BasicAuthPlugin

Implements Basic Auth.

Usage

# settings.py
from prometheus_virtual_metrics.plugins import BasicAuthPlugin

PLUGINS = [
    BasicAuthPlugin(
        credentials={
            'user-1': 'password-1',
            'user-2': 'password-2',
        },
    ),
]

prometheus_virtual_metrics.plugins.BasicAuthPlugin

Parameters:

Name	Type	Description	Default
credentials	dict[str, str]	Login credentials as dict. Keys are usernames, values passwords.	None

check_credentials(username, password)

Gets called for every incoming Grafana request. username and password are obtained from the prometheus_virtual_metrics.PrometheusRequest, using prometheus_virtual_metrics.plugins.basic_auth.get_credentials.

If this method returns False, a prometheus_virtual_metrics.ForbiddenError is raised.

Parameters:

Name	Type	Description	Default
username	str	Username as string	required
password	str	password as string	required

Returns:

Name	Type	Description
credentials_valid	bool	credentials are valid

Custom Authentication

By default, the authentication backend is a simple Python dict that holds all usernames and passwords. You can override BasicAuthPlugin.check_credentials to check against other backends, like files or databases:

from prometheus_virtual_metrics.plugins import BasicAuthPlugin


class CustomBasicAuth(BasicAuthPlugin):
    def check_credentials(self, username, password):
        if username == 'hacker':
            return False

        return True

You can also use prometheus_virtual_metrics.plugins.get_credentials in your plugins without using BasicAuthPlugin:

from prometheus_virtual_metrics.plugins.basic_auth import get_credentials
from prometheus_virtual_metrics import ForbiddenError


class SecurePlugin:
    def on_range_query_request(self, request, response):
        username, password = get_credentials(request)

        if username == 'hacker':
            raise ForbiddenError('nope!')