prometheus/discovery/scaleway/scaleway.go
Julien Pivotto 5a6d244b00 Scaleway SD: Add the ability to read token from file
Prometheus adds the ability to read secrets from files. This add
this feature for the scaleway service discovery.

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
2021-03-25 00:52:33 +01:00

246 lines
6.9 KiB
Go

// Copyright 2021 The Prometheus Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package scaleway
import (
"context"
"io/ioutil"
"net/http"
"strings"
"time"
"github.com/go-kit/kit/log"
"github.com/pkg/errors"
"github.com/prometheus/common/config"
"github.com/prometheus/common/model"
"github.com/prometheus/prometheus/discovery"
"github.com/prometheus/prometheus/discovery/refresh"
"github.com/prometheus/prometheus/discovery/targetgroup"
"github.com/scaleway/scaleway-sdk-go/scw"
)
// metaLabelPrefix is the meta prefix used for all meta labels.
// in this discovery.
const (
metaLabelPrefix = model.MetaLabelPrefix + "scaleway_"
separator = ","
)
// role is the role of the target within the Scaleway Ecosystem.
type role string
// The valid options for role.
const (
// Scaleway Elements Baremetal
// https://www.scaleway.com/en/bare-metal-servers/
roleBaremetal role = "baremetal"
// Scaleway Elements Instance
// https://www.scaleway.com/en/virtual-instances/
roleInstance role = "instance"
)
// UnmarshalYAML implements the yaml.Unmarshaler interface.
func (c *role) UnmarshalYAML(unmarshal func(interface{}) error) error {
if err := unmarshal((*string)(c)); err != nil {
return err
}
switch *c {
case roleInstance, roleBaremetal:
return nil
default:
return errors.Errorf("unknown role %q", *c)
}
}
// DefaultSDConfig is the default Scaleway Service Discovery configuration.
var DefaultSDConfig = SDConfig{
Port: 80,
RefreshInterval: model.Duration(60 * time.Second),
HTTPClientConfig: config.DefaultHTTPClientConfig,
Zone: scw.ZoneFrPar1.String(),
APIURL: "https://api.scaleway.com",
}
type SDConfig struct {
// Project: The Scaleway Project ID used to filter discovery on.
Project string `yaml:"project_id"`
// APIURL: URL of the Scaleway API to use.
APIURL string `yaml:"api_url,omitempty"`
// Zone: The zone of the scrape targets.
// If you need to configure multiple zones use multiple scaleway_sd_configs
Zone string `yaml:"zone"`
// AccessKey used to authenticate on Scaleway APIs.
AccessKey string `yaml:"access_key"`
// SecretKey used to authenticate on Scaleway APIs.
SecretKey config.Secret `yaml:"secret_key"`
// SecretKey used to authenticate on Scaleway APIs.
SecretKeyFile string `yaml:"secret_key_file"`
// NameFilter to filter on during the ListServers.
NameFilter string `yaml:"name_filter,omitempty"`
// TagsFilter to filter on during the ListServers.
TagsFilter []string `yaml:"tags_filter,omitempty"`
HTTPClientConfig config.HTTPClientConfig `yaml:",inline"`
RefreshInterval model.Duration `yaml:"refresh_interval"`
Port int `yaml:"port"`
// Role can be either instance or baremetal
Role role `yaml:"role"`
}
func (c SDConfig) Name() string {
return "scaleway"
}
// secretKeyForConfig returns a secret key that looks like a UUID, even if we
// take the actuel secret from a file.
func (c SDConfig) secretKeyForConfig() string {
if c.SecretKeyFile != "" {
return "00000000-0000-0000-0000-000000000000"
}
return string(c.SecretKey)
}
// UnmarshalYAML implements the yaml.Unmarshaler interface.
func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
*c = DefaultSDConfig
type plain SDConfig
err := unmarshal((*plain)(c))
if err != nil {
return err
}
if c.Role == "" {
return errors.New("role missing (one of: instance, baremetal)")
}
if c.Project == "" {
return errors.New("project_id is mandatory")
}
if c.SecretKey == "" && c.SecretKeyFile == "" {
return errors.New("one of secret_key & secret_key_file must be configured")
}
if c.SecretKey != "" && c.SecretKeyFile != "" {
return errors.New("at most one of secret_key & secret_key_file must be configured")
}
if c.AccessKey == "" {
return errors.New("access_key is mandatory")
}
profile, err := loadProfile(c)
if err != nil {
return err
}
_, err = scw.NewClient(
scw.WithProfile(profile),
)
if err != nil {
return err
}
return c.HTTPClientConfig.Validate()
}
func (c SDConfig) NewDiscoverer(options discovery.DiscovererOptions) (discovery.Discoverer, error) {
return NewDiscovery(&c, options.Logger)
}
// SetDirectory joins any relative file paths with dir.
func (c *SDConfig) SetDirectory(dir string) {
c.SecretKeyFile = config.JoinDir(dir, c.SecretKeyFile)
c.HTTPClientConfig.SetDirectory(dir)
}
func init() {
discovery.RegisterConfig(&SDConfig{})
}
// Discovery periodically performs Scaleway requests. It implements
// the Discoverer interface.
type Discovery struct {
}
func NewDiscovery(conf *SDConfig, logger log.Logger) (*refresh.Discovery, error) {
r, err := newRefresher(conf)
if err != nil {
return nil, err
}
return refresh.NewDiscovery(
logger,
"scaleway",
time.Duration(conf.RefreshInterval),
r.refresh,
), nil
}
type refresher interface {
refresh(context.Context) ([]*targetgroup.Group, error)
}
func newRefresher(conf *SDConfig) (refresher, error) {
switch conf.Role {
case roleBaremetal:
return newBaremetalDiscovery(conf)
case roleInstance:
return newInstanceDiscovery(conf)
}
return nil, errors.New("unknown Scaleway discovery role")
}
func loadProfile(sdConfig *SDConfig) (*scw.Profile, error) {
// Profile coming from Prometheus Configuration file
prometheusConfigProfile := &scw.Profile{
DefaultZone: scw.StringPtr(sdConfig.Zone),
APIURL: scw.StringPtr(sdConfig.APIURL),
SecretKey: scw.StringPtr(sdConfig.secretKeyForConfig()),
AccessKey: scw.StringPtr(sdConfig.AccessKey),
DefaultProjectID: scw.StringPtr(sdConfig.Project),
SendTelemetry: scw.BoolPtr(false),
}
return prometheusConfigProfile, nil
}
type authTokenFileRoundTripper struct {
authTokenFile string
rt http.RoundTripper
}
// newAuthTokenFileRoundTripper adds the auth token read from the file to a request.
func newAuthTokenFileRoundTripper(tokenFile string, rt http.RoundTripper) (http.RoundTripper, error) {
// fail-fast if we can't read the file.
_, err := ioutil.ReadFile(tokenFile)
if err != nil {
return nil, errors.Wrapf(err, "unable to read auth token file %s", tokenFile)
}
return &authTokenFileRoundTripper{tokenFile, rt}, nil
}
func (rt *authTokenFileRoundTripper) RoundTrip(request *http.Request) (*http.Response, error) {
b, err := ioutil.ReadFile(rt.authTokenFile)
if err != nil {
return nil, errors.Wrapf(err, "unable to read auth token file %s", rt.authTokenFile)
}
authToken := strings.TrimSpace(string(b))
request.Header.Set("X-Auth-Token", authToken)
return rt.rt.RoundTrip(request)
}