deadtrickster / prometheus-plugs

Prometheus.erl Elixir Plugs
54 stars 33 forks source link

Configuring basic auth in Distillery #30

Open acrogenesis opened 5 years ago

acrogenesis commented 5 years ago

In my rel/config/config.exs I set

config :prometheus, ValiotApp.PrometheusExporter,
  auth: {:basic, System.get_env("METRICS_USER"), System.get_env("METRICS_PASS")}

But PrometheusExporter isn't using this configuration. If I instead set it on config/prod.exs it uses the configuration but the env variables aren't set at build time so it has an empty user and password.

I believe it might by related to #25

acrogenesis commented 5 years ago

So the problem is evaluated at compile time plug_exporter.ex#L74 I think we could how that particular config is handled, or we could change how deadtrickster/prometheus.ex/lib/prometheus/config.ex#L48 works. The latter seems a better option but a lot more complicated.

deadtrickster commented 5 years ago

maybe add a switch for an option, like :runtime t

acrogenesis commented 5 years ago

I'm trying something along those lines but I'm having trouble with the metaprogramming 🤯

philipgiuliani commented 5 years ago

Having the same problem. Distillery's REPLACE_OS_VARS=true does not work because of the tuple structure:

config :prometheus, MyApp.Metrics.Plug,
  auth: {:basic, "prometheus", "${PROMETHEUS_PASSWORD}"}
philipgiuliani commented 5 years ago

Im the meanwhile, I was able to workaround this problem by adding https://github.com/CultivateHQ/basic_auth and handling authentication myself.

config.exs

config :prometheus, MyApp.Metrics.Plug,
  path: "/"

config :myapp, prometheus_basic_auth: [
  username: "prometheus",
  password: "${PROMETHEUS_PASSWORD}"
]

router.ex

  pipeline :metrics do
    plug BasicAuth, use_config: {:myapp, :prometheus_basic_auth}
  end

  scope "/metrics" do
    pipe_through :metrics

    forward "/", MyApp.Metrics.Plug
  end
acrogenesis commented 5 years ago

Nice idea @philipgiuliani thanks!

ssajnani commented 5 years ago

Use https://github.com/azohra/ptolemy to get your secrets during runtime and have an external system like vault to manage your secrets.

xdays commented 4 years ago

note: you need deleteplug MyApp.MetricsExporter from endpoint.ex if you define you own basic auth plug.

akoutmos commented 4 years ago

I maintain an Elixir library that I use to conditionally execute Plugs at runtime: https://github.com/akoutmos/unplug

We wrote our own predicate for Unplug and then just conditionally execute the PlugExporter at runtime based on the current request.