-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prometheus Scaler Add custom headers and custom auth support #4208
Prometheus Scaler Add custom headers and custom auth support #4208
Conversation
…heus Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution! Looking good but I have one question:
Will these headers contain sensitive data? I mean, in the examples you have used "token". If these headers contain sensitive data, they should be read from TriggerAuthentication instead of metadata. We should avoid sensitive data as part of trigger metadata.
From the code pov, you should look for them config.AuthParams
instead of config.TriggerMetadata
(or maybe from both, joining them if there are headers from both places)
Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
@JorTurFer yes, that makes sense for I have included changes related to the same and updated linked documentation PR as well. |
Signed-off-by: Prashant Shahi <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for the improvement :)
wdyt @zroubalik ?
/run-e2e prometheus* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally looking good, what will happen if user specify both cortexOrgID
option and a custom header where he specify X-Scope-OrgID
header for Cortex but with a different value. Which one will be used and valid?
@zroubalik Currently, the value from custom header will be used over Ideally, |
@zroubalik @tomkerkhove Do let me know if there are any changes required for making the PR good to merge. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@prashant-shahi the PR is looking good, I agree that we should deprecate the cortex parameter. Could you please add log message here if this parameter is specified, that custom headers should be used instead?
@prashant-shahi please also add note to Deprecated section in Changelog about this change. |
Signed-off-by: Prashant Shahi <[email protected]>
…heus scaler Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
@zroubalik |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, great job @prashant-shahi !
@tomkerkhove is there anything else needed to be done wrt deprecation? Could you please double check? 🙇♂️
/run-e2e prometheus* |
Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
Signed-off-by: Prashant Shahi <[email protected]>
@zroubalik Thank you! :) I have also included checks for duplicate keys in custom headers as well as given higher precedence to authentication headers in case of collision with custom header. |
/run-e2e prometheus* |
We're not there yet, we need to:
But we can do that after merging. I also noticed doc entry is not in our policy today so I have opened kedacore/governance#95 |
That's great! I was not sure about format for deprecation, so I went along with what I had in mind. |
No worries! |
Checklist
Relates to #4206
Relates to kedacore/keda-docs#1064