Skip to content

Commit

Permalink
Use Rules API to filter alerts/rules for application tenant (observat…
Browse files Browse the repository at this point in the history 
…orium#578)

Co-authored-by: Periklis Tsirakidis <[email protected]>
  • Loading branch information
@JoaoBraveCoding @periklis
JoaoBraveCoding and periklis committed Aug 8, 2024
1 parent 11d0d94 commit b92f976
Show file tree
Hide file tree
Showing 5 changed files with 187 additions and 791 deletions.
47 changes: 16 additions & 31 deletions api/logs/v1/http.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ type handlerConfiguration struct {
registry *prometheus.Registry
instrument handlerInstrumenter
spanRoutePrefix string
rulesLabelFilters map[string][]string
readMiddlewares []func(http.Handler) http.Handler
writeMiddlewares []func(http.Handler) http.Handler
rulesReadMiddlewares []func(http.Handler) http.Handler
Expand Down Expand Up @@ -96,13 +95,6 @@ func WithSpanRoutePrefix(spanRoutePrefix string) HandlerOption {
}
}

// WithRulesLabelFilters adds the slice of rule labels filters to the handler configuration.
func WithRulesLabelFilters(f map[string][]string) HandlerOption {
return func(h *handlerConfiguration) {
h.rulesLabelFilters = f
}
}

// WithReadMiddleware adds a middleware for all read operations.
func WithReadMiddleware(m func(http.Handler) http.Handler) HandlerOption {
return func(h *handlerConfiguration) {
Expand Down Expand Up @@ -239,7 +231,7 @@ func NewHandler(read, tail, write, rules *url.URL, rulesReadOnly bool, tlsOption
}

if rules != nil {
var proxyReadRules, proxyWriteRules http.Handler
var proxyRules http.Handler
{
middlewares := proxy.Middlewares(
proxy.MiddlewareSetUpstream(rules),
Expand All @@ -255,14 +247,7 @@ func NewHandler(read, tail, write, rules *url.URL, rulesReadOnly bool, tlsOption
TLSClientConfig: tlsOptions.NewClientConfig(),
}

proxyReadRules = &httputil.ReverseProxy{
Director: middlewares,
ErrorLog: proxy.Logger(c.logger),
Transport: otelhttp.NewTransport(t),
ModifyResponse: newModifyResponse(c.logger, c.rulesLabelFilters),
}

proxyWriteRules = &httputil.ReverseProxy{
proxyRules = &httputil.ReverseProxy{
Director: middlewares,
ErrorLog: proxy.Logger(c.logger),
Transport: otelhttp.NewTransport(t),
Expand All @@ -273,35 +258,35 @@ func NewHandler(read, tail, write, rules *url.URL, rulesReadOnly bool, tlsOption
r.Use(c.rulesReadMiddlewares...)
r.Get(rulesRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesRoute, proxyReadRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesRoute, proxyRules),
))
r.Get(rulesPerNamespaceRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesPerNamespaceRoute, proxyReadRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesPerNamespaceRoute, proxyRules),
))
r.Get(rulesPerGroupNameRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesPerGroupNameRoute, proxyReadRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesPerGroupNameRoute, proxyRules),
))
r.Get(prometheusRulesRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+prometheusRulesRoute, proxyReadRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+prometheusRulesRoute, proxyRules),
))
r.Get(prometheusAlertsRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "alerts"},
otelhttp.WithRouteTag(c.spanRoutePrefix+prometheusAlertsRoute, proxyReadRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+prometheusAlertsRoute, proxyRules),
))
r.Get(promRulesRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesRoute, proxyReadRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesRoute, proxyRules),
))
r.Get(promRulesPerNamespaceRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesPerNamespaceRoute, proxyReadRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesPerNamespaceRoute, proxyRules),
))
r.Get(promRulesPerGroupNameRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesPerGroupNameRoute, proxyReadRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesPerGroupNameRoute, proxyRules),
))
})

Expand All @@ -311,28 +296,28 @@ func NewHandler(read, tail, write, rules *url.URL, rulesReadOnly bool, tlsOption
r.Use(c.rulesWriteMiddlewares...)
r.Post(rulesPerNamespaceRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesPerNamespaceRoute, proxyWriteRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesPerNamespaceRoute, proxyRules),
))
r.Delete(rulesPerNamespaceRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesPerNamespaceRoute, proxyWriteRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesPerNamespaceRoute, proxyRules),
))
r.Delete(rulesPerGroupNameRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesPerGroupNameRoute, proxyWriteRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+rulesPerGroupNameRoute, proxyRules),
))

r.Post(promRulesPerNamespaceRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesPerNamespaceRoute, proxyWriteRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesPerNamespaceRoute, proxyRules),
))
r.Delete(promRulesPerNamespaceRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesPerNamespaceRoute, proxyWriteRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesPerNamespaceRoute, proxyRules),
))
r.Delete(promRulesPerGroupNameRoute, c.instrument.NewHandler(
prometheus.Labels{"group": "logsv1", "handler": "rules"},
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesPerGroupNameRoute, proxyWriteRules),
otelhttp.WithRouteTag(c.spanRoutePrefix+promRulesPerGroupNameRoute, proxyRules),
))
})
}
Expand Down
7 changes: 4 additions & 3 deletions api/logs/v1/labels_enforcer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,10 @@ type AuthzResponseData struct {
MatcherOp string `json:"matcherOp,omitempty"`
}

const logicalOr = "or"
const (
logicalOr = "or"
queryParam = "query"
)

// WithEnforceAuthorizationLabels return a middleware that ensures every query
// has a set of labels returned by the OPA authorizer enforced.
Expand Down Expand Up @@ -60,8 +63,6 @@ func WithEnforceAuthorizationLabels() func(http.Handler) http.Handler {
}
}

const queryParam = "query"

func enforceValues(mInfo AuthzResponseData, u *url.URL) (values string, err error) {
switch {
case strings.HasSuffix(u.Path, "/values"):
Expand Down
Loading

0 comments on commit b92f976

Please sign in to comment.