-
Notifications
You must be signed in to change notification settings - Fork 40
Authentication and multi tenancy
.WriteTo.GrafanaLoki(
"http://localhost:3100",
credentials: new LokiCredentials { Login = "user", Password = "pass" }){
"Name": "GrafanaLoki",
"Args": {
"uri": "http://localhost:3100",
"credentials": { "login": "user", "password": "pass" }
}
}The sink sends these as an HTTP Basic Authorization header.
Basic auth is applied only to a client the sink creates (the default, or when you pass
httpMessageHandler). If you inject your ownhttpClient, the sink does not touch its headers - setAuthorizationon that client yourself.
Set tenant to send Loki's X-Scope-OrgID header:
.WriteTo.GrafanaLoki("http://localhost:3100", tenant: "tenant-1"){
"Name": "GrafanaLoki",
"Args": {
"uri": "http://localhost:3100",
"tenant": "tenant-1"
}
}Like basic auth, the tenant header is only added to a client the sink owns; with an injected httpClient, add X-Scope-OrgID yourself.
The tenant ID is validated at configuration time against Loki's tenant ID rules - alphanumerics plus !-_.*'(), at most 150 bytes, and not . or .. - an invalid value throws ArgumentException at CreateLogger time (the same fail-fast treatment as uri), instead of producing batches Loki would reject.
There is no dedicated option. Attach the token through the injected client - either a default Authorization header on an HttpClient, or a DelegatingHandler that refreshes the token per request. See Custom HttpClient.