Details
-
Bug
-
Resolution: Fixed
-
Critical
-
7.6.0, 7.2.4
-
Triaged
-
0
-
Yes
Description
See https://couchbasecloud.atlassian.net/browse/AV-69205?focusedCommentId=227486
Request to _prometheus endpoint which proxies it to the Prometheus instance fails:
curl -g -i -u Administrator:asdasd 'localhost:9000/_prometheus/federate?match={__name__=~"up"}' -v
|
* Trying [::1]:9000...
|
* Connected to localhost (::1) port 9000
|
* Server auth using Basic with user 'Administrator'
|
> GET /_prometheus/federate?match={__name__=~"up"} HTTP/1.1
|
> Host: localhost:9000
|
> Authorization: Basic QWRtaW5pc3RyYXRvcjphc2Rhc2Q=
|
> User-Agent: curl/8.4.0
|
> Accept: */*
|
>
|
< HTTP/1.1 400 Bad Request
|
HTTP/1.1 400 Bad Request
|
< Cache-Control: no-cache,no-store,must-revalidate
|
Cache-Control: no-cache,no-store,must-revalidate
|
< Content-Length: 11
|
Content-Length: 11
|
< Content-Type: text/plain
|
Content-Type: text/plain
|
< Date: Tue, 16 Jan 2024 04:37:56 GMT
|
Date: Tue, 16 Jan 2024 04:37:56 GMT
|
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
|
Expires: Thu, 01 Jan 1970 00:00:00 GMT
|
< Pragma: no-cache
|
Pragma: no-cache
|
< Server: Couchbase Server
|
Server: Couchbase Server
|
< X-Content-Type-Options: nosniff
|
X-Content-Type-Options: nosniff
|
< X-Frame-Options: DENY
|
X-Frame-Options: DENY
|
< X-Permitted-Cross-Domain-Policies: none
|
X-Permitted-Cross-Domain-Policies: none
|
< X-XSS-Protection: 1; mode=block
|
X-XSS-Protection: 1; mode=block
|
<
|
* Connection #0 to host localhost left intact
|
Bad Request%
|
The same request succeeds though when issued directly to the Prometheus instance:
curl 'http://Administrator:asdasd@localhost:9000/internal/settings/metrics/prometheus/authEnabled' -d 'false'
|
false%
|
|
curl -g -i -u Administrator:asdasd 'localhost:9900/federate?match={__name__=~"up"}' -v
|
* Trying [::1]:9900...
|
* connect to ::1 port 9900 failed: Connection refused
|
* Trying 127.0.0.1:9900...
|
* Connected to localhost (127.0.0.1) port 9900
|
* Server auth using Basic with user 'Administrator'
|
> GET /federate?match={__name__=~"up"} HTTP/1.1
|
> Host: localhost:9900
|
> Authorization: Basic QWRtaW5pc3RyYXRvcjphc2Rhc2Q=
|
> User-Agent: curl/8.4.0
|
> Accept: */*
|
>
|
< HTTP/1.1 200 OK
|
HTTP/1.1 200 OK
|
< Content-Type: text/plain; version=0.0.4; charset=utf-8
|
Content-Type: text/plain; version=0.0.4; charset=utf-8
|
< Date: Tue, 16 Jan 2024 04:39:20 GMT
|
Date: Tue, 16 Jan 2024 04:39:20 GMT
|
< Content-Length: 0
|
Content-Length: 0<
|
* Connection #0 to host localhost left intact
|
The issue is that we switched to using
parse(URIString) -> URIMap
Types
URIString = uri_string()
URIMap = uri_map() | error()
Parses an RFC 3986 compliant uri_string() into a uri_map(), that holds the parsed components of the URI. If parsing fails, an error tuple is returned.
https://review.couchbase.org/c/ns_server/+/197985/6/src/menelaus_web.erl#b169
parse does not accept curly braces:
menelaus_web:parse_path_uri:169]Invalid uri in http request: "/_prometheus/federate?match={name=~\"up\"}", error: {error, invalid_uri, "{"}
|
as per RFC 3986.
This causes:
http://localhost:8091/_prometheus/federate?match=\{{}name{}=~\"up\"}
to fail.
There were other parsing changes in MB-59791.