diff --git a/plugins/inputs/redfish/README.md b/plugins/inputs/redfish/README.md index 908b0a6dc..adce16b89 100644 --- a/plugins/inputs/redfish/README.md +++ b/plugins/inputs/redfish/README.md @@ -16,6 +16,14 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details. [CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins +## Secret-store support + +This plugin supports secrets from secret-stores for the `username` and +`password` options. See the [secret-store documentation][SECRETSTORE] for more +details on how to use them. + +[SECRETSTORE]: ../../../docs/CONFIGURATION.md#secret-store-secrets + ## Configuration ```toml @sample.conf @@ -24,7 +32,7 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details. ## Redfish API Base URL. address = "https://127.0.0.1:5000" - ## Credentials for the Redfish API. + ## Credentials for the Redfish API. Can also use secrets. username = "root" password = "password123456" diff --git a/plugins/inputs/redfish/redfish.go b/plugins/inputs/redfish/redfish.go index 894ecdbe5..008c01248 100644 --- a/plugins/inputs/redfish/redfish.go +++ b/plugins/inputs/redfish/redfish.go @@ -26,8 +26,8 @@ var sampleConfig string type Redfish struct { Address string `toml:"address"` - Username string `toml:"username"` - Password string `toml:"password"` + Username config.Secret `toml:"username"` + Password config.Secret `toml:"password"` ComputerSystemID string `toml:"computer_system_id"` IncludeMetrics []string `toml:"include_metrics"` IncludeTagSets []string `toml:"include_tag_sets"` @@ -162,7 +162,7 @@ func (r *Redfish) Init() error { return errors.New("did not provide IP") } - if r.Username == "" && r.Password == "" { + if r.Username.Empty() && r.Password.Empty() { return errors.New("did not provide username and password") } @@ -221,7 +221,21 @@ func (r *Redfish) getData(address string, payload interface{}) error { return err } - req.SetBasicAuth(r.Username, r.Password) + username, err := r.Username.Get() + if err != nil { + return fmt.Errorf("getting username failed: %w", err) + } + user := username.String() + username.Destroy() + + password, err := r.Password.Get() + if err != nil { + return fmt.Errorf("getting password failed: %w", err) + } + pass := password.String() + password.Destroy() + + req.SetBasicAuth(user, pass) req.Header.Set("Accept", "application/json") req.Header.Set("Content-Type", "application/json") req.Header.Set("OData-Version", "4.0") diff --git a/plugins/inputs/redfish/redfish_test.go b/plugins/inputs/redfish/redfish_test.go index 5f225aa76..9fd2a7e4c 100644 --- a/plugins/inputs/redfish/redfish_test.go +++ b/plugins/inputs/redfish/redfish_test.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" "github.com/influxdata/telegraf" + "github.com/influxdata/telegraf/config" "github.com/influxdata/telegraf/testutil" ) @@ -422,8 +423,8 @@ func TestDellApis(t *testing.T) { } plugin := &Redfish{ Address: ts.URL, - Username: "test", - Password: "test", + Username: config.NewSecret([]byte("test")), + Password: config.NewSecret([]byte("test")), ComputerSystemID: "System.Embedded.1", IncludeMetrics: []string{"thermal", "power"}, } @@ -601,8 +602,8 @@ func TestHPApis(t *testing.T) { hpPlugin := &Redfish{ Address: ts.URL, - Username: "test", - Password: "test", + Username: config.NewSecret([]byte("test")), + Password: config.NewSecret([]byte("test")), ComputerSystemID: "1", IncludeMetrics: []string{"thermal", "power"}, } @@ -698,8 +699,8 @@ func TestHPilo4Apis(t *testing.T) { hpPlugin := &Redfish{ Address: ts.URL, - Username: "test", - Password: "test", + Username: config.NewSecret([]byte("test")), + Password: config.NewSecret([]byte("test")), ComputerSystemID: "1", IncludeMetrics: []string{"thermal"}, } @@ -739,8 +740,8 @@ func TestInvalidUsernameorPassword(t *testing.T) { r := &Redfish{ Address: ts.URL, - Username: "test", - Password: "test", + Username: config.NewSecret([]byte("test")), + Password: config.NewSecret([]byte("test")), ComputerSystemID: "System.Embedded.1", IncludeMetrics: []string{"thermal", "power"}, } @@ -841,8 +842,8 @@ func TestInvalidDellJSON(t *testing.T) { plugin := &Redfish{ Address: ts.URL, - Username: "test", - Password: "test", + Username: config.NewSecret([]byte("test")), + Password: config.NewSecret([]byte("test")), ComputerSystemID: "System.Embedded.1", IncludeMetrics: []string{"thermal", "power"}, } @@ -912,8 +913,8 @@ func TestInvalidHPJSON(t *testing.T) { plugin := &Redfish{ Address: ts.URL, - Username: "test", - Password: "test", + Username: config.NewSecret([]byte("test")), + Password: config.NewSecret([]byte("test")), ComputerSystemID: "System.Embedded.2", IncludeMetrics: []string{"thermal", "power"}, } @@ -1196,8 +1197,8 @@ func TestIncludeTagSetsConfiguration(t *testing.T) { hpPlugin := &Redfish{ Address: ts.URL, - Username: "test", - Password: "test", + Username: config.NewSecret([]byte("test")), + Password: config.NewSecret([]byte("test")), ComputerSystemID: "1", IncludeTagSets: []string{"chassis", "chassis.location"}, IncludeMetrics: []string{"thermal", "power"}, diff --git a/plugins/inputs/redfish/sample.conf b/plugins/inputs/redfish/sample.conf index 21ea48f5d..e9261d5a1 100644 --- a/plugins/inputs/redfish/sample.conf +++ b/plugins/inputs/redfish/sample.conf @@ -3,7 +3,7 @@ ## Redfish API Base URL. address = "https://127.0.0.1:5000" - ## Credentials for the Redfish API. + ## Credentials for the Redfish API. Can also use secrets. username = "root" password = "password123456"