lib/auth: add NewTokenPossibleMultitenant() for parsing auth token, which can be multitenant

Disallow parsing multitenant token at auth.NewToken().

Use auth.NewTokenPossibleMultitenant() at vminsert only. All the other callers should call auth.NewToken(),
since they do not support multitenant token.

This is a follow-up for f0c06b428e

Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4910
This commit is contained in:
Aliaksandr Valialkin 2023-08-30 14:08:47 +02:00
parent e97484640a
commit 9603d06057
No known key found for this signature in database
GPG key ID: A72BEC6CD3D0DED1
2 changed files with 1 additions and 7 deletions

View file

@ -204,7 +204,7 @@ func requestHandler(w http.ResponseWriter, r *http.Request) bool {
// This is not our link.
return false
}
at, err := auth.NewToken(p.AuthToken)
at, err := auth.NewTokenPossibleMultitenant(p.AuthToken)
if err != nil {
httpserver.Errorf(w, r, "auth error: %s", err)
return true

View file

@ -283,12 +283,6 @@ func requestHandler(w http.ResponseWriter, r *http.Request) bool {
httpserver.Errorf(w, r, "auth error: %s", err)
return true
}
if at == nil {
// the only option for at to be nil is when p.AuthToken == "multitenant"
// vmselect does not have multitenant endpoint, so request must be rejected
httpserver.Errorf(w, r, "auth error: tenantID must be specified explicitly in the request path")
return true
}
switch p.Prefix {
case "select":
return selectHandler(qt, startTime, w, r, p, at)