From 47ce94bf9bc460f4bf56db52a128462f5bc766ec Mon Sep 17 00:00:00 2001 From: Erik Baranowski <39704712+erikbaranowski@users.noreply.github.com> Date: Fri, 9 Feb 2024 11:15:31 -0500 Subject: [PATCH] wire up all prometheus proxy config settings for flow and the converters (#6306) * wire up all prometheus proxy config settings for flow and the converters Signed-off-by: erikbaranowski <39704712+erikbaranowski@users.noreply.github.com> * document new proxy client configs and fix a few undocumented args Signed-off-by: erikbaranowski <39704712+erikbaranowski@users.noreply.github.com> * document places where http client config was used for args but undocumented. Signed-off-by: erikbaranowski <39704712+erikbaranowski@users.noreply.github.com> * wire in proxy config for oauth2 and document refactor http client config validation Signed-off-by: erikbaranowski <39704712+erikbaranowski@users.noreply.github.com> --------- Signed-off-by: erikbaranowski <39704712+erikbaranowski@users.noreply.github.com> --- CHANGELOG.md | 3 + component/common/config/types.go | 220 +++++++++++++----- component/common/config/types_test.go | 2 +- component/discovery/aws/ec2_test.go | 6 +- component/discovery/azure/azure.go | 17 +- component/discovery/azure/azure_test.go | 14 +- component/discovery/consul/consul_test.go | 9 +- .../discovery/digitalocean/digitalocean.go | 10 +- .../digitalocean/digitalocean_test.go | 8 +- component/discovery/docker/docker_test.go | 2 +- component/discovery/kubelet/kubelet_test.go | 2 +- .../discovery/kubernetes/kubernetes_test.go | 2 +- component/discovery/linode/linode_test.go | 10 + component/discovery/nomad/nomad_test.go | 2 +- component/discovery/scaleway/scaleway.go | 16 +- component/discovery/uyuni/uyuni.go | 32 +-- .../loki/source/kubernetes/kubernetes_test.go | 2 +- component/loki/source/podlogs/podlogs_test.go | 2 +- component/loki/write/write_test.go | 2 +- .../mimir/rules/kubernetes/rules_test.go | 2 +- .../prometheus/remotewrite/types_test.go | 2 +- component/prometheus/scrape/scrape_test.go | 2 +- component/pyroscope/scrape/scrape_test.go | 2 +- component/pyroscope/write/write_test.go | 2 +- .../internal/common/http_client_config.go | 54 ++++- converter/internal/common/river_utils.go | 9 + .../prometheusconvert/component/azure.go | 3 +- .../component/digitalocean.go | 3 +- .../prometheusconvert/component/scaleway.go | 3 +- .../testdata/digitalocean.diags | 4 +- .../testdata/digitalocean.river | 12 +- .../testdata/digitalocean.yaml | 3 + .../prometheusconvert/testdata/http.river | 19 +- .../prometheusconvert/testdata/http.yaml | 6 + .../testdata/unsupported.diags | 2 - .../testdata/unsupported.river | 1 - .../testdata/unsupported.yaml | 3 - .../promtailconvert/testdata/kubernetes.diags | 1 - .../promtailconvert/testdata/kubernetes.river | 1 + .../reference/components/discovery.azure.md | 23 +- .../reference/components/discovery.consul.md | 23 +- .../components/discovery.digitalocean.md | 23 +- .../reference/components/discovery.docker.md | 31 +-- .../components/discovery.dockerswarm.md | 34 ++- .../reference/components/discovery.ec2.md | 39 ++-- .../reference/components/discovery.eureka.md | 27 ++- .../reference/components/discovery.hetzner.md | 27 ++- .../reference/components/discovery.http.md | 27 ++- .../reference/components/discovery.ionos.md | 29 ++- .../reference/components/discovery.kubelet.md | 53 ++++- .../components/discovery.kubernetes.md | 29 ++- .../reference/components/discovery.kuma.md | 29 ++- .../components/discovery.lightsail.md | 58 ++++- .../reference/components/discovery.linode.md | 39 ++-- .../components/discovery.marathon.md | 32 ++- .../reference/components/discovery.nomad.md | 35 +-- .../components/discovery.puppetdb.md | 33 +-- .../components/discovery.scaleway.md | 7 +- .../reference/components/discovery.uyuni.md | 28 ++- .../components/loki.source.kubernetes.md | 27 ++- .../loki.source.kubernetes_events.md | 27 ++- .../components/loki.source.podlogs.md | 26 ++- .../flow/reference/components/loki.write.md | 45 ++-- .../components/mimir.rules.kubernetes.md | 35 +-- .../prometheus.operator.podmonitors.md | 26 ++- .../components/prometheus.operator.probes.md | 26 ++- .../prometheus.operator.servicemonitors.md | 26 ++- .../components/prometheus.remote_write.md | 19 +- .../reference/components/prometheus.scrape.md | 19 +- .../reference/components/pyroscope.scrape.md | 13 +- .../reference/components/pyroscope.write.md | 48 ++-- .../components/remote.kubernetes.configmap.md | 22 +- .../components/remote.kubernetes.secret.md | 22 +- .../components/http-client-config-block.md | 19 +- .../http-client-proxy-config-description.md | 23 ++ .../flow/reference/components/oauth2-block.md | 23 +- 76 files changed, 1036 insertions(+), 531 deletions(-) delete mode 100644 converter/internal/promtailconvert/testdata/kubernetes.diags create mode 100644 docs/sources/shared/flow/reference/components/http-client-proxy-config-description.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 89662ebf9695..d4bd1a066fd2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -58,6 +58,9 @@ Main (unreleased) - Mutex and block pprofs are now available via the pprof endpoint. (@mattdurham) +- Added additional http client proxy configurations to components for + `no_proxy`, `proxy_from_environment`, and `proxy_connect_header`. (@erikbaranowski) + ### Bugfixes - Fix an issue in `remote.s3` where the exported content of an object would be an empty string if `remote.s3` failed to fully retrieve diff --git a/component/common/config/types.go b/component/common/config/types.go index 0062f6a63ac1..5ed0d2e8ae13 100644 --- a/component/common/config/types.go +++ b/component/common/config/types.go @@ -20,7 +20,7 @@ type HTTPClientConfig struct { OAuth2 *OAuth2Config `river:"oauth2,block,optional"` BearerToken rivertypes.Secret `river:"bearer_token,attr,optional"` BearerTokenFile string `river:"bearer_token_file,attr,optional"` - ProxyURL URL `river:"proxy_url,attr,optional"` + ProxyConfig *ProxyConfig `river:",squash"` TLSConfig TLSConfig `river:"tls_config,block,optional"` FollowRedirects bool `river:"follow_redirects,attr,optional"` EnableHTTP2 bool `river:"enable_http2,attr,optional"` @@ -33,63 +33,46 @@ func (h *HTTPClientConfig) SetToDefault() { // Validate returns an error if h is invalid. func (h *HTTPClientConfig) Validate() error { - // Backwards compatibility with the bearer_token field. - if len(h.BearerToken) > 0 && len(h.BearerTokenFile) > 0 { - return fmt.Errorf("at most one of bearer_token & bearer_token_file must be configured") - } - if (h.BasicAuth != nil || h.OAuth2 != nil) && (len(h.BearerToken) > 0 || len(h.BearerTokenFile) > 0) { - return fmt.Errorf("at most one of basic_auth, oauth2, bearer_token & bearer_token_file must be configured") + if h == nil { + return nil } - if h.BasicAuth != nil && (string(h.BasicAuth.Password) != "" && h.BasicAuth.PasswordFile != "") { - return fmt.Errorf("at most one of basic_auth password & password_file must be configured") + + authCount := 0 + if h.BasicAuth != nil { + authCount++ } if h.Authorization != nil { - if len(h.BearerToken) > 0 || len(h.BearerTokenFile) > 0 { - return fmt.Errorf("authorization is not compatible with bearer_token & bearer_token_file") - } - if string(h.Authorization.Credentials) != "" && h.Authorization.CredentialsFile != "" { - return fmt.Errorf("at most one of authorization credentials & credentials_file must be configured") - } - h.Authorization.Type = strings.TrimSpace(h.Authorization.Type) - if len(h.Authorization.Type) == 0 { - h.Authorization.Type = bearerAuth - } - if strings.ToLower(h.Authorization.Type) == "basic" { - return fmt.Errorf(`authorization type cannot be set to "basic", use "basic_auth" instead`) - } - if h.BasicAuth != nil || h.OAuth2 != nil { - return fmt.Errorf("at most one of basic_auth, oauth2 & authorization must be configured") - } - } else { - if len(h.BearerToken) > 0 { - h.Authorization = &Authorization{Credentials: h.BearerToken} - h.Authorization.Type = bearerAuth - h.BearerToken = "" - } - if len(h.BearerTokenFile) > 0 { - h.Authorization = &Authorization{CredentialsFile: h.BearerTokenFile} - h.Authorization.Type = bearerAuth - h.BearerTokenFile = "" - } + authCount++ } if h.OAuth2 != nil { - if h.BasicAuth != nil { - return fmt.Errorf("at most one of basic_auth, oauth2 & authorization must be configured") - } - if len(h.OAuth2.ClientID) == 0 { - return fmt.Errorf("oauth2 client_id must be configured") - } - if len(h.OAuth2.ClientSecret) == 0 && len(h.OAuth2.ClientSecretFile) == 0 { - return fmt.Errorf("either oauth2 client_secret or client_secret_file must be configured") - } - if len(h.OAuth2.TokenURL) == 0 { - return fmt.Errorf("oauth2 token_url must be configured") - } - if len(h.OAuth2.ClientSecret) > 0 && len(h.OAuth2.ClientSecretFile) > 0 { - return fmt.Errorf("at most one of oauth2 client_secret & client_secret_file must be configured") - } + authCount++ } - return nil + if len(h.BearerToken) > 0 { + authCount++ + } + if len(h.BearerTokenFile) > 0 { + authCount++ + } + + if authCount > 1 { + return fmt.Errorf("at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured") + } + + // TODO: Validate should not be modifying the object + if len(h.BearerToken) > 0 { + h.Authorization = &Authorization{Credentials: h.BearerToken} + h.Authorization.Type = bearerAuth + h.BearerToken = "" + } + + // TODO: Validate should not be modifying the object + if len(h.BearerTokenFile) > 0 { + h.Authorization = &Authorization{CredentialsFile: h.BearerTokenFile} + h.Authorization.Type = bearerAuth + h.BearerTokenFile = "" + } + + return h.ProxyConfig.Validate() } // Convert converts HTTPClientConfig to the native Prometheus type. If h is @@ -108,9 +91,7 @@ func (h *HTTPClientConfig) Convert() *config.HTTPClientConfig { TLSConfig: *h.TLSConfig.Convert(), FollowRedirects: h.FollowRedirects, EnableHTTP2: h.EnableHTTP2, - ProxyConfig: config.ProxyConfig{ - ProxyURL: h.ProxyURL.Convert(), - }, + ProxyConfig: h.ProxyConfig.Convert(), } } @@ -145,6 +126,59 @@ func (b *BasicAuth) Convert() *config.BasicAuth { } } +func (b *BasicAuth) Validate() error { + if b == nil { + return nil + } + + if string(b.Password) != "" && b.PasswordFile != "" { + return fmt.Errorf("at most one of basic_auth password & password_file must be configured") + } + + return nil +} + +type ProxyConfig struct { + ProxyURL URL `river:"proxy_url,attr,optional"` + NoProxy string `river:"no_proxy,attr,optional"` + ProxyFromEnvironment bool `river:"proxy_from_environment,attr,optional"` + ProxyConnectHeader Header `river:",squash"` +} + +func (p *ProxyConfig) Convert() config.ProxyConfig { + if p == nil { + return config.ProxyConfig{} + } + + return config.ProxyConfig{ + ProxyURL: p.ProxyURL.Convert(), + NoProxy: p.NoProxy, + ProxyFromEnvironment: p.ProxyFromEnvironment, + ProxyConnectHeader: p.ProxyConnectHeader.Convert(), + } +} + +func (p *ProxyConfig) Validate() error { + if p == nil { + return nil + } + + if len(p.ProxyConnectHeader.Header) > 0 && (!p.ProxyFromEnvironment && (p.ProxyURL.URL == nil || p.ProxyURL.String() == "")) { + return fmt.Errorf("if proxy_connect_header is configured, proxy_url or proxy_from_environment must also be configured") + } + if p.ProxyFromEnvironment && p.ProxyURL.URL != nil && p.ProxyURL.String() != "" { + return fmt.Errorf("if proxy_from_environment is configured, proxy_url must not be configured") + } + if p.ProxyFromEnvironment && p.NoProxy != "" { + return fmt.Errorf("if proxy_from_environment is configured, no_proxy must not be configured") + } + if p.ProxyURL.URL == nil && p.NoProxy != "" { + return fmt.Errorf("if no_proxy is configured, proxy_url must also be configured") + } + + return nil +} + // URL mirrors config.URL type URL struct { *url.URL @@ -173,10 +207,35 @@ func (u *URL) UnmarshalText(text []byte) error { } // Convert converts our type to the native prometheus type -func (u URL) Convert() config.URL { +func (u *URL) Convert() config.URL { + if u == nil { + return config.URL{URL: nil} + } return config.URL{URL: u.URL} } +type Header struct { + Header map[string][]rivertypes.Secret `river:"proxy_connect_header,attr,optional"` +} + +func (h *Header) Convert() config.Header { + if h == nil { + return nil + } + header := make(config.Header) + for name, values := range h.Header { + var s []config.Secret + if values != nil { + s = make([]config.Secret, 0, len(values)) + for _, value := range values { + s = append(s, config.Secret(value)) + } + } + header[name] = s + } + return header +} + // Authorization sets up HTTP authorization credentials. type Authorization struct { Type string `river:"type,attr,optional"` @@ -196,6 +255,28 @@ func (a *Authorization) Convert() *config.Authorization { } } +func (a *Authorization) Validate() error { + if a == nil { + return nil + } + + if string(a.Credentials) != "" && a.CredentialsFile != "" { + return fmt.Errorf("at most one of authorization credentials & credentials_file must be configured") + } + + // TODO: Validate should not be modifying the object + a.Type = strings.TrimSpace(a.Type) + if len(a.Type) == 0 { + a.Type = bearerAuth + } + + if strings.ToLower(a.Type) == "basic" { + return fmt.Errorf(`authorization type cannot be set to "basic", use "basic_auth" block instead`) + } + + return nil +} + // TLSVersion mirrors config.TLSVersion type TLSVersion uint16 @@ -283,7 +364,7 @@ type OAuth2Config struct { Scopes []string `river:"scopes,attr,optional"` TokenURL string `river:"token_url,attr,optional"` EndpointParams map[string]string `river:"endpoint_params,attr,optional"` - ProxyURL URL `river:"proxy_url,attr,optional"` + ProxyConfig *ProxyConfig `river:",squash"` TLSConfig *TLSConfig `river:"tls_config,block,optional"` } @@ -299,12 +380,31 @@ func (o *OAuth2Config) Convert() *config.OAuth2 { Scopes: o.Scopes, TokenURL: o.TokenURL, EndpointParams: o.EndpointParams, - ProxyConfig: config.ProxyConfig{ - ProxyURL: o.ProxyURL.Convert(), - }, + ProxyConfig: o.ProxyConfig.Convert(), } if o.TLSConfig != nil { oa.TLSConfig = *o.TLSConfig.Convert() } return oa } + +func (o *OAuth2Config) Validate() error { + if o == nil { + return nil + } + + if len(o.ClientID) == 0 { + return fmt.Errorf("oauth2 client_id must be configured") + } + if len(o.ClientSecret) == 0 && len(o.ClientSecretFile) == 0 { + return fmt.Errorf("either oauth2 client_secret or client_secret_file must be configured") + } + if len(o.TokenURL) == 0 { + return fmt.Errorf("oauth2 token_url must be configured") + } + if len(o.ClientSecret) > 0 && len(o.ClientSecretFile) > 0 { + return fmt.Errorf("at most one of oauth2 client_secret & client_secret_file must be configured") + } + + return o.ProxyConfig.Validate() +} diff --git a/component/common/config/types_test.go b/component/common/config/types_test.go index 0291d44aaa98..dbdbed6c284c 100644 --- a/component/common/config/types_test.go +++ b/component/common/config/types_test.go @@ -228,5 +228,5 @@ func TestHTTPClientBadConfig(t *testing.T) { var httpClientConfig HTTPClientConfig err := river.Unmarshal([]byte(exampleRiverConfig), &httpClientConfig) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth password & password_file must be configured") } diff --git a/component/discovery/aws/ec2_test.go b/component/discovery/aws/ec2_test.go index 7696d750a4ff..a927716afba7 100644 --- a/component/discovery/aws/ec2_test.go +++ b/component/discovery/aws/ec2_test.go @@ -14,7 +14,11 @@ func TestConvert(t *testing.T) { u, err := url.Parse("http://example:8080") require.NoError(t, err) httpClientConfig := config.DefaultHTTPClientConfig - httpClientConfig.ProxyURL = config.URL{URL: u} + httpClientConfig.ProxyConfig = &config.ProxyConfig{ + ProxyURL: config.URL{ + URL: u, + }, + } // example configuration riverArgs := EC2Arguments{ diff --git a/component/discovery/azure/azure.go b/component/discovery/azure/azure.go index 9ed1363f5250..0b22c15528e1 100644 --- a/component/discovery/azure/azure.go +++ b/component/discovery/azure/azure.go @@ -35,10 +35,10 @@ type Arguments struct { RefreshInterval time.Duration `river:"refresh_interval,attr,optional"` ResourceGroup string `river:"resource_group,attr,optional"` - ProxyURL config.URL `river:"proxy_url,attr,optional"` - FollowRedirects bool `river:"follow_redirects,attr,optional"` - EnableHTTP2 bool `river:"enable_http2,attr,optional"` - TLSConfig config.TLSConfig `river:"tls_config,block,optional"` + ProxyConfig *config.ProxyConfig `river:",squash"` + FollowRedirects bool `river:"follow_redirects,attr,optional"` + EnableHTTP2 bool `river:"enable_http2,attr,optional"` + TLSConfig config.TLSConfig `river:"tls_config,block,optional"` } type OAuth struct { @@ -69,7 +69,12 @@ func (a *Arguments) Validate() error { if a.OAuth == nil && a.ManagedIdentity == nil || a.OAuth != nil && a.ManagedIdentity != nil { return fmt.Errorf("exactly one of oauth or managed_identity must be specified") } - return a.TLSConfig.Validate() + + if err := a.TLSConfig.Validate(); err != nil { + return err + } + + return a.ProxyConfig.Validate() } func (a *Arguments) Convert() *prom_discovery.SDConfig { @@ -90,10 +95,10 @@ func (a *Arguments) Convert() *prom_discovery.SDConfig { } httpClientConfig := config.DefaultHTTPClientConfig - httpClientConfig.ProxyURL = a.ProxyURL httpClientConfig.FollowRedirects = a.FollowRedirects httpClientConfig.EnableHTTP2 = a.EnableHTTP2 httpClientConfig.TLSConfig = a.TLSConfig + httpClientConfig.ProxyConfig = a.ProxyConfig return &prom_discovery.SDConfig{ Environment: a.Environment, diff --git a/component/discovery/azure/azure_test.go b/component/discovery/azure/azure_test.go index d3b98a903241..bf350c0bab84 100644 --- a/component/discovery/azure/azure_test.go +++ b/component/discovery/azure/azure_test.go @@ -42,7 +42,7 @@ func TestRiverUnmarshal(t *testing.T) { assert.Equal(t, "clientsecret", string(args.OAuth.ClientSecret)) assert.Equal(t, true, args.EnableHTTP2) assert.Equal(t, false, args.FollowRedirects) - assert.Equal(t, "http://example:8080", args.ProxyURL.String()) + assert.Equal(t, "http://example:8080", args.ProxyConfig.ProxyURL.String()) } func TestRiverUnmarshal_OAuthRequiredFields(t *testing.T) { @@ -123,8 +123,10 @@ func TestConvert(t *testing.T) { }, FollowRedirects: false, EnableHTTP2: false, - ProxyURL: config.URL{ - URL: proxyUrl, + ProxyConfig: &config.ProxyConfig{ + ProxyURL: config.URL{ + URL: proxyUrl, + }, }, } @@ -152,8 +154,10 @@ func TestConvert(t *testing.T) { }, FollowRedirects: true, EnableHTTP2: true, - ProxyURL: config.URL{ - URL: proxyUrl, + ProxyConfig: &config.ProxyConfig{ + ProxyURL: config.URL{ + URL: proxyUrl, + }, }, } diff --git a/component/discovery/consul/consul_test.go b/component/discovery/consul/consul_test.go index 70ed9604d033..98e72666cc89 100644 --- a/component/discovery/consul/consul_test.go +++ b/component/discovery/consul/consul_test.go @@ -25,12 +25,15 @@ func TestBadRiverConfig(t *testing.T) { var exampleRiverConfig = ` server = "consul.example.com:8500" services = ["my-service"] - bearer_token = "token" - bearer_token_file = "/path/to/file.token" + basic_auth { + username = "user" + password = "pass" + password_file = "/somewhere.txt" + } ` // Make sure the squashed HTTPClientConfig Validate function is being utilized correctly var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth password & password_file must be configured") } diff --git a/component/discovery/digitalocean/digitalocean.go b/component/discovery/digitalocean/digitalocean.go index bde15337da88..3f2c735c6f44 100644 --- a/component/discovery/digitalocean/digitalocean.go +++ b/component/discovery/digitalocean/digitalocean.go @@ -31,9 +31,9 @@ type Arguments struct { BearerToken rivertypes.Secret `river:"bearer_token,attr,optional"` BearerTokenFile string `river:"bearer_token_file,attr,optional"` - ProxyURL config.URL `river:"proxy_url,attr,optional"` - FollowRedirects bool `river:"follow_redirects,attr,optional"` - EnableHTTP2 bool `river:"enable_http2,attr,optional"` + ProxyConfig *config.ProxyConfig `river:",squash"` + FollowRedirects bool `river:"follow_redirects,attr,optional"` + EnableHTTP2 bool `river:"enable_http2,attr,optional"` } var DefaultArguments = Arguments{ @@ -60,16 +60,16 @@ func (a *Arguments) Validate() error { return fmt.Errorf("exactly one of bearer_token or bearer_token_file must be specified") } - return nil + return a.ProxyConfig.Validate() } func (a *Arguments) Convert() *prom_discovery.SDConfig { httpClientConfig := config.DefaultHTTPClientConfig httpClientConfig.BearerToken = a.BearerToken httpClientConfig.BearerTokenFile = a.BearerTokenFile - httpClientConfig.ProxyURL = a.ProxyURL httpClientConfig.FollowRedirects = a.FollowRedirects httpClientConfig.EnableHTTP2 = a.EnableHTTP2 + httpClientConfig.ProxyConfig = a.ProxyConfig return &prom_discovery.SDConfig{ RefreshInterval: model.Duration(a.RefreshInterval), diff --git a/component/discovery/digitalocean/digitalocean_test.go b/component/discovery/digitalocean/digitalocean_test.go index fe677105da65..ade941f53be5 100644 --- a/component/discovery/digitalocean/digitalocean_test.go +++ b/component/discovery/digitalocean/digitalocean_test.go @@ -40,7 +40,7 @@ func TestRiverUnmarshal(t *testing.T) { require.NoError(t, err) assert.Equal(t, 3*time.Minute, args.RefreshInterval) assert.Equal(t, 9119, args.Port) - assert.Equal(t, "http://proxy:8080", args.ProxyURL.String()) + assert.Equal(t, "http://proxy:8080", args.ProxyConfig.ProxyURL.String()) assert.Equal(t, true, args.FollowRedirects) assert.Equal(t, false, args.EnableHTTP2) } @@ -72,8 +72,10 @@ func TestConvert(t *testing.T) { RefreshInterval: 5 * time.Minute, Port: 8181, BearerToken: "token", - ProxyURL: config.URL{ - URL: proxyUrl, + ProxyConfig: &config.ProxyConfig{ + ProxyURL: config.URL{ + URL: proxyUrl, + }, }, FollowRedirects: false, EnableHTTP2: false, diff --git a/component/discovery/docker/docker_test.go b/component/discovery/docker/docker_test.go index 7589eb9df58f..f86903080f16 100644 --- a/component/discovery/docker/docker_test.go +++ b/component/discovery/docker/docker_test.go @@ -27,5 +27,5 @@ func TestBadRiverConfig(t *testing.T) { // Make sure the squashed HTTPClientConfig Validate function is being utilized correctly var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured") } diff --git a/component/discovery/kubelet/kubelet_test.go b/component/discovery/kubelet/kubelet_test.go index 183f789aef70..abde26630764 100644 --- a/component/discovery/kubelet/kubelet_test.go +++ b/component/discovery/kubelet/kubelet_test.go @@ -32,7 +32,7 @@ func TestBadRiverConfig(t *testing.T) { // Make sure the squashed HTTPClientConfig Validate function is being utilized correctly var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured") // Make sure that URL defaults to https://localhost:10250 var args2 Arguments diff --git a/component/discovery/kubernetes/kubernetes_test.go b/component/discovery/kubernetes/kubernetes_test.go index b4fd44e33895..ad6308f7c645 100644 --- a/component/discovery/kubernetes/kubernetes_test.go +++ b/component/discovery/kubernetes/kubernetes_test.go @@ -31,7 +31,7 @@ func TestBadRiverConfig(t *testing.T) { // Make sure the squashed HTTPClientConfig Validate function is being utilized correctly var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured") } func TestAttachMetadata(t *testing.T) { diff --git a/component/discovery/linode/linode_test.go b/component/discovery/linode/linode_test.go index 9c344d6e2629..b8effb7eae95 100644 --- a/component/discovery/linode/linode_test.go +++ b/component/discovery/linode/linode_test.go @@ -16,6 +16,10 @@ func TestRiverConfig(t *testing.T) { refresh_interval = "10s" port = 8080 tag_separator = ";" + basic_auth { + username = "test" + password = "pass" + } ` var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) @@ -29,6 +33,10 @@ func TestConvert(t *testing.T) { TagSeparator: ";", HTTPClientConfig: config.HTTPClientConfig{ BearerToken: "FOO", + BasicAuth: &config.BasicAuth{ + Username: "test", + Password: "pass", + }, }, } @@ -37,6 +45,8 @@ func TestConvert(t *testing.T) { require.Equal(t, model.Duration(15*time.Second), promArgs.RefreshInterval) require.Equal(t, ";", promArgs.TagSeparator) require.Equal(t, promconfig.Secret("FOO"), promArgs.HTTPClientConfig.BearerToken) + require.Equal(t, "test", promArgs.HTTPClientConfig.BasicAuth.Username) + require.Equal(t, "pass", string(promArgs.HTTPClientConfig.BasicAuth.Password)) } func TestValidate(t *testing.T) { diff --git a/component/discovery/nomad/nomad_test.go b/component/discovery/nomad/nomad_test.go index 70455bb19194..587a47c55cdd 100644 --- a/component/discovery/nomad/nomad_test.go +++ b/component/discovery/nomad/nomad_test.go @@ -34,7 +34,7 @@ func TestRiverUnmarshal(t *testing.T) { assert.Equal(t, ";", args.TagSeparator) assert.Equal(t, true, args.HTTPClientConfig.EnableHTTP2) assert.Equal(t, false, args.HTTPClientConfig.FollowRedirects) - assert.Equal(t, "http://example:8080", args.HTTPClientConfig.ProxyURL.String()) + assert.Equal(t, "http://example:8080", args.HTTPClientConfig.ProxyConfig.ProxyURL.String()) } func TestConvert(t *testing.T) { diff --git a/component/discovery/scaleway/scaleway.go b/component/discovery/scaleway/scaleway.go index 0353993fc95e..25990105b389 100644 --- a/component/discovery/scaleway/scaleway.go +++ b/component/discovery/scaleway/scaleway.go @@ -42,10 +42,10 @@ type Arguments struct { RefreshInterval time.Duration `river:"refresh_interval,attr,optional"` Port int `river:"port,attr,optional"` - ProxyURL config.URL `river:"proxy_url,attr,optional"` - TLSConfig config.TLSConfig `river:"tls_config,block,optional"` - FollowRedirects bool `river:"follow_redirects,attr,optional"` - EnableHTTP2 bool `river:"enable_http2,attr,optional"` + ProxyConfig *config.ProxyConfig `river:",squash"` + TLSConfig config.TLSConfig `river:"tls_config,block,optional"` + FollowRedirects bool `river:"follow_redirects,attr,optional"` + EnableHTTP2 bool `river:"enable_http2,attr,optional"` } var DefaultArguments = Arguments{ @@ -79,6 +79,10 @@ func (args *Arguments) Validate() error { return fmt.Errorf("access_key must not be empty") } + if err := args.ProxyConfig.Validate(); err != nil { + return err + } + // Test UnmarshalYAML against the upstream type which has custom validations. // // TODO(rfratto): decouple upstream validation into a separate method so this @@ -113,9 +117,7 @@ func (args *Arguments) Convert() *prom_discovery.SDConfig { TagsFilter: args.TagsFilter, HTTPClientConfig: prom_config.HTTPClientConfig{ - ProxyConfig: prom_config.ProxyConfig{ - ProxyURL: args.ProxyURL.Convert(), - }, + ProxyConfig: args.ProxyConfig.Convert(), TLSConfig: *args.TLSConfig.Convert(), FollowRedirects: args.FollowRedirects, EnableHTTP2: args.EnableHTTP2, diff --git a/component/discovery/uyuni/uyuni.go b/component/discovery/uyuni/uyuni.go index 4e2947b8802e..709c9e9c696b 100644 --- a/component/discovery/uyuni/uyuni.go +++ b/component/discovery/uyuni/uyuni.go @@ -27,17 +27,16 @@ func init() { } type Arguments struct { - Server string `river:"server,attr"` - Username string `river:"username,attr"` - Password