Skip to content

Commit

Permalink
Add support for Amazon Elasticsearch Service
Browse files Browse the repository at this point in the history
Signed-off-by: Jami Karvanen <jami.karvanen@yle.fi>
  • Loading branch information
jmtsi committed Jun 17, 2021
1 parent a4c1f63 commit cac7e3f
Show file tree
Hide file tree
Showing 4 changed files with 87 additions and 5 deletions.
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ module github.com/prometheus-community/elasticsearch_exporter
go 1.16

require (
github.com/aws/aws-sdk-go v1.27.0
github.com/blang/semver v3.5.2-0.20180723201105-3c1074078d32+incompatible
github.com/go-kit/kit v0.10.0
github.com/imdario/mergo v0.3.12
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
github.com/aws/aws-sdk-go v1.27.0 h1:0xphMHGMLBrPMfxR2AmVjZKcMEESEgWF8Kru94BNByk=
github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
Expand Down Expand Up @@ -136,6 +137,7 @@ github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
Expand Down
45 changes: 40 additions & 5 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,18 @@ import (
"github.com/go-kit/kit/log/level"
"github.com/prometheus-community/elasticsearch_exporter/collector"
"github.com/prometheus-community/elasticsearch_exporter/pkg/clusterinfo"
"github.com/prometheus-community/elasticsearch_exporter/pkg/roundtripper"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
"github.com/prometheus/common/version"
"gopkg.in/alecthomas/kingpin.v2"

"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
)

func main() {
Expand Down Expand Up @@ -85,6 +93,10 @@ func main() {
esInsecureSkipVerify = kingpin.Flag("es.ssl-skip-verify",
"Skip SSL verification when connecting to Elasticsearch.").
Default("false").Envar("ES_SSL_SKIP_VERIFY").Bool()
esAWS = kingpin.Flag("es.aws", "Enable support for Amazon Elasticsearch Service").
Default("false").Envar("ES_AWS").Bool()
esAWSRegion = kingpin.Flag("es.aws-region", "Sets the AWS region").
Default("").Envar("ES_AWS_REGION").String()
logLevel = kingpin.Flag("log.level",
"Sets the loglevel. Valid levels are debug, info, warn, error").
Default("info").Envar("LOG_LEVEL").String()
Expand Down Expand Up @@ -114,12 +126,35 @@ func main() {
// returns nil if not provided and falls back to simple TCP.
tlsConfig := createTLSConfig(*esCA, *esClientCert, *esClientPrivateKey, *esInsecureSkipVerify)

defaultTransport := &http.Transport{
TLSClientConfig: tlsConfig,
Proxy: http.ProxyFromEnvironment,
}

httpClient := &http.Client{
Timeout: *esTimeout,
Transport: &http.Transport{
TLSClientConfig: tlsConfig,
Proxy: http.ProxyFromEnvironment,
},
Timeout: *esTimeout,
Transport: defaultTransport,
}

if esAWS != nil {
sess := session.Must(session.NewSession())
httpClient.Transport = &roundtripper.AWSSigningTransport{
DefaultTransport: defaultTransport,
Credentials: credentials.NewChainCredentials([]credentials.Provider{
&credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{},
stscreds.NewWebIdentityRoleProvider(
sts.New(sess),
os.Getenv("AWS_ROLE_ARN"),
"",
os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE"),
),
&ec2rolecreds.EC2RoleProvider{
Client: ec2metadata.New(sess),
},
}),
Region: *esAWSRegion,
}
}

// version metric
Expand Down
44 changes: 44 additions & 0 deletions pkg/roundtripper/aws.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
// Copyright 2021 The Prometheus Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package roundtripper

import (
"net/http"
"time"

"github.com/aws/aws-sdk-go/aws/credentials"
v4 "github.com/aws/aws-sdk-go/aws/signer/v4"
)

const (
service = "es"
)

type AWSSigningTransport struct {
DefaultTransport *http.Transport
Credentials *credentials.Credentials
Region string
}

// RoundTrip implementation
func (a AWSSigningTransport) RoundTrip(req *http.Request) (*http.Response, error) {
signer := v4.NewSigner(a.Credentials)

// body is nil as we never send data to Elastic, just get
if _, err := signer.Sign(req, nil, service, a.Region, time.Now()); err != nil {
return nil, err
}

return a.DefaultTransport.RoundTrip(req)
}

0 comments on commit cac7e3f

Please sign in to comment.