Datasource auth Settings do not work as expected #54
Assignees
Labels
bug
Something isn't working
Comments
|
@dmitryk-dk could you please take a look? |
|
Hi @hagen1778 , @stieglma ! I checked the code of both data sources, and they are similar. Need to make some investigation why the auth header doesn't set |
|
Hi @stieglma ! I have tested the plugin with basic auth and it works well
users:
- username: foo
password: bar
url_prefix: "http://victorialogs:9428/"
services:
# fluentbit is logs collector. It collects logs according to fluent-bit.conf
# and forwards them to VictoriaLogs
fluentbit:
container_name: fluentbit
image: cr.fluentbit.io/fluent/fluent-bit:2.1.4
volumes:
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
depends_on: [victorialogs]
ports:
- "5140:5140"
networks:
- vm_net
# VictoriaLogs instance, a single process responsible for
# storing logs and serving read queries.
victorialogs:
container_name: victorialogs
image: docker.io/victoriametrics/victoria-logs:v0.28.0-victorialogs
command:
- "--storageDataPath=/vlogs"
- "--httpListenAddr=:9428"
volumes:
- vldata:/vlogs
ports:
- "9428:9428"
networks:
- vm_net
# vmauth is a router and balancer for HTTP requests.
# It is configured via --auth.config and balances
# read requests from Grafana, vmui, vmalert among vmselects.
# It can be used as an authentication proxy.
vmauth:
container_name: vmauth
image: victoriametrics/vmauth:v1.102.0
depends_on:
- "victorialogs"
volumes:
- ./auth-cluster.yml:/etc/auth.yml
command:
- '--auth.config=/etc/auth.yml'
ports:
- 8427:8427
restart: always
networks:
- vm_net
volumes:
vmdata: {}
vldata: {}
grafanadata: {}
vmauth: {}
networks:
vm_net:
apiVersion: 1
datasources:
# <string, required> Name of the VictoriaLogs datasource
# displayed in Grafana panels and queries.
- name: VictoriaLogs
# <string, required> Sets the data source type.
type: victorialogs-datasource
# <string, required> Sets the access mode, either
# proxy or direct (Server or Browser in the UI).
access: proxy
# <string> Sets URL for sending queries to VictoriaLogs server.
# see https://docs.victoriametrics.com/victorialogs/querying/
url: http://localhost:8427
# <string> Sets the pre-selected datasource for new panels.
# You can set only one default data source per organization.
isDefault: true
jsonData:
httpMethod: GET
oauthPassThru: true
basicAuth: true
basicAuthUser: foo
withCredentials: true
secureJsonData:
basicAuthPassword: bar
And as you can see, it works correctly. Maybe I missed something? |
|
Hi @stieglma ! I found the problem and will prepared the PR to fix this issue. |
This was referenced Aug 1, 2024
|
it works now, thank you, for the quick help! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are using a custom proxy between Grafana and our datsources (victoria metrics prometheus + logs) to inject some filters into the queries. This allows us to achieve read multi-tenancy which we are totally fine with.
Now: it seems like this does work for the vm prometheus datasource, but it does not for the vm logging datasource.
I am talking about this setting:
in the helm-chart you would find it here
I am not sure where the error is exactly, but all request reaching the proxy do not contain the Authorization Header, which should be forwarded with this setting (at least it is for the prometheus datasource).
The
Custom HTTP Headershowever seem to work, but as this is only static and not tied to the user, it doesn't help.I already tried to check your code, but TBH I'm far from a go expert, and neither the grafana docs nor your code were super clear to me. Here is the documentation on how it should be done: https://grafana.com/developers/plugin-tools/how-to-guides/data-source-plugins/add-authentication-for-data-source-plugins#forward-oauth-identity-for-the-logged-in-user maybe this helps you for an easy start
The text was updated successfully, but these errors were encountered: