allow client to set X-Scope-OrgID
#36
Comments
|
Maybe instead of |
|
You could just add "pass-through" as authentication in auth-gateway/gateway/middleware.go Line 33 in 79ee829 And let all headers pass without removing authentication headers. I can see that as useful for other people Personally I don't see why would you use cortex-tenant to just add a label. You can do that per tenant in cortex with https://cortexmetrics.io/docs/configuration/configuration-file/#limits_config |
For: cortexproject#36 Signed-off-by: till <till@php.net>
|
@friedrichg I think way simpler, than another handler. I made a PR, but let me know. As for your other question, maybe we started using this before cortex supported it. Or we were thrown off by the comment (to better do it elsewhere). I have to admit that after all these years re-labeling in prometheus is still a bit of a blackbox to me — too easy to get it wrong. |
* Fix(auth): use crypto/subtle to compare strings Related: #37 Signed-off-by: till <till@php.net> * Update(gateway): support passthrough For: #36 Signed-off-by: till <till@php.net> * Update gateway/middleware.go --------- Signed-off-by: till <till@php.net> Co-authored-by: Friedrich Gonzalez <1517449+friedrichg@users.noreply.github.com>
This is really close to what I'd like.
We run cortex-tenant on k8s to split metrics by a label (the label is
X-Scope-OrgID). Then cortex-tenant makes a request to our own in-house thing which uses basic authentication to authenticate the request, keeping theX-Scope-OrgIDlabel that cortex-tenant added.From reading the code, it seems like, auth-gateway sets it based on user/pass combo:
https://github.com/cortexproject/auth-gateway/blob/main/gateway/middleware.go#L56-L63
I would add a value like
__ALL__to allow the client to set it instead. Would you be open to adding this when I write the code?The text was updated successfully, but these errors were encountered: