prometheus-plugs
prometheus-plugs copied to clipboard
deadtrickster
Configuring basic auth in Distillery
In my rel/config/config.exs
I set
config :prometheus, ValiotApp.PrometheusExporter,
auth: {:basic, System.get_env("METRICS_USER"), System.get_env("METRICS_PASS")}
But PrometheusExporter isn't using this configuration. If I instead set it on config/prod.exs it uses the configuration but the env variables aren't set at build time so it has an empty user and password.
I believe it might by related to #25
So the problem is evaluated at compile time plug_exporter.ex#L74 I think we could how that particular config is handled, or we could change how deadtrickster/prometheus.ex/lib/prometheus/config.ex#L48 works. The latter seems a better option but a lot more complicated.
I'm trying something along those lines but I'm having trouble with the metaprogramming 🤯
Having the same problem. Distillery's REPLACE_OS_VARS=true does not work because of the tuple structure:
config :prometheus, MyApp.Metrics.Plug,
auth: {:basic, "prometheus", "${PROMETHEUS_PASSWORD}"}
Im the meanwhile, I was able to workaround this problem by adding https://github.com/CultivateHQ/basic_auth and handling authentication myself.
config.exs
config :prometheus, MyApp.Metrics.Plug,
path: "/"
config :myapp, prometheus_basic_auth: [
username: "prometheus",
password: "${PROMETHEUS_PASSWORD}"
]
router.ex
pipeline :metrics do
plug BasicAuth, use_config: {:myapp, :prometheus_basic_auth}
end
scope "/metrics" do
pipe_through :metrics
forward "/", MyApp.Metrics.Plug
end
Use https://github.com/azohra/ptolemy to get your secrets during runtime and have an external system like vault to manage your secrets.
note: you need deleteplug MyApp.MetricsExporter from endpoint.ex if you define you own basic auth plug.
I maintain an Elixir library that I use to conditionally execute Plugs at runtime: https://github.com/akoutmos/unplug
We wrote our own predicate for Unplug and then just conditionally execute the PlugExporter at runtime based on the current request.
