Skip to content

Commit 6adb5f5

Browse files
author
Norayr25
authored
MONIT-34354: Support CSP integration for getting an access token (#852)
1 parent 8dbcd15 commit 6adb5f5

26 files changed

Lines changed: 1118 additions & 244 deletions

docker/Dockerfile

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,15 @@
11
FROM eclipse-temurin:11
22

3-
# This script may automatically configure wavefront without prompting, based on
4-
# these variables:
3+
# Wavefront authentication can be configured in three different ways: Customers that have been
4+
# onboarded by CSP can set up CSP api tokens or CSP OAuth apps (CSP_APP_ID, CSP_APP_SECRET).
5+
# Customers of Wavefront can use Wavefront api token. This script may automatically
6+
# configure Wavefront without prompting, based on these variables:
57
# WAVEFRONT_URL (required)
6-
# WAVEFRONT_TOKEN (required)
8+
# WAVEFRONT_TOKEN (not required)
9+
# CSP_API_TOKEN (not required)
10+
# CSP_APP_ID (not required)
11+
# CSP_APP_SECRET (not required)
12+
# CSP_ORG_ID (not required)
713
# JAVA_HEAP_USAGE (default is 4G)
814
# WAVEFRONT_HOSTNAME (default is the docker containers hostname)
915
# WAVEFRONT_PROXY_ARGS (default is none)

docker/Dockerfile-rhel

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,16 @@ LABEL name="Wavefront Collector" \
1313
summary="The Wavefront Proxy is a light-weight Java application that you send your metrics, histograms, and trace data to. It handles batching and transmission of your data to the Wavefront service in a secure, fast, and reliable manner." \
1414
description="The Wavefront Proxy is a light-weight Java application that you send your metrics, histograms, and trace data to. It handles batching and transmission of your data to the Wavefront service in a secure, fast, and reliable manner."
1515

16-
# This script may automatically configure wavefront without prompting, based on
17-
# these variables:
16+
# Wavefront authentication can be configured in three different ways: Customers that have been
17+
# onboarded by CSP can set up CSP api tokens or CSP OAuth apps (CSP_APP_ID, CSP_APP_SECRET).
18+
# Customers of Wavefront can use Wavefront api token. This script may automatically
19+
# configure Wavefront without prompting, based on these variables:
1820
# WAVEFRONT_URL (required)
19-
# WAVEFRONT_TOKEN (required)
21+
# WAVEFRONT_TOKEN (not required)
22+
# CSP_API_TOKEN (not required)
23+
# CSP_APP_ID (not required)
24+
# CSP_APP_SECRET (not required)
25+
# CSP_ORG_ID (not required)
2026
# JAVA_HEAP_USAGE (default is 4G)
2127
# WAVEFRONT_HOSTNAME (default is the docker containers hostname)
2228
# WAVEFRONT_PROXY_ARGS (default is none)

docker/README.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,4 +8,28 @@ Just run this docker image with the following environment variables defined, e.g
88
-p 2878:2878 \
99
wavefront-proxy
1010

11+
docker build -t wavefront-proxy .
12+
docker run -d \
13+
-e WAVEFRONT_URL=https://you.wavefront.com/api/ \
14+
-e CSP_APP_ID <CSP_APP_ID> \
15+
-e CSP_APP_SECRET <CSP_APP_SECRET> \
16+
-p 2878:2878 \
17+
wavefront-proxy
18+
19+
docker build -t wavefront-proxy .
20+
docker run -d \
21+
-e WAVEFRONT_URL=https://you.wavefront.com/api/ \
22+
-e CSP_APP_ID <CSP_APP_ID> \
23+
-e CSP_APP_SECRET <CSP_APP_SECRET> \
24+
-e CSP_ORG_ID <CSP_ORG_ID> \
25+
-p 2878:2878 \
26+
wavefront-proxy
27+
28+
docker build -t wavefront-proxy .
29+
docker run -d \
30+
-e WAVEFRONT_URL=https://you.wavefront.com/api/ \
31+
-e CSP_API_TOKEN=<CSP_API_TOKEN> \
32+
-p 2878:2878 \
33+
wavefront-proxy
34+
1135
All properties that exist in [wavefront.conf](https://github.com/wavefrontHQ/java/blob/master/pkg/etc/wavefront/wavefront-proxy/wavefront.conf.default) can be customized by passing their name as long form arguments within your docker run command in the WAVEFRONT_PROXY_ARGS environment variable. For example, add `-e WAVEFRONT_PROXY_ARGS="--pushRateLimit 1000"` to your docker run command to specify a [rate limit](https://github.com/wavefrontHQ/java/blob/master/pkg/etc/wavefront/wavefront-proxy/wavefront.conf.default#L62) of 1000 pps for the proxy.

