diff --git a/README.md b/README.md
index be2cfae..90d4385 100644
--- a/README.md
+++ b/README.md
@@ -61,10 +61,12 @@ uaac client add prometheus-credhub \
| `credhub.client-secret`
`CREDHUB_EXPORTER_CLIENT_SECRET` | Yes | | Credhub Client Secret |
| `credhub.proxy`
`CREDHUB_EXPORTER_PROXY` | No | | Socks proxy to open before connecting to credub |
| `credhub.ca-certs-path`
`CREDHUB_EXPORTER_CA_CERTS_PATH` | No | | Path to CA certificate to use when connecting credhub |
+| `filters.name-like`
`CREDHUB_EXPORTER_FILTER_NAMELIKE` | No | | Fetch credentials whose name contains the query string (fetch all credentials when empty) |
+| `filters.path`
`CREDHUB_EXPORTER_FILTER_PATH` | No | | Fetch credentials that exist under the provided path (ignored when --filters.name-like is not empty) |
| `filters.generic-certificates`
`CREDHUB_EXPORTER_GENERIC_CERTIFICATES` | No | `[]` | Json list of to match generic credentials paths that may contains certificates |
-| `metrics.director-name`
`CREDHUB_EXPORTER_METRICS_DIRECTOR` | Yes | `bosh` | Director label to be attached to metrics |
+| `metrics.deployment-name`
`CREDHUB_EXPORTER_METRICS_DEPLOYMENT` | Yes | | Credhub Bosh Deployment Name to be reported as the `deployment` metric label |
| `metrics.namespace`
`CREDHUB_EXPORTER_METRICS_NAMESPACE` | No | `credhub` | Metrics Namespace |
-| `metrics.environment`
`CREDHUB_EXPORTER_METRICS_ENVIRONMENT` | Yes | | Environment label to be attached to metrics |
+| `metrics.environment`
`CREDHUB_EXPORTER_METRICS_ENVIRONMENT` | Yes | | Credhub `environment` label to be attached to metrics |
| `skip-ssl-verify`
`CREDHUB_EXPORTER_SKIP_SSL_VERIFY` | No | `false` | Disable SSL Verify |
| `web.listen-address`
`CREDHUB_EXPORTER_WEB_LISTEN_ADDRESS` | No | `:9358` | Address to listen on for web interface and telemetry |
| `web.telemetry-path`
`CREDHUB_EXPORTER_WEB_TELEMETRY_PATH` | No | `/metrics` | Path under which to expose Prometheus metrics |
diff --git a/collector.go b/collector.go
index d66b671..be41dac 100644
--- a/collector.go
+++ b/collector.go
@@ -23,6 +23,8 @@ const (
type CredhubCollector struct {
filters []*regexp.Regexp
cli *credhub.CredHub
+ nameLike string
+ path string
credentialMetrics *prometheus.GaugeVec
certificateExpiresMetrics *prometheus.GaugeVec
scrapeErrorMetric prometheus.Gauge
@@ -31,7 +33,7 @@ type CredhubCollector struct {
// NewCredhubCollector -
func NewCredhubCollector(
- director string,
+ deployment string,
environment string,
filters []*regexp.Regexp,
cli *credhub.CredHub) *CredhubCollector {
@@ -42,7 +44,7 @@ func NewCredhubCollector(
Subsystem: "credential",
Name: "created_at",
Help: "Number of seconds since 1970 since last rotation of credhub credential",
- ConstLabels: prometheus.Labels{"environment": environment, "director": director},
+ ConstLabels: prometheus.Labels{"environment": environment, "deployment": deployment},
},
[]string{"path", "name", "id"},
)
@@ -53,7 +55,7 @@ func NewCredhubCollector(
Subsystem: "certificate",
Name: "expires_at",
Help: "Number of seconds since 1970 until certificate will expire",
- ConstLabels: prometheus.Labels{"environment": environment, "director": director},
+ ConstLabels: prometheus.Labels{"environment": environment, "deployment": deployment},
},
[]string{"path", "name", "id", "index"},
)
@@ -64,7 +66,7 @@ func NewCredhubCollector(
Subsystem: "",
Name: "last_scrap_error",
Help: "Whether the last scrape of Applications metrics from Credhub resulted in an error (1 for error, 0 for success)",
- ConstLabels: prometheus.Labels{"environment": environment, "director": director},
+ ConstLabels: prometheus.Labels{"environment": environment, "deployment": deployment},
},
)
@@ -74,13 +76,15 @@ func NewCredhubCollector(
Subsystem: "",
Name: "last_scrape_timestamp",
Help: "Number of seconds since 1970 since last scrape of metrics from credhub.",
- ConstLabels: prometheus.Labels{"environment": environment, "director": director},
+ ConstLabels: prometheus.Labels{"environment": environment, "deployment": deployment},
},
)
return &CredhubCollector{
cli: cli,
filters: filters,
+ nameLike: "",
+ path: "",
credentialMetrics: credentialMetrics,
certificateExpiresMetrics: certificateExpiresMetrics,
scrapeErrorMetric: scrapeErrorMetric,
@@ -88,6 +92,14 @@ func NewCredhubCollector(
}
}
+func (c CredhubCollector) filterNameLike(name string) {
+ c.nameLike = name
+}
+
+func (c CredhubCollector) filterPath(path string) {
+ c.path = path
+}
+
func (c CredhubCollector) processCertificates(path string, name string, id string, certificates string) error {
data := []byte(certificates)
for idx := 1; len(data) != 0; idx++ {
@@ -137,7 +149,19 @@ func (c CredhubCollector) Collect(ch chan<- prometheus.Metric) {
c.scrapeErrorMetric.Set(0.0)
c.lastScrapeTimestampMetric.Set(float64(time.Now().Unix()))
- results, err := c.cli.FindByPartialName("")
+ var (
+ results credentials.FindResults
+ err error
+ )
+
+ if c.nameLike != "" {
+ results, err = c.cli.FindByPartialName(c.nameLike)
+ } else if c.path != "" {
+ results, err = c.cli.FindByPath(c.path)
+ } else {
+ results, err = c.cli.FindByPartialName("")
+ }
+
if err != nil {
log.Errorf("Error fethings credentials from credhub: %s", err.Error())
c.scrapeErrorMetric.Set(1.0)
diff --git a/credhub_exporter.go b/credhub_exporter.go
index 71f2a84..23b7ba3 100644
--- a/credhub_exporter.go
+++ b/credhub_exporter.go
@@ -35,6 +35,14 @@ var (
"credhub.proxy", "Credhub Client Secret ($CREDHUB_EXPORTER_CLIENT_SECRET)",
).Envar("CREDHUB_EXPORTER_PROXY").Default("").String()
+ filterNameLike = kingpin.Flag(
+ "filters.name-like", "Fetch credentials whose name contains the query string (fetch all credentials when empty)",
+ ).Envar("CREDHUB_EXPORTER_FILTER_NAMELIKE").Default("").String()
+
+ filterPath = kingpin.Flag(
+ "filters.path", "Fetch credentials that exist under the provided path (ignored when --filters.name-like is not empty)",
+ ).Envar("CREDHUB_EXPORTER_FILTER_PATH").Default("").String()
+
genericCertificateFilter = kingpin.Flag(
"filters.generic-certificates", "Json list of to match generic credentials paths that may contains certificates",
).Envar("CREDHUB_EXPORTER_GENERIC_CERTIFICATES").Default("[]").String()
@@ -44,12 +52,12 @@ var (
).Envar("CREDHUB_EXPORTER_METRICS_NAMESPACE").Default("credhub").String()
metricsEnvironment = kingpin.Flag(
- "metrics.environment", "Environment label to be attached to metrics ($CREDHUB_EXPORTER_METRICS_ENVIRONMENT)",
+ "metrics.environment", "Credhub environment label to be attached to metrics ($CREDHUB_EXPORTER_METRICS_ENVIRONMENT)",
).Envar("CREDHUB_EXPORTER_METRICS_ENVIRONMENT").Required().String()
- metricsDirector = kingpin.Flag(
- "metrics.director-name", "Director label to be attached to metrics ($CREDHUB_EXPORTER_METRICS_DIRECTOR)",
- ).Envar("CREDHUB_EXPORTER_METRICS_DIRECTOR").Required().String()
+ metricsDeployment = kingpin.Flag(
+ "metrics.deployment-name", "Credhub Bosh Deployment Name to be reported as the deployment metric label ($CREDHUB_EXPORTER_METRICS_DEPLOYMENT)",
+ ).Envar("CREDHUB_EXPORTER_METRICS_DEPLOYMENT").Required().String()
skipSSLValidation = kingpin.Flag(
"skip-ssl-verify", "Disable SSL Verify ($CREDHUB_EXPORTER_SKIP_SSL_VERIFY)",
@@ -175,8 +183,9 @@ func main() {
filters = append(filters, exp)
}
- // todo cacert
- credhubCollector := NewCredhubCollector(*metricsDirector, *metricsEnvironment, filters, credhubCli)
+ credhubCollector := NewCredhubCollector(*metricsDeployment, *metricsEnvironment, filters, credhubCli)
+ credhubCollector.filterNameLike(*filterNameLike)
+ credhubCollector.filterPath(*filterPath)
prometheus.MustRegister(credhubCollector)
handler := prometheusHandler()