Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(inputs.prometheus): Allow to use secrets for credentials #15865

Merged
merged 1 commit into from
Sep 12, 2024
Merged

feat(inputs.prometheus): Allow to use secrets for credentials #15865

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions plugins/inputs/prometheus/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,14 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.

[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins

## Secret-store support

This plugin supports secrets from secret-stores for the `username`, `password`
and `bearer_token_string` option. See the
[secret-store documentation][SECRETSTORE] for more details on how to use them.

[SECRETSTORE]: ../../../docs/CONFIGURATION.md#secret-store-secrets

## Configuration

```toml @sample.conf
Expand Down
29 changes: 22 additions & 7 deletions plugins/inputs/prometheus/prometheus.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,9 @@ type PodID string
type Prometheus struct {
URLs []string `toml:"urls"`
BearerToken string `toml:"bearer_token"`
BearerTokenString string `toml:"bearer_token_string"`
Username string `toml:"username"`
Password string `toml:"password"`
BearerTokenString config.Secret `toml:"bearer_token_string"`
Username config.Secret `toml:"username"`
Password config.Secret `toml:"password"`
HTTPHeaders map[string]string `toml:"http_headers"`
ContentLengthLimit config.Size `toml:"content_length_limit"`
ContentTypeOverride string `toml:"content_type_override"`
Expand Down Expand Up @@ -432,10 +432,25 @@ func (p *Prometheus) gatherURL(u URLAndAddress, acc telegraf.Accumulator) (map[s
return nil, nil, err
}
req.Header.Set("Authorization", "Bearer "+string(token))
} else if p.BearerTokenString != "" {
req.Header.Set("Authorization", "Bearer "+p.BearerTokenString)
} else if p.Username != "" || p.Password != "" {
req.SetBasicAuth(p.Username, p.Password)
} else if !p.BearerTokenString.Empty() {
token, err := p.BearerTokenString.Get()
if err != nil {
return nil, nil, fmt.Errorf("getting token secret failed: %w", err)
}
req.Header.Set("Authorization", "Bearer "+token.String())
token.Destroy()
} else if !p.Username.Empty() || !p.Password.Empty() {
username, err := p.Username.Get()
if err != nil {
return nil, nil, fmt.Errorf("getting username secret failed: %w", err)
}
password, err := p.Password.Get()
if err != nil {
return nil, nil, fmt.Errorf("getting password secret failed: %w", err)
}
req.SetBasicAuth(username.String(), password.String())
username.Destroy()
password.Destroy()
}

for key, value := range p.HTTPHeaders {
Expand Down
Loading