2020-05-05 09:53:42 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2021-03-05 17:21:11 +01:00
|
|
|
"bytes"
|
|
|
|
"fmt"
|
2021-04-21 09:55:29 +02:00
|
|
|
"net/url"
|
2020-05-05 09:53:42 +02:00
|
|
|
"testing"
|
2021-03-05 17:21:11 +01:00
|
|
|
|
|
|
|
"gopkg.in/yaml.v2"
|
2024-04-17 14:03:15 +02:00
|
|
|
|
|
|
|
"github.com/VictoriaMetrics/VictoriaMetrics/lib/logger"
|
2020-05-05 09:53:42 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestParseAuthConfigFailure(t *testing.T) {
|
|
|
|
f := func(s string) {
|
|
|
|
t.Helper()
|
2023-04-20 19:08:27 +02:00
|
|
|
ac, err := parseAuthConfig([]byte(s))
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
2024-03-06 19:05:55 +01:00
|
|
|
users, err := parseAuthConfigUsers(ac)
|
2020-05-05 09:53:42 +02:00
|
|
|
if err == nil {
|
2024-03-06 19:05:55 +01:00
|
|
|
t.Fatalf("expecting non-nil error; got %v", users)
|
2020-05-05 09:53:42 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Empty config
|
|
|
|
f(``)
|
|
|
|
|
|
|
|
// Invalid entry
|
|
|
|
f(`foobar`)
|
|
|
|
f(`foobar: baz`)
|
|
|
|
|
|
|
|
// Empty users
|
|
|
|
f(`users: []`)
|
|
|
|
|
|
|
|
// Missing url_prefix
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
`)
|
|
|
|
|
|
|
|
// Invalid url_prefix
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix: bar
|
|
|
|
`)
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix: ftp://bar
|
|
|
|
`)
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix: //bar
|
|
|
|
`)
|
2021-02-11 11:40:59 +01:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix: http:///bar
|
|
|
|
`)
|
2021-04-21 09:55:29 +02:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
2021-05-29 00:00:23 +02:00
|
|
|
url_prefix:
|
|
|
|
bar: baz
|
|
|
|
`)
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix:
|
|
|
|
- [foo]
|
|
|
|
`)
|
|
|
|
|
2021-10-22 18:08:06 +02:00
|
|
|
// Invalid headers
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix: http://foo.bar
|
|
|
|
headers: foobar
|
|
|
|
`)
|
|
|
|
|
2024-07-19 16:08:30 +02:00
|
|
|
// Invalid keep_original_host value
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix: http://foo.bar
|
|
|
|
keep_original_host: foobar
|
|
|
|
`)
|
|
|
|
|
2021-05-29 00:00:23 +02:00
|
|
|
// empty url_prefix
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix: []
|
2021-04-21 09:55:29 +02:00
|
|
|
`)
|
2020-05-05 09:53:42 +02:00
|
|
|
|
2024-04-02 20:15:44 +02:00
|
|
|
// auth_token and username in a single config
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- auth_token: foo
|
|
|
|
username: bbb
|
|
|
|
url_prefix: http://foo.bar
|
|
|
|
`)
|
|
|
|
|
|
|
|
// auth_token and bearer_token in a single config
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- auth_token: foo
|
|
|
|
bearer_token: bbb
|
|
|
|
url_prefix: http://foo.bar
|
|
|
|
`)
|
|
|
|
|
2021-04-02 21:14:53 +02:00
|
|
|
// Username and bearer_token in a single config
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
bearer_token: bbb
|
|
|
|
url_prefix: http://foo.bar
|
|
|
|
`)
|
|
|
|
|
|
|
|
// Bearer_token and password in a single config
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- password: foo
|
|
|
|
bearer_token: bbb
|
|
|
|
url_prefix: http://foo.bar
|
|
|
|
`)
|
|
|
|
|
2020-05-05 09:53:42 +02:00
|
|
|
// Duplicate users
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix: http://foo.bar
|
|
|
|
- username: bar
|
|
|
|
url_prefix: http://xxx.yyy
|
|
|
|
- username: foo
|
|
|
|
url_prefix: https://sss.sss
|
|
|
|
`)
|
2022-07-19 18:33:17 +02:00
|
|
|
// Duplicate users
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
password: bar
|
|
|
|
url_prefix: http://foo.bar
|
|
|
|
- username: bar
|
|
|
|
url_prefix: http://xxx.yyy
|
|
|
|
- username: foo
|
|
|
|
password: bar
|
|
|
|
url_prefix: https://sss.sss
|
|
|
|
`)
|
