add the ability to specify the basic auth user (#187)

* add the ability to specify the basic auth user * also add user to alertmanager command * Update README.md Co-authored-by: gotjosh <josue.abreu@gmail.com> * Update pkg/alerting/runner.go Co-authored-by: gotjosh <josue.abreu@gmail.com> * Update pkg/commands/alerts.go Co-authored-by: gotjosh <josue.abreu@gmail.com> * Update pkg/commands/alerts.go Co-authored-by: gotjosh <josue.abreu@gmail.com> * Update pkg/commands/alerts.go Co-authored-by: gotjosh <josue.abreu@gmail.com> * Update pkg/commands/rules.go Co-authored-by: gotjosh <josue.abreu@gmail.com> * Update pkg/commands/rules.go Co-authored-by: gotjosh <josue.abreu@gmail.com> * Update pkg/commands/alerts.go Co-authored-by: gotjosh <josue.abreu@gmail.com> * add changelog entry Co-authored-by: gotjosh <josue.abreu@gmail.com>
grafana · May 28, 2021 · f2fb4f8 · f2fb4f8
1 parent 6acf363
commit f2fb4f8
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,8 @@ Order should be `CHANGE`, `FEATURE`, `ENHANCEMENT`, and `BUGFIX`
 
 ## unreleased/master
 
+* [ENHANCEMENT] Added the ability to set an explicit user when Cortex is behind basic auth. #187
+
 ## v0.10.1
 
 * [ENHANCEMENT] `cortextool analyse prometheus` now records cardinality by metric and job labels. #178

diff --git a/README.md b/README.md
@@ -39,7 +39,8 @@ Config commands interact with the Cortex api and read/create/update/delete user
 | Env Variables     | Flag      | Description                                                                                                   |
 | ----------------- | --------- | ------------------------------------------------------------------------------------------------------------- |
 | CORTEX_ADDRESS    | `address` | Address of the API of the desired Cortex cluster.                                                              |
-| CORTEX_API_KEY    | `key`     | In cases where the Cortex API is set behind a basic auth gateway, an key can be set as a basic auth password. |
+| CORTEX_API_USER   | `user`    | In cases where the Cortex API is set behind a basic auth gateway, a user can be set as a basic auth user. If empty and CORTEX_API_KEY is set, CORTEX_TENANT_ID will be used instead. |
+| CORTEX_API_KEY    | `key`     | In cases where the Cortex API is set behind a basic auth gateway, a key can be set as a basic auth password. |
 | CORTEX_TENANT_ID | `id`      | The tenant ID of the Cortex instance to interact with.                                                        |
 
 #### Alertmanager

diff --git a/pkg/alerting/runner.go b/pkg/alerting/runner.go
@@ -46,6 +46,7 @@ type RunnerConfig struct {
 	AlertmanagerID  string
 	RulerURL        string
 	RulerID         string
+	User            string
 	Key             string
 
 	RulesConfigFile        string
@@ -62,6 +63,7 @@ func (cfg *RunnerConfig) RegisterFlags(f *flag.FlagSet) {
 	f.StringVar(&cfg.RulerURL, "configs.ruler-url", "", "The URL under the Ruler is reachable")
 	f.StringVar(&cfg.RulerID, "configs.ruler-id", "", "The user ID of the Ruler tenant")
 
+	f.StringVar(&cfg.User, "configs.user", "", "The API user to use for syncing configuration. The same user is used for both the alertmanager and ruler. If empty, configs.ruler-id is used instead.")
 	f.StringVar(&cfg.Key, "configs.key", "", "The API key to use for syncing configuration. The same key is used for both the alertmanager and ruler.")
 	f.DurationVar(&cfg.ConfigSyncInterval, "configs.sync-interval", 30*time.Minute, "How often should we sync the configuration with the ruler and alertmanager")
 }
@@ -88,6 +90,7 @@ func NewRunner(cfg RunnerConfig, logger log.Logger) (*Runner, error) {
 	amClient, err := client.New(client.Config{
 		Address: cfg.AlertmanagerURL,
 		ID:      cfg.AlertmanagerID,
+		User:    cfg.User,
 		Key:     cfg.Key,
 	})
 	if err != nil {
@@ -98,6 +101,7 @@ func NewRunner(cfg RunnerConfig, logger log.Logger) (*Runner, error) {
 	rulerClient, err := client.New(client.Config{
 		Address: cfg.RulerURL,
 		ID:      cfg.RulerID,
+		User:    cfg.User,
 		Key:     cfg.Key,
 	})
 	if err != nil {

diff --git a/pkg/client/client.go b/pkg/client/client.go
@@ -28,6 +28,7 @@ var (
 
 // Config is used to configure a Ruler Client
 type Config struct {
+	User            string `yaml:"user"`
 	Key             string `yaml:"key"`
 	Address         string `yaml:"address"`
 	ID              string `yaml:"id"`
@@ -37,6 +38,7 @@ type Config struct {
 
 // CortexClient is used to get and load rules into a cortex ruler
 type CortexClient struct {
+	user     string
 	key      string
 	id       string
 	endpoint *url.URL
@@ -80,6 +82,7 @@ func New(cfg Config) (*CortexClient, error) {
 	}
 
 	return &CortexClient{
+		user:     cfg.User,
 		key:      cfg.Key,
 		id:       cfg.ID,
 		endpoint: endpoint,
@@ -108,7 +111,9 @@ func (r *CortexClient) doRequest(path, method string, payload []byte) (*http.Res
 		return nil, err
 	}
 
