Add token authentication

[liorfranko]

• Add option to authenticate using token - https://www.ntop.org/guides/ntopng/advanced_features/authentication.html?highlight=token#token-based-authentication
• Read the token from env variable.
• Validate that if trying to authenticate with either cookie/basic/token and the needed variables (user/password or token) was not set, an error will be printed.

[liorfranko]

Tests:

1. Use token authentication without setting token in config file nor env variable - fail the validation

$ cat config/ntopng-exporter.yaml
ntopng:
  endpoint: "http://192.168.68.1:3000"
  allowUnsafeTLS: false # set to true to accept self-signed or otherwise unverifiable certs from ntopng (default: false)
  authMethod: token
  scrapeInterval: 15s # scrape from the ntopng API every x period of time (should be synced with your prometheus scrapes) (default: 1 minute)
  scrapeTargets: # you can also specify "all" as a single list item to scrape all available endpoints (default: all)
  - hosts
  - interfaces
  - l7protocols

host:
  interfacesToMonitor:
  - vtnet0

metric:
  excludeDNSMetrics: true # set to true, if you don't care about DNS metrics (also reduces number of metrics) (default: false)
  serve:
    ip: 0.0.0.0 # IP to serve metrics on, 0.0.0.0 is all interfaces (default: 0.0.0.0)
    port: 3001 # port to serve metrics on (default: 3001)
$ printenv | grep NTOPNG
$
$ go run ./ntopng-exporter.go
ran into the following error while attempting to parse config: ntopng token must be set when using token authexit status 1
$

2. Use token authentication with token in config file - pass the validation

$ cat config/ntopng-exporter.yaml
ntopng:
  endpoint: "http://192.168.68.1:3000"
  allowUnsafeTLS: false # set to true to accept self-signed or otherwise unverifiable certs from ntopng (default: false)
  authMethod: token
  token: "ecbc1cff642d34b6a81c5cdb9da31051"
  scrapeInterval: 15s # scrape from the ntopng API every x period of time (should be synced with your prometheus scrapes) (default: 1 minute)
  scrapeTargets: # you can also specify "all" as a single list item to scrape all available endpoints (default: all)
  - hosts
  - interfaces
  - l7protocols

host:
  interfacesToMonitor:
  - vtnet0

metric:
  excludeDNSMetrics: true # set to true, if you don't care about DNS metrics (also reduces number of metrics) (default: false)
  serve:
    ip: 0.0.0.0 # IP to serve metrics on, 0.0.0.0 is all interfaces (default: 0.0.0.0)
    port: 3001 # port to serve metrics on (default: 3001)
$

$ go run ./ntopng-exporter.go
Config: ntopng:
	http://192.168.68.1:3000: ''/*HIDDEN* - token - Allow Unsafe TLS? false
	Scrape Interval: 15s
	Scrape Targets: [hosts interfaces l7protocols]

host:
	Interface List: [vtnet0]

metric:
	Local Subnets: []
	Exclude DNS Metrics? true
	Serve:
		IP: 0.0.0.0
		Port: 3001

3. Use token authentication with token as env variable - pass the validation

$ cat config/ntopng-exporter.yaml
ntopng:
  endpoint: "http://192.168.68.1:3000"
  allowUnsafeTLS: false # set to true to accept self-signed or otherwise unverifiable certs from ntopng (default: false)
  authMethod: token
  scrapeInterval: 15s # scrape from the ntopng API every x period of time (should be synced with your prometheus scrapes) (default: 1 minute)
  scrapeTargets: # you can also specify "all" as a single list item to scrape all available endpoints (default: all)
  - hosts
  - interfaces
  - l7protocols

host:
  interfacesToMonitor:
  - vtnet0

metric:
  excludeDNSMetrics: true # set to true, if you don't care about DNS metrics (also reduces number of metrics) (default: false)
  serve:
    ip: 0.0.0.0 # IP to serve metrics on, 0.0.0.0 is all interfaces (default: 0.0.0.0)
    port: 3001 # port to serve metrics on (default: 3001)
$
$ printenv | grep NTOPNG
NTOPNG_TOKEN=ecbc1cff642d34b6a81c5cdb9da31051
$
$ go run ./ntopng-exporter.go
Config: ntopng:
	http://192.168.68.1:3000: ''/*HIDDEN* - token - Allow Unsafe TLS? false
	Scrape Interval: 15s
	Scrape Targets: [hosts interfaces l7protocols]

host:
	Interface List: [vtnet0]

metric:
	Local Subnets: []
	Exclude DNS Metrics? true
	Serve:
		IP: 0.0.0.0
		Port: 3001

4. Use basic authentication without setting username and password - fail the validation

$ cat config/ntopng-exporter.yaml
ntopng:
  endpoint: "http://192.168.68.1:3000"
  allowUnsafeTLS: false # set to true to accept self-signed or otherwise unverifiable certs from ntopng (default: false)
  authMethod: basic
  scrapeInterval: 15s # scrape from the ntopng API every x period of time (should be synced with your prometheus scrapes) (default: 1 minute)
  scrapeTargets: # you can also specify "all" as a single list item to scrape all available endpoints (default: all)
  - hosts
  - interfaces
  - l7protocols

host:
  interfacesToMonitor:
  - vtnet0

metric:
  excludeDNSMetrics: true # set to true, if you don't care about DNS metrics (also reduces number of metrics) (default: false)
  serve:
    ip: 0.0.0.0 # IP to serve metrics on, 0.0.0.0 is all interfaces (default: 0.0.0.0)
    port: 3001 # port to serve metrics on (default: 3001)
$ go run ./ntopng-exporter.go
ran into the following error while attempting to parse config: ntopng user and password must be set when using cookie authexit status 1
$

