refactor: Use custom header to find target cluster

* Instead of using path parameter, which can confuse users, use a custom header that will be read by LB and then redirect the query to correct backend. This should work for most of the datasources as we can always add custom headers in Grafana. This will also avoid having to manipulate path manually after stripping path parameter. * Update tests and docs accordingly. * Add note in docs that it is possible to find target cluster using query labels and show how to do it. Signed-off-by: Mahendra Paipuri <[email protected]>
mahendrapaipuri · Oct 25, 2024 · 220a18e · 220a18e
1 parent eb89dc2
commit 220a18e
Show file tree

Hide file tree

Showing 11 changed files with 227 additions and 130 deletions.
diff --git a/pkg/lb/cli/cli_test.go b/pkg/lb/cli/cli_test.go
@@ -22,13 +22,14 @@ var mockCEEMSLBApp = *kingpin.New(
 	"Mock Load Balancer App.",
 )
 
-func queryLB(address string) error {
+func queryLB(address, clusterID string) error {
 	req, err := http.NewRequest(http.MethodGet, "http://"+address, nil) //nolint:noctx
 	if err != nil {
 		return err
 	}
 
 	req.Header.Add("X-Grafana-User", "usr1")
+	req.Header.Add("X-Ceems-Cluster-Id", clusterID)
 
 	client := &http.Client{Timeout: 10 * time.Second}
 
@@ -96,7 +97,7 @@ ceems_lb:
 
 	// Query LB
 	for i := range 10 {
-		if err := queryLB("localhost:9030/default"); err == nil {
+		if err := queryLB("localhost:9030", "default"); err == nil {
 			break
 		}
 

diff --git a/pkg/lb/frontend/frontend.go b/pkg/lb/frontend/frontend.go
@@ -42,7 +42,7 @@ type QueryParamsContextKey struct{}
 
 // QueryParams is the context value.
 type QueryParams struct {
-	id          string
+	clusterID   string
 	uuids       []string
 	queryPeriod time.Duration
 }
@@ -315,7 +315,7 @@ func (lb *loadBalancer) Serve(w http.ResponseWriter, r *http.Request) {
 
 	if v, ok := queryParams.(*QueryParams); ok {
 		queryPeriod = v.queryPeriod
-		id = v.id
+		id = v.clusterID
 	} else {
 		http.Error(w, "Invalid query parameters", http.StatusBadRequest)
 

diff --git a/pkg/lb/frontend/frontend_test.go b/pkg/lb/frontend/frontend_test.go
@@ -140,7 +140,7 @@ func TestNewFrontendSingleGroup(t *testing.T) {
 			newReq = request.WithContext(
 				context.WithValue(
 					request.Context(), QueryParamsContextKey{},
-					&QueryParams{queryPeriod: period, id: clusterID},
+					&QueryParams{queryPeriod: period, clusterID: clusterID},
 				),
 			)
 		} else {
@@ -164,7 +164,7 @@ func TestNewFrontendSingleGroup(t *testing.T) {
 	newReq := request.WithContext(
 		context.WithValue(
 			request.Context(), QueryParamsContextKey{},
-			&QueryParams{id: "default"},
+			&QueryParams{clusterID: "default"},
 		),
 	)
 	responseRecorder := httptest.NewRecorder()
@@ -260,7 +260,7 @@ func TestNewFrontendTwoGroups(t *testing.T) {
 			newReq = request.WithContext(
 				context.WithValue(
 					request.Context(), QueryParamsContextKey{},
-					&QueryParams{queryPeriod: period, id: test.clusterID},
+					&QueryParams{queryPeriod: period, clusterID: test.clusterID},
 				),
 			)
 		} else {
@@ -284,7 +284,7 @@ func TestNewFrontendTwoGroups(t *testing.T) {
 	newReq := request.WithContext(
 		context.WithValue(
 			request.Context(), QueryParamsContextKey{},
-			&QueryParams{id: "rm-0"},
+			&QueryParams{clusterID: "rm-0"},
 		),
 	)
 	responseRecorder := httptest.NewRecorder()

diff --git a/pkg/lb/frontend/helpers.go b/pkg/lb/frontend/helpers.go
@@ -70,59 +70,62 @@ func setQueryParams(r *http.Request, queryParams *QueryParams) *http.Request {
 }
 
 // Parse query in the request after cloning it and add query params to context.
-func parseQueryParams(r *http.Request, rmIDs []string, logger log.Logger) *http.Request {
+func parseQueryParams(r *http.Request, logger log.Logger) *http.Request {
 	var body []byte
 
