Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(snmp): Add secret support for auth_password and priv_password #14975

Merged
merged 2 commits into from Mar 13, 2024
Merged

feat(snmp): Add secret support for auth_password and priv_password #14975

merged 2 commits into from Mar 13, 2024

Conversation

srebhan
Copy link
Contributor

@srebhan srebhan commented Mar 12, 2024

Summary

Add support for secrets to all SNMP-family plugins.

Checklist

  • No AI generated code was used in this PR

Related issues

resolves #14972

@telegraf-tiger telegraf-tiger bot added the feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin label Mar 12, 2024
@srebhan srebhan mentioned this pull request Mar 12, 2024
Closed
@srebhan srebhan marked this pull request as ready for review March 12, 2024 09:45
@srebhan srebhan added area/snmp plugin/input 1. Request for new input plugins 2. Issues/PRs that are related to input plugins plugin/processor labels Mar 12, 2024
@telegraf-tiger
Copy link
Contributor

Download PR build artifacts for linux_amd64.tar.gz, darwin_arm64.tar.gz, and windows_amd64.zip.
Downloads for additional architectures and packages are available below.

☺️ This pull request doesn't significantly change the Telegraf binary size (less than 1%)

📦 Click here to get additional PR build artifacts

Artifact URLs

DEB RPM TAR GZ ZIP
amd64.deb aarch64.rpm darwin_amd64.tar.gz windows_amd64.zip
arm64.deb armel.rpm darwin_arm64.tar.gz windows_arm64.zip
armel.deb armv6hl.rpm freebsd_amd64.tar.gz windows_i386.zip
armhf.deb i386.rpm freebsd_armv7.tar.gz
i386.deb ppc64le.rpm freebsd_i386.tar.gz
mips.deb riscv64.rpm linux_amd64.tar.gz
mipsel.deb s390x.rpm linux_arm64.tar.gz
ppc64el.deb x86_64.rpm linux_armel.tar.gz
riscv64.deb linux_armhf.tar.gz
s390x.deb linux_i386.tar.gz
linux_mips.tar.gz
linux_mipsel.tar.gz
linux_ppc64le.tar.gz
linux_riscv64.tar.gz
linux_s390x.tar.gz

@srebhan srebhan added the ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. label Mar 12, 2024
@KoMa1978
Copy link

KoMa1978 commented Mar 12, 2024
edited by srebhan

Hi,

it is not really working. This is my telegraf.conf with the secrets config (this one is working fine with "<< token = "@{localsecrets:influxdb_token}" >>"for influx):

[[secretstores.jose]]
  id = "localsecrets"
  path = "/etc/telegraf/secrets"
  password = "xxxx"
$ telegraf secrets list
Known secrets for store "localsecrets":
    influxdb_token                  
    snmpv3_operator_token           
    snmpv3_token              
[[inputs.snmp]]
...
  auth_protocol = "SHA"
  auth_password = "@{localsecrets:snmpv3_token}"
  priv_protocol = "AES"
  priv_password = "@{localsecrets:snmpv3_token}"
$telegraf --test --config /etc/telegraf/telegraf.d/snmp.conf.test 
2024-03-12T12:52:16Z I! Loading config: /etc/telegraf/telegraf.d/snmp.conf.test
2024-03-12T12:52:16Z E! unknown secret-store for "@{localsecrets:snmpv3_token}"

@KoMa1978
Copy link

KoMa1978 commented Mar 12, 2024
edited

Ignore the above ...

It is working fine, I forgot to add the telegraf config (where the secretstore is defined) in the test
This one is working fine:

$telegraf --test --config /etc/telegraf/telegraf.conf --config /etc/telegraf/telegraf.d/snmp.conf.test

@powersj powersj removed their assignment Mar 12, 2024
@DStrand1 DStrand1 merged commit f674099 into influxdata:master Mar 13, 2024
26 checks passed
@github-actions github-actions bot added this to the v1.31.0 milestone Mar 13, 2024
Hipska
Hipska reviewed Apr 23, 2024
View reviewed changes
internal/snmp/wrapper.go
if !s.PrivPassword.Empty() {
p, err := s.PrivPassword.Get()
if err != nil {
return GosnmpWrapper{}, fmt.Errorf("getting private password failed: %w", err)
Copy link
Contributor

@Hipska Hipska Apr 23, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

-				return GosnmpWrapper{}, fmt.Errorf("getting private password failed: %w", err)
+				return GosnmpWrapper{}, fmt.Errorf("getting privacy password failed: %w", err)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hipska Hipska Hipska left review comments

@powersj powersj powersj approved these changes

@DStrand1 DStrand1 DStrand1 approved these changes

Assignees

@DStrand1 DStrand1

Labels
area/snmp feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin plugin/input 1. Request for new input plugins 2. Issues/PRs that are related to input plugins plugin/processor ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review.
Projects
None yet
Milestone
v1.31.0
Development

Successfully merging this pull request may close these issues.

SNMPv3 input and secretstores support
5 participants
@srebhan @KoMa1978 @Hipska @powersj @DStrand1