2021-02-11 11:40:59 +01:00
|
|
|
|
2021-04-02 21:14:53 +02:00
|
|
|
// Duplicate bearer_tokens
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- bearer_token: foo
|
|
|
|
url_prefix: http://foo.bar
|
|
|
|
- username: bar
|
|
|
|
url_prefix: http://xxx.yyy
|
|
|
|
- bearer_token: foo
|
|
|
|
url_prefix: https://sss.sss
|
|
|
|
`)
|
|
|
|
|
2021-02-11 11:40:59 +01:00
|
|
|
// Missing url_prefix in url_map
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_paths: ["/foo/bar"]
|
|
|
|
`)
|
2023-12-13 23:46:36 +01:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_hosts: ["foobar"]
|
|
|
|
`)
|
2021-02-11 11:40:59 +01:00
|
|
|
|
2021-04-21 09:55:29 +02:00
|
|
|
// Invalid url_prefix in url_map
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_paths: ["/foo/bar"]
|
|
|
|
url_prefix: foo.bar
|
|
|
|
`)
|
2023-12-13 23:46:36 +01:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_hosts: ["foobar"]
|
|
|
|
url_prefix: foo.bar
|
|
|
|
`)
|
2021-04-21 09:55:29 +02:00
|
|
|
|
2021-05-29 00:00:23 +02:00
|
|
|
// empty url_prefix in url_map
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_paths: ['/foo/bar']
|
|
|
|
url_prefix: []
|
|
|
|
`)
|
2023-12-13 23:46:36 +01:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_phosts: ['foobar']
|
|
|
|
url_prefix: []
|
|
|
|
`)
|
2021-05-29 00:00:23 +02:00
|
|
|
|
2023-12-13 23:46:36 +01:00
|
|
|
// Missing src_paths and src_hosts in url_map
|
2021-02-11 11:40:59 +01:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- url_prefix: http://foobar
|
|
|
|
`)
|
|
|
|
|
2024-03-06 19:52:23 +01:00
|
|
|
// Invalid regexp in src_paths
|
2021-02-11 11:40:59 +01:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
2021-03-05 17:21:11 +01:00
|
|
|
- src_paths: ['fo[obar']
|
2021-02-11 11:40:59 +01:00
|
|
|
url_prefix: http://foobar
|
|
|
|
`)
|
2021-10-22 18:08:06 +02:00
|
|
|
|
2023-12-13 23:46:36 +01:00
|
|
|
// Invalid regexp in src_hosts
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_hosts: ['fo[obar']
|
|
|
|
url_prefix: http://foobar
|
|
|
|
`)
|
|
|
|
|
2024-03-06 19:52:23 +01:00
|
|
|
// Invalid src_query_args
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_query_args: abc
|
|
|
|
url_prefix: http://foobar
|
|
|
|
`)
|
|
|
|
|
2024-03-06 20:56:32 +01:00
|
|
|
// Invalid src_headers
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_headers: abc
|
|
|
|
url_prefix: http://foobar
|
|
|
|
`)
|
|
|
|
|
2021-10-22 18:08:06 +02:00
|
|
|
// Invalid headers in url_map (missing ':')
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_paths: ['/foobar']
|
|
|
|
url_prefix: http://foobar
|
|
|
|
headers:
|
|
|
|
- foobar
|
|
|
|
`)
|
|
|
|
// Invalid headers in url_map (dictionary instead of array)
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: a
|
|
|
|
url_map:
|
|
|
|
- src_paths: ['/foobar']
|
|
|
|
url_prefix: http://foobar
|
|
|
|
headers:
|
|
|
|
aaa: bbb
|
2024-01-21 03:40:52 +01:00
|
|
|
`)
|
|
|
|
// Invalid metric label name
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix: http://foo.bar
|
|
|
|
metric_labels:
|
|
|
|
not-prometheus-compatible: value
|
2021-10-22 18:08:06 +02:00
|
|
|
`)
|
2020-05-05 09:53:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestParseAuthConfigSuccess(t *testing.T) {
|
|
|
|
f := func(s string, expectedAuthConfig map[string]*UserInfo) {
|
|
|
|
t.Helper()
|
2023-04-20 19:08:27 +02:00
|
|
|
ac, err := parseAuthConfig([]byte(s))
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("unexpected error: %s", err)
|
|
|
|
}
|
|
|
|
m, err := parseAuthConfigUsers(ac)
|
2020-05-05 09:53:42 +02:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("unexpected error: %s", err)
|
|
|
|
}
|
|
|
|
removeMetrics(m)
|
2021-03-05 17:21:11 +01:00
|
|
|
if err := areEqualConfigs(m, expectedAuthConfig); err != nil {
|
|
|
|
t.Fatal(err)
|
