-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add remoteUser (from http basic auth) and remoteAddr to Thanos slow query logs #6153
Conversation
f18afdc
to
3b1601f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, one question from my side.
@@ -177,11 +177,15 @@ func (f *Handler) reportSlowQuery(r *http.Request, responseHeaders http.Header, | |||
thanosTraceID = traceID | |||
} | |||
|
|||
remoteUser, _, _ := r.BasicAuth() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this the only way we can get the remote user? Are there maybe some Grafana headers we can use as fallback when basic auth is not used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Grafana can be but one client. It's highly possible that users may use custom clients to query some data from Thanos.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we indicate in the changelog that this only works for basic auth?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added mention of basic auth
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, this makes sense to me as well + @fpetkovski's feedback
…uery logs When tracking where a suspicious query came from, one often needs to know the remote address or remote user that made the request. Adding these should help with debugging. Signed-off-by: Paul Traylor <[email protected]>
3b1601f
to
655eea0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
…uery logs (thanos-io#6153) When tracking where a suspicious query came from, one often needs to know the remote address or remote user that made the request. Adding these should help with debugging. Signed-off-by: Paul Traylor <[email protected]>
…uery logs (thanos-io#6153) When tracking where a suspicious query came from, one often needs to know the remote address or remote user that made the request. Adding these should help with debugging. Signed-off-by: Paul Traylor <[email protected]>
Changes
When tracking where a suspicious query came from, one often needs to know the remote address or remote user that made the request. Adding these should help with debugging.
Verification
Built locally and ran locally then queried with http client.
Notes
So this is posted slightly early as a proof of concept to see if the basic idea makes sense to the Thanos team.
It seems like
reportQueryStats
is not actually called from anywhere, onlyreportSlowQuery
but I've updated both in the interest of keeping things in sync.