rhobs
diff --git a/Diff for: ‎api/logs/v1/labels_enforcer.go
+4-3 b/Diff for: ‎api/logs/v1/labels_enforcer.go
+4-3
diff --git a/Diff for: ‎api/metrics/v1/labels_enforcer.go
+9-8 b/Diff for: ‎api/metrics/v1/labels_enforcer.go
+9-8
diff --git a/Diff for: ‎api/metrics/v1/rules.go
+16-15 b/Diff for: ‎api/metrics/v1/rules.go
+16-15
diff --git a/Diff for: ‎authentication/authentication.go
+3-2 b/Diff for: ‎authentication/authentication.go
+3-2
diff --git a/Diff for: ‎authentication/http.go
+4-3 b/Diff for: ‎authentication/http.go
+4-3
diff --git a/Diff for: ‎authentication/mtls.go
+5-4 b/Diff for: ‎authentication/mtls.go
+5-4
@@ -7,6 +7,7 @@ import (
 	"net/url"
 
 	"github.com/observatorium/api/authorization"
+	"github.com/observatorium/api/httperr"
 	logqlv2 "github.com/observatorium/api/logql/v2"
 	"github.com/prometheus/prometheus/pkg/labels"
 )
@@ -18,7 +19,7 @@ func WithEnforceAuthorizationLabels() func(http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			data, ok := authorization.GetData(r.Context())
 			if !ok {
-				http.Error(w, "error finding authorization label matcher", http.StatusInternalServerError)
+				httperr.PrometheusAPIError(w, "error finding authorization label matcher", http.StatusInternalServerError)
 
 				return
 			}
@@ -33,14 +34,14 @@ func WithEnforceAuthorizationLabels() func(http.Handler) http.Handler {
 
 			var lm []*labels.Matcher
 			if err := json.Unmarshal([]byte(data), &lm); err != nil {
-				http.Error(w, "error parsing authorization label matchers", http.StatusInternalServerError)
+				httperr.PrometheusAPIError(w, "error parsing authorization label matchers", http.StatusInternalServerError)
 
 				return
 			}
 
 			q, err := enforceValues(lm, r.URL.Query())
 			if err != nil {
-				http.Error(w, fmt.Sprintf("could not enforce authorization label matchers: %v", err), http.StatusInternalServerError)
+				httperr.PrometheusAPIError(w, fmt.Sprintf("could not enforce authorization label matchers: %v", err), http.StatusInternalServerError)
 
 				return
 			}
 
@@ -10,6 +10,7 @@ import (
 
 	"github.com/observatorium/api/authentication"
 	"github.com/observatorium/api/authorization"
+	"github.com/observatorium/api/httperr"
 	"github.com/prometheus-community/prom-label-proxy/injectproxy"
 	"github.com/prometheus/prometheus/pkg/labels"
 	"github.com/prometheus/prometheus/promql/parser"
@@ -28,7 +29,7 @@ func WithEnforceTenancyOnQuery(label string) func(http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			id, ok := authentication.GetTenantID(r.Context())
 			if !ok {
-				http.Error(w, "error finding tenant ID", http.StatusInternalServerError)
+				httperr.PrometheusAPIError(w, "error finding tenant ID", http.StatusInternalServerError)
 
 				return
 			}
@@ -59,7 +60,7 @@ func WithEnforceTenancyOnMatchers(label string) func(http.Handler) http.Handler
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			id, ok := authentication.GetTenantID(r.Context())
 			if !ok {
-				http.Error(w, "error finding tenant ID", http.StatusInternalServerError)
+				httperr.PrometheusAPIError(w, "error finding tenant ID", http.StatusInternalServerError)
 
 				return
 			}
@@ -100,7 +101,7 @@ func WithEnforceAuthorizationLabels() func(http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			data, ok := authorization.GetData(r.Context())
 			if !ok {
-				http.Error(w, "error finding authorization label matcher", http.StatusInternalServerError)
+				httperr.PrometheusAPIError(w, "error finding authorization label matcher", http.StatusInternalServerError)
 
 				return
 			}
@@ -115,7 +116,7 @@ func WithEnforceAuthorizationLabels() func(http.Handler) http.Handler {
 
 			var lm []*labels.Matcher
 			if err := json.Unmarshal([]byte(data), &lm); err != nil {
-				http.Error(w, "error parsing authorization label matcher", http.StatusInternalServerError)
+				httperr.PrometheusAPIError(w, "error parsing authorization label matcher", http.StatusInternalServerError)
 
 				return
 			}
@@ -138,7 +139,7 @@ func enforceRequestQueryLabels(e *injectproxy.Enforcer, w http.ResponseWriter, r
 	// enforce in both places.
 	q, found1, err := enforceQueryValues(e, r.URL.Query())
 	if err != nil {
-		http.Error(w, fmt.Sprintf("could not enforce labels: %v", err), http.StatusBadRequest)
+		httperr.PrometheusAPIError(w, fmt.Sprintf("could not enforce labels: %v", err), http.StatusBadRequest)
 
 		return false
 	}
@@ -150,14 +151,14 @@ func enforceRequestQueryLabels(e *injectproxy.Enforcer, w http.ResponseWriter, r
 	if r.Method == http.MethodPost {
 		if err := r.ParseForm(); err != nil {
 			// We're returning server error here because we cannot ensure this is a bad request.
-			http.Error(w, fmt.Sprintf("could not parse form: %v", err), http.StatusInternalServerError)
+			httperr.PrometheusAPIError(w, fmt.Sprintf("could not parse form: %v", err), http.StatusInternalServerError)
 
 			return false
 		}
 
 		q, found2, err = enforceQueryValues(e, r.PostForm)
 		if err != nil {
-			http.Error(w, fmt.Sprintf("could not enforce labels: %v", err), http.StatusBadRequest)
+			httperr.PrometheusAPIError(w, fmt.Sprintf("could not enforce labels: %v", err), http.StatusBadRequest)
 
 			return false
 		}
@@ -169,7 +170,7 @@ func enforceRequestQueryLabels(e *injectproxy.Enforcer, w http.ResponseWriter, r
 
 	// If no query was found, return early.
 	if !found1 && !found2 {
-		http.Error(w, "no query found", http.StatusBadRequest)
+		httperr.PrometheusAPIError(w, "no query found", http.StatusBadRequest)
 
 		return false
 	}
 
@@ -11,6 +11,7 @@ import (
 	"github.com/go-kit/log"
 	"github.com/go-kit/log/level"
 	"github.com/observatorium/api/authentication"
+	"github.com/observatorium/api/httperr"
 	"github.com/observatorium/api/rules"
 	"github.com/prometheus-community/prom-label-proxy/injectproxy"
 	"github.com/prometheus/prometheus/pkg/labels"
@@ -99,13 +100,13 @@ type rulesHandler struct {
 func (rh *rulesHandler) get(w http.ResponseWriter, r *http.Request) {
 	tenant, ok := authentication.GetTenant(r.Context())
 	if !ok {
-		http.Error(w, "error finding tenant", http.StatusUnauthorized)
+		httperr.PrometheusAPIError(w, "error finding tenant", http.StatusUnauthorized)
 		return
 	}
 
 	id, ok := authentication.GetTenantID(r.Context())
 	if !ok {
-		http.Error(w, "error finding tenant ID", http.StatusUnauthorized)
+		httperr.PrometheusAPIError(w, "error finding tenant ID", http.StatusUnauthorized)
 		return
 	}
 
@@ -118,7 +119,7 @@ func (rh *rulesHandler) get(w http.ResponseWriter, r *http.Request) {
 			sc = resp.StatusCode
 		}
 
-		http.Error(w, "error listing rules", sc)
+		httperr.PrometheusAPIError(w, "error listing rules", sc)
 
 		return
 	}
@@ -128,9 +129,9 @@ func (rh *rulesHandler) get(w http.ResponseWriter, r *http.Request) {
 	if resp.StatusCode/100 != 2 {
 		switch resp.StatusCode {
 		case http.StatusNotFound:
-			http.Error(w, "no rules found", resp.StatusCode)
+			httperr.PrometheusAPIError(w, "no rules found", resp.StatusCode)
 		default:
-			http.Error(w, "error listing rules", resp.StatusCode)
+			httperr.PrometheusAPIError(w, "error listing rules", resp.StatusCode)
 		}
 
 		return
@@ -139,23 +140,23 @@ func (rh *rulesHandler) get(w http.ResponseWriter, r *http.Request) {
 	rawRules, err := unmarshalRules(resp.Body)
 	if err != nil {
 		level.Error(rh.logger).Log("msg", "could not unmarshal rules", "err", err.Error())
-		http.Error(w, "error unmarshaling rules", http.StatusInternalServerError)
+		httperr.PrometheusAPIError(w, "error unmarshaling rules", http.StatusInternalServerError)
 
 		return
 	}
 
 	err = enforceLabelsInRules(rawRules, rh.tenantLabel, id)
 	if err != nil {
 		level.Error(rh.logger).Log("msg", "could not enforce labels in rules", "err", err.Error())
-		http.Error(w, "failed to process rules", http.StatusInternalServerError)
+		httperr.PrometheusAPIError(w, "failed to process rules", http.StatusInternalServerError)
 
