feature: [or performance] optimize the performance of the or operation by reducing the marshaling call from O(m*n) to O(m+n) when large volumes of series are involved

.github/copilot-instructions.md

@@ -0,0 +1,23 @@
+# Project Overview
+
+VictoriaMetrics is a fast, cost-saving, and scalable solution for monitoring and managing time series data. It delivers high performance and reliability, making it an ideal choice for businesses of all sizes.
+
+## Folder Structure
+
+- `/app`: Contains the compilable binaries.
+- `/lib`: Contains the golang reusable libraries
+- `/docs/victoriametrics`: Contains documentation for the project.
+- `/apptest/tests`: Contains integration tests.
+
+## Libraries and Frameworks
+
+- Backend: Golang, no framework. Use third-party libraries sparingly.
+- Frontend: React.
+
+## Code review guidelines
+
+Ensure the feature or bugfix includes a changelog entry in /docs/victoriametrics/changelog/CHANGELOG.md.
+Verify the entry is under the ## tip section and matches the structure and style of existing entries.
+Chore-only changes may be omitted from the changelog.
+
+

.github/workflows/build.yml

@@ -71,8 +71,7 @@ jobs:
             go.sum
             Makefile
             app/**/Makefile
-          go-version-file: 'go.mod'
-      - run: go version
+          go-version: stable
 
       - name: Build victoria-metrics for ${{ matrix.os }}-${{ matrix.arch }}
         run: make victoria-metrics-${{ matrix.os }}-${{ matrix.arch }}

.github/workflows/check-licenses.yml

@@ -21,11 +21,9 @@ jobs:
         id: go
         uses: actions/setup-go@v6
         with:
-          go-version-file: 'go.mod'
+          go-version: stable
           cache: false
 
-      - run: go version
-
       - name: Cache Go artifacts
         uses: actions/cache@v4
         with:
@@ -34,7 +32,7 @@ jobs:
             ~/go/pkg/mod
             ~/go/bin
           key: go-artifacts-${{ runner.os }}-check-licenses-${{ steps.go.outputs.go-version }}-${{ hashFiles('go.sum', 'Makefile', 'app/**/Makefile') }}
-          restore-keys: go-artifacts-${{ runner.os }}-check-licenses-${{ steps.go.outputs.go-version }}-
+          restore-keys: go-artifacts-${{ runner.os }}-check-licenses-
 
       - name: Check License
         run: make check-licenses

.github/workflows/codeql-analysis-go.yml

@@ -36,8 +36,7 @@ jobs:
         uses: actions/setup-go@v6
         with:
           cache: false
-          go-version-file: 'go.mod'
-      - run: go version
+          go-version: stable
 
       - name: Cache Go artifacts
         uses: actions/cache@v4
@@ -47,7 +46,7 @@ jobs:
             ~/go/bin
             ~/go/pkg/mod
           key: go-artifacts-${{ runner.os }}-codeql-analyze-${{ steps.go.outputs.go-version }}-${{ hashFiles('go.sum', 'Makefile', 'app/**/Makefile') }}
-          restore-keys: go-artifacts-${{ runner.os }}-codeql-analyze-${{ steps.go.outputs.go-version }}-
+          restore-keys: go-artifacts-${{ runner.os }}-codeql-analyze-
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v4

.github/workflows/test.yml

@@ -42,9 +42,8 @@ jobs:
             go.sum
             Makefile
             app/**/Makefile
-          go-version-file: 'go.mod'
+          go-version: stable
 
-      - run: go version
 
       - name: Cache golangci-lint
         uses: actions/cache@v4
@@ -52,7 +51,7 @@ jobs:
           path: |
             ~/.cache/golangci-lint
             ~/go/bin
-          key: golangci-lint-${{ runner.os }}-${{ steps.go.outputs.go-version }}-${{ hashFiles('.golangci.yml') }}
+          key: golangci-lint-${{ runner.os }}-${{ hashFiles('.golangci.yml') }}
 
       - name: Run check-all
         run: |
@@ -82,20 +81,19 @@ jobs:
             go.sum
             Makefile
             app/**/Makefile
-          go-version-file: 'go.mod'
-      - run: go version
+          go-version: stable
 
       - name: Run tests
-        run: make ${{ matrix.scenario}}
+        run: GOGC=10 make ${{ matrix.scenario}}
 
       - name: Publish coverage
         uses: codecov/codecov-action@v5
         with:
           files: ./coverage.txt
 
-  apptest:
-    name: apptest
-    runs-on: apptest
+  integration:
+    name: integration
+    runs-on: ubuntu-latest
 
     steps:
       - name: Code checkout
@@ -109,8 +107,7 @@ jobs:
             go.sum
             Makefile
             app/**/Makefile
-          go-version-file: 'go.mod'
-      - run: go version
+          go-version: stable
 
-      - name: Run app tests
-        run: make apptest
+      - name: Run integration tests
+        run: make integration-test

Makefile

@@ -17,7 +17,7 @@ EXTRA_GO_BUILD_TAGS ?=
 GO_BUILDINFO = -X '$(PKG_PREFIX)/lib/buildinfo.Version=$(APP_NAME)-$(DATEINFO_TAG)-$(BUILDINFO_TAG)'
 TAR_OWNERSHIP ?= --owner=1000 --group=1000
 
-GOLANGCI_LINT_VERSION := 2.9.0
+GOLANGCI_LINT_VERSION := 2.7.2
 
 .PHONY: $(MAKECMDGOALS)
 
@@ -443,7 +443,7 @@ fmt:
 	gofmt -l -w -s ./apptest
 
 vet:
-	go vet -tags 'synctest' ./lib/...
+	GOEXPERIMENT=synctest go vet ./lib/...
 	go vet ./app/...
 	go vet ./apptest/...
 
@@ -452,25 +452,28 @@ check-all: fmt vet golangci-lint govulncheck
 clean-checkers: remove-golangci-lint remove-govulncheck
 
 test:
-	go test -tags 'synctest' ./lib/... ./app/...
+	GOEXPERIMENT=synctest go test ./lib/... ./app/...
 
 test-race:
-	go test -tags 'synctest' -race ./lib/... ./app/...
+	GOEXPERIMENT=synctest go test -race ./lib/... ./app/...
 
 test-pure:
-	CGO_ENABLED=0 go test -tags 'synctest' ./lib/... ./app/...
+	GOEXPERIMENT=synctest CGO_ENABLED=0 go test ./lib/... ./app/...
 
 test-full:
-	go test -tags 'synctest' -coverprofile=coverage.txt -covermode=atomic ./lib/... ./app/...
+	GOEXPERIMENT=synctest go test -coverprofile=coverage.txt -covermode=atomic ./lib/... ./app/...
 
 test-full-386:
-	GOARCH=386 go test -tags 'synctest' -coverprofile=coverage.txt -covermode=atomic ./lib/... ./app/...
+	GOEXPERIMENT=synctest GOARCH=386 go test -coverprofile=coverage.txt -covermode=atomic ./lib/... ./app/...
+
+integration-test:
+	$(MAKE) apptest
 
 apptest:
 	$(MAKE) victoria-metrics vmagent vmalert vmauth vmctl vmbackup vmrestore
 	go test ./apptest/... -skip="^Test(Cluster|Legacy).*"
 
-apptest-legacy: victoria-metrics vmbackup vmrestore
+integration-test-legacy: victoria-metrics vmbackup vmrestore
 	OS=$$(uname | tr '[:upper:]' '[:lower:]'); \
 	ARCH=$$(uname -m | tr '[:upper:]' '[:lower:]' | sed 's/x86_64/amd64/'); \
 	VERSION=v1.132.0; \
@@ -487,17 +490,17 @@ apptest-legacy: victoria-metrics vmbackup vmrestore
 	go test ./apptest/tests -run="^TestLegacySingle.*"
 
 benchmark:
-	go test -run=NO_TESTS -bench=. ./lib/...
-	go test -run=NO_TESTS -bench=. ./app/...
+	GOEXPERIMENT=synctest go test -bench=. ./lib/...
+	go test -bench=. ./app/...
 
 benchmark-pure:
-	CGO_ENABLED=0 go test -run=NO_TESTS -bench=. ./lib/...
-	CGO_ENABLED=0 go test -run=NO_TESTS -bench=. ./app/...
+	GOEXPERIMENT=synctest CGO_ENABLED=0 go test -bench=. ./lib/...
+	CGO_ENABLED=0 go test -bench=. ./app/...
 
 vendor-update:
 	go get -u ./lib/...
 	go get -u ./app/...
-	go mod tidy -compat=1.26
+	go mod tidy -compat=1.24
 	go mod vendor
 
 app-local:
@@ -521,7 +524,7 @@ install-qtc:
 
 
 golangci-lint: install-golangci-lint
-	golangci-lint run --build-tags 'synctest'
+	GOEXPERIMENT=synctest golangci-lint run
 
 install-golangci-lint:
 	which golangci-lint && (golangci-lint --version | grep -q $(GOLANGCI_LINT_VERSION)) || curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell go env GOPATH)/bin v$(GOLANGCI_LINT_VERSION)

README.md

@@ -16,21 +16,16 @@
   <img src="docs/victoriametrics/logo.webp" width="300" alt="VictoriaMetrics logo">
 </picture>
 
-VictoriaMetrics is a fast, cost-effective, and scalable solution for monitoring and managing time series data. It delivers high performance and reliability, making it an ideal choice for businesses of all sizes.
+VictoriaMetrics is a fast, cost-saving, and scalable solution for monitoring and managing time series data. It delivers high performance and reliability, making it an ideal choice for businesses of all sizes.
 
 Here are some resources and information about VictoriaMetrics:
 
-- **Case studies**: [Grammarly, Roblox, Wix, Spotify,...](https://docs.victoriametrics.com/victoriametrics/casestudies/).
-- **Available**: [Binary releases](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/latest), Docker images on [Docker Hub](https://hub.docker.com/r/victoriametrics/victoria-metrics/) and [Quay](https://quay.io/repository/victoriametrics/victoria-metrics), [Source code](https://github.com/VictoriaMetrics/VictoriaMetrics).
-- **Deployment types**: [Single-node version](https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/) and [Cluster version](https://docs.victoriametrics.com/victoriametrics/cluster-victoriametrics/) under [Apache License 2.0](https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/LICENSE).
-- **Getting started:** Read [key concepts](https://docs.victoriametrics.com/victoriametrics/keyconcepts/) and follow the
-  [quick start guide](https://docs.victoriametrics.com/victoriametrics/quick-start/).
-- **Community**: [Slack](https://slack.victoriametrics.com/) (join via [Slack Inviter](https://slack.victoriametrics.com/)), [X (Twitter)](https://x.com/VictoriaMetrics), [YouTube](https://www.youtube.com/@VictoriaMetrics). See full list [here](https://docs.victoriametrics.com/victoriametrics/#community-and-contributions).
-- **Changelog**: Project evolves fast - check the [CHANGELOG](https://docs.victoriametrics.com/victoriametrics/changelog/), and [How to upgrade](https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#how-to-upgrade-victoriametrics).
-- **Enterprise support:** [Contact us](mailto:info@victoriametrics.com) for commercial support with additional [enterprise features](https://docs.victoriametrics.com/victoriametrics/enterprise/).
-- **Enterprise releases:** Enterprise and [long-term support releases (LTS)](https://docs.victoriametrics.com/victoriametrics/lts-releases/) are publicly available and can be evaluated for free
-  using a [free trial license](https://victoriametrics.com/products/enterprise/trial/).
-- **Security:** we achieved [security certifications](https://victoriametrics.com/security/) for Database Software Development and Software-Based Monitoring Services.
+- Documentation: [docs.victoriametrics.com](https://docs.victoriametrics.com)
+- Case studies: [Grammarly, Roblox, Wix,...](https://docs.victoriametrics.com/victoriametrics/casestudies/).
+- Available: [Binary releases](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/latest), docker images [Docker Hub](https://hub.docker.com/r/victoriametrics/victoria-metrics/) and [Quay](https://quay.io/repository/victoriametrics/victoria-metrics), [Source code](https://github.com/VictoriaMetrics/VictoriaMetrics)
+- Deployment types: [Single-node version](https://docs.victoriametrics.com/), [Cluster version](https://docs.victoriametrics.com/victoriametrics/cluster-victoriametrics/), and [Enterprise version](https://docs.victoriametrics.com/victoriametrics/enterprise/)
+- Changelog: [CHANGELOG](https://docs.victoriametrics.com/victoriametrics/changelog/), and [How to upgrade](https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#how-to-upgrade-victoriametrics)
+- Community: [Slack](https://slack.victoriametrics.com/), [X (Twitter)](https://x.com/VictoriaMetrics), [LinkedIn](https://www.linkedin.com/company/victoriametrics/), [YouTube](https://www.youtube.com/@VictoriaMetrics)
 
 Yes, we open-source both the single-node VictoriaMetrics and the cluster version.
 

SECURITY.md

@@ -12,31 +12,6 @@ The following versions of VictoriaMetrics receive regular security fixes:
 
 See [this page](https://victoriametrics.com/security/) for more details.
 
-## Software Bill of Materials (SBOM)
-
-Every VictoriaMetrics container{{% available_from "#" %}} image published to
-[Docker Hub](https://hub.docker.com/u/victoriametrics)
-and [Quay.io](https://quay.io/organization/victoriametrics)
-includes an [SPDX](https://spdx.dev/) SBOM attestation
-generated automatically by BuildKit during
-`docker buildx build`.
-
-To inspect the SBOM for an image:
-
-```sh
-docker buildx imagetools inspect \
-  docker.io/victoriametrics/victoria-metrics:latest \
-  --format "{{ json .SBOM }}"
-```
-
-To scan an image using its SBOM attestation with
-[Trivy](https://github.com/aquasecurity/trivy):
-
-```sh
-trivy image --sbom-sources oci \
-  docker.io/victoriametrics/victoria-metrics:latest
-```
-
 ## Reporting a Vulnerability
 
 Please report any security issues to <security@victoriametrics.com>

app/victoria-metrics/test/parser.go

@@ -33,13 +33,13 @@ func PopulateTimeTpl(b []byte, tGlobal time.Time) []byte {
 		}
 		switch strings.TrimSpace(parts[0]) {
 		case `TIME_S`:
-			return fmt.Appendf(nil, "%d", t.Unix())
+			return []byte(fmt.Sprintf("%d", t.Unix()))
 		case `TIME_MSZ`:
-			return fmt.Appendf(nil, "%d", t.Unix()*1e3)
+			return []byte(fmt.Sprintf("%d", t.Unix()*1e3))
 		case `TIME_MS`:
-			return fmt.Appendf(nil, "%d", timeToMillis(t))
+			return []byte(fmt.Sprintf("%d", timeToMillis(t)))
 		case `TIME_NS`:
-			return fmt.Appendf(nil, "%d", t.UnixNano())
+			return []byte(fmt.Sprintf("%d", t.UnixNano()))
 		default:
 			log.Fatalf("unknown time pattern %s in %s", parts[0], repl)
 		}

app/vmagent/datadogsketches/request_handler.go

@@ -49,11 +49,6 @@ func insertRows(at *auth.Token, sketches []*datadogsketches.Sketch, extraLabels
 				Name:  "__name__",
 				Value: m.Name,
 			})
-			// See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/10557
-			labels = append(labels, prompb.Label{
-				Name:  "host",
-				Value: sketch.Host,
-			})
 			for _, label := range m.Labels {
 				labels = append(labels, prompb.Label{
 					Name:  label.Name,
@@ -62,6 +57,9 @@ func insertRows(at *auth.Token, sketches []*datadogsketches.Sketch, extraLabels
 			}
 			for _, tag := range sketch.Tags {
 				name, value := datadogutil.SplitTag(tag)
+				if name == "host" {
+					name = "exported_host"
+				}
 				labels = append(labels, prompb.Label{
 					Name:  name,
 					Value: value,

app/vmagent/remotewrite/client_test.go

@@ -18,7 +18,7 @@ func TestCalculateRetryDuration(t *testing.T) {
 	f := func(retryAfterDuration, retryDuration time.Duration, n int, expectMinDuration time.Duration) {
 		t.Helper()
 
-		for range n {
+		for i := 0; i < n; i++ {
 			retryDuration = getRetryDuration(retryAfterDuration, retryDuration, time.Minute)
 		}
 

app/vmagent/remotewrite/pendingseries_test.go

@@ -51,9 +51,9 @@ func testPushWriteRequest(t *testing.T, rowsCount, expectedBlockLenProm, expecte
 
 func newTestWriteRequest(seriesCount, labelsCount int) *prompb.WriteRequest {
 	var wr prompb.WriteRequest
-	for i := range seriesCount {
+	for i := 0; i < seriesCount; i++ {
 		var labels []prompb.Label
-		for j := range labelsCount {
+		for j := 0; j < labelsCount; j++ {
 			labels = append(labels, prompb.Label{
 				Name:  fmt.Sprintf("label_%d_%d", i, j),
 				Value: fmt.Sprintf("value_%d_%d", i, j),

app/vmagent/remotewrite/relabel.go

@@ -12,7 +12,6 @@ import (
 	"github.com/VictoriaMetrics/metrics"
 	"gopkg.in/yaml.v2"
 
-	"github.com/VictoriaMetrics/VictoriaMetrics/lib/bytesutil"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/fasttime"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/logger"
@@ -21,7 +20,8 @@ import (
 )
 
 var (
-	unparsedLabelsGlobal    = flagutil.NewArrayString("remoteWrite.label", "Optional label in the form 'name=value' to add to all the metrics before sending them to all -remoteWrite.url.")
+	unparsedLabelsGlobal = flagutil.NewArrayString("remoteWrite.label", "Optional label in the form 'name=value' to add to all the metrics before sending them to -remoteWrite.url. "+
+		"Pass multiple -remoteWrite.label flags in order to add multiple labels to metrics before sending them to remote storage")
 	relabelConfigPathGlobal = flag.String("remoteWrite.relabelConfig", "", "Optional path to file with relabeling configs, which are applied "+
 		"to all the metrics before sending them to -remoteWrite.url. See also -remoteWrite.urlRelabelConfig. "+
 		"The path can point either to local file or to http url. "+
@@ -39,7 +39,7 @@ var (
 	labelsGlobal []prompb.Label
 
 	remoteWriteRelabelConfigData    atomic.Pointer[[]byte]
-	remoteWriteURLRelabelConfigData atomic.Pointer[[]any]
+	remoteWriteURLRelabelConfigData atomic.Pointer[[]interface{}]
 
 	relabelConfigReloads      *metrics.Counter
 	relabelConfigReloadErrors *metrics.Counter
@@ -83,58 +83,30 @@ func WriteRelabelConfigData(w io.Writer) {
 	_, _ = w.Write(*p)
 }
 
-// GetRemoteWriteRelabelConfigString returns -remoteWrite.relabelConfig contents in string
-func GetRemoteWriteRelabelConfigString() string {
-	var bb bytesutil.ByteBuffer
-	WriteRelabelConfigData(&bb)
-	if bb.Len() == 0 {
-		return ""
-	}
-	return string(bb.B)
-}
-
-type UrlRelabelCfg struct {
-	Url           string `yaml:"url"`
-	RelabelConfig any    `yaml:"relabel_config"`
-
-	RelabelConfigStr string
-}
-
 // WriteURLRelabelConfigData writes -remoteWrite.urlRelabelConfig contents to w
 func WriteURLRelabelConfigData(w io.Writer) {
-	cs := GetURLRelabelConfigData()
-	if cs == nil {
+	p := remoteWriteURLRelabelConfigData.Load()
+	if p == nil {
 		// Nothing to write to w
 		return
 	}
-	d, _ := yaml.Marshal(cs)
-	_, _ = w.Write(d)
-}
-
-// GetURLRelabelConfigData is similar to WriteURLRelabelConfigData but returning data in []UrlRelabelCfg.
-func GetURLRelabelConfigData() []UrlRelabelCfg {
-	p := remoteWriteURLRelabelConfigData.Load()
-	if p == nil {
-		return nil
+	type urlRelabelCfg struct {
+		Url           string      `yaml:"url"`
+		RelabelConfig interface{} `yaml:"relabel_config"`
 	}
-	var cs []UrlRelabelCfg
+	var cs []urlRelabelCfg
 	for i, url := range *remoteWriteURLs {
 		cfgData := (*p)[i]
-		var cfgDataBytes []byte
-		if cfgData != nil {
-			cfgDataBytes, _ = yaml.Marshal(cfgData)
-		}
 		if !*showRemoteWriteURL {
 			url = fmt.Sprintf("%d:secret-url", i+1)
 		}
-		cs = append(cs, UrlRelabelCfg{
+		cs = append(cs, urlRelabelCfg{
 			Url:           url,
 			RelabelConfig: cfgData,
-
-			RelabelConfigStr: string(cfgDataBytes),
 		})
 	}
-	return cs
+	d, _ := yaml.Marshal(cs)
+	_, _ = w.Write(d)
 }
 
 func reloadRelabelConfigs() {
@@ -173,7 +145,7 @@ func loadRelabelConfigs() (*relabelConfigs, error) {
 			len(*relabelConfigPaths), (len(*remoteWriteURLs)))
 	}
 
-	var urlRelabelCfgs []any
+	var urlRelabelCfgs []interface{}
 	rcs.perURL = make([]*promrelabel.ParsedConfigs, len(*remoteWriteURLs))
 	for i, path := range *relabelConfigPaths {
 		if len(path) == 0 {
@@ -186,7 +158,7 @@ func loadRelabelConfigs() (*relabelConfigs, error) {
 		}
 		rcs.perURL[i] = prc
 
-		var parsedCfg any
+		var parsedCfg interface{}
 		_ = yaml.Unmarshal(rawCfg, &parsedCfg)
 		urlRelabelCfgs = append(urlRelabelCfgs, parsedCfg)
 	}

app/vmagent/remotewrite/remotewrite.go

@@ -1080,7 +1080,7 @@ func (rwctx *remoteWriteCtx) tryPushTimeSeriesInternal(tss []prompb.TimeSeries)
 	}()
 
 	if len(labelsGlobal) > 0 {
-		// Make a copy of tss before adding extra labels to prevent
+		// Make a copy of tss before adding extra labels in order to prevent
 		// from affecting time series for other remoteWrite.url configs.
 		rctx = getRelabelCtx()
 		v = tssPool.Get().(*[]prompb.TimeSeries)

app/vmagent/remotewrite/remotewrite_test.go

@@ -28,12 +28,12 @@ func TestGetLabelsHash_Distribution(t *testing.T) {
 		itemsCount := 1_000 * bucketsCount
 		m := make([]int, bucketsCount)
 		var labels []prompb.Label
-		for i := range itemsCount {
+		for i := 0; i < itemsCount; i++ {
 			labels = append(labels[:0], prompb.Label{
 				Name:  "__name__",
 				Value: fmt.Sprintf("some_name_%d", i),
 			})
-			for j := range 10 {
+			for j := 0; j < 10; j++ {
 				labels = append(labels, prompb.Label{
 					Name:  fmt.Sprintf("label_%d", j),
 					Value: fmt.Sprintf("value_%d_%d", i, j),
@@ -248,7 +248,7 @@ func TestShardAmountRemoteWriteCtx(t *testing.T) {
 		seriesCount := 100000
 		// build 1000000 series
 		tssBlock := make([]prompb.TimeSeries, 0, seriesCount)
-		for i := range seriesCount {
+		for i := 0; i < seriesCount; i++ {
 			tssBlock = append(tssBlock, prompb.TimeSeries{
 				Labels: []prompb.Label{
 					{
@@ -269,7 +269,7 @@ func TestShardAmountRemoteWriteCtx(t *testing.T) {
 		// build active time series set
 		nodes := make([]string, 0, remoteWriteCount)
 		activeTimeSeriesByNodes := make([]map[string]struct{}, remoteWriteCount)
-		for i := range remoteWriteCount {
+		for i := 0; i < remoteWriteCount; i++ {
 			nodes = append(nodes, fmt.Sprintf("node%d", i))
 			activeTimeSeriesByNodes[i] = make(map[string]struct{})
 		}

app/vmalert-tool/unittest/input_test.go

@@ -41,7 +41,7 @@ func TestParseInputValue_Success(t *testing.T) {
 		if len(outputExpected) != len(output) {
 			t.Fatalf("unexpected output length; got %d; want %d", len(outputExpected), len(output))
 		}
-		for i := range outputExpected {
+		for i := 0; i < len(outputExpected); i++ {
 			if outputExpected[i].Omitted != output[i].Omitted {
 				t.Fatalf("unexpected Omitted field in the output\ngot\n%v\nwant\n%v", output, outputExpected)
 			}

app/vmalert-tool/unittest/unittest.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	"maps"
 	"net"
 	"net/http"
 	"net/http/httptest"
@@ -13,7 +12,6 @@ import (
 	"os/signal"
 	"path/filepath"
 	"reflect"
-	"slices"
 	"sort"
 	"strings"
 	"syscall"
@@ -350,7 +348,9 @@ func (tg *testGroup) test(evalInterval time.Duration, groupOrderMap map[string]i
 	for k := range alertEvalTimesMap {
 		alertEvalTimes = append(alertEvalTimes, k)
 	}
-	slices.Sort(alertEvalTimes)
+	sort.Slice(alertEvalTimes, func(i, j int) bool {
+		return alertEvalTimes[i] < alertEvalTimes[j]
+	})
 
 	// sort group eval order according to the given "group_eval_order".
 	sort.Slice(testGroups, func(i, j int) bool {
@@ -361,8 +361,12 @@ func (tg *testGroup) test(evalInterval time.Duration, groupOrderMap map[string]i
 	var groups []*rule.Group
 	for _, group := range testGroups {
 		mergedExternalLabels := make(map[string]string)
-		maps.Copy(mergedExternalLabels, tg.ExternalLabels)
-		maps.Copy(mergedExternalLabels, externalLabels)
+		for k, v := range tg.ExternalLabels {
+			mergedExternalLabels[k] = v
+		}
+		for k, v := range externalLabels {
+			mergedExternalLabels[k] = v
+		}
 		ng := rule.NewGroup(group, q, time.Minute, mergedExternalLabels)
 		ng.Init()
 		groups = append(groups, ng)

app/vmalert/config/config.go

@@ -81,9 +81,12 @@ func (g *Group) Validate(validateTplFn ValidateTplFn, validateExpressions bool)
 	if g.Interval.Duration() < 0 {
 		return fmt.Errorf("interval shouldn't be lower than 0")
 	}
-	// if `eval_offset` is set, the group interval must be specified explicitly(instead of inherited from global evaluationInterval flag) and must bigger than offset.
-	if g.EvalOffset.Duration().Abs() > g.Interval.Duration() {
-		return fmt.Errorf("the abs value of eval_offset should be smaller than interval; now eval_offset: %v, interval: %v", g.EvalOffset.Duration(), g.Interval.Duration())
+	if g.EvalOffset.Duration() < 0 {
+		return fmt.Errorf("eval_offset shouldn't be lower than 0")
+	}
+	// if `eval_offset` is set, interval won't use global evaluationInterval flag and must bigger than offset.
+	if g.EvalOffset.Duration() > g.Interval.Duration() {
+		return fmt.Errorf("eval_offset should be smaller than interval; now eval_offset: %v, interval: %v", g.EvalOffset.Duration(), g.Interval.Duration())
 	}
 	if g.EvalOffset != nil && g.EvalDelay != nil {
 		return fmt.Errorf("eval_offset cannot be used with eval_delay")

app/vmalert/config/config_test.go

@@ -176,17 +176,11 @@ func TestGroupValidate_Failure(t *testing.T) {
 	}, false, "interval shouldn't be lower than 0")
 
 	f(&Group{
-		Name:       "too big eval_offset",
+		Name:       "wrong eval_offset",
 		Interval:   promutil.NewDuration(time.Minute),
 		EvalOffset: promutil.NewDuration(2 * time.Minute),
 	}, false, "eval_offset should be smaller than interval")
 
-	f(&Group{
-		Name:       "too big negative eval_offset",
-		Interval:   promutil.NewDuration(time.Minute),
-		EvalOffset: promutil.NewDuration(-2 * time.Minute),
-	}, false, "eval_offset should be smaller than interval")
-
 	limit := -1
 	f(&Group{
 		Name:  "wrong limit",

app/vmalert/config/types.go

@@ -2,7 +2,6 @@ package config
 
 import (
 	"fmt"
-	"slices"
 	"strings"
 
