Aliaksandr Valialkin
b22bcb6f0a
app/vmauth: allow -auth.config without users
section of unauthorized_user
section is present here
...
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4083
2023-05-18 09:44:07 -07:00
Aliaksandr Valialkin
6aa8029f30
app/vmauth: simplify the code after 4a1d29126c
...
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4242
2023-05-17 00:38:04 -07:00
Nikolay
da115b5170
app/vmauth: retry common network dial errors ( #4280 )
...
with tracking request body read calls
it allows us to retry POST and PUT requests
2023-05-17 00:37:39 -07:00
Nikolay
953a5df43f
app/vmauth: do not return invalid credentials ( #4288 )
...
at http response by default
https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4188
based on https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4190
Thanks @raj-kumar-j for init implementation
2023-05-17 00:10:51 -07:00
Alexander Marshalov
d321ea91f2
fixed typos in documentation and commandline flags descriptions ( #4275 )
2023-05-10 02:22:06 -07:00
Aliaksandr Valialkin
22aeeeef3e
app/vmauth: merge default_url
example into multi-url example in order to reduce the amounts of text to read for the user
...
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4084
This is a follow-up for 041e188df8
2023-05-09 22:47:11 -07:00
Aliaksandr Valialkin
143c5bc936
app/vmauth/README.md: mention about ip filters and concurrency limiter at Security chapter
2023-05-09 22:40:46 -07:00
Aliaksandr Valialkin
fe58dd7e4c
app/vmauth: refer ip_filters option in example auth config
...
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3491
2023-05-09 22:40:15 -07:00
Aliaksandr Valialkin
2dcd754dc2
app/vmauth: remove duplicate mentioning of -auth.config value in error message in logs on usuccessful load of -auth.config
...
This is a follow-up for 25759082f4
2023-05-09 22:38:05 -07:00
Roman Khavronenko
c6511bc2d0
Revert "http server: limit max concurrent requests ( #4185 )" ( #4215 )
...
This reverts commit 77f76371
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-05-08 17:22:27 -07:00
Alexander Marshalov
402d906d40
added default_url
field in vmauth users config ( #4084 ) ( #4156 )
...
* added default url field in vmauth users config (#4084 )
---------
Signed-off-by: Alexander Marshalov <_@marshalov.org>
2023-05-08 15:13:46 -07:00
Alexander Marshalov
574a0559d5
added unauthorized_user
field in vmauth users config ( #4083 ) ( #4157 )
...
added `unauthorized_user` field in vmauth users config (#4083 )
---------
Signed-off-by: Alexander Marshalov <_@marshalov.org>
2023-05-08 13:36:54 -07:00
Roman Khavronenko
20b025dc88
http server: limit max concurrent requests ( #4185 )
...
* lib/httpserver: introduce `-http.maxConcurrentRequests` command-line flag
Introduce `-http.maxConcurrentRequests` command-line flag to protect
VM components from resource exhaustion during unexpected spikes of HTTP requests.
By default, the new flag's value is set to 0 which means no limits are applied.
Signed-off-by: hagen1778 <roman@victoriametrics.com>
* lib/httpserver: mention http.maxConcurrentRequests in docs
Signed-off-by: hagen1778 <roman@victoriametrics.com>
---------
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-05-08 13:13:58 -07:00
Aliaksandr Valialkin
45ec3ac158
docs: document IP filters functionality in vmauth
...
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3491
This is a follow-up for 2f08ed3be2
2023-05-08 12:14:05 -07:00
Alexander Marshalov
f5981c1447
vmauth ip filters (refactoring) ( #4059 )
...
Added ip filters (allow_list and deny_list) for enterprise-version of vmauth (#3491 )
---------
Signed-off-by: Alexander Marshalov <_@marshalov.org>
2023-05-08 10:57:33 -07:00
Aliaksandr Valialkin
c54b8acba2
docs/vmauth.md: follow-up for 36edba9bfb
...
- Document `-configCheckInterval` command-line flag in `quick start` section
- Clarify the addition of `-configCheckInterval` at docs/CHANGELOG.md
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3990
2023-03-24 17:56:59 -07:00
Alexander Marshalov
b5027cff9c
added configCheckInterval flag for vmauth ( #3990 ) ( #3991 )
...
* added configCheckInterval flag for vmauth (#3990 )
Signed-off-by: Alexander Marshalov <_@marshalov.org>
2023-03-24 13:25:07 -07:00
Aliaksandr Valialkin
54fe207cc0
all: follow-up for 7a3e16e774
...
