Fixed reader to support both authentication and tenant-id at the same…

… time.
grafana · Apr 22, 2022 · 775429c · 775429c
1 parent 6d7422a
commit 775429c
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -71,6 +71,7 @@
 * [5393](https://github.com/grafana/loki/pull/5393) **sandeepsukhani**: jsonnet: move boltdb-shipper configs set as compactor args to yaml config
 * [5450](https://github.com/grafana/loki/pull/5450) **BenoitKnecht**: pkg/ruler/base: Add external_labels option
 * [5484](https://github.com/grafana/loki/pull/5450) **sandeepsukhani**: Add support for per user index query readiness with limits overrides
+* [5719](https://github.com/grafana/loki/pull/5719) **kovaxur**: Loki can use both basic-auth and tenant-id
 
 # 2.4.1 (2021/11/07)
 

diff --git a/cmd/loki-canary/main.go b/cmd/loki-canary/main.go
@@ -37,9 +37,9 @@ func main() {
 	port := flag.Int("port", 3500, "Port which loki-canary should expose metrics")
 	addr := flag.String("addr", "", "The Loki server URL:Port, e.g. loki:3100")
 	tls := flag.Bool("tls", false, "Does the loki connection use TLS?")
-	user := flag.String("user", "", "Loki username. Must not be set with tenant-id flag.")
-	pass := flag.String("pass", "", "Loki password. Must not be set with tenant-id flag.")
-	tenantID := flag.String("tenant-id", "", "Tenant id to be set in X-Scope-OrgID header. Must not be set with user/pass flags.")
+	user := flag.String("user", "", "Loki username.")
+	pass := flag.String("pass", "", "Loki password.")
+	tenantID := flag.String("tenant-id", "", "Tenant ID to be set in X-Scope-OrgID header.")
 	queryTimeout := flag.Duration("query-timeout", 10*time.Second, "How long to wait for a query response from Loki")
 
 	interval := flag.Duration("interval", 1000*time.Millisecond, "Duration between log entries")

diff --git a/docs/sources/operations/loki-canary.md b/docs/sources/operations/loki-canary.md
@@ -355,6 +355,8 @@ All options:
   -streamvalue string
         The unique stream value for this instance of Loki Canary to use in the log selector
         (default "stdout")
+  -tenant-id string
+        Tenant ID to be set in X-Scope-OrgID header.
   -tls
         Does the Loki connection use TLS?
   -user string

diff --git a/pkg/canary/reader/reader.go b/pkg/canary/reader/reader.go
@@ -86,9 +86,10 @@ func NewReader(writer io.Writer,
 	interval time.Duration) *Reader {
 	h := http.Header{}
 	if user != "" {
-		h = http.Header{"Authorization": {"Basic " + base64.StdEncoding.EncodeToString([]byte(user+":"+pass))}}
-	} else if tenantID != "" {
-		h = http.Header{"X-Scope-OrgID": {tenantID}}
+		h.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(user+":"+pass)))
+	}
+	if tenantID != "" {
+		h.Set("X-Scope-OrgID", tenantID)
 	}
 
 	next := time.Now()
@@ -181,7 +182,8 @@ func (r *Reader) QueryCountOverTime(queryRange string) (float64, error) {
 
 	if r.user != "" {
 		req.SetBasicAuth(r.user, r.pass)
-	} else if r.tenantID != "" {
+	}
+	if r.tenantID != "" {
 		req.Header.Set("X-Scope-OrgID", r.tenantID)
 	}
 	req.Header.Set("User-Agent", userAgent)
@@ -271,7 +273,8 @@ func (r *Reader) Query(start time.Time, end time.Time) ([]time.Time, error) {
 
 	if r.user != "" {
 		req.SetBasicAuth(r.user, r.pass)
-	} else if r.tenantID != "" {
+	}
+	if r.tenantID != "" {
 		req.Header.Set("X-Scope-OrgID", r.tenantID)
 	}
 	req.Header.Set("User-Agent", userAgent)