 	"github.com/VictoriaMetrics/VictoriaLogs/lib/logstorage"
@@ -81,8 +80,12 @@ func (t *Type) ValidateExpr(expr string) error {
 		if err != nil {
 			return fmt.Errorf("cannot obtain labels from LogsQL expr: %q, err: %w", expr, err)
 		}
-		if slices.Contains(labels, "_time") {
-			return fmt.Errorf("bad LogsQL expr: %q, err: cannot contain time buckets stats pipe `stats by (_time:step)`", expr)
+		for i := range labels {
+			// VictoriaLogs inserts `_time` field as a label in result when query with `stats by (_time:step)`,
+			// making the result meaningless and may lead to cardinality issues.
+			if labels[i] == "_time" {
+				return fmt.Errorf("bad LogsQL expr: %q, err: cannot contain time buckets stats pipe `stats by (_time:step)`", expr)
+			}
 		}
 	default:
 		return fmt.Errorf("unknown datasource type=%q", t.Name)

app/vmalert/datasource/client.go

@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"maps"
 	"net/http"
 	"net/url"
 	"strings"
@@ -92,7 +91,9 @@ func (c *Client) Clone() *Client {
 		ns.extraHeaders = make([]keyValue, len(c.extraHeaders))
 		copy(ns.extraHeaders, c.extraHeaders)
 	}
-	maps.Copy(ns.extraParams, c.extraParams)
+	for k, v := range c.extraParams {
+		ns.extraParams[k] = v
+	}
 
 	return ns
 }

app/vmalert/datasource/client_prom.go

@@ -34,7 +34,7 @@ type promResponse struct {
 	// Stats supported by VictoriaMetrics since v1.90
 	Stats struct {
 		SeriesFetched *string `json:"seriesFetched,omitempty"`
-	} `json:"stats"`
+	} `json:"stats,omitempty"`
 	// IsPartial supported by VictoriaMetrics
 	IsPartial *bool `json:"isPartial,omitempty"`
 }

app/vmalert/datasource/datasource.go

@@ -134,7 +134,7 @@ func (ls Labels) String() string {
 func LabelCompare(a, b Labels) int {
 	l := min(len(b), len(a))
 
-	for i := range l {
+	for i := 0; i < l; i++ {
 		if a[i].Name != b[i].Name {
 			if a[i].Name < b[i].Name {
 				return -1

app/vmalert/datasource/vm_prom_api_timing_test.go

@@ -13,7 +13,7 @@ func BenchmarkPromInstantUnmarshal(b *testing.B) {
 
 	// BenchmarkParsePrometheusResponse/Instant_std+fastjson-10                    1760            668959 ns/op          280147 B/op       5781 allocs/op
 	b.Run("Instant std+fastjson", func(b *testing.B) {
-		for range b.N {
+		for i := 0; i < b.N; i++ {
 			var pi promInstant
 			err = pi.Unmarshal(data)
 			if err != nil {

app/vmalert/manager_test.go

@@ -69,7 +69,7 @@ func TestManagerUpdateConcurrent(t *testing.T) {
 	for n := range workers {
 		wg.Go(func() {
 			r := rand.New(rand.NewSource(int64(n)))
-			for range iterations {
+			for i := 0; i < iterations; i++ {
 				rnd := r.Intn(len(paths))
 				cfg, err := config.Parse([]string{paths[rnd]}, notifier.ValidateTemplates, true)
 				if err != nil { // update can fail and this is expected
@@ -259,7 +259,7 @@ func compareGroups(t *testing.T, a, b *rule.Group) {
 	for i, r := range a.Rules {
 		got, want := r, b.Rules[i]
 		if a.CreateID() != b.CreateID() {
-			t.Fatalf("expected to have rule %d; got %d", want.ID(), got.ID())
+			t.Fatalf("expected to have rule %q; got %q", want.ID(), got.ID())
 		}
 		if err := rule.CompareRules(t, want, got); err != nil {
 			t.Fatalf("comparison error: %s", err)

app/vmalert/notifier/config_watcher_test.go

@@ -216,7 +216,7 @@ consul_sd_configs:
 	for n := range workers {
 		wg.Go(func() {
 			r := rand.New(rand.NewSource(int64(n)))
-			for range iterations {
+			for i := 0; i < iterations; i++ {
 				rnd := r.Intn(len(paths))
 				_ = cw.reload(paths[rnd]) // update can fail and this is expected
 				_ = cw.notifiers()

app/vmalert/remotewrite/client.go

@@ -113,7 +113,7 @@ func NewClient(ctx context.Context, cfg Config) (*Client, error) {
 		input:         make(chan prompb.TimeSeries, cfg.MaxQueueSize),
 	}
 
-	for range cc {
+	for i := 0; i < cc; i++ {
 		c.run(ctx)
 	}
 	return c, nil
@@ -186,11 +186,6 @@ func (c *Client) run(ctx context.Context) {
 				return
 			case <-ticker.C:
 				c.flush(ctx, wr)
-				// drain the potential stale tick to avoid small or empty flushes after a slow flush.
-				select {
-				case <-ticker.C:
-				default:
-				}
 			case ts, ok := <-c.input:
 				if !ok {
 					continue
@@ -243,10 +238,8 @@ func (c *Client) flush(ctx context.Context, wr *prompb.WriteRequest) {
 	defer func() {
 		sendDuration.Add(time.Since(timeStart).Seconds())
 	}()
-
-	attempts := 0
 L:
-	for {
+	for attempts := 0; ; attempts++ {
 		err := c.send(ctx, b)
 		if err != nil && (errors.Is(err, io.EOF) || netutil.IsTrivialNetworkError(err)) {
 			// Something in the middle between client and destination might be closing
@@ -288,7 +281,6 @@ L:
 		time.Sleep(retryInterval)
 		retryInterval *= 2
 
-		attempts++
 	}
 
 	rwErrors.Inc()

app/vmalert/remotewrite/client_test.go

@@ -44,7 +44,7 @@ func TestClient_Push(t *testing.T) {
 
 	r := rand.New(rand.NewSource(1))
 	const rowsN = int(1e4)
-	for range rowsN {
+	for i := 0; i < rowsN; i++ {
 		s := prompb.TimeSeries{
 			Samples: []prompb.Sample{{
 				Value:     r.Float64(),
@@ -102,7 +102,7 @@ func TestClient_run_maxBatchSizeDuringShutdown(t *testing.T) {
 		}
 
 		// push time series to the client.
-		for range pushCnt {
+		for i := 0; i < pushCnt; i++ {
 			if err = rwClient.Push(prompb.TimeSeries{}); err != nil {
 				t.Fatalf("cannot time series to the client: %s", err)
 			}

app/vmalert/remotewrite/debug_client_test.go

@@ -22,7 +22,7 @@ func TestDebugClient_Push(t *testing.T) {
 
 	const rowsN = 100
 	var sent int
-	for i := range rowsN {
+	for i := 0; i < rowsN; i++ {
 		s := prompb.TimeSeries{
 			Samples: []prompb.Sample{{
 				Value:     float64(i),

app/vmalert/rule/alerting_synctest_test.go

@@ -1,106 +0,0 @@
-//go:build synctest
-
-package rule
-
-import (
-	"context"
-	"strings"
-	"testing"
-	"testing/synctest"
-	"time"
-
-	"github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/datasource"
-	"github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/notifier"
-)
-
-// TestAlertingRule_ActiveAtPreservedInAnnotations ensures that the fix for
-// https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9543 is preserved
-// while allowing query templates in labels (https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9783)
-func TestAlertingRule_ActiveAtPreservedInAnnotations(t *testing.T) {
-	// wrap into synctest because of time manipulations
-	synctest.Test(t, func(t *testing.T) {
-		fq := &datasource.FakeQuerier{}
-
-		ar := &AlertingRule{
-			Name: "TestActiveAtPreservation",
-			Labels: map[string]string{
-				"test_query_in_label": `{{ "static_value" }}`,
-			},
-			Annotations: map[string]string{
-				"description": "Alert active since {{ $activeAt }}",
-			},
-			alerts: make(map[uint64]*notifier.Alert),
-			q:      fq,
-			state: &ruleState{
-				entries: make([]StateEntry, 10),
-			},
-		}
-
-		// Mock query result - return empty result to make suppress_for_mass_alert = false
-		// (no need to add anything to fq for empty result)
-
-		// Add a metric that should trigger the alert
-		fq.Add(metricWithValueAndLabels(t, 1, "instance", "server1"))
-
-		// First execution - creates new alert
-		ts1 := time.Now()
-		_, err := ar.exec(context.TODO(), ts1, 0)
-		if err != nil {
-			t.Fatalf("unexpected error on first exec: %s", err)
-		}
-
-		if len(ar.alerts) != 1 {
-			t.Fatalf("expected 1 alert, got %d", len(ar.alerts))
-		}
-
-		firstAlert := ar.GetAlerts()[0]
-		// Verify first execution: activeAt should be ts1 and annotation should reflect it
-		if !firstAlert.ActiveAt.Equal(ts1) {
-			t.Fatalf("expected activeAt to be %v, got %v", ts1, firstAlert.ActiveAt)
-		}
-
-		// Extract time from annotation (format will be like "Alert active since 2025-09-30 08:55:13.638551611 -0400 EDT m=+0.002928464")
-		expectedTimeStr := ts1.Format("2006-01-02 15:04:05")
-		if !strings.Contains(firstAlert.Annotations["description"], expectedTimeStr) {
-			t.Fatalf("first exec annotation should contain time %s, got: %s", expectedTimeStr, firstAlert.Annotations["description"])
-		}
-
-		// Second execution - should preserve activeAt in annotation
-
-		// Ensure different timestamp with different seconds
-		// sleep is non-blocking thanks to synctest
-		time.Sleep(2 * time.Second)
-		ts2 := time.Now()
-		_, err = ar.exec(context.TODO(), ts2, 0)
-		if err != nil {
-			t.Fatalf("unexpected error on second exec: %s", err)
-		}
-
-		// Get the alert again (should be the same alert)
-		if len(ar.alerts) != 1 {
-			t.Fatalf("expected 1 alert, got %d", len(ar.alerts))
-		}
-		secondAlert := ar.GetAlerts()[0]
-
-		// Critical test: activeAt should still be ts1, not ts2
-		if !secondAlert.ActiveAt.Equal(ts1) {
-			t.Fatalf("activeAt should be preserved as %v, but got %v", ts1, secondAlert.ActiveAt)
-		}
-
-		// Critical test: annotation should still contain ts1 time, not ts2
-		if !strings.Contains(secondAlert.Annotations["description"], expectedTimeStr) {
-			t.Fatalf("second exec annotation should still contain original time %s, got: %s", expectedTimeStr, secondAlert.Annotations["description"])
-		}
-
-		// Additional verification: annotation should NOT contain ts2 time
-		ts2TimeStr := ts2.Format("2006-01-02 15:04:05")
-		if strings.Contains(secondAlert.Annotations["description"], ts2TimeStr) {
-			t.Fatalf("annotation should NOT contain new eval time %s, got: %s", ts2TimeStr, secondAlert.Annotations["description"])
-		}
-
-		// Verify query template in labels still works (this would fail if query templates were broken)
-		if firstAlert.Labels["test_query_in_label"] != "static_value" {
-			t.Fatalf("expected test_query_in_label=static_value, got %s", firstAlert.Labels["test_query_in_label"])
-		}
-	})
-}

app/vmalert/rule/alerting_test.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 	"sync"
 	"testing"
+	"testing/synctest"
 	"time"
 
 	"github.com/VictoriaMetrics/metrics"
@@ -1478,3 +1479,95 @@ func TestAlertingRule_QueryTemplateInLabels(t *testing.T) {
 		t.Fatalf("expected 'suppress_for_mass_alert' label to be 'true' or 'false', got '%s'", suppressLabel)
 	}
 }
+
+// TestAlertingRule_ActiveAtPreservedInAnnotations ensures that the fix for
+// https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9543 is preserved
+// while allowing query templates in labels (https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9783)
+func TestAlertingRule_ActiveAtPreservedInAnnotations(t *testing.T) {
+	// wrap into synctest because of time manipulations
+	synctest.Test(t, func(t *testing.T) {
+		fq := &datasource.FakeQuerier{}
+
+		ar := &AlertingRule{
+			Name: "TestActiveAtPreservation",
+			Labels: map[string]string{
+				"test_query_in_label": `{{ "static_value" }}`,
+			},
+			Annotations: map[string]string{
+				"description": "Alert active since {{ $activeAt }}",
+			},
+			alerts: make(map[uint64]*notifier.Alert),
+			q:      fq,
+			state: &ruleState{
+				entries: make([]StateEntry, 10),
+			},
+		}
+
+		// Mock query result - return empty result to make suppress_for_mass_alert = false
+		// (no need to add anything to fq for empty result)
+
+		// Add a metric that should trigger the alert
+		fq.Add(metricWithValueAndLabels(t, 1, "instance", "server1"))
+
+		// First execution - creates new alert
+		ts1 := time.Now()
+		_, err := ar.exec(context.TODO(), ts1, 0)
+		if err != nil {
+			t.Fatalf("unexpected error on first exec: %s", err)
+		}
+
+		if len(ar.alerts) != 1 {
+			t.Fatalf("expected 1 alert, got %d", len(ar.alerts))
+		}
+
+		firstAlert := ar.GetAlerts()[0]
+		// Verify first execution: activeAt should be ts1 and annotation should reflect it
+		if !firstAlert.ActiveAt.Equal(ts1) {
+			t.Fatalf("expected activeAt to be %v, got %v", ts1, firstAlert.ActiveAt)
+		}
+
+		// Extract time from annotation (format will be like "Alert active since 2025-09-30 08:55:13.638551611 -0400 EDT m=+0.002928464")
+		expectedTimeStr := ts1.Format("2006-01-02 15:04:05")
+		if !strings.Contains(firstAlert.Annotations["description"], expectedTimeStr) {
+			t.Fatalf("first exec annotation should contain time %s, got: %s", expectedTimeStr, firstAlert.Annotations["description"])
+		}
+
+		// Second execution - should preserve activeAt in annotation
+
+		// Ensure different timestamp with different seconds
+		// sleep is non-blocking thanks to synctest
+		time.Sleep(2 * time.Second)
+		ts2 := time.Now()
+		_, err = ar.exec(context.TODO(), ts2, 0)
+		if err != nil {
+			t.Fatalf("unexpected error on second exec: %s", err)
+		}
+
+		// Get the alert again (should be the same alert)
+		if len(ar.alerts) != 1 {
+			t.Fatalf("expected 1 alert, got %d", len(ar.alerts))
+		}
+		secondAlert := ar.GetAlerts()[0]
+
+		// Critical test: activeAt should still be ts1, not ts2
+		if !secondAlert.ActiveAt.Equal(ts1) {
+			t.Fatalf("activeAt should be preserved as %v, but got %v", ts1, secondAlert.ActiveAt)
+		}
+
+		// Critical test: annotation should still contain ts1 time, not ts2
+		if !strings.Contains(secondAlert.Annotations["description"], expectedTimeStr) {
+			t.Fatalf("second exec annotation should still contain original time %s, got: %s", expectedTimeStr, secondAlert.Annotations["description"])
+		}
+
+		// Additional verification: annotation should NOT contain ts2 time
+		ts2TimeStr := ts2.Format("2006-01-02 15:04:05")
+		if strings.Contains(secondAlert.Annotations["description"], ts2TimeStr) {
+			t.Fatalf("annotation should NOT contain new eval time %s, got: %s", ts2TimeStr, secondAlert.Annotations["description"])
+		}
+
+		// Verify query template in labels still works (this would fail if query templates were broken)
+		if firstAlert.Labels["test_query_in_label"] != "static_value" {
+			t.Fatalf("expected test_query_in_label=static_value, got %s", firstAlert.Labels["test_query_in_label"])
+		}
+	})
+}

app/vmalert/rule/group.go

@@ -6,7 +6,6 @@ import (
 	"flag"
 	"fmt"
 	"hash/fnv"
-	"maps"
 	"net/url"
 	"sync"
 	"time"
@@ -31,8 +30,8 @@ var (
 		"0 means no limit.")
 	ruleUpdateEntriesLimit = flag.Int("rule.updateEntriesLimit", 20, "Defines the max number of rule's state updates stored in-memory. "+
 		"Rule's updates are available on rule's Details page and are used for debugging purposes. The number of stored updates can be overridden per rule via update_entries_limit param.")
-	resendDelay        = flag.Duration("rule.resendDelay", 0, "Minimum amount of time to wait before resending an alert to notifier.")
-	maxResolveDuration = flag.Duration("rule.maxResolveDuration", 0, "Limits the maximum duration for automatic alert expiration, "+
+	resendDelay        = flag.Duration("rule.resendDelay", 0, "MiniMum amount of time to wait before resending an alert to notifier.")
+	maxResolveDuration = flag.Duration("rule.maxResolveDuration", 0, "Limits the maxiMum duration for automatic alert expiration, "+
 		"which by default is 4 times evaluationInterval of the parent group")
 	evalDelay = flag.Duration("rule.evalDelay", 30*time.Second, "Adjustment of the 'time' parameter for rule evaluation requests to compensate intentional data delay from the datasource. "+
 		"Normally, should be equal to '-search.latencyOffset' (cmd-line flag configured for VictoriaMetrics single-node or vmselect). "+
@@ -98,7 +97,9 @@ type groupMetrics struct {
 // set2 has priority over set1.
 func mergeLabels(groupName, ruleName string, set1, set2 map[string]string) map[string]string {
 	r := map[string]string{}
-	maps.Copy(r, set1)
+	for k, v := range set1 {
+		r[k] = v
+	}
 	for k, v := range set2 {
 		if prevV, ok := r[k]; ok {
 			logger.Infof("label %q=%q for rule %q.%q overwritten with external label %q=%q",
@@ -484,15 +485,8 @@ func (g *Group) UpdateWith(newGroup *Group) {
 // delayBeforeStart calculates delay based on Group ID, so all groups will start at different moments of time.
 func (g *Group) delayBeforeStart(ts time.Time, maxDelay time.Duration) time.Duration {
 	if g.EvalOffset != nil {
-		offset := *g.EvalOffset
-		// adjust the offset for negative evalOffset, the rule is:
-		// `eval_offset: -x` is equivalent to `eval_offset: y` for `interval: x+y`.
-		// For example, `eval_offset: -6m` is equivalent to `eval_offset: 4m` for `interval: 10m`.
-		if offset < 0 {
-			offset += g.Interval
-		}
 		// if offset is specified, ignore the maxDelay and return a duration aligned with offset
-		currentOffsetPoint := ts.Truncate(g.Interval).Add(offset)
+		currentOffsetPoint := ts.Truncate(g.Interval).Add(*g.EvalOffset)
 		if currentOffsetPoint.Before(ts) {
 			// wait until the next offset point
 			return currentOffsetPoint.Add(g.Interval).Sub(ts)
@@ -501,8 +495,11 @@ func (g *Group) delayBeforeStart(ts time.Time, maxDelay time.Duration) time.Dura
 	}
 
 	// otherwise, return a random duration between [0..min(interval, maxDelay)] based on group ID
-	// artificially limit interval, so groups with big intervals could start sooner.
-	interval := min(g.Interval, maxDelay)
+	interval := g.Interval
+	if interval > maxDelay {
+		// artificially limit interval, so groups with big intervals could start sooner.
+		interval = maxDelay
+	}
 	var randSleep time.Duration
 	randSleep = time.Duration(float64(interval) * (float64(g.GetID()) / (1 << 64)))
 	sleepOffset := time.Duration(ts.UnixNano() % interval.Nanoseconds())

app/vmalert/rule/group_test.go

@@ -405,8 +405,7 @@ func TestGroupStart(t *testing.T) {
 
 		var cur uint64
 		prev := g.metrics.iterationTotal.Get()
-		i := 0
-		for {
+		for i := 0; ; i++ {
 			if i > 40 {
 				t.Fatalf("group wasn't able to perform %d evaluations during %d eval intervals", n, i)
 			}
@@ -415,7 +414,6 @@ func TestGroupStart(t *testing.T) {
 				return
 			}
 			time.Sleep(interval)
-			i++
 		}
 	}
 
@@ -606,15 +604,6 @@ func TestGroupStartDelay(t *testing.T) {
 	f("2023-01-01T00:03:30.000+00:00", "2023-01-01T00:08:00.000+00:00")
 	f("2023-01-01T00:08:00.000+00:00", "2023-01-01T00:08:00.000+00:00")
 
-	// test group with negative offset -2min, which is equivalent to 3min offset for 5min interval
-	offset = -2 * time.Minute
-	g.EvalOffset = &offset
-
-	f("2023-01-01T00:00:15.000+00:00", "2023-01-01T00:03:00.000+00:00")
-	f("2023-01-01T00:01:00.000+00:00", "2023-01-01T00:03:00.000+00:00")
-	f("2023-01-01T00:03:30.000+00:00", "2023-01-01T00:08:00.000+00:00")
-	f("2023-01-01T00:08:00.000+00:00", "2023-01-01T00:08:00.000+00:00")
-
 	maxDelay = time.Minute * 1
 	g.EvalOffset = nil
 

app/vmalert/rule/rule.go

@@ -121,7 +121,7 @@ func (s *ruleState) add(e StateEntry) {
 func replayRule(r Rule, start, end time.Time, rw remotewrite.RWClient, replayRuleRetryAttempts int) (int, error) {
 	var err error
 	var tss []prompb.TimeSeries
-	for i := range replayRuleRetryAttempts {
+	for i := 0; i < replayRuleRetryAttempts; i++ {
 		tss, err = r.execRange(context.Background(), start, end)
 		if err == nil {
 			break

app/vmalert/rule/rule_test.go

@@ -40,7 +40,7 @@ func TestRule_state(t *testing.T) {
 	}
 
 	var last time.Time
-	for range stateEntriesN * 2 {
+	for i := 0; i < stateEntriesN*2; i++ {
 		last = time.Now()
 		r.state.add(StateEntry{At: last})
 	}
@@ -68,7 +68,7 @@ func TestRule_stateConcurrent(_ *testing.T) {
 	var wg sync.WaitGroup
 	for range workers {
 		wg.Go(func() {
-			for range iterations {
+			for i := 0; i < iterations; i++ {
 				r.state.add(StateEntry{At: time.Now()})
 				r.state.getAll()
 				r.state.getLast()

app/vmalert/rule/test_helpers.go

@@ -19,13 +19,13 @@ func CompareRules(t *testing.T, a, b Rule) error {
 	case *AlertingRule:
 		br, ok := b.(*AlertingRule)
 		if !ok {
-			return fmt.Errorf("rule %d supposed to be of type AlertingRule", b.ID())
+			return fmt.Errorf("rule %q supposed to be of type AlertingRule", b.ID())
 		}
 		return compareAlertingRules(t, v, br)
 	case *RecordingRule:
 		br, ok := b.(*RecordingRule)
 		if !ok {
-			return fmt.Errorf("rule %d supposed to be of type RecordingRule", b.ID())
+			return fmt.Errorf("rule %q supposed to be of type RecordingRule", b.ID())
 		}
 		return compareRecordingRules(t, v, br)
 	default:

app/vmalert/vmalertutil/err_group_test.go

@@ -42,7 +42,7 @@ func TestErrGroupConcurrent(_ *testing.T) {
 
 	const writersN = 4
 	payload := make(chan error, writersN)
-	for range writersN {
+	for i := 0; i < writersN; i++ {
 		go func() {
 			for err := range payload {
 				eg.Add(err)
@@ -51,7 +51,7 @@ func TestErrGroupConcurrent(_ *testing.T) {
 	}
 
 	const iterations = 500
-	for i := range iterations {
+	for i := 0; i < iterations; i++ {
 		payload <- fmt.Errorf("error %d", i)
 		if i%10 == 0 {
 			_ = eg.Err()

app/vmauth/auth_config.go

@@ -13,7 +13,6 @@ import (
 	"net/url"
 	"os"
 	"regexp"
-	"slices"
 	"sort"
 	"strconv"
 	"strings"
@@ -29,7 +28,6 @@ import (
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/fasttime"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/fs/fscore"
-	"github.com/VictoriaMetrics/VictoriaMetrics/lib/httpserver"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/logger"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/netutil"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/procutil"
@@ -67,11 +65,10 @@ type AuthConfig struct {
 type UserInfo struct {
 	Name string `yaml:"name,omitempty"`
 
-	BearerToken string     `yaml:"bearer_token,omitempty"`
-	JWT         *JWTConfig `yaml:"jwt,omitempty"`
-	AuthToken   string     `yaml:"auth_token,omitempty"`
-	Username    string     `yaml:"username,omitempty"`
-	Password    string     `yaml:"password,omitempty"`
+	BearerToken string `yaml:"bearer_token,omitempty"`
+	AuthToken   string `yaml:"auth_token,omitempty"`
+	Username    string `yaml:"username,omitempty"`
+	Password    string `yaml:"password,omitempty"`
 
 	URLPrefix              *URLPrefix  `yaml:"url_prefix,omitempty"`
 	DiscoverBackendIPs     *bool       `yaml:"discover_backend_ips,omitempty"`
@@ -92,8 +89,6 @@ type UserInfo struct {
 
 	MetricLabels map[string]string `yaml:"metric_labels,omitempty"`
 
-	AccessLog *AccessLog `yaml:"access_log,omitempty"`
-
 	concurrencyLimitCh      chan struct{}
 	concurrencyLimitReached *metrics.Counter
 
@@ -106,37 +101,11 @@ type UserInfo struct {
 	requestsDuration *metrics.Summary
 }
 
-// AccessLog represents configuration for access log settings.
-type AccessLog struct {
-	Filters *AccessLogFilters `yaml:"filters"`
-}
-
-// AccessLogFilters represents list of filters for access logs printing
-type AccessLogFilters struct {
-	// SkipStatusCodes is a list of HTTP status codes for which access logs will be skipped
-	SkipStatusCodes []int `yaml:"skip_status_codes"`
-}
-
-func (ui *UserInfo) logRequest(r *http.Request, userName string, statusCode int) {
-	filters := ui.AccessLog.Filters
-	if filters != nil && len(filters.SkipStatusCodes) > 0 {
-		if slices.Contains(filters.SkipStatusCodes, statusCode) {
-			return
-		}
-	}
-
-	remoteAddr := httpserver.GetQuotedRemoteAddr(r)
-	requestURI := httpserver.GetRequestURI(r)
-	logger.Infof("access_log request_host=%q request_uri=%q status_code=%d remote_addr=%s user_agent=%q referer=%q username=%q",
-		r.Host, requestURI, statusCode, remoteAddr, r.UserAgent(), r.Referer(), userName)
-}
-
 // HeadersConf represents config for request and response headers.
 type HeadersConf struct {
-	RequestHeaders     []*Header `yaml:"headers,omitempty"`
-	ResponseHeaders    []*Header `yaml:"response_headers,omitempty"`
-	KeepOriginalHost   *bool     `yaml:"keep_original_host,omitempty"`
-	hasAnyPlaceHolders bool
+	RequestHeaders   []*Header `yaml:"headers,omitempty"`
+	ResponseHeaders  []*Header `yaml:"response_headers,omitempty"`
+	KeepOriginalHost *bool     `yaml:"keep_original_host,omitempty"`
 }
 
 func (ui *UserInfo) beginConcurrencyLimit(ctx context.Context) error {
@@ -379,7 +348,6 @@ func (bus *backendURLs) add(u *url.URL) {
 		url:                u,
 		healthCheckContext: bus.healthChecksContext,
 		healthCheckWG:      &bus.healthChecksWG,
-		hasPlaceHolders:    hasAnyPlaceholders(u),
 	})
 }
 
@@ -397,8 +365,6 @@ type backendURL struct {
 	concurrentRequests atomic.Int32
 
 	url *url.URL
-
-	hasPlaceHolders bool
 }
 
 func (bu *backendURL) isBroken() bool {
@@ -622,7 +588,7 @@ func getLeastLoadedBackendURL(bus []*backendURL, atomicCounter *atomic.Uint32) *
 
 	// Slow path - select other backend urls.
 	n := atomicCounter.Add(1) - 1
-	for i := range uint32(len(bus)) {
+	for i := uint32(0); i < uint32(len(bus)); i++ {
 		idx := (n + i) % uint32(len(bus))
 		bu := bus[idx]
 		if bu.isBroken() {
@@ -833,9 +799,6 @@ var (
 	// authUsers contains the currently loaded auth users
 	authUsers atomic.Pointer[map[string]*UserInfo]
 
-	// jwt authentication cache
-	jwtAuthCache atomic.Pointer[jwtCache]
-
 	authConfigWG sync.WaitGroup
 	stopCh       chan struct{}
 )
@@ -875,14 +838,6 @@ func reloadAuthConfigData(data []byte) (bool, error) {
 		return false, fmt.Errorf("failed to parse auth config: %w", err)
 	}
 
-	jui, err := parseJWTUsers(ac)
-	if err != nil {
-		return false, fmt.Errorf("failed to parse JWT users from auth config: %w", err)
-	}
-	jwtc := &jwtCache{
-		users: jui,
-	}
-
 	m, err := parseAuthConfigUsers(ac)
 	if err != nil {
 		return false, fmt.Errorf("failed to parse users from auth config: %w", err)
@@ -902,7 +857,6 @@ func reloadAuthConfigData(data []byte) (bool, error) {
 	authConfig.Store(ac)
 	authConfigData.Store(&data)
 	authUsers.Store(&m)
-	jwtAuthCache.Store(jwtc)
 
 	return true, nil
 }
@@ -927,18 +881,12 @@ func parseAuthConfig(data []byte) (*AuthConfig, error) {
 		if ui.BearerToken != "" {
 			return nil, fmt.Errorf("field bearer_token can't be specified for unauthorized_user section")
 		}
-		if ui.JWT != nil {
-			return nil, fmt.Errorf("field jwt can't be specified for unauthorized_user section")
-		}
 		if ui.AuthToken != "" {
 			return nil, fmt.Errorf("field auth_token can't be specified for unauthorized_user section")
 		}
 		if ui.Name != "" {
 			return nil, fmt.Errorf("field name can't be specified for unauthorized_user section")
 		}
-		if err := parseJWTPlaceholdersForUserInfo(ui, false); err != nil {
-			return nil, err
-		}
 		if err := ui.initURLs(); err != nil {
 			return nil, err
 		}
@@ -979,27 +927,16 @@ func parseAuthConfigUsers(ac *AuthConfig) (map[string]*UserInfo, error) {
 	}
 	for i := range uis {
 		ui := &uis[i]
-		// users with jwt tokens are parsed by parseJWTUsers function.
-		// the function also checks that users with jwt tokens do not have auth tokens, bearer tokens, usernames and passwords.
-		if ui.JWT != nil {
-			continue
-		}
-
 		ats, err := getAuthTokens(ui.AuthToken, ui.BearerToken, ui.Username, ui.Password)
 		if err != nil {
 			return nil, err
 		}
-
 		for _, at := range ats {
 			if uiOld := byAuthToken[at]; uiOld != nil {
 				return nil, fmt.Errorf("duplicate auth token=%q found for username=%q, name=%q; the previous one is set for username=%q, name=%q",
 					at, ui.Username, ui.Name, uiOld.Username, uiOld.Name)
 			}
 		}
-
-		if err := parseJWTPlaceholdersForUserInfo(ui, false); err != nil {
-			return nil, err
-		}
 		if err := ui.initURLs(); err != nil {
 			return nil, err
 		}
@@ -1099,7 +1036,6 @@ func (ui *UserInfo) initURLs() error {
 			return err
 		}
 	}
-
 	for _, e := range ui.URLMaps {
 		if len(e.SrcPaths) == 0 && len(e.SrcHosts) == 0 && len(e.SrcQueryArgs) == 0 && len(e.SrcHeaders) == 0 {
 			return fmt.Errorf("missing `src_paths`, `src_hosts`, `src_query_args` and `src_headers` in `url_map`")
@@ -1159,9 +1095,6 @@ func (ui *UserInfo) name() string {
 		h := xxhash.Sum64([]byte(ui.AuthToken))
 		return fmt.Sprintf("auth_token:hash:%016X", h)
 	}
-	if ui.JWT != nil {
-		return `jwt`
-	}
 	return ""
 }
 

app/vmauth/auth_config_test.go

@@ -276,50 +276,6 @@ users:
   url_prefix: http://foo.bar
   metric_labels:
     not-prometheus-compatible: value
-`)
-	// placeholder in url_prefix
-	f(`
-users:
-- username: foo
-  password: bar
-  url_prefix: 'http://ahost/{{a_placeholder}}/foobar'
-`)
-	// placeholder in a header
-	f(`
-users:
-- username: foo
-  password: bar
-  headers:
-  - 'X-Foo: {{a_placeholder}}'
-  url_prefix: 'http://ahost'
-`)
-	// placeholder in url_prefix
-	f(`
-users:
-- username: foo
-  password: bar
-  url_prefix: 'http://ahost/{{a_placeholder}}/foobar'
-`)
-	// placeholder in a header in url_map
-	f(`
-users:
-- username: foo
-  password: bar
-  url_map:
-    - src_paths: ["/select/.*"]
-      headers:
-        - 'X-Foo: {{a_placeholder}}'
-      url_prefix: 'http://ahost'
-`)
-
-	// placeholder in a header in url_map
-	f(`
-users:
-- username: foo
-  password: bar
-  url_map:
-    - src_paths: ["/select/.*"]
-      url_prefix: 'http://ahost/{{a_placeholder}}/foobar'
 `)
 }
 
@@ -422,7 +378,7 @@ users:
 			RetryStatusCodes:       []int{500, 501},
 			LoadBalancingPolicy:    "first_available",
 			MergeQueryArgs:         []string{"foo", "bar"},
-			DropSrcPathPrefixParts: new(1),
+			DropSrcPathPrefixParts: intp(1),
 			DiscoverBackendIPs:     &discoverBackendIPsTrue,
 		},
 	}, nil)
@@ -665,47 +621,6 @@ unauthorized_user:
 			},
 		},
 	})
-
-	// skip user info with jwt, it is parsed by parseJWTUsers
-	f(`
-users:
-- username: foo
-  password: bar
-  url_prefix: http://aaa:343/bbb
-- jwt: {skip_verify: true}
-  url_prefix: http://aaa:343/bbb
-`, map[string]*UserInfo{
-		getHTTPAuthBasicToken("foo", "bar"): {
-			Username:  "foo",
-			Password:  "bar",
-			URLPrefix: mustParseURL("http://aaa:343/bbb"),
-		},
-	}, nil)
-
-	// Multiple users with access logs enabled
-	f(`
-users:
-- username: foo
-  url_prefix: http://foo
-  access_log: {}
-- username: bar
-  url_prefix: https://bar/x/
-  access_log:
-    filters:
-      skip_status_codes: [404]
-`, map[string]*UserInfo{
-		getHTTPAuthBasicToken("foo", ""): {
-			Username:  "foo",
-			URLPrefix: mustParseURL("http://foo"),
-			AccessLog: &AccessLog{},
-		},
-		getHTTPAuthBasicToken("bar", ""): {
-			Username:  "bar",
-			URLPrefix: mustParseURL("https://bar/x/"),
-			AccessLog: &AccessLog{Filters: &AccessLogFilters{SkipStatusCodes: []int{404}}},
-		},
-	}, nil)
-
 }
 
 func TestParseAuthConfigPassesTLSVerificationConfig(t *testing.T) {
@@ -916,7 +831,7 @@ func TestBrokenBackend(t *testing.T) {
 	bus[1].setBroken()
 
 	// broken backend should never return while there are healthy backends
-	for range int(1e3) {
+	for i := 0; i < 1e3; i++ {
 		b := up.getBackendURL()
 		if b.isBroken() {
 			t.Fatalf("unexpected broken backend %q", b.url)
@@ -1048,6 +963,10 @@ func mustParseURLs(us []string) *URLPrefix {
 	return up
 }
 
+func intp(n int) *int {
+	return &n
+}
+
 func mustNewRegex(s string) *Regex {
 	var re Regex
 	if err := yaml.Unmarshal([]byte(s), &re); err != nil {

app/vmauth/example_config.yml

@@ -125,8 +125,3 @@ unauthorized_user:
   - http://vmselect-az1/?deny_partial_response=1
   - http://vmselect-az2/?deny_partial_response=1
   retry_status_codes: [503, 500]
-  # log access for requests routed to this user
-  access_log:
-    filters:
-      # except requests with Status Codes below
-      skip_status_codes: [200, 202]

app/vmauth/jwt.go

@@ -1,373 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"net/url"
-	"os"
-	"slices"
-	"strings"
-	"time"
-
-	"github.com/VictoriaMetrics/VictoriaMetrics/lib/jwt"
-	"github.com/VictoriaMetrics/VictoriaMetrics/lib/logger"
-)
-
-const (
-	metricsTenantPlaceholder       = `{{.MetricsTenant}}`
-	metricsExtraLabelsPlaceholder  = `{{.MetricsExtraLabels}}`
-	metricsExtraFiltersPlaceholder = `{{.MetricsExtraFilters}}`
-
-	logsAccountIDPlaceholder          = `{{.LogsAccountID}}`
-	logsProjectIDPlaceholder          = `{{.LogsProjectID}}`
-	logsExtraFiltersPlaceholder       = `{{.LogsExtraFilters}}`
-	logsExtraStreamFiltersPlaceholder = `{{.LogsExtraStreamFilters}}`
-
-	placeholderPrefix = `{{`
-)
-
-var allPlaceholders = []string{
-	metricsTenantPlaceholder,
-	metricsExtraLabelsPlaceholder,
-	metricsExtraFiltersPlaceholder,
-	logsAccountIDPlaceholder,
-	logsProjectIDPlaceholder,
-	logsExtraFiltersPlaceholder,
-	logsExtraStreamFiltersPlaceholder,
-}
-
-var urlPathPlaceHolders = []string{
-	metricsTenantPlaceholder,
-	logsAccountIDPlaceholder,
-	logsProjectIDPlaceholder,
-}
-
-type jwtCache struct {
-	// users contain UserInfo`s from AuthConfig with JWTConfig set
-	users []*UserInfo
-}
-
-type JWTConfig struct {
-	PublicKeys     []string `yaml:"public_keys,omitempty"`
-	PublicKeyFiles []string `yaml:"public_key_files,omitempty"`
-	SkipVerify     bool     `yaml:"skip_verify,omitempty"`
-
-	verifierPool *jwt.VerifierPool
-}
-
-func parseJWTUsers(ac *AuthConfig) ([]*UserInfo, error) {
-	jui := make([]*UserInfo, 0, len(ac.Users))
-	for _, ui := range ac.Users {
-		jwtToken := ui.JWT
-		if jwtToken == nil {
-			continue
-		}
-
-		if ui.AuthToken != "" || ui.BearerToken != "" || ui.Username != "" || ui.Password != "" {
-			return nil, fmt.Errorf("auth_token, bearer_token, username and password cannot be specified if jwt is set")
-		}
-		if len(jwtToken.PublicKeys) == 0 && len(jwtToken.PublicKeyFiles) == 0 && !jwtToken.SkipVerify {
-			return nil, fmt.Errorf("jwt must contain at least a single public key, public_key_files or have skip_verify=true")
-		}
-
-		if len(jwtToken.PublicKeys) > 0 || len(jwtToken.PublicKeyFiles) > 0 {
-			keys := make([]any, 0, len(jwtToken.PublicKeys)+len(jwtToken.PublicKeyFiles))
-
-			for i := range jwtToken.PublicKeys {
-				k, err := jwt.ParseKey([]byte(jwtToken.PublicKeys[i]))
-				if err != nil {
-					return nil, err
-				}
-				keys = append(keys, k)
-			}
-
-			for _, filePath := range jwtToken.PublicKeyFiles {
-				keyData, err := os.ReadFile(filePath)
-				if err != nil {
-					return nil, fmt.Errorf("cannot read public key from file %q: %w", filePath, err)
-				}
-				k, err := jwt.ParseKey(keyData)
-				if err != nil {
-					return nil, fmt.Errorf("cannot parse public key from file %q: %w", filePath, err)
-				}
-				keys = append(keys, k)
-			}
-
-			vp, err := jwt.NewVerifierPool(keys)
-			if err != nil {
-				return nil, err
-			}
-
-			jwtToken.verifierPool = vp
-		}
-		if err := parseJWTPlaceholdersForUserInfo(&ui, true); err != nil {
-			return nil, err
-		}
-
-		if err := ui.initURLs(); err != nil {
-			return nil, err
-		}
-
-		metricLabels, err := ui.getMetricLabels()
-		if err != nil {
-			return nil, fmt.Errorf("cannot parse metric_labels: %w", err)
-		}
-		ui.requests = ac.ms.GetOrCreateCounter(`vmauth_user_requests_total` + metricLabels)
-		ui.requestErrors = ac.ms.GetOrCreateCounter(`vmauth_user_request_errors_total` + metricLabels)
-		ui.backendRequests = ac.ms.GetOrCreateCounter(`vmauth_user_request_backend_requests_total` + metricLabels)
-		ui.backendErrors = ac.ms.GetOrCreateCounter(`vmauth_user_request_backend_errors_total` + metricLabels)
-		ui.requestsDuration = ac.ms.GetOrCreateSummary(`vmauth_user_request_duration_seconds` + metricLabels)
-		mcr := ui.getMaxConcurrentRequests()
-		ui.concurrencyLimitCh = make(chan struct{}, mcr)
-		ui.concurrencyLimitReached = ac.ms.GetOrCreateCounter(`vmauth_user_concurrent_requests_limit_reached_total` + metricLabels)
-		_ = ac.ms.GetOrCreateGauge(`vmauth_user_concurrent_requests_capacity`+metricLabels, func() float64 {
-			return float64(cap(ui.concurrencyLimitCh))
-		})
-		_ = ac.ms.GetOrCreateGauge(`vmauth_user_concurrent_requests_current`+metricLabels, func() float64 {
-			return float64(len(ui.concurrencyLimitCh))
-		})
-
-		rt, err := newRoundTripper(ui.TLSCAFile, ui.TLSCertFile, ui.TLSKeyFile, ui.TLSServerName, ui.TLSInsecureSkipVerify)
-		if err != nil {
-			return nil, fmt.Errorf("cannot initialize HTTP RoundTripper: %w", err)
-		}
-		ui.rt = rt
-
-		jui = append(jui, &ui)
-	}
-
-	// TODO: the limitation will be lifted once claim based matching will be implemented
-	if len(jui) > 1 {
-		return nil, fmt.Errorf("multiple users with JWT tokens are not supported; found %d users", len(jui))
-	}
-
-	return jui, nil
-}
-
-func getUserInfoByJWTToken(ats []string) (*UserInfo, *jwt.Token) {
-	js := *jwtAuthCache.Load()
-	if len(js.users) == 0 {
-		return nil, nil
-	}
-
-	for _, at := range ats {
-		if strings.Count(at, ".") != 2 {
-			continue
-		}
-
-		at, _ = strings.CutPrefix(at, `http_auth:`)
-
-		tkn, err := jwt.NewToken(at, true)
-		if err != nil {
-			if *logInvalidAuthTokens {
-				logger.Infof("cannot parse jwt token: %s", err)
-			}
-			continue
-		}
-		if tkn.IsExpired(time.Now()) {
-			if *logInvalidAuthTokens {
-				// TODO: add more context:
-				// token claims with issuer
-				logger.Infof("jwt token is expired")
-			}
-			continue
-		}
-
-		for _, ui := range js.users {
-			if ui.JWT.SkipVerify {
-				return ui, tkn
-			}
-
-			if err := ui.JWT.verifierPool.Verify(tkn); err != nil {
-				if *logInvalidAuthTokens {
-					logger.Infof("cannot verify jwt token: %s", err)
-				}
-				continue
-			}
-
-			return ui, tkn
-		}
-	}
-
-	return nil, nil
-}
-
-func replaceJWTPlaceholders(bu *backendURL, hc HeadersConf, vma *jwt.VMAccessClaim) (*url.URL, HeadersConf) {
-	if !bu.hasPlaceHolders && !hc.hasAnyPlaceHolders {
-		return bu.url, hc
-	}
-	targetURL := bu.url
-	data := jwtClaimsData(vma)
-	if bu.hasPlaceHolders {
-		// template url params and request path
-		// make a copy of url
-		uCopy := *bu.url
-		for _, uph := range urlPathPlaceHolders {
-			replacement := data[uph]
-			uCopy.Path = strings.ReplaceAll(uCopy.Path, uph, replacement[0])
-		}
-		query := uCopy.Query()
-		var foundAnyQueryPlaceholder bool
-		var templatedValues []string
-		for param, values := range query {
-			templatedValues = templatedValues[:0]
-			// filter in-place values with placeholders
-			// and accumulate replacements
-			// it will change the order of param values
-			// but it's not guaranteed
-			// and will be changed in any way with multiple arg templates
-			var cnt int
-			for _, value := range values {
-				if dv, ok := data[value]; ok {
-					foundAnyQueryPlaceholder = true
-					templatedValues = append(templatedValues, dv...)
-					continue
-				}
-				values[cnt] = value
-				cnt++
-			}
-			values = values[:cnt]
-			values = append(values, templatedValues...)
-			query[param] = values
-		}
-		if foundAnyQueryPlaceholder {
-			uCopy.RawQuery = query.Encode()
-		}
-		targetURL = &uCopy
-	}
-	if hc.hasAnyPlaceHolders {
-		// make a copy of headers and update only values with placeholder
-		rhs := make([]*Header, 0, len(hc.RequestHeaders))
-		for _, rh := range hc.RequestHeaders {
-			if dv, ok := data[rh.Value]; ok {
-				rh := &Header{
-					Name:  rh.Name,
-					Value: strings.Join(dv, ","),
-				}
-				rhs = append(rhs, rh)
-				continue
-			}
-			rhs = append(rhs, rh)
-		}
-		hc.RequestHeaders = rhs
-	}
-
-	return targetURL, hc
-}
-
-func jwtClaimsData(vma *jwt.VMAccessClaim) map[string][]string {
-	data := map[string][]string{
-		// TODO: optimize at parsing stage
-		metricsTenantPlaceholder:       {fmt.Sprintf("%d:%d", vma.MetricsAccountID, vma.MetricsProjectID)},
-		metricsExtraLabelsPlaceholder:  vma.MetricsExtraLabels,
-		metricsExtraFiltersPlaceholder: vma.MetricsExtraFilters,
-
-		// TODO: optimize at parsing stage
-		logsAccountIDPlaceholder:          {fmt.Sprintf("%d", vma.LogsAccountID)},
-		logsProjectIDPlaceholder:          {fmt.Sprintf("%d", vma.LogsProjectID)},
-		logsExtraFiltersPlaceholder:       vma.LogsExtraFilters,
-		logsExtraStreamFiltersPlaceholder: vma.LogsExtraStreamFilters,
-	}
-	return data
-}
-
-func parseJWTPlaceholdersForUserInfo(ui *UserInfo, isAllowed bool) error {
-	if ui.URLPrefix != nil {
-		if err := validateJWTPlaceholdersForURL(ui.URLPrefix, isAllowed); err != nil {
-			return err
-		}
-	}
-	if err := parsePlaceholdersForHC(&ui.HeadersConf, isAllowed); err != nil {
-		return err
-	}
-	if ui.DefaultURL != nil {
-		if err := validateJWTPlaceholdersForURL(ui.DefaultURL, isAllowed); err != nil {
-			return fmt.Errorf("invalid `default_url` placeholders: %w", err)
-		}
-	}
-	for i := range ui.URLMaps {
-		e := &ui.URLMaps[i]
-		if e.URLPrefix != nil {
-			if err := validateJWTPlaceholdersForURL(e.URLPrefix, isAllowed); err != nil {
-				return fmt.Errorf("invalid `url_map` `url_prefix` placeholders: %w", err)
-			}
-		}
-		if err := parsePlaceholdersForHC(&e.HeadersConf, isAllowed); err != nil {
-			return fmt.Errorf("invalid `url_map` headers placeholders: %w", err)
-		}
-
-	}
-	return nil
-}
-
-func validateJWTPlaceholdersForURL(up *URLPrefix, isAllowed bool) error {
-	for _, bu := range up.busOriginal {
-		ok := strings.Contains(bu.Path, placeholderPrefix)
-		if ok && !isAllowed {
-			return fmt.Errorf("placeholder: %q is only allowed at JWT token context", bu.Path)
-		}
-		if ok {
-			p := bu.Path
-			for _, ph := range allPlaceholders {
-				p = strings.ReplaceAll(p, ph, ``)
-			}
-			if strings.Contains(p, placeholderPrefix) {
-				return fmt.Errorf("invalid placeholder found in URL request path: %q, supported values are: %s", bu.Path, strings.Join(allPlaceholders, ", "))
-
-			}
-		}
-		for param, values := range bu.Query() {
-			for _, value := range values {
-				ok := strings.Contains(value, placeholderPrefix)
-				if ok && !isAllowed {
-					return fmt.Errorf("query param: %q with placeholder: %q is only allowed at JWT token context", param, value)
-				}
-				if ok {
-					// possible placeholder
-					if !slices.Contains(allPlaceholders, value) {
-						return fmt.Errorf("query param: %q has unsupported placeholder string: %q, supported values are: %s", param, value, strings.Join(allPlaceholders, ", "))
-					}
-				}
-			}
-		}
-	}
-	return nil
-}
-
-func parsePlaceholdersForHC(hc *HeadersConf, isAllowed bool) error {
-	for _, rhs := range hc.RequestHeaders {
-		ok := strings.Contains(rhs.Value, placeholderPrefix)
-		if ok && !isAllowed {
-			return fmt.Errorf("request header: %q placeholder: %q is only supported at JWT context", rhs.Name, rhs.Value)
-		}
-		if ok {
-			if !slices.Contains(allPlaceholders, rhs.Value) {
-				return fmt.Errorf("request header: %q has unsupported placeholder: %q, supported values are: %s", rhs.Name, rhs.Value, strings.Join(allPlaceholders, ", "))
-			}
-			hc.hasAnyPlaceHolders = true
-		}
-	}
-	for _, rhs := range hc.ResponseHeaders {
-		if strings.Contains(rhs.Value, placeholderPrefix) {
-			return fmt.Errorf("response header placeholders are not supported; found placeholder prefix at header: %q with value: %q", rhs.Name, rhs.Value)
-		}
-	}
-	return nil
-}
-
-func hasAnyPlaceholders(u *url.URL) bool {
-	if strings.Contains(u.Path, placeholderPrefix) {
-		return true
-	}
-	if len(u.Query()) == 0 {
-		return false
-	}
-	for _, values := range u.Query() {
-		for _, value := range values {
-			if strings.HasPrefix(value, placeholderPrefix) {
-				return true
-			}
-		}
-
-	}
-	return false
-}

app/vmauth/jwt_test.go

@@ -1,336 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestJWTParseAuthConfigFailure(t *testing.T) {
-	validRSAPublicKey := `-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiX7oPWKOWRQsGFEWvwZO
-mL2PYsdYUsu9nr0qtPCjxQHUJgLfT3rdKlvKpPFYv7ZmKnqTncg36Wz9uiYmWJ7e
-IB5Z+fko8kVIMzarCqVvpAJDzYF/pUii68xvuYoK3L9TIOAeyCXv+prwnr2IH+Mw
-9AONzWbRrYoO74XyTE9vMU5qmI/L1VPk+PR8lqPOSptLvzsfoaIk2ED4yK2nRB+6
-st+k4nccPqbErqHc8aiXnXfugfnr6b+NPFYUzKsDqkymGOokVijrI8B3jNw6c6Do
-zphk+D3wgLsXYHfMcZbXIMqffqm/aB8Qg88OpFOkQ3rd2p6R9+hacnZkfkn3Phiw
-yQIDAQAB
------END PUBLIC KEY-----
-`
-	// ECDSA with the P-521 curve
-	validECDSAPublicKey := `-----BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAU9RmtkCRuYTKCyvLlDn5DtBZOHSe
-QTa5j9q/oQVpCKqcXVFrH5dgh0GL+P/ZhkeuowPzCZqntGf0+7wPt9OxSJcADVJm
-dv92m540MXss8zdHf5qtE0gsu2Ved0R7Z8a8QwGZ/1mYZ+kFGGbdQTlSvRqDySTq
-XOtclIk1uhc03oL9nOQ=
------END PUBLIC KEY-----
-`
-
-	f := func(s string, expErr string) {
-		t.Helper()
-		ac, err := parseAuthConfig([]byte(s))
-		if err != nil {
-			if expErr != err.Error() {
-				t.Fatalf("unexpected error; got\n%q\nwant\n%q", err.Error(), expErr)
-			}
-			return
-		}
-		users, err := parseJWTUsers(ac)
-		if err != nil {
-			if expErr != err.Error() {
-				t.Fatalf("unexpected error; got\n%q\nwant \n%q", err.Error(), expErr)
-			}
-			return
-		}
-		t.Fatalf("expecting non-nil error; got %v", users)
-	}
-
-	// unauthorized_user cannot be used with jwt
-	f(`
-unauthorized_user:
-  jwt: {skip_verify: true}
-  url_prefix: http://foo.bar
-`, `field jwt can't be specified for unauthorized_user section`)
-
-	// username and jwt in a single config
-	f(`
-users:
-- username: foo
-  jwt: {skip_verify: true}
-  url_prefix: http://foo.bar
-`, `auth_token, bearer_token, username and password cannot be specified if jwt is set`)
-	// bearer_token and jwt in a single config
-	f(`
-users:
-- bearer_token: foo
-  jwt: {skip_verify: true}
-  url_prefix: http://foo.bar
-`, `auth_token, bearer_token, username and password cannot be specified if jwt is set`)
-	// bearer_token and jwt in a single config
-	f(`
-users:
-- auth_token: "Foo token"
-  jwt: {skip_verify: true}
-  url_prefix: http://foo.bar
-`, `auth_token, bearer_token, username and password cannot be specified if jwt is set`)
-
-	// jwt public_keys or skip_verify must be set, part 1
-	f(`
-users:
-- jwt: {}
-  url_prefix: http://foo.bar
-`, `jwt must contain at least a single public key, public_key_files or have skip_verify=true`)
-
-	// jwt public_keys or skip_verify must be set, part 2
-	f(`
-users:
-- jwt: {public_keys: null}
-  url_prefix: http://foo.bar
-`, `jwt must contain at least a single public key, public_key_files or have skip_verify=true`)
-
-	// jwt public_keys or skip_verify must be set, part 3
-	f(`
-users:
-- jwt: {public_keys: []}
-  url_prefix: http://foo.bar
-`, `jwt must contain at least a single public key, public_key_files or have skip_verify=true`)
-
-	// jwt public_keys, public_key_files or skip_verify must be set
-	f(`
-users:
-- jwt: {public_key_files: []}
-  url_prefix: http://foo.bar
-`, `jwt must contain at least a single public key, public_key_files or have skip_verify=true`)
-
-	// invalid public key, part 1
-	f(`
-users:
-- jwt: {public_keys: [""]}
-  url_prefix: http://foo.bar
-`, `failed to parse key "": failed to decode PEM block containing public key`)
-
-	// invalid public key, part 2
-	f(`
-users:
-- jwt: {public_keys: ["invalid"]}
-  url_prefix: http://foo.bar
-`, `failed to parse key "invalid": failed to decode PEM block containing public key`)
-
-	// invalid public key, part 2
-	f(fmt.Sprintf(`
-users:
-- jwt: 
-    public_keys:
-    - %q
-    - %q
-    - "invalid"
-  url_prefix: http://foo.bar
-`, validRSAPublicKey, validECDSAPublicKey), `failed to parse key "invalid": failed to decode PEM block containing public key`)
-
-	// several jwt users
-	// invalid public key, part 2
-	f(fmt.Sprintf(`
-users:
-- jwt: 
-    public_keys:
-    - %q
-  url_prefix: http://foo.bar
-- jwt:
-    public_keys:
-    - %q
-  url_prefix: http://foo.bar
-`, validRSAPublicKey, validECDSAPublicKey), `multiple users with JWT tokens are not supported; found 2 users`)
-
-	// public key file doesn't exist
-	f(`
-users:
-- jwt: 
-    public_key_files: 
-    - /path/to/nonexistent/file.pem
-  url_prefix: http://foo.bar
-`, "cannot read public key from file \"/path/to/nonexistent/file.pem\": open /path/to/nonexistent/file.pem: no such file or directory")
-
-	// public key file invalid
-	// auth with key from file
-	publicKeyFile := filepath.Join(t.TempDir(), "a_public_key.pem")
-	if err := os.WriteFile(publicKeyFile, []byte(`invalidPEM`), 0o644); err != nil {
-		t.Fatalf("failed to write public key file: %s", err)
-	}
-	f(`
-users:
-- jwt: 
-    public_key_files: 
-    - `+publicKeyFile+`
-  url_prefix: http://foo.bar
-`, "cannot parse public key from file \""+publicKeyFile+"\": failed to parse key \"invalidPEM\": failed to decode PEM block containing public key")
-
-	// unsupported placeholder in a header
-	f(`
-users:
-- jwt: 
-    skip_verify: true
-  url_prefix: http://foo.bar/{{.UnsupportedPlaceholder}}/foo`,
-		"invalid placeholder found in URL request path: \"/{{.UnsupportedPlaceholder}}/foo\", supported values are: {{.MetricsTenant}}, {{.MetricsExtraLabels}}, {{.MetricsExtraFilters}}, {{.LogsAccountID}}, {{.LogsProjectID}}, {{.LogsExtraFilters}}, {{.LogsExtraStreamFilters}}",
-	)
-	// unsupported placeholder in a header
-	f(`
-users:
-- jwt: 
-    skip_verify: true
-  headers:
-    - "AccountID: {{.UnsupportedPlaceholder}}"
-  url_prefix: http://foo.bar
-`,
-		"request header: \"AccountID\" has unsupported placeholder: \"{{.UnsupportedPlaceholder}}\", supported values are: {{.MetricsTenant}}, {{.MetricsExtraLabels}}, {{.MetricsExtraFilters}}, {{.LogsAccountID}}, {{.LogsProjectID}}, {{.LogsExtraFilters}}, {{.LogsExtraStreamFilters}}",
-	)
-
-	// spaces in templating not allowed
-	f(`
-users:
-- jwt: 
-    skip_verify: true
-  headers:
-    - "AccountID: {{ .LogsAccountID }}"
-  url_prefix: http://foo.bar
-`,
-		"request header: \"AccountID\" has unsupported placeholder: \"{{ .LogsAccountID }}\", supported values are: {{.MetricsTenant}}, {{.MetricsExtraLabels}}, {{.MetricsExtraFilters}}, {{.LogsAccountID}}, {{.LogsProjectID}}, {{.LogsExtraFilters}}, {{.LogsExtraStreamFilters}}",
-	)
-}
-
-func TestJWTParseAuthConfigSuccess(t *testing.T) {
-	validRSAPublicKey := `-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiX7oPWKOWRQsGFEWvwZO
-mL2PYsdYUsu9nr0qtPCjxQHUJgLfT3rdKlvKpPFYv7ZmKnqTncg36Wz9uiYmWJ7e
-IB5Z+fko8kVIMzarCqVvpAJDzYF/pUii68xvuYoK3L9TIOAeyCXv+prwnr2IH+Mw
-9AONzWbRrYoO74XyTE9vMU5qmI/L1VPk+PR8lqPOSptLvzsfoaIk2ED4yK2nRB+6
-st+k4nccPqbErqHc8aiXnXfugfnr6b+NPFYUzKsDqkymGOokVijrI8B3jNw6c6Do
-zphk+D3wgLsXYHfMcZbXIMqffqm/aB8Qg88OpFOkQ3rd2p6R9+hacnZkfkn3Phiw
-yQIDAQAB
------END PUBLIC KEY-----
-`
-	// ECDSA with the P-521 curve
-	validECDSAPublicKey := `-----BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAU9RmtkCRuYTKCyvLlDn5DtBZOHSe
-QTa5j9q/oQVpCKqcXVFrH5dgh0GL+P/ZhkeuowPzCZqntGf0+7wPt9OxSJcADVJm
-dv92m540MXss8zdHf5qtE0gsu2Ved0R7Z8a8QwGZ/1mYZ+kFGGbdQTlSvRqDySTq
-XOtclIk1uhc03oL9nOQ=
------END PUBLIC KEY-----
-`
-
-	f := func(s string) {
-		t.Helper()
-		ac, err := parseAuthConfig([]byte(s))
-		if err != nil {
-			t.Fatalf("unexpected error: %s", err)
-		}
-
-		jui, err := parseJWTUsers(ac)
-		if err != nil {
-			t.Fatalf("unexpected error: %s", err)
-		}
-
-		for _, ui := range jui {
-			if ui.JWT == nil {
-				t.Fatalf("unexpected nil JWTConfig")
-			}
-
-			if ui.JWT.SkipVerify {
-				if ui.JWT.verifierPool != nil {
-					t.Fatalf("unexpected non-nil verifier pool for skip_verify=true")
-				}
-				continue
-			}
-
-			if ui.JWT.verifierPool == nil {
-				t.Fatalf("unexpected nil verifier pool for non-empty public keys")
-			}
-		}
-	}
-
-	f(fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_prefix: http://foo.bar
-`, validRSAPublicKey))
-
-	f(fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_prefix: http://foo.bar
-`, validECDSAPublicKey))
-
-	f(fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-    - %q
-  url_prefix: http://foo.bar
-`, validRSAPublicKey, validECDSAPublicKey))
-
-	f(`
-users:
-- jwt:
-    skip_verify: true
-  url_prefix: http://foo.bar
-`)
-
-	// combined with other auth methods
-	f(`
-users:
-- username: foo
-  password: bar
-  url_prefix: http://foo.bar
-
-- jwt:
-    skip_verify: true
-  url_prefix: http://foo.bar
-
-- bearer_token: foo
-  url_prefix: http://foo.bar
-`)
-
-	rsaKeyFile := filepath.Join(t.TempDir(), "rsa_public_key.pem")
-	if err := os.WriteFile(rsaKeyFile, []byte(validRSAPublicKey), 0o644); err != nil {
-		t.Fatalf("failed to write RSA key file: %s", err)
-	}
-	ecdsaKeyFile := filepath.Join(t.TempDir(), "ecdsa_public_key.pem")
-	if err := os.WriteFile(ecdsaKeyFile, []byte(validECDSAPublicKey), 0o644); err != nil {
-		t.Fatalf("failed to write ECDSA key file: %s", err)
-	}
-
-	// Test single public key file
-	f(fmt.Sprintf(`
-users:
-- jwt:
-    public_key_files:
-    - %q
-  url_prefix: http://foo.bar
-`, rsaKeyFile))
-
-	// Test multiple public key files
-	f(fmt.Sprintf(`
-users:
-- jwt:
-    public_key_files:
-    - %q
-    - %q
-  url_prefix: http://foo.bar
-`, rsaKeyFile, ecdsaKeyFile))
-
-	// Test combined inline keys and files
-	f(fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-    public_key_files:
-    - %q
-  url_prefix: http://foo.bar
-`, validECDSAPublicKey, rsaKeyFile))
-}