- Sync the description for -httpListenAddr.useProxyProtocol command-line flag at vmagent and vmauth,
so it is consistent with the description at vmauth and victoria-metrics
- Add a sample of panic text to docs/CHANGELOG.md, so it could be googled
- Mention the -httpListenAddr.useProxyProtocol command-line flag in the description for the bugfix
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3335
2023-03-08 01:42:58 -08:00
Nikolay
88f10d24a0
lib/netutil: fixes panic at proxy protocol ( #3905 )
...
it may occur if non proxy protocol message received by tcp server.
Listener Accept method must return only non-recoverable errors.
https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3335
2023-03-08 01:33:01 -08:00
Aliaksandr Valialkin
bbd5914eb1
all: add makefile rules for GOARCH=s390x for all the VictoriaMetrics components
...
This is a follow-up for 007530f882
2023-02-26 12:38:48 -08:00
Aliaksandr Valialkin
0c60e4a30a
all: consistently use http.Method{Get,Post,Put} across the codebase
...
This is a follow-up after 9dec3c8f80
2023-02-22 19:01:09 -08:00
Oleksandr Redko
0e1c395609
app,lib: fix typos in comments ( #3804 )
2023-02-13 09:32:35 -08:00
Aliaksandr Valialkin
a02576349a
app/vmauth: allow specifying max_concurrent_requests
value on a per-user basis bigger than the -maxConcurrentPerUserRequests
value
2023-02-11 20:53:20 -08:00
Aliaksandr Valialkin
9ed5b872df
app/vmauth: improve load balancing by sending incoming requests to backends with the lowest number of concurrent requests
...
While at it, stop sending requests to unavailable backend for 3 seconds
before the next attempt. This should reduce the amounts of useless work
and the number of useless network packets when the backend is temporarily unavailable.
2023-02-11 00:32:56 -08:00
Aliaksandr Valialkin
6c6b9c3d93
app/vmauth: add -maxConcurrentPerUserRequests
command-line option for limiting the number of concurrent requests on a per-user basis
...
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3346
2023-02-10 21:58:30 -08:00
Aliaksandr Valialkin
769d7da25a
app/vmauth: automatically retry failing GET requests on the remaining backends
2023-02-09 21:06:09 -08:00
Dmytro Kozlov
c80fc8c77f
app/vmauth: add concurrent requests limit per auth record ( #3749 )
...
* app/vmauth: add concurent requests limit per auth record
* app/vmauth: added clarification comment
* app/vmauth: remove unused code
* app/vmauth: move read from limiter
* app/vmauth: fix text
* app/vmauth: fix comments
* - Clarify the docs for the max_concurrent_requests option at docs/vmauth.md
- Clarify the description of the change at docs/CHANGELOG.md
- Make sure that the -maxConcurrentRequests takes precedence over per-user max_concurrent_requests
- Update tests for verifying that the max_concurrent_requests option is parsed properly
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3346
---------
Co-authored-by: Aliaksandr Valialkin <valyala@victoriametrics.com>
2023-02-09 20:03:47 -08:00
Aliaksandr Valialkin
34379d4cf1
all: run apk update && apk upgrade
in base Alpine Docker image in order to get all the recent security fixes
2023-02-09 14:03:02 -08:00
Aliaksandr Valialkin
8838c07360
docs/vmauth.md: update docs after ff39a91147
...
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3346
2023-01-27 14:10:29 -08:00
Aliaksandr Valialkin
18bf18b8b9
app/vmauth: limit the number of concurrent requests served by vmauth
with the -maxConcurrentRequests
command-line flag
...
See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3346
This commit is based on the https://github.com/VictoriaMetrics/VictoriaMetrics/pull/3486
2023-01-27 14:07:53 -08:00
Aliaksandr Valialkin
27ec56ffb1
app/vmauth: do not use net/http/httputil.ReverseProxy
...
This allows better controlling requests to backends and providing better error logging.
For example, if the backend was unavailable, then the ReverseProxy was logging the error
message without client ip and the initial request uri. This could harden debugging.
This is based on https://github.com/VictoriaMetrics/VictoriaMetrics/pull/3486
2023-01-27 13:40:53 -08:00
Aliaksandr Valialkin
341026902e
app/vmauth: pass the target url to reverse proxy via context.Value instead of request header
...
This is less hacky way, since it doesn't clash with request headers
2023-01-27 12:16:55 -08:00
Aliaksandr Valialkin
7dc38fba72
app/vmauth: consistency renaming: UserInfo.URLMap -> UserInfo.URLMaps
...
