Tenant selection via Grafana variables

[Loori-R]

Description: Add the ability to use Grafana variables for tenant selection in the VictoriaLogs Datasource. Users can create a Grafana variable to dynamically populate the AccountID and ProjectID in the header for requests, as described in the VictoriaLogs Multitenancy Documentation, making it easier to work with multiple tenants.

Key Features:

• Use the endpoint introduced in PR #7484 to fetch a list of available tenants.
• Populate Grafana variables with tenant options for dropdown selection.
• Automatically apply the selected tenant ID to all relevant queries.

Example: Screenshot showing how the variable setup might look when creating a variable:

[tenmozes]

nice one, thanks, we need similar to cluster version of victoriametrics + all filter

[hagen1778]

Hello @Loori-R @tenmozes !

This feature could be a security concern for Grafana administrators. There should be way for letting or restricting users from selecting tenants:

1. Ability to use or not use Tenants (let's call it allow-tenants-var) variable should be configured in Grafana datasource setting (Connection), which can be edited only by Grafana admins.
2. There should be way to select default tenant in datasource settings. If it was selected and allow-tenants-var is disabled, then users of the datasource shouldn't be able fetch data from tenants other than default.
3. [optional] if allow-tenants-var is enabled, it should support regex selector to pre-filter tenants that are allowed to use or to allow manually set list of tenants. So when variable is used in the dashboard, user can select only from curated or pre-filtered list.
4. Variable in dashboard should support regex matching, but it can't have Multi or All option. Unless plugin can merge results from multiple tenants.
5. Variable value should be passed to backend with some unique type, so it can identify that this is a Tenant selector.
6. Backend should always respect and re-check allow-tenants-var and list of allowed tenants to avoid cases when arbitrary tenant ID was just passed via GET param.
7. Changing datasource in dashboard should automatically update Tenants variable: disable it or populate with allowed tenants.
8. Exporting&importing dashboard with a new datasource shouldn't allow sending requests to tenants that weren't allowed in this datasource.

Unless all points can be satisfied, I'd recommend to not add this feature.

[Loori-R]

• Ability to use or not use Tenants (let's call it allow-tenants-var) variable should be configured in Grafana datasource setting (Connection), which can be edited only by Grafana admins.
• There should be way to select default tenant in datasource settings. If it was selected and allow-tenants-var is disabled, then users of the datasource shouldn't be able fetch data from tenants other than default.

In #307, it is proposed to add a Tenant Settings section where the tenant can be defined.

As part of this issue, we can extend that section to include:

1. An option to enable the use of a tenant variable (Tenants) in dashboards.
2. The ability to specify a list of allowed tenants and to define a default tenant that will be used when the variable is disabled.

[arturminchukov]

Depends on VictoriaLogs #417

[valyala]

FYI, VictoriaLogs provides the /select/tenant_ids endpoint starting from v1.38.0 release, so this endpoint can be used by Grafana plugin for VictoriaLogs. Note that this endpoint expects empty AccountID request header for security reasons - this prevents from exposing other tenants for users who have access only to the specified tenant.

[valyala]

See also similar feature request for built-in web UI for VictoriaLogs - https://github.com/VictoriaMetrics/VictoriaLogs/issues/821 .