Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruler: Fix remote write basic auth credentials #5144

Merged
merged 3 commits into from
Jan 14, 2022
Merged

Ruler: Fix remote write basic auth credentials #5144

merged 3 commits into from
Jan 14, 2022

Conversation

dannykopping
Copy link
Contributor

Signed-off-by: Danny Kopping danny.kopping@grafana.com

What this PR does / why we need it:
A community member reported that a configured basic auth password was being sent via HTTP as <secret>. The reason for this is that value is stored in a Secret type, which - when marshaled, obfuscated the original password to <secret>.

Big thanks to @kingjan1999 for the report and the fix.

Which issue(s) this PR fixes:
Fixes #5140

Special notes for your reviewer:

Checklist

  • Documentation added
  • Tests updated
  • Add an entry in the CHANGELOG.md about the changes.

Danny Kopping added 2 commits January 14, 2022 11:42
Retrieving original password to avoid marshaling issues
c62939c 
Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
Fixing test
30bb801 
Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
Adding CHANGELOG entry
ed8ef47 
Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
@dannykopping dannykopping marked this pull request as ready for review January 14, 2022 10:00
@dannykopping dannykopping requested a review from a team as a code owner January 14, 2022 10:00
dannykopping
dannykopping commented Jan 14, 2022
View reviewed changes
pkg/ruler/registry_test.go
@@ -191,7 +191,7 @@ func TestTenantRemoteWriteHTTPConfigMaintained(t *testing.T) {

// HTTP client config is not currently overrideable, all tenants' configs should inherit base
assert.Equal(t, tenantCfg.RemoteWrite[0].HTTPClientConfig.BasicAuth.Username, "foo")
assert.Equal(t, tenantCfg.RemoteWrite[0].HTTPClientConfig.BasicAuth.Password, promConfig.Secret("<secret>"))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was obviously having a dumb day when I wrote this 🙃

kavirajk
kavirajk approved these changes Jan 14, 2022
View reviewed changes
Copy link
Contributor

@kavirajk kavirajk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

owen-d
owen-d approved these changes Jan 14, 2022
View reviewed changes
Copy link
Member

@owen-d owen-d left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ugh, I remember the Secret type pain.

@owen-d owen-d merged commit 0368a09 into grafana:main Jan 14, 2022
@dannykopping dannykopping deleted the dannykopping/correct-basic-auth branch January 14, 2022 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@owen-d owen-d owen-d approved these changes

@kavirajk kavirajk kavirajk approved these changes

Assignees
No one assigned
Labels
size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ruler Remote Write: Configured password for basic auth gets ignored
3 participants
@dannykopping @kavirajk @owen-d