feat(inputs.prometheus): Allow to use secrets for credentials (#15865)

2024-09-12 23:02:30 +02:00 · 2024-09-12 23:02:30 +02:00 · 63ac48010f
parent 9988154e6c
commit 63ac48010f
2 changed files with 30 additions and 7 deletions
--- a/plugins/inputs/prometheus/README.md
+++ b/plugins/inputs/prometheus/README.md
@ -12,6 +12,14 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
 [CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
 ## Secret-store support
 This plugin supports secrets from secret-stores for the `username`, `password`
 and `bearer_token_string` option. See the
 [secret-store documentation][SECRETSTORE] for more details on how to use them.
 [SECRETSTORE]: ../../../docs/CONFIGURATION.md#secret-store-secrets
 ## Configuration
 ```toml @sample.conf
--- a/plugins/inputs/prometheus/prometheus.go
+++ b/plugins/inputs/prometheus/prometheus.go
@ -50,9 +50,9 @@ type PodID string
 type Prometheus struct {
 	URLs                 []string          `toml:"urls"`
 	BearerToken          string            `toml:"bearer_token"`
-	BearerTokenString    string            `toml:"bearer_token_string"`
+	BearerTokenString    config.Secret     `toml:"bearer_token_string"`
-	Username             string            `toml:"username"`
+	Username             config.Secret     `toml:"username"`
-	Password             string            `toml:"password"`
+	Password             config.Secret     `toml:"password"`
 	HTTPHeaders          map[string]string `toml:"http_headers"`
 	ContentLengthLimit   config.Size       `toml:"content_length_limit"`
 	ContentTypeOverride  string            `toml:"content_type_override"`
@ -432,10 +432,25 @@ func (p *Prometheus) gatherURL(u URLAndAddress, acc telegraf.Accumulator) (map[s
 			return nil, nil, err
 		}
 		req.Header.Set("Authorization", "Bearer "+string(token))
-	} else if p.BearerTokenString != "" {
+	} else if !p.BearerTokenString.Empty() {
-		req.Header.Set("Authorization", "Bearer "+p.BearerTokenString)
+		token, err := p.BearerTokenString.Get()
-	} else if p.Username != "" || p.Password != "" {
+		if err != nil {
-		req.SetBasicAuth(p.Username, p.Password)
+			return nil, nil, fmt.Errorf("getting token secret failed: %w", err)
 		}
 		req.Header.Set("Authorization", "Bearer "+token.String())
 		token.Destroy()
 	} else if !p.Username.Empty() || !p.Password.Empty() {
 		username, err := p.Username.Get()
 		if err != nil {
 			return nil, nil, fmt.Errorf("getting username secret failed: %w", err)
 		}
 		password, err := p.Password.Get()
 		if err != nil {
 			return nil, nil, fmt.Errorf("getting password secret failed: %w", err)
 		}
 		req.SetBasicAuth(username.String(), password.String())
 		username.Destroy()
 		password.Destroy()
 	}
 	for key, value := range p.HTTPHeaders {