Serve config at HTTP endpoint (#446)

* Serve config at HTTP endpoint Signed-off-by: Annanay <[email protected]> * make vendor-check Signed-off-by: Annanay <[email protected]> * Hide sensitive info from /config endpoint Signed-off-by: Annanay <[email protected]> * Hide azure credentials from /config endpoint Signed-off-by: Annanay <[email protected]> * parse config value into flagext.Secret.Value Signed-off-by: Annanay <[email protected]> * Fix CHANGELOG Signed-off-by: Annanay <[email protected]>
grafana · Jan 21, 2021 · e5ea537 · e5ea537
1 parent 4204792
commit e5ea537
Show file tree

Hide file tree

Showing 9 changed files with 46 additions and 20 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
 ## master / unreleased
 * [CHANGE] Fixed ingester latency spikes on read [#461](https://github.com/grafana/tempo/pull/461)
+* [ENHANCEMENT] Serve config at the "/config" endpoint. [#446](https://github.com/grafana/tempo/pull/446)
 * [BUGFIX] Upgrade cortex dependency to 1.6 to address issue with forgetting ring membership [#442](https://github.com/grafana/tempo/pull/442)
 
 ## v0.5.0
@@ -13,14 +14,14 @@
 * [CHANGE] Rename IngestionMaxBatchSize to IngestionBurstSize. This is a **breaking change**. [#445](https://github.com/grafana/tempo/pull/445)
 * [ENHANCEMENT] Add docker-compose example for GCS along with new backend options [#397](https://github.com/grafana/tempo/pull/397)
 * [ENHANCEMENT] tempo-cli list blocks usability improvements [#403](https://github.com/grafana/tempo/pull/403)
-* [ENHANCEMENT] Add Query Frontend module to allow scaling the query path [#400](https://github.com/grafana/tempo/pull/400)
 * [ENHANCEMENT] Reduce active traces locking time. [#449](https://github.com/grafana/tempo/pull/449)
 * [ENHANCEMENT] Added `tempo_distributor_bytes_received_total` as a per tenant counter of uncompressed bytes received. [#453](https://github.com/grafana/tempo/pull/453)
 * [BUGFIX] Compactor without GCS permissions fail silently [#379](https://github.com/grafana/tempo/issues/379)
 * [BUGFIX] Prevent race conditions between querier polling and ingesters clearing complete blocks [#421](https://github.com/grafana/tempo/issues/421)
 * [BUGFIX] Exclude blocks in last active window from compaction [#411](https://github.com/grafana/tempo/pull/411)
 * [BUGFIX] Mixin: Ignore metrics and query-frontend route when checking for TempoRequestLatency alert. [#440](https://github.com/grafana/tempo/pull/440)
 * [FEATURE] Add support for Azure Blob Storage backend [#340](https://github.com/grafana/tempo/issues/340)
+* [FEATURE] Add Query Frontend module to allow scaling the query path [#400](https://github.com/grafana/tempo/pull/400)
 
 ## v0.4.0
 

diff --git a/cmd/tempo/app/app.go b/cmd/tempo/app/app.go
@@ -16,6 +16,7 @@ import (
 	"github.com/cortexproject/cortex/pkg/util/modules"
 	"github.com/cortexproject/cortex/pkg/util/services"
 	"github.com/go-kit/kit/log/level"
+	"gopkg.in/yaml.v3"
 
 	"github.com/weaveworks/common/middleware"
 	"github.com/weaveworks/common/server"
@@ -203,6 +204,7 @@ func (t *App) Run() error {
 	}
 
 	// before starting servers, register /ready handler and gRPC health check service.
+	t.server.HTTP.Path("/config").Handler(t.configHandler())
 	t.server.HTTP.Path("/ready").Handler(t.readyHandler(sm))
 	grpc_health_v1.RegisterHealthServer(t.server.GRPC, healthcheck.New(sm))
 
@@ -246,6 +248,23 @@ func (t *App) Run() error {
 	return sm.AwaitStopped(context.Background())
 }
 
