vmuser: properly build targetRef route options

Previously, `src_query_args` and `headers` options were ignored.
VictoriaMetrics · Dec 17, 2024 · 283ba52 · 283ba52
1 parent e2e8ab4
commit 283ba52
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 2 deletions.
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -21,7 +21,8 @@ Operator will preserve `annotations`, but any changes to it will be ignored. `la
 **Update note 3: The following fields: `[default_url,tlsConfig,discover_backend_ips,headers,response_headers,retry_status_codes,max_concurrent_requests,load_balancing_policy,drop_src_path_prefix_parts]` are deprecated at `VMAuth.spec.` in favour of `VMAuth.spec.unauthorizedUserAccessSpec`. Operator still serves deprecated fields until `v1.0` release.**
 
 - [vmcluster](https://docs.victoriametrics.com/operator/resources/vmcluster): add `"app.kubernetes.io/part-of": "vmcluster"` label to the objects generated for `VMCluster` components. It helps to use labels selectors to identify objects belong to the cluster.
-- [vmauth](https://docs.victoriametrics.com/operator/resources/vmauth/): adds new `spec` setting `unauthorizedUserAccessSpec` that replaces `unauthorizedAccessConfig` and inlined fields from `VMUserConfigOptions`. See [this issue](https://github.com/VictoriaMetrics/operator/issues/1168) for details.  
+- [vmauth](https://docs.victoriametrics.com/operator/resources/vmauth/): adds new `spec` setting `unauthorizedUserAccessSpec` that replaces `unauthorizedAccessConfig` and inlined fields from `VMUserConfigOptions`. See [this issue](https://github.com/VictoriaMetrics/operator/issues/1168) for details.
+- [vmuser](https://docs.victoriametrics.com/operator/resources/vmuser/): fix missing options `src_headers`, `src_query_args` and `discover_backend_ips` in the generate vmauth config when specified under `vmuserSpec.targetRefs`.
 - [vmoperator](https://docs.victoriametrics.com/operator/): add `annotations` to the `PodDisruptionBudget` and `HorizontalPodAutoscaler` objects generated.
 - [vmoperator](https://docs.victoriametrics.com/operator/): bump default version of VictoriaMetrics components to [1.107.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.107.0).
 - [vmoperator](https://docs.victoriametrics.com/operator/): fix the behaviors of `vmagentSpec.ScrapeConfigSelector` and `vmagentSpec.scrapeConfigNamespaceSelector` when `vmagentSpec.selectAllByDefault=false`. Previously, the VMScrapeConfig could be ignored.

diff --git a/internal/controller/operator/factory/vmauth/vmusers_config.go b/internal/controller/operator/factory/vmauth/vmusers_config.go
@@ -771,6 +771,15 @@ func genURLMaps(userName string, refs []vmv1beta1.TargetRef, result yaml.MapSlic
 				Value: ref.Hosts,
 			})
 		}
+		if ref.URLMapCommon.DiscoverBackendIPs != nil {
+			urlMap = append(urlMap, yaml.MapItem{
+				Key:   "discover_backend_ips",
+				Value: *ref.URLMapCommon.DiscoverBackendIPs,
+			},
+			)
+		}
+		urlMap = appendIfNotEmpty(ref.URLMapCommon.SrcHeaders, "src_headers", urlMap)
+		urlMap = appendIfNotEmpty(ref.URLMapCommon.SrcQueryArgs, "src_query_args", urlMap)
 		if len(ref.URLMapCommon.RequestHeaders) > 0 {
 			urlMap = append(urlMap, yaml.MapItem{
 				Key:   "headers",

diff --git a/internal/controller/operator/factory/vmauth/vmusers_config_test.go b/internal/controller/operator/factory/vmauth/vmusers_config_test.go
@@ -365,7 +365,7 @@ password: pass
 `,
 		},
 		{
-			name: "with load_balancing_policy and drop_src_path_prefix_parts and tls_insecure_skip_verify",
+			name: "with all URLMapCommon options and tls_insecure_skip_verify",
 			args: args{
 				user: &vmv1beta1.VMUser{
 					Spec: vmv1beta1.VMUserSpec{
@@ -389,6 +389,12 @@ password: pass
 									"/select/0/graphite",
 								},
 								URLMapCommon: vmv1beta1.URLMapCommon{
+									SrcQueryArgs:           []string{"foo=bar"},
+									SrcHeaders:             []string{"H1:V1"},
+									DiscoverBackendIPs:     ptr.To(true),
+									RequestHeaders:         []string{"X-Scope-OrgID: abc"},
+									ResponseHeaders:        []string{"RH1:V3"},
+									RetryStatusCodes:       []int{502, 503},
 									LoadBalancingPolicy:    ptr.To("first_available"),
 									DropSrcPathPrefixParts: ptr.To(2),
 								},
@@ -411,6 +417,18 @@ password: pass
   src_paths:
   - /select/0/prometheus
   - /select/0/graphite
+  discover_backend_ips: true
+  src_headers:
+  - H1:V1
+  src_query_args:
+  - foo=bar
+  headers:
+  - 'X-Scope-OrgID: abc'
+  response_headers:
+  - RH1:V3
+  retry_status_codes:
+  - 502
+  - 503
   drop_src_path_prefix_parts: 2
   load_balancing_policy: first_available
 - url_prefix: