root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 90 Packages Projects Releases Wiki Activity

Tempo: fix streaming with TLS without BasicAuth (#100546) 

Fixes #100545

Streaming queries/metrics do not work if TLS is enabled and basic auth is not.

"Save & test" while adding/editing a tempo datasource throw `e.data is undefined` in the ui.

Gafana server logs report:

> logger=grafana-apiserver t=2025-02-12T17:55:29.131036665Z level=info msg="[core] [Channel #42 SubChannel #43]grpc:
> addrConn.createTransport failed to connect to {Addr: \"tempo:3200\", ServerName: \"tempo:3200\", }. Err: connection
> error: desc = \"error reading server preface: read tcp 127.0.0.1:55432->127.0.0.1:3200: read: connection reset by
> peer\""

> logger=grafana-apiserver t=2025-02-12T17:55:36.835523455Z level=info msg="[core] [Channel #31 SubChannel #32]grpc:
> addrConn.createTransport failed to connect to {Addr: \"tempo:3200\", ServerName: > \"tempo:3200\", }. Err: connection
> error: desc = \"error reading server preface: EOF\""

Fix by using TLS when enabled regardless of basic auth settings.

Co-authored-by: André Pereira <adrapereira@gmail.com>
This commit is contained in:
Alex Hunsaker 2025-04-01 06:41:22 -06:00 committed by GitHub
parent 4689b7c0cd
commit fa8dafec77
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/tsdb/tempo/grpc.go
View File

@ -86,23 +86,26 @@ func getDialOpts(ctx context.Context, settings backend.DataSourceInstanceSetting
// Also User agent but that is set before each rpc call as for decoupled DS we have to get it from request context
// and cannot add it to client here.
var dialOps []grpc.DialOption
dialOps = append(dialOps, grpc.WithChainStreamInterceptor(CustomHeadersStreamInterceptor(opts)))
if settings.BasicAuthEnabled {
// If basic authentication is enabled, it uses TLS transport credentials and sets the basic authentication header for each RPC call.
var creds credentials.TransportCredentials
if opts.TLS != nil {
tls, err := httpclient.GetTLSConfig(opts)
if err != nil {
return nil, fmt.Errorf("failure in configuring tls for grpc: %w", err)
}
creds = credentials.NewTLS(tls)
} else {
creds = insecure.NewCredentials()
}
dialOps = append(dialOps, grpc.WithTransportCredentials(credentials.NewTLS(tls)))
var dialOps []grpc.DialOption
dialOps = append(dialOps, grpc.WithChainStreamInterceptor(CustomHeadersStreamInterceptor(opts)))
if settings.BasicAuthEnabled {
dialOps = append(dialOps, grpc.WithTransportCredentials(creds))
dialOps = append(dialOps, grpc.WithPerRPCCredentials(&basicAuth{
Header: basicHeaderForAuth(opts.BasicAuth.User, opts.BasicAuth.Password),
}))
} else {
// Otherwise, it uses insecure credentials.
dialOps = append(dialOps, grpc.WithTransportCredentials(insecure.NewCredentials()))
dialOps = append(dialOps, grpc.WithTransportCredentials(creds))
}
// The following code is required to make gRPC work with Grafana Cloud PDC