5. Setting user/password - pass the validation, but fail authenticating (I don't have the correct user/password)

$ cat config/ntopng-exporter.yaml
ntopng:
  endpoint: "http://192.168.68.1:3000"
  allowUnsafeTLS: false # set to true to accept self-signed or otherwise unverifiable certs from ntopng (default: false)
  authMethod: basic
  user: admin
  password: admin
  scrapeInterval: 15s # scrape from the ntopng API every x period of time (should be synced with your prometheus scrapes) (default: 1 minute)
  scrapeTargets: # you can also specify "all" as a single list item to scrape all available endpoints (default: all)
  - hosts
  - interfaces
  - l7protocols

host:
  interfacesToMonitor:
  - vtnet0

metric:
  excludeDNSMetrics: true # set to true, if you don't care about DNS metrics (also reduces number of metrics) (default: false)
  serve:
    ip: 0.0.0.0 # IP to serve metrics on, 0.0.0.0 is all interfaces (default: 0.0.0.0)
    port: 3001 # port to serve metrics on (default: 3001)
$ go run ./ntopng-exporter.go
Config: ntopng:
	http://192.168.68.1:3000: 'admin'/*HIDDEN* - basic - Allow Unsafe TLS? false
	Scrape Interval: 15s
	Scrape Targets: [hosts interfaces l7protocols]

host:
	Interface List: [vtnet0]

metric:
	Local Subnets: []
	Exclude DNS Metrics? true
	Serve:
		IP: 0.0.0.0
		Port: 3001

failed to cache interface ids: invalid character '<' looking for beginning of value
exit status 2
$

Choosing cookie without setting user/password - fail the validation

$ cat config/ntopng-exporter.yaml
ntopng:
  endpoint: "http://192.168.68.1:3000"
  allowUnsafeTLS: false # set to true to accept self-signed or otherwise unverifiable certs from ntopng (default: false)
  authMethod: cookie
  scrapeInterval: 15s # scrape from the ntopng API every x period of time (should be synced with your prometheus scrapes) (default: 1 minute)
  scrapeTargets: # you can also specify "all" as a single list item to scrape all available endpoints (default: all)
  - hosts
  - interfaces
  - l7protocols

host:
  interfacesToMonitor:
  - vtnet0

metric:
  excludeDNSMetrics: true # set to true, if you don't care about DNS metrics (also reduces number of metrics) (default: false)
  serve:
    ip: 0.0.0.0 # IP to serve metrics on, 0.0.0.0 is all interfaces (default: 0.0.0.0)
    port: 3001 # port to serve metrics on (default: 3001)
$ go run ./ntopng-exporter.go
ran into the following error while attempting to parse config: ntopng user and password must be set when using cookie authexit status 1
$

Adding user/password - pass the validation, but fail authenticating (I don't have the correct user/password)

$ cat config/ntopng-exporter.yaml
ntopng:
  endpoint: "http://192.168.68.1:3000"
  allowUnsafeTLS: false # set to true to accept self-signed or otherwise unverifiable certs from ntopng (default: false)
  authMethod: cookie
  user: admin
  password: admin
  scrapeInterval: 15s # scrape from the ntopng API every x period of time (should be synced with your prometheus scrapes) (default: 1 minute)
  scrapeTargets: # you can also specify "all" as a single list item to scrape all available endpoints (default: all)
  - hosts
  - interfaces
  - l7protocols

host:
  interfacesToMonitor:
  - vtnet0

metric:
  excludeDNSMetrics: true # set to true, if you don't care about DNS metrics (also reduces number of metrics) (default: false)
  serve:
    ip: 0.0.0.0 # IP to serve metrics on, 0.0.0.0 is all interfaces (default: 0.0.0.0)
    port: 3001 # port to serve metrics on (default: 3001)
$ go run ./ntopng-exporter.go
Config: ntopng:
	http://192.168.68.1:3000: 'admin'/*HIDDEN* - cookie - Allow Unsafe TLS? false
	Scrape Interval: 15s
	Scrape Targets: [hosts interfaces l7protocols]

host:
	Interface List: [vtnet0]

metric:
	Local Subnets: []
	Exclude DNS Metrics? true
	Serve:
		IP: 0.0.0.0
		Port: 3001

failed to cache interface ids: invalid character '<' looking for beginning of value
exit status 2
$

[aauren]

Thanks for putting this together @liorfranko! I think that this will be helpful for users of the project!

I had one minor nit on the validate function.

Additionally, I think it would be good to update the comment string https://github.com/aauren/ntopng-exporter/blob/main/config/ntopng-exporter.yaml#L6

And to also have a commented out token: field in the config as well so that people know how to configure token authentication.

[liorfranko]

Sure!
Added the suggestions