( ctx context.Context, method string, expectedClusters []string, softValidationEnabled bool, invalidClusterRequests *prometheus.CounterVec, logger log.Logger, )
| 99 | } |
| 100 | |
| 101 | func checkClusterFromIncomingContext( |
| 102 | ctx context.Context, method string, expectedClusters []string, softValidationEnabled bool, |
| 103 | invalidClusterRequests *prometheus.CounterVec, logger log.Logger, |
| 104 | ) error { |
| 105 | reqCluster, err := clusterutil.GetClusterFromIncomingContext(ctx) |
| 106 | if err == nil && clusterutil.IsClusterAllowed(reqCluster, expectedClusters) { |
| 107 | return nil |
| 108 | } |
| 109 | |
| 110 | logger = log.With( |
| 111 | logger, |
| 112 | "method", method, |
| 113 | "cluster_validation_labels", fmt.Sprintf("%v", expectedClusters), |
| 114 | "soft_validation", softValidationEnabled, |
| 115 | ) |
| 116 | if tenantID, err := user.ExtractOrgID(ctx); err == nil { |
| 117 | logger = log.With(logger, "tenant", tenantID) |
| 118 | } |
| 119 | if p, ok := peer.FromContext(ctx); ok { |
| 120 | logger = log.With(logger, "client_address", p.Addr.String()) |
| 121 | } |
| 122 | if traceID, ok := tracing.ExtractSampledTraceID(ctx); ok { |
| 123 | logger = log.With(logger, "trace_id", traceID) |
| 124 | } |
| 125 | |
| 126 | if err == nil { |
| 127 | // No error, but request's and server's cluster validation labels didn't match. |
| 128 | var wrongClusterErr error |
| 129 | if !softValidationEnabled { |
| 130 | wrongClusterErr = fmt.Errorf("rejected request with wrong cluster validation label %q - it should be one of %v", reqCluster, expectedClusters) |
| 131 | } |
| 132 | |
| 133 | // Use first expected cluster for metrics compatibility |
| 134 | expectedClusterForMetrics := expectedClusters[0] |
| 135 | invalidClusterRequests.WithLabelValues("grpc", method, expectedClusterForMetrics, reqCluster).Inc() |
| 136 | level.Warn(logger).Log("msg", "request with wrong cluster validation label", "request_cluster_validation_label", reqCluster) |
| 137 | return wrongClusterErr |
| 138 | } |
| 139 | |
| 140 | if errors.Is(err, clusterutil.ErrNoClusterValidationLabel) { |
| 141 | var emptyClusterErr error |
| 142 | if !softValidationEnabled { |
| 143 | emptyClusterErr = fmt.Errorf("rejected request with empty cluster validation label - it should be one of %v", expectedClusters) |
| 144 | } |
| 145 | |
| 146 | // Use first expected cluster for metrics compatibility |
| 147 | expectedClusterForMetrics := expectedClusters[0] |
| 148 | invalidClusterRequests.WithLabelValues("grpc", method, expectedClusterForMetrics, "").Inc() |
| 149 | level.Warn(logger).Log("msg", "request with no cluster validation label") |
| 150 | return emptyClusterErr |
| 151 | } |
| 152 | |
| 153 | var rejectedRequestErr error |
| 154 | if !softValidationEnabled { |
| 155 | rejectedRequestErr = fmt.Errorf("rejected request: %w", err) |
| 156 | } |
| 157 | |
| 158 | // Use first expected cluster for metrics compatibility |
no test coverage detected