rivertypes.Secret `river:"password,attr"` - Entitlement string `river:"entitlement,attr,optional"` - Separator string `river:"separator,attr,optional"` - RefreshInterval time.Duration `river:"refresh_interval,attr,optional"` - - ProxyURL config.URL `river:"proxy_url,attr,optional"` - TLSConfig config.TLSConfig `river:"tls_config,block,optional"` - FollowRedirects bool `river:"follow_redirects,attr,optional"` - EnableHTTP2 bool `river:"enable_http2,attr,optional"` + Server string `river:"server,attr"` + Username string `river:"username,attr"` + Password rivertypes.Secret `river:"password,attr"` + Entitlement string `river:"entitlement,attr,optional"` + Separator string `river:"separator,attr,optional"` + RefreshInterval time.Duration `river:"refresh_interval,attr,optional"` + ProxyConfig *config.ProxyConfig `river:",squash"` + TLSConfig config.TLSConfig `river:"tls_config,block,optional"` + FollowRedirects bool `river:"follow_redirects,attr,optional"` + EnableHTTP2 bool `river:"enable_http2,attr,optional"` } var DefaultArguments = Arguments{ @@ -60,7 +59,12 @@ func (a *Arguments) Validate() error { if err != nil { return fmt.Errorf("invalid server URL: %w", err) } - return a.TLSConfig.Validate() + + if err = a.TLSConfig.Validate(); err != nil { + return err + } + + return a.ProxyConfig.Validate() } func (a *Arguments) Convert() *prom_discovery.SDConfig { @@ -73,9 +77,7 @@ func (a *Arguments) Convert() *prom_discovery.SDConfig { RefreshInterval: model.Duration(a.RefreshInterval), HTTPClientConfig: promcfg.HTTPClientConfig{ - ProxyConfig: promcfg.ProxyConfig{ - ProxyURL: a.ProxyURL.Convert(), - }, + ProxyConfig: a.ProxyConfig.Convert(), TLSConfig: *a.TLSConfig.Convert(), FollowRedirects: a.FollowRedirects, EnableHTTP2: a.EnableHTTP2, diff --git a/component/loki/source/kubernetes/kubernetes_test.go b/component/loki/source/kubernetes/kubernetes_test.go index c01195752180..ad1fc5872e4f 100644 --- a/component/loki/source/kubernetes/kubernetes_test.go +++ b/component/loki/source/kubernetes/kubernetes_test.go @@ -41,5 +41,5 @@ func TestBadRiverConfig(t *testing.T) { // Make sure the squashed HTTPClientConfig Validate function is being utilized correctly var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured") } diff --git a/component/loki/source/podlogs/podlogs_test.go b/component/loki/source/podlogs/podlogs_test.go index 243e5177a103..ffb0e2fa1d1f 100644 --- a/component/loki/source/podlogs/podlogs_test.go +++ b/component/loki/source/podlogs/podlogs_test.go @@ -33,5 +33,5 @@ func TestBadRiverConfig(t *testing.T) { // Make sure the squashed HTTPClientConfig Validate function is being utilized correctly var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured") } diff --git a/component/loki/write/write_test.go b/component/loki/write/write_test.go index d77bebe21c0f..87e09a5a35e5 100644 --- a/component/loki/write/write_test.go +++ b/component/loki/write/write_test.go @@ -53,7 +53,7 @@ func TestBadRiverConfig(t *testing.T) { // Make sure the squashed HTTPClientConfig Validate function is being utilized correctly var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured") } func TestUnmarshallWalAttrributes(t *testing.T) { diff --git a/component/mimir/rules/kubernetes/rules_test.go b/component/mimir/rules/kubernetes/rules_test.go index d37538b38940..332c8942febe 100644 --- a/component/mimir/rules/kubernetes/rules_test.go +++ b/component/mimir/rules/kubernetes/rules_test.go @@ -38,5 +38,5 @@ func TestBadRiverConfig(t *testing.T) { // Make sure the squashed HTTPClientConfig Validate function is being utilized correctly var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured") } diff --git a/component/prometheus/remotewrite/types_test.go b/component/prometheus/remotewrite/types_test.go index b9dc4970b990..2c013c4c06a5 100644 --- a/component/prometheus/remotewrite/types_test.go +++ b/component/prometheus/remotewrite/types_test.go @@ -256,7 +256,7 @@ func TestRiverConfig(t *testing.T) { batch_send_deadline = "100ms" } }`, - errorMsg: "at most one of bearer_token & bearer_token_file must be configured", + errorMsg: "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured", }, } diff --git a/component/prometheus/scrape/scrape_test.go b/component/prometheus/scrape/scrape_test.go index bb7cef641f41..afc6c7ebd53c 100644 --- a/component/prometheus/scrape/scrape_test.go +++ b/component/prometheus/scrape/scrape_test.go @@ -68,7 +68,7 @@ func TestBadRiverConfig(t *testing.T) { // Make sure the squashed HTTPClientConfig Validate function is being utilized correctly var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured") } func TestForwardingToAppendable(t *testing.T) { diff --git a/component/pyroscope/scrape/scrape_test.go b/component/pyroscope/scrape/scrape_test.go index 29c5b72b71d2..1ba6a1515e44 100644 --- a/component/pyroscope/scrape/scrape_test.go +++ b/component/pyroscope/scrape/scrape_test.go @@ -169,7 +169,7 @@ func TestUnmarshalConfig(t *testing.T) { bearer_token = "token" bearer_token_file = "/path/to/file.token" `, - expectedErr: "at most one of bearer_token & bearer_token_file must be configured", + expectedErr: "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured", }, } { tt := tt diff --git a/component/pyroscope/write/write_test.go b/component/pyroscope/write/write_test.go index d0c91d50e3f6..10032ac138d3 100644 --- a/component/pyroscope/write/write_test.go +++ b/component/pyroscope/write/write_test.go @@ -251,5 +251,5 @@ func TestBadRiverConfig(t *testing.T) { // Make sure the squashed HTTPClientConfig Validate function is being utilized correctly var args Arguments err := river.Unmarshal([]byte(exampleRiverConfig), &args) - require.ErrorContains(t, err, "at most one of bearer_token & bearer_token_file must be configured") + require.ErrorContains(t, err, "at most one of basic_auth, authorization, oauth2, bearer_token & bearer_token_file must be configured") } diff --git a/converter/internal/common/http_client_config.go b/converter/internal/common/http_client_config.go index 55b880903621..08b5f974e12e 100644 --- a/converter/internal/common/http_client_config.go +++ b/converter/internal/common/http_client_config.go @@ -1,6 +1,8 @@ package common import ( + "reflect" + "github.com/grafana/agent/component/common/config" "github.com/grafana/agent/converter/diag" "github.com/grafana/river/rivertypes" @@ -18,7 +20,7 @@ func ToHttpClientConfig(httpClientConfig *prom_config.HTTPClientConfig) *config. OAuth2: toOAuth2(httpClientConfig.OAuth2), BearerToken: rivertypes.Secret(httpClientConfig.BearerToken), BearerTokenFile: httpClientConfig.BearerTokenFile, - ProxyURL: config.URL(httpClientConfig.ProxyURL), + ProxyConfig: ToProxyConfig(httpClientConfig.ProxyConfig), TLSConfig: *ToTLSConfig(&httpClientConfig.TLSConfig), FollowRedirects: httpClientConfig.FollowRedirects, EnableHTTP2: httpClientConfig.EnableHTTP2, @@ -30,9 +32,6 @@ func ToHttpClientConfig(httpClientConfig *prom_config.HTTPClientConfig) *config. func ValidateHttpClientConfig(httpClientConfig *prom_config.HTTPClientConfig) diag.Diagnostics { var diags diag.Diagnostics - diags.AddAll(ValidateSupported(NotEquals, httpClientConfig.NoProxy, "", "HTTP Client no_proxy", "")) - diags.AddAll(ValidateSupported(Equals, httpClientConfig.ProxyFromEnvironment, true, "HTTP Client proxy_from_environment", "")) - diags.AddAll(ValidateSupported(Equals, len(httpClientConfig.ProxyConnectHeader) > 0, true, "HTTP Client proxy_connect_header", "")) diags.AddAll(ValidateSupported(NotEquals, httpClientConfig.TLSConfig.MaxVersion, prom_config.TLSVersion(0), "HTTP Client max_version", "")) return diags @@ -74,11 +73,56 @@ func toOAuth2(oAuth2 *prom_config.OAuth2) *config.OAuth2Config { Scopes: oAuth2.Scopes, TokenURL: oAuth2.TokenURL, EndpointParams: oAuth2.EndpointParams, - ProxyURL: config.URL(oAuth2.ProxyURL), + ProxyConfig: ToProxyConfig(oAuth2.ProxyConfig), TLSConfig: ToTLSConfig(&oAuth2.TLSConfig), } } +func ToProxyConfig(proxyConfig prom_config.ProxyConfig) *config.ProxyConfig { + // Prometheus proxy config is not a pointer so treat the default struct as nil + if reflect.DeepEqual(proxyConfig, prom_config.ProxyConfig{}) { + return nil + } + + return &config.ProxyConfig{ + ProxyURL: toProxyURL(proxyConfig.ProxyURL), + NoProxy: proxyConfig.NoProxy, + ProxyFromEnvironment: proxyConfig.ProxyFromEnvironment, + ProxyConnectHeader: toProxyConnectHeader(proxyConfig.ProxyConnectHeader), + } +} + +func toProxyURL(proxyURL prom_config.URL) config.URL { + if proxyURL.URL == nil { + return config.URL{} + } + + return config.URL{ + URL: proxyURL.URL, + } +} + +func toProxyConnectHeader(proxyConnectHeader prom_config.Header) config.Header { + if proxyConnectHeader == nil { + return config.Header{} + } + + header := config.Header{ + Header: make(map[string][]rivertypes.Secret), + } + for name, values := range proxyConnectHeader { + var s []rivertypes.Secret + if values != nil { + s = make([]rivertypes.Secret, 0, len(values)) + for _, value := range values { + s = append(s, rivertypes.Secret(value)) + } + } + header.Header[name] = s + } + return header +} + func ToTLSConfig(tlsConfig *prom_config.TLSConfig) *config.TLSConfig { if tlsConfig == nil { return nil diff --git a/converter/internal/common/river_utils.go b/converter/internal/common/river_utils.go index ba169bc830c7..d8cb98a93e01 100644 --- a/converter/internal/common/river_utils.go +++ b/converter/internal/common/river_utils.go @@ -45,6 +45,15 @@ func getValueOverrideHook() builder.ValueOverrideHook { secrets = append(secrets, string(secret)) } return secrets + case map[string][]rivertypes.Secret: + secrets := make(map[string][]string, len(value)) + for k, v := range value { + secrets[k] = make([]string, 0, len(v)) + for _, secret := range v { + secrets[k] = append(secrets[k], string(secret)) + } + } + return secrets case flow_relabel.Regexp: return value.String() case []discovery.Target: diff --git a/converter/internal/prometheusconvert/component/azure.go b/converter/internal/prometheusconvert/component/azure.go index 754c9765f32c..7f868fe54b06 100644 --- a/converter/internal/prometheusconvert/component/azure.go +++ b/converter/internal/prometheusconvert/component/azure.go @@ -3,7 +3,6 @@ package component import ( "time" - "github.com/grafana/agent/component/common/config" "github.com/grafana/agent/component/discovery" "github.com/grafana/agent/component/discovery/azure" "github.com/grafana/agent/converter/diag" @@ -34,7 +33,7 @@ func toDiscoveryAzure(sdConfig *prom_azure.SDConfig) *azure.Arguments { ManagedIdentity: toManagedIdentity(sdConfig), RefreshInterval: time.Duration(sdConfig.RefreshInterval), ResourceGroup: sdConfig.ResourceGroup, - ProxyURL: config.URL(sdConfig.HTTPClientConfig.ProxyURL), + ProxyConfig: common.ToProxyConfig(sdConfig.HTTPClientConfig.ProxyConfig), FollowRedirects: sdConfig.HTTPClientConfig.FollowRedirects, EnableHTTP2: sdConfig.HTTPClientConfig.EnableHTTP2, TLSConfig: *common.ToTLSConfig(&sdConfig.HTTPClientConfig.TLSConfig), diff --git a/converter/internal/prometheusconvert/component/digitalocean.go b/converter/internal/prometheusconvert/component/digitalocean.go index 1b8be57618b6..6cbdae5a95f6 100644 --- a/converter/internal/prometheusconvert/component/digitalocean.go +++ b/converter/internal/prometheusconvert/component/digitalocean.go @@ -3,7 +3,6 @@ package component import ( "time" - "github.com/grafana/agent/component/common/config" "github.com/grafana/agent/component/discovery" "github.com/grafana/agent/component/discovery/digitalocean" "github.com/grafana/agent/converter/diag" @@ -49,7 +48,7 @@ func toDiscoveryDigitalOcean(sdConfig *prom_digitalocean.SDConfig) *digitalocean Port: sdConfig.Port, BearerToken: rivertypes.Secret(sdConfig.HTTPClientConfig.BearerToken), BearerTokenFile: sdConfig.HTTPClientConfig.BearerTokenFile, - ProxyURL: config.URL(sdConfig.HTTPClientConfig.ProxyURL), + ProxyConfig: common.ToProxyConfig(sdConfig.HTTPClientConfig.ProxyConfig), FollowRedirects: sdConfig.HTTPClientConfig.FollowRedirects, EnableHTTP2: sdConfig.HTTPClientConfig.EnableHTTP2, } diff --git a/converter/internal/prometheusconvert/component/scaleway.go b/converter/internal/prometheusconvert/component/scaleway.go index 8cc25b7470c0..79b5aa152272 100644 --- a/converter/internal/prometheusconvert/component/scaleway.go +++ b/converter/internal/prometheusconvert/component/scaleway.go @@ -3,7 +3,6 @@ package component import ( "time" - "github.com/grafana/agent/component/common/config" "github.com/grafana/agent/component/discovery" "github.com/grafana/agent/component/discovery/scaleway" "github.com/grafana/agent/converter/diag" @@ -42,7 +41,7 @@ func toDiscoveryScaleway(sdConfig *prom_scaleway.SDConfig) *scaleway.Arguments { TagsFilter: sdConfig.TagsFilter, RefreshInterval: time.Duration(sdConfig.RefreshInterval), Port: sdConfig.Port, - ProxyURL: config.URL(sdConfig.HTTPClientConfig.ProxyURL), + ProxyConfig: common.ToProxyConfig(sdConfig.HTTPClientConfig.ProxyConfig), TLSConfig: *common.ToTLSConfig(&sdConfig.HTTPClientConfig.TLSConfig), FollowRedirects: sdConfig.HTTPClientConfig.FollowRedirects, EnableHTTP2: sdConfig.HTTPClientConfig.EnableHTTP2, diff --git a/converter/internal/prometheusconvert/testdata/digitalocean.diags b/converter/internal/prometheusconvert/testdata/digitalocean.diags index 192d5c8d858e..4657e3155cdf 100644 --- a/converter/internal/prometheusconvert/testdata/digitalocean.diags +++ b/converter/internal/prometheusconvert/testdata/digitalocean.diags @@ -1,3 +1 @@ -(Error) The converter does not support converting the provided