From 9f7ee4c0bb381fa34e086f6f22f2e427ae746c4b Mon Sep 17 00:00:00 2001 From: Zakhar Bessarab Date: Fri, 6 Sep 2024 18:05:40 +0400 Subject: [PATCH] Vmgateway no prefix string (#784) * app/vmgateway: allow skipping Bearer prefix, parsing access as string - allow disabling of "Bearer" prefix check - This is needed in order to support OIDC systems where identity token is provided separately from access token and it does not contain "Bearer" prefix(such as Azure Entra ID, ex AD).a - support parsing "vm_access" claim as a string - This is helpful for systems where claims can only be mapped to string. Signed-off-by: Zakhar Bessarab * docs/changelog: mention vmgateway updates Signed-off-by: Zakhar Bessarab --------- Signed-off-by: Zakhar Bessarab --- docs/changelog/CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog/CHANGELOG.md b/docs/changelog/CHANGELOG.md index decb531afc..ce7908a77b 100644 --- a/docs/changelog/CHANGELOG.md +++ b/docs/changelog/CHANGELOG.md @@ -22,6 +22,8 @@ See also [LTS releases](https://docs.victoriametrics.com/lts-releases/). * FEATURE [stream aggregation](https://docs.victoriametrics.com/stream-aggregation/): perform deduplication for all received data when specifying `-streamAggr.dedupInterval` or `-remoteWrite.streamAggr.dedupInterval` command-line flags are set. Previously, if the `-remoteWrite.streamAggr.config` or `-streamAggr.config` is set, only series that matched aggregation config were deduplicated. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/6711#issuecomment-2288361213) for details. * FEATURE: all VictoriaMetrics [enterprise](https://docs.victoriametrics.com/enterprise/) components: add support of hot-reload for license key supplied by `-licenseFile` command-line flag. +* FEATURE: [vmgateway](https://docs.victoriametrics.com/vmgateway/): allow disabling `Bearer` prefix enforcement for authentication header. This is useful for cases when identity token is used instead of access token. +* FEATURE: [vmgateway](https://docs.victoriametrics.com/vmgateway/): support parting `vm_access` claims in string format. This is useful for cases when identity provider does not support mapping claims to JSON format. * * BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent/) fix service discovery of Azure Virtual Machines for response contains `nextLink` in `Host:Port` format. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/6912).