Cherry pick commits for v0.40.4 (#6854)

* Updating dependencies to fix CVEs:
* CVE-2024-27304
* CVE-2024-27289
* CVE-2024-28180
* CVE-2024-24786

* Use stackdriver exporter fork with a fix for histogram sum + count (#6720)

* Update kafka exporter dependency (#6778)

Co-authored-by: kgeckhart <kgeckhart@users.noreply.github.com>
Co-authored-by: William Dumont <william.dumont@grafana.com>
Co-authored-by: Clayton Cornell <131809008+clayton-cornell@users.noreply.github.com>

CHANGELOG.md

@@ -7,6 +7,36 @@ This document contains a historical list of changes between releases. Only
 changes that impact end-user behavior are listed; changes to documentation or
 internal API changes are not present.
 
+v0.40.4 (2024-04-12)
+--------------------
+
+### Security fixes
+
+- Fixes following vulnerabilities (@ptodev)
+  * [CVE-2024-27304](https://github.com/advisories/GHSA-mrww-27vc-gghv)
+  * [CVE-2024-27289](https://github.com/advisories/GHSA-m7wr-2xf7-cm9p)
+  * [CVE-2024-28180](https://github.com/advisories/GHSA-c5q2-7r4c-mv6g)
+  * [CVE-2024-24786](https://github.com/advisories/GHSA-8r3f-844c-mc37)
+
+### Enhancements
+
+- Update `prometheus.exporter.kafka` with the following functionalities (@wildum):
+  * GSSAPI config
+  * enable/disable PA_FX_FAST
+  * set a TLS server name
+  * show the offset/lag for all consumer group or only the connected ones
+  * set the minimum number of topics to monitor
+  * enable/disable auto-creation of requested topics if they don't already exist
+  * regex to exclude topics / groups 
+  * added metric kafka_broker_info
+
+- In `prometheus.exporter.kafka`, the interpolation table used to compute estimated lag metrics is now pruned
+  on `metadata_refresh_interval` instead of `prune_interval_seconds`. (@wildum)
+
+### Bugfixes
+
+- Update gcp_exporter to a newer version with a patch for incorrect delta histograms (@kgeckhart)
+
 v0.40.3 (2024-03-14)
 --------------------
 

component/prometheus/exporter/kafka/kafka.go

@@ -20,8 +20,12 @@ var DefaultArguments = Arguments{
 	AllowConcurrent:         true,
 	MaxOffsets:              1000,
 	PruneIntervalSeconds:    30,
+	OffsetShowAll:           true,
+	TopicWorkers:            100,
 	TopicsFilter:            ".*",
+	TopicsExclude:           "^$",
 	GroupFilter:             ".*",
+	GroupExclude:            "^$",
 }
 
 type Arguments struct {
@@ -32,7 +36,9 @@ type Arguments struct {
 	SASLUsername            string            `river:"sasl_username,attr,optional"`
 	SASLPassword            rivertypes.Secret `river:"sasl_password,attr,optional"`
 	SASLMechanism           string            `river:"sasl_mechanism,attr,optional"`
+	SASLDisablePAFXFast     bool              `river:"sasl_disable_pafx_fast,attr,optional"`
 	UseTLS                  bool              `river:"use_tls,attr,optional"`
+	TlsServerName           string            `river:"tls_server_name,attr,optional"`
 	CAFile                  string            `river:"ca_file,attr,optional"`
 	CertFile                string            `river:"cert_file,attr,optional"`
 	KeyFile                 string            `river:"key_file,attr,optional"`
@@ -42,11 +48,21 @@ type Arguments struct {
 	ZookeeperURIs           []string          `river:"zookeeper_uris,attr,optional"`
 	ClusterName             string            `river:"kafka_cluster_name,attr,optional"`
 	MetadataRefreshInterval string            `river:"metadata_refresh_interval,attr,optional"`
+	ServiceName             string            `river:"gssapi_service_name,attr,optional"`
+	KerberosConfigPath      string            `river:"gssapi_kerberos_config_path,attr,optional"`
+	Realm                   string            `river:"gssapi_realm,attr,optional"`
+	KeyTabPath              string            `river:"gssapi_key_tab_path,attr,optional"`
+	KerberosAuthType        string            `river:"gssapi_kerberos_auth_type,attr,optional"`
+	OffsetShowAll           bool              `river:"offset_show_all,attr,optional"`
+	TopicWorkers            int               `river:"topic_workers,attr,optional"`
 	AllowConcurrent         bool              `river:"allow_concurrency,attr,optional"`
+	AllowAutoTopicCreation  bool              `river:"allow_auto_topic_creation,attr,optional"`
 	MaxOffsets              int               `river:"max_offsets,attr,optional"`
-	PruneIntervalSeconds    int               `river:"prune_interval_seconds,attr,optional"`
+	PruneIntervalSeconds    int               `river:"prune_interval_seconds,attr,optional"` // deprecated - no-op
 	TopicsFilter            string            `river:"topics_filter_regex,attr,optional"`
+	TopicsExclude           string            `river:"topics_exclude_regex,attr,optional"`
 	GroupFilter             string            `river:"groups_filter_regex,attr,optional"`
+	GroupExclude            string            `river:"groups_exclude_regex,attr,optional"`
 }
 
