-
Notifications
You must be signed in to change notification settings - Fork 512
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
continuoustest: Set both tenant-id and authentication #7619
continuoustest: Set both tenant-id and authentication #7619
Conversation
A few notes I'm not so sure about:
If there's anything specific that I need to run I'll gladly do so. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain why you'd want to use both tenant ID and auth at the same time? This doesn't make sense to me.
In Mimir, you'd only set the tenant ID via header.
With Grafana Enterprise Metrics you'd set basic auth and the authentication layer would resolve that to a tenant ID.
Adding the ability to set both of them seems like it will introduce confusion.
The official Helm chart supports configuring a gateway that respects this behavior (basic-auth + custom tenant-id), it would be quite frustrating if other tools in the ecosystem such as continuous test won't support this. And even if you don't use the helm chart specified here, It's not a stretch to assume some sort of authentication is required to reach the cluster.
In some environments this can't be the only security measure and basic auth or any other authentication solution could be used (without coupling them to tenants as done in GEM).
I can see why you'd say that, but I think re-creating the same behavior on non GEM instances will be a more complicated solution prone to breaking changes on some environments. I understand your point of this not being a common use-case but I've encountered it, as well as the issue's creator, so I guess this is a thing people do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for blocking this, your explanation makes sense. Can you add an entry to the changelog that mentions that tenant ID and basic/bearer auth is now allowed to be combined?
…inuoustest-allow-basic-auth-and-tenant-id
Done |
Continuous test client appears to still only set basic-auth OR tenant ID if both are defined - per if rt.bearerToken != "" {
req.Header.Set("Authorization", "Bearer "+rt.bearerToken)
} else if rt.basicAuthUser != "" && rt.basicAuthPassword != "" {
req.SetBasicAuth(rt.basicAuthUser, rt.basicAuthPassword)
} else {
req.Header.Set("X-Scope-OrgID", rt.tenantID)
} When passing both username/password AND tenantId to the latest pre-release binary, I am receiving |
@kressnick25 Could you create an issue about this? I'll try to find time to work on it in the following days but I'm not sure I could |
What this PR does
Allows setting tenant-id when writing data using basic-auth/bearer-token in order to test metrics for specific tenants
Which issue(s) this PR fixes or relates to
Fixes #6091
Checklist
CHANGELOG.md
updated - the order of entries should be[CHANGE]
,[FEATURE]
,[ENHANCEMENT]
,[BUGFIX]
.about-versioning.md
updated with experimental features.