Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(input.prometheus): read bearer token from file every time #14191

Merged
merged 5 commits into from
Oct 30, 2023

Conversation

ganga1980
Copy link
Contributor

@ganga1980 ganga1980 commented Oct 25, 2023

The current implementation uses the config.BearerToken which is being read from the service account token file as part of the initialization. This service account token becomes invalid, if the service account configured with time bound token after the specified expiry interval or service account signing key being rotated by either Kubernetes platform providers (such as AKS ) or the customer initiated signing key rotation in case of the Workload identity enabled clusters.

Fix is to read the bearer token from service account token file every time and instead of reading once at the initialization.

Fixes #14188

@telegraf-tiger
Copy link
Contributor

Thanks so much for the pull request!
🤝 ✒️ Just a reminder that the CLA has not yet been signed, and we'll need it before merging. Please sign the CLA when you get a chance, then post a comment here saying !signed-cla

@powersj
Copy link
Contributor

powersj commented Oct 25, 2023

@ganga1980 thanks for the PR, can you sign the CLA and let me know when you do?

Thanks again

@powersj powersj added the waiting for response waiting for response from contributor label Oct 25, 2023
@powersj powersj self-assigned this Oct 25, 2023
@ganga1980
Copy link
Contributor Author

@ganga1980 thanks for the PR, can you sign the CLA and let me know when you do?

Thanks again

@powersj - I have signed the CLA and also updated the PR to handle fall back option. Please take a look at it and will test this out.

@telegraf-tiger telegraf-tiger bot removed the waiting for response waiting for response from contributor label Oct 25, 2023
@ganga1980 ganga1980 marked this pull request as ready for review October 26, 2023 01:49
Copy link
Contributor

@powersj powersj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@powersj powersj added the ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. label Oct 26, 2023
@telegraf-tiger
Copy link
Contributor

@powersj powersj removed their assignment Oct 27, 2023
@ganga1980
Copy link
Contributor Author

ganga1980 commented Oct 27, 2023

Thank you!

@powersj - Thanks for approving this. I have validated and change works. can you please help on merging this PR? do you know when will be next telegraf release will be?

@powersj powersj added this to the v1.28.4 milestone Oct 27, 2023
@ganga1980
Copy link
Contributor Author

Copy link
Member

@srebhan srebhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix @ganga1980!

@srebhan srebhan merged commit 920a49c into influxdata:master Oct 30, 2023
powersj pushed a commit that referenced this pull request Nov 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/prometheus fix pr to fix corresponding bug plugin/input 1. Request for new input plugins 2. Issues/PRs that are related to input plugins ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review.
Projects
None yet
4 participants