app/vmauth/main.go

@@ -16,7 +16,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/VictoriaMetrics/VictoriaMetrics/lib/jwt"
 	"github.com/VictoriaMetrics/metrics"
 
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/buildinfo"
@@ -174,7 +173,7 @@ func requestHandler(w http.ResponseWriter, r *http.Request) bool {
 		// Process requests for unauthorized users
 		ui := authConfig.Load().UnauthorizedUser
 		if ui != nil {
-			processUserRequest(w, r, ui, nil)
+			processUserRequest(w, r, ui)
 			return true
 		}
 
@@ -182,36 +181,29 @@ func requestHandler(w http.ResponseWriter, r *http.Request) bool {
 		return true
 	}
 
-	if ui := getUserInfoByAuthTokens(ats); ui != nil {
-		processUserRequest(w, r, ui, nil)
-		return true
-	}
-	if ui, tkn := getUserInfoByJWTToken(ats); ui != nil {
-		if tkn == nil {
-			logger.Panicf("BUG: unexpected nil jwt token for user %q", ui.name())
+	ui := getUserInfoByAuthTokens(ats)
+	if ui == nil {
+		uu := authConfig.Load().UnauthorizedUser
+		if uu != nil {
+			processUserRequest(w, r, uu)
+			return true
 		}
 
-		processUserRequest(w, r, ui, tkn)
-		return true
-	}
-
-	uu := authConfig.Load().UnauthorizedUser
-	if uu != nil {
-		processUserRequest(w, r, uu, nil)
-		return true
-	}
-
-	invalidAuthTokenRequests.Inc()
-	if *logInvalidAuthTokens {
-		err := fmt.Errorf("cannot authorize request with auth tokens %q", ats)
-		err = &httpserver.ErrorWithStatusCode{
-			Err:        err,
-			StatusCode: http.StatusUnauthorized,
+		invalidAuthTokenRequests.Inc()
+		if *logInvalidAuthTokens {
+			err := fmt.Errorf("cannot authorize request with auth tokens %q", ats)
+			err = &httpserver.ErrorWithStatusCode{
+				Err:        err,
+				StatusCode: http.StatusUnauthorized,
+			}
+			httpserver.Errorf(w, r, "%s", err)
+		} else {
+			http.Error(w, "Unauthorized", http.StatusUnauthorized)
 		}
-		httpserver.Errorf(w, r, "%s", err)
-	} else {
-		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		return true
 	}
+
+	processUserRequest(w, r, ui)
 	return true
 }
 
@@ -226,37 +218,7 @@ func getUserInfoByAuthTokens(ats []string) *UserInfo {
 	return nil
 }
 
-// responseWriterWithStatus is a wrapper around http.ResponseWriter that captures the status code written to the response.
-type responseWriterWithStatus struct {
-	http.ResponseWriter
-	status int
-}
-
-// WriteHeader records the status so it can be easily retrieved later
-func (rws *responseWriterWithStatus) WriteHeader(status int) {
-	rws.status = status
-	rws.ResponseWriter.WriteHeader(status)
-}
-
-// Flush implements net/http.Flusher interface
-//
-// This is needed for the copyStreamToClient()
-func (rws *responseWriterWithStatus) Flush() {
-	flusher, ok := rws.ResponseWriter.(http.Flusher)
-	if !ok {
-		logger.Panicf("BUG: it is expected http.ResponseWriter (%T) supports http.Flusher interface", rws.ResponseWriter)
-	}
-	flusher.Flush()
-}
-
-// Unwrap returns the original ResponseWriter wrapped by rws.
-//
-// This is needed for the net/http.ResponseController - see https://pkg.go.dev/net/http#NewResponseController
-func (rws *responseWriterWithStatus) Unwrap() http.ResponseWriter {
-	return rws.ResponseWriter
-}
-
-func processUserRequest(w http.ResponseWriter, r *http.Request, ui *UserInfo, tkn *jwt.Token) {
+func processUserRequest(w http.ResponseWriter, r *http.Request, ui *UserInfo) {
 	startTime := time.Now()
 	defer ui.requestsDuration.UpdateDuration(startTime)
 
@@ -265,19 +227,6 @@ func processUserRequest(w http.ResponseWriter, r *http.Request, ui *UserInfo, tk
 	ctx, cancel := context.WithTimeout(r.Context(), *maxQueueDuration)
 	defer cancel()
 
-	userName := ui.name()
-	if userName == "" {
-		userName = "unauthorized"
-	}
-
-	if ui.AccessLog != nil {
-		w = &responseWriterWithStatus{ResponseWriter: w}
-		defer func() {
-			rws := w.(*responseWriterWithStatus)
-			ui.logRequest(r, userName, rws.status)
-		}()
-	}
-
 	// Acquire global concurrency limit.
 	if err := beginConcurrencyLimit(ctx); err != nil {
 		handleConcurrencyLimitError(w, r, err)
@@ -296,6 +245,10 @@ func processUserRequest(w http.ResponseWriter, r *http.Request, ui *UserInfo, tk
 	}
 
 	// Read the initial chunk for the request body.
+	userName := ui.name()
+	if userName == "" {
+		userName = "unauthorized"
+	}
 	bb, err := bufferRequestBody(ctx, r.Body, userName)
 	if err != nil {
 		httpserver.Errorf(w, r, "%s", err)
@@ -316,7 +269,7 @@ func processUserRequest(w http.ResponseWriter, r *http.Request, ui *UserInfo, tk
 	defer ui.endConcurrencyLimit()
 
 	// Process the request.
-	processRequest(w, r, ui, tkn)
+	processRequest(w, r, ui)
 }
 
 func beginConcurrencyLimit(ctx context.Context) error {
@@ -389,7 +342,7 @@ func bufferRequestBody(ctx context.Context, r io.ReadCloser, userName string) (i
 	return bb, nil
 }
 
-func processRequest(w http.ResponseWriter, r *http.Request, ui *UserInfo, tkn *jwt.Token) {
+func processRequest(w http.ResponseWriter, r *http.Request, ui *UserInfo) {
 	u := normalizeURL(r.URL)
 	up, hc := ui.getURLPrefixAndHeaders(u, r.Host, r.Header)
 	isDefault := false
@@ -415,16 +368,12 @@ func processRequest(w http.ResponseWriter, r *http.Request, ui *UserInfo, tkn *j
 	}
 
 	maxAttempts := up.getBackendsCount()
-	for range maxAttempts {
+	for i := 0; i < maxAttempts; i++ {
 		bu := up.getBackendURL()
 		if bu == nil {
 			break
 		}
 		targetURL := bu.url
-		if tkn != nil {
-			// for security reasons allow templating only for configured url values and headers
-			targetURL, hc = replaceJWTPlaceholders(bu, hc, tkn.VMAccess())
-		}
 		if isDefault {
 			// Don't change path and add request_path query param for default route.
 			query := targetURL.Query()
@@ -434,6 +383,7 @@ func processRequest(w http.ResponseWriter, r *http.Request, ui *UserInfo, tkn *j
 			// Update path for regular routes.
 			targetURL = mergeURLs(targetURL, u, up.dropSrcPathPrefixParts, up.mergeQueryArgs)
 		}
+
 		wasLocalRetry := false
 	again:
 		ok, needLocalRetry := tryProcessingRequest(w, r, targetURL, hc, up.retryStatusCodes, ui, bu)
@@ -451,7 +401,7 @@ func processRequest(w http.ResponseWriter, r *http.Request, ui *UserInfo, tkn *j
 		ui.backendErrors.Inc()
 	}
 	err := &httpserver.ErrorWithStatusCode{
-		Err:        fmt.Errorf("all the %d backends for the user %q are unavailable for proxying the request - check previous WARN logs to see the exact error for each failed backend", up.getBackendsCount(), ui.name()),
+		Err:        fmt.Errorf("all the %d backends for the user %q are unavailable", up.getBackendsCount(), ui.name()),
 		StatusCode: http.StatusBadGateway,
 	}
 	httpserver.Errorf(w, r, "%s", err)

app/vmauth/main_test.go

@@ -3,21 +3,11 @@ package main
 import (
 	"bytes"
 	"context"
-	"crypto"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/json"
-	"encoding/pem"
 	"fmt"
 	"io"
 	"net"
 	"net/http"
 	"net/http/httptest"
-	"os"
-	"path/filepath"
-	"sort"
 	"strings"
 	"sync/atomic"
 	"testing"
@@ -430,7 +420,7 @@ unauthorized_user:
 	}
 	responseExpected = `
 statusCode=502
-all the 2 backends for the user "" are unavailable for proxying the request - check previous WARN logs to see the exact error for each failed backend`
+all the 2 backends for the user "" are unavailable`
 	f(cfgStr, requestURL, backendHandler, responseExpected)
 
 	// all the backend_urls are unavailable for authorized user
@@ -448,7 +438,7 @@ users:
 	}
 	responseExpected = `
 statusCode=502
-all the 2 backends for the user "some-user" are unavailable for proxying the request - check previous WARN logs to see the exact error for each failed backend`
+all the 2 backends for the user "some-user" are unavailable`
 	f(cfgStr, requestURL, backendHandler, responseExpected)
 
 	// zero discovered backend IPs
@@ -470,7 +460,7 @@ unauthorized_user:
 	}
 	responseExpected = `
 statusCode=502
-all the 0 backends for the user "" are unavailable for proxying the request - check previous WARN logs to see the exact error for each failed backend`
+all the 0 backends for the user "" are unavailable`
 	f(cfgStr, requestURL, backendHandler, responseExpected)
 	netutil.Resolver = origResolver
 
@@ -487,7 +477,7 @@ unauthorized_user:
 	}
 	responseExpected = `
 statusCode=502
-all the 2 backends for the user "" are unavailable for proxying the request - check previous WARN logs to see the exact error for each failed backend`
+all the 2 backends for the user "" are unavailable`
 	f(cfgStr, requestURL, backendHandler, responseExpected)
 	if n := retries.Load(); n != 2 {
 		t.Fatalf("unexpected number of retries; got %d; want 2", n)
@@ -516,728 +506,6 @@ requested_url={BACKEND}/path2/foo/?de=fg`
 	}
 }
 
-func TestJWTRequestHandler(t *testing.T) {
-	// Generate RSA key pair for testing
-	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
-	if err != nil {
-		t.Fatalf("cannot generate RSA key: %s", err)
-	}
-
-	// Generate public key PEM
-	publicKeyBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey)
-	if err != nil {
-		t.Fatalf("cannot marshal public key: %s", err)
-	}
-	publicKeyPEM := pem.EncodeToMemory(&pem.Block{
-		Type:  "PUBLIC KEY",
-		Bytes: publicKeyBytes,
-	})
-
-	genToken := func(t *testing.T, body map[string]any, valid bool) string {
-		t.Helper()
-
-		headerJSON, err := json.Marshal(map[string]any{
-			"alg": "RS256",
-			"typ": "JWT",
-		})
-		if err != nil {
-			t.Fatalf("cannot marshal header: %s", err)
-		}
-		headerB64 := base64.RawURLEncoding.EncodeToString(headerJSON)
-
-		bodyJSON, err := json.Marshal(body)
-		if err != nil {
-			t.Fatalf("cannot marshal body: %s", err)
-		}
-		bodyB64 := base64.RawURLEncoding.EncodeToString(bodyJSON)
-
-		payload := headerB64 + "." + bodyB64
-
-		var signatureB64 string
-		if valid {
-			// Create real RSA signature
-			hash := crypto.SHA256
-			h := hash.New()
-			h.Write([]byte(payload))
-			digest := h.Sum(nil)
-
-			signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, hash, digest)
-			if err != nil {
-				t.Fatalf("cannot sign token: %s", err)
-			}
-			signatureB64 = base64.RawURLEncoding.EncodeToString(signature)
-		} else {
-			signatureB64 = base64.RawURLEncoding.EncodeToString([]byte("invalid_signature"))
-		}
-
-		return payload + "." + signatureB64
-	}
-
-	f := func(cfgStr string, r *http.Request, responseExpected string) {
-		t.Helper()
-
-		ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			if _, err := w.Write([]byte("path: " + r.URL.Path + "\n")); err != nil {
-				panic(fmt.Errorf("cannot write response: %w", err))
-			}
-			if _, err := w.Write([]byte("query:\n")); err != nil {
-				panic(fmt.Errorf("cannot write response: %w", err))
-			}
-			names := make([]string, 0, len(r.URL.Query()))
-			query := r.URL.Query()
-			for n := range query {
-				names = append(names, n)
-			}
-			sort.Strings(names)
-			for _, n := range names {
-				for _, v := range query[n] {
-					if _, err := w.Write([]byte("    " + n + "=" + v + "\n")); err != nil {
-						panic(fmt.Errorf("cannot write response: %w", err))
-					}
-				}
-			}
-
-			if _, err := w.Write([]byte("headers:\n")); err != nil {
-				panic(fmt.Errorf("cannot write response: %w", err))
-			}
-			if v := r.Header.Get(`AccountID`); v != "" {
-				if _, err := w.Write([]byte(`    AccountID=` + v + "\n")); err != nil {
-					panic(fmt.Errorf("cannot write response: %w", err))
-				}
-			}
-			if v := r.Header.Get(`ProjectID`); v != "" {
-				if _, err := w.Write([]byte(`    ProjectID=` + v + "\n")); err != nil {
-					panic(fmt.Errorf("cannot write response: %w", err))
-				}
-			}
-		}))
-		defer ts.Close()
-
-		cfgStr = strings.ReplaceAll(cfgStr, "{BACKEND}", ts.URL)
-		responseExpected = strings.ReplaceAll(responseExpected, "{BACKEND}", ts.URL)
-
-		cfgOrigP := authConfigData.Load()
-		if _, err := reloadAuthConfigData([]byte(cfgStr)); err != nil {
-			t.Fatalf("cannot load config data: %s", err)
-		}
-		defer func() {
-			cfgOrig := []byte("unauthorized_user:\n  url_prefix: http://foo/bar")
-			if cfgOrigP != nil {
-				cfgOrig = *cfgOrigP
-			}
-			_, err := reloadAuthConfigData(cfgOrig)
-			if err != nil {
-				t.Fatalf("cannot load the original config: %s", err)
-			}
-		}()
-
-		w := &fakeResponseWriter{}
-		if !requestHandlerWithInternalRoutes(w, r) {
-			t.Fatalf("unexpected false is returned from requestHandler")
-		}
-
-		response := w.getResponse()
-		response = strings.ReplaceAll(response, "\r\n", "\n")
-		response = strings.TrimSpace(response)
-		responseExpected = strings.TrimSpace(responseExpected)
-		if response != responseExpected {
-			t.Fatalf("unexpected response\ngot\n%s\nwant\n%s", response, responseExpected)
-		}
-	}
-
-	simpleCfgStr := fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_prefix: {BACKEND}/foo`, string(publicKeyPEM))
-	noVMAccessClaimToken := genToken(t, nil, true)
-	minimalToken := genToken(t, map[string]any{
-		"exp":       time.Now().Add(10 * time.Minute).Unix(),
-		"vm_access": map[string]any{},
-	}, true)
-	expiredToken := genToken(t, map[string]any{
-		"exp":       10,
-		"vm_access": map[string]any{},
-	}, true)
-	invalidSignatureToken := genToken(t, map[string]any{
-		"exp":       time.Now().Add(10 * time.Minute).Unix(),
-		"vm_access": map[string]any{},
-	}, false)
-
-	fullToken := genToken(t, map[string]any{
-		"exp": time.Now().Add(10 * time.Minute).Unix(),
-		"vm_access": map[string]any{
-			"metrics_account_id": 123,
-			"metrics_project_id": 234,
-			"metrics_extra_labels": []string{
-				"label1=value1",
-				"label2=value2",
-			},
-			"metrics_extra_filters": []string{
-				`{label3="value3"}`,
-				`{label4="value4"}`,
-			},
-			"logs_account_id": 345,
-			"logs_project_id": 456,
-			"logs_extra_filters": []string{
-				`{"namespace":"my-app","env":"prod"}`,
-			},
-			"logs_extra_stream_filters": []string{
-				`{"team":"dev"}`,
-			},
-		},
-	}, true)
-
-	// missing authorization
-	request := httptest.NewRequest(`GET`, "http://some-host.com/abc", nil)
-	responseExpected := `
-statusCode=401
-Www-Authenticate: Basic realm="Restricted"
-missing 'Authorization' request header`
-	f(simpleCfgStr, request, responseExpected)
-
-	// token without vm_access claim
-	request = httptest.NewRequest(`GET`, "http://some-host.com/abc", nil)
-	request.Header.Set(`Authorization`, `Bearer `+noVMAccessClaimToken)
-	responseExpected = `
-statusCode=401
-Unauthorized`
-	f(simpleCfgStr, request, responseExpected)
-
-	// expired token
-	request = httptest.NewRequest(`GET`, "http://some-host.com/abc", nil)
-	request.Header.Set(`Authorization`, `Bearer `+expiredToken)
-	responseExpected = `
-statusCode=401
-Unauthorized`
-	f(simpleCfgStr, request, responseExpected)
-
-	// invalid signature token
-	request = httptest.NewRequest(`GET`, "http://some-host.com/abc", nil)
-	request.Header.Set(`Authorization`, `Bearer `+invalidSignatureToken)
-	responseExpected = `
-statusCode=401
-Unauthorized`
-	f(simpleCfgStr, request, responseExpected)
-
-	// invalid signature token and skip verify
-	request = httptest.NewRequest(`GET`, "http://some-host.com/abc", nil)
-	request.Header.Set(`Authorization`, `Bearer `+invalidSignatureToken)
-	responseExpected = `
-statusCode=200
-path: /foo/abc
-query:
-headers:`
-	f(`
-users:
-- jwt:
-    skip_verify: true
-  url_prefix: {BACKEND}/foo`, request, responseExpected)
-
-	// token with default valid vm_access claim
-	request = httptest.NewRequest(`GET`, "http://some-host.com/abc", nil)
-	request.Header.Set(`Authorization`, `Bearer `+minimalToken)
-	responseExpected = `
-statusCode=200
-path: /foo/abc
-query:
-headers:`
-	f(simpleCfgStr, request, responseExpected)
-
-	// jwt token used but no matching user with JWT token in config
-	request = httptest.NewRequest(`GET`, "http://some-host.com/abc", nil)
-	request.Header.Set(`Authorization`, `Bearer `+minimalToken)
-	responseExpected = `
-statusCode=401
-Unauthorized`
-	f(`
-users:
-- password: a-password
-  username: a-user
-  url_prefix: {BACKEND}/foo`, request, responseExpected)
-
-	// auth with key from file
-	publicKeyFile := filepath.Join(t.TempDir(), "a_public_key.pem")
-	if err := os.WriteFile(publicKeyFile, []byte(publicKeyPEM), 0o644); err != nil {
-		t.Fatalf("failed to write public key file: %s", err)
-	}
-	request = httptest.NewRequest(`GET`, "http://some-host.com/abc", nil)
-	request.Header.Set(`Authorization`, `Bearer `+minimalToken)
-	responseExpected = `
-statusCode=200
-path: /foo/abc
-query:
-headers:`
-	f(fmt.Sprintf(`
-users:
-- jwt:
-    public_key_files:
-    - %q
-  url_prefix: {BACKEND}/foo`, publicKeyFile), request, responseExpected)
-
-	// ---- VictoriaMetrics specific tests ----
-
-	// extra_label and extra_filters dropped if empty in vm_access claim
-	request = httptest.NewRequest(`GET`, "http://some-host.com/api/v1/query", nil)
-	request.Header.Set(`Authorization`, `Bearer `+minimalToken)
-	responseExpected = `
-statusCode=200
-path: /select/0:0/api/v1/query
-query:
-headers:`
-	f(fmt.Sprintf(
-		`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_prefix: {BACKEND}/select/{{.MetricsTenant}}/?extra_label={{.MetricsExtraLabels}}&extra_filters={{.MetricsExtraFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// extra_label and extra_filters set if present in vm_access claim
-	request = httptest.NewRequest(`GET`, "http://some-host.com/api/v1/query", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/123:234/api/v1/query
-query:
-    extra_filters={label3="value3"}
-    extra_filters={label4="value4"}
-    extra_label=label1=value1
-    extra_label=label2=value2
-headers:`
-	f(fmt.Sprintf(
-		`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_prefix: {BACKEND}/select/{{.MetricsTenant}}/?extra_label={{.MetricsExtraLabels}}&extra_filters={{.MetricsExtraFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// extra_label and extra_filters from vm_access claim merged with statically defined
-	request = httptest.NewRequest(`GET`, "http://some-host.com/api/v1/query", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/123:234/api/v1/query
-query:
-    extra_filters=aStaticFilter
-    extra_filters={label3="value3"}
-    extra_filters={label4="value4"}
-    extra_label=aStaticLabel
-    extra_label=label1=value1
-    extra_label=label2=value2
-headers:`
-	f(fmt.Sprintf(
-		`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_prefix: {BACKEND}/select/{{.MetricsTenant}}/?extra_label=aStaticLabel&extra_filters=aStaticFilter&extra_label={{.MetricsExtraLabels}}&extra_filters={{.MetricsExtraFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// extra_labels and extra_filters set from vm_access claim should override user provided query args
-	request = httptest.NewRequest(`GET`, "http://some-host.com/api/v1/query?extra_label=userProvidedLabel&extra_filters=userProvidedFilter", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/123:234/api/v1/query
-query:
-    extra_filters={label3="value3"}
-    extra_filters={label4="value4"}
-    extra_label=label1=value1
-    extra_label=label2=value2
-headers:`
-	f(
-		fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_prefix: {BACKEND}/select/{{.MetricsTenant}}/?extra_label={{.MetricsExtraLabels}}&extra_filters={{.MetricsExtraFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// merge user provided query args with extra_labels and extra_filters from vm_access claim
-	request = httptest.NewRequest(`GET`, "http://some-host.com/api/v1/query?extra_label=userProvidedLabel&extra_filters=userProvidedFilter", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/123:234/api/v1/query
-query:
-    extra_filters={label3="value3"}
-    extra_filters={label4="value4"}
-    extra_filters=userProvidedFilter
-    extra_label=label1=value1
-    extra_label=label2=value2
-    extra_label=userProvidedLabel
-headers:`
-	f(fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  merge_query_args: [extra_filters, extra_label]
-  url_prefix: {BACKEND}/select/{{.MetricsTenant}}/?extra_label={{.MetricsExtraLabels}}&extra_filters={{.MetricsExtraFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// pass user provided query args if vm_access claim has no extra_labels and extra_filters
-	request = httptest.NewRequest(`GET`, "http://some-host.com/api/v1/query?extra_label=userProvidedLabel&extra_filters=userProvidedFilter", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/123:234/api/v1/query
-query:
-    extra_filters=userProvidedFilter
-    extra_label=userProvidedLabel
-headers:`
-	f(fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  merge_query_args: [extra_filters, extra_label]
-  url_prefix: {BACKEND}/select/{{.MetricsTenant}}/`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// pass user provided query args if vm_access claim has no extra_labels and extra_filters
-	request = httptest.NewRequest(`GET`, "http://some-host.com/api/v1/query?extra_label=userProvidedLabel&extra_filters=userProvidedFilter", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/123:234/api/v1/query
-query:
-    extra_filters=userProvidedFilter
-    extra_label=userProvidedLabel
-headers:`
-	f(fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_prefix: {BACKEND}/select/{{.MetricsTenant}}/`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// placeholders in url_map
-	request = httptest.NewRequest(`GET`, "http://some-host.com/api/v1/query", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/123:234/api/v1/query
-query:
-    extra_filters={label3="value3"}
-    extra_filters={label4="value4"}
-    extra_label=label1=value1
-    extra_label=label2=value2
-headers:`
-	f(fmt.Sprintf(
-		`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_map:
-    - src_paths: ["/api/.*"]
-      url_prefix: {BACKEND}/select/{{.MetricsTenant}}/?extra_label={{.MetricsExtraLabels}}&extra_filters={{.MetricsExtraFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// ---- VictoriaLogs specific tests ----
-
-	// tenant headers not overwritten if set statically
-	// extra_filters extra_stream_filters dropped if empty in vm_access claim
-	request = httptest.NewRequest(`GET`, "http://some-host.com/query", nil)
-	request.Header.Set(`Authorization`, `Bearer `+minimalToken)
-	responseExpected = `
-statusCode=200
-path: /select/logsql/query
-query:
-headers:
-    AccountID=555
-    ProjectID=666`
-	f(
-		fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  headers:
-    - "AccountID: 555"
-    - "ProjectID: 666"
-  url_prefix: {BACKEND}/select/logsql/?extra_filters={{.LogsExtraFilters}}&extra_stream_filters={{.LogsExtraStreamFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// tenant headers are overwritten if set as placeholders
-	request = httptest.NewRequest(`GET`, "http://some-host.com/query", nil)
-	request.Header.Set(`Authorization`, `Bearer `+minimalToken)
-	responseExpected = `
-statusCode=200
-path: /select/logsql/query
-query:
-headers:
-    AccountID=0
-    ProjectID=0`
-	f(
-		fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  headers:
-    - "AccountID: {{.LogsAccountID}}"
-    - "ProjectID: {{.LogsProjectID}}"
-  url_prefix: {BACKEND}/select/logsql/?extra_filters={{.LogsExtraFilters}}&extra_stream_filters={{.LogsExtraStreamFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// tenant headers are overwritten if set as placeholders
-	// extra_filters extra_stream_filters from vm_access claim merged with statically defined
-	request = httptest.NewRequest(`GET`, "http://some-host.com/query", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/logsql/query
-query:
-    extra_filters=aStaticFilter
-    extra_filters={"namespace":"my-app","env":"prod"}
-    extra_stream_filters=aStaticStreamFilter
-    extra_stream_filters={"team":"dev"}
-headers:
-    AccountID=345
-    ProjectID=456`
-	f(
-		fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  headers:
-    - "AccountID: {{.LogsAccountID}}"
-    - "ProjectID: {{.LogsProjectID}}"
-  url_prefix: {BACKEND}/select/logsql/?extra_filters=aStaticFilter&extra_stream_filters=aStaticStreamFilter&extra_filters={{.LogsExtraFilters}}&extra_stream_filters={{.LogsExtraStreamFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// tenant headers are overwritten if set as placeholders
-	// extra_filters extra_stream_filters from vm_access claim merged with statically defined
-	request = httptest.NewRequest(`GET`, "http://some-host.com/query", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/logsql/query
-query:
-    extra_filters=aStaticFilter
-    extra_filters={"namespace":"my-app","env":"prod"}
-    extra_stream_filters=aStaticStreamFilter
-    extra_stream_filters={"team":"dev"}
-headers:
-    AccountID=345
-    ProjectID=456`
-	f(
-		fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  headers:
-    - "AccountID: {{.LogsAccountID}}"
-    - "ProjectID: {{.LogsProjectID}}"
-  url_prefix: {BACKEND}/select/logsql/?extra_filters=aStaticFilter&extra_stream_filters=aStaticStreamFilter&extra_filters={{.LogsExtraFilters}}&extra_stream_filters={{.LogsExtraStreamFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// claim info should overwrite user provided query args and headers
-	request = httptest.NewRequest(`GET`, "http://some-host.com/query?extra_filters=aUserFilter&extra_stream_filters=aUserStreamFilter", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	request.Header.Set(`AccountID`, `aUserAccountID`)
-	request.Header.Set(`ProjectID`, `aUserProjectID`)
-	responseExpected = `
-statusCode=200
-path: /select/logsql/query
-query:
-    extra_filters={"namespace":"my-app","env":"prod"}
-    extra_stream_filters={"team":"dev"}
-headers:
-    AccountID=345
-    ProjectID=456`
-	f(
-		fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  headers:
-    - "AccountID: {{.LogsAccountID}}"
-    - "ProjectID: {{.LogsProjectID}}"
-  url_prefix: {BACKEND}/select/logsql/?extra_filters={{.LogsExtraFilters}}&extra_stream_filters={{.LogsExtraStreamFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// merge user provided query args with extra_filters and extra_stream_filters from vm_access claim
-	request = httptest.NewRequest(`GET`, "http://some-host.com/query?extra_filters=aUserFilter&extra_stream_filters=aUserStreamFilter", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/logsql/query
-query:
-    extra_filters={"namespace":"my-app","env":"prod"}
-    extra_filters=aUserFilter
-    extra_stream_filters={"team":"dev"}
-    extra_stream_filters=aUserStreamFilter
-headers:
-    AccountID=345
-    ProjectID=456`
-	f(
-		fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  headers:
-    - "AccountID: {{.LogsAccountID}}"
-    - "ProjectID: {{.LogsProjectID}}"
-  merge_query_args: [extra_filters, extra_stream_filters]
-  url_prefix: {BACKEND}/select/logsql/?extra_filters={{.LogsExtraFilters}}&extra_stream_filters={{.LogsExtraStreamFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// pass user provided query args if vm_access claim has no extra_labels and extra_filters
-	request = httptest.NewRequest(`GET`, "http://some-host.com/query?extra_filters=aUserFilter&extra_stream_filters=aUserStreamFilter", nil)
-	request.Header.Set(`Authorization`, `Bearer `+minimalToken)
-	responseExpected = `
-statusCode=200
-path: /select/logsql/query
-query:
-    extra_filters=aUserFilter
-    extra_stream_filters=aUserStreamFilter
-headers:
-    AccountID=0
-    ProjectID=0`
-	f(
-		fmt.Sprintf(`
-users:
-- jwt:
-    public_keys:
-    - %q
-  headers:
-    - "AccountID: {{.LogsAccountID}}"
-    - "ProjectID: {{.LogsProjectID}}"
-  merge_query_args: [extra_filters, extra_stream_filters]
-  url_prefix: {BACKEND}/select/logsql/?extra_filters={{.LogsExtraFilters}}&extra_stream_filters={{.LogsExtraStreamFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// placeholders in url_map
-	request = httptest.NewRequest(`GET`, "http://some-host.com/query", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/logsql/query
-query:
-    extra_filters={"namespace":"my-app","env":"prod"}
-    extra_stream_filters={"team":"dev"}
-headers:
-    AccountID=345
-    ProjectID=456`
-	f(fmt.Sprintf(
-		`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_map:
-    - src_paths: ["/query"]
-      headers:
-        - "AccountID: {{.LogsAccountID}}"
-        - "ProjectID: {{.LogsProjectID}}"
-      url_prefix: {BACKEND}/select/logsql/?extra_filters={{.LogsExtraFilters}}&extra_stream_filters={{.LogsExtraStreamFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-	// multiple placeholders in url_map for the same param
-	request = httptest.NewRequest(`GET`, "http://some-host.com/query", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	responseExpected = `
-statusCode=200
-path: /select/logsql/query
-query:
-    extra_filters={"namespace":"my-app","env":"prod"}
-    extra_stream_filters={"team":"dev"}
-    tenant_info=static=value
-    tenant_info=345
-    tenant_info=456
-headers:
-    AccountID=345
-    ProjectID=456`
-	f(fmt.Sprintf(
-		`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_map:
-    - src_paths: ["/query"]
-      headers:
-        - "AccountID: {{.LogsAccountID}}"
-        - "ProjectID: {{.LogsProjectID}}"
-      url_prefix: {BACKEND}/select/logsql/?extra_filters={{.LogsExtraFilters}}&extra_stream_filters={{.LogsExtraStreamFilters}}&tenant_info=static=value&tenant_info={{.LogsAccountID}}&tenant_info={{.LogsProjectID}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-	// client request params must be ignored by placeholders
-	request = httptest.NewRequest(`GET`, "http://some-host.com/query?template_attack={{.LogsExtraFilters}}", nil)
-	request.Header.Set(`Authorization`, `Bearer `+fullToken)
-	request.Header.Set(`AccountID`, `{{.LogsAccountID}}`)
-	responseExpected = `
-statusCode=200
-path: /select/logsql/query
-query:
-    extra_filters={"namespace":"my-app","env":"prod"}
-    extra_stream_filters={"team":"dev"}
-    template_attack={{.LogsExtraFilters}}
-headers:
-    AccountID={{.LogsAccountID}}`
-	f(fmt.Sprintf(
-		`
-users:
-- jwt:
-    public_keys:
-    - %q
-  url_map:
-    - src_paths: ["/query"]
-      url_prefix: {BACKEND}/select/logsql/?extra_filters={{.LogsExtraFilters}}&extra_stream_filters={{.LogsExtraStreamFilters}}`, string(publicKeyPEM)),
-		request,
-		responseExpected,
-	)
-
-}
-
 type fakeResponseWriter struct {
 	h http.Header
 
