agent icon indicating copy to clipboard operation
agent copied to clipboard
verified publisher icon grafana

Config validator allows empty username in basic_auth

Open BitProcessor opened this issue 3 years ago • 1 comments

Tested on grafana-agent 0.25.1

The following does not throw a config validation error:

          basic_auth:
            username: 
            password: SeCreT

The above is the case for metrics, logs and traces endpoints.

Result:

  • if a configuration mistake is made and the username is left empty, the agent starts without issue.
  • affected endpoints throw a lot of 401's

It appears that a username is required in the basic_auth spec. See: https://grafana.slack.com/archives/C01050C3D8F/p1657200458609489?thread_ts=1657199629.325379&cid=C01050C3D8F

BitProcessor avatar Jul 07 '22 13:07 BitProcessor

Isn't it true, generally, that the HTTP spec doesn't require usernames for Basic authentication?

I agree that you always need a username for Grafana Cloud, but I'm unsure if that's universally true for anything supporting basic auth.

rfratto avatar Jul 20 '22 14:07 rfratto

This issue has been automatically marked as stale because it has not had any activity in the past 30 days. The next time this stale check runs, the stale label will be removed if there is new activity. The issue will be closed in 7 days if there is no new activity. Thank you for your contributions!

github-actions[bot] avatar Aug 20 '22 00:08 github-actions[bot]