Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

app/vmalert: added basic auth username file support #6286

Closed
wants to merge 1 commit into from
Closed

app/vmalert: added basic auth username file support #6286

wants to merge 1 commit into from

Conversation

AndrewChubatiuk
Copy link
Contributor

@AndrewChubatiuk AndrewChubatiuk commented May 16, 2024
edited

Describe Your Changes

Fixes #6283

Checklist

The following checks are mandatory:

@hagen1778 hagen1778 requested review from Haleygo and removed request for dmitryk-dk May 16, 2024 06:46
@Haleygo
Copy link
Collaborator

Haleygo commented May 16, 2024

hmm, I don't see how this fix for #6283. -httpAuth.password can be hot loaded cause we check it when reloading

VictoriaMetrics/app/vmalert/web.go

Lines 169 to 172 in b2765c4

case "/-/reload":
if !httpserver.CheckAuthFlag(w, r, reloadAuthKey.Get(), "reloadAuthKey") {
return true
}

But for auth config in datasource, remoteRead, we only init clients once when newManager. So user must restart vmalert process to get latest values. In that case, it can already be achieved by using env which read from secret like

env:
  - name: VM_remoteWrite_basicAuth_username
    valueFrom:
      secretKeyRef:
        name: prometheus-secret
        key: username

@Haleygo
Copy link
Collaborator

Haleygo commented May 16, 2024

And I think #6283 is specifically asks for -httpAuth.username, which can be included by existing check

VictoriaMetrics/lib/httpserver/httpserver.go

Lines 441 to 443 in b2765c4

// CheckBasicAuth validates credentials provided in request if httpAuth.* flags are set
// returns true if credentials are valid or httpAuth.* flags are not set
func CheckBasicAuth(w http.ResponseWriter, r *http.Request) bool {

@ptimofee
Copy link

Thanks, but I'm not sure why to introduce new parameter. And why only for vmalert.

vmalert there is just an example. So what I would love to see that all VictoriaMetrics components will be able to read a file via httpAuth.username. Just like it was done for httpAuth.password in the v1.97.0 announcement I quoted in #6283

@AndrewChubatiuk AndrewChubatiuk deleted the vmalert-added-username-file branch May 16, 2024 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hagen1778 hagen1778 Awaiting requested review from hagen1778

@f41gh7 f41gh7 Awaiting requested review from f41gh7

@Haleygo Haleygo Awaiting requested review from Haleygo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Teach -httpAuth.username to read content of a file
3 participants
@AndrewChubatiuk @Haleygo @ptimofee