2020-05-05 09:53:42 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-13 08:23:35 +01:00
|
|
|
insecureSkipVerifyTrue := true
|
2024-04-02 20:15:44 +02:00
|
|
|
|
|
|
|
// Single user
|
2020-05-05 09:53:42 +02:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
password: bar
|
|
|
|
url_prefix: http://aaa:343/bbb
|
2023-02-10 05:03:01 +01:00
|
|
|
max_concurrent_requests: 5
|
2023-11-03 12:04:17 +01:00
|
|
|
tls_insecure_skip_verify: true
|
2020-05-05 09:53:42 +02:00
|
|
|
`, map[string]*UserInfo{
|
2024-02-12 23:57:53 +01:00
|
|
|
getHTTPAuthBasicToken("foo", "bar"): {
|
2023-02-10 05:03:01 +01:00
|
|
|
Username: "foo",
|
|
|
|
Password: "bar",
|
|
|
|
URLPrefix: mustParseURL("http://aaa:343/bbb"),
|
|
|
|
MaxConcurrentRequests: 5,
|
2023-11-13 08:23:35 +01:00
|
|
|
TLSInsecureSkipVerify: &insecureSkipVerifyTrue,
|
2020-05-05 09:53:42 +02:00
|
|
|
},
|
|
|
|
})
|
|
|
|
|
2024-04-02 20:15:44 +02:00
|
|
|
// Single user with auth_token
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- auth_token: foo
|
2024-04-17 20:45:48 +02:00
|
|
|
url_prefix: https://aaa:343/bbb
|
2024-04-02 20:15:44 +02:00
|
|
|
max_concurrent_requests: 5
|
|
|
|
tls_insecure_skip_verify: true
|
2024-04-17 20:45:48 +02:00
|
|
|
tls_server_name: "foo.bar"
|
|
|
|
tls_ca_file: "foo/bar"
|
|
|
|
tls_cert_file: "foo/baz"
|
|
|
|
tls_key_file: "foo/foo"
|
2024-04-02 20:15:44 +02:00
|
|
|
`, map[string]*UserInfo{
|
|
|
|
getHTTPAuthToken("foo"): {
|
|
|
|
AuthToken: "foo",
|
2024-04-17 20:45:48 +02:00
|
|
|
URLPrefix: mustParseURL("https://aaa:343/bbb"),
|
2024-04-02 20:15:44 +02:00
|
|
|
MaxConcurrentRequests: 5,
|
|
|
|
TLSInsecureSkipVerify: &insecureSkipVerifyTrue,
|
2024-04-17 20:45:48 +02:00
|
|
|
TLSServerName: "foo.bar",
|
|
|
|
TLSCAFile: "foo/bar",
|
|
|
|
TLSCertFile: "foo/baz",
|
|
|
|
TLSKeyFile: "foo/foo",
|
2024-04-02 20:15:44 +02:00
|
|
|
},
|
|
|
|
})
|
|
|
|
|
2021-05-29 00:00:23 +02:00
|
|
|
// Multiple url_prefix entries
|
2023-11-13 08:23:35 +01:00
|
|
|
insecureSkipVerifyFalse := false
|
2024-04-17 20:45:48 +02:00
|
|
|
discoverBackendIPsTrue := true
|
2021-05-29 00:00:23 +02:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
password: bar
|
|
|
|
url_prefix:
|
|
|
|
- http://node1:343/bbb
|
2024-04-17 20:45:48 +02:00
|
|
|
- http://srv+node2:343/bbb
|
2023-11-13 08:23:35 +01:00
|
|
|
tls_insecure_skip_verify: false
|
2023-11-13 22:30:39 +01:00
|
|
|
retry_status_codes: [500, 501]
|
2023-12-08 22:27:53 +01:00
|
|
|
load_balancing_policy: first_available
|
2023-11-13 22:30:39 +01:00
|
|
|
drop_src_path_prefix_parts: 1
|
2024-04-17 20:45:48 +02:00
|
|
|
discover_backend_ips: true
|
2021-05-29 00:00:23 +02:00
|
|
|
`, map[string]*UserInfo{
|
2024-02-12 23:57:53 +01:00
|
|
|
getHTTPAuthBasicToken("foo", "bar"): {
|
2021-05-29 00:00:23 +02:00
|
|
|
Username: "foo",
|
|
|
|
Password: "bar",
|
|
|
|
URLPrefix: mustParseURLs([]string{
|
|
|
|
"http://node1:343/bbb",
|
2024-04-17 20:45:48 +02:00
|
|
|
"http://srv+node2:343/bbb",
|
2021-05-29 00:00:23 +02:00
|
|
|
}),
|
2023-11-13 22:30:39 +01:00
|
|
|
TLSInsecureSkipVerify: &insecureSkipVerifyFalse,
|
|
|
|
RetryStatusCodes: []int{500, 501},
|
2023-12-08 22:27:53 +01:00
|
|
|
LoadBalancingPolicy: "first_available",
|
2023-12-14 00:04:46 +01:00
|
|
|
DropSrcPathPrefixParts: intp(1),
|
2024-04-17 20:45:48 +02:00
|
|
|
DiscoverBackendIPs: &discoverBackendIPsTrue,
|
2021-05-29 00:00:23 +02:00
|
|
|
},
|
|
|
|
})
|
|
|
|
|
2020-05-05 09:53:42 +02:00
|
|
|
// Multiple users
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
url_prefix: http://foo
|
|
|
|
- username: bar
|
2024-03-07 00:02:13 +01:00
|
|
|
url_prefix: https://bar/x/
|
2020-05-05 09:53:42 +02:00
|
|
|
`, map[string]*UserInfo{
|
2024-02-12 23:57:53 +01:00
|
|
|
getHTTPAuthBasicToken("foo", ""): {
|
2020-05-05 09:53:42 +02:00
|
|
|
Username: "foo",
|
2021-04-21 09:55:29 +02:00
|
|
|
URLPrefix: mustParseURL("http://foo"),
|
2020-05-05 09:53:42 +02:00
|
|
|
},
|
2024-02-12 23:57:53 +01:00
|
|
|
getHTTPAuthBasicToken("bar", ""): {
|
2020-05-05 09:53:42 +02:00
|
|
|
Username: "bar",
|
2024-03-07 00:02:13 +01:00
|
|
|
URLPrefix: mustParseURL("https://bar/x/"),
|
2020-05-05 09:53:42 +02:00
|
|
|
},
|
|
|
|
})
|
2021-02-11 11:40:59 +01:00
|
|
|
|
|
|
|
// non-empty URLMap
|
2024-03-06 20:56:32 +01:00
|
|
|
sharedUserInfo := &UserInfo{
|
|
|
|
BearerToken: "foo",
|
|
|
|
URLMaps: []URLMap{
|
|
|
|
{
|
|
|
|
SrcPaths: getRegexs([]string{"/api/v1/query", "/api/v1/query_range", "/api/v1/label/[^./]+/.+"}),
|
|
|
|
URLPrefix: mustParseURL("http://vmselect/select/0/prometheus"),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
SrcHosts: getRegexs([]string{"foo\\.bar", "baz:1234"}),
|
|
|
|
SrcPaths: getRegexs([]string{"/api/v1/write"}),
|
2024-04-17 14:03:15 +02:00
|
|
|
SrcQueryArgs: []*QueryArg{
|
|
|
|
mustNewQueryArg("foo=b.+ar"),
|
|
|
|
mustNewQueryArg("baz=~.*x=y.+"),
|
2024-03-06 20:56:32 +01:00
|
|
|
},
|
2024-04-17 14:03:15 +02:00
|
|
|
SrcHeaders: []*Header{
|
|
|
|
mustNewHeader("'TenantID: 345'"),
|
2024-03-06 20:56:32 +01:00
|
|
|
},
|
|
|
|
URLPrefix: mustParseURLs([]string{
|
|
|
|
"http://vminsert1/insert/0/prometheus",
|
|
|
|
"http://vminsert2/insert/0/prometheus",
|
|
|
|
}),
|
|
|
|
HeadersConf: HeadersConf{
|
2024-04-17 14:03:15 +02:00
|
|
|
RequestHeaders: []*Header{
|
|
|
|
mustNewHeader("'foo: bar'"),
|
2024-07-20 11:22:25 +02:00
|
|
|
mustNewHeader("'xxx:'"),
|
2024-03-06 20:56:32 +01:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
2021-02-11 11:40:59 +01:00
|
|
|
f(`
|
|
|
|
users:
|
2021-04-02 21:14:53 +02:00
|
|
|
- bearer_token: foo
|
2021-02-11 11:40:59 +01:00
|
|
|
url_map:
|
2021-03-05 17:21:11 +01:00
|
|
|
- src_paths: ["/api/v1/query","/api/v1/query_range","/api/v1/label/[^./]+/.+"]
|
2021-02-11 11:40:59 +01:00
|
|
|
url_prefix: http://vmselect/select/0/prometheus
|
|
|
|
- src_paths: ["/api/v1/write"]
|
2023-12-13 23:46:36 +01:00
|
|
|
src_hosts: ["foo\\.bar", "baz:1234"]
|
2024-04-17 14:03:15 +02:00
|
|
|
src_query_args: ['foo=b.+ar', 'baz=~.*x=y.+']
|
2024-03-06 20:56:32 +01:00
|
|
|
src_headers: ['TenantID: 345']
|
2021-05-29 00:00:23 +02:00
|
|
|
url_prefix: ["http://vminsert1/insert/0/prometheus","http://vminsert2/insert/0/prometheus"]
|
2021-10-22 18:08:06 +02:00
|
|
|
headers:
|
|
|
|
- "foo: bar"
|
2024-07-20 11:22:25 +02:00
|
|
|
- "xxx:"
|
2021-02-11 11:40:59 +01:00
|
|
|
`, map[string]*UserInfo{
|
2024-03-06 20:56:32 +01:00
|
|
|
getHTTPAuthBearerToken("foo"): sharedUserInfo,
|
|
|
|
getHTTPAuthBasicToken("foo", ""): sharedUserInfo,
|
2021-02-11 11:40:59 +01:00
|
|
|
})
|
2024-03-06 19:05:55 +01:00
|
|
|
|
2024-02-12 23:57:53 +01:00
|
|
|
// Multiple users with the same name - this should work, since these users have different passwords
|
2022-07-19 18:33:17 +02:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo-same
|
|
|
|
password: baz
|
|
|
|
url_prefix: http://foo
|
|
|
|
- username: foo-same
|
|
|
|
password: bar
|
2024-03-07 00:02:13 +01:00
|
|
|
url_prefix: https://bar/x
|
2022-07-19 18:33:17 +02:00
|
|
|
`, map[string]*UserInfo{
|
2024-02-12 23:57:53 +01:00
|
|
|
getHTTPAuthBasicToken("foo-same", "baz"): {
|
2022-07-19 18:33:17 +02:00
|
|
|
Username: "foo-same",
|
|
|
|
Password: "baz",
|
|
|
|
URLPrefix: mustParseURL("http://foo"),
|
|
|
|
},
|
2024-02-12 23:57:53 +01:00
|
|
|
getHTTPAuthBasicToken("foo-same", "bar"): {
|
2022-07-19 18:33:17 +02:00
|
|
|
Username: "foo-same",
|
|
|
|
Password: "bar",
|
|
|
|
URLPrefix: mustParseURL("https://bar/x"),
|
|
|
|
},
|
|
|
|
})
|
2024-02-12 23:57:53 +01:00
|
|
|
|
2023-04-26 11:04:35 +02:00
|
|
|
// with default url
|
2024-07-19 16:08:30 +02:00
|
|
|
keepOriginalHost := true
