am I understanding the question correctly that you'd like to see header-based auth added to the Prometheus remote-write APM integration [1] for k6 Cloud?

@mostafa What do you think? Something to consider for next product cycle (in 6 weeks) perhaps.

[1] - https://k6.io/docs/cloud/integrations/cloud-apm/prometheus-remote-write/

mostafa commented 3 years ago

Hi @AbdulAmrinSubair,

Can you elaborate on your feature request? As far as I understood and worked with various authentication/authorization mechanisms/protocols, there is at least one way to do so and it's via implicit auth flow, unless you're suggesting other grant types. Since your requested feature is an extension on top of Prometheus and a completely separate auth flow, I need more input here to analyze the requirements.

shashankkoppar commented 3 years ago

Hey @mostafa, sure let me explain a bit! What we want is simple header based auth since we have oauth in front of our prometheus. For example, this is way we authenticate to prometheus via headers 

curl -H "cookie: _oauth2_proxy=ZW1haWw6c2hhc2hhbmtAeGl0ZS5jb20gdXNlcjo=|1614270939|P_1vtkRy8e7AJeVxCPR6i46Ow2A=" https://prometheus.example.com

this cookie we will manage it like expiring and stuff, if u can just allow passing headers to authenticate. That would be perfect for us.

mostafa commented 3 years ago

I think it's possible, as I specifically designed it to accept headers from users, but I disabled the feature to prevent abuse.

@robingustafsson If time allows, I'll re-enable this (actually needs some coding) if you are okay, otherwise it'll be left for the next cycle in 2 months.

markjmeier commented 9 months ago

APM is now deprecated due to our migration to Grafana Cloud