feat(snmp): Add secret support for auth_password and priv_password (#14975)
This commit is contained in:
Sven Rebhan
GitHub
parent
6824222c2b
commit
f674099fad
|
|
@ -8,15 +8,10 @@ import (
|
||||||
|
|
||||||
type ClientConfig struct {
|
type ClientConfig struct {
|
||||||
// Timeout to wait for a response.
|
// Timeout to wait for a response.
|
||||||
Timeout config.Duration `toml:"timeout"`
|
Timeout config.Duration `toml:"timeout"`
|
||||||
Retries int `toml:"retries"`
|
Retries int `toml:"retries"`
|
||||||
// Values: 1, 2, 3
|
Version uint8 `toml:"version"`
|
||||||
Version uint8 `toml:"version"`
|
UnconnectedUDPSocket bool `toml:"unconnected_udp_socket"`
|
||||||
UnconnectedUDPSocket bool `toml:"unconnected_udp_socket"`
|
|
||||||
// Path to mib files
|
|
||||||
Path []string `toml:"path"`
|
|
||||||
// Translator implementation
|
|
||||||
Translator string `toml:"-"`
|
|
||||||
|
|
||||||
// Parameters for Version 1 & 2
|
// Parameters for Version 1 & 2
|
||||||
Community string `toml:"community"`
|
Community string `toml:"community"`
|
||||||
|
|
@ -25,19 +20,20 @@ type ClientConfig struct {
|
||||||
MaxRepetitions uint32 `toml:"max_repetitions"`
|
MaxRepetitions uint32 `toml:"max_repetitions"`
|
||||||
|
|
||||||
// Parameters for Version 3
|
// Parameters for Version 3
|
||||||
ContextName string `toml:"context_name"`
|
ContextName string `toml:"context_name"`
|
||||||
// Values: "noAuthNoPriv", "authNoPriv", "authPriv"
|
SecLevel string `toml:"sec_level"`
|
||||||
SecLevel string `toml:"sec_level"`
|
SecName string `toml:"sec_name"`
|
||||||
SecName string `toml:"sec_name"`
|
AuthProtocol string `toml:"auth_protocol"`
|
||||||
// Values: "MD5", "SHA", "". Default: ""
|
AuthPassword config.Secret `toml:"auth_password"`
|
||||||
AuthProtocol string `toml:"auth_protocol"`
|
PrivProtocol string `toml:"priv_protocol"`
|
||||||
AuthPassword string `toml:"auth_password"`
|
PrivPassword config.Secret `toml:"priv_password"`
|
||||||
// Values: "DES", "AES", "". Default: ""
|
EngineID string `toml:"-"`
|
||||||
PrivProtocol string `toml:"priv_protocol"`
|
EngineBoots uint32 `toml:"-"`
|
||||||
PrivPassword string `toml:"priv_password"`
|
EngineTime uint32 `toml:"-"`
|
||||||
EngineID string `toml:"-"`
|
|
||||||
EngineBoots uint32 `toml:"-"`
|
// Path to mib files
|
||||||
EngineTime uint32 `toml:"-"`
|
Path []string `toml:"path"`
|
||||||
|
Translator string `toml:"-"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func DefaultClientConfig() *ClientConfig {
|
func DefaultClientConfig() *ClientConfig {
|
||||||
|
|
@ -52,6 +48,6 @@ func DefaultClientConfig() *ClientConfig {
|
||||||
SecLevel: "authNoPriv",
|
SecLevel: "authNoPriv",
|
||||||
SecName: "myuser",
|
SecName: "myuser",
|
||||||
AuthProtocol: "MD5",
|
AuthProtocol: "MD5",
|
||||||
AuthPassword: "pass",
|
AuthPassword: config.NewSecret([]byte("pass")),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -109,7 +109,14 @@ func NewWrapper(s ClientConfig) (GosnmpWrapper, error) {
|
||||||
return GosnmpWrapper{}, errors.New("invalid authProtocol")
|
return GosnmpWrapper{}, errors.New("invalid authProtocol")
|
||||||
}
|
}
|
||||||
|
|
||||||
sp.AuthenticationPassphrase = s.AuthPassword
|
if !s.AuthPassword.Empty() {
|
||||||
|
p, err := s.AuthPassword.Get()
|
||||||
|
if err != nil {
|
||||||
|
return GosnmpWrapper{}, fmt.Errorf("getting authentication password failed: %w", err)
|
||||||
|
}
|
||||||
|
sp.AuthenticationPassphrase = p.String()
|
||||||
|
p.Destroy()
|
||||||
|
}
|
||||||
|
|
||||||
switch strings.ToLower(s.PrivProtocol) {
|
switch strings.ToLower(s.PrivProtocol) {
|
||||||
case "des":
|
case "des":
|
||||||
|
|
@ -130,12 +137,16 @@ func NewWrapper(s ClientConfig) (GosnmpWrapper, error) {
|
||||||
return GosnmpWrapper{}, errors.New("invalid privProtocol")
|
return GosnmpWrapper{}, errors.New("invalid privProtocol")
|
||||||
}
|
}
|
||||||
|
|
||||||
sp.PrivacyPassphrase = s.PrivPassword
|
if !s.PrivPassword.Empty() {
|
||||||
|
p, err := s.PrivPassword.Get()
|
||||||
|
if err != nil {
|
||||||
|
return GosnmpWrapper{}, fmt.Errorf("getting private password failed: %w", err)
|
||||||
|
}
|
||||||
|
sp.PrivacyPassphrase = p.String()
|
||||||
|
p.Destroy()
|
||||||
|
}
|
||||||
sp.AuthoritativeEngineID = s.EngineID
|
sp.AuthoritativeEngineID = s.EngineID
|
||||||
|
|
||||||
sp.AuthoritativeEngineBoots = s.EngineBoots
|
sp.AuthoritativeEngineBoots = s.EngineBoots
|
||||||
|
|
||||||
sp.AuthoritativeEngineTime = s.EngineTime
|
sp.AuthoritativeEngineTime = s.EngineTime
|
||||||
}
|
}
|
||||||
return gs, nil
|
return gs, nil
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,15 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
|
||||||
|
|
||||||
[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
|
[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
|
||||||
|
|
||||||
|
## Secret-store support
|
||||||
|
|
||||||
|
This plugin supports secrets from secret-stores for the `auth_password` and
|
||||||
|
`priv_password` option.
|
||||||
|
See the [secret-store documentation][SECRETSTORE] for more details on how
|
||||||
|
to use them.
|
||||||
|
|
||||||
|
[SECRETSTORE]: ../../../docs/CONFIGURATION.md#secret-store-secrets
|
||||||
|
|
||||||
## SNMP backend: gosmi and netsnmp
|
## SNMP backend: gosmi and netsnmp
|
||||||
|
|
||||||
Telegraf has two backends to translate SNMP objects. By default, Telegraf will
|
Telegraf has two backends to translate SNMP objects. By default, Telegraf will
|
||||||
|
|
|
||||||
|
|
@ -245,9 +245,9 @@ func TestGetSNMPConnection_v3(t *testing.T) {
|
||||||
SecLevel: "authPriv",
|
SecLevel: "authPriv",
|
||||||
SecName: "myuser",
|
SecName: "myuser",
|
||||||
AuthProtocol: "md5",
|
AuthProtocol: "md5",
|
||||||
AuthPassword: "password123",
|
AuthPassword: config.NewSecret([]byte("password123")),
|
||||||
PrivProtocol: "des",
|
PrivProtocol: "des",
|
||||||
PrivPassword: "321drowssap",
|
PrivPassword: config.NewSecret([]byte("321drowssap")),
|
||||||
EngineID: "myengineid",
|
EngineID: "myengineid",
|
||||||
EngineBoots: 1,
|
EngineBoots: 1,
|
||||||
EngineTime: 2,
|
EngineTime: 2,
|
||||||
|
|
@ -294,9 +294,9 @@ func TestGetSNMPConnection_v3_blumenthal(t *testing.T) {
|
||||||
SecLevel: "authPriv",
|
SecLevel: "authPriv",
|
||||||
SecName: "myuser",
|
SecName: "myuser",
|
||||||
AuthProtocol: "md5",
|
AuthProtocol: "md5",
|
||||||
AuthPassword: "password123",
|
AuthPassword: config.NewSecret([]byte("password123")),
|
||||||
PrivProtocol: "AES192",
|
PrivProtocol: "AES192",
|
||||||
PrivPassword: "password123",
|
PrivPassword: config.NewSecret([]byte("password123")),
|
||||||
EngineID: "myengineid",
|
EngineID: "myengineid",
|
||||||
EngineBoots: 1,
|
EngineBoots: 1,
|
||||||
EngineTime: 2,
|
EngineTime: 2,
|
||||||
|
|
@ -316,9 +316,9 @@ func TestGetSNMPConnection_v3_blumenthal(t *testing.T) {
|
||||||
SecLevel: "authPriv",
|
SecLevel: "authPriv",
|
||||||
SecName: "myuser",
|
SecName: "myuser",
|
||||||
AuthProtocol: "md5",
|
AuthProtocol: "md5",
|
||||||
AuthPassword: "password123",
|
AuthPassword: config.NewSecret([]byte("password123")),
|
||||||
PrivProtocol: "AES192C",
|
PrivProtocol: "AES192C",
|
||||||
PrivPassword: "password123",
|
PrivPassword: config.NewSecret([]byte("password123")),
|
||||||
EngineID: "myengineid",
|
EngineID: "myengineid",
|
||||||
EngineBoots: 1,
|
EngineBoots: 1,
|
||||||
EngineTime: 2,
|
EngineTime: 2,
|
||||||
|
|
@ -338,9 +338,9 @@ func TestGetSNMPConnection_v3_blumenthal(t *testing.T) {
|
||||||
SecLevel: "authPriv",
|
SecLevel: "authPriv",
|
||||||
SecName: "myuser",
|
SecName: "myuser",
|
||||||
AuthProtocol: "md5",
|
AuthProtocol: "md5",
|
||||||
AuthPassword: "password123",
|
AuthPassword: config.NewSecret([]byte("password123")),
|
||||||
PrivProtocol: "AES256",
|
PrivProtocol: "AES256",
|
||||||
PrivPassword: "password123",
|
PrivPassword: config.NewSecret([]byte("password123")),
|
||||||
EngineID: "myengineid",
|
EngineID: "myengineid",
|
||||||
EngineBoots: 1,
|
EngineBoots: 1,
|
||||||
EngineTime: 2,
|
EngineTime: 2,
|
||||||
|
|
@ -360,9 +360,9 @@ func TestGetSNMPConnection_v3_blumenthal(t *testing.T) {
|
||||||
SecLevel: "authPriv",
|
SecLevel: "authPriv",
|
||||||
SecName: "myuser",
|
SecName: "myuser",
|
||||||
AuthProtocol: "md5",
|
AuthProtocol: "md5",
|
||||||
AuthPassword: "password123",
|
AuthPassword: config.NewSecret([]byte("password123")),
|
||||||
PrivProtocol: "AES256C",
|
PrivProtocol: "AES256C",
|
||||||
PrivPassword: "password123",
|
PrivPassword: config.NewSecret([]byte("password123")),
|
||||||
EngineID: "myengineid",
|
EngineID: "myengineid",
|
||||||
EngineBoots: 1,
|
EngineBoots: 1,
|
||||||
EngineTime: 2,
|
EngineTime: 2,
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,15 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
|
||||||
|
|
||||||
[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
|
[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
|
||||||
|
|
||||||
|
## Secret-store support
|
||||||
|
|
||||||
|
This plugin supports secrets from secret-stores for the `auth_password` and
|
||||||
|
`priv_password` option.
|
||||||
|
See the [secret-store documentation][SECRETSTORE] for more details on how
|
||||||
|
to use them.
|
||||||
|
|
||||||
|
[SECRETSTORE]: ../../../docs/CONFIGURATION.md#secret-store-secrets
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
```toml @sample.conf
|
```toml @sample.conf
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,15 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
|
||||||
|
|
||||||
[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
|
[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
|
||||||
|
|
||||||
|
## Secret-store support
|
||||||
|
|
||||||
|
This plugin supports secrets from secret-stores for the `auth_password` and
|
||||||
|
`priv_password` option.
|
||||||
|
See the [secret-store documentation][SECRETSTORE] for more details on how
|
||||||
|
to use them.
|
||||||
|
|
||||||
|
[SECRETSTORE]: ../../../docs/CONFIGURATION.md#secret-store-secrets
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
```toml @sample.conf
|
```toml @sample.conf
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue