I have a datasource that I can access remotely with a POST request (including an API key and user ID as data in the request).
Is there anyway to configure Prometheus to scrape this datasource? Preferably without any additional software.
I think not using scrape_config without a proxy (or additional software) unless the datasource is accessible using one of the service discovery targest listed in Prometheus configuration.
If you need to use a proxy, this should be straightforward.
You'd need to construct an out-of-band HTTP server defined as the proxy to accept proxied (GET) requests from Prometheus, possibly1 (!) injecting the API key and user ID, do whatever's necessary to respond to Prometheus' GET with a list of metrics in the expected exposition format returning these as the scrape response.
1 - unless you can wrangle your inputs as HTML params, or as basic_auth or authorization headers.
Related
TL;DR:
Does stubby4j request proxying functionality support the setting of additional query params with the request which is being proxied?
Details:
I am using stubby4j HTTP stub server, the latest version (i.e.: v7.3.3) to proxy requests to another real live service when my request did not match any of the configured stubs.
I am interested to know if it is possible to pass in additional query params to the live service with the request which is being proxied?
In the official docs of the stubby4j request proxying behavior (https://stubby4j.com/docs/request_proxying.html) there is nothing mentioned about it and from what I see in my own testing, I do not think this is supported. But, I still wanted to ask on SO to check if I am simply doing something wrong.
You are correct, the the setting of additional query params on the request being proxied is not supported currently.
As per the aforementioned docs, the additive strategy only supports the setting of additional HTTP headers, which are specified in the headers property on the proxy-config object in your YAML.
But, it is pretty straightforward to add the addition of query params behavior. Feel free to raise a feature request at https://github.com/azagniotov/stubby4j/issues/new/choose
My team planned to do API Performance Testing using JMeter 5.0 for my client. My client developed the API in Kubernetes. Just wondering, they gave info such as URI, HTTP Method and Content-Type only. We never have experience using URI. Are these info sufficient to do load test in JMeter? And where do I fill in these info? Is it in Config Element: HTTP Header Manager?
Because usually I only do my enablement using sample website which already provide the URL.
Do I need to ask them to provide the specific URL for this? Or URL can be extracted from URI?
Thanks.
Normally you should put:
Protocol, server name or IP and Port Number into HTTP Request Defaults, this way you will have a single configuration element having these details and in case of change you will need to introduce the change at one place only and won't have to revisit each and every HTTP Request sampler
Individual requests are defined using individual HTTP Request samplers where you need to provide URL Path and request body (if any)
Content-Type and other Headers can be provided via HTTP Header Manager, the same Scoping Rules as for HTTP Request Defaults apply, for example if you want to send application/json for all the requests just add HTTP Header Manager on the top of your Test Plan and it will add the header to all HTTP Request samplers which are at the same level as the HTTP Header Manager or lower.
I need to delete durable subscribers after each JMeter's test run using JMeter.
I would like to create HTTP request to the ActiveMQ Web Console as it is shown on browser WebConsole.
But I need to know:
What is the "secret" parameter in URL?
How it can be generated?
If it will be valid for JMeter's HTTP request?
The "secret" parameter was introduced to stop Cross Site Request Forgery (CSRF) attacks on the web console. See AMQ-2613 for more details on that.
You will not be able to generate your own "secret" in order to send a valid request to that URL from JMeter.
You should instead use ActiveMQ's integration with the Jolokia JMX-HTTP bridge to interact directly with ActiveMQ's JMX management beans. For example, the DurableSubscriptionViewMBean has a destroy method you can invoke.
That said, the best option would be to simply invoke javax.jms.Session#unsubscribe() from your JMS client. This is the normal way subscriptions are supposed to be deleted.
You don't need to "generate" this value, you need to "extract" this value from the previous response using a suitable Post-Processor (CSS Selector Extractor is a good choice)
Just inspect the immediately previous response source and you will see this "secret" value there. Fetch it, store into a JMeter Variable and you should be good to go.
More information: How to Load Test CSRF-Protected Web Sites
I am testing an API endpoint for which there is a form based authentication(for additional security). Can someone suggest how to handle form based authentication in Jmeter. I tried with HTTP Authorization Manage, still my request is failing.
You basically need to submit a HTML Form by sending a HTTP POST request using JMeter's HTTP Request sampler.
Given you provide correct credentials you should be authorized for further actions.
In some cases you will need to perform correlation as you might have to provide a dynamic parameter (or several) along with the credentials as your application can use these parameters for i.e. CSRF protection or for other reasons so make sure to carefully inspect the request sent by the real browser (you can capture the original request using browser developer tools) and if there are any dynamic parameters - you should extract them from the previous response using a suitable JMeter Post-Processor
Once you successfully log in it should be enough to add HTTP Cookie Manager to maintain the user session.
So I am trying to automate a JMeter script that creates Keycloak users and then signs them in.
First It GETs the login page and stores the code, here is an example request:
GET http://Keycloak.com:8001//auth/realms/REALM/protocol/openid-connect/auth?response_type=code&client_id=CLIENT&scope=openid%20profile%20email&nonce=N5b3a2da23c04a&response_mode=form_post&resource=RESOURCE&state=2SJwtlVZrswlGkw&redirect_uri=REDIRECTURI
However, when I then GET the registration page, the code changes and the tab_id also changes. How can I keep keycloak from generating a new code token with every HTTP request in a thread?
In addition, why is each HTTP request with JMeter acting like a new session instead of the next request in a series?
EDIT:
I am using Regular Expression Extractors in order to track the code and execution variables, in addition to using a HTTP Cookie Manager and HTTP Cache Manager for the thread.
Looking at my POST request, both variables are the same as those from the previous HTTP request, and all of my cookies are being maintained, yet every time I try this automated login, I get a 400 error and the keycloak event log displays an invalid_code error.
Edit:
As requested here is a screenshot of all my sign in requests
Most probably your Regular Expression Extractor is not nested in the HTTP Request you are trying to extract data from.
If its scope is too wide, it applies to all HTTP Requests, so first time it succeeds extracting, but then for the next request that does not contain the token, the extractor runs and overwrites the old value by an empty one.
See scoping rules in JMeter:
https://jmeter.apache.org/usermanual/test_plan.html#scoping_rules
You need to maintain the corelation between hits. Please go through below blog
https://www.blazemeter.com/blog/how-to-handle-correlation-in-jmeter
According to keycloak you must use https if you are using keycloak.com
Keycloak can run out of the box without SSL so long as you stick to private IP addresses like localhost, 127.0.0.1, 10.0.x.x, 192.168.x.x, and 172..16.x.x. If you don’t have SSL/HTTPS configured on the server or you try to access Keycloak over HTTP from a non-private IP adress you will get an error.
So you have 3 options: use private IP address, use a reverse proxy or load balancer to handle HTTPS or enable HTTPS for the Keycloak server.