|
2023-04-26 11:04:35 +02:00
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- bearer_token: foo
|
|
|
|
url_map:
|
|
|
|
- src_paths: ["/api/v1/query","/api/v1/query_range","/api/v1/label/[^./]+/.+"]
|
|
|
|
url_prefix: http://vmselect/select/0/prometheus
|
|
|
|
- src_paths: ["/api/v1/write"]
|
|
|
|
url_prefix: ["http://vminsert1/insert/0/prometheus","http://vminsert2/insert/0/prometheus"]
|
|
|
|
headers:
|
|
|
|
- "foo: bar"
|
|
|
|
- "xxx: y"
|
2024-07-19 16:08:30 +02:00
|
|
|
keep_original_host: true
|
2023-05-09 00:12:19 +02:00
|
|
|
default_url:
|
2023-04-26 11:04:35 +02:00
|
|
|
- http://default1/select/0/prometheus
|
|
|
|
- http://default2/select/0/prometheus
|
|
|
|
`, map[string]*UserInfo{
|
2024-02-12 23:57:53 +01:00
|
|
|
getHTTPAuthBearerToken("foo"): {
|
2023-04-26 11:04:35 +02:00
|
|
|
BearerToken: "foo",
|
|
|
|
URLMaps: []URLMap{
|
|
|
|
{
|
2023-12-13 23:46:36 +01:00
|
|
|
SrcPaths: getRegexs([]string{"/api/v1/query", "/api/v1/query_range", "/api/v1/label/[^./]+/.+"}),
|
2023-04-26 11:04:35 +02:00
|
|
|
URLPrefix: mustParseURL("http://vmselect/select/0/prometheus"),
|
|
|
|
},
|
|
|
|
{
|
2023-12-13 23:46:36 +01:00
|
|
|
SrcPaths: getRegexs([]string{"/api/v1/write"}),
|
2023-04-26 11:04:35 +02:00
|
|
|
URLPrefix: mustParseURLs([]string{
|
|
|
|
"http://vminsert1/insert/0/prometheus",
|
|
|
|
"http://vminsert2/insert/0/prometheus",
|
|
|
|
}),
|
2023-08-31 14:26:51 +02:00
|
|
|
HeadersConf: HeadersConf{
|
2024-04-17 14:03:15 +02:00
|
|
|
RequestHeaders: []*Header{
|
|
|
|
mustNewHeader("'foo: bar'"),
|
|
|
|
mustNewHeader("'xxx: y'"),
|
2023-04-26 11:04:35 +02:00
|
|
|
},
|
2024-07-19 16:08:30 +02:00
|
|
|
KeepOriginalHost: &keepOriginalHost,
|
2023-04-26 11:04:35 +02:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
DefaultURL: mustParseURLs([]string{
|
|
|
|
"http://default1/select/0/prometheus",
|
|
|
|
"http://default2/select/0/prometheus",
|
|
|
|
}),
|
|
|
|
},
|
2024-02-12 23:57:53 +01:00
|
|
|
getHTTPAuthBasicToken("foo", ""): {
|
2023-04-26 11:04:35 +02:00
|
|
|
BearerToken: "foo",
|
|
|
|
URLMaps: []URLMap{
|
|
|
|
{
|
2023-12-13 23:46:36 +01:00
|
|
|
SrcPaths: getRegexs([]string{"/api/v1/query", "/api/v1/query_range", "/api/v1/label/[^./]+/.+"}),
|
2023-04-26 11:04:35 +02:00
|
|
|
URLPrefix: mustParseURL("http://vmselect/select/0/prometheus"),
|
|
|
|
},
|
|
|
|
{
|
2023-12-13 23:46:36 +01:00
|
|
|
SrcPaths: getRegexs([]string{"/api/v1/write"}),
|
2023-04-26 11:04:35 +02:00
|
|
|
URLPrefix: mustParseURLs([]string{
|
|
|
|
"http://vminsert1/insert/0/prometheus",
|
|
|
|
"http://vminsert2/insert/0/prometheus",
|
|
|
|
}),
|
2023-08-31 14:26:51 +02:00
|
|
|
HeadersConf: HeadersConf{
|
2024-04-17 14:03:15 +02:00
|
|
|
RequestHeaders: []*Header{
|
|
|
|
mustNewHeader("'foo: bar'"),
|
|
|
|
mustNewHeader("'xxx: y'"),
|
2023-04-26 11:04:35 +02:00
|
|
|
},
|
2024-07-19 16:08:30 +02:00
|
|
|
KeepOriginalHost: &keepOriginalHost,
|
2023-04-26 11:04:35 +02:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
DefaultURL: mustParseURLs([]string{
|
|
|
|
"http://default1/select/0/prometheus",
|
|
|
|
"http://default2/select/0/prometheus",
|
|
|
|
}),
|
|
|
|
},
|
|
|
|
})
|
2024-03-06 19:05:55 +01:00
|
|
|
|
2024-01-21 03:40:52 +01:00
|
|
|
// With metric_labels
|
|
|
|
f(`
|
|
|
|
users:
|
|
|
|
- username: foo-same
|
|
|
|
password: baz
|
|
|
|
url_prefix: http://foo
|
|
|
|
metric_labels:
|
|
|
|
dc: eu
|
|
|
|
team: dev
|
2024-07-19 16:08:30 +02:00
|
|
|
keep_original_host: true
|
2024-01-21 03:40:52 +01:00
|
|
|
- username: foo-same
|
|
|
|
password: bar
|
2024-03-07 00:02:13 +01:00
|
|
|
url_prefix: https://bar/x
|
2024-01-21 03:40:52 +01:00
|
|
|
metric_labels:
|
|
|
|
backend_env: test
|
|
|
|
team: accounting
|
2024-07-19 16:08:30 +02:00
|
|
|
headers:
|
|
|
|
- "foo: bar"
|
|
|
|
response_headers:
