Skip to content

Commit

Permalink
Add secret provider interface under feature flag
Browse files Browse the repository at this point in the history
  • Loading branch information
@TheSpiritXIII
TheSpiritXIII committed Apr 18, 2024
1 parent 1bab595 commit 8718dbb
Show file tree
Hide file tree
Showing 16 changed files with 3,438 additions and 51 deletions.
34 changes: 34 additions & 0 deletions cmd/prometheus/main.go
View file
Expand Up @@ -43,6 +43,7 @@ import (
"github.com/oklog/run"
"github.com/prometheus/client_golang/prometheus"
versioncollector "github.com/prometheus/client_golang/prometheus/collectors/version"
common_config "github.com/prometheus/common/config"
"github.com/prometheus/common/model"
"github.com/prometheus/common/promlog"
promlogflag "github.com/prometheus/common/promlog/flag"
Expand All @@ -68,6 +69,7 @@ import (
"github.com/prometheus/prometheus/promql/parser"
"github.com/prometheus/prometheus/rules"
"github.com/prometheus/prometheus/scrape"
"github.com/prometheus/prometheus/secrets"
"github.com/prometheus/prometheus/storage"
"github.com/prometheus/prometheus/storage/remote"
"github.com/prometheus/prometheus/tracing"
Expand Down Expand Up @@ -160,6 +162,7 @@ type flagConfig struct {
enableAutoGOMAXPROCS bool
enableAutoGOMEMLIMIT bool
enableConcurrentRuleEval bool
enableSecretProviders bool

prometheusURL string
corsRegexString string
Expand Down Expand Up @@ -227,6 +230,9 @@ func (c *flagConfig) setFeatureListOptions(logger log.Logger) error {
config.DefaultConfig.GlobalConfig.ScrapeProtocols = config.DefaultProtoFirstScrapeProtocols
config.DefaultGlobalConfig.ScrapeProtocols = config.DefaultProtoFirstScrapeProtocols
level.Info(logger).Log("msg", "Experimental created timestamp zero ingestion enabled. Changed default scrape_protocols to prefer PrometheusProto format.", "global.scrape_protocols", fmt.Sprintf("%v", config.DefaultGlobalConfig.ScrapeProtocols))
case "secret-providers":
c.enableSecretProviders = true
level.Info(logger).Log("msg", "Experimental secret providers enabled")
case "":
continue
case "promql-at-modifier", "promql-negative-offset":
Expand Down Expand Up @@ -635,6 +641,8 @@ func main() {
ctxWeb, cancelWeb = context.WithCancel(context.Background())
ctxRule = context.Background()

ctxSecrets = context.Background()

notifierManager = notifier.NewManager(&cfg.notifier, log.With(logger, "component", "notifier"))

ctxScrape, cancelScrape = context.WithCancel(context.Background())
Expand Down Expand Up @@ -698,6 +706,21 @@ func main() {
}
}

var secretManager *secrets.Manager
if cfg.enableSecretProviders {
manager := secrets.NewManager(
ctxSecrets,
secrets.ProviderOptions{
Logger: log.With(logger, "component", "secret manager"),
},
prometheus.DefaultRegisterer,
)
secretManager = &manager
defer secretManager.Close()
}

cfg.scrape.HTTPClientOptions = append(cfg.scrape.HTTPClientOptions, common_config.WithSecretManager(secretManager))

scrapeManager, err := scrape.NewManager(
&cfg.scrape,
log.With(logger, "component", "scrape manager"),
Expand Down Expand Up @@ -871,6 +894,17 @@ func main() {
}
return discoveryManagerScrape.ApplyConfig(c)
},
}, {
name: "secret",
reloader: func(cfg *config.Config) error {
if secretManager == nil {
if cfg.SecretProviders != nil && len(*cfg.SecretProviders) > 0 {
return errors.New("secret providers are disabled")
}
return nil
}
return secretManager.ApplyConfig(*cfg.SecretProviders)
},
}, {
name: "notify",
reloader: notifierManager.ApplyConfig,
Expand Down
16 changes: 9 additions & 7 deletions config/config.go
View file
Expand Up @@ -35,6 +35,7 @@ import (
"github.com/prometheus/prometheus/discovery"
"github.com/prometheus/prometheus/model/labels"
"github.com/prometheus/prometheus/model/relabel"
"github.com/prometheus/prometheus/secrets"
"github.com/prometheus/prometheus/storage/remote/azuread"
)

Expand Down Expand Up @@ -223,13 +224,14 @@ var (

// Config is the top-level configuration for Prometheus's config files.
type Config struct {
GlobalConfig GlobalConfig `yaml:"global"`
AlertingConfig AlertingConfig `yaml:"alerting,omitempty"`
RuleFiles []string `yaml:"rule_files,omitempty"`
ScrapeConfigFiles []string `yaml:"scrape_config_files,omitempty"`
ScrapeConfigs []*ScrapeConfig `yaml:"scrape_configs,omitempty"`
StorageConfig StorageConfig `yaml:"storage,omitempty"`
TracingConfig TracingConfig `yaml:"tracing,omitempty"`
GlobalConfig GlobalConfig `yaml:"global"`
AlertingConfig AlertingConfig `yaml:"alerting,omitempty"`
RuleFiles []string `yaml:"rule_files,omitempty"`
ScrapeConfigFiles []string `yaml:"scrape_config_files,omitempty"`
ScrapeConfigs []*ScrapeConfig `yaml:"scrape_configs,omitempty"`
StorageConfig StorageConfig `yaml:"storage,omitempty"`
TracingConfig TracingConfig `yaml:"tracing,omitempty"`
SecretProviders *secrets.Configs `yaml:"secrets,omitempty"`

RemoteWriteConfigs []*RemoteWriteConfig `yaml:"remote_write,omitempty"`
RemoteReadConfigs []*RemoteReadConfig `yaml:"remote_read,omitempty"`
Expand Down
57 changes: 57 additions & 0 deletions config/config_test.go
View file
Expand Up @@ -1998,6 +1998,10 @@ var expectedErrors = []struct {
filename: "scrape_config_files_scrape_protocols2.bad.yml",
errMsg: `parsing YAML file testdata/scrape_config_files_scrape_protocols2.bad.yml: duplicated protocol in scrape_protocols, got [OpenMetricsText1.0.0 PrometheusProto OpenMetricsText1.0.0] for scrape config with job name "node"`,
},
{
filename: "secret_provider.bad.missing_provider_config.yml",
errMsg: "expected secret provider but found none",
},
}

func TestBadConfigs(t *testing.T) {
Expand Down Expand Up @@ -2261,3 +2265,56 @@ func TestScrapeConfigDisableCompression(t *testing.T) {

require.False(t, got.ScrapeConfigs[0].EnableCompression)
}

// // TODO: This test really belongs elsewhere.
// func TestSecretProvidersInline(t *testing.T) {
// actual, err := LoadFile("testdata/secret_providers_inline.good.yml", false, false, log.NewNopLogger())
// require.NoError(t, err)

// exp := Config{
// SecretProviders: secrets.Configs{
// {
// Type: "inline",
// Secrets: []secrets.SecretConfig[any]{
// {
// Name: "s1",
// Config: inline.SecretConfig{
// Data: "abc",
// },
// },
// {
// Name: "s2",
// Config: inline.SecretConfig{
// Data: "xyz",
// },
// },
// },
// },
// },
// }
// require.Equal(t, exp, actual)
// }

// func TestSecretProviders(t *testing.T) {
// validBinarySecret := &corev1.Secret{
// ObjectMeta: metav1.ObjectMeta{
// Namespace: "ns1",
// Name: "s1",
// },
// Data: map[string][]byte{
// "k1": []byte("Hello world!"),
// "k2": []byte("Foo"),
// },
// }
// validTextSecret := &corev1.Secret{
// ObjectMeta: metav1.ObjectMeta{
// Namespace: "ns2",
// Name: "s1",
// },
// StringData: map[string]string{
// "k1": "Bar",
// },
// }
// fake.NewSimpleClientset(validBinarySecret, validTextSecret)
// // TODO: Insert client into secret provider.
// }
2 changes: 2 additions & 0 deletions config/testdata/secret_provider.bad.missing_provider_config.yml
View file
@@ -0,0 +1,2 @@
secrets:
- name: abc
1 change: 1 addition & 0 deletions go.mod
View file
Expand Up @@ -202,6 +202,7 @@ require (
)

replace (
github.com/prometheus/common => github.com/TheSpiritXIII/prometheus-common v0.50.0-gmp.0
k8s.io/klog => github.com/simonpasquier/klog-gokit v0.3.0
k8s.io/klog/v2 => github.com/simonpasquier/klog-gokit/v3 v3.3.0
)
Expand Down

0 comments on commit 8718dbb

Please sign in to comment.