File: 0015-Disable-Azure-AD-authentication-support.patch

package info (click to toggle)
prometheus 2.53.3%2Bds1-2
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 25,364 kB
  • sloc: javascript: 2,423; yacc: 758; sh: 431; makefile: 231; lex: 189
file content (119 lines) | stat: -rw-r--r-- 4,728 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
From: Daniel Swarbrick <dswarbrick@debian.org>
Date: Fri, 14 Jul 2023 20:04:17 +0200
Subject: Disable Azure AD authentication support

Forwarded: not-needed
Last-Update: 2023-07-14

The packaged azure-sdk-for-go in Debian does not include support for
Azure AD auth.
---
 config/config.go         | 12 +++---------
 config/config_test.go    |  2 +-
 storage/remote/client.go |  9 ---------
 storage/remote/write.go  |  1 -
 4 files changed, 4 insertions(+), 20 deletions(-)

diff --git a/config/config.go b/config/config.go
index 9defa10..f867112 100644
--- a/config/config.go
+++ b/config/config.go
@@ -36,7 +36,6 @@ import (
 	"github.com/prometheus/prometheus/discovery"
 	"github.com/prometheus/prometheus/model/labels"
 	"github.com/prometheus/prometheus/model/relabel"
-	"github.com/prometheus/prometheus/storage/remote/azuread"
 )
 
 var (
@@ -1071,7 +1070,6 @@ type RemoteWriteConfig struct {
 	QueueConfig      QueueConfig             `yaml:"queue_config,omitempty"`
 	MetadataConfig   MetadataConfig          `yaml:"metadata_config,omitempty"`
 	SigV4Config      *sigv4.SigV4Config      `yaml:"sigv4,omitempty"`
-	AzureADConfig    *azuread.AzureADConfig  `yaml:"azuread,omitempty"`
 }
 
 // SetDirectory joins any relative file paths with dir.
@@ -1108,12 +1106,8 @@ func (c *RemoteWriteConfig) UnmarshalYAML(unmarshal func(interface{}) error) err
 	httpClientConfigAuthEnabled := c.HTTPClientConfig.BasicAuth != nil ||
 		c.HTTPClientConfig.Authorization != nil || c.HTTPClientConfig.OAuth2 != nil
 
-	if httpClientConfigAuthEnabled && (c.SigV4Config != nil || c.AzureADConfig != nil) {
-		return fmt.Errorf("at most one of basic_auth, authorization, oauth2, sigv4, & azuread must be configured")
-	}
-
-	if c.SigV4Config != nil && c.AzureADConfig != nil {
-		return fmt.Errorf("at most one of basic_auth, authorization, oauth2, sigv4, & azuread must be configured")
+	if httpClientConfigAuthEnabled && c.SigV4Config != nil {
+		return fmt.Errorf("at most one of basic_auth, authorization, oauth2, & sigv4 must be configured")
 	}
 
 	return nil
@@ -1134,7 +1128,7 @@ func validateHeadersForTracing(headers map[string]string) error {
 func validateHeaders(headers map[string]string) error {
 	for header := range headers {
 		if strings.ToLower(header) == "authorization" {
-			return errors.New("authorization header must be changed via the basic_auth, authorization, oauth2, sigv4, or azuread parameter")
+			return errors.New("authorization header must be changed via the basic_auth, authorization, oauth2, or sigv4 parameter")
 		}
 		if _, ok := reservedHeaders[strings.ToLower(header)]; ok {
 			return fmt.Errorf("%s is a reserved header. It must not be changed", header)
diff --git a/config/config_test.go b/config/config_test.go
index 37e0ea3..ec3f7c8 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -1676,7 +1676,7 @@ var expectedErrors = []struct {
 	},
 	{
 		filename: "remote_write_authorization_header.bad.yml",
-		errMsg:   `authorization header must be changed via the basic_auth, authorization, oauth2, sigv4, or azuread parameter`,
+		errMsg:   `authorization header must be changed via the basic_auth, authorization, oauth2, or sigv4 parameter`,
 	},
 	{
 		filename: "remote_write_url_missing.bad.yml",
diff --git a/storage/remote/client.go b/storage/remote/client.go
index 140194e..b93171f 100644
--- a/storage/remote/client.go
+++ b/storage/remote/client.go
@@ -36,7 +36,6 @@ import (
 	"go.opentelemetry.io/otel/trace"
 
 	"github.com/prometheus/prometheus/prompb"
-	"github.com/prometheus/prometheus/storage/remote/azuread"
 )
 
 const maxErrMsgLen = 1024
@@ -101,7 +100,6 @@ type ClientConfig struct {
 	Timeout          model.Duration
 	HTTPClientConfig config_util.HTTPClientConfig
 	SigV4Config      *sigv4.SigV4Config
-	AzureADConfig    *azuread.AzureADConfig
 	Headers          map[string]string
 	RetryOnRateLimit bool
 }
@@ -155,13 +153,6 @@ func NewWriteClient(name string, conf *ClientConfig) (WriteClient, error) {
 		}
 	}
 
-	if conf.AzureADConfig != nil {
-		t, err = azuread.NewAzureADRoundTripper(conf.AzureADConfig, t)
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	httpClient.Transport = otelhttp.NewTransport(t)
 
 	return &Client{
diff --git a/storage/remote/write.go b/storage/remote/write.go
index 66455cb..7f3cafd 100644
--- a/storage/remote/write.go
+++ b/storage/remote/write.go
@@ -168,7 +168,6 @@ func (rws *WriteStorage) ApplyConfig(conf *config.Config) error {
 			Timeout:          rwConf.RemoteTimeout,
 			HTTPClientConfig: rwConf.HTTPClientConfig,
 			SigV4Config:      rwConf.SigV4Config,
-			AzureADConfig:    rwConf.AzureADConfig,
 			Headers:          rwConf.Headers,
 			RetryOnRateLimit: rwConf.QueueConfig.RetryOnRateLimit,
 		})