diff --git a/app/vmauth/README.md b/app/vmauth/README.md index 4ff8c1e1f9..70f66d8f01 100644 --- a/app/vmauth/README.md +++ b/app/vmauth/README.md @@ -163,14 +163,22 @@ users: - "http://vminsert2:8480/insert/42/prometheus" # A single user for querying and inserting data: + # # - Requests to http://vmauth:8427/api/v1/query, http://vmauth:8427/api/v1/query_range # and http://vmauth:8427/api/v1/label//values are proxied to the following urls in a round-robin manner: # - http://vmselect1:8481/select/42/prometheus # - http://vmselect2:8481/select/42/prometheus # For example, http://vmauth:8427/api/v1/query is proxied to http://vmselect1:8480/select/42/prometheus/api/v1/query # or to http://vmselect2:8480/select/42/prometheus/api/v1/query . + # # - Requests to http://vmauth:8427/api/v1/write are proxied to http://vminsert:8480/insert/42/prometheus/api/v1/write . # The "X-Scope-OrgID: abc" http header is added to these requests. + # + # Request which do not match `src_paths` from the `url_map` are proxied to the urls from `default_url` + # in a round-robin manner. The original request path is passed in `request_path` query arg. + # For example, request to http://vmauth:8427/non/existing/path are proxied: + # - to http://default1:8888/unsupported_url_handler?request_path=/non/existing/path + # - or http://default2:8888/unsupported_url_handler?request_path=/non/existing/path - username: "foobar" url_map: - src_paths: @@ -186,34 +194,9 @@ users: - "X-Scope-OrgID: abc" ip_filters: deny_list: [127.0.0.1] - - # A single user for querying and inserting data: - # - Requests to http://vmauth:8427/api/v1/query, http://vmauth:8427/api/v1/query_range - # and http://vmauth:8427/api/v1/label//values are proxied to the following urls in a round-robin manner: - # - http://vmselect1:8481/select/42/prometheus - # - http://vmselect2:8481/select/42/prometheus - # For example, http://vmauth:8427/api/v1/query is proxied to http://vmselect1:8480/select/42/prometheus/api/v1/query - # or to http://vmselect2:8480/select/42/prometheus/api/v1/query . - # - Requests to http://vmauth:8427/api/v1/write are proxied to http://vminsert:8480/insert/42/prometheus/api/v1/write . - # The requests which do not match `src_paths` from the `url_map` will be proxied to the urls rom `default_url` - # in a round-robin manner (with request path in `request_path` query param). - # For example, request to http://vmauth:8427/non/existing/path will be proxied: - # - to http://default1:8888/process?request_path=/non/existing/path - # - or http://default2:8888/process?request_path=/non/existing/path -- username: "foobar" - url_map: - - src_paths: - - "/api/v1/query" - - "/api/v1/query_range" - - "/api/v1/label/[^/]+/values" - url_prefix: - - "http://vmselect1:8481/select/42/prometheus" - - "http://vmselect2:8481/select/42/prometheus" - - src_paths: ["/api/v1/write"] - url_prefix: "http://vminsert:8480/insert/42/prometheus" default_url: - - "http://default1:8888/process" - - "http://default2:8888/process" + - "http://default1:8888/unsupported_url_handler" + - "http://default2:8888/unsupported_url_handler" # Requests without Authorization header are routed according to `unauthorized_user` section. unauthorized_user: diff --git a/app/vmauth/auth_config_test.go b/app/vmauth/auth_config_test.go index e2f997e29c..e794231aad 100644 --- a/app/vmauth/auth_config_test.go +++ b/app/vmauth/auth_config_test.go @@ -372,7 +372,7 @@ users: headers: - "foo: bar" - "xxx: y" - default_url: + default_url: - http://default1/select/0/prometheus - http://default2/select/0/prometheus `, map[string]*UserInfo{ diff --git a/app/vmauth/example_config.yml b/app/vmauth/example_config.yml index 763856c2b6..59979f4c7b 100644 --- a/app/vmauth/example_config.yml +++ b/app/vmauth/example_config.yml @@ -60,14 +60,22 @@ users: - "http://vminsert2:8480/insert/42/prometheus" # A single user for querying and inserting data: + # # - Requests to http://vmauth:8427/api/v1/query, http://vmauth:8427/api/v1/query_range # and http://vmauth:8427/api/v1/label//values are proxied to the following urls in a round-robin manner: # - http://vmselect1:8481/select/42/prometheus # - http://vmselect2:8481/select/42/prometheus # For example, http://vmauth:8427/api/v1/query is proxied to http://vmselect1:8480/select/42/prometheus/api/v1/query # or to http://vmselect2:8480/select/42/prometheus/api/v1/query . + # # - Requests to http://vmauth:8427/api/v1/write are proxied to http://vminsert:8480/insert/42/prometheus/api/v1/write . # The "X-Scope-OrgID: abc" http header is added to these requests. + # + # Request which do not match `src_paths` from the `url_map` are proxied to the urls from `default_url` + # in a round-robin manner. The original request path is passed in `request_path` query arg. + # For example, request to http://vmauth:8427/non/existing/path are proxied: + # - to http://default1:8888/unsupported_url_handler?request_path=/non/existing/path + # - or http://default2:8888/unsupported_url_handler?request_path=/non/existing/path - username: "foobar" url_map: - src_paths: @@ -83,34 +91,9 @@ users: - "X-Scope-OrgID: abc" ip_filters: deny_list: [127.0.0.1] - - # A single user for querying and inserting data: - # - Requests to http://vmauth:8427/api/v1/query, http://vmauth:8427/api/v1/query_range - # and http://vmauth:8427/api/v1/label//values are proxied to the following urls in a round-robin manner: - # - http://vmselect1:8481/select/42/prometheus - # - http://vmselect2:8481/select/42/prometheus - # For example, http://vmauth:8427/api/v1/query is proxied to http://vmselect1:8480/select/42/prometheus/api/v1/query - # or to http://vmselect2:8480/select/42/prometheus/api/v1/query . - # - Requests to http://vmauth:8427/api/v1/write are proxied to http://vminsert:8480/insert/42/prometheus/api/v1/write . - # The requests which do not match `src_paths` from the `url_map` will be proxied to the urls rom `default_url` - # in a round-robin manner (with request path in `request_path` query param). - # For example, request to http://vmauth:8427/non/existing/path will be proxied: - # - to http://default1:8888/process?request_path=/non/existing/path - # - or http://default2:8888/process?request_path=/non/existing/path -- username: "foobar" - url_map: - - src_paths: - - "/api/v1/query" - - "/api/v1/query_range" - - "/api/v1/label/[^/]+/values" - url_prefix: - - "http://vmselect1:8481/select/42/prometheus" - - "http://vmselect2:8481/select/42/prometheus" - - src_paths: ["/api/v1/write"] - url_prefix: "http://vminsert:8480/insert/42/prometheus" default_url: - - "http://default1:8888/process" - - "http://default2:8888/process" + - "http://default1:8888/unsupported_url_handler" + - "http://default2:8888/unsupported_url_handler" # Requests without Authorization header are routed according to `unauthorized_user` section. unauthorized_user: diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 31907f5af9..7fa67860ca 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -40,7 +40,7 @@ The following tip changes can be tested by building VictoriaMetrics components f * FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): add the metric relabel playground feature to the vmui. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3807). * FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): add ability to filter incoming requests by IP. See [these docs](https://docs.victoriametrics.com/vmauth.html#ip-filters) and [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3491). * FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): add ability to proxy requests for unauthorized users. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4083). -* FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): add ability to specify default route (`default_url`) for processing non-matched requests. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4084). +* FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): add ability to specify default route (`default_url`) for processing non-matched requests. