From 187e3ec9094995fc877c7bb69d1c351742f8ac5c Mon Sep 17 00:00:00 2001
From: Aliaksandr Valialkin <valyala@gmail.com>
Date: Tue, 20 Apr 2021 10:58:29 +0300
Subject: [PATCH] app/vmauth: follow-up for
 6a81a89b3dd11befd320dbffd8cbc56dbf5099f0

---
 app/vmauth/README.md          |  8 ++++++++
 app/vmauth/example_config.yml | 31 ++++++++++++++++++++++++-------
 app/vmctl/README.md           |  4 ----
 docs/CHANGELOG.md             |  1 +
 docs/vmauth.md                |  8 ++++++++
 5 files changed, 41 insertions(+), 11 deletions(-)

diff --git a/app/vmauth/README.md b/app/vmauth/README.md
index 9213efeda..bdeaf50f7 100644
--- a/app/vmauth/README.md
+++ b/app/vmauth/README.md
@@ -50,6 +50,14 @@ users:
   password: "***"
   url_prefix: "http://localhost:8428"
 
+  # The user for querying local single-node VictoriaMetrics with extra_label team=dev.
+  # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
+  # will be routed to http://localhost:8428 with extra_label=team=dev query arg.
+  # For example, http://vmauth:8427/api/v1/query is routed to http://localhost:8428/api/v1/query?extra_label=team=dev
+- username: "local-single-node"
+  password: "***"
+  url_prefix: "http://localhost:8428?extra_label=team=dev"
+
   # The user for querying account 123 in VictoriaMetrics cluster
   # See https://victoriametrics.github.io/Cluster-VictoriaMetrics.html#url-format
   # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
diff --git a/app/vmauth/example_config.yml b/app/vmauth/example_config.yml
index 5eae8e1b2..aa98d10b2 100644
--- a/app/vmauth/example_config.yml
+++ b/app/vmauth/example_config.yml
@@ -2,11 +2,15 @@
 # Usernames must be unique.
 
 users:
+  # Requests with the 'Authorization: Bearer XXXX' header are proxied to http://localhost:8428 .
+  # For example, http://vmauth:8427/api/v1/query is proxied to http://localhost:8428/api/v1/query
+- bearer_token: "XXXX"
+  url_prefix: "http://localhost:8428"
 
   # The user for querying local single-node VictoriaMetrics.
   # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
-  # will be routed to http://localhost:8428 .
-  # For example, http://vmauth:8427/api/v1/query is routed to http://localhost:8428/api/v1/query
+  # will be proxied to http://localhost:8428 .
+  # For example, http://vmauth:8427/api/v1/query is proxied to http://localhost:8428/api/v1/query
 - username: "local-single-node"
   password: "***"
   url_prefix: "http://localhost:8428"
@@ -22,17 +26,30 @@ users:
   # The user for querying account 123 in VictoriaMetrics cluster
   # See https://victoriametrics.github.io/Cluster-VictoriaMetrics.html#url-format
   # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
-  # will be routed to http://vmselect:8481/select/123/prometheus .
-  # For example, http://vmauth:8427/api/v1/query is routed to http://vmselect:8481/select/123/prometheus/api/v1/select
+  # will be proxied to http://vmselect:8481/select/123/prometheus .
+  # For example, http://vmauth:8427/api/v1/query is proxied to http://vmselect:8481/select/123/prometheus/api/v1/select
 - username: "cluster-select-account-123"
   password: "***"
   url_prefix: "http://vmselect:8481/select/123/prometheus"
 
   # The user for inserting Prometheus data into VictoriaMetrics cluster under account 42
   # See https://victoriametrics.github.io/Cluster-VictoriaMetrics.html#url-format
-  # All the reuqests to http://vmauth:8427 with the given Basic Auth (username:password)
-  # will be routed to http://vminsert:8480/insert/42/prometheus .
-  # For example, http://vmauth:8427/api/v1/write is routed to http://vminsert:8480/insert/42/prometheus/api/v1/write
+  # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
+  # will be proxied to http://vminsert:8480/insert/42/prometheus .
+  # For example, http://vmauth:8427/api/v1/write is proxied to http://vminsert:8480/insert/42/prometheus/api/v1/write
 - username: "cluster-insert-account-42"
   password: "***"
   url_prefix: "http://vminsert:8480/insert/42/prometheus"
+
+
+  # A single user for querying and inserting data:
+  # - Requests to http://vmauth:8427/api/v1/query, http://vmauth:8427/api/v1/query_range
+  #   and http://vmauth:8427/api/v1/label/<label_name>/values are proxied to http://vmselect:8481/select/42/prometheus.
+  #   For example, http://vmauth:8427/api/v1/query is proxied to http://vmselect:8480/select/42/prometheus/api/v1/query
+  # - Requests to http://vmauth:8427/api/v1/write are proxied to http://vminsert:8480/insert/42/prometheus/api/v1/write
+- username: "foobar"
+  url_map:
+  - src_paths: ["/api/v1/query", "/api/v1/query_range", "/api/v1/label/[^/]+/values"]
+    url_prefix: "http://vmselect:8481/select/42/prometheus"
+  - src_paths: ["/api/v1/write"]
+    url_prefix: "http://vminsert:8480/insert/42/prometheus"
diff --git a/app/vmctl/README.md b/app/vmctl/README.md
index 9b3550aec..8823d4787 100644
--- a/app/vmctl/README.md
+++ b/app/vmctl/README.md
@@ -1,7 +1,3 @@
----
-sort: 7
----
-
 # vmctl
 
 Victoria metrics command-line tool
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 8796c3e04..a4d87c74f 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -6,6 +6,7 @@ sort: 14
 
 ## tip
 
+* FEATURE: vmauth: add ability to set madatory query args in `url_prefix`. For example, `url_prefix: http://vm:8428/?extra_label=team=dev` would add `extra_label=team=dev` query arg to all the incoming requests. See [the example](https://victoriametrics.github.io/vmauth.html#auth-config) for more details.
 * FEATURE: add OpenTSDB migration option to vmctl. See more details [here](https://victoriametrics.github.io/vmctl#migrating-data-from-opentsdb).
 Thanks to @johnseekins!
 
diff --git a/docs/vmauth.md b/docs/vmauth.md
index ebd812695..29d9fe877 100644
--- a/docs/vmauth.md
+++ b/docs/vmauth.md
@@ -54,6 +54,14 @@ users:
   password: "***"
   url_prefix: "http://localhost:8428"
 
+  # The user for querying local single-node VictoriaMetrics with extra_label team=dev.
+  # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
+  # will be routed to http://localhost:8428 with extra_label=team=dev query arg.
+  # For example, http://vmauth:8427/api/v1/query is routed to http://localhost:8428/api/v1/query?extra_label=team=dev
+- username: "local-single-node"
+  password: "***"
+  url_prefix: "http://localhost:8428?extra_label=team=dev"
+
   # The user for querying account 123 in VictoriaMetrics cluster
   # See https://victoriametrics.github.io/Cluster-VictoriaMetrics.html#url-format
   # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)