+func (t *App) configHandler() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		out, err := yaml.Marshal(t.cfg)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		w.Header().Set("Content-Type", "text/yaml")
+		w.WriteHeader(http.StatusOK)
+		if _, err := w.Write(out); err != nil {
+			level.Error(util.Logger).Log("msg", "error writing response", "err", err)
+		}
+	}
+
+}
+
 func (t *App) readyHandler(sm *services.Manager) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if !sm.IsHealthy() {

diff --git a/go.mod b/go.mod
@@ -50,6 +50,7 @@ require (
 	google.golang.org/genproto v0.0.0-20201028140639-c77dae4b0522 // indirect
 	google.golang.org/grpc v1.33.1
 	gopkg.in/yaml.v2 v2.3.0
+	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776
 )
 
 // All of the below replace directives exist due to

diff --git a/modules/storage/config.go b/modules/storage/config.go
@@ -32,8 +32,8 @@ func (cfg *Config) RegisterFlagsAndApplyDefaults(prefix string, f *flag.FlagSet)
 	f.IntVar(&cfg.Trace.WAL.IndexDownsample, util.PrefixConfig(prefix, "trace.wal.index-downsample"), 100, "Number of traces per index record.")
 
 	cfg.Trace.Azure = &azure.Config{}
-	f.StringVar(&cfg.Trace.Azure.StorageAccountName, util.PrefixConfig(prefix, "trace.azure.storage-account-name"), "", "Azure storage account name.")
-	f.StringVar(&cfg.Trace.Azure.StorageAccountKey, util.PrefixConfig(prefix, "trace.azure.storage-account-key"), "", "Azure storage access key.")
+	f.StringVar(&cfg.Trace.Azure.StorageAccountName.Value, util.PrefixConfig(prefix, "trace.azure.storage-account-name"), "", "Azure storage account name.")
+	f.StringVar(&cfg.Trace.Azure.StorageAccountKey.Value, util.PrefixConfig(prefix, "trace.azure.storage-account-key"), "", "Azure storage access key.")
 	f.StringVar(&cfg.Trace.Azure.ContainerName, util.PrefixConfig(prefix, "trace.azure.container-name"), "", "Azure container name to store blocks in.")
 	f.StringVar(&cfg.Trace.Azure.Endpoint, util.PrefixConfig(prefix, "trace.azure.endpoint"), "blob.core.windows.net", "Azure endpoint to push blocks to.")
 	f.IntVar(&cfg.Trace.Azure.MaxBuffers, util.PrefixConfig(prefix, "trace.azure.max-buffers"), 4, "Number of simultaneous uploads.")
@@ -42,8 +42,8 @@ func (cfg *Config) RegisterFlagsAndApplyDefaults(prefix string, f *flag.FlagSet)
 	cfg.Trace.S3 = &s3.Config{}
 	f.StringVar(&cfg.Trace.S3.Bucket, util.PrefixConfig(prefix, "trace.s3.bucket"), "", "s3 bucket to store blocks in.")
 	f.StringVar(&cfg.Trace.S3.Endpoint, util.PrefixConfig(prefix, "trace.s3.endpoint"), "", "s3 endpoint to push blocks to.")
-	f.StringVar(&cfg.Trace.S3.AccessKey, util.PrefixConfig(prefix, "trace.s3.access_key"), "", "s3 access key.")
-	f.StringVar(&cfg.Trace.S3.SecretKey, util.PrefixConfig(prefix, "trace.s3.secret_key"), "", "s3 secret key.")
+	f.StringVar(&cfg.Trace.S3.AccessKey.Value, util.PrefixConfig(prefix, "trace.s3.access_key"), "", "s3 access key.")
+	f.StringVar(&cfg.Trace.S3.SecretKey.Value, util.PrefixConfig(prefix, "trace.s3.secret_key"), "", "s3 secret key.")
 
 	cfg.Trace.GCS = &gcs.Config{}
 	f.StringVar(&cfg.Trace.GCS.BucketName, util.PrefixConfig(prefix, "trace.gcs.bucket"), "", "gcs bucket to store traces in.")

diff --git a/tempodb/backend/azure/azure_helpers.go b/tempodb/backend/azure/azure_helpers.go
@@ -13,7 +13,7 @@ import (
 const maxRetries = 3
 
 func GetContainerURL(ctx context.Context, conf *Config) (blob.ContainerURL, error) {
-	c, err := blob.NewSharedKeyCredential(conf.StorageAccountName, conf.StorageAccountKey)
+	c, err := blob.NewSharedKeyCredential(conf.StorageAccountName.String(), conf.StorageAccountKey.String())
 	if err != nil {
 		return blob.ContainerURL{}, err
 	}

diff --git a/tempodb/backend/azure/config.go b/tempodb/backend/azure/config.go
@@ -1,10 +1,12 @@
 package azure
 
+import "github.com/cortexproject/cortex/pkg/util/flagext"
+
 type Config struct {
-	StorageAccountName string `yaml:"storage-account-name"`
-	StorageAccountKey  string `yaml:"storage-account-key"`
-	ContainerName      string `yaml:"container-name"`
-	Endpoint           string `yaml:"endpoint-suffix"`
-	MaxBuffers         int    `yaml:"max-buffers"`
-	BufferSize         int    `yaml:"buffer-size"`
+	StorageAccountName flagext.Secret `yaml:"storage-account-name"`
+	StorageAccountKey  flagext.Secret `yaml:"storage-account-key"`
+	ContainerName      string         `yaml:"container-name"`
+	Endpoint           string         `yaml:"endpoint-suffix"`
+	MaxBuffers         int            `yaml:"max-buffers"`
+	BufferSize         int            `yaml:"buffer-size"`
 }
diff --git a/tempodb/backend/s3/config.go b/tempodb/backend/s3/config.go
@@ -1,12 +1,14 @@
 package s3
 
+import "github.com/cortexproject/cortex/pkg/util/flagext"
+
 type Config struct {
-	Bucket    string `yaml:"bucket"`
-	Endpoint  string `yaml:"endpoint"`
-	AccessKey string `yaml:"access_key"`
-	SecretKey string `yaml:"secret_key"`
-	Insecure  bool   `yaml:"insecure"`
-	PartSize  uint64 `yaml:"part_size"`
+	Bucket    string         `yaml:"bucket"`
+	Endpoint  string         `yaml:"endpoint"`
+	AccessKey flagext.Secret `yaml:"access_key"`
+	SecretKey flagext.Secret `yaml:"secret_key"`
+	Insecure  bool           `yaml:"insecure"`
+	PartSize  uint64         `yaml:"part_size"`
 	// SignatureV2 configures the object storage to use V2 signing instead of V4
 	SignatureV2 bool `yaml:"signature_v2"`
 }
diff --git a/tempodb/backend/s3/s3.go b/tempodb/backend/s3/s3.go
@@ -77,8 +77,8 @@ func New(cfg *Config) (backend.Reader, backend.Writer, backend.Compactor, error)
 		wrapCredentialsProvider(&credentials.EnvAWS{}),
 		wrapCredentialsProvider(&credentials.Static{
 			Value: credentials.Value{
-				AccessKeyID:     cfg.AccessKey,
-				SecretAccessKey: cfg.SecretKey,
+				AccessKeyID:     cfg.AccessKey.String(),
+				SecretAccessKey: cfg.SecretKey.String(),
 			},
 		}),
 		wrapCredentialsProvider(&credentials.EnvMinio{}),

diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -1559,6 +1559,7 @@ gopkg.in/ini.v1
 ## explicit
 gopkg.in/yaml.v2
 # gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776
+## explicit
 gopkg.in/yaml.v3
 # honnef.co/go/tools v0.0.1-2020.1.4
 honnef.co/go/tools/arg