feat(inputs.gnmi): Add secret store support for username and password

fixes: influxdata#15172
powersj · Apr 16, 2024 · 9f169c2 · 9f169c2
1 parent 43687b4
commit 9f169c2
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 6 deletions.
diff --git a/plugins/inputs/gnmi/README.md b/plugins/inputs/gnmi/README.md
@@ -34,6 +34,14 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
 
 [CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
 
+## Secret-store support
+
+This plugin supports secrets from secret-stores for the `username` and
+`password` options. See the [secret-store documentation][SECRETSTORE] for more
+details on how to use them.
+
+[SECRETSTORE]: ../../../docs/CONFIGURATION.md#secret-store-secrets
+
 ## Configuration
 
 ```toml @sample.conf

diff --git a/plugins/inputs/gnmi/gnmi.go b/plugins/inputs/gnmi/gnmi.go
@@ -47,8 +47,8 @@ type GNMI struct {
 	Target              string            `toml:"target"`
 	UpdatesOnly         bool              `toml:"updates_only"`
 	VendorSpecific      []string          `toml:"vendor_specific"`
-	Username            string            `toml:"username"`
-	Password            string            `toml:"password"`
+	Username            config.Secret     `toml:"username"`
+	Password            config.Secret     `toml:"password"`
 	Redial              config.Duration   `toml:"redial"`
 	MaxMsgSize          config.Size       `toml:"max_msg_size"`
 	Trace               bool              `toml:"dump_responses"`
@@ -211,8 +211,23 @@ func (c *GNMI) Start(acc telegraf.Accumulator) error {
 	// Prepare the context, optionally with credentials
 	var ctx context.Context
 	ctx, c.cancel = context.WithCancel(context.Background())
-	if len(c.Username) > 0 {
-		ctx = metadata.AppendToOutgoingContext(ctx, "username", c.Username, "password", c.Password)
+
+	usernameSecret, err := c.Username.Get()
+	if err != nil {
+		return fmt.Errorf("getting username failed: %w", err)
+	}
+	defer usernameSecret.Destroy()
+	username := usernameSecret.String()
+
+	passwordSecret, err := c.Password.Get()
+	if err != nil {
+		return fmt.Errorf("getting password failed: %w", err)
+	}
+	defer passwordSecret.Destroy()
+	password := passwordSecret.String()
+
+	if len(username) > 0 {
+		ctx = metadata.AppendToOutgoingContext(ctx, "username", username, "password", password)
 	}
 
 	// Create a goroutine for each device, dial and subscribe

diff --git a/plugins/inputs/gnmi/gnmi_test.go b/plugins/inputs/gnmi/gnmi_test.go
@@ -140,8 +140,8 @@ func TestUsernamePassword(t *testing.T) {
 	plugin := &GNMI{
 		Log:       testutil.Logger{},
 		Addresses: []string{listener.Addr().String()},
-		Username:  "theusername",
-		Password:  "thepassword",
+		Username:  config.NewSecret([]byte("theusername")),
+		Password:  config.NewSecret([]byte("thepassword")),
 		Encoding:  "proto",
 		Redial:    config.Duration(1 * time.Second),
 	}