feat(inputs.gnmi): Add secret store support for username and password (#15173)

2024-04-17 10:26:29 -06:00 · 2024-04-17 10:26:29 -06:00 · 96e7b2b7e7
parent c443b762b2
commit 96e7b2b7e7
3 changed files with 29 additions and 6 deletions
--- a/plugins/inputs/gnmi/README.md
+++ b/plugins/inputs/gnmi/README.md
@ -34,6 +34,14 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.

 [CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins

+## Secret-store support
+
+This plugin supports secrets from secret-stores for the `username` and
+`password` options. See the [secret-store documentation][SECRETSTORE] for more
+details on how to use them.
+
+[SECRETSTORE]: ../../../docs/CONFIGURATION.md#secret-store-secrets
+
 ## Configuration

 ```toml @sample.conf
--- a/plugins/inputs/gnmi/gnmi.go
+++ b/plugins/inputs/gnmi/gnmi.go
@ -48,8 +48,8 @@ type GNMI struct {
 	Target              string            `toml:"target"`
 	UpdatesOnly         bool              `toml:"updates_only"`
 	VendorSpecific      []string          `toml:"vendor_specific"`
-	Username            string            `toml:"username"`
-	Password            string            `toml:"password"`
+	Username            config.Secret     `toml:"username"`
+	Password            config.Secret     `toml:"password"`
 	Redial              config.Duration   `toml:"redial"`
 	MaxMsgSize          config.Size       `toml:"max_msg_size"`
 	Trace               bool              `toml:"dump_responses"`
@ -214,8 +214,23 @@ func (c *GNMI) Start(acc telegraf.Accumulator) error {
 	// Prepare the context, optionally with credentials
 	var ctx context.Context
 	ctx, c.cancel = context.WithCancel(context.Background())
-	if len(c.Username) > 0 {
-		ctx = metadata.AppendToOutgoingContext(ctx, "username", c.Username, "password", c.Password)
+
+	if !c.Username.Empty() {
+		usernameSecret, err := c.Username.Get()
+		if err != nil {
+			return fmt.Errorf("getting username failed: %w", err)
+		}
+		username := usernameSecret.String()
+		usernameSecret.Destroy()
+
+		passwordSecret, err := c.Password.Get()
+		if err != nil {
+			return fmt.Errorf("getting password failed: %w", err)
+		}
+		password := passwordSecret.String()
+		passwordSecret.Destroy()
+
+		ctx = metadata.AppendToOutgoingContext(ctx, "username", username, "password", password)
 	}

 	// Create a goroutine for each device, dial and subscribe
--- a/plugins/inputs/gnmi/gnmi_test.go
+++ b/plugins/inputs/gnmi/gnmi_test.go
@ -140,8 +140,8 @@ func TestUsernamePassword(t *testing.T) {
 	plugin := &GNMI{
 		Log:       testutil.Logger{},
 		Addresses: []string{listener.Addr().String()},
-		Username:  "theusername",
-		Password:  "thepassword",
+		Username:  config.NewSecret([]byte("theusername")),
+		Password:  config.NewSecret([]byte("thepassword")),
 		Encoding:  "proto",
 		Redial:    config.Duration(1 * time.Second),
 	}