docker/docker-compose.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@ services:
44
environment:
55
WAVEFRONT_URL: ${WF_URL}
66
WAVEFRONT_TOKEN: ${WF_TOKEN}
7+
CSP_API_TOKEN: ${CSP_API_TOKEN}
8+
CSP_APP_ID: ${CSP_APP_ID}
9+
CSP_APP_SECRET: ${CSP_APP_SECRET}
10+
CSP_ORG_ID: ${CSP_ORG_ID}
711
WAVEFRONT_PROXY_ARGS: --ephemeral false --idFile /var/spool/wavefront-proxy/id-1
812
volumes:
913
- /Users/glaullon/tmp:/var/spool/wavefront-proxy
@@ -14,6 +18,10 @@ services:
1418
environment:
1519
WAVEFRONT_URL: ${WF_URL}
1620
WAVEFRONT_TOKEN: ${WF_TOKEN}
21+
CSP_API_TOKEN: ${CSP_API_TOKEN}
22+
CSP_APP_ID: ${CSP_APP_ID}
23+
CSP_APP_SECRET: ${CSP_APP_SECRET}
24+
CSP_ORG_ID: ${CSP_ORG_ID}
1725
WAVEFRONT_PROXY_ARGS: --ephemeral false --idFile /var/spool/wavefront-proxy/id-2
1826
volumes:
1927
- /Users/glaullon/tmp:/var/spool/wavefront-proxy

docker/run.sh

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,24 @@ if [[ -z "$WAVEFRONT_URL" ]]; then
55
exit 0
66
fi
77

8-
if [[ -z "$WAVEFRONT_TOKEN" ]]; then
9-
echo "WAVEFRONT_TOKEN environment variable not configured - aborting startup " >&2
10-
exit 0
8+
authType=""
9+
if [[ -n "$CSP_APP_ID" && -n "$CSP_APP_SECRET" ]]; then
10+
if [[ -n "$CSP_ORG_ID" ]]; then
11+
authType="--cspAppId $CSP_APP_ID --cspAppSecret $CSP_APP_SECRET --cspOrgId $CSP_ORG_ID"
12+
else
13+
authType="--cspAppId $CSP_APP_ID --cspAppSecret $CSP_APP_SECRET"
14+
fi
15+
fi
16+
if [[ -n "$CSP_API_TOKEN" ]]; then
17+
authType="--cspAPIToken $CSP_API_TOKEN"
18+
fi
19+
if [[ -n "$WAVEFRONT_TOKEN" ]]; then
20+
authType="-t $WAVEFRONT_TOKEN"
21+
fi
22+
23+
if [[ -z "$authType" ]]; then
24+
echo "Error: The auth method combination was wrong or no auth method was supplied."
25+
exit 1
1126
fi
1227

1328
spool_dir="/var/spool/wavefront-proxy"
@@ -61,7 +76,7 @@ java \
6176
-Dlog4j.configurationFile=/etc/wavefront/wavefront-proxy/log4j2.xml \
6277
-jar /opt/wavefront/wavefront-proxy/wavefront-proxy.jar \
6378
-h $WAVEFRONT_URL \
64-
-t $WAVEFRONT_TOKEN \
79+
$authType \
6580
--ephemeral true \
6681
--buffer ${spool_dir}/buffer \
6782
--flushThreads 6 \

pkg/etc/init.d/wavefront-proxy

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,12 +22,6 @@ sysconfig="/etc/sysconfig/$service_name"
2222
desc=${DESC:-Wavefront Proxy}
2323
pid_file=${PID_FILE:-/var/run/$service_name.pid}
2424

25-
badConfig() {
26-
echo "Proxy configuration incorrect"
27-
echo "setup 'server' and 'token' in '${conf_file}' file."
28-
exit -1
29-
}
30-
3125
setupEnv(){
3226
if [ -f /.dockerenv ]; then
3327
>&2 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
@@ -74,7 +68,6 @@ setupEnv(){
7468
fi
7569
fi
7670
echo "Using \"${conf_file}\" as config file"
77-
grep -q CHANGE_ME ${conf_file} && badConfig
7871