 		return
 	}
 
 	body, err := yaml.Marshal(rawRules)
 	if err != nil {
 		level.Error(rh.logger).Log("msg", "could not marshal rules YAML", "err", err.Error())
-		http.Error(w, "error marshaling rules YAML", http.StatusInternalServerError)
+		httperr.PrometheusAPIError(w, "error marshaling rules YAML", http.StatusInternalServerError)
 
 		return
 	}
@@ -169,35 +170,35 @@ func (rh *rulesHandler) get(w http.ResponseWriter, r *http.Request) {
 func (rh *rulesHandler) put(w http.ResponseWriter, r *http.Request) {
 	tenant, ok := authentication.GetTenant(r.Context())
 	if !ok {
-		http.Error(w, "error finding tenant", http.StatusUnauthorized)
+		httperr.PrometheusAPIError(w, "error finding tenant", http.StatusUnauthorized)
 	}
 
 	id, ok := authentication.GetTenantID(r.Context())
 	if !ok {
-		http.Error(w, "error finding tenant ID", http.StatusUnauthorized)
+		httperr.PrometheusAPIError(w, "error finding tenant ID", http.StatusUnauthorized)
 		return
 	}
 
 	rawRules, err := unmarshalRules(r.Body)
 	if err != nil {
 		level.Error(rh.logger).Log("msg", "could not unmarshal rules", "err", err.Error())
-		http.Error(w, "error unmarshaling rules", http.StatusInternalServerError)
+		httperr.PrometheusAPIError(w, "error unmarshaling rules", http.StatusInternalServerError)
 
 		return
 	}
 
 	err = enforceLabelsInRules(rawRules, rh.tenantLabel, id)
 	if err != nil {
 		level.Error(rh.logger).Log("msg", "could not enforce labels in rules", "err", err.Error())
-		http.Error(w, "failed to process rules", http.StatusInternalServerError)
+		httperr.PrometheusAPIError(w, "failed to process rules", http.StatusInternalServerError)
 
 		return
 	}
 
 	body, err := yaml.Marshal(rawRules)
 	if err != nil {
 		level.Error(rh.logger).Log("msg", "could not marshal rules YAML", "err", err.Error())
-		http.Error(w, "error marshaling rules YAML", http.StatusInternalServerError)
+		httperr.PrometheusAPIError(w, "error marshaling rules YAML", http.StatusInternalServerError)
 
 		return
 	}
@@ -210,7 +211,7 @@ func (rh *rulesHandler) put(w http.ResponseWriter, r *http.Request) {
 		}
 
 		level.Error(rh.logger).Log("msg", "could not set rules", "err", err.Error())
-		http.Error(w, "error creating rules", sc)
+		httperr.PrometheusAPIError(w, "error creating rules", sc)
 
 		return
 	}
@@ -220,7 +221,7 @@ func (rh *rulesHandler) put(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(resp.StatusCode)
 
 	if _, err := io.Copy(w, resp.Body); err != nil {
-		http.Error(w, "error writing rules response", http.StatusInternalServerError)
+		httperr.PrometheusAPIError(w, "error writing rules response", http.StatusInternalServerError)
 		return
 	}
 }
@@ -7,6 +7,7 @@ import (
 
 	"github.com/go-kit/log"
 	"github.com/go-kit/log/level"
+	"github.com/observatorium/api/httperr"
 	"github.com/prometheus/client_golang/prometheus"
 	"google.golang.org/grpc"
 )
@@ -132,7 +133,7 @@ func (pm *ProviderManager) PatternHandler(pattern string) http.HandlerFunc {
 		const msg = "error finding tenant"
 		if !ok {
 			level.Warn(pm.logger).Log("msg", msg, "tenant", tenant)
-			http.Error(w, msg, http.StatusInternalServerError)
+			httperr.PrometheusAPIError(w, msg, http.StatusInternalServerError)
 			return
 		}
 
@@ -141,7 +142,7 @@ func (pm *ProviderManager) PatternHandler(pattern string) http.HandlerFunc {
 		pm.mtx.RUnlock()
 		if !ok {
 			level.Debug(pm.logger).Log("msg", msg, "tenant", tenant)
-			http.Error(w, msg, http.StatusUnauthorized)
+			httperr.PrometheusAPIError(w, msg, http.StatusUnauthorized)
 			return
 		}
 		h.ServeHTTP(w, r)
 
@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/go-chi/chi"
+	"github.com/observatorium/api/httperr"
 )
 
 // contextKey to use when setting context values in the HTTP package.
@@ -143,7 +144,7 @@ func WithTenantMiddlewares(mwFns ...MiddlewareFunc) Middleware {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			tenant, ok := GetTenant(r.Context())
 			if !ok {
-				http.Error(w, "error finding tenant", http.StatusBadRequest)
+				httperr.PrometheusAPIError(w, "error finding tenant", http.StatusBadRequest)
 				return
 			}
 
