metrics-generator: do not remove x-scope-orgid header in single tenan…

…t modus (#1554)

* metrics-generator: do not remove x-scope-orgid header in single tenant modus

* Update CHANGELOG.md

CHANGELOG.md

@@ -33,6 +33,7 @@ Additionally, default label `span_status` is renamed to `status_code`.
 * [BUGFIX] Fix race condition in forwarder overrides loop. [1468](https://github.com/grafana/tempo/pull/1468) (@mapno)
 * [BUGFIX] Fix v2 backend check on span name to be substring [#1538](https://github.com/grafana/tempo/pull/1538) (@mdisibio)
 * [BUGFIX] Fix wal check on span name to be substring [#1548](https://github.com/grafana/tempo/pull/1548) (@mdisibio)
+* [BUGFIX] metrics-generator: do not remove x-scope-orgid header in single tenant modus [#1554](https://github.com/grafana/tempo/pull/1554) (@kvrhdn)
 * [ENHANCEMENT] Add a config to query single ingester instance based on trace id hash for Trace By ID API. (1484)[https://github.com/grafana/tempo/pull/1484] (@sagarwala, @bikashmishra100, @ashwinidulams)
 * [ENHANCEMENT] Add blocklist metrics for total backend objects and total backend bytes [#1519](https://github.com/grafana/tempo/pull/1519) (@ie-pham)
 

modules/generator/storage/config_util.go

@@ -12,28 +12,27 @@ import (
 )
 
 // generateTenantRemoteWriteConfigs creates a copy of the remote write configurations with the
-// X-Scope-OrgID header present for the given tenant. If the remote write config already contains
-// this header it will be overwritten.
+// X-Scope-OrgID header present for the given tenant, unless Tempo is run in single tenant mode.
 func generateTenantRemoteWriteConfigs(originalCfgs []prometheus_config.RemoteWriteConfig, tenant string, logger log.Logger) []*prometheus_config.RemoteWriteConfig {
 	var cloneCfgs []*prometheus_config.RemoteWriteConfig
 
 	for _, originalCfg := range originalCfgs {
 		cloneCfg := &prometheus_config.RemoteWriteConfig{}
 		*cloneCfg = originalCfg
 
-		// Copy headers so we can modify them
-		cloneCfg.Headers = copyMap(cloneCfg.Headers)
-
-		// Ensure that no variation of the X-Scope-OrgId header can be added, which might trick authentication
-		for k, v := range cloneCfg.Headers {
-			if strings.EqualFold(user.OrgIDHeaderName, strings.TrimSpace(k)) {
-				level.Warn(logger).Log("msg", "discarding X-Scope-OrgId header", "key", k, "value", v)
-				delete(cloneCfg.Headers, k)
+		// Inject/overwrite X-Scope-OrgID header in multi-tenant setups
+		if tenant != util.FakeTenantID {
+			// Copy headers so we can modify them
+			cloneCfg.Headers = copyMap(cloneCfg.Headers)
+
+			// Ensure that no variation of the X-Scope-OrgId header can be added, which might trick authentication
+			for k, v := range cloneCfg.Headers {
+				if strings.EqualFold(user.OrgIDHeaderName, strings.TrimSpace(k)) {
+					level.Warn(logger).Log("msg", "discarding X-Scope-OrgId header", "key", k, "value", v)
+					delete(cloneCfg.Headers, k)
+				}
 			}
-		}
 
-		// inject the X-Scope-OrgId header for multi-tenant metrics backends
-		if tenant != util.FakeTenantID {
 			cloneCfg.Headers[user.OrgIDHeaderName] = tenant
 		}
 

modules/generator/storage/config_util_test.go

@@ -49,13 +49,27 @@ func Test_generateTenantRemoteWriteConfigs_singleTenant(t *testing.T) {
 			URL:     &prometheus_common_config.URL{URL: urlMustParse("http://prometheus-1/api/prom/push")},
 			Headers: map[string]string{},
 		},
+		{
+			URL: &prometheus_common_config.URL{URL: urlMustParse("http://prometheus-2/api/prom/push")},
+			Headers: map[string]string{
+				"x-scope-orgid": "my-custom-tenant-id",
+			},
+		},
 	}
 
 	result := generateTenantRemoteWriteConfigs(original, util.FakeTenantID, logger)
 
 	assert.Equal(t, original[0].URL, result[0].URL)
+
+	assert.Equal(t, original[0].URL, result[0].URL)
+	assert.Equal(t, map[string]string{}, original[0].Headers, "Original headers have been modified")
 	// X-Scope-OrgID has not been injected
-	assert.Empty(t, result[0].Headers)
+	assert.Equal(t, map[string]string{}, result[0].Headers)
+
+	assert.Equal(t, original[1].URL, result[1].URL)
+	assert.Equal(t, map[string]string{"x-scope-orgid": "my-custom-tenant-id"}, original[1].Headers, "Original headers have been modified")
+	// X-Scope-OrgID has not been modified
+	assert.Equal(t, map[string]string{"x-scope-orgid": "my-custom-tenant-id"}, result[1].Headers)
 }
 
 func Test_copyMap(t *testing.T) {