Adds authorization for sidecar-promclient

[someshkoli]

• I added CHANGELOG entry for this change.
• Change is not relevant to the end user.

Changes

Added new flag prometheus.http-client to sidecar to pass http client config via file or string(similar to alertmanager). Using this flag an instance of thanoshttp.Client is created and is passed to promclient.NewClient method which uses this client as base client instead of whole new client which then makes authorized api calls.
The same client is passed to reloader config which then makes authorized api calls to prom api.

There are some code duplication which has been duplicated from prometheus which can be easily removed by exposing one of the functions in prometheus http_config
🙌
Close: #3975

Verification

Added a e2e test:
Checks if query is able to query when prom uses auth

[someshkoli]

@Namanl2001 please have a look at this 🤔 I guess there's no clean way to set these properties. (might need to rewrite auth for promclient or make some changes thanoshttp for custom transporter)

[wiardvanrij]

I think we need some 'generic' transporter that we can re-use everywhere. I had the same 'issue': https://github.com/thanos-io/thanos/pull/3970/files/e34e60e2848f2233809d67d5398151b670341ea1#diff-95c18d923c79bf32e4f8b3370d9a925aa910643559d351fab6bc307691c8f672R119

The thanoshttp has one func which is:

// NewTransport creates a new http.Transport with default settings.

I guess we could add an other function that has httpConfig as argument for re-usability in the entire project.

[someshkoli]

I think we need some 'generic' transporter that we can re-use everywhere. I had the same 'issue': https://github.com/thanos-io/thanos/pull/3970/files/e34e60e2848f2233809d67d5398151b670341ea1#diff-95c18d923c79bf32e4f8b3370d9a925aa910643559d351fab6bc307691c8f672R119

The thanoshttp has one func which is:

// NewTransport creates a new http.Transport with default settings.

I guess we could add an other function that has httpConfig as argument for re-usability in the entire project.

Agreed, this is being used at 2-3 i guess and making a generic one can improve reusablity. @wiardvanrij I hope the overall idea in implementation is correct ? I can move forward with fixing this transporter issue ?

[wiardvanrij]

I'm not the right person to make a definitive review. I miss the exact technical knowledge on it. However I was at the meeting and I think you made what was discussed. Also it looks logical and makes sense.

You could always wait for a review if you think you might invest a lot of time into a feature you are unsure about. However if you have a good feeling about it, go make awesome stuff and continue 👍

[someshkoli]

Alright thanks

[bwplotka]

I think this transport and connection flags

conf.connection.maxIdleConnsPerHost
conf.connection.maxIdleConns

Are colliding with out promethues.http-config flag. The idea would be to unify those? E.g Deprecating connection flags if that makes sense? Or reusing them?

The goal is to have one way of configuring HTTP configuration.

[bwplotka]

Let's remove

--receive.connection-pool-size=RECEIVE.CONNECTION-POOL-SIZE
Controls the http MaxIdleConns. Default is 0,
which is unlimited
--receive.connection-pool-size-per-host=100

And use our prometheus flags.

[bwplotka]

Suggested change

	func NewWithTracingClient(logger log.Logger, httpClient http.Client, userAgent string) *Client {
	func NewWithTracingClient(logger log.Logger, httpClient *http.Client, userAgent string) *Client {

[bwplotka]

I think this transport and connection flags

conf.connection.maxIdleConnsPerHost
conf.connection.maxIdleConns

Are colliding with out promethues.http-config flag. The idea would be to unify those? E.g Deprecating connection flags if that makes sense? Or reusing them?

The goal is to have one way of configuring HTTP configuration.

[bwplotka]

Let's remove

--receive.connection-pool-size=RECEIVE.CONNECTION-POOL-SIZE
Controls the http MaxIdleConns. Default is 0,
which is unlimited
--receive.connection-pool-size-per-host=100

And use our prometheus flags.

[someshkoli]

This implementation helps in providing a generic way to create http clients used across. There are still many instances where directly http library is used to create client which can be replaced with thanos http client instance and can be configured flexibly.
Also solves the issue mentined by @wiardvanrij is here.

One question, while updating docs, the ruler docs got updated too because the http.ClientConfig structure was modified. Is this healthy to do ?

[wiardvanrij]

I think we default to this because there was 'something with it' for Thanos side (citation needed). As this is more a generic package we should default to false and explicitly set this too true on functionalities via arguments that require this to be disabled.

Tl;dr IMO: set 'defaults' to something that would be defaults for all packages, and override different cases when needed. Not the other way around. :)

[someshkoli]

I think we default to this because there was 'something with it' for Thanos side (citation needed). As this is more a generic package we should default to false and explicitly set this too true on functionalities via arguments that require this to be disabled.

