lib/promauth: make username optional in basic_auth section

RFC-7617 allows empty password/username. Moreover, from RFC standpoint both empty values are valid as well. It should be just encoded as `:`. So this commit relaxes non-empty username restriction.

Fixes https://github.com/VictoriaMetrics/VictoriaMetrics/issues/6956

docs/victoriametrics/changelog/CHANGELOG.md

@@ -31,6 +31,7 @@ See also [LTS releases](https://docs.victoriametrics.com/victoriametrics/lts-rel
 * FEATURE: [vmalert](https://docs.victoriametrics.com/victoriametrics/vmalert/): add `search` parameter and pagination support in `/api/v1/rules` API. See [#10046](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/10046).
 * FEATURE: [vmui](https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#vmui): add default pagination to improve the Alerting Rules page experience when vmalert loads thousands of rules. See [#10046](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/10046).
 * FEATURE: all VictoriaMetrics components: log a warning when an IPv6 listen address (e.g. `[::]:6969`) is specified but `-enableTCP6` is not set. Previously, the server silently listened on IPv4 only. See [#6858](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/6858). Thanks to @andriibeee for the contribution.
+* FEATURE: [vmagent](https://docs.victoriametrics.com/victoriametrics/vmagent/): allow specifying `basic_auth` in scrape configs without `username`. Previously this resulted in a config error. Now a warning is logged instead. See [#6956](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/6956). Thanks to @andriibeee for the contribution.
 
 * BUGFIX: `vmselect` in [VictoriaMetrics cluster](https://docs.victoriametrics.com/victoriametrics/cluster-victoriametrics/): retry RPC by dialing a new connection instead of reusing a pooled one when the previous attempt fails with `io.EOF`, `broken pipe` or `reset by peer`. This reduces query failures caused by stale connections to restarted vmstorage nodes. See [#10314](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/10314)
 * BUGFIX: [vmui](https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#vmui): fix autocomplete dropdown not closing on the Raw Query page. See [#10665](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/10665)

docs/victoriametrics/sd_configs.md

@@ -2080,8 +2080,8 @@ and in the majority of [supported service discovery configs](#supported-service-
     # basic_auth is an optional HTTP basic authentication configuration.
     #
     # basic_auth:
-    #   username: "..."
-    #   username_file: "..."  # is mutually-exclusive with username
+    #   username: "..."      # optional
+    #   username_file: "..."  # optional, is mutually-exclusive with username
     #   password: "..."
     #   password_file: "..."  # is mutually-exclusive with password
 

lib/promauth/config.go

@@ -823,10 +823,20 @@ func (actx *authContext) initFromBasicAuthConfig(baseDir string, ba *BasicAuthCo
 		password = ba.Password.S
 	}
 	passwordFile := ba.PasswordFile
-	if username == "" && usernameFile == "" {
-		return fmt.Errorf("missing `username` and `username_file` in `basic_auth` section; please specify one; " +
+	if username == "" && usernameFile == "" && password == "" && passwordFile == "" {
+		return fmt.Errorf("missing `username`, `username_file`, `password` and `password_file` in `basic_auth` section; please specify at least one; " +
 			"see https://docs.victoriametrics.com/victoriametrics/sd_configs/#http-api-client-options")
 	}
+	if username == "" && usernameFile == "" {
+		logger.Warnf("missing `username` and `username_file` in `basic_auth` section; " +
+			"see https://docs.victoriametrics.com/victoriametrics/sd_configs/#http-api-client-options")
+	}
+	if strings.TrimSpace(username) == "" && username != "" {
+		logger.Warnf("`username` in `basic_auth` section is blank; it is possible to omit the `username` value if it is not needed")
+	}
+	if usernameFile == "/dev/null" {
+		logger.Warnf("`username_file` in `basic_auth` section points to /dev/null; it is possible to omit the `username_file` value if it is not needed")
+	}
 	if username != "" && usernameFile != "" {
 		return fmt.Errorf("both `username` and `username_file` are set in `basic_auth` section; please specify only one; " +
 			"see https://docs.victoriametrics.com/victoriametrics/sd_configs/#http-api-client-options")

lib/promauth/config_test.go

@@ -58,10 +58,9 @@ basic_auth:
   password: pass
 `)
 
-	// basic_auth: missing username
+	// basic_auth: empty basic_auth section
 	f(`
-basic_auth:
-  password: pass
+basic_auth: {}
 `)
 
 	// basic_auth: both username and username_file are set

lib/promscrape/config_test.go

@@ -670,12 +670,12 @@ scrape_configs:
   - targets: ["foo"]
 `, []*ScrapeWork{})
 
-	// Scrape config with missing username in `basic_auth` must be skipped
+	// Scrape configs that omit the password in basic_auth must be skipped.
 	f(`
 scrape_configs:
 - job_name: x
   basic_auth:
-    password: sss
+    password: ""
   static_configs:
   - targets: ["a"]
 `, []*ScrapeWork{})
@@ -780,6 +780,28 @@ scrape_configs:
 		},
 	})
 
+	// Scrape configs that include a password but omit the username should still be parsed correctly
+	f(`
+scrape_configs:
+- job_name: x
+  basic_auth:
+    password: sss
+  static_configs:
+  - targets: ["a"]
+`, []*ScrapeWork{
+		{
+			ScrapeURL:      "http://a/metrics",
+			ScrapeInterval: defaultScrapeInterval,
+			ScrapeTimeout:  defaultScrapeTimeout,
+			MaxScrapeSize:  maxScrapeSize.N,
+			Labels: promutil.NewLabelsFromMap(map[string]string{
+				"instance": "a:80",
+				"job":      "x",
+			}),
+			jobNameOriginal: "x",
+		},
+	})
+
 	f(`
 scrape_configs:
 - job_name: foo