VictoriaMetrics/app/vmalert/remoteread/init.go

package remoteread

import (
	"flag"
	"fmt"
	"net/http"

	"github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/datasource"
	"github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/utils"
	"github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil"
)

var (
	addr = flag.String("remoteRead.url", "", "Optional URL to datasource compatible with Prometheus HTTP API. It can be single node VictoriaMetrics or vmselect."+
		"Remote read is used to restore alerts state."+
		"This configuration makes sense only if `vmalert` was configured with `remoteWrite.url` before and has been successfully persisted its state. "+
		"E.g. http://127.0.0.1:8428. See also '-remoteRead.disablePathAppend', '-remoteRead.showURL'.")

	showRemoteReadURL = flag.Bool("remoteRead.showURL", false, "Whether to show -remoteRead.url in the exported metrics. "+
		"It is hidden by default, since it can contain sensitive info such as auth key")

	headers = flag.String("remoteRead.headers", "", "Optional HTTP headers to send with each request to the corresponding -remoteRead.url. "+
		"For example, -remoteRead.headers='My-Auth:foobar' would send 'My-Auth: foobar' HTTP header with every request to the corresponding -remoteRead.url. "+
		"Multiple headers must be delimited by '^^': -remoteRead.headers='header1:value1^^header2:value2'")

	basicAuthUsername     = flag.String("remoteRead.basicAuth.username", "", "Optional basic auth username for -remoteRead.url")
	basicAuthPassword     = flag.String("remoteRead.basicAuth.password", "", "Optional basic auth password for -remoteRead.url")
	basicAuthPasswordFile = flag.String("remoteRead.basicAuth.passwordFile", "", "Optional path to basic auth password to use for -remoteRead.url")

	bearerToken     = flag.String("remoteRead.bearerToken", "", "Optional bearer auth token to use for -remoteRead.url.")
	bearerTokenFile = flag.String("remoteRead.bearerTokenFile", "", "Optional path to bearer token file to use for -remoteRead.url.")

	tlsInsecureSkipVerify = flag.Bool("remoteRead.tlsInsecureSkipVerify", false, "Whether to skip tls verification when connecting to -remoteRead.url")
	tlsCertFile           = flag.String("remoteRead.tlsCertFile", "", "Optional path to client-side TLS certificate file to use when connecting to -remoteRead.url")
	tlsKeyFile            = flag.String("remoteRead.tlsKeyFile", "", "Optional path to client-side TLS certificate key to use when connecting to -remoteRead.url")
	tlsCAFile             = flag.String("remoteRead.tlsCAFile", "", "Optional path to TLS CA file to use for verifying connections to -remoteRead.url. "+
		"By default, system CA is used")
	tlsServerName = flag.String("remoteRead.tlsServerName", "", "Optional TLS server name to use for connections to -remoteRead.url. "+
		"By default, the server name from -remoteRead.url is used")

	oauth2ClientID         = flag.String("remoteRead.oauth2.clientID", "", "Optional OAuth2 clientID to use for -remoteRead.url.")
	oauth2ClientSecret     = flag.String("remoteRead.oauth2.clientSecret", "", "Optional OAuth2 clientSecret to use for -remoteRead.url.")
	oauth2ClientSecretFile = flag.String("remoteRead.oauth2.clientSecretFile", "", "Optional OAuth2 clientSecretFile to use for -remoteRead.url.")
	oauth2TokenURL         = flag.String("remoteRead.oauth2.tokenUrl", "", "Optional OAuth2 tokenURL to use for -remoteRead.url. ")
	oauth2Scopes           = flag.String("remoteRead.oauth2.scopes", "", "Optional OAuth2 scopes to use for -remoteRead.url. Scopes must be delimited by ';'.")
)

// InitSecretFlags must be called after flag.Parse and before any logging
func InitSecretFlags() {
	if !*showRemoteReadURL {
		flagutil.RegisterSecretFlag("remoteRead.url")
	}
}

// Init creates a Querier from provided flag values.
// Returns nil if addr flag wasn't set.
func Init() (datasource.QuerierBuilder, error) {
	if *addr == "" {
		return nil, nil
	}
	tr, err := utils.Transport(*addr, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify)
	if err != nil {
		return nil, fmt.Errorf("failed to create transport: %w", err)
	}

	authCfg, err := utils.AuthConfig(
		utils.WithBasicAuth(*basicAuthUsername, *basicAuthPassword, *basicAuthPasswordFile),
		utils.WithBearer(*bearerToken, *bearerTokenFile),
		utils.WithOAuth(*oauth2ClientID, *oauth2ClientSecret, *oauth2ClientSecretFile, *oauth2TokenURL, *oauth2Scopes),
		utils.WithHeaders(*headers))
	if err != nil {
		return nil, fmt.Errorf("failed to configure auth: %w", err)
	}
	c := &http.Client{Transport: tr}
	return datasource.NewVMStorage(*addr, authCfg, 0, 0, false, c), nil
}
app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`package remoteread`