-	var id string
+	var clusterID string
 
 	var uuids []string
 
 	var queryPeriod time.Duration
 
 	var err error
 
-	// Get id from path parameter.
-	// Requested paths will be of form /{id}/<rest of path>. Here will strip `id`
-	// part and proxy the rest to backend
-	var pathParts []string
-
-	for _, p := range strings.Split(r.URL.Path, "/") {
-		if strings.TrimSpace(p) == "" {
-			continue
-		}
-
-		pathParts = append(pathParts, p)
-	}
-
-	// First path part must be resource manager ID and check if it is in the valid IDs
-	if len(pathParts) > 0 {
-		if slices.Contains(rmIDs, pathParts[0]) {
-			id = pathParts[0]
-
-			// If there is more than 1 pathParts, make URL or set / as URL
-			if len(pathParts) > 1 {
-				r.URL.Path = "/" + strings.Join(pathParts[1:], "/")
-				r.RequestURI = r.URL.Path
-			} else {
-				r.URL.Path = "/"
-				r.RequestURI = "/"
-			}
-		}
-	}
+	// Get cluster id from X-Ceems-Cluster-Id header
+	clusterID = r.Header.Get(ceemsClusterIDHeader)
+
+	// // Get id from path parameter.
+	// // Requested paths will be of form /{id}/<rest of path>. Here will strip `id`
+	// // part and proxy the rest to backend
+	// var pathParts []string
+
+	// for _, p := range strings.Split(r.URL.Path, "/") {
+	// 	if strings.TrimSpace(p) == "" {
+	// 		continue
+	// 	}
+
+	// 	pathParts = append(pathParts, p)
+	// }
+
+	// // First path part must be resource manager ID and check if it is in the valid IDs
+	// if len(pathParts) > 0 {
+	// 	if slices.Contains(rmIDs, pathParts[0]) {
+	// 		id = pathParts[0]
+
+	// 		// If there is more than 1 pathParts, make URL or set / as URL
+	// 		if len(pathParts) > 1 {
+	// 			r.URL.Path = "/" + strings.Join(pathParts[1:], "/")
+	// 			r.RequestURI = r.URL.Path
+	// 		} else {
+	// 			r.URL.Path = "/"
+	// 			r.RequestURI = "/"
+	// 		}
+	// 	}
+	// }
 
 	// Make a new request and add newReader to that request body
 	clonedReq := r.Clone(r.Context())
 
 	// If request has no body go to proxy directly
 	if r.Body == nil {
-		return setQueryParams(r, &QueryParams{id, uuids, queryPeriod})
+		return setQueryParams(r, &QueryParams{clusterID, uuids, queryPeriod})
 	}
 
 	// If failed to read body, skip verification and go to request proxy
 	if body, err = io.ReadAll(r.Body); err != nil {
 		level.Error(logger).Log("msg", "Failed to read request body", "err", err)
 
-		return setQueryParams(r, &QueryParams{id, uuids, queryPeriod})
+		return setQueryParams(r, &QueryParams{clusterID, uuids, queryPeriod})
 	}
 
 	// clone body to existing request and new request
@@ -133,7 +136,7 @@ func parseQueryParams(r *http.Request, rmIDs []string, logger log.Logger) *http.
 	if err = clonedReq.ParseForm(); err != nil {
 		level.Error(logger).Log("msg", "Could not parse request body", "err", err)
 
-		return setQueryParams(r, &QueryParams{id, uuids, queryPeriod})
+		return setQueryParams(r, &QueryParams{clusterID, uuids, queryPeriod})
 	}
 
 	// Parse TSDB's query in request query params
@@ -159,7 +162,7 @@ func parseQueryParams(r *http.Request, rmIDs []string, logger log.Logger) *http.
 				for _, idMatch := range strings.Split(match[1], "|") {
 					// Ignore empty strings
 					if strings.TrimSpace(idMatch) != "" {
-						id = strings.TrimSpace(idMatch)
+						clusterID = strings.TrimSpace(idMatch)
 					}
 				}
 			}
@@ -184,7 +187,7 @@ func parseQueryParams(r *http.Request, rmIDs []string, logger log.Logger) *http.
 	}
 
 	// Set query params to request's context
-	return setQueryParams(r, &QueryParams{id, uuids, queryPeriod})
+	return setQueryParams(r, &QueryParams{clusterID, uuids, queryPeriod})
 }
 
 // Parse time parameter in request.

diff --git a/pkg/lb/frontend/helpers_test.go b/pkg/lb/frontend/helpers_test.go
@@ -204,10 +204,10 @@ func TestParseQueryParams(t *testing.T) {
 			req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
 		}
 
