Support for basic auth on the Prometheus API
requested to merge 462021-database-indicators-support-for-basic-auth-on-the-prometheus-api into master
What does this MR do and why?
Adds a new connection client, MimirClient
to connect to Prometheus via Mimir - using basic auth.
Needs to be merged before adding mimir_api_url
to prometheus_alert_db_indicators_settings
:
How to set up and validate locally
MimirClient
To test the As we don't have access from our local machine, the best way is through staging rails-ro@console-ro-01-sv-gstg
. So far, we can only check if headers are being correctly sent, as we don't have the auth env variable set.
- Connect to a Rails Console using Teleport
- Instantiate the
MimirClient
in the rails session and test theready
endpoint:
module Gitlab
class MimirClient < PrometheusClient
def initialize(api_url:, user:, password:, options: {})
super(api_url, options)
base64_auth = Base64.strict_encode64("#{user}:#{password}")
@options.merge!(
headers: {
"Authorization" => "Basic #{base64_auth}"
}
)
end
end
end
client = Gitlab::MimirClient.new(api_url: 'https://mimir-internal.ops.gke.gitlab.net/prometheus', user: 'user', password: 'pass', options: { allow_local_requests: true, verify: true, debug_output: STDOUT })
client.ready?
opening connection to ...
opened
starting SSL for ...
SSL established, protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384
<- "GET /-/ready? HTTP/1.1\r\nAuthorization: Basic dummyauth\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nAccept: */*\r\nUser-Agent: Ruby\r\nConnection: close\r\nHost: mimir-internal.ops.gke.gitlab.net\r\n\r\n"
-> "HTTP/1.1 401 Unauthorized\r\n"
-> "server: istio-envoy\r\n"
-> "date: Wed, 22 May 2024 00:00:14 GMT\r\n"
-> "content-type: text/html\r\n"
-> "content-length: 179\r\n"
-> "www-authenticate: Basic realm=\"Mimir\"\r\n"
-> "x-envoy-upstream-service-time: 1\r\n"
-> "connection: close\r\n"
-> "\r\n"
reading 179 bytes...
-> "<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx/1.25.5</center>\r\n</body>\r\n</html>\r\n"
Numbered steps to set up and validate the change are strongly suggested.
Related to #462021
Edited by Leonardo da Rosa