This is based on https://github.com/VictoriaMetrics/VictoriaMetrics/pull/3486
2023-01-27 00:19:46 -08:00
Aliaksandr Valialkin
4cf4c307ea
docs: update command-line descriptions after 73256fe438
2023-01-27 00:01:14 -08:00
Nikolay
ebebaecd94
lib/netutil: init implimentation of proxy protocol ( #3687 )
...
* lib/netutil: init implimentation of proxy protocol
https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3335
* wip
Co-authored-by: Aliaksandr Valialkin <valyala@victoriametrics.com>
2023-01-26 23:25:22 -08:00
Aliaksandr Valialkin
aa027529eb
lib/httpserver: directly pass flag value to CheckAuthFlag()
...
There is no sense in passing a pointer to flag value there.
This is a follow-up for 4225a0bd75
2023-01-10 15:59:55 -08:00
Zakhar Bessarab
10f314cdbd
Use httpAuth.*
flags as a fallback for endpoints protected by *AuthKey
flags ( #3582 )
...
* {lib/server, app/}: use `httpAuth.*` flag as fallback for `*AuthKey` if it is not set
* lib/ingestserver/opentsdbhttp: fix opentdb HTTP handler not respecting `httpAuth.*` flags
* Apply suggestions from code review
Co-authored-by: Aliaksandr Valialkin <valyala@victoriametrics.com>
2023-01-10 15:57:55 -08:00
Aliaksandr Valialkin
ac890b3081
docs: update -help
outputs for vm* tools
2023-01-03 23:27:31 -08:00
Aliaksandr Valialkin
3a28a52667
lib/flagutil: support for TB and TiB suffixes for command-line flags, which accept byte sizes
2022-12-14 17:53:18 -08:00
Aliaksandr Valialkin
676de127aa
all: update Go builder from v1.19.3 to v1.19.4
...
See https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved
2022-12-08 17:04:41 -08:00
Aliaksandr Valialkin
6fe8eec745
all: add a link to https://docs.victoriametrics.com/enterprise.html into description for enterprise flags
2022-11-21 15:44:54 +02:00
Roman Khavronenko
8ee464b22b
bump go version to 1.19.3 ( #3327 )
...
Signed-off-by: hagen1778 <roman@victoriametrics.com>
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-11-09 11:56:38 +02:00
Aliaksandr Valialkin
450a32970a
lib/envtemplate: allow referring env vars from other env vars via %{ENV_VAR} syntax
...
This is a follow-up for 02096e06d0
2022-10-26 14:51:02 +03:00
Aliaksandr Valialkin
d0288ea417
all: log error when environment variables referred from -promscrape.config
are missing
...
This should prevent from using incorrect config files
2022-10-18 10:29:59 +03:00
Aliaksandr Valialkin
98a4ab796c
all: update the minimum required Go verson from 1.19.1 to 1.19.2
...
This is needed because of security vulnerabilities found in Go 1.19.1
See https://go.dev/doc/devel/release#go1.19.2
2022-10-07 22:46:44 +03:00
Aliaksandr Valialkin
e03a924236
app/vmauth: do not remove trailing slash from the proxied path
...
This should fix the issue with opening VMUI at /vmui/ page.
See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1752
2022-10-01 16:56:42 +03:00
Dmytro Kozlov
28dcff5791
lib/{httpserver,netutil}: allow to define min and max TLS version of the http server ( #3109 )
...
* lib/{httpserver,netutil}: allow to define min and max TLS version of the http server
* lib/httpserver: added descriptions about tls supported versions
* lib/netutil: check minimal tls version, added supported tls versions to error
* wip
Co-authored-by: Aliaksandr Valialkin <valyala@victoriametrics.com>
2022-09-26 17:38:43 +03:00
Aliaksandr Valialkin
d77eb5170c
docs/vmauth.md: update -help
output after explicit marking of enterprise flags
2022-09-15 13:19:02 +03:00
Roman Khavronenko
d071e39694
bump Go version to 1.19.1 ( #3108 )
...
The reason is to cover vulnerability GO-2022-0969
Found in: net/http@go1.18.5
Fixed in: net/http@go1.19.1
More info: https://pkg.go.dev/vuln/GO-2022-0969
Signed-off-by: hagen1778 <roman@victoriametrics.com>
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-09-14 13:43:27 +03:00
Aliaksandr Valialkin
e2d8916935
docs: mention that it is safe sharing the collected profiles from security PoV
...
The collected profiles do not contain sensitive information
2022-08-24 14:08:30 +03:00