Skip to content

Commit

Permalink
adds OAuth2 config fore remoteWrites (#312)
Browse files Browse the repository at this point in the history
  • Loading branch information
@f41gh7
f41gh7 committed Aug 24, 2021
1 parent f26ab21 commit eb59f5b
Show file tree
Hide file tree
Showing 2 changed files with 86 additions and 11 deletions.
48 changes: 44 additions & 4 deletions controllers/factory/vmagent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ func makeSpecForVMAgent(cr *victoriametricsv1beta1.VMAgent, c *config.BaseOperat
}

if len(cr.Spec.RemoteWrite) > 0 {
args = append(args, BuildRemoteWrites(cr, ssCache.baSecrets, ssCache.bearerTokens)...)
args = append(args, BuildRemoteWrites(cr, ssCache)...)
}
args = append(args, BuildRemoteWriteSettings(cr)...)

Expand Down Expand Up @@ -876,7 +876,7 @@ func BuildRemoteWriteSettings(cr *victoriametricsv1beta1.VMAgent) []string {
return args
}

func BuildRemoteWrites(cr *victoriametricsv1beta1.VMAgent, rwsBasicAuth map[string]*BasicAuthCredentials, rwsTokens map[string]string) []string {
func BuildRemoteWrites(cr *victoriametricsv1beta1.VMAgent, ssCache *scrapesSecretsCache) []string {
var finalArgs []string
var remoteArgs []remoteFlag
remoteTargets := cr.Spec.RemoteWrite
Expand All @@ -892,6 +892,11 @@ func BuildRemoteWrites(cr *victoriametricsv1beta1.VMAgent, rwsBasicAuth map[stri
tlsKeys := remoteFlag{flagSetting: "-remoteWrite.tlsKeyFile="}
tlsInsecure := remoteFlag{flagSetting: "-remoteWrite.tlsInsecureSkipVerify="}
tlsServerName := remoteFlag{flagSetting: "-remoteWrite.tlsServerName="}
oauth2ClientID := remoteFlag{flagSetting: "-remoteWrite.oauth2.clientID="}
oauth2ClientSecret := remoteFlag{flagSetting: "-remoteWrite.oauth2.clientSecret="}
oauth2ClientSecretFile := remoteFlag{flagSetting: "-remoteWrite.oauth2.clientSecretFile="}
oauth2Scopes := remoteFlag{flagSetting: "-remoteWrite.oauth2.scopes="}
oauth2TokenUrl := remoteFlag{flagSetting: "-remoteWrite.oauth2.tokenUrl="}

pathPrefix := path.Join(tlsAssetsDir, cr.Namespace)

Expand Down Expand Up @@ -946,7 +951,7 @@ func BuildRemoteWrites(cr *victoriametricsv1beta1.VMAgent, rwsBasicAuth map[stri
var user string
var pass string
if rws.BasicAuth != nil {
if s, ok := rwsBasicAuth[fmt.Sprintf("remoteWriteSpec/%s", rws.URL)]; ok {
if s, ok := ssCache.baSecrets[fmt.Sprintf("remoteWriteSpec/%s", rws.URL)]; ok {
authUser.isNotNull = true
authPassword.isNotNull = true
user = s.username
Expand All @@ -958,7 +963,7 @@ func BuildRemoteWrites(cr *victoriametricsv1beta1.VMAgent, rwsBasicAuth map[stri

var value string
if rws.BearerTokenSecret != nil {
if s, ok := rwsTokens[fmt.Sprintf("remoteWriteSpec/%s", rws.URL)]; ok {
if s, ok := ssCache.bearerTokens[fmt.Sprintf("remoteWriteSpec/%s", rws.URL)]; ok {
bearerToken.isNotNull = true
value = s
}
Expand All @@ -984,9 +989,44 @@ func BuildRemoteWrites(cr *victoriametricsv1beta1.VMAgent, rwsBasicAuth map[stri
sendTimeout.flagSetting += fmt.Sprintf("%s,", value)

value = ""
var oaturl, oascopes, oaclientID, oaSecretKey, oaSecretKeyFile string
if rws.OAuth2 != nil {
if len(rws.OAuth2.TokenURL) > 0 {
oauth2TokenUrl.isNotNull = true
oaturl = rws.OAuth2.TokenURL
}

if len(rws.OAuth2.Scopes) > 0 {
oauth2Scopes.isNotNull = true
oascopes = strings.Join(rws.OAuth2.Scopes, ",")
}

if len(rws.OAuth2.ClientSecretFile) > 0 {
oauth2ClientSecretFile.isNotNull = true
oaSecretKeyFile = rws.OAuth2.ClientSecretFile
}

sv := ssCache.oauth2Secrets[fmt.Sprintf("remoteWriteSpec/%s", rws.URL)]
if rws.OAuth2.ClientSecret != nil && sv != nil {
oaSecretKey = sv.clientSecret
oauth2ClientSecret.isNotNull = true
}

if len(rws.OAuth2.ClientID.Name()) > 0 && sv != nil {
oaclientID = sv.clientID
oauth2ClientID.isNotNull = true
}

}
oauth2TokenUrl.flagSetting += fmt.Sprintf("%s,", oaturl)
oauth2ClientSecretFile.flagSetting += fmt.Sprintf("%s,", oaSecretKeyFile)
oauth2ClientSecret.flagSetting += fmt.Sprintf("%s,", oaSecretKey)
oauth2ClientID.flagSetting += fmt.Sprintf("%s,", oaclientID)
oauth2Scopes.flagSetting += fmt.Sprintf("%s,", oascopes)
}
remoteArgs = append(remoteArgs, url, authUser, authPassword, bearerToken, urlRelabelConfig, tlsInsecure, sendTimeout)
remoteArgs = append(remoteArgs, tlsServerName, tlsKeys, tlsCerts, tlsCAs)
remoteArgs = append(remoteArgs, oauth2ClientID, oauth2ClientSecret, oauth2ClientSecretFile, oauth2Scopes, oauth2TokenUrl)

for _, remoteArgType := range remoteArgs {
if remoteArgType.isNotNull {
Expand Down
49 changes: 42 additions & 7 deletions controllers/factory/vmagent_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -562,9 +562,8 @@ func Test_loadTLSAssets(t *testing.T) {

func TestBuildRemoteWrites(t *testing.T) {
type args struct {
cr *victoriametricsv1beta1.VMAgent
rwsBasicAuth map[string]*BasicAuthCredentials
rwsTokens map[string]string
cr *victoriametricsv1beta1.VMAgent
ssCache *scrapesSecretsCache
}
tests := []struct {
name string
Expand All @@ -575,6 +574,7 @@ func TestBuildRemoteWrites(t *testing.T) {
{
name: "test with tls config full",
args: args{
ssCache: &scrapesSecretsCache{},
cr: &victoriametricsv1beta1.VMAgent{
Spec: victoriametricsv1beta1.VMAgentSpec{RemoteWrite: []victoriametricsv1beta1.VMAgentRemoteWriteSpec{
{
Expand Down Expand Up @@ -609,6 +609,7 @@ func TestBuildRemoteWrites(t *testing.T) {
{
name: "test insecure with key only",
args: args{
ssCache: &scrapesSecretsCache{},
cr: &victoriametricsv1beta1.VMAgent{
Spec: victoriametricsv1beta1.VMAgentSpec{RemoteWrite: []victoriametricsv1beta1.VMAgentRemoteWriteSpec{
{
Expand All @@ -632,6 +633,7 @@ func TestBuildRemoteWrites(t *testing.T) {
{
name: "test insecure",
args: args{
ssCache: &scrapesSecretsCache{},
cr: &victoriametricsv1beta1.VMAgent{
Spec: victoriametricsv1beta1.VMAgentSpec{RemoteWrite: []victoriametricsv1beta1.VMAgentRemoteWriteSpec{
{
Expand All @@ -649,6 +651,7 @@ func TestBuildRemoteWrites(t *testing.T) {
{
name: "test inline relabeling",
args: args{
ssCache: &scrapesSecretsCache{},
cr: &victoriametricsv1beta1.VMAgent{
Spec: victoriametricsv1beta1.VMAgentSpec{
RemoteWrite: []victoriametricsv1beta1.VMAgentRemoteWriteSpec{
Expand Down Expand Up @@ -689,6 +692,7 @@ func TestBuildRemoteWrites(t *testing.T) {
{
name: "test sendTimeout",
args: args{
ssCache: &scrapesSecretsCache{},
cr: &victoriametricsv1beta1.VMAgent{
Spec: victoriametricsv1beta1.VMAgentSpec{RemoteWrite: []victoriametricsv1beta1.VMAgentRemoteWriteSpec{
{
Expand All @@ -705,15 +709,46 @@ func TestBuildRemoteWrites(t *testing.T) {
},
want: []string{"-remoteWrite.url=localhost:8429,localhost:8431", "-remoteWrite.sendTimeout=10s,15s"},
},
{
name: "test oauth2",
args: args{
ssCache: &scrapesSecretsCache{
oauth2Secrets: map[string]*oauthCreds{"remoteWriteSpec/localhost:8431": &oauthCreds{
clientID: "some-id",
clientSecret: "some-secret",
}},
},
cr: &victoriametricsv1beta1.VMAgent{
Spec: victoriametricsv1beta1.VMAgentSpec{RemoteWrite: []victoriametricsv1beta1.VMAgentRemoteWriteSpec{
{
URL: "localhost:8429",
SendTimeout: pointer.String("10s"),
},
{
URL: "localhost:8431",
SendTimeout: pointer.String("15s"),
OAuth2: &victoriametricsv1beta1.OAuth2{
Scopes: []string{"scope-1"},
TokenURL: "http://some-url",
ClientSecret: &corev1.SecretKeySelector{},
ClientID: victoriametricsv1beta1.SecretOrConfigMap{ConfigMap: &corev1.ConfigMapKeySelector{
LocalObjectReference: corev1.LocalObjectReference{Name: "some-cm"},
Key: "some-key",
}},
},
},
}},
},
},
want: []string{"-remoteWrite.oauth2.clientID=,some-id", "-remoteWrite.oauth2.clientSecret=,some-secret", "-remoteWrite.oauth2.scopes=,scope-1", "-remoteWrite.oauth2.tokenUrl=,http://some-url", "-remoteWrite.url=localhost:8429,localhost:8431", "-remoteWrite.sendTimeout=10s,15s"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
sort.Strings(tt.want)
got := BuildRemoteWrites(tt.args.cr, tt.args.rwsBasicAuth, tt.args.rwsTokens)
got := BuildRemoteWrites(tt.args.cr, tt.args.ssCache)
sort.Strings(got)
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("BuildRemoteWrites() = \n%v\n, want \n%v\n", got, tt.want)
}
assert.Equal(t, tt.want, got)
})
}
}
Expand Down

0 comments on commit eb59f5b

Please sign in to comment.