@@ -154,7 +155,7 @@ func WithTenantMiddlewares(mwFns ...MiddlewareFunc) Middleware {
 				}
 			}
 
-			http.Error(w, "tenant not found, have you registered it?", http.StatusUnauthorized)
+			httperr.PrometheusAPIError(w, "tenant not found, have you registered it?", http.StatusUnauthorized)
 		})
 	}
 }
@@ -182,7 +183,7 @@ func EnforceAccessTokenPresentOnSignalWrite(oidcTenants map[string]struct{}) fun
 
 			rawToken := r.Header.Get("Authorization")
 			if rawToken == "" {
-				http.Error(w, "couldn't find the authorization header", http.StatusBadRequest)
+				httperr.PrometheusAPIError(w, "couldn't find the authorization header", http.StatusBadRequest)
 				return
 			}
 
 
@@ -12,6 +12,7 @@ import (
 	"github.com/go-kit/log"
 	grpc_middleware_auth "github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/auth"
 	"github.com/mitchellh/mapstructure"
+	"github.com/observatorium/api/httperr"
 	"github.com/prometheus/client_golang/prometheus"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
@@ -98,7 +99,7 @@ func (a MTLSAuthenticator) Middleware() Middleware {
 			}
 
 			if len(r.TLS.PeerCertificates) == 0 {
-				http.Error(w, "no client certificate presented", http.StatusUnauthorized)
+				httperr.PrometheusAPIError(w, "no client certificate presented", http.StatusUnauthorized)
 				return
 			}
 
@@ -116,10 +117,10 @@ func (a MTLSAuthenticator) Middleware() Middleware {
 
 			if _, err := r.TLS.PeerCertificates[0].Verify(opts); err != nil {
 				if errors.Is(err, x509.CertificateInvalidError{}) {
-					http.Error(w, err.Error(), http.StatusUnauthorized)
+					httperr.PrometheusAPIError(w, err.Error(), http.StatusUnauthorized)
 					return
 				}
-				http.Error(w, err.Error(), http.StatusInternalServerError)
+				httperr.PrometheusAPIError(w, err.Error(), http.StatusInternalServerError)
 				return
 			}
 
@@ -134,7 +135,7 @@ func (a MTLSAuthenticator) Middleware() Middleware {
 			case len(r.TLS.PeerCertificates[0].IPAddresses) > 0:
 				sub = r.TLS.PeerCertificates[0].IPAddresses[0].String()
 			default:
-				http.Error(w, "could not determine subject", http.StatusBadRequest)
+				httperr.PrometheusAPIError(w, "could not determine subject", http.StatusBadRequest)
 				return
 			}
 			ctx := context.WithValue(r.Context(), subjectKey, sub)
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ import (`
`7`	`7`	`"strings"`
`8`	`8`
`9`	`9`	`"github.com/go-chi/chi"`
	`10`	`+ "github.com/observatorium/api/httperr"`
`10`	`11`	`)`
`11`	`12`
`12`	`13`	`// contextKey to use when setting context values in the HTTP package.`
`@@ -143,7 +144,7 @@ func WithTenantMiddlewares(mwFns ...MiddlewareFunc) Middleware {`
`143`	`144`	`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
`144`	`145`	`tenant, ok := GetTenant(r.Context())`
`145`	`146`	`if !ok {`
`146`		`- http.Error(w, "error finding tenant", http.StatusBadRequest)`
	`147`	`+ httperr.PrometheusAPIError(w, "error finding tenant", http.StatusBadRequest)`
`147`	`148`	`return`
`148`	`149`	`}`
`149`	`150`
`@@ -154,7 +155,7 @@ func WithTenantMiddlewares(mwFns ...MiddlewareFunc) Middleware {`
`154`	`155`	`}`
`155`	`156`	`}`
`156`	`157`
`157`		`- http.Error(w, "tenant not found, have you registered it?", http.StatusUnauthorized)`
	`158`	`+ httperr.PrometheusAPIError(w, "tenant not found, have you registered it?", http.StatusUnauthorized)`
`158`	`159`	`})`
`159`	`160`	`}`
`160`	`161`	`}`
`@@ -182,7 +183,7 @@ func EnforceAccessTokenPresentOnSignalWrite(oidcTenants map[string]struct{}) fun`
`182`	`183`
`183`	`184`	`rawToken := r.Header.Get("Authorization")`
`184`	`185`	`if rawToken == "" {`
`185`		`- http.Error(w, "couldn't find the authorization header", http.StatusBadRequest)`
	`186`	`+ httperr.PrometheusAPIError(w, "couldn't find the authorization header", http.StatusBadRequest)`
`186`	`187`	`return`
`187`	`188`	`}`
`188`	`189`