|
|
|
|
- "Abc: def"
|
2024-01-21 03:40:52 +01:00
|
|
|
`, map[string]*UserInfo{
|
2024-02-12 23:57:53 +01:00
|
|
|
getHTTPAuthBasicToken("foo-same", "baz"): {
|
2024-01-21 03:40:52 +01:00
|
|
|
Username: "foo-same",
|
|
|
|
Password: "baz",
|
|
|
|
URLPrefix: mustParseURL("http://foo"),
|
|
|
|
MetricLabels: map[string]string{
|
|
|
|
"dc": "eu",
|
|
|
|
"team": "dev",
|
|
|
|
},
|
2024-07-19 16:08:30 +02:00
|
|
|
HeadersConf: HeadersConf{
|
|
|
|
KeepOriginalHost: &keepOriginalHost,
|
|
|
|
},
|
2024-01-21 03:40:52 +01:00
|
|
|
},
|
2024-02-12 23:57:53 +01:00
|
|
|
getHTTPAuthBasicToken("foo-same", "bar"): {
|
2024-01-21 03:40:52 +01:00
|
|
|
Username: "foo-same",
|
|
|
|
Password: "bar",
|
|
|
|
URLPrefix: mustParseURL("https://bar/x"),
|
|
|
|
MetricLabels: map[string]string{
|
|
|
|
"backend_env": "test",
|
|
|
|
"team": "accounting",
|
|
|
|
},
|
2024-07-19 16:08:30 +02:00
|
|
|
HeadersConf: HeadersConf{
|
|
|
|
RequestHeaders: []*Header{
|
|
|
|
mustNewHeader("'foo: bar'"),
|
|
|
|
},
|
|
|
|
ResponseHeaders: []*Header{
|
|
|
|
mustNewHeader("'Abc: def'"),
|
|
|
|
},
|
|
|
|
},
|
2024-01-21 03:40:52 +01:00
|
|
|
},
|
|
|
|
})
|
2020-05-05 09:53:42 +02:00
|
|
|
}
|
|
|
|
|
2023-11-03 12:04:17 +01:00
|
|
|
func TestParseAuthConfigPassesTLSVerificationConfig(t *testing.T) {
|
|
|
|
c := `
|
|
|
|
users:
|
|
|
|
- username: foo
|
|
|
|
password: bar
|
|
|
|
url_prefix: https://aaa/bbb
|
|
|
|
max_concurrent_requests: 5
|
|
|
|
tls_insecure_skip_verify: true
|
|
|
|
|
|
|
|
unauthorized_user:
|
|
|
|
url_prefix: http://aaa:343/bbb
|
|
|
|
max_concurrent_requests: 5
|
|
|
|
tls_insecure_skip_verify: false
|
|
|
|
`
|
|
|
|
|
|
|
|
ac, err := parseAuthConfig([]byte(c))
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("unexpected error: %s", err)
|
|
|
|
}
|
|
|
|
m, err := parseAuthConfigUsers(ac)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("unexpected error: %s", err)
|
|
|
|
}
|
|
|
|
|
2024-02-12 23:57:53 +01:00
|
|
|
ui := m[getHTTPAuthBasicToken("foo", "bar")]
|
2024-04-17 16:46:27 +02:00
|
|
|
if !isSetBool(ui.TLSInsecureSkipVerify, true) {
|
2023-11-03 12:04:17 +01:00
|
|
|
t.Fatalf("unexpected TLSInsecureSkipVerify value for user foo")
|
|
|
|
}
|
|
|
|
|
2024-04-17 16:46:27 +02:00
|
|
|
if !isSetBool(ac.UnauthorizedUser.TLSInsecureSkipVerify, false) {
|
2023-11-03 12:04:17 +01:00
|
|
|
t.Fatalf("unexpected TLSInsecureSkipVerify value for unauthorized_user")
|
|
|
|
}
|
2023-11-13 08:23:35 +01:00
|
|
|
}
|
2023-11-03 12:04:17 +01:00
|
|
|
|
2024-01-21 03:40:52 +01:00
|
|
|
func TestUserInfoGetMetricLabels(t *testing.T) {
|
|
|
|
t.Run("empty-labels", func(t *testing.T) {
|
|
|
|
ui := &UserInfo{
|
|
|
|
Username: "user1",
|
|
|
|
}
|
|
|
|
labels, err := ui.getMetricLabels()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("unexpected error: %s", err)
|
|
|
|
}
|
|
|
|
labelsExpected := `{username="user1"}`
|
|
|
|
if labels != labelsExpected {
|
|
|
|
t.Fatalf("unexpected labels; got %s; want %s", labels, labelsExpected)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
t.Run("non-empty-username", func(t *testing.T) {
|
|
|
|
ui := &UserInfo{
|
|
|
|
Username: "user1",
|
|
|
|
MetricLabels: map[string]string{
|
|
|
|
"env": "prod",
|
|
|
|
"datacenter": "dc1",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
labels, err := ui.getMetricLabels()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("unexpected error: %s", err)
|
|
|
|
}
|
|
|
|
labelsExpected := `{datacenter="dc1",env="prod",username="user1"}`
|
|
|
|
if labels != labelsExpected {
|
|
|
|
t.Fatalf("unexpected labels; got %s; want %s", labels, labelsExpected)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
t.Run("non-empty-name", func(t *testing.T) {
|
|
|
|
ui := &UserInfo{
|
|
|
|
Name: "user1",
|
|
|
|
BearerToken: "abc",
|
