feat(prometheus): add bearer token support (#823)

* feat(prometheus): add bearer token support * fix(retrofit): revert log level
spinnaker · Dec 8, 2020 · 6b387f3 · 6b387f3
1 parent 410bde5
commit 6b387f3
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 6 deletions.
diff --git a/kayenta-core/src/main/java/com/netflix/kayenta/retrofit/config/RetrofitClientFactory.java b/kayenta-core/src/main/java/com/netflix/kayenta/retrofit/config/RetrofitClientFactory.java
@@ -60,7 +60,7 @@ JacksonConverter jacksonConverterWithMapper(ObjectMapper objectMapper) {
   public <T> T createClient(
       Class<T> type, Converter converter, RemoteService remoteService, OkHttpClient okHttpClient) {
     try {
-      return createClient(type, converter, remoteService, okHttpClient, null, null, null);
+      return createClient(type, converter, remoteService, okHttpClient, null, null, null, null);
     } catch (IOException e) {
       throw new RuntimeException(e);
     }
@@ -73,7 +73,31 @@ public <T> T createClient(
       OkHttpClient okHttpClient,
       String username,
       String password,
-      String usernamePasswordFile)
+      String usernamePasswordFile) {
+    try {
+      return createClient(
+          type,
+          converter,
+          remoteService,
+          okHttpClient,
+          username,
+          password,
+          usernamePasswordFile,
+          null);
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  public <T> T createClient(
+      Class<T> type,
+      Converter converter,
+      RemoteService remoteService,
+      OkHttpClient okHttpClient,
+      String username,
+      String password,
+      String usernamePasswordFile,
+      String bearerToken)
       throws IOException {
     String baseUrl = remoteService.getBaseUrl();
 
@@ -83,8 +107,10 @@ public <T> T createClient(
 
     if (!(StringUtils.isEmpty(username)
         && StringUtils.isEmpty(password)
-        && StringUtils.isEmpty(usernamePasswordFile))) {
-      okHttpClient = createAuthenticatedClient(username, password, usernamePasswordFile);
+        && StringUtils.isEmpty(usernamePasswordFile)
+        && StringUtils.isEmpty(bearerToken))) {
+      okHttpClient =
+          createAuthenticatedClient(username, password, usernamePasswordFile, bearerToken);
     }
 
     Slf4jRetrofitLogger logger = createRetrofitLogger.apply(type);
@@ -100,14 +126,17 @@ public <T> T createClient(
   }
 
   private static OkHttpClient createAuthenticatedClient(
-      String username, String password, String usernamePasswordFile) throws IOException {
+      String username, String password, String usernamePasswordFile, String bearerToken)
+      throws IOException {
     final String credential;
 
     if (StringUtils.isNotEmpty(usernamePasswordFile)) {
       String trimmedFileContent =
           new String(Files.readAllBytes(Paths.get(usernamePasswordFile))).trim();
 
       credential = "Basic " + Base64.encodeBase64String(trimmedFileContent.getBytes());
+    } else if (StringUtils.isNotEmpty(bearerToken)) {
+      credential = "Bearer " + bearerToken;
     } else {
       credential = Credentials.basic(username, password);
     }

diff --git a/...ometheus/src/main/java/com/netflix/kayenta/prometheus/config/PrometheusConfiguration.java b/...ometheus/src/main/java/com/netflix/kayenta/prometheus/config/PrometheusConfiguration.java
@@ -92,6 +92,7 @@ MetricsService prometheusMetricsService(
                 .username(prometheusManagedAccount.getUsername())
                 .password(prometheusManagedAccount.getPassword())
                 .usernamePasswordFile(prometheusManagedAccount.getUsernamePasswordFile())
+                .bearerToken(prometheusManagedAccount.getBearerToken())
                 .build();
         PrometheusNamedAccountCredentials.PrometheusNamedAccountCredentialsBuilder
             prometheusNamedAccountCredentialsBuilder =
@@ -110,7 +111,8 @@ MetricsService prometheusMetricsService(
                     okHttpClient,
                     prometheusManagedAccount.getUsername(),
                     prometheusManagedAccount.getPassword(),
-                    prometheusManagedAccount.getUsernamePasswordFile());
+                    prometheusManagedAccount.getUsernamePasswordFile(),
+                    prometheusManagedAccount.getBearerToken());
 
             prometheusNamedAccountCredentialsBuilder.prometheusRemoteService(
                 prometheusRemoteService);

diff --git a/...metheus/src/main/java/com/netflix/kayenta/prometheus/config/PrometheusManagedAccount.java b/...metheus/src/main/java/com/netflix/kayenta/prometheus/config/PrometheusManagedAccount.java
@@ -44,4 +44,7 @@ public class PrometheusManagedAccount {
 
   private List<AccountCredentials.Type> supportedTypes =
       Collections.singletonList(AccountCredentials.Type.METRICS_STORE);
+
+  // Optional parameter for use when protecting prometheus with bearer token.
+  private String bearerToken;
 }
diff --git a/...ometheus/src/main/java/com/netflix/kayenta/prometheus/security/PrometheusCredentials.java b/...ometheus/src/main/java/com/netflix/kayenta/prometheus/security/PrometheusCredentials.java
@@ -35,4 +35,6 @@ public class PrometheusCredentials {
   private String password;
 
   private String usernamePasswordFile;
+
+  private String bearerToken;
 }
diff --git a/kayenta-web/config/kayenta.yml b/kayenta-web/config/kayenta.yml
@@ -97,6 +97,10 @@ kayenta:
 #      - name: my-prometheus-account
 #        endpoint:
 #          baseUrl: http://localhost:9090
+#        username: xxxx # Optional, for use when protecting prometheus with basic auth
+#        password: xxxx # Optional, for use when protecting prometheus with basic auth
+#        usernamePasswordFile: xxxx # Optional, for use when protecting prometheus with basic auth
+#        bearerToken: xxxx # Optional, for use when protecting prometheus with bearer token
 #        supportedTypes:
 #          - METRICS_STORE