Do not return error when selector extraction fails (#579)

xperimental · web-flow · commit 0da381069d1f · 2023-10-02T12:02:33.000+02:00
diff --git a/authorization/http.go b/authorization/http.go
@@ -2,9 +2,10 @@ package authorization
 
 import (
 	"context"
-	"fmt"
 	"net/http"
 
+	"github.com/go-kit/log"
+	"github.com/go-kit/log/level"
 	"github.com/observatorium/api/authentication"
 	"github.com/observatorium/api/httperr"
 	"github.com/observatorium/api/rbac"
@@ -61,7 +62,7 @@ func WithSelectorsInfo(ctx context.Context, info *SelectorsInfo) context.Context
 
 // WithLogsStreamSelectorsExtractor returns a middleware that, when enabled, tries to extract
 // stream selectors from queries, so that they can be used in authorizing the request.
-func WithLogsStreamSelectorsExtractor(selectorNames []string) func(http.Handler) http.Handler {
+func WithLogsStreamSelectorsExtractor(logger log.Logger, selectorNames []string) func(http.Handler) http.Handler {
 	enabled := len(selectorNames) > 0
 
 	selectorNameMap := make(map[string]bool, len(selectorNames))
@@ -79,9 +80,9 @@ func WithLogsStreamSelectorsExtractor(selectorNames []string) func(http.Handler)
 
 			selectorsInfo, err := extractLogStreamSelectors(selectorNameMap, r.URL.Query())
 			if err != nil {
-				httperr.PrometheusAPIError(w, fmt.Sprintf("error extracting selectors from query: %s", err), http.StatusInternalServerError)
-
-				return
+				// Don't error out, just warn about error and continue with empty selectorsInfo
+				level.Warn(logger).Log("msg", err)
+				selectorsInfo = emptySelectorsInfo
 			}
 
 			next.ServeHTTP(w, r.WithContext(WithSelectorsInfo(r.Context(), selectorsInfo)))
diff --git a/authorization/query.go b/authorization/query.go
@@ -1,6 +1,7 @@
 package authorization
 
 import (
+	"fmt"
 	"net/url"
 	"strings"
 
@@ -16,7 +17,7 @@ func extractLogStreamSelectors(selectorNames map[string]bool, values url.Values)
 
 	selectors, hasWildcard, err := parseLogStreamSelectors(selectorNames, query)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("error extracting selectors from query %#q: %w", query, err)
 	}
 
 	return &SelectorsInfo{
diff --git a/main.go b/main.go
@@ -715,7 +715,7 @@ func main() {
 								logsv1.WithWriteMiddleware(writePathRedirectProtection),
 								logsv1.WithGlobalMiddleware(authentication.WithTenantMiddlewares(pm.Middlewares)),
 								logsv1.WithGlobalMiddleware(authentication.WithTenantHeader(cfg.logs.tenantHeader, tenantIDs)),
-								logsv1.WithReadMiddleware(authorization.WithLogsStreamSelectorsExtractor(cfg.logs.authExtractSelectors)),
+								logsv1.WithReadMiddleware(authorization.WithLogsStreamSelectorsExtractor(logger, cfg.logs.authExtractSelectors)),
 								logsv1.WithReadMiddleware(authorization.WithAuthorizers(authorizers, rbac.Read, "logs")),
 								logsv1.WithReadMiddleware(logsv1.WithEnforceAuthorizationLabels()),
 								logsv1.WithWriteMiddleware(authorization.WithAuthorizers(authorizers, rbac.Write, "logs")),