			`import (`
			`"flag"`
			`"fmt"`
			`"net/http"`

			`"github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/datasource"`
			`"github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/utils"`
vmalert: mark some url flags as sensitive (#2965) Other components, such as `vmagent`, mark these flags as sensitive and hide them from the `/metrics` endpoint by default. This commit adds similar handling to the `vmalert` component, hiding them by default, to prevent logging of secrets inappropriately. Showing of these values is controlled by an additional flag. Follow up to https://github.com/VictoriaMetrics/VictoriaMetrics/pull/2947 2022-08-11 07:56:40 +00:00			`"github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil"`
app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`)`

			`var (`
vmalert: remove notions of vmalert being compatible with VM only (#2954) vmalert can be successfully used with datasources compatible with Prometheus HTTP API. So we remove comments or notes in Readme which are saying opposite. Signed-off-by: hagen1778 <roman@victoriametrics.com> 2022-08-08 07:45:21 +00:00			`addr = flag.String("remoteRead.url", "", "Optional URL to datasource compatible with Prometheus HTTP API. It can be single node VictoriaMetrics or vmselect."+`
			`"Remote read is used to restore alerts state."+`
			"This configuration makes sense only if `vmalert` was configured with `remoteWrite.url` before and has been successfully persisted its state. "+
vmalert: follow-up after 28441711e6784dc3e9a75caf4d096452f0d2ea9c (#2972) Signed-off-by: hagen1778 <roman@victoriametrics.com> Signed-off-by: hagen1778 <roman@victoriametrics.com> 2022-08-11 11:30:32 +00:00			`"E.g. http://127.0.0.1:8428. See also '-remoteRead.disablePathAppend', '-remoteRead.showURL'.")`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 11:09:12 +00:00
vmalert: mark some url flags as sensitive (#2965) Other components, such as `vmagent`, mark these flags as sensitive and hide them from the `/metrics` endpoint by default. This commit adds similar handling to the `vmalert` component, hiding them by default, to prevent logging of secrets inappropriately. Showing of these values is controlled by an additional flag. Follow up to https://github.com/VictoriaMetrics/VictoriaMetrics/pull/2947 2022-08-11 07:56:40 +00:00			`showRemoteReadURL = flag.Bool("remoteRead.showURL", false, "Whether to show -remoteRead.url in the exported metrics. "+`
			`"It is hidden by default, since it can contain sensitive info such as auth key")`

vmalert: allow configuring custom headers for URLs (#2897) See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/2860 Signed-off-by: hagen1778 <roman@victoriametrics.com> 2022-07-21 11:57:53 +00:00			`headers = flag.String("remoteRead.headers", "", "Optional HTTP headers to send with each request to the corresponding -remoteRead.url. "+`
			`"For example, -remoteRead.headers='My-Auth:foobar' would send 'My-Auth: foobar' HTTP header with every request to the corresponding -remoteRead.url. "+`
			`"Multiple headers must be delimited by '^^': -remoteRead.headers='header1:value1^^header2:value2'")`

app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`basicAuthUsername = flag.String("remoteRead.basicAuth.username", "", "Optional basic auth username for -remoteRead.url")`
			`basicAuthPassword = flag.String("remoteRead.basicAuth.password", "", "Optional basic auth password for -remoteRead.url")`
vmalert: support bearer token for datasource, remotewrite and remoteread (#1614) https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1608 2021-09-14 11:32:06 +00:00			`basicAuthPasswordFile = flag.String("remoteRead.basicAuth.passwordFile", "", "Optional path to basic auth password to use for -remoteRead.url")`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 11:09:12 +00:00
			`bearerToken = flag.String("remoteRead.bearerToken", "", "Optional bearer auth token to use for -remoteRead.url.")`
			`bearerTokenFile = flag.String("remoteRead.bearerTokenFile", "", "Optional path to bearer token file to use for -remoteRead.url.")`
vmalert: support bearer token for datasource, remotewrite and remoteread (#1614) https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1608 2021-09-14 11:32:06 +00:00
app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`tlsInsecureSkipVerify = flag.Bool("remoteRead.tlsInsecureSkipVerify", false, "Whether to skip tls verification when connecting to -remoteRead.url")`
			`tlsCertFile = flag.String("remoteRead.tlsCertFile", "", "Optional path to client-side TLS certificate file to use when connecting to -remoteRead.url")`
			`tlsKeyFile = flag.String("remoteRead.tlsKeyFile", "", "Optional path to client-side TLS certificate key to use when connecting to -remoteRead.url")`
			`tlsCAFile = flag.String("remoteRead.tlsCAFile", "", "Optional path to TLS CA file to use for verifying connections to -remoteRead.url. "+`
fixed typos in documentation and commandline flags descriptions (#4275) 2023-05-10 07:50:41 +00:00			`"By default, system CA is used")`
app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`tlsServerName = flag.String("remoteRead.tlsServerName", "", "Optional TLS server name to use for connections to -remoteRead.url. "+`
fixed typos in documentation and commandline flags descriptions (#4275) 2023-05-10 07:50:41 +00:00			`"By default, the server name from -remoteRead.url is used")`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 11:09:12 +00:00
			`oauth2ClientID = flag.String("remoteRead.oauth2.clientID", "", "Optional OAuth2 clientID to use for -remoteRead.url.")`
			`oauth2ClientSecret = flag.String("remoteRead.oauth2.clientSecret", "", "Optional OAuth2 clientSecret to use for -remoteRead.url.")`
			`oauth2ClientSecretFile = flag.String("remoteRead.oauth2.clientSecretFile", "", "Optional OAuth2 clientSecretFile to use for -remoteRead.url.")`
			`oauth2TokenURL = flag.String("remoteRead.oauth2.tokenUrl", "", "Optional OAuth2 tokenURL to use for -remoteRead.url. ")`
			`oauth2Scopes = flag.String("remoteRead.oauth2.scopes", "", "Optional OAuth2 scopes to use for -remoteRead.url. Scopes must be delimited by ';'.")`
app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`)`