|
|
|
MetricLabels: map[string]string{
|
|
|
|
"env": "prod",
|
|
|
|
"datacenter": "dc1",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
labels, err := ui.getMetricLabels()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("unexpected error: %s", err)
|
|
|
|
}
|
|
|
|
labelsExpected := `{datacenter="dc1",env="prod",username="user1"}`
|
|
|
|
if labels != labelsExpected {
|
|
|
|
t.Fatalf("unexpected labels; got %s; want %s", labels, labelsExpected)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
t.Run("non-empty-bearer-token", func(t *testing.T) {
|
|
|
|
ui := &UserInfo{
|
|
|
|
BearerToken: "abc",
|
|
|
|
MetricLabels: map[string]string{
|
|
|
|
"env": "prod",
|
|
|
|
"datacenter": "dc1",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
labels, err := ui.getMetricLabels()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("unexpected error: %s", err)
|
|
|
|
}
|
|
|
|
labelsExpected := `{datacenter="dc1",env="prod",username="bearer_token:hash:44BC2CF5AD770999"}`
|
|
|
|
if labels != labelsExpected {
|
|
|
|
t.Fatalf("unexpected labels; got %s; want %s", labels, labelsExpected)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
t.Run("invalid-label", func(t *testing.T) {
|
|
|
|
ui := &UserInfo{
|
|
|
|
Username: "foo",
|
|
|
|
MetricLabels: map[string]string{
|
|
|
|
",{": "aaaa",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
_, err := ui.getMetricLabels()
|
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("expecting non-nil error")
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2023-11-13 08:23:35 +01:00
|
|
|
func isSetBool(boolP *bool, expectedValue bool) bool {
|
|
|
|
if boolP == nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return *boolP == expectedValue
|
2023-11-03 12:04:17 +01:00
|
|
|
}
|
|
|
|
|
2024-04-30 10:22:17 +02:00
|
|
|
func TestGetLeastLoadedBackendURL(t *testing.T) {
|
|
|
|
up := mustParseURLs([]string{
|
|
|
|
"http://node1:343",
|
|
|
|
"http://node2:343",
|
|
|
|
"http://node3:343",
|
|
|
|
})
|
|
|
|
up.loadBalancingPolicy = "least_loaded"
|
|
|
|
|
|
|
|
fn := func(ns ...int) {
|
|
|
|
t.Helper()
|
2024-07-20 11:22:25 +02:00
|
|
|
pbus := up.bus.Load()
|
|
|
|
bus := *pbus
|
|
|
|
for i, b := range bus {
|
2024-04-30 10:22:17 +02:00
|
|
|
got := int(b.concurrentRequests.Load())
|
|
|
|
exp := ns[i]
|
|
|
|
if got != exp {
|
|
|
|
t.Fatalf("expected %q to have %d concurrent requests; got %d instead", b.url, exp, got)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
up.getBackendURL()
|
2024-07-20 11:22:25 +02:00
|
|
|
fn(1, 0, 0)
|
2024-04-30 10:22:17 +02:00
|
|
|
up.getBackendURL()
|
2024-07-20 11:22:25 +02:00
|
|
|
fn(1, 1, 0)
|
2024-04-30 10:22:17 +02:00
|
|
|
up.getBackendURL()
|
|
|
|
fn(1, 1, 1)
|
|
|
|
|
|
|
|
up.getBackendURL()
|
|
|
|
up.getBackendURL()
|
2024-07-20 11:22:25 +02:00
|
|
|
fn(2, 2, 1)
|
2024-04-30 10:22:17 +02:00
|
|
|
|
|
|
|
bus := up.bus.Load()
|
|
|
|
pbus := *bus
|
|
|
|
pbus[0].concurrentRequests.Add(2)
|
|
|
|
pbus[2].concurrentRequests.Add(5)
|
2024-07-20 11:22:25 +02:00
|
|
|
fn(4, 2, 6)
|
2024-04-30 10:22:17 +02:00
|
|
|
|
|
|
|
up.getBackendURL()
|
2024-07-20 11:22:25 +02:00
|
|
|
fn(4, 3, 6)
|
2024-04-30 10:22:17 +02:00
|
|
|
|
|
|
|
up.getBackendURL()
|
2024-07-20 11:22:25 +02:00
|
|
|
fn(4, 4, 6)
|
2024-04-30 10:22:17 +02:00
|
|
|
|
|
|
|
up.getBackendURL()
|
2024-07-20 11:22:25 +02:00
|
|
|
fn(4, 5, 6)
|
2024-04-30 10:22:17 +02:00
|
|
|
|
|
|
|
up.getBackendURL()
|
2024-07-20 11:22:25 +02:00
|
|
|
fn(5, 5, 6)
|
2024-04-30 10:22:17 +02:00
|
|
|
|
|
|
|
up.getBackendURL()
|
2024-07-20 11:22:25 +02:00
|
|
|
fn(6, 5, 6)
|
2024-04-30 10:22:17 +02:00
|
|
|
|
|
|
|
up.getBackendURL()
|
2024-07-20 11:22:25 +02:00
|
|
|
fn(6, 6, 6)
|
2024-04-30 10:22:17 +02:00
|
|
|
|
|
|
|
up.getBackendURL()
|
|
|
|
fn(6, 6, 7)
|
|
|
|
|
|
|