 func init() {
@@ -97,7 +113,9 @@ func (a *Arguments) Convert() *kafka_exporter.Config {
 		SASLUsername:            a.SASLUsername,
 		SASLPassword:            config.Secret(a.SASLPassword),
 		SASLMechanism:           a.SASLMechanism,
+		SASLDisablePAFXFast:     a.SASLDisablePAFXFast,
 		UseTLS:                  a.UseTLS,
+		TlsServerName:           a.TlsServerName,
 		CAFile:                  a.CAFile,
 		CertFile:                a.CertFile,
 		KeyFile:                 a.KeyFile,
@@ -107,10 +125,20 @@ func (a *Arguments) Convert() *kafka_exporter.Config {
 		ZookeeperURIs:           a.ZookeeperURIs,
 		ClusterName:             a.ClusterName,
 		MetadataRefreshInterval: a.MetadataRefreshInterval,
+		ServiceName:             a.ServiceName,
+		KerberosConfigPath:      a.KerberosConfigPath,
+		Realm:                   a.Realm,
+		KeyTabPath:              a.KeyTabPath,
+		KerberosAuthType:        a.KerberosAuthType,
+		OffsetShowAll:           a.OffsetShowAll,
+		TopicWorkers:            a.TopicWorkers,
 		AllowConcurrent:         a.AllowConcurrent,
+		AllowAutoTopicCreation:  a.AllowAutoTopicCreation,
 		MaxOffsets:              a.MaxOffsets,
 		PruneIntervalSeconds:    a.PruneIntervalSeconds,
 		TopicsFilter:            a.TopicsFilter,
+		TopicsExclude:           a.TopicsExclude,
 		GroupFilter:             a.GroupFilter,
+		GroupExclude:            a.GroupExclude,
 	}
 }

component/prometheus/exporter/kafka/kafka_test.go

@@ -18,7 +18,6 @@ func TestRiverUnmarshal(t *testing.T) {
 		metadata_refresh_interval = "1m"
 		allow_concurrency = true
 		max_offsets = 1000
-		prune_interval_seconds = 30
 		topics_filter_regex = ".*"
 		groups_filter_regex = ".*"
 	`
@@ -35,8 +34,12 @@ func TestRiverUnmarshal(t *testing.T) {
 		AllowConcurrent:         true,
 		MaxOffsets:              1000,
 		PruneIntervalSeconds:    30,
+		OffsetShowAll:           true,
+		TopicWorkers:            100,
 		TopicsFilter:            ".*",
 		GroupFilter:             ".*",
+		TopicsExclude:           "^$",
+		GroupExclude:            "^$",
 	}
 	require.Equal(t, expected, args)
 }
@@ -50,7 +53,6 @@ func TestUnmarshalInvalid(t *testing.T) {
 		metadata_refresh_interval = "1m"
 		allow_concurrency = true
 		max_offsets = 1000
-		prune_interval_seconds = 30
 		topics_filter_regex = ".*"
 		groups_filter_regex = ".*"
 `
@@ -78,8 +80,12 @@ func TestRiverConvert(t *testing.T) {
 		AllowConcurrent:         true,
 		MaxOffsets:              1000,
 		PruneIntervalSeconds:    30,
+		OffsetShowAll:           true,
+		TopicWorkers:            100,
 		TopicsFilter:            ".*",
 		GroupFilter:             ".*",
+		TopicsExclude:           "^$",
+		GroupExclude:            "^$",
 	}
 	converted := orig.Convert()
 	expected := kafka_exporter.Config{
@@ -90,8 +96,12 @@ func TestRiverConvert(t *testing.T) {
 		AllowConcurrent:         true,
 		MaxOffsets:              1000,
 		PruneIntervalSeconds:    30,
+		OffsetShowAll:           true,
+		TopicWorkers:            100,
 		TopicsFilter:            ".*",
 		GroupFilter:             ".*",
+		TopicsExclude:           "^$",
+		GroupExclude:            "^$",
 	}
 
 	require.Equal(t, expected, *converted)

converter/internal/staticconvert/internal/build/kafka_exporter.go

@@ -14,13 +14,16 @@ func (b *IntegrationsConfigBuilder) appendKafkaExporter(config *kafka_exporter.C
 
 func toKafkaExporter(config *kafka_exporter.Config) *kafka.Arguments {
 	return &kafka.Arguments{
+		Instance:                config.Instance,
 		KafkaURIs:               config.KafkaURIs,
 		UseSASL:                 config.UseSASL,
 		UseSASLHandshake:        config.UseSASLHandshake,
 		SASLUsername:            config.SASLUsername,
 		SASLPassword:            rivertypes.Secret(config.SASLPassword),
 		SASLMechanism:           config.SASLMechanism,
+		SASLDisablePAFXFast:     config.SASLDisablePAFXFast,
 		UseTLS:                  config.UseTLS,
+		TlsServerName:           config.TlsServerName,
 		CAFile:                  config.CAFile,
 		CertFile:                config.CertFile,
 		KeyFile:                 config.KeyFile,
@@ -30,10 +33,20 @@ func toKafkaExporter(config *kafka_exporter.Config) *kafka.Arguments {
 		ZookeeperURIs:           config.ZookeeperURIs,
 		ClusterName:             config.ClusterName,
 		MetadataRefreshInterval: config.MetadataRefreshInterval,
+		ServiceName:             config.ServiceName,
+		KerberosConfigPath:      config.KerberosConfigPath,
+		Realm:                   config.Realm,
+		KeyTabPath:              config.KeyTabPath,
+		KerberosAuthType:        config.KerberosAuthType,
+		OffsetShowAll:           config.OffsetShowAll,
+		TopicWorkers:            config.TopicWorkers,
 		AllowConcurrent:         config.AllowConcurrent,
+		AllowAutoTopicCreation:  config.AllowAutoTopicCreation,
 		MaxOffsets:              config.MaxOffsets,
 		PruneIntervalSeconds:    config.PruneIntervalSeconds,
 		TopicsFilter:            config.TopicsFilter,
+		TopicsExclude:           config.TopicsExclude,
 		GroupFilter:             config.GroupFilter,
+		GroupExclude:            config.GroupExclude,
 	}
 }