-	if r.key != "" {
+	if r.user != "" {
+		req.SetBasicAuth(r.user, r.key)
+	} else if r.key != "" {
 		req.SetBasicAuth(r.id, r.key)
 	}
 

diff --git a/pkg/commands/alerts.go b/pkg/commands/alerts.go
@@ -64,7 +64,8 @@ func (a *AlertmanagerCommand) Register(app *kingpin.Application) {
 	alertCmd := app.Command("alertmanager", "View & edit alertmanager configs stored in cortex.").PreAction(a.setup)
 	alertCmd.Flag("address", "Address of the cortex cluster, alternatively set CORTEX_ADDRESS.").Envar("CORTEX_ADDRESS").Required().StringVar(&a.ClientConfig.Address)
 	alertCmd.Flag("id", "Cortex tenant id, alternatively set CORTEX_TENANT_ID.").Envar("CORTEX_TENANT_ID").Required().StringVar(&a.ClientConfig.ID)
-	alertCmd.Flag("key", "Api key to use when contacting cortex, alternatively set CORTEX_API_KEY.").Default("").Envar("CORTEX_API_KEY").StringVar(&a.ClientConfig.Key)
+	alertCmd.Flag("user", "API user to use when contacting cortex, alternatively set CORTEX_API_USER. If empty, CORTEX_TENANT_ID will be used instead.").Default("").Envar("CORTEX_API_USER").StringVar(&a.ClientConfig.User)
+	alertCmd.Flag("key", "API key to use when contacting cortex, alternatively set CORTEX_API_KEY.").Default("").Envar("CORTEX_API_KEY").StringVar(&a.ClientConfig.Key)
 	alertCmd.Flag("tls-ca-path", "TLS CA certificate to verify cortex API as part of mTLS, alternatively set CORTEX_TLS_CA_PATH.").Default("").Envar("CORTEX_TLS_CA_PATH").StringVar(&a.ClientConfig.TLS.CAPath)
 	alertCmd.Flag("tls-cert-path", "TLS client certificate to authenticate with cortex API as part of mTLS, alternatively set CORTEX_TLS_CERT_PATH.").Default("").Envar("CORTEX_TLS_CERT_PATH").StringVar(&a.ClientConfig.TLS.CertPath)
 	alertCmd.Flag("tls-key-path", "TLS client certificate private key to authenticate with cortex API as part of mTLS, alternatively set CORTEX_TLS_KEY_PATH.").Default("").Envar("CORTEX_TLS_KEY_PATH").StringVar(&a.ClientConfig.TLS.KeyPath)
@@ -141,7 +142,8 @@ func (a *AlertCommand) Register(app *kingpin.Application) {
 	alertCmd := app.Command("alerts", "View active alerts in alertmanager.").PreAction(a.setup)
 	alertCmd.Flag("address", "Address of the cortex cluster, alternatively set CORTEX_ADDRESS.").Envar("CORTEX_ADDRESS").Required().StringVar(&a.ClientConfig.Address)
 	alertCmd.Flag("id", "Cortex tenant id, alternatively set CORTEX_TENANT_ID.").Envar("CORTEX_TENANT_ID").Required().StringVar(&a.ClientConfig.ID)
-	alertCmd.Flag("key", "Api key to use when contacting cortex, alternatively set CORTEX_API_KEY.").Default("").Envar("CORTEX_API_KEY").StringVar(&a.ClientConfig.Key)
+	alertCmd.Flag("user", "API user to use when contacting cortex, alternatively set CORTEX_API_USER. If empty, CORTEX_TENANT_ID will be used instead.").Default("").Envar("CORTEX_API_USER").StringVar(&a.ClientConfig.User)
+	alertCmd.Flag("key", "API key to use when contacting cortex, alternatively set CORTEX_API_KEY.").Default("").Envar("CORTEX_API_KEY").StringVar(&a.ClientConfig.Key)
 
 	verifyAlertsCmd := alertCmd.Command("verify", "Verifies alerts in an alertmanager cluster are deduplicated; useful for verifying correct configuration when transferring from Prometheus to Cortex alert evaluation.").Action(a.verifyConfig)
 	verifyAlertsCmd.Flag("ignore-alerts", "A comma separated list of Alert names to ignore in deduplication checks.").StringVar(&a.IgnoreString)

diff --git a/pkg/commands/rules.go b/pkg/commands/rules.go
@@ -87,7 +87,8 @@ type RuleCommand struct {
 // Register rule related commands and flags with the kingpin application
 func (r *RuleCommand) Register(app *kingpin.Application) {
 	rulesCmd := app.Command("rules", "View & edit rules stored in cortex.").PreAction(r.setup)
-	rulesCmd.Flag("key", "Api key to use when contacting cortex, alternatively set $CORTEX_API_KEY.").Default("").Envar("CORTEX_API_KEY").StringVar(&r.ClientConfig.Key)
+	rulesCmd.Flag("user", "API user to use when contacting cortex, alternatively set CORTEX_API_USER. If empty, CORTEX_TENANT_ID will be used instead.").Default("").Envar("CORTEX_API_USER").StringVar(&r.ClientConfig.User)
+	rulesCmd.Flag("key", "API key to use when contacting cortex, alternatively set CORTEX_API_KEY.").Default("").Envar("CORTEX_API_KEY").StringVar(&r.ClientConfig.Key)
 	rulesCmd.Flag("backend", "Backend type to interact with: <cortex|loki>").Default("cortex").EnumVar(&r.Backend, backends...)
 
 	// Register rule commands