vmalert: mark some url flags as sensitive (#2965) Other components, such as `vmagent`, mark these flags as sensitive and hide them from the `/metrics` endpoint by default. This commit adds similar handling to the `vmalert` component, hiding them by default, to prevent logging of secrets inappropriately. Showing of these values is controlled by an additional flag. Follow up to https://github.com/VictoriaMetrics/VictoriaMetrics/pull/2947 2022-08-11 07:56:40 +00:00			`// InitSecretFlags must be called after flag.Parse and before any logging`
			`func InitSecretFlags() {`
			`if !*showRemoteReadURL {`
			`flagutil.RegisterSecretFlag("remoteRead.url")`
			`}`
			`}`

app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`// Init creates a Querier from provided flag values.`
			`// Returns nil if addr flag wasn't set.`
changes vmalert Querier with per rule querier (#1249) * changes vmalert Querier with per rule querier it allows to changes some parametrs based on rule setting for instance - alert type, tenant for cluster version or event endpoint url. 2021-04-28 20:41:15 +00:00			`func Init() (datasource.QuerierBuilder, error) {`
app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`if *addr == "" {`
			`return nil, nil`
			`}`
			`tr, err := utils.Transport(addr, tlsCertFile, tlsKeyFile, tlsCAFile, tlsServerName, tlsInsecureSkipVerify)`
			`if err != nil {`
all: use %w instead of %s for wrapping errors in `fmt.Errorf` This will simplify examining the returned errors such as httpserver.ErrorWithStatusCode . See https://blog.golang.org/go1.13-errors for details. 2020-06-30 19:58:18 +00:00			`return nil, fmt.Errorf("failed to create transport: %w", err)`
app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`}`
Issue-1824: added flags and different auth types support (#2287) * vmalert/notifier: added flags and different auth types support Co-authored-by: hagen1778 <roman@victoriametrics.com> 2022-03-10 11:09:12 +00:00
			`authCfg, err := utils.AuthConfig(`
			`utils.WithBasicAuth(basicAuthUsername, basicAuthPassword, *basicAuthPasswordFile),`
			`utils.WithBearer(bearerToken, bearerTokenFile),`
vmalert: allow configuring custom headers for URLs (#2897) See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/2860 Signed-off-by: hagen1778 <roman@victoriametrics.com> 2022-07-21 11:57:53 +00:00			`utils.WithOAuth(oauth2ClientID, oauth2ClientSecret, oauth2ClientSecretFile, oauth2TokenURL, *oauth2Scopes),`
			`utils.WithHeaders(*headers))`
vmalert: support bearer token for datasource, remotewrite and remoteread (#1614) https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1608 2021-09-14 11:32:06 +00:00			`if err != nil {`
			`return nil, fmt.Errorf("failed to configure auth: %w", err)`
			`}`
app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`c := &http.Client{Transport: tr}`
app/vmalert: apply `-remoteRead.disablePathAppend` to `-datasource.url` in the same way as for the `-remoteRead.url` This is a follow-up for 0e2486df5631d8c8ed8dab51de070dc8c3c2ab33 The related pull requests: - https://github.com/VictoriaMetrics/VictoriaMetrics/pull/1536 - https://github.com/VictoriaMetrics/VictoriaMetrics/pull/1712 2022-05-13 13:19:32 +00:00			`return datasource.NewVMStorage(*addr, authCfg, 0, 0, false, c), nil`
app/vmalert: move flags description and initialization into subpackages The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function. 2020-06-28 11:26:22 +00:00			`}`