digitalocean_sd_configs basic_auth config. -(Error) The converter does not support converting the provided HTTP Client proxy_from_environment config. -(Error) The converter does not support converting the provided HTTP Client proxy_from_environment config. \ No newline at end of file +(Error) The converter does not support converting the provided digitalocean_sd_configs basic_auth config. \ No newline at end of file diff --git a/converter/internal/prometheusconvert/testdata/digitalocean.river b/converter/internal/prometheusconvert/testdata/digitalocean.river index 27b0629afc15..106d206fdd05 100644 --- a/converter/internal/prometheusconvert/testdata/digitalocean.river +++ b/converter/internal/prometheusconvert/testdata/digitalocean.river @@ -1,6 +1,14 @@ -discovery.digitalocean "prometheus1" { } +discovery.digitalocean "prometheus1" { + proxy_from_environment = true + proxy_connect_header = { + Authorization = ["something", "something else"], + Host = ["localhost"], + } +} -discovery.digitalocean "prometheus2" { } +discovery.digitalocean "prometheus2" { + proxy_from_environment = true +} prometheus.scrape "prometheus1" { targets = concat( diff --git a/converter/internal/prometheusconvert/testdata/digitalocean.yaml b/converter/internal/prometheusconvert/testdata/digitalocean.yaml index 8122cefe580a..7bf1b724b7b3 100644 --- a/converter/internal/prometheusconvert/testdata/digitalocean.yaml +++ b/converter/internal/prometheusconvert/testdata/digitalocean.yaml @@ -4,6 +4,9 @@ scrape_configs: - targets: ["localhost:9090"] digitalocean_sd_configs: - proxy_from_environment: true + proxy_connect_header: + Authorization: ["something", "something else"] + Host: ["localhost"] basic_auth: username: 'user' password: 'pass' diff --git a/converter/internal/prometheusconvert/testdata/http.river b/converter/internal/prometheusconvert/testdata/http.river index 3184bf527e0d..0b3f85909b18 100644 --- a/converter/internal/prometheusconvert/testdata/http.river +++ b/converter/internal/prometheusconvert/testdata/http.river @@ -54,16 +54,23 @@ discovery.relabel "netbox_snmp" { } prometheus.scrape "netbox_snmp" { - targets = discovery.relabel.netbox_snmp.output - forward_to = [prometheus.remote_write.default.receiver] - job_name = "netbox_snmp" - metrics_path = "/snmp" + targets = discovery.relabel.netbox_snmp.output + forward_to = [prometheus.remote_write.default.receiver] + job_name = "netbox_snmp" + metrics_path = "/snmp" + proxy_url = "localhost:1000" + no_proxy = "localhost:1001" + proxy_connect_header = { + Authorization = ["something", "something else"], + Host = ["localhost"], + } } prometheus.remote_write "default" { endpoint { - name = "remote1" - url = "http://remote-write-url1" + name = "remote1" + url = "http://remote-write-url1" + proxy_from_environment = true queue_config { } diff --git a/converter/internal/prometheusconvert/testdata/http.yaml b/converter/internal/prometheusconvert/testdata/http.yaml index ca9e954db1b7..8c65dcb8bc95 100644 --- a/converter/internal/prometheusconvert/testdata/http.yaml +++ b/converter/internal/prometheusconvert/testdata/http.yaml @@ -4,6 +4,11 @@ global: scrape_configs: - job_name: netbox_snmp metrics_path: /snmp + proxy_url: "localhost:1000" + no_proxy: "localhost:1001" + proxy_connect_header: + Authorization: ["something", "something else"] + Host: ["localhost"] http_sd_configs: - url: http://netbox:8080/api/plugins/prometheus-sd/devices?status=active&cf_prometheus_job=netbox_snmp refresh_interval: 15s @@ -31,4 +36,5 @@ scrape_configs: remote_write: - name: "remote1" + proxy_from_environment: true url: "http://remote-write-url1" \ No newline at end of file diff --git a/converter/internal/prometheusconvert/testdata/unsupported.diags b/converter/internal/prometheusconvert/testdata/unsupported.diags index 966bd0d1e5bf..287971312628 100644 --- a/converter/internal/prometheusconvert/testdata/unsupported.diags +++ b/converter/internal/prometheusconvert/testdata/unsupported.diags @@ -2,12 +2,10 @@ (Error) The converter does not support converting the provided global query_log_file config. (Error) The converter does not support converting the provided alerting config. (Error) The converter does not support converting the provided rule_files config. -(Error) The converter does not support converting the provided HTTP Client no_proxy config. (Error) The converter does not support converting the provided nomad service discovery. (Error) The converter does not support converting the provided scrape_configs native_histogram_bucket_limit config. (Error) The converter does not support converting the provided scrape_configs keep_dropped_targets config. (Error) The converter does not support converting the provided storage config. (Error) The converter does not support converting the provided tracing config. -(Error) The converter does not support converting the provided HTTP Client proxy_from_environment config. (Error) The converter does not support converting the provided HTTP Client max_version config. (Error) The converter does not support converting the provided remote_read config. \ No newline at end of file diff --git a/converter/internal/prometheusconvert/testdata/unsupported.river b/converter/internal/prometheusconvert/testdata/unsupported.river index a1882ff1eb5a..afa35ea2ea91 100644 --- a/converter/internal/prometheusconvert/testdata/unsupported.river +++ b/converter/internal/prometheusconvert/testdata/unsupported.river @@ -12,7 +12,6 @@ prometheus.scrape "prometheus1" { username = "user" password = "pass" } - proxy_url = "localhost:1000" } prometheus.scrape "prometheus2" { diff --git a/converter/internal/prometheusconvert/testdata/unsupported.yaml b/converter/internal/prometheusconvert/testdata/unsupported.yaml index 5d174c36cb8e..855b241654bf 100644 --- a/converter/internal/prometheusconvert/testdata/unsupported.yaml +++ b/converter/internal/prometheusconvert/testdata/unsupported.yaml @@ -32,8 +32,6 @@ scrape_configs: scrape_timeout: 5s static_configs: - targets: ["localhost:9090"] - proxy_url: "localhost:1000" - no_proxy: "localhost:1001" basic_auth: username: 'user' password: 'pass' @@ -49,7 +47,6 @@ scrape_configs: remote_write: - name: "remote1" url: "http://remote-write-url1" - proxy_from_environment: true tls_config: max_version: TLS13 - name: "remote2" diff --git a/converter/internal/promtailconvert/testdata/kubernetes.diags b/converter/internal/promtailconvert/testdata/kubernetes.diags deleted file mode 100644 index 33784fc0f6a3..000000000000 --- a/converter/internal/promtailconvert/testdata/kubernetes.diags +++ /dev/null @@ -1 +0,0 @@ -(Error) The converter does not support converting the provided HTTP Client proxy_from_environment config. \ No newline at end of file diff --git a/converter/internal/promtailconvert/testdata/kubernetes.river b/converter/internal/promtailconvert/testdata/kubernetes.river index d5444d1716d4..a343f038ab2e 100644 --- a/converter/internal/promtailconvert/testdata/kubernetes.river +++ b/converter/internal/promtailconvert/testdata/kubernetes.river @@ -58,6 +58,7 @@ discovery.kubernetes "fun_5" { tls_config { } } + proxy_from_environment = true } local.file_match "fun" { diff --git a/docs/sources/flow/reference/components/discovery.azure.md b/docs/sources/flow/reference/components/discovery.azure.md index 94b38bbec2a0..4ce108bffae2 100644 --- a/docs/sources/flow/reference/components/discovery.azure.md +++ b/docs/sources/flow/reference/components/discovery.azure.md @@ -26,15 +26,20 @@ discovery.azure "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required -------------------- | ---------- | ---------------------------------------------------------------------- | -------------------- | -------- -`environment` | `string` | Azure environment. | `"AzurePublicCloud"` | no -`port` | `number` | Port to be appended to the `__address__` label for each target. | `80` | no -`subscription_id` | `string` | Azure subscription ID. | | no -`refresh_interval` | `duration` | Interval at which to refresh the list of targets. | `5m` | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +Name | Type | Description | Default | Required +------------------------ | ---------- | ---------------------------------------------------------------------- | -------------------- | -------- +`environment` | `string` | Azure environment. | `"AzurePublicCloud"` | no +`port` | `number` | Port to be appended to the `__address__` label for each target. | `80` | no +`subscription_id` | `string` | Azure subscription ID. | | no +`refresh_interval` | `duration` | Interval at which to refresh the list of targets. | `5m` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no + +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/discovery.consul.md b/docs/sources/flow/reference/components/discovery.consul.md index e45e6a3ec040..918d74878831 100644 --- a/docs/sources/flow/reference/components/discovery.consul.md +++ b/docs/sources/flow/reference/components/discovery.consul.md @@ -27,8 +27,8 @@ discovery.consul "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- `server` | `string` | Host and port of the Consul API. | `localhost:8500` | no `token` | `secret` | Secret token used to access the Consul API. | | no `datacenter` | `string` | Datacenter to query. If not provided, the default is used. | | no @@ -43,19 +43,24 @@ Name | Type | Description | Default | Required `tags` | `list(string)` | An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. | | no `node_meta` | `map(string)` | Node metadata key/value pairs to filter nodes for a given service. | | no `refresh_interval` | `duration` | Frequency to refresh list of containers. | `"30s"` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + [consistency documentation]: https://www.consul.io/api/features/consistency.html [arguments]: #arguments diff --git a/docs/sources/flow/reference/components/discovery.digitalocean.md b/docs/sources/flow/reference/components/discovery.digitalocean.md index a24eabaa0803..945cfdf41089 100644 --- a/docs/sources/flow/reference/components/discovery.digitalocean.md +++ b/docs/sources/flow/reference/components/discovery.digitalocean.md @@ -29,15 +29,18 @@ discovery.digitalocean "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required -------------------- | ---------- | ---------------------------------------------------------------------- | ------- | -------- -`port` | `number` | Port to be appended to the `__address__` label for each Droplet. | `80` | no -`refresh_interval` | `duration` | Frequency to refresh list of Droplets. | `"1m"` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`port` | `number` | Port to be appended to the `__address__` label for each Droplet. | `80` | no +`refresh_interval` | `duration` | Frequency to refresh list of Droplets. | `"1m"` | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no The DigitalOcean API uses bearer tokens for authentication, see more about it in the [DigitalOcean API documentation](https://docs.digitalocean.com/reference/api/api-reference/#section/Authentication). @@ -45,6 +48,8 @@ Exactly one of the [`bearer_token`](#arguments) and [`bearer_token_file`](#argum [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The `discovery.digitalocean` component does not support any blocks, and is configured fully through arguments. diff --git a/docs/sources/flow/reference/components/discovery.docker.md b/docs/sources/flow/reference/components/discovery.docker.md index 5a8518f22873..74cf12895a6d 100644 --- a/docs/sources/flow/reference/components/discovery.docker.md +++ b/docs/sources/flow/reference/components/discovery.docker.md @@ -27,19 +27,22 @@ discovery.docker "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`host` | `string` | Address of the Docker Daemon to connect to. | | yes -`port` | `number` | Port to use for collecting metrics when containers don't have any port mappings. | `80` | no -`host_networking_host` | `string` | Host to use if the container is in host networking mode. | `"localhost"` | no -`refresh_interval` | `duration` | Frequency to refresh list of containers. | `"1m"` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`host` | `string` | Address of the Docker Daemon to connect to. | | yes +`port` | `number` | Port to use for collecting metrics when containers don't have any port mappings. | `80` | no +`host_networking_host` | `string` | Host to use if the container is in host networking mode. | `"localhost"` | no +`refresh_interval` | `duration` | Frequency to refresh list of containers. | `"1m"` | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. @@ -48,6 +51,8 @@ Name | Type | Description | Default | Required [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/discovery.dockerswarm.md b/docs/sources/flow/reference/components/discovery.dockerswarm.md index c1a7f8616cee..612480acd333 100644 --- a/docs/sources/flow/reference/components/discovery.dockerswarm.md +++ b/docs/sources/flow/reference/components/discovery.dockerswarm.md @@ -26,15 +26,31 @@ discovery.dockerswarm "LABEL" { The following arguments are supported: -| Name | Type | Description | Default | Required | -| ------------------ | -------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------- | -------- | -| `host` | `string` | Address of the Docker daemon. | | yes | -| `role` | `string` | Role of the targets to retrieve. Must be `services`, `tasks`, or `nodes`. | | yes | -| `port` | `number` | The port to scrape metrics from, when `role` is nodes, and for discovered tasks and services that don't have published ports. | `80` | no | -| `refresh_interval` | `duration` | Interval at which to refresh the list of targets. | `"60s"` | no | -| `proxy_url` | `string` | HTTP proxy to proxy requests through. | | no | -| `follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no | -| `enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no | +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`host` | `string` | Address of the Docker daemon. | | yes +`role` | `string` | Role of the targets to retrieve. Must be `services`, `tasks`, or `nodes`. | | yes +`port` | `number` | The port to scrape metrics from, when `role` is nodes, and for discovered tasks and services that don't have published ports. | `80` | no +`refresh_interval` | `duration` | Interval at which to refresh the list of targets. | `"60s"` | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: + - [`bearer_token` argument](#arguments). + - [`bearer_token_file` argument](#arguments). + - [`basic_auth` block][basic_auth]. + - [`authorization` block][authorization]. + - [`oauth2` block][oauth2]. + +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + +[arguments]: #arguments ## Blocks diff --git a/docs/sources/flow/reference/components/discovery.ec2.md b/docs/sources/flow/reference/components/discovery.ec2.md index cc7f49259594..5b1f02856618 100644 --- a/docs/sources/flow/reference/components/discovery.ec2.md +++ b/docs/sources/flow/reference/components/discovery.ec2.md @@ -26,29 +26,34 @@ discovery.ec2 "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`endpoint` | `string` | Custom endpoint to be used.| | no -`region` | `string` | The AWS region. If blank, the region from the instance metadata is used. | | no -`access_key` | `string` | The AWS API key ID. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used. | | no -`secret_key` | `string` | The AWS API key secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used. | | no -`profile` | `string` | Named AWS profile used to connect to the API. | | no -`role_arn` | `string` | AWS Role Amazon Resource Name (ARN), an alternative to using AWS API keys. | | no -`refresh_interval` | `string` | Refresh interval to re-read the instance list. | 60s | no -`port` | `int` | The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. | 80 | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`endpoint` | `string` | Custom endpoint to be used. | | no +`region` | `string` | The AWS region. If blank, the region from the instance metadata is used. | | no +`access_key` | `string` | The AWS API key ID. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used. | | no +`secret_key` | `string` | The AWS API key secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used. | | no +`profile` | `string` | Named AWS profile used to connect to the API. | | no +`role_arn` | `string` | AWS Role Amazon Resource Name (ARN), an alternative to using AWS API keys. | | no +`refresh_interval` | `string` | Refresh interval to re-read the instance list. | 60s | no +`port` | `int` | The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. | 80 | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. + {{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/discovery.eureka.md b/docs/sources/flow/reference/components/discovery.eureka.md index 93c76d9d09f8..3ce338012670 100644 --- a/docs/sources/flow/reference/components/discovery.eureka.md +++ b/docs/sources/flow/reference/components/discovery.eureka.md @@ -27,17 +27,20 @@ discovery.eureka "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required -------------------- | ---------- | ---------------------------------------------------------------------- | -------------------- | -------- -`server` | `string` | Eureka server URL. | | yes -`refresh_interval` | `duration` | Interval at which to refresh the list of targets. | `30s` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`server` | `string` | Eureka server URL. | | yes +`refresh_interval` | `duration` | Interval at which to refresh the list of targets. | `30s` | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. @@ -46,6 +49,8 @@ Name | Type | Description [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of `discovery.eureka`: diff --git a/docs/sources/flow/reference/components/discovery.hetzner.md b/docs/sources/flow/reference/components/discovery.hetzner.md index f917f8417a84..4441f674863f 100644 --- a/docs/sources/flow/reference/components/discovery.hetzner.md +++ b/docs/sources/flow/reference/components/discovery.hetzner.md @@ -29,20 +29,23 @@ discovery.hetzner "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`role` | `string` | Hetzner role of entities that should be discovered. | | yes -`port` | `int` | The port to scrape metrics from. | `80` | no -`refresh_interval` | `duration` | The time after which the servers are refreshed. | `"60s"` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`role` | `string` | Hetzner role of entities that should be discovered. | | yes +`port` | `int` | The port to scrape metrics from. | `80` | no +`refresh_interval` | `duration` | The time after which the servers are refreshed. | `"60s"` | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no `role` must be one of `robot` or `hcloud`. - You can provide one of the following arguments for authentication: + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. @@ -51,6 +54,8 @@ Name | Type | Description | Default | Required [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/discovery.http.md b/docs/sources/flow/reference/components/discovery.http.md index 80639fe7077f..29cc18b13251 100644 --- a/docs/sources/flow/reference/components/discovery.http.md +++ b/docs/sources/flow/reference/components/discovery.http.md @@ -90,17 +90,20 @@ discovery.http "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ---------------- | ------------------- | ------------------------------------------------------------------------------------------ |---------| -------- -`url` | string | URL to scrape | | yes -`refresh_interval` | `duration` | How often to refresh targets. | `"60s"` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`url` | `string` | URL to scrape. | | yes +`refresh_interval` | `duration` | How often to refresh targets. | `"60s"` | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. @@ -109,6 +112,8 @@ Name | Type | Description [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/discovery.ionos.md b/docs/sources/flow/reference/components/discovery.ionos.md index 378556ad7886..cb9629e1d4d4 100644 --- a/docs/sources/flow/reference/components/discovery.ionos.md +++ b/docs/sources/flow/reference/components/discovery.ionos.md @@ -27,18 +27,21 @@ discovery.ionos "LABEL" { The following arguments are supported: -| Name | Type | Description | Default | Required | -| ------------------ | ---------- | ------------------------------------------------------------ | ------- | -------- | -| `datacenter_id` | `string` | The unique ID of the data center. | | yes | -| `refresh_interval` | `duration` | The time after which the servers are refreshed. | `60s` | no | -| `port` | `int` | The port to scrape metrics from. | 80 | no | -| `bearer_token` | `secret` | Bearer token to authenticate with. | | no | -| `bearer_token_file`| `string` | File containing a bearer token to authenticate with. | | no | -| `proxy_url` | `string` | HTTP proxy to proxy requests through. | | no | -| `enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no | -| `follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no | - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`datacenter_id` | `string` | The unique ID of the data center. | | yes +`refresh_interval` | `duration` | The time after which the servers are refreshed. | `60s` | no +`port` | `int` | The port to scrape metrics from. | 80 | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. @@ -47,6 +50,8 @@ The following arguments are supported: [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/discovery.kubelet.md b/docs/sources/flow/reference/components/discovery.kubelet.md index bf0e1085dcde..860c672cfde0 100644 --- a/docs/sources/flow/reference/components/discovery.kubelet.md +++ b/docs/sources/flow/reference/components/discovery.kubelet.md @@ -33,18 +33,19 @@ discovery.kubelet "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`url` | `string` | URL of the Kubelet server. | "https://localhost:10250" | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`refresh_interval` | `duration` | How often the Kubelet should be polled for scrape targets | `5s` | no -`namespaces` | `list(string)` | A list of namespaces to extract target pods from | | no - -One of the following authentication methods must be provided if kubelet authentication is enabled - - [`bearer_token` argument](#arguments). - - [`bearer_token_file` argument](#arguments). - - [`authorization` block][authorization]. +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`url` | `string` | URL of the Kubelet server. | "https://localhost:10250" | no +`refresh_interval` | `duration` | How often the Kubelet should be polled for scrape targets | `5s` | no +`namespaces` | `list(string)` | A list of namespaces to extract target pods from | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no The `namespaces` list limits the namespaces to discover resources in. If omitted, all namespaces are searched. @@ -53,6 +54,17 @@ omitted, all namespaces are searched. You can have additional paths in the `url`. For example, if `url` is `https://kubernetes.default.svc.cluster.local:443/api/v1/nodes/cluster-node-1/proxy`, then `discovery.kubelet` sends a request on `https://kubernetes.default.svc.cluster.local:443/api/v1/nodes/cluster-node-1/proxy/pods` + At most, one of the following can be provided: + - [`bearer_token` argument](#arguments). + - [`bearer_token_file` argument](#arguments). + - [`basic_auth` block][basic_auth]. + - [`authorization` block][authorization]. + - [`oauth2` block][oauth2]. + + [arguments]: #arguments + +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of @@ -60,16 +72,33 @@ The following blocks are supported inside the definition of Hierarchy | Block | Description | Required --------- | ----- | ----------- | -------- +basic_auth | [basic_auth][] | Configure basic_auth for authenticating to the endpoint. | no authorization | [authorization][] | Configure generic authorization to the endpoint. | no +oauth2 | [oauth2][] | Configure OAuth2 for authenticating to the endpoint. | no +oauth2 > tls_config | [tls_config][] | Configure TLS settings for connecting to the endpoint. | no tls_config | [tls_config][] | Configure TLS settings for connecting to the endpoint. | no +The `>` symbol indicates deeper levels of nesting. For example, +`oauth2 > tls_config` refers to a `tls_config` block defined inside +an `oauth2` block. + +[basic_auth]: #basic_auth-block [authorization]: #authorization-block +[oauth2]: #oauth2-block [tls_config]: #tls_config-block +### basic_auth block + +{{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} + ### authorization block {{< docs/shared lookup="flow/reference/components/authorization-block.md" source="agent" version="" >}} +### oauth2 block + +{{< docs/shared lookup="flow/reference/components/oauth2-block.md" source="agent" version="" >}} + ### tls_config block {{< docs/shared lookup="flow/reference/components/tls-config-block.md" source="agent" version="" >}} diff --git a/docs/sources/flow/reference/components/discovery.kubernetes.md b/docs/sources/flow/reference/components/discovery.kubernetes.md index 8745ff5ddd7a..65248ab90cdd 100644 --- a/docs/sources/flow/reference/components/discovery.kubernetes.md +++ b/docs/sources/flow/reference/components/discovery.kubernetes.md @@ -31,18 +31,21 @@ discovery.kubernetes "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`api_server` | `string` | URL of Kubernetes API server. | | no -`role` | `string` | Type of Kubernetes resource to query. | | yes -`kubeconfig_file` | `string` | Path of kubeconfig file to use for connecting to Kubernetes. | | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`api_server` | `string` | URL of Kubernetes API server. | | no +`role` | `string` | Type of Kubernetes resource to query. | | yes +`kubeconfig_file` | `string` | Path of kubeconfig file to use for connecting to Kubernetes. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. @@ -51,6 +54,8 @@ Name | Type | Description | Default | Required [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + The `role` argument is required to specify what type of targets to discover. `role` must be one of `node`, `pod`, `service`, `endpoints`, `endpointslice`, or `ingress`. diff --git a/docs/sources/flow/reference/components/discovery.kuma.md b/docs/sources/flow/reference/components/discovery.kuma.md index 8763bc2eb357..42aacb07dc25 100644 --- a/docs/sources/flow/reference/components/discovery.kuma.md +++ b/docs/sources/flow/reference/components/discovery.kuma.md @@ -27,24 +27,29 @@ discovery.kuma "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ------------------- | -------------- | -------------------------------------------------------------- | ------------- | -------- -`server` | `string` | Address of the Kuma Control Plane's MADS xDS server. | | yes -`refresh_interval` | `duration` | The time to wait between polling update requests. | `"30s"` | no -`fetch_timeout` | `duration` | The time after which the monitoring assignments are refreshed. | `"2m"` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - You can provide one of the following arguments for authentication: +Name | Type | Description | Default | Required +------------------------ | ------------------- | -------------------------------------------------------------- | ------- | -------- +`server` | `string` | Address of the Kuma Control Plane's MADS xDS server. | | yes +`refresh_interval` | `duration` | The time to wait between polling update requests. | `"30s"` | no +`fetch_timeout` | `duration` | The time after which the monitoring assignments are refreshed. | `"2m"` | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + The following blocks are supported inside the definition of `discovery.kuma`: diff --git a/docs/sources/flow/reference/components/discovery.lightsail.md b/docs/sources/flow/reference/components/discovery.lightsail.md index 22868c58faeb..3c9f22f26aef 100644 --- a/docs/sources/flow/reference/components/discovery.lightsail.md +++ b/docs/sources/flow/reference/components/discovery.lightsail.md @@ -34,6 +34,63 @@ Name | Type | Description | Default | Required `role_arn` | `string` | AWS Role ARN, an alternative to using AWS API keys. | | no `refresh_interval` | `string` | Refresh interval to re-read the instance list. | 60s | no `port` | `int` | The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. | 80 | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + +At most, one of the following can be provided: + - [`bearer_token` argument](#arguments). + - [`bearer_token_file` argument](#arguments). + - [`basic_auth` block][basic_auth]. + - [`authorization` block][authorization]. + - [`oauth2` block][oauth2]. + + [arguments]: #arguments + +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + +## Blocks + +The following blocks are supported inside the definition of +`discovery.lightsail`: + +Hierarchy | Block | Description | Required +--------- | ----- | ----------- | -------- +basic_auth | [basic_auth][] | Configure basic_auth for authenticating to the endpoint. | no +authorization | [authorization][] | Configure generic authorization to the endpoint. | no +oauth2 | [oauth2][] | Configure OAuth2 for authenticating to the endpoint. | no +oauth2 > tls_config | [tls_config][] | Configure TLS settings for connecting to the endpoint. | no +tls_config | [tls_config][] | Configure TLS settings for connecting to the endpoint. | no + +The `>` symbol indicates deeper levels of nesting. For example, +`oauth2 > tls_config` refers to a `tls_config` block defined inside +an `oauth2` block. + +[basic_auth]: #basic_auth-block +[authorization]: #authorization-block +[oauth2]: #oauth2-block +[tls_config]: #tls_config-block + +### basic_auth block + +{{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} + +### authorization block + +{{< docs/shared lookup="flow/reference/components/authorization-block.md" source="agent" version="" >}} + +### oauth2 block + +{{< docs/shared lookup="flow/reference/components/oauth2-block.md" source="agent" version="" >}} + +### tls_config block + +{{< docs/shared lookup="flow/reference/components/tls-config-block.md" source="agent" version="" >}} ## Exported fields @@ -57,7 +114,6 @@ Each target includes the following labels: * `__meta_lightsail_region`: The region of the instance. * `__meta_lightsail_tag_`: Each tag value of the instance. - ## Component health `discovery.lightsail` is only reported as unhealthy when given an invalid diff --git a/docs/sources/flow/reference/components/discovery.linode.md b/docs/sources/flow/reference/components/discovery.linode.md index 6a5733c9e6cc..a5b2284943f4 100644 --- a/docs/sources/flow/reference/components/discovery.linode.md +++ b/docs/sources/flow/reference/components/discovery.linode.md @@ -28,29 +28,37 @@ The linode APIv4 Token must be created with the scopes: `linodes:read_only`, `ip The following arguments are supported: -Name | Type | Description | Default | Required ------------------- | -------------- | -------------------------------------------------------------- | ------------- | -------- -`refresh_interval` | `duration` | The time to wait between polling update requests. | `"60s"` | no -`port` | `int` | Port that metrics are scraped from. | `80` | no -`tag_separator` | `string` | The string by which Linode Instance tags are joined into the tag label. | `,` | no - -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - You can provide one of the following arguments for authentication: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`refresh_interval` | `duration` | The time to wait between polling update requests. | `"60s"` | no +`port` | `int` | Port that metrics are scraped from. | `80` | no +`tag_separator` | `string` | The string by which Linode Instance tags are joined into the tag label. | `,` | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). + - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + +## Blocks + The following blocks are supported inside the definition of `discovery.linode`: Hierarchy | Block | Description | Required --------- | ----- | ----------- | -------- +basic_auth | [basic_auth][] | Configure basic_auth for authenticating to the endpoint. | no authorization | [authorization][] | Configure generic authorization to the endpoint. | no oauth2 | [oauth2][] | Configure OAuth2 for authenticating to the endpoint. | no oauth2 > tls_config | [tls_config][] | Configure TLS settings for connecting to the endpoint. | no @@ -60,10 +68,15 @@ The `>` symbol indicates deeper levels of nesting. For example, `oauth2 > tls_config` refers to a `tls_config` block defined inside an `oauth2` block. +[basic_auth]: #basic_auth-block [authorization]: #authorization-block [oauth2]: #oauth2-block [tls_config]: #tls_config-block +### basic_auth block + +{{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} + ### authorization block {{< docs/shared lookup="flow/reference/components/authorization-block.md" source="agent" version="" >}} diff --git a/docs/sources/flow/reference/components/discovery.marathon.md b/docs/sources/flow/reference/components/discovery.marathon.md index 43c50ab468de..18c397139f1b 100644 --- a/docs/sources/flow/reference/components/discovery.marathon.md +++ b/docs/sources/flow/reference/components/discovery.marathon.md @@ -25,26 +25,34 @@ discovery.marathon "LABEL" { The following arguments are supported: -| Name | Type | Description | Default | Required | -| ------------------ | -------------- | ------------------------------------------------------------ | ------- | -------- | -| `servers` | `list(string)` | List of Marathon servers. | | yes | -| `refresh_interval` | `duration` | Interval at which to refresh the list of targets. | `"30s"` | no | -| `auth_token` | `secret` | Auth token to authenticate with. | | no | -| `auth_token_file` | `string` | File containing an auth token to authenticate with. | | no | -| `proxy_url` | `string` | HTTP proxy to proxy requests through. | | no | -| `follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no | -| `enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no | - -You can provide one of the following arguments for authentication: - +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`servers` | `list(string)` | List of Marathon servers. | | yes +`refresh_interval` | `duration` | Interval at which to refresh the list of targets. | `"30s"` | no +`auth_token` | `secret` | Auth token to authenticate with. | | no +`auth_token_file` | `string` | File containing an auth token to authenticate with. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`auth_token` argument](#arguments). - [`auth_token_file` argument](#arguments). +- [`bearer_token_file` argument](#arguments). +- [`bearer_token` argument](#arguments). - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/discovery.nomad.md b/docs/sources/flow/reference/components/discovery.nomad.md index 14c51bb6c72f..6bfe87300304 100644 --- a/docs/sources/flow/reference/components/discovery.nomad.md +++ b/docs/sources/flow/reference/components/discovery.nomad.md @@ -24,21 +24,24 @@ discovery.nomad "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`server` | `string` | Address of nomad server. | `http://localhost:4646` | no -`namespace` | `string` | Nomad namespace to use. | `default` | no -`region` | `string` | Nomad region to use. | `global` | no -`allow_stale` | `bool` | Allow reading from non-leader nomad instances. | `true` | no -`tag_separator` | `string` | Seperator to join nomad tags into Prometheus labels. | `,` | no -`refresh_interval` | `duration` | Frequency to refresh list of containers. | `"30s"` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - You can provide one of the following arguments for authentication: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ----------------------- | -------- +`server` | `string` | Address of nomad server. | `http://localhost:4646` | no +`namespace` | `string` | Nomad namespace to use. | `default` | no +`region` | `string` | Nomad region to use. | `global` | no +`allow_stale` | `bool` | Allow reading from non-leader nomad instances. | `true` | no +`tag_separator` | `string` | Seperator to join nomad tags into Prometheus labels. | `,` | no +`refresh_interval` | `duration` | Frequency to refresh list of containers. | `"30s"` | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. @@ -47,6 +50,8 @@ Name | Type | Description | Default | Required [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/discovery.puppetdb.md b/docs/sources/flow/reference/components/discovery.puppetdb.md index c4e984bcd440..89b842da8387 100644 --- a/docs/sources/flow/reference/components/discovery.puppetdb.md +++ b/docs/sources/flow/reference/components/discovery.puppetdb.md @@ -31,20 +31,23 @@ discovery.puppetdb "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`url` | `string` | The URL of the PuppetDB root query endpoint. | | yes -`query` | `string` | Puppet Query Language (PQL) query. Only resources are supported. | | yes -`include_parameters` | `bool` | Whether to include the parameters as meta labels. Due to the differences between parameter types and Prometheus labels, some parameters might not be rendered. The format of the parameters might also change in future releases. Make sure that you don't have secrets exposed as parameters if you enable this. | `false` | no -`port` | `int` | The port to scrape metrics from.. | `80` | no -`refresh_interval` | `duration` | Frequency to refresh targets. | `"30s"` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - You can provide one of the following arguments for authentication: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`url` | `string` | The URL of the PuppetDB root query endpoint. | | yes +`query` | `string` | Puppet Query Language (PQL) query. Only resources are supported. | | yes +`include_parameters` | `bool` | Whether to include the parameters as meta labels. Due to the differences between parameter types and Prometheus labels, some parameters might not be rendered. The format of the parameters might also change in future releases. Make sure that you don't have secrets exposed as parameters if you enable this. | `false` | no +`port` | `int` | The port to scrape metrics from. | `80` | no +`refresh_interval` | `duration` | Frequency to refresh targets. | `"30s"` | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. @@ -53,6 +56,8 @@ Name | Type | Description | Default | Required [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/discovery.scaleway.md b/docs/sources/flow/reference/components/discovery.scaleway.md index f65aa6941346..debf8f2941c5 100644 --- a/docs/sources/flow/reference/components/discovery.scaleway.md +++ b/docs/sources/flow/reference/components/discovery.scaleway.md @@ -43,7 +43,10 @@ Name | Type | Description | Default | Required `tags_filter` | `list(string)` | List of tags to search for. | | no `refresh_interval` | `duration` | Frequency to rediscover targets. | `"60s"` | no `port` | `number` | Default port on servers to associate with generated targets. | `80` | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no `follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no `enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no @@ -58,6 +61,8 @@ discovered servers. `name_filter` returns machines matching a specific name, while `tags_filter` returns machines who contain _all_ the tags listed in the `tags_filter` argument. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/discovery.uyuni.md b/docs/sources/flow/reference/components/discovery.uyuni.md index 25909d8d5217..7621d4b6c4e6 100644 --- a/docs/sources/flow/reference/components/discovery.uyuni.md +++ b/docs/sources/flow/reference/components/discovery.uyuni.md @@ -29,18 +29,22 @@ discovery.uyuni "LABEL" { The following arguments are supported: -Name | Type | Description | Default | Required ---------------------- | ---------- | ---------------------------------------------------------------------- | ------------------------ | -------- -`server` | `string` | The primary Uyuni Server. | | yes -`username` | `string` | The username to use for authentication to the Uyuni API. | | yes -`password` | `Secret` | The password to use for authentication to the Uyuni API. | | yes -`entitlement` | `string` | The entitlement to filter on when listing targets. | `"monitoring_entitled"` | no -`separator` | `string` | The separator to use when building the `__meta_uyuni_groups` label. | `","` | no -`refresh_interval` | `duration` | Interval at which to refresh the list of targets. | `1m` | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------------- | ----------------------- | -------- +`server` | `string` | The primary Uyuni Server. | | yes +`username` | `string` | The username to use for authentication to the Uyuni API. | | yes +`password` | `Secret` | The password to use for authentication to the Uyuni API. | | yes +`entitlement` | `string` | The entitlement to filter on when listing targets. | `"monitoring_entitled"` | no +`separator` | `string` | The separator to use when building the `__meta_uyuni_groups` label. | `","` | no +`refresh_interval` | `duration` | Interval at which to refresh the list of targets. | `1m` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no + +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} ## Blocks The following blocks are supported inside the definition of diff --git a/docs/sources/flow/reference/components/loki.source.kubernetes.md b/docs/sources/flow/reference/components/loki.source.kubernetes.md index a14e305d6d39..1d6c674fb995 100644 --- a/docs/sources/flow/reference/components/loki.source.kubernetes.md +++ b/docs/sources/flow/reference/components/loki.source.kubernetes.md @@ -105,23 +105,28 @@ used. The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`api_server` | `string` | URL of the Kubernetes API server. | | no -`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`api_server` | `string` | URL of the Kubernetes API server. | | no +`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument][client]. - [`bearer_token_file` argument][client]. - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ### basic_auth block {{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} diff --git a/docs/sources/flow/reference/components/loki.source.kubernetes_events.md b/docs/sources/flow/reference/components/loki.source.kubernetes_events.md index 49a9f8b7d824..2bf1be9afe6a 100644 --- a/docs/sources/flow/reference/components/loki.source.kubernetes_events.md +++ b/docs/sources/flow/reference/components/loki.source.kubernetes_events.md @@ -101,23 +101,28 @@ used. The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`api_server` | `string` | URL of the Kubernetes API server. | | no -`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`api_server` | `string` | URL of the Kubernetes API server. | | no +`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument][client]. - [`bearer_token_file` argument][client]. - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ### basic_auth block {{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} diff --git a/docs/sources/flow/reference/components/loki.source.podlogs.md b/docs/sources/flow/reference/components/loki.source.podlogs.md index 2559fd95e055..cc1e0ea0d35c 100644 --- a/docs/sources/flow/reference/components/loki.source.podlogs.md +++ b/docs/sources/flow/reference/components/loki.source.podlogs.md @@ -168,22 +168,28 @@ used. The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`api_server` | `string` | URL of the Kubernetes API server. | | no -`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | ------- | -------- +`api_server` | `string` | URL of the Kubernetes API server. | | no +`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument][client]. - [`bearer_token_file` argument][client]. - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ### basic_auth block {{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} diff --git a/docs/sources/flow/reference/components/loki.write.md b/docs/sources/flow/reference/components/loki.write.md index 946f72c5d324..0ff2d61af4cf 100644 --- a/docs/sources/flow/reference/components/loki.write.md +++ b/docs/sources/flow/reference/components/loki.write.md @@ -71,32 +71,37 @@ The `endpoint` block describes a single location to send logs to. Multiple The following arguments are supported: -Name | Type | Description | Default | Required ---------------------- | ------------- | ------------------------------------- | -------------- | -------- -`url` | `string` | Full URL to send logs to. | | yes -`name` | `string` | Optional name to identify this endpoint with. | | no -`headers` | `map(string)` | Extra headers to deliver with the request. | | no -`batch_wait` | `duration` | Maximum amount of time to wait before sending a batch. | `"1s"` | no -`batch_size` | `string` | Maximum batch size of logs to accumulate before sending. | `"1MiB"` | no -`remote_timeout` | `duration` | Timeout for requests made to the URL. | `"10s"` | no -`tenant_id` | `string` | The tenant ID used by default to push logs. | | no -`min_backoff_period` | `duration` | Initial backoff time between retries. | `"500ms"` | no -`max_backoff_period` | `duration` | Maximum backoff time between retries. | `"5m"` | no -`max_backoff_retries` | `int` | Maximum number of retries. | 10 | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no -`retry_on_http_429` | `bool` | Retry when an HTTP 429 status code is received. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | ------------------------------------------------------------- | --------- | -------- +`url` | `string` | Full URL to send logs to. | | yes +`name` | `string` | Optional name to identify this endpoint with. | | no +`headers` | `map(string)` | Extra headers to deliver with the request. | | no +`batch_wait` | `duration` | Maximum amount of time to wait before sending a batch. | `"1s"` | no +`batch_size` | `string` | Maximum batch size of logs to accumulate before sending. | `"1MiB"` | no +`remote_timeout` | `duration` | Timeout for requests made to the URL. | `"10s"` | no +`tenant_id` | `string` | The tenant ID used by default to push logs. | | no +`min_backoff_period` | `duration` | Initial backoff time between retries. | `"500ms"` | no +`max_backoff_period` | `duration` | Maximum backoff time between retries. | `"5m"` | no +`max_backoff_retries` | `int` | Maximum number of retries. | 10 | no +`retry_on_http_429` | `bool` | Retry when an HTTP 429 status code is received. | `true` | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#endpoint-block). - [`bearer_token_file` argument](#endpoint-block). - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + If no `tenant_id` is provided, the component assumes that the Loki instance at `endpoint` is running in single-tenant mode and no X-Scope-OrgID header is sent. diff --git a/docs/sources/flow/reference/components/mimir.rules.kubernetes.md b/docs/sources/flow/reference/components/mimir.rules.kubernetes.md index fd5639a03bf4..9a8672005b5f 100644 --- a/docs/sources/flow/reference/components/mimir.rules.kubernetes.md +++ b/docs/sources/flow/reference/components/mimir.rules.kubernetes.md @@ -47,21 +47,24 @@ mimir.rules.kubernetes "LABEL" { `mimir.rules.kubernetes` supports the following arguments: -| Name | Type | Description | Default | Required | -| ------------------------ | ---------- | ------------------------------------------------------------------------------- | ------------- | -------- | -| `address` | `string` | URL of the Mimir ruler. | | yes | -| `tenant_id` | `string` | Mimir tenant ID. | | no | -| `use_legacy_routes` | `bool` | Whether to use [deprecated][gem-2_2] ruler API endpoints. | false | no | -| `prometheus_http_prefix` | `string` | Path prefix for [Mimir's Prometheus endpoint][gem-path-prefix]. | `/prometheus` | no | -| `sync_interval` | `duration` | Amount of time between reconciliations with Mimir. | "30s" | no | -| `mimir_namespace_prefix` | `string` | Prefix used to differentiate multiple {{< param "PRODUCT_NAME" >}} deployments. | "agent" | no | -| `bearer_token` | `secret` | Bearer token to authenticate with. | | no | -| `bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no | -| `proxy_url` | `string` | HTTP proxy to proxy requests through. | | no | -| `follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no | -| `enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no | - - At most one of the following can be provided: +Name | Type | Description | Default | Required +------------------------ | ------------------- | --------------------------------------------------------------- | ------------- | -------- +`address` | `string` | URL of the Mimir ruler. | | yes +`tenant_id` | `string` | Mimir tenant ID. | | no +`use_legacy_routes` | `bool` | Whether to use [deprecated][gem-2_2] ruler API endpoints. | false | no +`prometheus_http_prefix` | `string` | Path prefix for [Mimir's Prometheus endpoint][gem-path-prefix]. | `/prometheus` | no +`sync_interval` | `duration` | Amount of time between reconciliations with Mimir. | "30s" | no +`mimir_namespace_prefix` | `string` | Prefix used to differentiate multiple {{< param "PRODUCT_NAME" >}} deployments. | "agent" | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. @@ -70,6 +73,8 @@ mimir.rules.kubernetes "LABEL" { [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + If no `tenant_id` is provided, the component assumes that the Mimir instance at `address` is running in single-tenant mode and no `X-Scope-OrgID` header is sent. diff --git a/docs/sources/flow/reference/components/prometheus.operator.podmonitors.md b/docs/sources/flow/reference/components/prometheus.operator.podmonitors.md index b8ef773567ca..aba8d1d91431 100644 --- a/docs/sources/flow/reference/components/prometheus.operator.podmonitors.md +++ b/docs/sources/flow/reference/components/prometheus.operator.podmonitors.md @@ -83,22 +83,28 @@ used. The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`api_server` | `string` | URL of the Kubernetes API server. | | no -`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +-------------------------|---------------------|---------------------------------------------------------------|---------|--------- +`api_server` | `string` | URL of the Kubernetes API server. | | no +`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument][client]. - [`bearer_token_file` argument][client]. - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ### basic_auth block {{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} diff --git a/docs/sources/flow/reference/components/prometheus.operator.probes.md b/docs/sources/flow/reference/components/prometheus.operator.probes.md index c8fddb96e1dd..0ce21029fce0 100644 --- a/docs/sources/flow/reference/components/prometheus.operator.probes.md +++ b/docs/sources/flow/reference/components/prometheus.operator.probes.md @@ -85,22 +85,28 @@ configuration with the service account of the running {{< param "PRODUCT_ROOT_NA The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`api_server` | `string` | URL of the Kubernetes API server. | | no -`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +-------------------------|---------------------|---------------------------------------------------------------|---------|--------- +`api_server` | `string` | URL of the Kubernetes API server. | | no +`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument][client]. - [`bearer_token_file` argument][client]. - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ### basic_auth block {{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} diff --git a/docs/sources/flow/reference/components/prometheus.operator.servicemonitors.md b/docs/sources/flow/reference/components/prometheus.operator.servicemonitors.md index 29a6414a6339..7ae878d6a85f 100644 --- a/docs/sources/flow/reference/components/prometheus.operator.servicemonitors.md +++ b/docs/sources/flow/reference/components/prometheus.operator.servicemonitors.md @@ -84,22 +84,28 @@ If the `client` block isn't provided, the default in-cluster configuration with The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`api_server` | `string` | URL of the Kubernetes API server. | | no -`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +Name | Type | Description | Default | Required +-------------------------|---------------------|---------------------------------------------------------------|---------|--------- +`api_server` | `string` | URL of the Kubernetes API server. | | no +`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument][client]. - [`bearer_token_file` argument][client]. - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ### basic_auth block {{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} diff --git a/docs/sources/flow/reference/components/prometheus.remote_write.md b/docs/sources/flow/reference/components/prometheus.remote_write.md index 5664cd10aa6e..184433a5216d 100644 --- a/docs/sources/flow/reference/components/prometheus.remote_write.md +++ b/docs/sources/flow/reference/components/prometheus.remote_write.md @@ -96,13 +96,16 @@ Name | Type | Description | Default | Required `headers` | `map(string)` | Extra headers to deliver with the request. | | no `send_exemplars` | `bool` | Whether exemplars should be sent. | `true` | no `send_native_histograms` | `bool` | Whether native histograms should be sent. | `false` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#endpoint-block). - [`bearer_token_file` argument](#endpoint-block). - [`basic_auth` block][basic_auth]. @@ -125,6 +128,8 @@ sent to `prometheus.remote_write` are forwarded to the configured endpoint. If the endpoint doesn't support receiving native histogram samples, pushing metrics fails. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ### basic_auth block {{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} diff --git a/docs/sources/flow/reference/components/prometheus.scrape.md b/docs/sources/flow/reference/components/prometheus.scrape.md index cd204221030d..4cc40b420e74 100644 --- a/docs/sources/flow/reference/components/prometheus.scrape.md +++ b/docs/sources/flow/reference/components/prometheus.scrape.md @@ -64,19 +64,24 @@ Name | Type | Description | Default | Required `label_limit` | `uint` | More than this many labels post metric-relabeling causes the scrape to fail. | | no `label_name_length_limit` | `uint` | More than this label name length post metric-relabeling causes the scrape to fail. | | no `label_value_length_limit` | `uint` | More than this label value length post metric-relabeling causes the scrape to fail. | | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + `track_timestamps_staleness` controls whether Prometheus tracks [staleness][prom-staleness] of metrics which with an explicit timestamp present in scraped data. * An "explicit timestamp" is an optional timestamp in the [Prometheus metrics exposition format][prom-text-exposition-format]. For example, this sample has a timestamp of `1395066363000`: ``` diff --git a/docs/sources/flow/reference/components/pyroscope.scrape.md b/docs/sources/flow/reference/components/pyroscope.scrape.md index 35e7022df482..d045f9ac8940 100644 --- a/docs/sources/flow/reference/components/pyroscope.scrape.md +++ b/docs/sources/flow/reference/components/pyroscope.scrape.md @@ -77,13 +77,16 @@ Name | Type | Description `scrape_interval` | `duration` | How frequently to scrape the targets of this scrape configuration. | `"15s"` | no `scrape_timeout` | `duration` | The timeout for scraping targets of this configuration. Must be larger than `scrape_interval`. | `"18s"` | no `scheme` | `string` | The URL scheme with which to fetch metrics from targets. | `"http"` | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no `bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no `enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no -At most one of the following authentication mechanisms can be provided: + At most, one of the following can be provided: - [`bearer_token` argument](#arguments). - [`bearer_token_file` argument](#arguments). - [`basic_auth` block][basic_auth]. @@ -92,6 +95,8 @@ At most one of the following authentication mechanisms can be provided: [arguments]: #arguments +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + #### `job_name` argument `job_name` defaults to the component's unique identifier. diff --git a/docs/sources/flow/reference/components/pyroscope.write.md b/docs/sources/flow/reference/components/pyroscope.write.md index 3012be03319c..94076a605379 100644 --- a/docs/sources/flow/reference/components/pyroscope.write.md +++ b/docs/sources/flow/reference/components/pyroscope.write.md @@ -74,28 +74,32 @@ The `endpoint` block describes a single location to send profiles to. Multiple The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`url` | `string` | Full URL to send metrics to. | | yes -`name` | `string` | Optional name to identify the endpoint in metrics. | | no -`remote_timeout` | `duration` | Timeout for requests made to the URL. | `"10s"` | no -`headers` | `map(string)` | Extra headers to deliver with the request. | | no -`min_backoff_period` | `duration` | Initial backoff time between retries. | `"500ms"` | no -`max_backoff_period` | `duration` | Maximum backoff time between retries. | `"5m"` | no -`max_backoff_retries` | `int` | Maximum number of retries. 0 to retry infinitely. | 10 | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no - - At most one of the following can be provided: - -- [`bearer_token` argument][endpoint]. -- [`bearer_token_file` argument][endpoint]. -- [`basic_auth` block][basic_auth]. -- [`authorization` block][authorization]. -- [`oauth2` block][oauth2]. +Name | Type | Description | Default | Required +-------------------------|---------------------|---------------------------------------------------------------|-----------|--------- +`url` | `string` | Full URL to send metrics to. | | yes +`name` | `string` | Optional name to identify the endpoint in metrics. | | no +`remote_timeout` | `duration` | Timeout for requests made to the URL. | `"10s"` | no +`headers` | `map(string)` | Extra headers to deliver with the request. | | no +`min_backoff_period` | `duration` | Initial backoff time between retries. | `"500ms"` | no +`max_backoff_period` | `duration` | Maximum backoff time between retries. | `"5m"` | no +`max_backoff_retries` | `int` | Maximum number of retries. 0 to retry infinitely. | 10 | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no + + At most, one of the following can be provided: + - [`bearer_token` argument][endpoint]. + - [`bearer_token_file` argument][endpoint]. + - [`basic_auth` block][basic_auth]. + - [`authorization` block][authorization]. + - [`oauth2` block][oauth2]. + +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} When multiple `endpoint` blocks are provided, profiles are concurrently forwarded to all configured locations. diff --git a/docs/sources/flow/reference/components/remote.kubernetes.configmap.md b/docs/sources/flow/reference/components/remote.kubernetes.configmap.md index 56acc6bbcc4e..adbaf214d2c2 100644 --- a/docs/sources/flow/reference/components/remote.kubernetes.configmap.md +++ b/docs/sources/flow/reference/components/remote.kubernetes.configmap.md @@ -73,14 +73,18 @@ used. The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`api_server` | `string` | URL of the Kubernetes API server. | | no -`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +Name | Type | Description | Default | Required +-------------------------|---------------------|---------------------------------------------------------------|---------|--------- +`api_server` | `string` | URL of the Kubernetes API server. | | no +`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no At most, one of the following can be provided: - [`bearer_token` argument][client]. @@ -89,6 +93,8 @@ Name | Type | Description | Default | Required - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ### basic_auth block {{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} diff --git a/docs/sources/flow/reference/components/remote.kubernetes.secret.md b/docs/sources/flow/reference/components/remote.kubernetes.secret.md index 3fe84fee4ad0..8e5a7cd966ec 100644 --- a/docs/sources/flow/reference/components/remote.kubernetes.secret.md +++ b/docs/sources/flow/reference/components/remote.kubernetes.secret.md @@ -72,14 +72,18 @@ configuration with the service account of the running {{< param "PRODUCT_ROOT_NA The following arguments are supported: -Name | Type | Description | Default | Required ----- | ---- | ----------- | ------- | -------- -`api_server` | `string` | URL of the Kubernetes API server. | | no -`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`proxy_url` | `string` | HTTP proxy to proxy requests through. | | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +Name | Type | Description | Default | Required +-------------------------|---------------------|---------------------------------------------------------------|---------|--------- +`api_server` | `string` | URL of the Kubernetes API server. | | no +`kubeconfig_file` | `string` | Path of the `kubeconfig` file to use for connecting to Kubernetes. | | no +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no At most, one of the following can be provided: - [`bearer_token` argument][client]. @@ -88,6 +92,8 @@ Name | Type | Description | Default | Required - [`authorization` block][authorization]. - [`oauth2` block][oauth2]. +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} + ### basic_auth block {{< docs/shared lookup="flow/reference/components/basic-auth-block.md" source="agent" version="" >}} diff --git a/docs/sources/shared/flow/reference/components/http-client-config-block.md b/docs/sources/shared/flow/reference/components/http-client-config-block.md index 04a680c51a21..a115d031b209 100644 --- a/docs/sources/shared/flow/reference/components/http-client-config-block.md +++ b/docs/sources/shared/flow/reference/components/http-client-config-block.md @@ -10,12 +10,17 @@ description: Shared content, http client config block headless: true --- -Name | Type | Description | Default | Required ---------------------|----------|--------------------------------------------------------------|---------|--------- -`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no -`bearer_token` | `secret` | Bearer token to authenticate with. | | no -`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no -`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no -`proxy_url` | `string` | HTTP proxy to send requests through. | | no +Name | Type | Description | Default | Required +-------------------------|---------------------|---------------------------------------------------------------|---------|--------- +`bearer_token_file` | `string` | File containing a bearer token to authenticate with. | | no +`bearer_token` | `secret` | Bearer token to authenticate with. | | no +`enable_http2` | `bool` | Whether HTTP2 is supported for requests. | `true` | no +`follow_redirects` | `bool` | Whether redirects returned by the server should be followed. | `true` | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no `bearer_token`, `bearer_token_file`, `basic_auth`, `authorization`, and `oauth2` are mutually exclusive, and only one can be provided inside of a `http_client_config` block. + +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} \ No newline at end of file diff --git a/docs/sources/shared/flow/reference/components/http-client-proxy-config-description.md b/docs/sources/shared/flow/reference/components/http-client-proxy-config-description.md new file mode 100644 index 000000000000..700b0dd2cc63 --- /dev/null +++ b/docs/sources/shared/flow/reference/components/http-client-proxy-config-description.md @@ -0,0 +1,23 @@ +--- +aliases: +- /docs/agent/shared/flow/reference/components/http-client-proxy-config-description-args/ +- /docs/grafana-cloud/agent/shared/flow/reference/components/http-client-proxy-config-description-args/ +- /docs/grafana-cloud/monitor-infrastructure/agent/shared/flow/reference/components/http-client-proxy-config-description-args/ +- /docs/grafana-cloud/monitor-infrastructure/integrations/agent/shared/flow/reference/components/http-client-proxy-config-description-args/ +- /docs/grafana-cloud/send-data/agent/shared/flow/reference/components/http-client-proxy-config-description-args/ +canonical: https://grafana.com/docs/agent/latest/shared/flow/reference/components/http-client-proxy-config-description-args/ +description: Shared content, http client config description +headless: true +--- + +`no_proxy` can contain IPs, CIDR notations, and domain names. IP and domain +names can contain port numbers. `proxy_url` must be configured if `no_proxy` +is configured. + +`proxy_from_environment` uses the environment variables HTTP_PROXY, HTTPS_PROXY +and NO_PROXY (or the lowercase versions thereof). Requests use the proxy from +the environment variable matching their scheme, unless excluded by NO_PROXY. +`proxy_url` and `no_proxy` must not be configured if `proxy_from_environment` +is configured. + +`proxy_connect_header` should only be configured if `proxy_url` or `proxy_from_environment` are configured. \ No newline at end of file diff --git a/docs/sources/shared/flow/reference/components/oauth2-block.md b/docs/sources/shared/flow/reference/components/oauth2-block.md index 93c2b87ba4df..bba91c84a7ab 100644 --- a/docs/sources/shared/flow/reference/components/oauth2-block.md +++ b/docs/sources/shared/flow/reference/components/oauth2-block.md @@ -10,16 +10,21 @@ description: Shared content, oauth2 block headless: true --- -Name | Type | Description | Default | Required ----------------------|----------------|-------------------------------------------------|---------|--------- -`client_id` | `string` | OAuth2 client ID. | | no -`client_secret_file` | `string` | File containing the OAuth2 client secret. | | no -`client_secret` | `secret` | OAuth2 client secret. | | no -`endpoint_params` | `map(string)` | Optional parameters to append to the token URL. | | no -`proxy_url` | `string` | Optional proxy URL for OAuth2 requests. | | no -`scopes` | `list(string)` | List of scopes to authenticate with. | | no -`token_url` | `string` | URL to fetch the token from. | | no +Name | Type | Description | Default | Required +-------------------------|---------------------|---------------------------------------------------------------|---------|--------- +`client_id` | `string` | OAuth2 client ID. | | no +`client_secret_file` | `string` | File containing the OAuth2 client secret. | | no +`client_secret` | `secret` | OAuth2 client secret. | | no +`endpoint_params` | `map(string)` | Optional parameters to append to the token URL. | | no +`proxy_url` | `string` | HTTP proxy to send requests through. | | no +`no_proxy` | `string` | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. | | no +`proxy_from_environment` | `bool` | Use the proxy URL indicated by environment variables. | `false` | no +`proxy_connect_header` | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests. | | no +`scopes` | `list(string)` | List of scopes to authenticate with. | | no +`token_url` | `string` | URL to fetch the token from. | | no `client_secret` and `client_secret_file` are mutually exclusive, and only one can be provided inside an `oauth2` block. The `oauth2` block may also contain a separate `tls_config` sub-block. + +{{< docs/shared lookup="flow/reference/components/http-client-proxy-config-description.md" source="agent" version="" >}} \ No newline at end of file