search

line / promgen

Promgen is a configuration file generator for Prometheus
https://line.github.io/promgen/
MIT License
1.06k stars 150 forks source link

Shard: Add support for Authorization header #518

Closed vincent-olivert-riera closed 3 months ago

vincent-olivert-riera commented 4 months ago

The API end point of some shards are protected with HTTP Basic Auth. This will make the promql-query component to fail receiving a '401 Unauthorized' error response.

To address that, we have added the possibility to specify HTTP Basic Auth credentials on shards.

Apart from that, the query is performed in the back end for security issues. Since the request's "Authorization" header contains the base64-encoded user and password, if we performed the query in the front end that information would be easy to obtain by inspecting the HTTP requests.

vincent-olivert-riera commented 3 months ago

If we need to add Auth for this, instead of limiting this to basic_auth, I'm wondering if it would be better to generalize it, and implement it as an optional Authorization header that can be added. Then, this would support not only Basic Auth, but also if an upstream server was using some kind of Token or other authentication scheme 🤔

Uhm..., yeah, that would be useful. I will change this PR in that direction 👍

vincent-olivert-riera commented 3 months ago

@kfdm , I have reworked the PR from scratch because I think is easier to review.

It is now ready for review. Thanks.

vincent-olivert-riera commented 3 months ago

LGTM

Thanks. Rebased on master with fixup commits squashed.