|
up.getBackendURL()
|
|
|
|
up.getBackendURL()
|
|
|
|
fn(7, 7, 7)
|
|
|
|
}
|
|
|
|
|
2024-11-08 11:45:16 +01:00
|
|
|
func TestBrokenBackend(t *testing.T) {
|
|
|
|
up := mustParseURLs([]string{
|
|
|
|
"http://node1:343",
|
|
|
|
"http://node2:343",
|
|
|
|
"http://node3:343",
|
|
|
|
})
|
|
|
|
up.loadBalancingPolicy = "least_loaded"
|
|
|
|
pbus := up.bus.Load()
|
|
|
|
bus := *pbus
|
|
|
|
|
|
|
|
// explicitly mark one of the backends as broken
|
|
|
|
bus[1].setBroken()
|
|
|
|
|
|
|
|
// broken backend should never return while there are healthy backends
|
|
|
|
for i := 0; i < 1e3; i++ {
|
|
|
|
b := up.getBackendURL()
|
|
|
|
if b.isBroken() {
|
|
|
|
t.Fatalf("unexpected broken backend %q", b.url)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-12-13 23:46:36 +01:00
|
|
|
func getRegexs(paths []string) []*Regex {
|
|
|
|
var sps []*Regex
|
2021-03-05 17:21:11 +01:00
|
|
|
for _, path := range paths {
|
2024-04-17 14:03:15 +02:00
|
|
|
sps = append(sps, mustNewRegex(path))
|
2021-03-05 17:21:11 +01:00
|
|
|
}
|
|
|
|
return sps
|
|
|
|
}
|
|
|
|
|
2020-05-05 09:53:42 +02:00
|
|
|
func removeMetrics(m map[string]*UserInfo) {
|
|
|
|
for _, info := range m {
|
|
|
|
info.requests = nil
|
|
|
|
}
|
|
|
|
}
|
2021-03-05 17:21:11 +01:00
|
|
|
|
|
|
|
func areEqualConfigs(a, b map[string]*UserInfo) error {
|
|
|
|
aData, err := yaml.Marshal(a)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("cannot marshal a: %w", err)
|
|
|
|
}
|
|
|
|
bData, err := yaml.Marshal(b)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("cannot marshal b: %w", err)
|
|
|
|
}
|
|
|
|
if !bytes.Equal(aData, bData) {
|
|
|
|
return fmt.Errorf("unexpected configs;\ngot\n%s\nwant\n%s", aData, bData)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
2021-04-21 09:55:29 +02:00
|
|
|
|
2021-05-29 00:00:23 +02:00
|
|
|
func mustParseURL(u string) *URLPrefix {
|
|
|
|
return mustParseURLs([]string{u})
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustParseURLs(us []string) *URLPrefix {
|
2023-02-11 09:27:40 +01:00
|
|
|
bus := make([]*backendURL, len(us))
|
2024-03-08 21:10:11 +01:00
|
|
|
urls := make([]*url.URL, len(us))
|
2021-05-29 00:00:23 +02:00
|
|
|
for i, u := range us {
|
|
|
|
pu, err := url.Parse(u)
|
|
|
|
if err != nil {
|
|
|
|
panic(fmt.Errorf("BUG: cannot parse %q: %w", u, err))
|
|
|
|
}
|
2023-02-11 09:27:40 +01:00
|
|
|
bus[i] = &backendURL{
|
|
|
|
url: pu,
|
|
|
|
}
|
2024-03-08 21:10:11 +01:00
|
|
|
urls[i] = pu
|
2021-04-21 09:55:29 +02:00
|
|
|
}
|
2024-03-07 00:02:13 +01:00
|
|
|
up := &URLPrefix{}
|
|
|
|
if len(us) == 1 {
|
|
|
|
up.vOriginal = us[0]
|
|
|
|
} else {
|
|
|
|
up.vOriginal = us
|
2021-04-21 09:55:29 +02:00
|
|
|
}
|
2024-03-07 00:02:13 +01:00
|
|
|
up.bus.Store(&bus)
|
2024-03-08 21:10:11 +01:00
|
|
|
up.busOriginal = urls
|
2024-03-07 00:02:13 +01:00
|
|
|
return up
|
2021-04-21 09:55:29 +02:00
|
|
|
}
|
2023-12-14 00:04:46 +01:00
|
|
|
|
|
|
|
func intp(n int) *int {
|
|
|
|
return &n
|
|
|
|
}
|
2024-04-17 14:03:15 +02:00
|
|
|
|
|
|
|
func mustNewRegex(s string) *Regex {
|
|
|
|
var re Regex
|
|
|
|
if err := yaml.Unmarshal([]byte(s), &re); err != nil {
|
|
|
|
logger.Panicf("cannot unmarshal regex %q: %s", s, err)
|
|
|
|
}
|
|
|
|
return &re
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustNewQueryArg(s string) *QueryArg {
|
|
|
|
var qa QueryArg
|
|
|
|
if err := yaml.Unmarshal([]byte(s), &qa); err != nil {
|
|
|
|
logger.Panicf("cannot unmarshal query arg filter %q: %s", s, err)
|
|
|
|
}
|
|
|
|
return &qa
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustNewHeader(s string) *Header {
|
|
|
|
var h Header
|
|
|
|
if err := yaml.Unmarshal([]byte(s), &h); err != nil {
|
|
|
|
logger.Panicf("cannot unmarshal header filter %q: %s", s, err)
|
|
|
|
}
|
|
|
|
return &h
|
|
|
|
}
|