Closed vincent-olivert-riera closed 3 months ago
If we need to add Auth for this, instead of limiting this to basic_auth, I'm wondering if it would be better to generalize it, and implement it as an optional
Authorization
header that can be added. Then, this would support not only Basic Auth, but also if an upstream server was using some kind of Token or other authentication scheme 🤔
Uhm..., yeah, that would be useful. I will change this PR in that direction 👍
@kfdm , I have reworked the PR from scratch because I think is easier to review.
It is now ready for review. Thanks.
LGTM
Thanks. Rebased on master
with fixup commits squashed.
The API end point of some shards are protected with HTTP Basic Auth. This will make the promql-query component to fail receiving a '401 Unauthorized' error response.
To address that, we have added the possibility to specify HTTP Basic Auth credentials on shards.
Apart from that, the query is performed in the back end for security issues. Since the request's "Authorization" header contains the base64-encoded user and password, if we performed the query in the front end that information would be easy to obtain by inspecting the HTTP requests.