-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Prometheus and OpenMetrics metrics collection always uses Basic auth #18570
Comments
Hi @svennis94 ! Thanks for opening this issue. I'm going to transfer it to integrations-core, the repository where the integrations live. I'll also ping the team about this issue. |
@iliakur I have looked into this issue a bit more and have followed the code path from the
This indicates that somewhere else the basic auth header is being generated and added. As this is not part of the DataDog integrations repository. When looking further I found that the Requests library for Python is being used for oAuth authentication. Taking a look at the After reading this and adding the I think all that needs from DataDog's side is to document, that if you do not want to use the basic auth you also need to set the Working configuration: init_config:
instances:
- openmetrics_endpoint: 'http://127.0.0.1/stats'
namespace: 'test-application'
metrics:
- .+
auth_token:
reader:
type: oauth
url: 'http://127.0.0.1/oauth/token'
client_id: test
client_secret: test
options:
include_client_id: true # This will prevent the Basic authentication header and add the client_id and client_secret to the request body instead.
writer:
type: header
name: Authorization
value: 'Bearer <TOKEN>' |
We try to setup our software that has a prometheus endpoint to populate to datadog directly. For prometheus we have build in support for the oAuth token endpoint which works great. When looking at the pometheus / openmetrics configuration example I noticed DataDog having support for this as well. So I tried to set it up, in the example configuration it says the following for the
auth_token
parameter:It says
basic_auth
is by default false. But it sends the oauth request with the basic authentication headerAuthorization: Basic <base64_enc_client_id_and_client_secret>
. This can be seen on every request coming from the datadog agent. Even when addingbasic_auth: false
to the configuration yaml it still uses basic authentication. I would've expected theclient_id
andclient_secret
in the body of the request.Basic example config:
Agent Environment
Agent is running in docker with version:
Describe what happened:
oAuth token endpoint is always requested with Basic authentication instead of client_id and client_secret in the x-form-urlencoded format.
Describe what you expected:
Expected to get the client_id and client_secret in the x-form-urlencoded data and the configuration
basic_auth
to influence whether or not to send thebasic_auth
.Steps to reproduce the issue:
Use the above config towards a prometheus endpoint with an oAuth token endpoint.
Additional environment details (Operating System, Cloud provider, etc):
The only additional environment variable set to the datadog agent config is:
Used to allow for local authentication to an internal IP.
The text was updated successfully, but these errors were encountered: