Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(exporter/elasticsearch): add Basic Auth support #5814

Merged
merged 12 commits into from
Jan 2, 2024

Conversation

hainenber
Copy link
Contributor

@hainenber hainenber commented Nov 20, 2023

PR Description

Which issue(s) this PR fixes

Fixes #5740

Notes to the Reviewer

List of AIs need to be done before out of draft:

  • Test with local ES cluster
  • Add documentation

PR Checklist

  • CHANGELOG.md updated
  • Documentation added
  • Tests updated
  • Config converters updated

@hainenber
Copy link
Contributor Author

hainenber commented Nov 21, 2023

Test results

[Before] Unauthorized request when trying to reach secure ES cluster without Basic-Auth block.

  • Config
prometheus.exporter.elasticsearch "LABEL" {
    address = "https://localhost:9200"
    ca = "/Users/hainenber/Projects/labs/http_ca.crt"
}
  • Agent logs
ts=2023-11-21T16:20:21.904464Z level=info msg="triggering initial cluster info call" component=prometheus.exporter.elasticsearch.LABEL
ts=2023-11-21T16:20:21.90448Z level=info msg="now listening for http traffic" service=http addr=127.0.0.1:12345
ts=2023-11-21T16:20:21.904495Z level=info msg="providing consumers with updated cluster info label" component=prometheus.exporter.elasticsearch.LABEL
ts=2023-11-21T16:20:21.943395Z level=error msg="failed to retrieve cluster info from ES" component=prometheus.exporter.elasticsearch.LABEL err="HTTP Request failed with code 401"
ts=2023-11-21T16:20:31.904826Z level=info msg="initial cluster info call timed out" component=prometheus.exporter.elasticsearch.LABEL

[After] Authorized request when trying to reach secure ES cluster with Basic-Auth block.

  • Config
prometheus.exporter.elasticsearch "LABEL" {
    address = "https://localhost:9200"
    ca = "/Users/hainenber/Projects/labs/http_ca.crt"
    basic_auth {
        username = "elastic"
        password = env("ELASTIC_PASSWORD")
    }
}
  • Agent logs
ts=2023-11-21T16:25:39.898612Z level=info msg="scheduling loaded components and services"
ts=2023-11-21T16:25:39.899237Z level=info msg="starting cluster node" peers="" advertise_addr=127.0.0.1:12345
ts=2023-11-21T16:25:39.899895Z level=info msg="peers changed" new_peers=hainenber.local
ts=2023-11-21T16:25:39.899912Z level=info msg="triggering initial cluster info call" component=prometheus.exporter.elasticsearch.LABEL
ts=2023-11-21T16:25:39.899938Z level=info msg="providing consumers with updated cluster info label" component=prometheus.exporter.elasticsearch.LABEL
ts=2023-11-21T16:25:39.900179Z level=info msg="now listening for http traffic" service=http addr=127.0.0.1:12345
ts=2023-11-21T16:25:39.941752Z level=info msg="started cluster info retriever" component=prometheus.exporter.elasticsearch.LABEL interval=5m0s

@hainenber hainenber marked this pull request as ready for review November 21, 2023 16:35
@clayton-cornell clayton-cornell added the type/docs Docs Squad label across all Grafana Labs repos label Nov 21, 2023
@clayton-cornell clayton-cornell requested a review from a team November 21, 2023 17:34
@clayton-cornell
Copy link
Contributor

@grafana/grafana-agent-maintainers This needs your review as well.

@rfratto
Copy link
Member

rfratto commented Nov 23, 2023

Thanks @hainenber!

@thepalbi Can you take a look at this once, since the exporter integration was originally contributed by you?

@rfratto rfratto requested a review from thepalbi November 23, 2023 15:35
@rfratto rfratto assigned rfratto and thepalbi and unassigned thepalbi Nov 23, 2023
@@ -66,6 +70,21 @@ type Config struct {
ExportDataStreams bool `yaml:"data_stream,omitempty"`
// Export stats for Snapshot Lifecycle Management
ExportSLM bool `yaml:"slm,omitempty"`
// BasicAuth block allows secure connection with Elasticsearch cluster via Basic-Auth
BasicAuth *commoncfg.BasicAuth `yaml:"basic_auth,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given that this also touches the integration implementation itself, we should also update the static configs doc https://grafana.com/docs/agent/latest/static/configuration/integrations/elasticsearch-exporter-config/

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, I think we should use in here the prometheus BasicAuth type, which is yaml serializable, in contrast with the river definition of it. If not, someone trying to use this feature in a static config agent won't be able to.

See that the river BasicAuth type has a Convert method that translates it to the prometheus type in here.

@rfratto wdyt?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi there, thanks for the review! Makes sense to continue supporting the static config :D. I've made amends in latest commit. PTAL if you have time.

@hainenber hainenber requested a review from a team as a code owner November 25, 2023 08:06
@hainenber hainenber force-pushed the basic-auth-for-elasticsearch-exporter branch from 1151711 to 67b236f Compare November 25, 2023 08:12
@hainenber hainenber force-pushed the basic-auth-for-elasticsearch-exporter branch from 67b236f to 520608d Compare November 25, 2023 08:15
Signed-off-by: hainenber <[email protected]>
@erikbaranowski
Copy link
Contributor

erikbaranowski commented Dec 15, 2023

Can we also add a mapping from static to flow for this new property in the converter code?

func toElasticsearchExporter(config *elasticsearch_exporter.Config) *elasticsearch.Arguments {

This can be optionally validated in the testing in converter/internal/staticconvert/testdata/integrations.*

@erikbaranowski erikbaranowski self-assigned this Dec 15, 2023
@hainenber
Copy link
Contributor Author

Can we also add a mapping from static to flow for this new property in the converter code?

func toElasticsearchExporter(config *elasticsearch_exporter.Config) *elasticsearch.Arguments {

This can be optionally validated in the testing in converter/internal/staticconvert/testdata/integrations.*

Done :D

@tpaschalis
Copy link
Member

cc @thepalbi in case he can take a final look here.

@tpaschalis tpaschalis requested a review from thepalbi December 18, 2023 11:16
}

// Custom http.Transport struct for Basic Auth-secured communication with ES cluster
type BasicAuthHTTPTransport struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: can we rename this to AuthenticatedHTTPTransport or sth like this, since it just takes a generic header value?

Copy link
Contributor

@thepalbi thepalbi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just left a small nit

Signed-off-by: erikbaranowski <[email protected]>
@rfratto
Copy link
Member

rfratto commented Jan 2, 2024

Merging since there's two approvals and no further commits in two weeks. Thanks @hainenber!

@rfratto rfratto merged commit 6ef7b8b into grafana:main Jan 2, 2024
10 checks passed
@hainenber hainenber deleted the basic-auth-for-elasticsearch-exporter branch January 2, 2024 16:43
hainenber added a commit to hainenber/agent that referenced this pull request Jan 6, 2024
* feat(exporter/elasticsearch): add Basic Auth support

Signed-off-by: hainenber <[email protected]>

* misc: fix changelog entry (grafana#5812)

PR grafana#5802 accidentally added the changelog entry to a published release.

* fix(exporter/elasticsearch): only add Auth header when needed

Signed-off-by: hainenber <[email protected]>

* doc(exporter/elasticsearch): add Basic Auth block desc

Signed-off-by: hainenber <[email protected]>

* feat(exporter/elasticsearch): add Basic Auth support

Signed-off-by: hainenber <[email protected]>

* feat(exporter/elasticsearch): support Basic Auth for static config

Signed-off-by: hainenber <[email protected]>

* chore(CHANGELOG): remove merge conflict artifact

Signed-off-by: hainenber <[email protected]>

* misc: fix changelog entry

Signed-off-by: hainenber <[email protected]>

* feat(converter): map ES exporter's BasicAuth flow from static to flow

Signed-off-by: hainenber <[email protected]>

* fix(converter): nil check for ES exporter's Basic Auth

Signed-off-by: hainenber <[email protected]>

* lint

Signed-off-by: erikbaranowski <[email protected]>

---------

Signed-off-by: hainenber <[email protected]>
Signed-off-by: erikbaranowski <[email protected]>
Co-authored-by: Robert Fratto <[email protected]>
Co-authored-by: erikbaranowski <[email protected]>
BarunKGP pushed a commit to BarunKGP/grafana-agent that referenced this pull request Feb 20, 2024
* feat(exporter/elasticsearch): add Basic Auth support

Signed-off-by: hainenber <[email protected]>

* misc: fix changelog entry (grafana#5812)

PR grafana#5802 accidentally added the changelog entry to a published release.

* fix(exporter/elasticsearch): only add Auth header when needed

Signed-off-by: hainenber <[email protected]>

* doc(exporter/elasticsearch): add Basic Auth block desc

Signed-off-by: hainenber <[email protected]>

* feat(exporter/elasticsearch): add Basic Auth support

Signed-off-by: hainenber <[email protected]>

* feat(exporter/elasticsearch): support Basic Auth for static config

Signed-off-by: hainenber <[email protected]>

* chore(CHANGELOG): remove merge conflict artifact

Signed-off-by: hainenber <[email protected]>

* misc: fix changelog entry

Signed-off-by: hainenber <[email protected]>

* feat(converter): map ES exporter's BasicAuth flow from static to flow

Signed-off-by: hainenber <[email protected]>

* fix(converter): nil check for ES exporter's Basic Auth

Signed-off-by: hainenber <[email protected]>

* lint

Signed-off-by: erikbaranowski <[email protected]>

---------

Signed-off-by: hainenber <[email protected]>
Signed-off-by: erikbaranowski <[email protected]>
Co-authored-by: Robert Fratto <[email protected]>
Co-authored-by: erikbaranowski <[email protected]>
@github-actions github-actions bot added the frozen-due-to-age Locked due to a period of inactivity. Please open new issues or PRs if more discussion is needed. label Feb 21, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
frozen-due-to-age Locked due to a period of inactivity. Please open new issues or PRs if more discussion is needed. type/docs Docs Squad label across all Grafana Labs repos
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support for basic_auth block for the prometheus.exporter.elasticsearch component
6 participants