-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Datasource auth Settings do not work as expected #54
Comments
@dmitryk-dk could you please take a look? |
Hi @hagen1778 , @stieglma ! I checked the code of both data sources, and they are similar. Need to make some investigation why the auth header doesn't set |
Hi @stieglma ! I have tested the plugin with basic auth and it works well
users:
- username: foo
password: bar
url_prefix: "http://victorialogs:9428/"
services:
# fluentbit is logs collector. It collects logs according to fluent-bit.conf
# and forwards them to VictoriaLogs
fluentbit:
container_name: fluentbit
image: cr.fluentbit.io/fluent/fluent-bit:2.1.4
volumes:
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
depends_on: [victorialogs]
ports:
- "5140:5140"
networks:
- vm_net
# VictoriaLogs instance, a single process responsible for
# storing logs and serving read queries.
victorialogs:
container_name: victorialogs
image: docker.io/victoriametrics/victoria-logs:v0.28.0-victorialogs
command:
- "--storageDataPath=/vlogs"
- "--httpListenAddr=:9428"
volumes:
- vldata:/vlogs
ports:
- "9428:9428"
networks:
- vm_net
# vmauth is a router and balancer for HTTP requests.
# It is configured via --auth.config and balances
# read requests from Grafana, vmui, vmalert among vmselects.
# It can be used as an authentication proxy.
vmauth:
container_name: vmauth
image: victoriametrics/vmauth:v1.102.0
depends_on:
- "victorialogs"
volumes:
- ./auth-cluster.yml:/etc/auth.yml
command:
- '--auth.config=/etc/auth.yml'
ports:
- 8427:8427
restart: always
networks:
- vm_net
volumes:
vmdata: {}
vldata: {}
grafanadata: {}
vmauth: {}
networks:
vm_net:
apiVersion: 1
datasources:
# <string, required> Name of the VictoriaLogs datasource
# displayed in Grafana panels and queries.
- name: VictoriaLogs
# <string, required> Sets the data source type.
type: victorialogs-datasource
# <string, required> Sets the access mode, either
# proxy or direct (Server or Browser in the UI).
access: proxy
# <string> Sets URL for sending queries to VictoriaLogs server.
# see https://docs.victoriametrics.com/victorialogs/querying/
url: http://localhost:8427
# <string> Sets the pre-selected datasource for new panels.
# You can set only one default data source per organization.
isDefault: true
jsonData:
httpMethod: GET
oauthPassThru: true
basicAuth: true
basicAuthUser: foo
withCredentials: true
secureJsonData:
basicAuthPassword: bar
And as you can see, it works correctly. Maybe I missed something? |
Hi @stieglma ! I found the problem and will prepared the PR to fix this issue. |
it works now, thank you, for the quick help! |
We are using a custom proxy between Grafana and our datsources (victoria metrics prometheus + logs) to inject some filters into the queries. This allows us to achieve read multi-tenancy which we are totally fine with.
Now: it seems like this does work for the vm prometheus datasource, but it does not for the vm logging datasource.
I am talking about this setting:
in the helm-chart you would find it here
I am not sure where the error is exactly, but all request reaching the proxy do not contain the Authorization Header, which should be forwarded with this setting (at least it is for the prometheus datasource).
The
Custom HTTP Headers
however seem to work, but as this is only static and not tied to the user, it doesn't help.I already tried to check your code, but TBH I'm far from a go expert, and neither the grafana docs nor your code were super clear to me. Here is the documentation on how it should be done: https://grafana.com/developers/plugin-tools/how-to-guides/data-source-plugins/add-authentication-for-data-source-plugins#forward-oauth-identity-for-the-logged-in-user maybe this helps you for an easy start
The text was updated successfully, but these errors were encountered: