Flow web app: expose unevaluated config files

[rfratto]

It would be nice to have an endpoint which shows the unevaluated config file for all config blocks and components. This can be viewable in a single page (similar to Prometheus' config file endpoint), or we could also show the unevaluated config per-component when viewing a component-specific page.

However, doing this securely isn't simple: we'd still want to scrub any hard-coded strings which are passed to any attribute with a secret type.

https://github.com/grafana/alloy/issues/517

[rfratto]

However, doing this securely isn't simple: we'd still want to scrub any hard-coded strings which are passed to any attribute with a secret type.

This should be enough to guarantee all strings used for secrets get scrubbed correctly. If we want extra safety, we could also support some kind of secret function to explicitly convert a string into a secret and hide string arguments to that.

If/when support for variables gets added in the future, we'd have to do a little more work to make sure a string doesn't get exposed, probably by doing some kind of analysis to see if a variable is ever passed to a secret-typed argument.

[xiyu95]

@rfratto It would be great if there is a separate ticket for frontend and one for backend, so that we can note down any important description within the ticket without getting messy 😃

[rfratto]

@xiyu95 Sure, I turned this into a high-level issue and split the issue up:

• Backend change: grafana/alloy#513
• Frontend change: grafana/alloy#512

[ptodev]

For API endpoints like this, would it be good to require extra authentication when calling the Agent API? If I understand correctly, at the moment there is no authentication. Especially for Agent Management there might be a benefit in seeing the full unredacted config file.