feat: Provide label value by http header #118
Conversation
jkroepke
force-pushed
the
restrict-by-header
branch
from
92260f3 to
df5bf16
Compare
|
Can we get this merged? Would be very useful. |
|
@squat could you take a look here? |
|
Tagging all owners since there have been related PRs (#54 #64 #117 ) with the same feature pending for quite a while. @brancz @krasi-georgiev @metalmatze @paulfantom @pgier @s-urbaniak @simonpasquier @squat @lilic |
|
@fpetkovski maybe? |
|
Would also be interested into this. Also into a new release because the actual 0.5.0 doesnt support the -values parameter (only the version in main does this). |
There was a problem hiding this comment.
I'd expect that users pass the name of the header from the command-line (e.g. --header). And one of --query-param and --header needs to be not empty.
For backward-compatibility and principle of least surprise, the default value of --header should be "" IMHO. Thus when you upgrade to the latest version, it doesn't become automatically possible to pass the label value via HTTP header (existing setups might not filter HTTP headers so end-users could bypass prom-label-proxy's enforcement).
jkroepke
force-pushed
the
restrict-by-header
branch
2 times, most recently
from
9061642 to
ad66af2
Compare
jkroepke
force-pushed
the
restrict-by-header
branch
2 times, most recently
from
680a19e to
6d03f0d
Compare
jkroepke
requested review from
simonpasquier and
fpetkovski
and removed request for
simonpasquier and
fpetkovski
jkroepke
force-pushed
the
restrict-by-header
branch
3 times, most recently
from
824a8eb to
4e75a9a
Compare
|
How we can proceed here? |
There was a problem hiding this comment.
@jkroepke sorry for the lag! I have some comments on the CLI help. I've submitted jkroepke#1 to your fork with some refactoring suggestions :)
|
Hey @simonpasquier, I saw you suggestions, but I recommend to create an additional PR which superseeds this PR or modify to existing one. "Allow edits by maintainers" is enabled. if you have maintainer permissions on https://github.com/prometheus-community/prom-label-proxy, feel free to commit here. I wont do any refactorings, since I don't have the full golang knowledge. |
jkroepke
force-pushed
the
restrict-by-header
branch
from
cc81534 to
983dd25
Compare
|
@jkroepke can you reopen my PR on your fork and merge it then? I could have pushed my changes on top of your branch but I didn't want to do it without you being aware :) |
jkroepke
force-pushed
the
restrict-by-header
branch
from
2052c0a to
51061c1
Compare
|
Hey @simonpasquier please take a look that the merge conflict now which appears now after merging the PR |
jkroepke
force-pushed
the
restrict-by-header
branch
from
f0d1a2c to
51061c1
Compare
|
@jkroepke sure, let me resolve this! |
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> Signed-off-by: Simon Pasquier <spasquie@redhat.com>
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> Signed-off-by: Simon Pasquier <spasquie@redhat.com>
The interface abstracts how the label value is extracted from the incoming request. Currently 3 implementations are provided: 1. Get the value from the HTTP form/query parameters. 2. Get the value from the HTTP headers. 3. Get a static value. Signed-off-by: Simon Pasquier <spasquie@redhat.com>
Co-authored-by: Simon Pasquier <spasquie@redhat.com> Signed-off-by: Jan-Otto Kröpke <github@jkroepke.de>
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
simonpasquier
force-pushed
the
restrict-by-header
branch
from
51061c1 to
bdb615b
Compare
|
@fpetkovski I'd like your input on this PR. In particular there's a slight difference compared to what you implemented in #116. With this change, users have to select the method to retrieve the label value from incoming requests:
It isn't possible to pass |
After discussing offline with @fpetkovski the statement above isn't correct: in the current version, the proxy will return an HTTP error code when configured with |
|
thanks a lot @jkroepke for your work and patience! |
Fixes #117
Closes #64