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4084). * FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): add ability to filter incoming requests by IP. See [these docs](https://docs.victoriametrics.com/vmauth.html#ip-filters) and [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3491). * FEATURE: [vmalert](https://docs.victoriametrics.com/vmalert.html): support configuring of custom HTTP headers sent to notifiers on the Group level. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3260). * FEATURE: [vmalert](https://docs.victoriametrics.com/vmalert.html): detect alerting rules which don't match any series. See this [issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4039) for details. diff --git a/docs/vmauth.md b/docs/vmauth.md index fab0d7076a..77678236b7 100644 --- a/docs/vmauth.md +++ b/docs/vmauth.md @@ -167,14 +167,22 @@ users: - "http://vminsert2:8480/insert/42/prometheus" # A single user for querying and inserting data: + # # - Requests to http://vmauth:8427/api/v1/query, http://vmauth:8427/api/v1/query_range # and http://vmauth:8427/api/v1/label//values are proxied to the following urls in a round-robin manner: # - http://vmselect1:8481/select/42/prometheus # - http://vmselect2:8481/select/42/prometheus # For example, http://vmauth:8427/api/v1/query is proxied to http://vmselect1:8480/select/42/prometheus/api/v1/query # or to http://vmselect2:8480/select/42/prometheus/api/v1/query . + # # - Requests to http://vmauth:8427/api/v1/write are proxied to http://vminsert:8480/insert/42/prometheus/api/v1/write . # The "X-Scope-OrgID: abc" http header is added to these requests. + # + # Request which do not match `src_paths` from the `url_map` are proxied to the urls from `default_url` + # in a round-robin manner. The original request path is passed in `request_path` query arg. + # For example, request to http://vmauth:8427/non/existing/path are proxied: + # - to http://default1:8888/unsupported_url_handler?request_path=/non/existing/path + # - or http://default2:8888/unsupported_url_handler?request_path=/non/existing/path - username: "foobar" url_map: - src_paths: @@ -190,34 +198,9 @@ users: - "X-Scope-OrgID: abc" ip_filters: deny_list: [127.0.0.1] - - # A single user for querying and inserting data: - # - Requests to http://vmauth:8427/api/v1/query, http://vmauth:8427/api/v1/query_range - # and http://vmauth:8427/api/v1/label//values are proxied to the following urls in a round-robin manner: - # - http://vmselect1:8481/select/42/prometheus - # - http://vmselect2:8481/select/42/prometheus - # For example, http://vmauth:8427/api/v1/query is proxied to http://vmselect1:8480/select/42/prometheus/api/v1/query - # or to http://vmselect2:8480/select/42/prometheus/api/v1/query . - # - Requests to http://vmauth:8427/api/v1/write are proxied to http://vminsert:8480/insert/42/prometheus/api/v1/write . - # The requests which do not match `src_paths` from the `url_map` will be proxied to the urls rom `default_url` - # in a round-robin manner (with request path in `request_path` query param). - # For example, request to http://vmauth:8427/non/existing/path will be proxied: - # - to http://default1:8888/process?request_path=/non/existing/path - # - or http://default2:8888/process?request_path=/non/existing/path -- username: "foobar" - url_map: - - src_paths: - - "/api/v1/query" - - "/api/v1/query_range" - - "/api/v1/label/[^/]+/values" - url_prefix: - - "http://vmselect1:8481/select/42/prometheus" - - "http://vmselect2:8481/select/42/prometheus" - - src_paths: ["/api/v1/write"] - url_prefix: "http://vminsert:8480/insert/42/prometheus" default_url: - - "http://default1:8888/process" - - "http://default2:8888/process" + - "http://default1:8888/unsupported_url_handler" + - "http://default2:8888/unsupported_url_handler" # Requests without Authorization header are routed according to `unauthorized_user` section. unauthorized_user: