Open qmonitoring opened 3 years ago
Does anyone know if this has been implemented?
Does anyone know if this has been implemented?
I have a similar issue. Trying to scrape json path via api url like http://MyHost/platform_api/GetSomeStuff/?account_id=123456&api_key=11112222233334444 It returns json in browser or curl just fine. But i have no success probing that url with json_exporter http://192.168.9.103:7979/probe?target=http://MyHost/platform_api/GetSomeStuff/?account_id=123456&api_key=11112222233334444 It seems to pass an account id but no api_key, so i'm getting authorization error.
I have a similar issue. If you run json_exporter locally and use Wireshark, you can see that the exporter only forwards the first get argument.
Sorry I didn't wait with my last comment until I knew the solution:
Replace &
with %26
because you have to escape your &
.
If you request http://exporter.local/probe?target=someurl&apiKey=abcd
then apiKey
is delivered as GET parameter to probe and is not read as part of the string intended for target
.
Therefore, request http://exporter.local/probe?target=someurl%26apiKey=abcd
I think this is already supported with the http_client_config. Look at the example provided in https://github.com/prometheus-community/json_exporter/blob/master/examples/config.yml
I needed something similar in a Kubernetes environment and my config looks like
http_client_config:
authorization:
type: Key
credentials_file: /tmp/api-key.txt
Translated to curl
this would be something like
curl -H "Authorization: Key MySecretApiKey" "exporter:7979/probe?target=http://mytarget"
For other options see https://pkg.go.dev/github.com/prometheus/common/config#Authorization
We need to have ability to add custom headers and hide it. For example gitlab api provide to use header field - token
to authentificate. Yes, maybe gitlab team made bad solution, but, for now, I don't ability to use secure.
Authorization with the standardized HTTP Authorization methods is possible as @acondrat described in https://github.com/prometheus-community/json_exporter/issues/87#issuecomment-1305469450.
For example, the following module configuration sets the header Authorization: Bearer 123456
when the file /credentials/some_app.txt
contains the string 123456
.
modules:
some_application:
http_client_config:
authorization:
credentials_file: /credentials/some_app.txt
I don't think json_exporter should support non-standard-conformant authentication methods since this would add maintenance overhead that is not rectifiable - any application should support at least one of the standardized methods of Bearer tokens, Basic auth, or OAuth2.
Hi @morremeyer,
I hope you can help me out. I have deployed Json-Exporter and Prometheus as a Helm chart in my Kubernetes cluster.
I have an API query that I can successfully submit in the terminal and get a return:
curl -X GET https://api.viessmann.com/iot/v2/features/installations/ID/gateways/ID/devices/ID/features -H "Authorization: Bearer <token>“
If I go by the http_client_config
documentation (https://pkg.go.dev/github.com/prometheus/common/config#HTTPClientConfig) bearer_token or authorization.credentials must be of type Secret.
Unfortunately, I can't get the bearer token to work properly as a Kubernetes secret.
This is what my json exporter config looks like:
configuration:
config: |
---
modules:
some_application:
metrics:
- name: viessmann
type: object
path: '{ .data.0 }'
help: viessmann
labels:
id: "viessmann"
name: "viessmann"
values:
apiVersion: '{.apiVersion}'
http_client_config:
bearer_token: 'viessmann-secret'
or
http_client_config:
authorization:
credentials: 'viessmann-secret'
The Kubernetes-secret I create like:
apiVersion: v1
kind: Secret
metadata:
name: viessmann-secret
namespace: monitoring
type: Opaque
data:
bearer_token: BASE64_ENCODED_TOKEN_VALUE_HERE
I hope you or someone else can help me :/ Thanks in advance
Hey @schoen2, let me post the full configuration that we use.
The http_client_config.bearer_token
or http_client_config.authorization.credentials
need to be the literal token, not a reference to a secret with the token.
