From 808a2f3b617952167df7ce3f725986aa00fb0814 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sat, 23 Apr 2022 00:00:44 +0300 Subject: [PATCH] lib/promauth: add support for `proxy_url` option at `oauth2` section in the same way as Prometheus does --- docs/CHANGELOG.md | 2 +- lib/promauth/config.go | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 9f386ed14a..f9b5ca0981 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -19,7 +19,7 @@ The following tip changes can be tested by building VictoriaMetrics components f * FEATURE: [vmagent](https://docs.victoriametrics.com/vmagent.html): reduce `-promscrape.config` reload duration when the config contains big number of jobs (aka [scrape_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) sections) and only a few of them are changed. Previously all the jobs were restarted. Now only the jobs with changed configs are restarted. This should reduce the probability of data miss because of slow config reload. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/2270). * FEATURE: [vmagent](https://docs.victoriametrics.com/vmagent.html): improve service discovery speed for big number of scrape targets. This should help when `vmagent` discovers big number of targets (e.g. thousands) in Kubernetes cluster. The service discovery speed now should scale with the number of CPU cores available to `vmagent`. * FEATURE: [vmagent](https://docs.victoriametrics.com/vmagent.html): add ability to attach node-level labels and annotations to discovered Kubernetes pod targets in the same way as Prometheus 2.35 does. See [this feature request](https://github.com/prometheus/prometheus/issues/9510) and [this pull request](https://github.com/prometheus/prometheus/pull/10080). -* FEATURE: [vmagent](https://docs.victoriametrics.com/vmagent.html): add support for `tls_config` option at `oauth2` section in the same way as Prometheus does. +* FEATURE: [vmagent](https://docs.victoriametrics.com/vmagent.html): add support for `tls_config` and `proxy_url` options at `oauth2` section in the same way as Prometheus does. See [oauth2 docs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#oauth2). * FEATURE: [vmalert](https://docs.victoriametrics.com/vmalert.html): add support for DNS-based discovery for notifiers in the same way as Prometheus does. See [these docs](https://docs.victoriametrics.com/vmalert.html#notifier-configuration-file) and [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/2460). * FEATURE: allow specifying TLS cipher suites for incoming https requests via `-tlsCipherSuites` command-line flag. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/2404). * FEATURE: allow specifying TLS cipher suites for mTLS connections between cluster components via `-cluster.tlsCipherSuites` command-line flag. See [these docs](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection). diff --git a/lib/promauth/config.go b/lib/promauth/config.go index 8c78c65d35..92177cb88e 100644 --- a/lib/promauth/config.go +++ b/lib/promauth/config.go @@ -118,6 +118,7 @@ type OAuth2Config struct { TokenURL string `yaml:"token_url"` EndpointParams map[string]string `yaml:"endpoint_params,omitempty"` TLSConfig *TLSConfig `yaml:"tls_config,omitempty"` + ProxyURL string `yaml:"proxy_url,omitempty"` } // String returns string representation of o. @@ -175,9 +176,19 @@ func newOAuth2ConfigInternal(baseDir string, o *OAuth2Config) (*oauth2ConfigInte if err != nil { return nil, fmt.Errorf("cannot initialize TLS config for OAuth2: %w", err) } + tlsCfg := ac.NewTLSConfig() + var proxyURLFunc func(*http.Request) (*url.URL, error) + if o.ProxyURL != "" { + u, err := url.Parse(o.ProxyURL) + if err != nil { + return nil, fmt.Errorf("cannot parse proxy_url=%q: %w", o.ProxyURL, err) + } + proxyURLFunc = http.ProxyURL(u) + } c := &http.Client{ Transport: &http.Transport{ - TLSClientConfig: ac.NewTLSConfig(), + TLSClientConfig: tlsCfg, + Proxy: proxyURLFunc, }, } oi.ctx = context.WithValue(context.Background(), oauth2.HTTPClient, c)