This project is a proof of concept for authentication and authorization.
The following diagram illustrates the sequence of interactions between different components:
sequenceDiagram
participant A as Agent (Promtail/Prometheus)
participant E as Envoy Proxy
participant AS as Auth Service
participant R as Redis
participant B as Backend (Thanos/Loki)
Note over A,E: Agent configured with username/password
A->>E: Send metrics/logs with Basic Auth
Note over E: Basic Auth header:<br/>base64(username:password)
E->>AS: Validate credentials
AS->>R: Check credentials hash
R-->>AS: Return tenant_id if valid and path == loki else just validation
AS-->>E: OK + tenant headers
E->>B: Forward with tenant context
To use this project, follow these steps:
- Clone the repository.
- Install the required dependencies.
- Configure the Agent with the appropriate username and password.
- Start the Envoy Proxy.
- Start the Auth Service.
- Start the Redis server.
- Start the Backend.
- Send metrics/logs to the Agent with Basic Auth headers.
- The Auth Service will validate the credentials and return the tenant headers.
- The Envoy Proxy will forward the request to the Backend with the tenant context.
This project is licensed under the MIT License. See the LICENSE file for more information.