-		newReq := parseQueryParams(req, test.rmIDs, log.NewNopLogger())
+		newReq := parseQueryParams(req, log.NewNopLogger())
 		queryParams := newReq.Context().Value(QueryParamsContextKey{}).(*QueryParams) //nolint:forcetypeassert
 		assert.Equal(t, queryParams.uuids, test.uuids)
-		assert.Equal(t, queryParams.id, test.rmID)
+		assert.Equal(t, queryParams.clusterID, test.rmID)
 
 		if test.method == "POST" {
 			// Check the new request body can still be parsed

diff --git a/pkg/lb/frontend/middleware.go b/pkg/lb/frontend/middleware.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"net/url"
 	"regexp"
+	"slices"
 	"strings"
 
 	"github.com/go-kit/log"
@@ -16,11 +17,12 @@ import (
 
 // Headers.
 const (
-	grafanaUserHeader   = "X-Grafana-User"
-	dashboardUserHeader = "X-Dashboard-User"
-	loggedUserHeader    = "X-Logged-User"
-	adminUserHeader     = "X-Admin-User"
-	ceemsUserHeader     = "X-Ceems-User"
+	grafanaUserHeader    = "X-Grafana-User"
+	dashboardUserHeader  = "X-Dashboard-User"
+	loggedUserHeader     = "X-Logged-User"
+	adminUserHeader      = "X-Admin-User"
+	ceemsUserHeader      = "X-Ceems-User"
+	ceemsClusterIDHeader = "X-Ceems-Cluster-Id"
 )
 
 var (
@@ -30,7 +32,7 @@ var (
 	// Playground: https://goplay.tools/snippet/kq_r_1SOgnG
 	regexpUUID = regexp.MustCompile("(?:.+?)[^gpu]uuid=[~]{0,1}\"(?P<uuid>[a-zA-Z0-9-|]+)\"(?:.*)")
 
-	// Regex that will match unit's ID.
+	// Regex that will match cluster's ID.
 	regexID = regexp.MustCompile("(?:.+?)ceems_id=[~]{0,1}\"(?P<id>[a-zA-Z0-9-|_]+)\"(?:.*)")
 )
 
@@ -124,23 +126,24 @@ func (amw *authenticationMiddleware) Middleware(next http.Handler) http.Handler
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		var loggedUser string
 
-		var id string
+		var clusterID string
 
 		var uuids []string
 
 		var queryParams interface{}
 
 		// Clone request, parse query params and set them in request context
 		// This will ensure we set query params in request's context always
-		r = parseQueryParams(r, amw.clusterIDs, amw.logger)
+		r = parseQueryParams(r, amw.logger)
 
 		// Apply middleware only for following endpoints:
 		// - query
 		// - query_range
 		// - labels
 		// - labels values
 		// - series
-		if !strings.HasSuffix(r.URL.Path, "query") && !strings.HasSuffix(r.URL.Path, "query_range") &&
+		if !strings.HasSuffix(r.URL.Path, "query") &&
+			!strings.HasSuffix(r.URL.Path, "query_range") &&
 			!strings.HasSuffix(r.URL.Path, "values") &&
 			!strings.HasSuffix(r.URL.Path, "labels") &&
 			!strings.HasSuffix(r.URL.Path, "series") {
@@ -206,9 +209,30 @@ func (amw *authenticationMiddleware) Middleware(next http.Handler) http.Handler
 
 		// Check type assertions
 		if v, ok := queryParams.(*QueryParams); ok {
-			id = v.id
+			clusterID = v.clusterID
 			uuids = v.uuids
+
+			// Verify clusterID is in list of valid cluster IDs
+			if !slices.Contains(amw.clusterIDs, clusterID) {
+				// Write an error and stop the handler chain
+				w.WriteHeader(http.StatusBadRequest)
+
+				response := ceems_api.Response[any]{
+					Status:    "error",
+					ErrorType: "bad_request",
+					Error:     "invalid cluster ID",
+				}
+				if err := json.NewEncoder(w).Encode(&response); err != nil {
+					level.Error(amw.logger).Log("msg", "Failed to encode response", "err", err)
+					w.Write([]byte("KO"))
+				}
+
+				return
+			}
 		} else {
+			// Write an error and stop the handler chain
+			w.WriteHeader(http.StatusBadRequest)
+
 			response := ceems_api.Response[any]{
 				Status:    "error",
 				ErrorType: "bad_request",
@@ -223,7 +247,7 @@ func (amw *authenticationMiddleware) Middleware(next http.Handler) http.Handler
 		}
 
 		// Check if user is querying for his/her own compute units by looking to DB
-		if !amw.isUserUnit(r.Context(), loggedUser, []string{id}, uuids) { //nolint:contextcheck // False positive
+		if !amw.isUserUnit(r.Context(), loggedUser, []string{clusterID}, uuids) { //nolint:contextcheck // False positive
 			// Write an error and stop the handler chain
 			w.WriteHeader(http.StatusForbidden)