If you want to read the token from a secret, which I would recommend, you'll need to mount the secret as a file and reference that with http_client_config.authorization.credentials_file
.
To illustrate, let me add the config we have deployed currently.
We're using https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-json-exporter in version 0.11.0
to deploy.
Great!! Thanks a lot!
I don't know the difference between credentials_file
and credentials
about the reference to a secret.
@morremeyer can you help ? running into a small issue while trying to use json-exporter with an api endpoint that uses an api_key, no matter what i try i end up with 401 Unauthorized.
This is the working format in curl:
curl -X GET https://example.com/v1/core/images -H 'api_key: xxxxxxxxxxxxxxxxxxx'
When using it over the json-exporter http://192.168.7.250:7979/probe?module=default&target=https%3A%2F%2Fexample.com%2Fv1%2Fcore%2Fimages
Failed to fetch JSON response. TARGET: https://example.com/v1/core/images, ERROR: 401 Unauthorized
This is my config file, am i missing something?
modules:
default:
http_client_config:
follow_redirects: true
enable_http2: true
tls_config:
insecure_skip_verify: true
http_headers:
api_key: 'xxxxxxxxxxxxxxxxxxx'
metrics:
- type: gauge
name: image_name
help: "Image Names"
path: $.images[*].images[*].name
labels:
image_name: $.name
Ref: https://pkg.go.dev/github.com/prometheus/common/config#HTTPClientConfig
@luis15pt Can you link to the API documentation? If not, are you sure the api key has to be sent this way? That is not a standardized HTTP header.
I would expect something like „Authorization: Bearer xxxx“
I will double check but currently its documented only as api_key, just noticed maybe i need to add the "accept: application/json" ?
curl -X GET "https://infrahub-api.nexgencloud.com/v1/pricebook" \ -H "accept: application/json"\ -H "api_key: YOUR API KEY"
https://infrahub-doc.nexgencloud.com/docs/api-reference/pricebook-resources/pricebook
On Mon, Jun 24, 2024 at 10:01 PM morre @.***> wrote:
@luis15pt https://github.com/luis15pt Can you link to the API documentation? If not, are you sure the api key has to be sent this way? That is not a standardized HTTP header.
I would expect something like „Authorization: Bearer xxxx“
— Reply to this email directly, view it on GitHub https://github.com/prometheus-community/json_exporter/issues/87#issuecomment-2187394880, or unsubscribe https://github.com/notifications/unsubscribe-auth/AYCEIF5MVAHWUBEAV5HIWM3ZJCCLBAVCNFSM4YO5L3QKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJYG4ZTSNBYHAYA . You are receiving this because you were mentioned.Message ID: @.***>
Use case: I am trying to scrape an endpoint with an API KEY аuthorization using Prometheus with json-exporter ( prom/prometheus:main and prometheuscommunity/json-exporter:v0.3.0 docker images):
docker run -d --network=host --name=prometheus -v /path/prometheus.yml:/etc/prometheus/prometheus.yml prom/prometheus:main --config.file=/etc/prometheus/prometheus.yml --web.listen-address=:9095
docker run -d --name=json-exporter --network=host -v /path/jsonexporter/config.yml:/config.yml prometheuscommunity/json-exporter:v0.3.0 --config.file=/config.yml
with the following Prometheus prometheus.yml configuration file:
and the following json-exporter config.yml configuration file:
prom/prometheus:main and prometheuscommunity/json-exporter:v0.3.0 are up and running, self scraping works fine (http://:7979/metrics), but a json scraping doesn't work (http://:7979/probe), the error is the following:
_Failed to fetch JSON response. TARGET: http://:/api/v1/data, ERROR: 401 Unauthorized_
The endpoint itself is available: _curl -X GET 'http://:/api/v1/data' -H 'Authorization: {my_secrettoken}'
Feature request: Could you please implement authorization with API KEY token?
(please see link with additional discussion in the Prometheus repository)