@@ -1564,7 +832,7 @@ func TestBufferedBody_RetrySuccess(t *testing.T) {
 		if !canRetry {
 			t.Fatalf("canRetry() must return true before reading anything")
 		}
-		for i := range 5 {
+		for i := 0; i < 5; i++ {
 			data, err := io.ReadAll(rb)
 			if err != nil {
 				t.Fatalf("unexpected error when reading all the data at iteration %d: %s", i, err)
@@ -1622,7 +890,7 @@ func TestBufferedBody_RetrySuccessPartialRead(t *testing.T) {
 		if !canRetry {
 			t.Fatalf("canRetry must return true")
 		}
-		for i := range len(s) {
+		for i := 0; i < len(s); i++ {
 			buf := make([]byte, i)
 			n, err := io.ReadFull(rb, buf)
 			if err != nil {

app/vmauth/target_url_test.go

@@ -174,7 +174,7 @@ func TestCreateTargetURLSuccess(t *testing.T) {
 		},
 		RetryStatusCodes:       []int{503, 501},
 		LoadBalancingPolicy:    "first_available",
-		DropSrcPathPrefixParts: new(2),
+		DropSrcPathPrefixParts: intp(2),
 	}, "/a/b/c", "http://foo.bar/c", `bb: aaa`, `x: y`, []int{503, 501}, "first_available", 2)
 	f(&UserInfo{
 		URLPrefix: mustParseURL("http://foo.bar/federate"),
@@ -219,13 +219,13 @@ func TestCreateTargetURLSuccess(t *testing.T) {
 				},
 				RetryStatusCodes:       []int{503, 500, 501},
 				LoadBalancingPolicy:    "first_available",
-				DropSrcPathPrefixParts: new(1),
+				DropSrcPathPrefixParts: intp(1),
 			},
 			{
 				SrcPaths:               getRegexs([]string{"/api/v1/write"}),
 				URLPrefix:              mustParseURL("http://vminsert/0/prometheus"),
 				RetryStatusCodes:       []int{},
-				DropSrcPathPrefixParts: new(0),
+				DropSrcPathPrefixParts: intp(0),
 			},
 			{
 				SrcPaths:  getRegexs([]string{"/metrics"}),
@@ -242,7 +242,7 @@ func TestCreateTargetURLSuccess(t *testing.T) {
 			},
 		},
 		RetryStatusCodes:       []int{502},
-		DropSrcPathPrefixParts: new(2),
+		DropSrcPathPrefixParts: intp(2),
 	}
 	f(ui, "http://host42/vmsingle/api/v1/query?query=up&db=foo", "http://vmselect/0/prometheus/api/v1/query?db=foo&query=up",
 		"xx: aa\nyy: asdf", "qwe: rty", []int{503, 500, 501}, "first_available", 1)
@@ -259,7 +259,7 @@ func TestCreateTargetURLSuccess(t *testing.T) {
 				SrcPaths:               getRegexs([]string{"/api/v1/write"}),
 				URLPrefix:              mustParseURL("http://vminsert/0/prometheus"),
 				RetryStatusCodes:       []int{},
-				DropSrcPathPrefixParts: new(0),
+				DropSrcPathPrefixParts: intp(0),
 			},
 			{
 				SrcPaths:  getRegexs([]string{"/metrics/a/b"}),
@@ -275,7 +275,7 @@ func TestCreateTargetURLSuccess(t *testing.T) {
 			},
 		},
 		RetryStatusCodes:       []int{502},
-		DropSrcPathPrefixParts: new(2),
+		DropSrcPathPrefixParts: intp(2),
 	}
 	f(ui, "https://foo-host/api/v1/write", "http://vminsert/0/prometheus/api/v1/write", "", "", []int{}, "least_loaded", 0)
 	f(ui, "https://foo-host/metrics/a/b", "http://metrics-server/b", "", "", []int{502}, "least_loaded", 2)

app/vmctl/backoff/backoff.go

@@ -47,7 +47,7 @@ func New(retries int, factor float64, minDuration time.Duration) (*Backoff, erro
 // Retry process retries until all attempts are completed
 func (b *Backoff) Retry(ctx context.Context, cb retryableFunc) (uint64, error) {
 	var attempt uint64
-	for i := range b.retries {
+	for i := 0; i < b.retries; i++ {
 		err := cb()
 		if err == nil {
 			return attempt, nil

app/vmctl/opentsdb/opentsdb.go

@@ -109,7 +109,7 @@ func (c Client) FindMetrics(q string) ([]string, error) {
 		return nil, fmt.Errorf("failed to send GET request to %q: %s", q, err)
 	}
 	if resp.StatusCode != 200 {
-		return nil, fmt.Errorf("bad return from OpenTSDB: %d: %v", resp.StatusCode, resp)
+		return nil, fmt.Errorf("bad return from OpenTSDB: %q: %v", resp.StatusCode, resp)
 	}
 	defer func() { _ = resp.Body.Close() }()
 	body, err := io.ReadAll(resp.Body)
@@ -133,7 +133,7 @@ func (c Client) FindSeries(metric string) ([]Meta, error) {
 		return nil, fmt.Errorf("failed to set GET request to %q: %s", q, err)
 	}
 	if resp.StatusCode != 200 {
-		return nil, fmt.Errorf("bad return from OpenTSDB: %d: %v", resp.StatusCode, resp)
+		return nil, fmt.Errorf("bad return from OpenTSDB: %q: %v", resp.StatusCode, resp)
 	}
 	defer func() { _ = resp.Body.Close() }()
 	body, err := io.ReadAll(resp.Body)

app/vmctl/vm/timeseries.go

@@ -76,11 +76,11 @@ func (ts *TimeSeries) write(w io.Writer) (int, error) {
 
 		pointsCount := len(timestampsBatch)
 		cw.printf(`},"timestamps":[`)
-		for i := range pointsCount - 1 {
+		for i := 0; i < pointsCount-1; i++ {
 			cw.printf(`%d,`, timestampsBatch[i])
 		}
 		cw.printf(`%d],"values":[`, timestampsBatch[pointsCount-1])
-		for i := range pointsCount - 1 {
+		for i := 0; i < pointsCount-1; i++ {
 			cw.printf(`%v,`, valuesBatch[i])
 		}
 		cw.printf("%v]}\n", valuesBatch[pointsCount-1])

app/vmctl/vm_native.go

@@ -262,7 +262,7 @@ func (p *vmNativeProcessor) runBackfilling(ctx context.Context, tenantID string,
 	errCh := make(chan error, p.cc)
 
 	var wg sync.WaitGroup
-	for range p.cc {
+	for i := 0; i < p.cc; i++ {
 		wg.Go(func() {
 			for f := range filterCh {
 				if !p.disablePerMetricRequests {

app/vminsert/common/insert_ctx.go

@@ -182,7 +182,6 @@ func (ctx *InsertCtx) WriteMetadata(mmpbs []prompb.MetricMetadata) error {
 		mm.Type = mmpb.Type
 		mm.Unit = bytesutil.ToUnsafeBytes(mmpb.Unit)
 	}
-	ctx.mms = mms
 
 	err := vmstorage.AddMetadataRows(mms)
 	if err != nil {
@@ -207,7 +206,6 @@ func (ctx *InsertCtx) WritePromMetadata(mmps []prometheus.Metadata) error {
 		mm.Help = bytesutil.ToUnsafeBytes(mmpb.Help)
 		mm.Type = mmpb.Type
 	}
-	ctx.mms = mms
 
 	err := vmstorage.AddMetadataRows(mms)
 	if err != nil {

app/vminsert/datadogsketches/request_handler.go

@@ -45,14 +45,15 @@ func insertRows(sketches []*datadogsketches.Sketch, extraLabels []prompb.Label)
 		ms := sketch.ToSummary()
 		for _, m := range ms {
 			ctx.Labels = ctx.Labels[:0]
-			// See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/10557
-			ctx.AddLabel("host", sketch.Host) // newly added
 			ctx.AddLabel("", m.Name)
 			for _, label := range m.Labels {
 				ctx.AddLabel(label.Name, label.Value)
 			}
 			for _, tag := range sketch.Tags {
 				name, value := datadogutil.SplitTag(tag)
+				if name == "host" {
+					name = "exported_host"
+				}
 				ctx.AddLabel(name, value)
 			}
 			for j := range extraLabels {

app/vmselect/graphite/aggr_state.go

@@ -142,7 +142,7 @@ type aggrStatePercentile struct {
 
 func newAggrStatePercentile(pointsLen int, n float64) aggrState {
 	hs := make([]*histogram.Fast, pointsLen)
-	for i := range pointsLen {
+	for i := 0; i < pointsLen; i++ {
 		hs[i] = histogram.NewFast()
 	}
 	return &aggrStatePercentile{

app/vmselect/graphite/eval.go

@@ -9,7 +9,6 @@ import (
 	"github.com/VictoriaMetrics/VictoriaMetrics/app/vmselect/netstorage"
 	"github.com/VictoriaMetrics/VictoriaMetrics/app/vmselect/searchutil"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/cgroup"
-	"github.com/VictoriaMetrics/VictoriaMetrics/lib/fasttime"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/logger"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/storage"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/timerpool"
@@ -50,7 +49,7 @@ func (ec *evalConfig) newTimestamps(step int64) []int64 {
 	pointsLen := ec.pointsLen(step)
 	timestamps := make([]int64, pointsLen)
 	ts := ec.startTime
-	for i := range pointsLen {
+	for i := 0; i < pointsLen; i++ {
 		timestamps[i] = ts
 		ts += step
 	}
@@ -197,17 +196,12 @@ func newNextSeriesForSearchQuery(ec *evalConfig, sq *storage.SearchQuery, expr g
 				pathExpression: safePathExpression(expr),
 			}
 			s.summarize(aggrAvg, ec.startTime, ec.endTime, ec.storageStep, 0)
-
-			// A negative or zero duration will cause timer.C to return immediately
-			remainingTimeout := ec.deadline.Deadline() - fasttime.UnixTimestamp()
-			t := timerpool.Get(time.Duration(remainingTimeout) * time.Second)
+			t := timerpool.Get(30 * time.Second)
 			defer timerpool.Put(t)
-
 			select {
 			case seriesCh <- s:
 			case <-t.C:
-				logger.Errorf("reached timeout when processing the %s (full query: %s), it can be due to the amount of storageNodes configured in vmselect is more than vmselect’s available CPU count "+
-					"or vmselect is heavy loaded. Consider adding resources or increasing `-search.maxQueryDuration` or `timeout` parameter in the query.",
+				logger.Errorf("resource leak when processing the %s (full query: %s); please report this error to VictoriaMetrics developers",
 					expr.AppendString(nil), ec.originalQuery)
 			}
 			return nil

app/vmselect/graphite/natural_compare.go

@@ -25,7 +25,7 @@ func naturalLess(a, b string) bool {
 }
 
 func getNonNumPrefix(s string) (prefix string, tail string) {
-	for i := range len(s) {
+	for i := 0; i < len(s); i++ {
 		ch := s[i]
 		if ch >= '0' && ch <= '9' {
 			return s[:i], s[i:]

app/vmselect/graphite/render_api.go

@@ -82,7 +82,7 @@ func RenderHandler(startTime time.Time, w http.ResponseWriter, r *http.Request)
 	if s := r.FormValue("maxDataPoints"); len(s) > 0 {
 		n, err := strconv.ParseFloat(s, 64)
 		if err != nil {
-			return fmt.Errorf("cannot parse maxDataPoints=%d: %w", maxDataPoints, err)
+			return fmt.Errorf("cannot parse maxDataPoints=%q: %w", maxDataPoints, err)
 		}
 		if n <= 0 {
 			return fmt.Errorf("maxDataPoints must be greater than 0; got %f", n)
@@ -209,7 +209,7 @@ func parseInterval(s string) (int64, error) {
 	s = strings.TrimSpace(s)
 	prefix := s
 	var suffix string
-	for i := range len(s) {
+	for i := 0; i < len(s); i++ {
 		ch := s[i]
 		if ch != '-' && ch != '+' && ch != '.' && (ch < '0' || ch > '9') {
 			prefix = s[:i]

app/vmselect/graphite/transform.go

@@ -1228,7 +1228,7 @@ func transformDelay(ec *evalConfig, fe *graphiteql.FuncExpr) (nextSeriesFunc, er
 				stepsLocal = len(values)
 			}
 			copy(values[stepsLocal:], values[:len(values)-stepsLocal])
-			for i := range stepsLocal {
+			for i := 0; i < stepsLocal; i++ {
 				values[i] = nan
 			}
 		}
@@ -1740,7 +1740,7 @@ func transformGroup(ec *evalConfig, fe *graphiteql.FuncExpr) (nextSeriesFunc, er
 
 func groupSeriesLists(ec *evalConfig, args []*graphiteql.ArgExpr, expr graphiteql.Expr) (nextSeriesFunc, error) {
 	var nextSeriess []nextSeriesFunc
-	for i := range args {
+	for i := 0; i < len(args); i++ {
 		nextSeries, err := evalSeriesList(ec, args, "seriesList", i)
 		if err != nil {
 			for _, f := range nextSeriess {
@@ -3233,7 +3233,7 @@ func transformSeriesByTag(ec *evalConfig, fe *graphiteql.FuncExpr) (nextSeriesFu
 		return nil, fmt.Errorf("at least one tagExpression must be passed to seriesByTag")
 	}
 	var tagExpressions []string
-	for i := range args {
+	for i := 0; i < len(args); i++ {
 		te, err := getString(args, "tagExpressions", i)
 		if err != nil {
 			return nil, err
@@ -3633,7 +3633,7 @@ var graphiteToGolangRe = regexp.MustCompile(`\\(\d+)`)
 
 func getNodes(args []*graphiteql.ArgExpr) ([]graphiteql.Expr, error) {
 	var nodes []graphiteql.Expr
-	for i := range args {
+	for i := 0; i < len(args); i++ {
 		expr := args[i].Expr
 		switch expr.(type) {
 		case *graphiteql.NumberExpr, *graphiteql.StringExpr:
@@ -4052,7 +4052,7 @@ func formatPathsFromSeriesExpressions(seriesExpressions []string, sortPaths bool
 
 func newNaNSeries(ec *evalConfig, step int64) *series {
 	values := make([]float64, ec.pointsLen(step))
-	for i := range values {
+	for i := 0; i < len(values); i++ {
 		values[i] = nan
 	}
 	return &series{
@@ -5244,7 +5244,7 @@ func transformLinearRegression(ec *evalConfig, fe *graphiteql.FuncExpr) (nextSer
 
 func linearRegressionForSeries(ec *evalConfig, fe *graphiteql.FuncExpr, ss, sourceSeries []*series) (nextSeriesFunc, error) {
 	var resp []*series
-	for i := range ss {
+	for i := 0; i < len(ss); i++ {
 		source := sourceSeries[i]
 		s := ss[i]
 		s.Tags["linearRegressions"] = fmt.Sprintf("%d, %d", ec.startTime/1e3, ec.endTime/1e3)
@@ -5258,7 +5258,7 @@ func linearRegressionForSeries(ec *evalConfig, fe *graphiteql.FuncExpr, ss, sour
 			continue
 		}
 		values := s.Values
-		for j := range values {
+		for j := 0; j < len(values); j++ {
 			values[j] = offset + (float64(int(s.Timestamps[0])+j*int(s.step)))*factor
 		}
 		resp = append(resp, s)
@@ -5370,7 +5370,7 @@ func holtWinterConfidenceBands(ec *evalConfig, fe *graphiteql.FuncExpr, args []*
 		valuesLen := len(forecastValues)
 		upperBand := make([]float64, 0, valuesLen)
 		lowerBand := make([]float64, 0, valuesLen)
-		for i := range valuesLen {
+		for i := 0; i < valuesLen; i++ {
 			forecastItem := forecastValues[i]
 			deviationItem := deviationValues[i]
 			if math.IsNaN(forecastItem) || math.IsNaN(deviationItem) {
@@ -5464,7 +5464,7 @@ func transformHoltWintersAberration(ec *evalConfig, fe *graphiteql.FuncExpr) (ne
 			return nil, fmt.Errorf("bug, len mismatch for series: %d and upperBand values: %d or lowerBand values: %d", len(values), len(upperBand), len(lowerBand))
 		}
 		aberration := make([]float64, 0, len(values))
-		for i := range values {
+		for i := 0; i < len(values); i++ {
 			v := values[i]
 			upperValue := upperBand[i]
 			lowerValue := lowerBand[i]

app/vmselect/graphiteql/lexer.go

@@ -280,7 +280,7 @@ func isMetricExprChar(ch byte) bool {
 }
 
 func appendEscapedIdent(dst []byte, s string) []byte {
-	for i := range len(s) {
+	for i := 0; i < len(s); i++ {
 		ch := s[i]
 		if isIdentChar(ch) || isMetricExprChar(ch) {
 			if i == 0 && !isFirstIdentChar(ch) {

app/vmselect/main.go

@@ -321,23 +321,19 @@ func RequestHandler(w http.ResponseWriter, r *http.Request) bool {
 		return true
 	case "/tags/tagSeries":
 		graphiteTagsTagSeriesRequests.Inc()
-		err := &httpserver.ErrorWithStatusCode{
-			Err: fmt.Errorf("graphite tag registration has been disabled and is planned to be removed in future. " +
-				"See: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/10544"),
-			StatusCode: http.StatusNotImplemented,
+		if err := graphite.TagsTagSeriesHandler(startTime, w, r); err != nil {
+			graphiteTagsTagSeriesErrors.Inc()
+			httpserver.Errorf(w, r, "%s", err)
+			return true
 		}
-		graphiteTagsTagSeriesErrors.Inc()
-		httpserver.Errorf(w, r, "%s", err)
 		return true
 	case "/tags/tagMultiSeries":
 		graphiteTagsTagMultiSeriesRequests.Inc()
-		err := &httpserver.ErrorWithStatusCode{
-			Err: fmt.Errorf("graphite tag registration has been disabled and is planned to be removed in future. " +
-				"See: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/10544"),
-			StatusCode: http.StatusNotImplemented,
+		if err := graphite.TagsTagMultiSeriesHandler(startTime, w, r); err != nil {
+			graphiteTagsTagMultiSeriesErrors.Inc()
+			httpserver.Errorf(w, r, "%s", err)
+			return true
 		}
-		graphiteTagsTagMultiSeriesErrors.Inc()
-		httpserver.Errorf(w, r, "%s", err)
 		return true
 	case "/tags":
 		graphiteTagsRequests.Inc()

app/vmselect/netstorage/netstorage.go

@@ -5,8 +5,6 @@ import (
 	"errors"
 	"flag"
 	"fmt"
-	"math"
-	"slices"
 	"sort"
 	"sync"
 	"sync/atomic"
@@ -492,7 +490,10 @@ func (pts *packedTimeseries) unpackTo(dst []*sortBlock, tbf *tmpBlocksFile, tr s
 	}
 
 	// Prepare worker channels.
-	workers := max(min(len(upws), gomaxprocs), 1)
+	workers := min(len(upws), gomaxprocs)
+	if workers < 1 {
+		workers = 1
+	}
 	itemsPerWorker := (len(upws) + workers - 1) / workers
 	workChs := make([]chan *unpackWork, workers)
 	for i := range workChs {
@@ -577,7 +578,6 @@ func mergeSortBlocks(dst *Result, sbh *sortBlocksHeap, dedupInterval int64) {
 		return
 	}
 	heap.Init(sbh)
-	var dedupSamples int
 	for {
 		sbs := sbh.sbs
 		top := sbs[0]
@@ -593,7 +593,6 @@ func mergeSortBlocks(dst *Result, sbh *sortBlocksHeap, dedupInterval int64) {
 		if n := equalSamplesPrefix(top, sbNext); n > 0 && dedupInterval > 0 {
 			// Skip n replicated samples at top if deduplication is enabled.
 			top.NextIdx = topNextIdx + n
-			dedupSamples += n
 		} else {
 			// Copy samples from top to dst with timestamps not exceeding tsNext.
 			top.NextIdx = topNextIdx + binarySearchTimestamps(top.Timestamps[topNextIdx:], tsNext)
@@ -608,8 +607,8 @@ func mergeSortBlocks(dst *Result, sbh *sortBlocksHeap, dedupInterval int64) {
 		}
 	}
 	timestamps, values := storage.DeduplicateSamples(dst.Timestamps, dst.Values, dedupInterval)
-	dedupSamples += len(dst.Timestamps) - len(timestamps)
-	dedupsDuringSelect.Add(dedupSamples)
+	dedups := len(dst.Timestamps) - len(timestamps)
+	dedupsDuringSelect.Add(dedups)
 	dst.Timestamps = timestamps
 	dst.Values = values
 }
@@ -635,7 +634,7 @@ func equalTimestampsPrefix(a, b []int64) int {
 
 func equalValuesPrefix(a, b []float64) int {
 	for i, v := range a {
-		if i >= len(b) || math.Float64bits(v) != math.Float64bits(b[i]) {
+		if i >= len(b) || v != b[i] {
 			return i
 		}
 	}
@@ -830,7 +829,12 @@ func GraphiteTags(qt *querytracer.Tracer, filter string, limit int, deadline sea
 }
 
 func hasString(a []string, s string) bool {
-	return slices.Contains(a, s)
+	for _, x := range a {
+		if x == s {
+			return true
+		}
+	}
+	return false
 }
 
 // LabelValues returns label values matching the given labelName and sq until the given deadline.

app/vmselect/netstorage/netstorage_test.go

@@ -1,11 +1,8 @@
 package netstorage
 
 import (
-	"math"
 	"reflect"
 	"testing"
-
-	"github.com/VictoriaMetrics/VictoriaMetrics/lib/decimal"
 )
 
 func TestMergeSortBlocks(t *testing.T) {
@@ -197,111 +194,3 @@ func TestMergeSortBlocks(t *testing.T) {
 		Values:     []float64{7, 24, 26},
 	})
 }
-
-func TestEqualSamplesPrefix(t *testing.T) {
-	f := func(a, b *sortBlock, expected int) {
-		t.Helper()
-
-		actual := equalSamplesPrefix(a, b)
-		if actual != expected {
-			t.Fatalf("unexpected result: got %d, want %d", actual, expected)
-		}
-	}
-
-	// Empty blocks
-	f(&sortBlock{}, &sortBlock{}, 0)
-
-	// Identical blocks
-	f(&sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, 6, 7, 8},
-	}, &sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, 6, 7, 8},
-	}, 4)
-
-	// Non-zero NextIdx
-	f(&sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, 6, 7, 8},
-		NextIdx:    2,
-	}, &sortBlock{
-		Timestamps: []int64{10, 20, 3, 4},
-		Values:     []float64{50, 60, 7, 8},
-		NextIdx:    2,
-	}, 2)
-
-	// Non-zero NextIdx with mismatch
-	f(&sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, 6, 7, 8},
-		NextIdx:    1,
-	}, &sortBlock{
-		Timestamps: []int64{10, 2, 3, 4},
-		Values:     []float64{50, 6, 7, 80},
-		NextIdx:    1,
-	}, 2)
-
-	// Different lengths
-	f(&sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, 6, 7, 8},
-	}, &sortBlock{
-		Timestamps: []int64{1, 2, 3},
-		Values:     []float64{5, 6, 7},
-	}, 3)
-
-	// Timestamps diverge
-	f(&sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, 6, 7, 8},
-	}, &sortBlock{
-		Timestamps: []int64{1, 2, 30, 4},
-		Values:     []float64{5, 6, 7, 8},
-	}, 2)
-
-	// Values diverge
-	f(&sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, 6, 7, 8},
-	}, &sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, 60, 7, 8},
-	}, 1)
-
-	// Zero matches
-	f(&sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, 6, 7, 8},
-	}, &sortBlock{
-		Timestamps: []int64{5, 6, 7, 8},
-		Values:     []float64{1, 2, 3, 4},
-	}, 0)
-
-	// Compare staleness markers, matching
-	f(&sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, decimal.StaleNaN, 7, 8},
-	}, &sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{5, decimal.StaleNaN, 7, 8},
-	}, 4)
-
-	// Special float values: +Inf, -Inf, 0, -0
-	f(&sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{math.Inf(1), math.Inf(-1), math.Copysign(0, +1), math.Copysign(0, -1)},
-	}, &sortBlock{
-		Timestamps: []int64{1, 2, 3, 4},
-		Values:     []float64{math.Inf(1), math.Inf(-1), math.Copysign(0, +1), math.Copysign(0, -1)},
-	}, 4)
-
-	// Positive zero vs negative zero (bitwise different)
-	f(&sortBlock{
-		Timestamps: []int64{1, 2},
-		Values:     []float64{5, math.Copysign(0, +1)},
-	}, &sortBlock{
-		Timestamps: []int64{1, 2},
-		Values:     []float64{5, math.Copysign(0, -1)},
-	}, 1)
-}

app/vmselect/netstorage/netstorage_timing_test.go

@@ -10,14 +10,14 @@ func BenchmarkMergeSortBlocks(b *testing.B) {
 		b.Run(fmt.Sprintf("replicationFactor-%d", replicationFactor), func(b *testing.B) {
 			const samplesPerBlock = 8192
 			var blocks []*sortBlock
-			for j := range 10 {
+			for j := 0; j < 10; j++ {
 				timestamps := make([]int64, samplesPerBlock)
 				values := make([]float64, samplesPerBlock)
 				for i := range timestamps {
 					timestamps[i] = int64(j*samplesPerBlock + i)
 					values[i] = float64(j*samplesPerBlock + i)
 				}
-				for range replicationFactor {
+				for i := 0; i < replicationFactor; i++ {
 					blocks = append(blocks, &sortBlock{
 						Timestamps: timestamps,
 						Values:     values,
@@ -30,7 +30,7 @@ func BenchmarkMergeSortBlocks(b *testing.B) {
 	b.Run("overlapped-blocks-bestcase", func(b *testing.B) {
 		const samplesPerBlock = 8192
 		var blocks []*sortBlock
-		for j := range 10 {
+		for j := 0; j < 10; j++ {
 			timestamps := make([]int64, samplesPerBlock)
 			values := make([]float64, samplesPerBlock)
 			for i := range timestamps {
@@ -45,7 +45,7 @@ func BenchmarkMergeSortBlocks(b *testing.B) {
 		for j := 1; j < len(blocks); j++ {
 			prev := blocks[j-1].Timestamps
 			curr := blocks[j].Timestamps
-			for i := range samplesPerBlock / 2 {
+			for i := 0; i < samplesPerBlock/2; i++ {
 				prev[i+samplesPerBlock/2], curr[i] = curr[i], prev[i+samplesPerBlock/2]
 			}
 		}
@@ -54,7 +54,7 @@ func BenchmarkMergeSortBlocks(b *testing.B) {
 	b.Run("overlapped-blocks-worstcase", func(b *testing.B) {
 		const samplesPerBlock = 8192
 		var blocks []*sortBlock
-		for j := range 5 {
+		for j := 0; j < 5; j++ {
 			timestamps := make([]int64, samplesPerBlock)
 			values := make([]float64, samplesPerBlock)
 			for i := range timestamps {

app/vmselect/prometheus/prometheus.go

@@ -6,13 +6,11 @@ import (
 	"math"
 	"net/http"
 	"runtime"
-	"slices"
 	"strconv"
 	"strings"
 	"sync"
 	"sync/atomic"
 	"time"
-	"unicode/utf8"
 
 	"github.com/VictoriaMetrics/metrics"
 	"github.com/VictoriaMetrics/metricsql"
@@ -529,14 +527,6 @@ func LabelValuesHandler(qt *querytracer.Tracer, startTime time.Time, labelName s
 		return err
 	}
 	sq := storage.NewSearchQuery(cp.start, cp.end, cp.filterss, *maxLabelsAPISeries)
-
-	if strings.HasPrefix(labelName, "U__") {
-		// This label seems to be Unicode-encoded according to the Prometheus spec.
-		// See https://prometheus.io/docs/prometheus/latest/querying/api/#querying-label-values
-		// Spec: https://github.com/prometheus/proposals/blob/main/proposals/0028-utf8.md
-		labelName = unescapePrometheusLabelName(labelName)
-	}
-
 	labelValues, err := netstorage.LabelValues(qt, labelName, sq, limit, cp.deadline)
 	if err != nil {
 		return fmt.Errorf("cannot obtain values for label %q: %w", labelName, err)
@@ -1014,7 +1004,14 @@ func removeEmptyValuesAndTimeseries(tss []netstorage.Result) []netstorage.Result
 	dst := tss[:0]
 	for i := range tss {
 		ts := &tss[i]
-		if !slices.ContainsFunc(ts.Values, math.IsNaN) {
+		hasNaNs := false
+		for _, v := range ts.Values {
+			if math.IsNaN(v) {
+				hasNaNs = true
+				break
+			}
+		}
+		if !hasNaNs {
 			// Fast path: nothing to remove.
 			if len(ts.Values) > 0 {
 				dst = append(dst, *ts)
@@ -1339,70 +1336,3 @@ func calculateMaxUniqueTimeSeriesForResource(maxConcurrentRequests, remainingMem
 func GetMaxUniqueTimeSeries() int {
 	return maxUniqueTimeseriesValue
 }
-
-// copied from https://github.com/prometheus/common/blob/adea6285c1c7447fcb7bfdeb6abfc6eff893e0a7/model/metric.go#L483
-// it's not possible to use direct import due to increased binary size
-func unescapePrometheusLabelName(name string) string {
-	// lower function taken from strconv.atoi.
-	lower := func(c byte) byte {
-		return c | ('x' - 'X')
-	}
-	if len(name) == 0 {
-		return name
-	}
-	escapedName, found := strings.CutPrefix(name, "U__")
-	if !found {
-		return name
-	}
-
-	var unescaped strings.Builder
-TOP:
-	for i := 0; i < len(escapedName); i++ {
-		// All non-underscores are treated normally.
-		if escapedName[i] != '_' {
-			unescaped.WriteByte(escapedName[i])
-			continue
-		}
-		i++
-		if i >= len(escapedName) {
-			return name
-		}
-		// A double underscore is a single underscore.
-		if escapedName[i] == '_' {
-			unescaped.WriteByte('_')
-			continue
-		}
-		// We think we are in a UTF-8 code, process it.
-		var utf8Val uint
-		for j := 0; i < len(escapedName); j++ {
-			// This is too many characters for a utf8 value based on the MaxRune
-			// value of '\U0010FFFF'.
-			if j >= 6 {
-				return name
-			}
-			// Found a closing underscore, convert to a rune, check validity, and append.
-			if escapedName[i] == '_' {
-				utf8Rune := rune(utf8Val)
-				if !utf8.ValidRune(utf8Rune) {
-					return name
-				}
-				unescaped.WriteRune(utf8Rune)
-				continue TOP
-			}
-			r := lower(escapedName[i])
-			utf8Val *= 16
-			switch {
-			case r >= '0' && r <= '9':
-				utf8Val += uint(r) - '0'
-			case r >= 'a' && r <= 'f':
-				utf8Val += uint(r) - 'a' + 10
-			default:
-				return name
-			}
-			i++
-		}
-		// Didn't find closing underscore, invalid.
-		return name
-	}
-	return unescaped.String()
-}

app/vmselect/promql/aggr.go

@@ -742,7 +742,7 @@ func getRangeTopKTimeseries(tss []*timeseries, modifier *metricsql.ModifierExpr,
 
 func reverseSeries(tss []*timeseries) {
 	j := len(tss)
-	for i := range len(tss) / 2 {
+	for i := 0; i < len(tss)/2; i++ {
 		j--
 		tss[i], tss[j] = tss[j], tss[i]
 	}
@@ -983,7 +983,7 @@ func getPerPointIQRBounds(tss []*timeseries) ([]float64, []float64) {
 	var qs []float64
 	lower := make([]float64, pointsLen)
 	upper := make([]float64, pointsLen)
-	for i := range pointsLen {
+	for i := 0; i < pointsLen; i++ {
 		values = values[:0]
 		for _, ts := range tss {
 			v := ts.Values[i]

app/vmselect/promql/aggr_incremental_test.go

@@ -53,7 +53,7 @@ func TestIncrementalAggr(t *testing.T) {
 			Values:     valuesExpected,
 		}}
 		// run the test multiple times to make sure there are no side effects on concurrency
-		for i := range 10 {
+		for i := 0; i < 10; i++ {
 			iafc := newIncrementalAggrFuncContext(ae, callbacks)
 			tssSrcCopy := copyTimeseries(tssSrc)
 			if err := testIncrementalParallelAggr(iafc, tssSrcCopy, tssExpected); err != nil {

app/vmselect/promql/binary_op.go

@@ -566,15 +566,24 @@ func fillLeftNaNsWithRightValuesOrMerge(tssLeft, tssRight []*timeseries) {
 		return
 	}
 
-	nameLeft, nameRight := bbPool.Get(), bbPool.Get()
+	// to avoid marshaling the same metric name multiple times, use a slice to store the results and an index to access them.
+	// todo: this may allocate a lot of []byte and could be further optimized.
+	nameRightSlice := make([][]byte, len(tssRight))
+	getRightName := func(idx int) []byte {
+		if nameRightSlice[idx] == nil {
+			nameRightSlice[idx] = marshalMetricNameSorted(nameRightSlice[idx], &tssRight[idx].MetricName)
+		}
+		return nameRightSlice[idx]
+	}
+
+	nameLeft := bbPool.Get()
 	for _, tsLeft := range tssLeft {
 		valuesLeft := tsLeft.Values
 		nameLeft.B = marshalMetricNameSorted(nameLeft.B[:0], &tsLeft.MetricName)
 		for i, v := range valuesLeft {
 			leftIsNaN := math.IsNaN(v)
-			for _, tsRight := range tssRight {
-				nameRight.B = marshalMetricNameSorted(nameRight.B[:0], &tsRight.MetricName)
-				canBeMerged := bytes.Equal(nameLeft.B, nameRight.B)
+			for rIdx, tsRight := range tssRight {
+				canBeMerged := bytes.Equal(nameLeft.B, getRightName(rIdx))
 				valueRight := tsRight.Values[i]
 				if leftIsNaN && canBeMerged {
 					// fill NaNs with valueRight if labels match
@@ -589,7 +598,6 @@ func fillLeftNaNsWithRightValuesOrMerge(tssLeft, tssRight []*timeseries) {
 		}
 	}
 	bbPool.Put(nameLeft)
-	bbPool.Put(nameRight)
 }
 
 func binaryOpIfnot(bfa *binaryOpFuncArg) ([]*timeseries, error) {

app/vmselect/promql/binary_op_timing_test.go

@@ -92,6 +92,22 @@ func BenchmarkBinaryOpOr(b *testing.B) {
 		}
 		benchmarkBinaryOpOr(b, bfa)
 	})
+
+	b.Run("tss:1000 or tss:40000: new", func(b *testing.B) {
+		left, right := make([]*timeseries, 1000), make([]*timeseries, 40000)
+		for i := range left {
+			left[i] = ts(fmt.Sprintf(`a{foo="%d"}`, i))
+		}
+		for i := range right {
+			right[i] = ts(fmt.Sprintf(`b{foo="%d"}`, i))
+		}
+		bfa := &binaryOpFuncArg{
+			be:    mustParseMetricsQL("a or b"),
+			left:  left,
+			right: right,
+		}
+		benchmarkBinaryOpOr(b, bfa)
+	})
 }
 
 func benchmarkBinaryOpOr(b *testing.B, bfa *binaryOpFuncArg) {

app/vmselect/promql/eval.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"math"
 	"regexp"
-	"slices"
 	"sort"
 	"strings"
 	"sync"
@@ -1166,61 +1165,6 @@ func evalInstantRollup(qt *querytracer.Tracer, ec *EvalConfig, funcName string,
 			},
 		}
 		return evalExpr(qt, ec, be)
-	// the cached rate result could be inaccurate in edge cases, see https://github.com/VictoriaMetrics/VictoriaMetrics/issues/10098
-	case "rate":
-		if iafc != nil {
-			if !strings.EqualFold(iafc.ae.Name, "sum") {
-				qt.Printf("do not apply instant rollup optimization for incremental aggregate %s()", iafc.ae.Name)
-				return evalAt(qt, timestamp, window)
-			}
-			qt.Printf("optimized calculation for sum(rate(m[d])) as (sum(increase(m[d])) / d)")
-			afe := expr.(*metricsql.AggrFuncExpr)
-			fe := afe.Args[0].(*metricsql.FuncExpr)
-			feIncrease := *fe
-			feIncrease.Name = "increase"
-			// copy RollupExpr to drop possible offset,
-			// see https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9762
-			newArg := copyRollupExpr(fe.Args[0].(*metricsql.RollupExpr))
-			newArg.Offset = nil
-			feIncrease.Args = []metricsql.Expr{newArg}
-			d := newArg.Window.Duration(ec.Step)
-			if d == 0 {
-				d = ec.Step
-			}
-			afeIncrease := *afe
-			afeIncrease.Args = []metricsql.Expr{&feIncrease}
-			be := &metricsql.BinaryOpExpr{
-				Op:              "/",
-				KeepMetricNames: true,
-				Left:            &afeIncrease,
-				Right: &metricsql.NumberExpr{
-					N: float64(d) / 1000,
-				},
-			}
-			return evalExpr(qt, ec, be)
-		}
-		qt.Printf("optimized calculation for instant rollup rate(m[d]) as (increase(m[d]) / d)")
-		fe := expr.(*metricsql.FuncExpr)
-		feIncrease := *fe
-		feIncrease.Name = "increase"
-		// copy RollupExpr to drop possible offset,
-		// see https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9762
-		newArg := copyRollupExpr(fe.Args[0].(*metricsql.RollupExpr))
-		newArg.Offset = nil
-		feIncrease.Args = []metricsql.Expr{newArg}
-		d := newArg.Window.Duration(ec.Step)
-		if d == 0 {
-			d = ec.Step
-		}
-		be := &metricsql.BinaryOpExpr{
-			Op:              "/",
-			KeepMetricNames: fe.KeepMetricNames,
-			Left:            &feIncrease,
-			Right: &metricsql.NumberExpr{
-				N: float64(d) / 1000,
-			},
-		}
-		return evalExpr(qt, ec, be)
 	case "max_over_time":
 		if iafc != nil {
 			if !strings.EqualFold(iafc.ae.Name, "max") {
@@ -1991,7 +1935,14 @@ func dropStaleNaNs(funcName string, values []float64, timestamps []int64) ([]flo
 		return values, timestamps
 	}
 	// Remove Prometheus staleness marks, so non-default rollup functions don't hit NaN values.
-	if !slices.ContainsFunc(values, decimal.IsStaleNaN) {
+	hasStaleSamples := false
+	for _, v := range values {
+		if decimal.IsStaleNaN(v) {
+			hasStaleSamples = true
+			break
+		}
+	}
+	if !hasStaleSamples {
 		// Fast path: values have no Prometheus staleness marks.
 		return values, timestamps
 	}

app/vmselect/promql/exec.go

@@ -313,7 +313,7 @@ func escapeDots(s string) string {
 		return s
 	}
 	result := make([]byte, 0, len(s)+2*dotsCount)
-	for i := range len(s) {
+	for i := 0; i < len(s); i++ {
 		if s[i] == '.' && (i == 0 || s[i-1] != '\\') && (i+1 == len(s) || i+1 < len(s) && s[i+1] != '*' && s[i+1] != '+' && s[i+1] != '{') {
 			// Escape a dot if the following conditions are met:
 			// - if it isn't escaped already, i.e. if there is no `\` char before the dot.

app/vmselect/promql/exec_test.go

@@ -67,7 +67,7 @@ func TestExecSuccess(t *testing.T) {
 			Deadline:           searchutil.NewDeadline(time.Now(), time.Minute, ""),
 			RoundDigits:        100,
 		}
-		for range 5 {
+		for i := 0; i < 5; i++ {
 			result, err := Exec(nil, ec, q, false)
 			if err != nil {
 				t.Fatalf(`unexpected error when executing %q: %s`, q, err)
@@ -4018,12 +4018,6 @@ func TestExecSuccess(t *testing.T) {
 		resultExpected := []netstorage.Result{}
 		f(q, resultExpected)
 	})
-	t.Run(`histogram_fraction(scalar)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_fraction(123, 456, time())`
-		resultExpected := []netstorage.Result{}
-		f(q, resultExpected)
-	})
 	t.Run(`histogram_quantile(single-value-no-le)`, func(t *testing.T) {
 		t.Parallel()
 		q := `histogram_quantile(0.6, label_set(100, "foo", "bar"))`
@@ -4036,12 +4030,6 @@ func TestExecSuccess(t *testing.T) {
 		resultExpected := []netstorage.Result{}
 		f(q, resultExpected)
 	})
-	t.Run(`histogram_fraction(single-value-no-le)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_fraction(123,456, label_set(100, "foo", "bar"))`
-		resultExpected := []netstorage.Result{}
-		f(q, resultExpected)
-	})
 	t.Run(`histogram_quantile(single-value-invalid-le)`, func(t *testing.T) {
 		t.Parallel()
 		q := `histogram_quantile(0.6, label_set(100, "le", "foobar"))`
@@ -4054,12 +4042,6 @@ func TestExecSuccess(t *testing.T) {
 		resultExpected := []netstorage.Result{}
 		f(q, resultExpected)
 	})
-	t.Run(`histogram_fraction(single-value-invalid-le)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_fraction(50, 60, label_set(100, "le", "foobar"))`
-		resultExpected := []netstorage.Result{}
-		f(q, resultExpected)
-	})
 	t.Run(`histogram_quantile(single-value-inf-le)`, func(t *testing.T) {
 		t.Parallel()
 		q := `histogram_quantile(0.6, label_set(100, "le", "+Inf"))`
@@ -4201,28 +4183,6 @@ func TestExecSuccess(t *testing.T) {
 		resultExpected := []netstorage.Result{r}
 		f(q, resultExpected)
 	})
-	t.Run(`histogram_fraction(single-value-valid-le)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_fraction(0, 100, label_set(100, "le", "200"))`
-		r := netstorage.Result{
-			MetricName: metricNameExpected,
-			Values:     []float64{0.5, 0.5, 0.5, 0.5, 0.5, 0.5},
-			Timestamps: timestampsExpected,
-		}
-		resultExpected := []netstorage.Result{r}
-		f(q, resultExpected)
-	})
-	t.Run(`histogram_fraction(single-value-valid-le)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_fraction(200, 300, label_set(100, "le", "200"))`
-		r := netstorage.Result{
-			MetricName: metricNameExpected,
-			Values:     []float64{0, 0, 0, 0, 0, 0},
-			Timestamps: timestampsExpected,
-		}
-		resultExpected := []netstorage.Result{r}
-		f(q, resultExpected)
-	})
 	t.Run(`histogram_quantile(single-value-valid-le, boundsLabel)`, func(t *testing.T) {
 		t.Parallel()
 		q := `sort(histogram_quantile(0.6, label_set(100, "le", "200"), "foobar"))`
@@ -4252,7 +4212,7 @@ func TestExecSuccess(t *testing.T) {
 		resultExpected := []netstorage.Result{r1, r2, r3}
 		f(q, resultExpected)
 	})
-	t.Run(`histogram_share(single-value-valid-le, boundsLabel)`, func(t *testing.T) {
+	t.Run(`histogram_quantile(single-value-valid-le, boundsLabel)`, func(t *testing.T) {
 		t.Parallel()
 		q := `sort(histogram_share(120, label_set(100, "le", "200"), "foobar"))`
 		r1 := netstorage.Result{
@@ -4351,37 +4311,7 @@ func TestExecSuccess(t *testing.T) {
 		resultExpected := []netstorage.Result{r}
 		f(q, resultExpected)
 	})
-	t.Run(`histogram_fraction(single-value-valid-le-max-le)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_fraction(0,100, (
-			label_set(100, "le", "100"),
-			label_set(40, "le", "50"),
-			label_set(0, "le", "10"),
-		))`
-		r := netstorage.Result{
-			MetricName: metricNameExpected,
-			Values:     []float64{1, 1, 1, 1, 1, 1},
-			Timestamps: timestampsExpected,
-		}
-		resultExpected := []netstorage.Result{r}
-		f(q, resultExpected)
-	})
-	t.Run(`histogram_fraction(single-value-valid-le-min-le)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_fraction(0,10, (
-			label_set(100, "le", "100"),
-			label_set(40, "le", "50"),
-			label_set(0, "le", "10"),
-		))`
-		r := netstorage.Result{
-			MetricName: metricNameExpected,
-			Values:     []float64{0, 0, 0, 0, 0, 0},
-			Timestamps: timestampsExpected,
-		}
-		resultExpected := []netstorage.Result{r}
-		f(q, resultExpected)
-	})
-	t.Run(`histogram_share(single-value-valid-le-mid-le-1)`, func(t *testing.T) {
+	t.Run(`histogram_share(single-value-valid-le-mid-le)`, func(t *testing.T) {
 		t.Parallel()
 		q := `histogram_share(105, (
 			label_set(100, "le", "200"),
@@ -4395,34 +4325,6 @@ func TestExecSuccess(t *testing.T) {
 		resultExpected := []netstorage.Result{r}
 		f(q, resultExpected)
 	})
-	t.Run(`histogram_share(single-value-valid-le-mid-le-2)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_share(55, (
-			label_set(100, "le", "200"),
-			label_set(0, "le", "55"),
-		))`
-		r := netstorage.Result{
-			MetricName: metricNameExpected,
-			Values:     []float64{0, 0, 0, 0, 0, 0},
-			Timestamps: timestampsExpected,
-		}
-		resultExpected := []netstorage.Result{r}
-		f(q, resultExpected)
-	})
-	t.Run(`histogram_fraction(single-value-valid-le-mid-le)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_fraction(55,105, (
-			label_set(100, "le", "200"),
-			label_set(0, "le", "55"),
-		))`
-		r := netstorage.Result{
-			MetricName: metricNameExpected,
-			Values:     []float64{0.3448275862068966, 0.3448275862068966, 0.3448275862068966, 0.3448275862068966, 0.3448275862068966, 0.3448275862068966},
-			Timestamps: timestampsExpected,
-		}
-		resultExpected := []netstorage.Result{r}
-		f(q, resultExpected)
-	})
 	t.Run(`histogram_quantile(single-value-valid-le-min-phi-no-zero-bucket)`, func(t *testing.T) {
 		t.Parallel()
 		q := `histogram_quantile(0, label_set(100, "le", "200"))`
@@ -4456,17 +4358,6 @@ func TestExecSuccess(t *testing.T) {
 		resultExpected := []netstorage.Result{r}
 		f(q, resultExpected)
 	})
-	t.Run(`histogram_fraction(scalar-phi)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_fraction(25, time() / 8, label_set(100, "le", "200"))`
-		r := netstorage.Result{
-			MetricName: metricNameExpected,
-			Values:     []float64{0.5, 0.625, 0.75, 0.875, 0.875, 0.875},
-			Timestamps: timestampsExpected,
-		}
-		resultExpected := []netstorage.Result{r}
-		f(q, resultExpected)
-	})
 	t.Run(`histogram_quantile(duplicate-le)`, func(t *testing.T) {
 		// See https://github.com/VictoriaMetrics/VictoriaMetrics/pull/3225
 		t.Parallel()
@@ -4548,36 +4439,6 @@ func TestExecSuccess(t *testing.T) {
 		resultExpected := []netstorage.Result{r1, r2}
 		f(q, resultExpected)
 	})
-	t.Run(`histogram_fraction(valid)`, func(t *testing.T) {
-		t.Parallel()
-		q := `sort(histogram_fraction(0, 25,
-			label_set(90, "foo", "bar", "le", "10")
-			or label_set(100, "foo", "bar", "le", "30")
-			or label_set(300, "foo", "bar", "le", "+Inf")
-			or label_set(200, "tag", "xx", "le", "10")
-			or label_set(300, "tag", "xx", "le", "30")
-		))`
-		r1 := netstorage.Result{
-			MetricName: metricNameExpected,
-			Values:     []float64{0.325, 0.325, 0.325, 0.325, 0.325, 0.325},
-			Timestamps: timestampsExpected,
-		}
-		r1.MetricName.Tags = []storage.Tag{{
-			Key:   []byte("foo"),
-			Value: []byte("bar"),
-		}}
-		r2 := netstorage.Result{
-			MetricName: metricNameExpected,
-			Values:     []float64{0.9166666666666666, 0.9166666666666666, 0.9166666666666666, 0.9166666666666666, 0.9166666666666666, 0.9166666666666666},
-			Timestamps: timestampsExpected,
-		}
-		r2.MetricName.Tags = []storage.Tag{{
-			Key:   []byte("tag"),
-			Value: []byte("xx"),
-		}}
-		resultExpected := []netstorage.Result{r1, r2}
-		f(q, resultExpected)
-	})
 	t.Run(`histogram_quantile(negative-bucket-count)`, func(t *testing.T) {
 		t.Parallel()
 		q := `histogram_quantile(0.6,
@@ -4694,25 +4555,6 @@ func TestExecSuccess(t *testing.T) {
 		resultExpected := []netstorage.Result{r}
 		f(q, resultExpected)
 	})
-	t.Run(`histogram_fraction(normal-bucket-count)`, func(t *testing.T) {
-		t.Parallel()
-		q := `histogram_fraction(22,35,
-			label_set(0, "foo", "bar", "le", "10")
-			or label_set(100, "foo", "bar", "le", "30")
-			or label_set(300, "foo", "bar", "le", "+Inf")
-		)`
-		r := netstorage.Result{
-			MetricName: metricNameExpected,
-			Values:     []float64{0.1333333333333333, 0.1333333333333333, 0.1333333333333333, 0.1333333333333333, 0.1333333333333333, 0.1333333333333333},
-			Timestamps: timestampsExpected,
-		}
-		r.MetricName.Tags = []storage.Tag{{
-			Key:   []byte("foo"),
-			Value: []byte("bar"),
-		}}
-		resultExpected := []netstorage.Result{r}
-		f(q, resultExpected)
-	})
 	t.Run(`histogram_quantile(normal-bucket-count, boundsLabel)`, func(t *testing.T) {
 		t.Parallel()
 		q := `sort(histogram_quantile(0.2,
@@ -9985,7 +9827,7 @@ func TestExecError(t *testing.T) {
 			Deadline:           searchutil.NewDeadline(time.Now(), time.Minute, ""),
 			RoundDigits:        100,
 		}
-		for range 4 {
+		for i := 0; i < 4; i++ {
 			rv, err := Exec(nil, ec, q, false)
 			if err == nil {
 				t.Fatalf(`expecting non-nil error on %q`, q)

app/vmselect/promql/parse_cache.go

@@ -55,7 +55,7 @@ type parseCache struct {
 
 func newParseCache() *parseCache {
 	pc := new(parseCache)
-	for i := range parseBucketCount {
+	for i := 0; i < parseBucketCount; i++ {
 		pc.buckets[i] = newParseBucket()
 	}
 	return pc
@@ -75,7 +75,7 @@ func (pc *parseCache) get(q string) *parseCacheValue {
 
 func (pc *parseCache) requests() uint64 {
 	var n uint64
-	for i := range parseBucketCount {
+	for i := 0; i < parseBucketCount; i++ {
 		n += pc.buckets[i].requests.Load()
 	}
 	return n
@@ -83,7 +83,7 @@ func (pc *parseCache) requests() uint64 {
 
 func (pc *parseCache) misses() uint64 {
 	var n uint64
-	for i := range parseBucketCount {
+	for i := 0; i < parseBucketCount; i++ {
 		n += pc.buckets[i].misses.Load()
 	}
 	return n
@@ -91,7 +91,7 @@ func (pc *parseCache) misses() uint64 {
 
 func (pc *parseCache) len() uint64 {
 	var n uint64
-	for i := range parseBucketCount {
+	for i := 0; i < parseBucketCount; i++ {
 		n += pc.buckets[i].len()
 	}
 	return n

app/vmselect/promql/parse_cache_test.go

@@ -17,7 +17,7 @@ func testGetParseCacheValue(q string) *parseCacheValue {
 
 func testGenerateQueries(items int) []string {
 	queries := make([]string, items)
-	for i := range items {
+	for i := 0; i < items; i++ {
 		queries[i] = fmt.Sprintf(`node_time_seconds{instance="node%d", job="job%d"}`, i, i)
 	}
 	return queries
@@ -102,7 +102,7 @@ func TestParseCacheBucketOverflow(t *testing.T) {
 	v := testGetParseCacheValue(queries[0])
 
 	// Fill bucket
-	for i := range parseBucketMaxLen {
+	for i := 0; i < parseBucketMaxLen; i++ {
 		b.put(queries[i], v)
 	}
 	expectedLen = uint64(parseBucketMaxLen)

app/vmselect/promql/parse_cache_timing_test.go

@@ -15,7 +15,7 @@ func BenchmarkCachePutNoOverFlow(b *testing.B) {
 	b.ReportAllocs()
 	b.RunParallel(func(pb *testing.PB) {
 		for pb.Next() {
-			for i := range items {
+			for i := 0; i < items; i++ {
 				pc.put(queries[i], v)
 			}
 		}
@@ -32,14 +32,14 @@ func BenchmarkCacheGetNoOverflow(b *testing.B) {
 	queries := testGenerateQueries(items)
 	v := testGetParseCacheValue(queries[0])
 
-	for i := range queries {
+	for i := 0; i < len(queries); i++ {
 		pc.put(queries[i], v)
 	}
 	b.ResetTimer()
 	b.ReportAllocs()
 	b.RunParallel(func(pb *testing.PB) {
 		for pb.Next() {
-			for i := range items {
+			for i := 0; i < items; i++ {
 				if v := pc.get(queries[i]); v == nil {
 					b.Errorf("unexpected nil value obtained from cache for query: %s ", queries[i])
 				}
@@ -59,7 +59,7 @@ func BenchmarkCachePutGetNoOverflow(b *testing.B) {
 	b.ReportAllocs()
 	b.RunParallel(func(pb *testing.PB) {
 		for pb.Next() {
-			for i := range items {
+			for i := 0; i < items; i++ {
 				pc.put(queries[i], v)
 				if res := pc.get(queries[i]); res == nil {
 					b.Errorf("unexpected nil value obtained from cache for query: %s ", queries[i])
@@ -79,7 +79,7 @@ func BenchmarkCachePutOverflow(b *testing.B) {
 	queries := testGenerateQueries(items)
 	v := testGetParseCacheValue(queries[0])
 
-	for i := range parseCacheMaxLen {
+	for i := 0; i < parseCacheMaxLen; i++ {
 		c.put(queries[i], v)
 	}
 
@@ -105,7 +105,7 @@ func BenchmarkCachePutGetOverflow(b *testing.B) {
 	queries := testGenerateQueries(items)
 	v := testGetParseCacheValue(queries[0])
 
-	for i := range parseCacheMaxLen {
+	for i := 0; i < parseCacheMaxLen; i++ {
 		c.put(queries[i], v)
 	}
 
@@ -141,8 +141,8 @@ var testSimpleQueries = []string{
 
 func BenchmarkParsePromQLWithCacheSimple(b *testing.B) {
 	b.ReportAllocs()
-	for range b.N {
-		for j := range testSimpleQueries {
+	for i := 0; i < b.N; i++ {
+		for j := 0; j < len(testSimpleQueries); j++ {
 			_, err := parsePromQLWithCache(testSimpleQueries[j])
 			if err != nil {
 				b.Errorf("unexpected error: %s", err)
@@ -155,7 +155,7 @@ func BenchmarkParsePromQLWithCacheSimpleParallel(b *testing.B) {
 	b.ReportAllocs()
 	b.RunParallel(func(pb *testing.PB) {
 		for pb.Next() {
-			for i := range testSimpleQueries {
+			for i := 0; i < len(testSimpleQueries); i++ {
 				_, err := parsePromQLWithCache(testSimpleQueries[i])
 				if err != nil {
 					b.Errorf("unexpected error: %s", err)
@@ -210,8 +210,8 @@ var testComplexQueries = []string{
 
 func BenchmarkParsePromQLWithCacheComplex(b *testing.B) {
 	b.ReportAllocs()
-	for range b.N {
-		for j := range testComplexQueries {
+	for i := 0; i < b.N; i++ {
+		for j := 0; j < len(testComplexQueries); j++ {
 			_, err := parsePromQLWithCache(testComplexQueries[j])
 			if err != nil {
 				b.Errorf("unexpected error: %s", err)
@@ -224,7 +224,7 @@ func BenchmarkParsePromQLWithCacheComplexParallel(b *testing.B) {
 	b.ReportAllocs()
 	b.RunParallel(func(pb *testing.PB) {
 		for pb.Next() {
-			for i := range testComplexQueries {
+			for i := 0; i < len(testComplexQueries); i++ {
 				_, err := parsePromQLWithCache(testComplexQueries[i])
 				if err != nil {
 					b.Errorf("unexpected error: %s", err)

app/vmselect/promql/rollup_result_cache.go

@@ -739,7 +739,7 @@ func (mi *rollupResultCacheMetainfo) Unmarshal(src []byte) error {
 	entriesLen := int(encoding.UnmarshalUint32(src))
 	src = src[4:]
 	mi.entries = slicesutil.SetLength(mi.entries, entriesLen)
-	for i := range entriesLen {
+	for i := 0; i < entriesLen; i++ {
 		tail, err := mi.entries[i].Unmarshal(src)
 		if err != nil {
 			return fmt.Errorf("cannot unmarshal entry #%d: %w", i, err)

app/vmselect/promql/rollup_result_cache_test.go

@@ -11,14 +11,14 @@ import (
 
 func TestRollupResultCacheInitStop(t *testing.T) {
 	t.Run("inmemory", func(_ *testing.T) {
-		for range 5 {
+		for i := 0; i < 5; i++ {
 			InitRollupResultCache("")
 			StopRollupResultCache()
 		}
 	})
 	t.Run("file-based", func(_ *testing.T) {
 		cacheFilePath := "test-rollup-result-cache"
-		for range 3 {
+		for i := 0; i < 3; i++ {
 			InitRollupResultCache(cacheFilePath)
 			StopRollupResultCache()
 		}
@@ -241,12 +241,12 @@ func TestRollupResultCache(t *testing.T) {
 	t.Run("big-timeseries", func(t *testing.T) {
 		ResetRollupResultCache()
 		var tss []*timeseries
-		for i := range 1000 {
+		for i := 0; i < 1000; i++ {
 			ts := &timeseries{
 				Timestamps: []int64{1000, 1200, 1400, 1600, 1800, 2000},
 				Values:     []float64{1, 2, 3, 4, 5, 6},
 			}
-			ts.MetricName.MetricGroup = fmt.Appendf(nil, "metric %d", i)
+			ts.MetricName.MetricGroup = []byte(fmt.Sprintf("metric %d", i))
 			tss = append(tss, ts)
 		}
 		rollupResultCacheV.PutSeries(nil, ec, fe, window, tss)

app/vmselect/promql/rollup_test.go

@@ -240,7 +240,7 @@ func testRollupFunc(t *testing.T, funcName string, args []any, vExpected float64
 	if rollupFuncsRemoveCounterResets[funcName] {
 		removeCounterResets(rfa.values, rfa.timestamps, 0)
 	}
-	for range 5 {
+	for i := 0; i < 5; i++ {
 		v := rf(&rfa)
 		if math.IsNaN(vExpected) {
 			if !math.IsNaN(v) {
@@ -1493,7 +1493,7 @@ func TestRollupBigNumberOfValues(t *testing.T) {
 	rc.Timestamps = rc.getTimestamps()
 	srcValues := make([]float64, srcValuesCount)
 	srcTimestamps := make([]int64, srcValuesCount)
-	for i := range int(srcValuesCount) {
+	for i := 0; i < srcValuesCount; i++ {
 		srcValues[i] = float64(i)
 		srcTimestamps[i] = int64(i / 2)
 	}

app/vmselect/promql/transform.go

@@ -51,7 +51,6 @@ var transformFuncs = map[string]transformFunc{
 	"exp":                        newTransformFuncOneArg(transformExp),
 	"floor":                      newTransformFuncOneArg(transformFloor),
 	"histogram_avg":              transformHistogramAvg,
-	"histogram_fraction":         transformHistogramFraction,
 	"histogram_quantile":         transformHistogramQuantile,
 	"histogram_quantiles":        transformHistogramQuantiles,
 	"histogram_share":            transformHistogramShare,
@@ -452,7 +451,7 @@ func transformBucketsLimit(tfa *transformFuncArg) ([]*timeseries, error) {
 		sort.Slice(leGroup, func(i, j int) bool {
 			return leGroup[i].le < leGroup[j].le
 		})
-		for n := range pointsCount {
+		for n := 0; n < pointsCount; n++ {
 			prevValue := float64(0)
 			for i := range leGroup {
 				xx := &leGroup[i]
@@ -663,13 +662,13 @@ func transformHistogramShare(tfa *transformFuncArg) ([]*timeseries, error) {
 		if math.IsNaN(leReq) || len(xss) == 0 {
 			return nan, nan, nan
 		}
+		fixBrokenBuckets(i, xss)
 		if leReq < 0 {
 			return 0, 0, 0
 		}
 		if math.IsInf(leReq, 1) {
 			return 1, 1, 1
 		}
-		fixBrokenBuckets(i, xss)
 		var vPrev, lePrev float64
 		for _, xs := range xss {
 			v := xs.ts.Values[i]
@@ -730,85 +729,6 @@ func transformHistogramShare(tfa *transformFuncArg) ([]*timeseries, error) {
 	return rvs, nil
 }
 
-// histogram_fraction is a shortcut for `histogram_share(upperLe, buckets) - histogram_share(lowerLe, buckets)`;
-// histogram_fraction(x, y) = histogram_fraction(-Inf, y) - histogram_fraction(-Inf, x) = histogram_share(y) - histogram_share(x).
-// This function is supported by PromQL.
-func transformHistogramFraction(tfa *transformFuncArg) ([]*timeseries, error) {
-	args := tfa.args
-	if err := expectTransformArgsNum(args, 3); err != nil {
-		return nil, err
-	}
-	lowerles, err := getScalar(args[0], 0)
-	if err != nil {
-		return nil, fmt.Errorf("cannot parse lower le: %w", err)
-	}
-	upperles, err := getScalar(args[1], 1)
-	if err != nil {
-		return nil, fmt.Errorf("cannot parse upper le: %w", err)
-	}
-	if lowerles[0] >= upperles[0] {
-		return nil, fmt.Errorf("lower le cannot be greater than upper le; got lower le: %f, upper le: %f", lowerles[0], upperles[0])
-	}
-
-	// Convert buckets with `vmrange` labels to buckets with `le` labels.
-	tss := vmrangeBucketsToLE(args[2])
-
-	// Group metrics by all tags excluding "le"
-	m := groupLeTimeseries(tss)
-
-	fraction := func(i int, lowerle, upperle float64, xss []leTimeseries) (q float64) {
-		if math.IsNaN(lowerle) || math.IsNaN(upperle) || len(xss) == 0 {
-			return nan
-		}
-		fixBrokenBuckets(i, xss)
-		share := func(leReq float64) float64 {
-			if leReq < 0 {
-				return 0
-			}
-			if math.IsInf(leReq, 1) {
-				return 1
-			}
-			var vPrev, lePrev float64
-			for _, xs := range xss {
-				v := xs.ts.Values[i]
-				le := xs.le
-				if leReq >= le {
-					vPrev = v
-					lePrev = le
-					continue
-				}
-				// precondition: lePrev <= leReq < le
-				vLast := xss[len(xss)-1].ts.Values[i]
-				lower := vPrev / vLast
-				if math.IsInf(le, 1) {
-					return lower
-				}
-				if lePrev == leReq {
-					return lower
-				}
-				q = lower + (v-vPrev)/vLast*(leReq-lePrev)/(le-lePrev)
-				return q
-			}
-			return 1
-		}
-		return share(upperle) - share(lowerle)
-	}
-	rvs := make([]*timeseries, 0, len(m))
-	for _, xss := range m {
-		sort.Slice(xss, func(i, j int) bool {
-			return xss[i].le < xss[j].le
-		})
-		xss = mergeSameLE(xss)
-		dst := xss[0].ts
-		for i := range dst.Values {
-			q := fraction(i, lowerles[i], upperles[i], xss)
-			dst.Values[i] = q
-		}
-		rvs = append(rvs, dst)
-	}
-	return rvs, nil
-}
-
 func transformHistogramAvg(tfa *transformFuncArg) ([]*timeseries, error) {
 	args := tfa.args
 	if err := expectTransformArgsNum(args, 1); err != nil {
@@ -1272,7 +1192,7 @@ func transformInterpolate(tfa *transformFuncArg) ([]*timeseries, error) {
 		}
 		prevValue := nan
 		var nextValue float64
-		for i := range values {
+		for i := 0; i < len(values); i++ {
 			if !math.IsNaN(values[i]) {
 				continue
 			}

app/vmselect/vmui/assets/MetricsQL-CDnEXB9l.md

@@ -12,7 +12,6 @@ aliases:
 - /MetricsQL.html
 - /metricsql/index.html
 - /metricsql/
-- /MetricsQL/
 ---
 [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics) implements MetricsQL -
 query language inspired by [PromQL](https://prometheus.io/docs/prometheus/latest/querying/basics/).
@@ -1227,10 +1226,7 @@ Metric names are stripped from the resulting series. Add [keep_metric_names](#ke
 #### buckets_limit
 
 `buckets_limit(limit, buckets)` is a [transform function](#transform-functions), which limits the number
-of [histogram buckets](https://valyala.medium.com/improving-histogram-usability-for-prometheus-and-grafana-bc7e5df0e350) to the given `limit`. 
-
-The result will preserve the first and the last bucket to improve accuracy for min and max values. 
-So, if the `limit` is greater than 0 and less than 3, the function will still return 3 buckets: the first bucket, the last bucket, and a selected bucket.
+of [histogram buckets](https://valyala.medium.com/improving-histogram-usability-for-prometheus-and-grafana-bc7e5df0e350) to the given `limit`.
 
 See also [prometheus_buckets](#prometheus_buckets) and [histogram_quantile](#histogram_quantile).
 
@@ -1384,15 +1380,6 @@ It can be used for calculating the average over the given time range across mult
 For example, `histogram_avg(sum(histogram_over_time(response_time_duration_seconds[5m])) by (vmrange,job))` would return the average response time
 per each `job` over the last 5 minutes.
 
-#### histogram_fraction
-
-`histogram_fraction(lowerLe, upperLe, buckets)` is a [transform function](#transform-functions), which calculates the share (in the range `[0...1]`) for `buckets` that fall between `lowerLe` and `upperLe`.
-The result of `histogram_fraction(lowerLe, upperLe, buckets)` is equivalent to `histogram_share(upperLe, buckets) - histogram_share(lowerLe, buckets)`.
-
-This function is supported by PromQL.
-
-See also [histogram_share](#histogram_share).
-
 #### histogram_quantile
 
 `histogram_quantile(phi, buckets)` is a [transform function](#transform-functions), which calculates `phi`-[percentile](https://en.wikipedia.org/wiki/Percentile)

app/vmselect/vmui/index.html

@@ -37,8 +37,8 @@
   <meta property="og:title" content="UI for VictoriaMetrics">
   <meta property="og:url" content="https://victoriametrics.com/">
   <meta property="og:description" content="Explore and troubleshoot your VictoriaMetrics data">
-  <script type="module" crossorigin src="./assets/index-DIRuq0ns.js"></script>
-  <link rel="modulepreload" crossorigin href="./assets/vendor-BR6Q0Fin.js">
+  <script type="module" crossorigin src="./assets/index-C4RD5Sxk.js"></script>
+  <link rel="modulepreload" crossorigin href="./assets/vendor-EZef-S_8.js">
   <link rel="stylesheet" crossorigin href="./assets/vendor-D1GxaB_c.css">
   <link rel="stylesheet" crossorigin href="./assets/index-D7CzMv1O.css">
 </head>

app/vmstorage/main.go

@@ -62,7 +62,7 @@ var (
 		"Excess series are logged and dropped. This can be useful for limiting series churn rate. See https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#cardinality-limiter . "+
 		"See also -storage.maxHourlySeries")
 
-	minFreeDiskSpaceBytes = flagutil.NewBytes("storage.minFreeDiskSpaceBytes", 100e6, "The minimum free disk space at -storageDataPath after which the storage stops accepting new data")
+	minFreeDiskSpaceBytes = flagutil.NewBytes("storage.minFreeDiskSpaceBytes", 10e6, "The minimum free disk space at -storageDataPath after which the storage stops accepting new data")
 
 	cacheSizeStorageTSID = flagutil.NewBytes("storage.cacheSizeStorageTSID", 0, "Overrides max size for storage/tsid cache. "+
 		"See https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#cache-tuning")
@@ -655,7 +655,6 @@ func writeStorageMetrics(w io.Writer, strg *storage.Storage) {
 	metrics.WriteGaugeUint64(w, `vm_cache_entries{type="indexdb/metricID"}`, idbm.MetricIDCacheSize)
 	metrics.WriteGaugeUint64(w, `vm_cache_entries{type="indexdb/date_metricID"}`, idbm.DateMetricIDCacheSize)
 	metrics.WriteGaugeUint64(w, `vm_cache_entries{type="indexdb/tagFiltersToMetricIDs"}`, idbm.TagFiltersToMetricIDsCacheSize)
-	metrics.WriteGaugeUint64(w, `vm_cache_entries{type="indexdb/tagFiltersLoops"}`, idbm.LoopsPerDateTagFilterCacheSize)
 
 	metrics.WriteGaugeUint64(w, `vm_cache_size_bytes{type="storage/indexBlocks"}`, tm.IndexBlocksCacheSizeBytes)
 	metrics.WriteGaugeUint64(w, `vm_cache_size_bytes{type="storage/tsid"}`, m.TSIDCacheSizeBytes)
@@ -671,7 +670,6 @@ func writeStorageMetrics(w io.Writer, strg *storage.Storage) {
 	metrics.WriteGaugeUint64(w, `vm_cache_size_bytes{type="indexdb/dataBlocksSparse"}`, idbm.DataBlocksSparseCacheSizeBytes)
 	metrics.WriteGaugeUint64(w, `vm_cache_size_bytes{type="indexdb/indexBlocks"}`, idbm.IndexBlocksCacheSizeBytes)
 	metrics.WriteGaugeUint64(w, `vm_cache_size_bytes{type="indexdb/tagFiltersToMetricIDs"}`, idbm.TagFiltersToMetricIDsCacheSizeBytes)
-	metrics.WriteGaugeUint64(w, `vm_cache_size_bytes{type="indexdb/tagFiltersLoops"}`, idbm.LoopsPerDateTagFilterCacheSizeBytes)
 
 	metrics.WriteGaugeUint64(w, `vm_cache_size_max_bytes{type="storage/indexBlocks"}`, tm.IndexBlocksCacheSizeMaxBytes)
 	metrics.WriteGaugeUint64(w, `vm_cache_size_max_bytes{type="storage/tsid"}`, m.TSIDCacheSizeMaxBytes)
@@ -683,7 +681,6 @@ func writeStorageMetrics(w io.Writer, strg *storage.Storage) {
 	metrics.WriteGaugeUint64(w, `vm_cache_size_max_bytes{type="indexdb/dataBlocksSparse"}`, idbm.DataBlocksSparseCacheSizeMaxBytes)
 	metrics.WriteGaugeUint64(w, `vm_cache_size_max_bytes{type="indexdb/indexBlocks"}`, idbm.IndexBlocksCacheSizeMaxBytes)
 	metrics.WriteGaugeUint64(w, `vm_cache_size_max_bytes{type="indexdb/tagFiltersToMetricIDs"}`, idbm.TagFiltersToMetricIDsCacheSizeMaxBytes)
-	metrics.WriteGaugeUint64(w, `vm_cache_size_max_bytes{type="indexdb/tagFiltersLoops"}`, idbm.LoopsPerDateTagFilterCacheSizeMaxBytes)
 
 	metrics.WriteCounterUint64(w, `vm_cache_requests_total{type="storage/indexBlocks"}`, tm.IndexBlocksCacheRequests)
 	metrics.WriteCounterUint64(w, `vm_cache_requests_total{type="storage/tsid"}`, m.TSIDCacheRequests)
@@ -695,7 +692,6 @@ func writeStorageMetrics(w io.Writer, strg *storage.Storage) {
 	metrics.WriteCounterUint64(w, `vm_cache_requests_total{type="indexdb/dataBlocksSparse"}`, idbm.DataBlocksSparseCacheRequests)
 	metrics.WriteCounterUint64(w, `vm_cache_requests_total{type="indexdb/indexBlocks"}`, idbm.IndexBlocksCacheRequests)
 	metrics.WriteCounterUint64(w, `vm_cache_requests_total{type="indexdb/tagFiltersToMetricIDs"}`, idbm.TagFiltersToMetricIDsCacheRequests)
-	metrics.WriteCounterUint64(w, `vm_cache_requests_total{type="indexdb/tagFiltersLoops"}`, idbm.LoopsPerDateTagFilterCacheRequests)
 
 	metrics.WriteCounterUint64(w, `vm_cache_misses_total{type="storage/indexBlocks"}`, tm.IndexBlocksCacheMisses)
 	metrics.WriteCounterUint64(w, `vm_cache_misses_total{type="storage/tsid"}`, m.TSIDCacheMisses)
@@ -707,7 +703,6 @@ func writeStorageMetrics(w io.Writer, strg *storage.Storage) {
 	metrics.WriteCounterUint64(w, `vm_cache_misses_total{type="indexdb/dataBlocksSparse"}`, idbm.DataBlocksSparseCacheMisses)
 	metrics.WriteCounterUint64(w, `vm_cache_misses_total{type="indexdb/indexBlocks"}`, idbm.IndexBlocksCacheMisses)
 	metrics.WriteCounterUint64(w, `vm_cache_misses_total{type="indexdb/tagFiltersToMetricIDs"}`, idbm.TagFiltersToMetricIDsCacheMisses)
-	metrics.WriteCounterUint64(w, `vm_cache_misses_total{type="indexdb/tagFiltersLoops"}`, idbm.LoopsPerDateTagFilterCacheMisses)
 
 	metrics.WriteCounterUint64(w, `vm_cache_resets_total{type="indexdb/tagFiltersToMetricIDs"}`, idbm.TagFiltersToMetricIDsCacheResets)
 

app/vmui/Dockerfile-web

@@ -1,4 +1,4 @@
-FROM golang:1.26.0 AS build-web-stage
+FROM golang:1.25.6 AS build-web-stage
 COPY build /build
 
 WORKDIR /build
@@ -6,7 +6,7 @@ COPY web/ /build/
 RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o web-amd64 github.com/VictoriMetrics/vmui/ && \
     GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o web-windows github.com/VictoriMetrics/vmui/
 
-FROM alpine:3.23.3
+FROM alpine:3.22.2
 USER root
 
 COPY --from=build-web-stage /build/web-amd64 /app/web

app/vmui/packages/vmui/package.json

@@ -24,10 +24,10 @@
     "dayjs": "^1.11.19",
     "lodash.debounce": "^4.0.8",
     "marked": "^17.0.1",
-    "preact": "^10.28.3",
+    "preact": "^10.28.2",
     "qs": "^6.14.1",
     "react-input-mask": "^2.0.4",
-    "react-router-dom": "^7.13.0",
+    "react-router-dom": "^7.12.0",
     "uplot": "^1.6.32",
     "vite": "^7.3.1",
     "web-vitals": "^5.1.0"
@@ -35,29 +35,29 @@
   "devDependencies": {
     "@eslint/eslintrc": "^3.3.3",
     "@eslint/js": "^9.39.2",
-    "@preact/preset-vite": "^2.10.3",
+    "@preact/preset-vite": "^2.10.2",
     "@testing-library/jest-dom": "^6.9.1",
     "@testing-library/preact": "^3.2.4",
     "@types/lodash.debounce": "^4.0.9",
-    "@types/node": "^25.2.0",
+    "@types/node": "^25.0.8",
     "@types/qs": "^6.14.0",
-    "@types/react": "^19.2.10",
+    "@types/react": "^19.2.8",
     "@types/react-input-mask": "^3.0.6",
     "@types/react-router-dom": "^5.3.3",
-    "@typescript-eslint/eslint-plugin": "^8.54.0",
-    "@typescript-eslint/parser": "^8.54.0",
+    "@typescript-eslint/eslint-plugin": "^8.53.0",
+    "@typescript-eslint/parser": "^8.53.0",
     "cross-env": "^10.1.0",
     "eslint": "^9.39.2",
     "eslint-plugin-react": "^7.37.5",
     "eslint-plugin-unused-imports": "^4.3.0",
-    "globals": "^17.3.0",
+    "globals": "^17.0.0",
     "http-proxy-middleware": "^3.0.5",
-    "jsdom": "^28.0.0",
+    "jsdom": "^27.4.0",
     "postcss": "^8.5.6",
     "rollup-plugin-visualizer": "^6.0.5",
-    "sass-embedded": "^1.97.3",
+    "sass-embedded": "^1.97.2",
     "typescript": "^5.9.3",
-    "vitest": "^4.0.18"
+    "vitest": "^4.0.17"
   },
   "browserslist": {
     "production": [

app/vmui/packages/vmui/src/assets/MetricsQL.md

@@ -12,7 +12,6 @@ aliases:
 - /MetricsQL.html
 - /metricsql/index.html
 - /metricsql/
-- /MetricsQL/
 ---
 [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics) implements MetricsQL -
 query language inspired by [PromQL](https://prometheus.io/docs/prometheus/latest/querying/basics/).
@@ -1227,10 +1226,7 @@ Metric names are stripped from the resulting series. Add [keep_metric_names](#ke
 #### buckets_limit
 
 `buckets_limit(limit, buckets)` is a [transform function](#transform-functions), which limits the number
-of [histogram buckets](https://valyala.medium.com/improving-histogram-usability-for-prometheus-and-grafana-bc7e5df0e350) to the given `limit`. 
-
-The result will preserve the first and the last bucket to improve accuracy for min and max values. 
-So, if the `limit` is greater than 0 and less than 3, the function will still return 3 buckets: the first bucket, the last bucket, and a selected bucket.
+of [histogram buckets](https://valyala.medium.com/improving-histogram-usability-for-prometheus-and-grafana-bc7e5df0e350) to the given `limit`.
 
 See also [prometheus_buckets](#prometheus_buckets) and [histogram_quantile](#histogram_quantile).
 
@@ -1384,15 +1380,6 @@ It can be used for calculating the average over the given time range across mult
 For example, `histogram_avg(sum(histogram_over_time(response_time_duration_seconds[5m])) by (vmrange,job))` would return the average response time
 per each `job` over the last 5 minutes.
 
-#### histogram_fraction
-
-`histogram_fraction(lowerLe, upperLe, buckets)` is a [transform function](#transform-functions), which calculates the share (in the range `[0...1]`) for `buckets` that fall between `lowerLe` and `upperLe`.
-The result of `histogram_fraction(lowerLe, upperLe, buckets)` is equivalent to `histogram_share(upperLe, buckets) - histogram_share(lowerLe, buckets)`.
-
-This function is supported by PromQL.
-
-See also [histogram_share](#histogram_share).
-
 #### histogram_quantile
 
 `histogram_quantile(phi, buckets)` is a [transform function](#transform-functions), which calculates `phi`-[percentile](https://en.wikipedia.org/wiki/Percentile)

app/vmui/packages/vmui/src/components/Configurators/QueryEditor/QueryEditorAutocomplete.tsx

@@ -6,8 +6,6 @@ import { QueryContextType } from "../../../types";
 import { AUTOCOMPLETE_LIMITS } from "../../../constants/queryAutocomplete";
 import { QueryEditorAutocompleteProps } from "./QueryEditor";
 import { getExprLastPart, getValueByContext, getContext } from "./autocompleteUtils";
-import { extractCurrentLabel, extractLabelMatchers, extractMetric, splitByCursor } from "./utils/parser";
-import { escapeLabelName } from "../../../utils/metric";
 
 const QueryEditorAutocomplete: FC<QueryEditorAutocompleteProps> = ({
   value,
@@ -22,39 +20,45 @@ const QueryEditorAutocomplete: FC<QueryEditorAutocompleteProps> = ({
   const metricsqlFunctions = useGetMetricsQL(includeFunctions);
 
   const values = useMemo(() => {
-    return splitByCursor(value, caretPosition);
+    if (caretPosition[0] !== caretPosition[1]) return { beforeCursor: value, afterCursor: "" };
+    const beforeCursor = value.substring(0, caretPosition[0]);
+    const afterCursor = value.substring(caretPosition[1]);
+    return { beforeCursor, afterCursor };
   }, [value, caretPosition]);
 
-  const exprLastPart = useMemo(() => {
-    return getExprLastPart(values.beforeCursor);
-  }, [values.beforeCursor]);
+  const exprLastPart = useMemo(() => getExprLastPart(values.beforeCursor), [values]);
 
   const metric = useMemo(() => {
-    return extractMetric(exprLastPart);
+    const regex1 = /\w+\((?<metricName>[^)]+)\)\s+(by|without|on|ignoring)\s*\(\w*/gi;
+    const matchAlt = [...exprLastPart.matchAll(regex1)];
+    if (matchAlt.length > 0 && matchAlt[0].groups && matchAlt[0].groups.metricName) {
+      return matchAlt[0].groups.metricName;
+    }
+
+    const regex2 = /^\s*\b(?<metricName>[^{}(),\s]+)(?={|$)/g;
+    const match = [...exprLastPart.matchAll(regex2)];
+    if (match.length > 0 && match[0].groups && match[0].groups.metricName) {
+      return match[0].groups.metricName;
+    }
+
+    return "";
   }, [exprLastPart]);
 
   const label = useMemo(() => {
-    return extractCurrentLabel(exprLastPart);
+    const regexp = /[a-z_:-][\w\-.:/]*\b(?=\s*(=|!=|=~|!~))/g;
+    const match = exprLastPart.match(regexp);
+    return match ? match[match.length - 1] : "";
   }, [exprLastPart]);
 
-  const context = useMemo(() => {
-    return getContext(values.beforeCursor, metric, label);
-  }, [values.beforeCursor, metric, label]);
+  const context = useMemo(() => getContext(values.beforeCursor, metric, label), [values, metric, label]);
 
-  const valueByContext = useMemo(() => {
-    return getValueByContext(values.beforeCursor);
-  }, [values.beforeCursor]);
-
-  const labelMatchers = useMemo(() => {
-    return extractLabelMatchers(values.beforeCursor, label);
-  }, [values.beforeCursor, label]);
+  const valueByContext = useMemo(() => getValueByContext(values.beforeCursor), [values.beforeCursor]);
 
   const { metrics, labels, labelValues, loading } = useFetchQueryOptions({
     valueByContext,
     metric,
     label,
     context,
-    labelMatchers,
   });
 
   const options = useMemo(() => {
@@ -68,18 +72,18 @@ const QueryEditorAutocomplete: FC<QueryEditorAutocompleteProps> = ({
       default:
         return [];
     }
-  }, [context, metrics, labels, labelValues, metricsqlFunctions]);
+  }, [context, metrics, labels, labelValues]);
 
   const handleSelect = useCallback((insert: string) => {
     // Find the start and end of valueByContext in the query string
-    const beforeCursor = values.beforeCursor;
+    const value = values.beforeCursor;
     let valueAfterCursor = values.afterCursor;
-    const startIndexOfValueByContext = beforeCursor.lastIndexOf(valueByContext, caretPosition[0]);
+    const startIndexOfValueByContext = value.lastIndexOf(valueByContext, caretPosition[0]);
     const endIndexOfValueByContext = startIndexOfValueByContext + valueByContext.length;
 
     // Split the original string into parts: before, during, and after valueByContext
-    const beforeValueByContext = beforeCursor.substring(0, startIndexOfValueByContext);
-    const afterValueByContext = beforeCursor.substring(endIndexOfValueByContext);
+    const beforeValueByContext = value.substring(0, startIndexOfValueByContext);
+    const afterValueByContext = value.substring(endIndexOfValueByContext);
 
     // Add quotes around the value if the context is labelValue
     if (context === QueryContextType.labelValue) {
@@ -91,7 +95,6 @@ const QueryEditorAutocomplete: FC<QueryEditorAutocompleteProps> = ({
     }
 
     if (context === QueryContextType.label) {
-      insert = escapeLabelName(insert);
       valueAfterCursor = valueAfterCursor.replace(/^[^\s=!,{}()"|+\-/*^]*/, "");
     }
 
@@ -101,7 +104,7 @@ const QueryEditorAutocomplete: FC<QueryEditorAutocompleteProps> = ({
     // Assemble the new value with the inserted text
     const newVal = `${beforeValueByContext}${insert}${afterValueByContext}${valueAfterCursor}`;
     onSelect(newVal, beforeValueByContext.length + insert.length);
-  }, [values.beforeCursor, values.afterCursor, valueByContext, caretPosition, context, onSelect]);
+  }, [values]);
 
   useEffect(() => {
     if (!anchorEl.current) {
@@ -139,7 +142,7 @@ const QueryEditorAutocomplete: FC<QueryEditorAutocompleteProps> = ({
 
     span.remove();
     marker.remove();
-  }, [anchorEl, caretPosition, hasHelperText, values.beforeCursor, values.afterCursor]);
+  }, [anchorEl, caretPosition, hasHelperText]);
 
   return (
     <>

app/vmui/packages/vmui/src/components/Configurators/QueryEditor/utils/parser.test.ts

@@ -1,139 +0,0 @@
-import { describe, it, expect } from "vitest";
-import {
-  splitByCursor,
-  extractMetric,
-  extractCurrentLabel,
-  extractLabelMatchers,
-} from "./parser";
-
-describe("splitByCursor", () => {
-  it("splits by caret when selection is collapsed", () => {
-    const res = splitByCursor("abcdef", [2, 2]);
-    expect(res).toEqual({ beforeCursor: "ab", afterCursor: "cdef" });
-  });
-
-  it("returns whole value as beforeCursor when selection is not collapsed", () => {
-    const res = splitByCursor("abcdef", [1, 3]);
-    expect(res).toEqual({ beforeCursor: "abcdef", afterCursor: "" });
-  });
-
-  it("handles caret at 0", () => {
-    const res = splitByCursor("abc", [0, 0]);
-    expect(res).toEqual({ beforeCursor: "", afterCursor: "abc" });
-  });
-
-  it("handles caret at end", () => {
-    const res = splitByCursor("abc", [3, 3]);
-    expect(res).toEqual({ beforeCursor: "abc", afterCursor: "" });
-  });
-
-  it("treats reversed selection as non-collapsed (browser may return [end,start])", () => {
-    const res = splitByCursor("abcdef", [4, 2]);
-    expect(res).toEqual({ beforeCursor: "abcdef", afterCursor: "" });
-  });
-});
-
-describe("extractMetric", () => {
-  it("extracts metric from plain selector", () => {
-    expect(extractMetric("kube_pod_info{job=\"x\"}")).toBe("kube_pod_info");
-  });
-
-  it("extracts metric from plain expr with leading spaces", () => {
-    expect(extractMetric("   http_requests_total")).toBe("http_requests_total");
-  });
-
-  it("extracts metric from expr with braces right after metric", () => {
-    expect(extractMetric("foo_bar{a=\"b\"}")).toBe("foo_bar");
-  });
-
-  it("extracts metric before grouping modifiers (by/without/on/ignoring)", () => {
-    expect(extractMetric("sum(kube_pod_info) by (pod)")).toBe("kube_pod_info");
-    expect(extractMetric("sum(kube_pod_info) without (pod)")).toBe("kube_pod_info");
-    expect(extractMetric("sum(kube_pod_info) on (pod)")).toBe("kube_pod_info");
-    expect(extractMetric("sum(kube_pod_info) ignoring (pod)")).toBe("kube_pod_info");
-  });
-
-  it("returns empty string when no metric found", () => {
-    expect(extractMetric("{job=\"x\"}")).toBe("");
-    expect(extractMetric("")).toBe("");
-    expect(extractMetric("()")).toBe("");
-  });
-});
-
-describe("extractCurrentLabel", () => {
-  it("returns last label before operator", () => {
-    expect(extractCurrentLabel("metric{job=\"foo\", instance=\"bar\"}")).toBe(
-      "instance"
-    );
-  });
-
-  it("supports spaces around operator", () => {
-    expect(extractCurrentLabel("metric{job=\"foo\", instance = \"bar\"}")).toBe(
-      "instance"
-    );
-  });
-
-  it("supports regexp operators", () => {
-    expect(extractCurrentLabel("metric{pod=~\"api-.*\",namespace=\"dev\"}")).toBe(
-      "namespace"
-    );
-  });
-
-  it("supports label chars : - . /", () => {
-    expect(extractCurrentLabel("m{foo-bar.baz/qux=\"1\"}")).toBe("foo-bar.baz/qux");
-  });
-
-  it("returns empty string when no label pattern", () => {
-    expect(extractCurrentLabel("metric{}").trim()).toBe("");
-    expect(extractCurrentLabel("metric")).toBe("");
-  });
-});
-
-describe("extractLabelMatchers", () => {
-  it("returns all matchers (quoted only)", () => {
-    const expr = "metric{job=\"foo\", instance=\"bar\"}";
-    expect(extractLabelMatchers(expr)).toEqual(["job=\"foo\"", "instance=\"bar\""]);
-  });
-
-  it("keeps original spacing", () => {
-    const expr = "metric{ job = \"foo\" , instance = \"bar\" }";
-    expect(extractLabelMatchers(expr)).toEqual(["job = \"foo\"", "instance = \"bar\""]);
-  });
-
-  it("supports !=, =~, !~", () => {
-    const expr = "m{env!=\"prod\",pod=~\"api-.*\",zone!~\"eu-.*\"}";
-    expect(extractLabelMatchers(expr)).toEqual([
-      "env!=\"prod\"",
-      "pod=~\"api-.*\"",
-      "zone!~\"eu-.*\"",
-    ]);
-  });
-
-  it("excludes only the specified currentLabel matcher (exact label, not prefix)", () => {
-    const expr = "m{job=\"foo\", instance=\"bar\", pod=~\"api-.*\"}";
-    expect(extractLabelMatchers(expr, "instance")).toEqual([
-      "job=\"foo\"",
-      "pod=~\"api-.*\"",
-    ]);
-  });
-
-  it("does not exclude other labels that share a prefix with currentLabel", () => {
-    const expr = "m{instance=\"bar\", insight=\"x\"}";
-    expect(extractLabelMatchers(expr, "insight")).toEqual(["instance=\"bar\""]);
-  });
-
-  it("excludes currentLabel matcher even with spaces around operator", () => {
-    const expr = "m{job=\"foo\", instance = \"bar\"}";
-    expect(extractLabelMatchers(expr, "instance")).toEqual(["job=\"foo\""]);
-  });
-
-  it("returns [] when no matchers", () => {
-    expect(extractLabelMatchers("m{}")).toEqual([]);
-    expect(extractLabelMatchers("m")).toEqual([]);
-  });
-
-  it("does not include unclosed quotes", () => {
-    const expr = "m{job=\"foo\", instance=\"ba";
-    expect(extractLabelMatchers(expr)).toEqual(["job=\"foo\""]);
-  });
-});

app/vmui/packages/vmui/src/components/Configurators/QueryEditor/utils/parser.ts

@@ -1,52 +0,0 @@
-
-export const splitByCursor = (
-  value: string,
-  caret: [number, number]
-) => {
-  if (caret[0] !== caret[1]) {
-    return { beforeCursor: value, afterCursor: "" };
-  }
-
-  return {
-    beforeCursor: value.substring(0, caret[0]),
-    afterCursor: value.substring(caret[1]),
-  };
-};
-
-
-export const extractMetric = (expr: string): string => {
-  const fnRegex = /\w+\((?<metricName>[^)]+)\)\s+(by|without|on|ignoring)\s*\(\w*/gi;
-  const fnMatch = [...expr.matchAll(fnRegex)];
-
-  if (fnMatch[0]?.groups?.metricName) {
-    return fnMatch[0].groups.metricName;
-  }
-
-  const plainRegex = /^\s*\b(?<metricName>[^{}(),\s]+)(?={|$)/g;
-  const match = [...expr.matchAll(plainRegex)];
-  return match[0]?.groups?.metricName || "";
-};
-
-export const extractCurrentLabel = (expr: string): string => {
-  const regexp = /[a-z_:-][\w\-.:/]*\b(?=\s*(=|!=|=~|!~))/g;
-  const match = expr.match(regexp);
-  return match ? match[match.length - 1] : "";
-};
-
-
-export const extractLabelMatchers = (
-  expr: string,
-  currentLabel?: string
-): string[] => {
-  const regexp = /([a-z_:-][\w\-.:/]*)\s*(?:=|!=|=~|!~)\s*"[^"]*"/g;
-
-  const matches = [...expr.matchAll(regexp)];
-  // m[1] = label name
-  // m[0] = full matcher string
-
-  if (!currentLabel) return matches.map(m => m[0]);
-
-  return matches
-    .filter(m => m[1] !== currentLabel)
-    .map(m => m[0]);
-};

app/vmui/packages/vmui/src/hooks/useFetchQueryOptions.tsx

@@ -30,7 +30,6 @@ type FetchQueryArguments = {
   metric: string;
   label: string;
   context: QueryContextType
-  labelMatchers: string[];
 }
 
 const icons = {
@@ -39,7 +38,7 @@ const icons = {
   [TypeData.labelValue]: <ValueIcon/>,
 };
 
-export const useFetchQueryOptions = ({ valueByContext, metric, label, context, labelMatchers }: FetchQueryArguments) => {
+export const useFetchQueryOptions = ({ valueByContext, metric, label, context }: FetchQueryArguments) => {
   const { serverUrl } = useAppState();
   const { period: { start, end } } = useTimeState();
   const { autocompleteCache } = useQueryState();
@@ -144,19 +143,17 @@ export const useFetchQueryOptions = ({ valueByContext, metric, label, context, l
     setLabels([]);
 
     const metricEscaped = escapeDoubleQuotes(metric);
-    const matchMetric = metric ? `__name__="${metricEscaped}"` : "";
-    const matchValue = [matchMetric, ...labelMatchers].filter(Boolean).join(",");
 
     fetchData({
       value,
       urlSuffix: "labels",
       setter: setLabels,
       type: TypeData.label,
-      params: getQueryParams({ "match[]": `{${matchValue}}` })
+      params: getQueryParams(metric ? { "match[]": `{__name__="${metricEscaped}"}` } : undefined)
     });
 
     return () => abortControllerRef.current?.abort();
-  }, [serverUrl, value, context, metric, labelMatchers]);
+  }, [serverUrl, value, context, metric]);
 
   // fetch labelValues
   useEffect(() => {
@@ -169,7 +166,7 @@ export const useFetchQueryOptions = ({ valueByContext, metric, label, context, l
     const valueReEscaped = escapeDoubleQuotes(escapeRegexp(value));
     const matchMetric = metric ? `__name__="${metricEscaped}"` : "";
     const matchLabel = `${label}=~".*${valueReEscaped}.*"`;
-    const matchValue = [matchMetric, ...labelMatchers, matchLabel].filter(Boolean).join(",");
+    const matchValue = [matchMetric, matchLabel].filter(Boolean).join(",");
 
     fetchData({
       value,
@@ -180,7 +177,7 @@ export const useFetchQueryOptions = ({ valueByContext, metric, label, context, l
     });
 
     return () => abortControllerRef.current?.abort();
-  }, [serverUrl, value, context, metric, label, labelMatchers]);
+  }, [serverUrl, value, context, metric, label]);
 
   return {
     metrics,

app/vmui/packages/vmui/src/pages/CardinalityPanel/helpers.ts

@@ -1,5 +1,4 @@
 import { QueryUpdater } from "./types";
-import { escapeLabelName } from "../../utils/metric";
 
 export const queryUpdater: QueryUpdater = {
   seriesCountByMetricName: ({ query }): string => {
@@ -29,5 +28,5 @@ const getSeriesSelector = (label: string | null, value: string): string => {
   if (!label) {
     return "";
   }
-  return "{" + escapeLabelName(label) + "=" + JSON.stringify(value) + "}";
+  return "{" + label + "=" + JSON.stringify(value) + "}";
 };

app/vmui/packages/vmui/src/pages/CardinalityPanel/index.tsx

@@ -18,7 +18,6 @@ import {
   TipHighNumberOfValues
 } from "./CardinalityTips";
 import useSearchParamsFromObject from "../../hooks/useSearchParamsFromObject";
-import { escapeLabelName } from "../../utils/metric";
 
 const spinnerMessage = `Please wait while cardinality stats is calculated. 
                         This may take some time if the db contains big number of time series.`;
@@ -37,17 +36,12 @@ const CardinalityPanel: FC = () => {
   const defaultState = getDefaultState(match, focusLabel);
 
   const handleFilterClick = (key: string) => (query: string) => {
-    const rawQuery = query;
-
-    const isLabelKey = ["labelValueCountByLabelName", "seriesCountByLabelName"].includes(key);
-    if (isLabelKey) query = escapeLabelName(query);
-
     const value = queryUpdater[key]({ query, focusLabel, match });
     const params: Record<string, string> = { match: value };
-    if (isLabelKey) {
-      params.focusLabel = rawQuery;
+    if (key === "labelValueCountByLabelName" || key == "seriesCountByLabelName") {
+      params.focusLabel = query;
     }
-    if (key === "seriesCountByFocusLabelValue") {
+    if (key == "seriesCountByFocusLabelValue") {
       params.focusLabel = "";
     }
     setSearchParamsFromKeys(params);

app/vmui/packages/vmui/src/pages/TopQueries/hooks/useFetchTopQueries.ts

@@ -26,7 +26,8 @@ const getQueryUrl = (row: TopQuery, timeRange: string) => {
 };
 
 const processResponse = (data: TopQueriesData) => {
-  const list = ["topByAvgDuration", "topByCount", "topBySumDuration", "topByAvgMemoryUsage"] as (keyof TopQueriesData)[];
+  const list = ["topByAvgDuration", "topByCount", "topBySumDuration"] as (keyof TopQueriesData)[];
+
   list.forEach(key => {
     const target = data[key] as TopQuery[];
     if (!Array.isArray(target)) return;

app/vmui/packages/vmui/src/pages/TopQueries/index.tsx

@@ -178,17 +178,6 @@ const TopQueries: FC = () => {
               { key: "count" }
             ]}
           />
-          <TopQueryPanel
-            rows={data.topByAvgMemoryUsage}
-            title={"Queries with most memory to execute"}
-            columns={[
-              { key: "query" },
-              { key: "avgMemoryBytes", title: "avg memory usage, bytes" },
-              { key: "timeRange", sortBy: "timeRangeSeconds", title: "query time interval" },
-              { key: "count" }
-            ]}
-            defaultOrderBy={"avgMemoryBytes"}
-          />
         </div>
       </>)}
     </div>

app/vmui/packages/vmui/src/types/index.ts

@@ -92,7 +92,6 @@ export interface TopQuery {
   query: string;
   timeRangeSeconds: number;
   sumDurationSeconds: number;
-  avgMemoryBytes: number;
   timeRange: string;
   url?: string;
 }
@@ -108,7 +107,6 @@ export interface TopQueriesData extends TopQueryStats {
   topByAvgDuration: TopQuery[];
   topByCount: TopQuery[];
   topBySumDuration: TopQuery[];
-  topByAvgMemoryUsage: TopQuery[];
   error?: string;
 }
 

app/vmui/packages/vmui/src/utils/metric.ts

@@ -52,7 +52,3 @@ export const isHistogramData = (result: MetricBase[]) => {
 
   return isHistogram && result.every(r => histogramLabels.some(l => l in r.metric));
 };
-
-export const escapeLabelName = (s: string) => {
-  return s.replace(/([\\./-])/g, "\\$1");
-};

app/vmui/packages/vmui/vite.config.ts

@@ -10,19 +10,25 @@ const getProxy = (): Record<string, ProxyOptions> | undefined => {
     return undefined;
   }
 
-  const commonProxy: ProxyOptions = {
-    target: "https://play.victoriametrics.com/select/0",
-    changeOrigin: true,
-    configure: (proxy) => {
-      proxy.on("error", (err) => {
-        console.error("[proxy error]", err.message);
-      });
-    },
-  };
-
   return {
-    "^/prometheus/(api|vmalert)/.*": { ...commonProxy },
-    "/prometheus/vmui/config.json": { ...commonProxy },
+    "^/(api|vmalert)/.*": {
+      target: "https://play.victoriametrics.com/select/0/prometheus",
+      changeOrigin: true,
+      configure: (proxy) => {
+        proxy.on("error", (err) => {
+          console.error("[proxy error]", err.message);
+        });
+      },
+    },
+    "/prometheus/vmui/config.json": {
+      target: "https://play.victoriametrics.com/select/0",
+      changeOrigin: true,
+      configure: (proxy) => {
+        proxy.on("error", (err) => {
+          console.error("[proxy error]", err.message);
+        });
+      },
+    },
   };
 };
 

apptest/model.go

@@ -33,8 +33,6 @@ type PrometheusQuerier interface {
 	// separate interface or rename this interface to allow for multiple querier
 	// types.
 	GraphiteMetricsIndex(t *testing.T, opts QueryOpts) GraphiteMetricsIndexResponse
-	GraphiteTagsTagSeries(t *testing.T, record string, opts QueryOpts)
-	GraphiteTagsTagMultiSeries(t *testing.T, records []string, opts QueryOpts)
 }
 
 // Writer contains methods for writing new data

apptest/tests/graphite_test.go

@@ -60,60 +60,3 @@ func TestClusterMetricsIndex(t *testing.T) {
 
 	testMetricsIndex(tc.T(), sut)
 }
-
-// testTagSeries tests the registration of new time series in index.
-//
-// See https://graphite.readthedocs.io/en/stable/tags.html#adding-series-to-the-tagdb.
-func testTagSeries(tc *apptest.TestCase, sut apptest.PrometheusWriteQuerier, getStorageMetric func(string) int) {
-	t := tc.T()
-
-	assertNewTimeseriesCreatedTotal := func(want int) {
-		tc.Assert(&apptest.AssertOptions{
-			Msg: "unexpected vm_new_timeseries_created_total",
-			Got: func() any {
-				return getStorageMetric("vm_new_timeseries_created_total")
-			},
-			Want: want,
-		})
-	}
-
-	rec := "disk.used;rack=a1;datacenter=dc1;server=web01"
-	sut.GraphiteTagsTagSeries(t, rec, apptest.QueryOpts{})
-	assertNewTimeseriesCreatedTotal(0)
-
-	recs := []string{
-		"metric.yyy;t2=a;t1=b;t3=c",
-		"metric.zzz;t5=d;t4=e;t6=f",
-		"metric.xxx;t8=g;t7=h;t9=i",
-	}
-	sut.GraphiteTagsTagMultiSeries(t, recs, apptest.QueryOpts{})
-	assertNewTimeseriesCreatedTotal(0)
-}
-
-func TestSingleTagSeries(t *testing.T) {
-	tc := apptest.NewTestCase(t)
-	defer tc.Stop()
-
-	sut := tc.MustStartDefaultVmsingle()
-	getStorageMetric := func(name string) int {
-		return sut.GetIntMetric(t, name)
-	}
-
-	testTagSeries(tc, sut, getStorageMetric)
-}
-
-func TestClusterTagSeries(t *testing.T) {
-	tc := apptest.NewTestCase(t)
-	defer tc.Stop()
-
-	sut := tc.MustStartDefaultCluster()
-	getStorageMetric := func(name string) int {
-		var v int
-		for _, s := range sut.Vmstorages {
-			v += s.GetIntMetric(t, name)
-		}
-		return v
-	}
-
-	testTagSeries(tc, sut, getStorageMetric)
-}

apptest/tests/metricsmetadata_test.go

@@ -19,6 +19,7 @@ func TestSingleMetricsMetadata(t *testing.T) {
 	sut := tc.MustStartVmsingle("vmsingle", []string{
 		"-storageDataPath=" + tc.Dir(),
 		"-retentionPeriod=100y",
+		"-enableMetadata",
 	})
 	// verify empty stats
 	resp := sut.PrometheusAPIV1Metadata(t, "", 0, apptest.QueryOpts{})
@@ -119,12 +120,15 @@ func TestClusterMetricsMetadata(t *testing.T) {
 
 	vminsert1 := tc.MustStartVminsert("vminsert1", []string{
 		fmt.Sprintf("-storageNode=%s,%s", vmstorage1.VminsertAddr(), vmstorage2.VminsertAddr()),
+		"-enableMetadata",
 	})
 	vminsert2 := tc.MustStartVminsert("vminsert-2", []string{
 		fmt.Sprintf("-storageNode=%s,%s", vmstorage1.VminsertAddr(), vmstorage2.VminsertAddr()),
+		"-enableMetadata",
 	})
 	vminsertGlobal := tc.MustStartVminsert("vminsert-global", []string{
 		fmt.Sprintf("-storageNode=%s,%s", vminsert1.ClusternativeListenAddr(), vminsert2.ClusternativeListenAddr()),
+		"-enableMetadata",
 	})
 	vmselect := tc.MustStartVmselect("vmselect", []string{
 		fmt.Sprintf("-storageNode=%s,%s", vmstorage1.VmselectAddr(), vmstorage2.VmselectAddr()),