Tl;dr IMO: set 'defaults' to something that would be defaults for all packages, and override different cases when needed. Not the other way around. :)

Yes Yes, sounds fair. I wonder if we can use exthttp.NewTransport here and then override them with help of options 🤔 ?

[bwplotka]

We can, but we need to be aware who is using exthttp.NewTransport and how

[bwplotka]

Don't have time to review fully, but did part of it, looks good generally, some nits.

[bwplotka]

0 feels wrong, see default Go impl:

// DefaultTransport is the default implementation of Transport and is
// used by DefaultClient. It establishes network connections as needed
// and caches them for reuse by subsequent calls. It uses HTTP proxies
// as directed by the $HTTP_PROXY and $NO_PROXY (or $http_proxy and
// $no_proxy) environment variables.
var DefaultTransport RoundTripper = &Transport{
	Proxy: ProxyFromEnvironment,
	DialContext: (&net.Dialer{
		Timeout:   30 * time.Second,
		KeepAlive: 30 * time.Second,
		DualStack: true,
	}).DialContext,
	ForceAttemptHTTP2:     true,
	MaxIdleConns:          100,
	IdleConnTimeout:       90 * time.Second,
	TLSHandshakeTimeout:   10 * time.Second,
	ExpectContinueTimeout: 1 * time.Second,
}

[someshkoli]

0 feels wrong, see default Go impl:

// DefaultTransport is the default implementation of Transport and is
// used by DefaultClient. It establishes network connections as needed
// and caches them for reuse by subsequent calls. It uses HTTP proxies
// as directed by the $HTTP_PROXY and $NO_PROXY (or $http_proxy and
// $no_proxy) environment variables.
var DefaultTransport RoundTripper = &Transport{
	Proxy: ProxyFromEnvironment,
	DialContext: (&net.Dialer{
		Timeout:   30 * time.Second,
		KeepAlive: 30 * time.Second,
		DualStack: true,
	}).DialContext,
	ForceAttemptHTTP2:     true,
	MaxIdleConns:          100,
	IdleConnTimeout:       90 * time.Second,
	TLSHandshakeTimeout:   10 * time.Second,
	ExpectContinueTimeout: 1 * time.Second,
}

Yes right

[bwplotka]

Suggested change

	maxIdleConnsPerHost: 100, // see https://github.com/golang/go/issues/13801
	maxIdleConnsPerHost: 100, // See https://github.com/golang/go/issues/13801.

[bwplotka]

We can, but we need to be aware who is using exthttp.NewTransport and how

[bwplotka]

I don't get it, why we don't use default? Also 0 means no limit, so 0 has meaning too, we should tolerate such option

[someshkoli]

I don't get it, why we don't use default? Also 0 means no limit, so 0 has meaning too, we should tolerate such option

Actually, this value is picked from prometheus http which we were using before, so thought it would be better to keep it the same. Also yeah 0 does for this is acceptable, 'll fix it.

[bwplotka]

Weird haging comment (and not full sentence), can we remove it?

[bwplotka]

Why those numbers?

[someshkoli]

Again from prometheus implementation.

[bwplotka]

Yes, can we do that (you can contribute there, we are happy to review and merge it there)

[someshkoli]

Great, I'll raise a PR there

[someshkoli]

prometheus/common#301

[bwplotka]

LGTM generally, just small nits. Thanks.

[bwplotka]

Can we still use it? and append middleware we want on top?

[sonatype-lift]

G301: Expect directory permissions to be 0750 or less
(at-me in a reply with help or ignore)

[sonatype-lift]

G306: Expect WriteFile permissions to be 0600 or less
(at-me in a reply with help or ignore)

[bwplotka]

Any update on this?

[someshkoli]

Any update on this?

Its ready for a review, I guess I forgot to put a review request :)

[yeya24]

@someshkoli Can you rebase on main and fix the conflicts? Thank you!

[sonatype-lift]

G301: Expect directory permissions to be 0750 or less
(at-me in a reply with help or ignore)

[sonatype-lift]

G306: Expect WriteFile permissions to be 0600 or less
(at-me in a reply with help or ignore)

[yeya24]

Hi, @someshkoli, sorry for the late reply. Can you fix the conflict and get CI passing? Your work is really amazing and we really want to have this feature!

[someshkoli]

Hi, @someshkoli, sorry for the late reply. Can you fix the conflict and get CI passing? Your work is really amazing and we really want to have this feature!

will update it soon, have a lot to rebase :")

[someshkoli]

@yeya24 Moving this to #4612

[someshkoli]

@yeya24 can you please take a look at #4612 ?

[yeya24]

Close in favor of #4612