Skip to content

Commit

Permalink
feat(inputs.prometheus): Allow to use secrets for credentials (influx…
Browse files Browse the repository at this point in the history 
…data#15865)
  • Loading branch information
@srebhan @asaharn
srebhan authored and asaharn committed Oct 16, 2024
1 parent dd222dc commit 6e1ed82
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 7 deletions.
8 changes: 8 additions & 0 deletions plugins/inputs/prometheus/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,14 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.

[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins

## Secret-store support

This plugin supports secrets from secret-stores for the `username`, `password`
and `bearer_token_string` option. See the
[secret-store documentation][SECRETSTORE] for more details on how to use them.

[SECRETSTORE]: ../../../docs/CONFIGURATION.md#secret-store-secrets

## Configuration

```toml @sample.conf
Expand Down
29 changes: 22 additions & 7 deletions plugins/inputs/prometheus/prometheus.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,9 @@ type PodID string
type Prometheus struct {
URLs []string `toml:"urls"`
BearerToken string `toml:"bearer_token"`
BearerTokenString string `toml:"bearer_token_string"`
Username string `toml:"username"`
Password string `toml:"password"`
BearerTokenString config.Secret `toml:"bearer_token_string"`
Username config.Secret `toml:"username"`
Password config.Secret `toml:"password"`
HTTPHeaders map[string]string `toml:"http_headers"`
ContentLengthLimit config.Size `toml:"content_length_limit"`
ContentTypeOverride string `toml:"content_type_override"`
Expand Down Expand Up @@ -432,10 +432,25 @@ func (p *Prometheus) gatherURL(u URLAndAddress, acc telegraf.Accumulator) (map[s
return nil, nil, err
}
req.Header.Set("Authorization", "Bearer "+string(token))
} else if p.BearerTokenString != "" {
req.Header.Set("Authorization", "Bearer "+p.BearerTokenString)
} else if p.Username != "" || p.Password != "" {
req.SetBasicAuth(p.Username, p.Password)
} else if !p.BearerTokenString.Empty() {
token, err := p.BearerTokenString.Get()
if err != nil {
return nil, nil, fmt.Errorf("getting token secret failed: %w", err)
}
req.Header.Set("Authorization", "Bearer "+token.String())
token.Destroy()
} else if !p.Username.Empty() || !p.Password.Empty() {
username, err := p.Username.Get()
if err != nil {
return nil, nil, fmt.Errorf("getting username secret failed: %w", err)
}
password, err := p.Password.Get()
if err != nil {
return nil, nil, fmt.Errorf("getting password secret failed: %w", err)
}
req.SetBasicAuth(username.String(), password.String())
username.Destroy()
password.Destroy()
}

for key, value := range p.HTTPHeaders {
Expand Down

0 comments on commit 6e1ed82

Please sign in to comment.