You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Slow Query Logs of the Query Frontend component play an important part in identifying rogue queries. It is useful to know which user executed a query.
The field remote_user is currently set by extracting the username from the Authorization header.
Our setup does not use Basic Authentication. Instead, a proxy in front of Query Frontend handles the authentication. That proxy can pass the username along as a HTTP header.
We would like to set the value of the HTTP header as the value of remote_user.
Describe the solution you'd like
Query Frontend exposes a new flag, --query-frontend.slow-query-log-user-header (proposal, any other name will do).
When --query-frontend.slow-query-log-user-header is set to, for example, X-Forwarded-User, Query Frontend sets the value of that header as the value of the field remote_user in the Slow Query Logs.
Describe alternatives you've considered
Somehow make the proxy "fake" the Basic Authentication header. That proved too difficult.
Correct, the Slow Query Log already can handle headers like X-Dashboard-Uid.
With this feature implemented, operators can utilize the send_user_header configuration option.
Is your proposal related to a problem?
Slow Query Logs of the Query Frontend component play an important part in identifying rogue queries. It is useful to know which user executed a query.
The field
remote_user
is currently set by extracting the username from the Authorization header.Our setup does not use Basic Authentication. Instead, a proxy in front of Query Frontend handles the authentication. That proxy can pass the username along as a HTTP header.
We would like to set the value of the HTTP header as the value of
remote_user
.Describe the solution you'd like
--query-frontend.slow-query-log-user-header
(proposal, any other name will do).--query-frontend.slow-query-log-user-header
is set to, for example,X-Forwarded-User
, Query Frontend sets the value of that header as the value of the fieldremote_user
in the Slow Query Logs.Describe alternatives you've considered
Somehow make the proxy "fake" the Basic Authentication header. That proved too difficult.
Additional context
The feature was introduced in #6153.
The text was updated successfully, but these errors were encountered: