continuoustest: Can't set both tenantID and authentication
kressnick25 opened this issue · comments
Describe the bug
#7619 removed limitations from passing both tenantID and authentication methods to continuous-test, but in practice, continuous-test will still only use one or the other methods.
The offending code appears to be in https://github.com/grafana/mimir/blob/main/pkg/continuoustest/client.go#L268-L274
if rt.bearerToken != "" {
req.Header.Set("Authorization", "Bearer "+rt.bearerToken)
} else if rt.basicAuthUser != "" && rt.basicAuthPassword != "" {
req.SetBasicAuth(rt.basicAuthUser, rt.basicAuthPassword)
} else {
req.Header.Set("X-Scope-OrgID", rt.tenantID)
}
When passing both username/password AND tenantId to the latest pre-release binary, I am receiving
status_code=401 err="server returned HTTP status 401 Unauthorized and body "no org id\n" response in the mimir-continous-test output
To Reproduce
Steps to reproduce the behavior:
- Start mimir with anonymous access disabled
- Run
mimir-continous-test -tests.write-endpoint http://mimir -tests.read http://mimir -tests.basic-auth-user foo -tests.basic-auth-password bar -tests.tenant-id test
Expected behavior
continuous-test sends both tenantID and auth headers to mimir.
Environment
- Infrastructure: K8s
- Deployment tool: [e.g., helm, jsonnet]
Additional Context
Mimir OSS running behind an authenticating reverse-proxy, this proxy just handles basic authentication and does not add/alter the X-Scope-ID header based on user.