7972
log_file="/var/log/wavefront/wavefront.log"
8073
proxy_jar=${AGENT_JAR:-$proxy_dir/bin/wavefront-proxy.jar}

pkg/etc/wavefront/wavefront-proxy/wavefront.conf.default

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
########################################################################################################################
77
# Wavefront API endpoint URL. Usually the same as the URL of your Wavefront instance, with an `api`
88
# suffix -- or Wavefront provides the URL.
9-
server=CHANGE_ME
9+
server=SERVER_URL_HERE
1010

1111
# The proxyname will be used to identify the internal proxy statistics around point rates, JVM info, etc.
1212
# We strongly recommend setting this to a name that is unique among your entire infrastructure, to make this
@@ -18,7 +18,27 @@ server=CHANGE_ME
1818
# 1. Click the gear icon at the top right in the Wavefront UI.
1919
# 2. Click your account name (usually your email)
2020
# 3. Click *API access*.
21-
token=CHANGE_ME
21+
#token=WF_TOKEN_HERE
22+
23+
# To add a proxy, you need to use an existing API token with AOA service proxy role. If you have no API token yet, you
24+
# can create one under your account page in VMWare Cloud Service.
25+
#cspAPIToken=CSP_API_TOKEN_HERE
26+
27+
# To add a proxy, you need to use an existing App ID, App Secret for server to serve type of app with AOA service proxy role.
28+
# If you have no App ID and App Secret yet, you can create one for server to serve type of app under Organization/OAuth
29+
# Apps menu item in VMWare Cloud Service. Note: Proxy, based on OAuth apps, has no expiration time.
30+
#cspAppId=CSP_APP_ID_HERE
31+
32+
# To add a proxy, you need to use an existing App ID, App Secret for server to serve type of app with AOA service proxy role.
33+
# If you have no App ID and App Secret yet, you can create one for server to serve type of app under Organization/OAuth
34+
# Apps menu item in VMWare Cloud Service. Note: Proxy, based on OAuth apps, has no expiration time.
35+
#cspAppSecret=CSP_APP_SECRET_HERE
36+
37+
# The CSP organisation ID.
38+
#cspOrgId=CSP_ORG_ID_HERE
39+
40+
# CSP console URL. This will be used in many places like getting token.
41+
#cspBaseUrl=https://console.cloud.vmware.com
2242

2343
####################################################### INPUTS #########################################################
2444
# Comma-separated list of ports to listen on for Wavefront formatted data (Default: 2878)

proxy/src/main/java/com/wavefront/agent/AbstractAgent.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -321,8 +321,9 @@ public void start(String[] args) {
321321
// 2. Read or create the unique Id for the daemon running on this machine.
322322
agentId = getOrCreateProxyId(proxyConfig);
323323
apiContainer = new APIContainer(proxyConfig, proxyConfig.isUseNoopSender());
324+
TokenManager.start(apiContainer);
324325
// config the entityPropertiesFactoryMap
325-
for (String tenantName : proxyConfig.getMulticastingTenantList().keySet()) {
326+
for (String tenantName : TokenManager.getMulticastingTenantList().keySet()) {
326327
entityPropertiesFactoryMap.put(tenantName, new EntityPropertiesFactoryImpl(proxyConfig));
327328
}
328329
// Perform initial proxy check-in and schedule regular check-ins (once a minute)
@@ -384,7 +385,7 @@ public void run() {
384385
protected void processConfiguration(String tenantName, AgentConfiguration config) {
385386
try {
386387
// for all ProxyV2API
387-
for (String tn : proxyConfig.getMulticastingTenantList().keySet()) {
388+
for (String tn : TokenManager.getMulticastingTenantList().keySet()) {
388389
apiContainer.getProxyV2APIForTenant(tn).proxyConfigProcessed(agentId);
389390
}
390391
} catch (RuntimeException e) {

proxy/src/main/java/com/wavefront/agent/ProxyCheckInScheduler.java

Lines changed: 14 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -163,27 +163,25 @@ private Map<String, AgentConfiguration> checkin() {
163163
if (retries.incrementAndGet() > MAX_CHECKIN_ATTEMPTS) return null;
164164
}
165165
// MONIT-25479: check-in for central and multicasting tenants / clusters
166-
Map<String, Map<String, String>> multicastingTenantList =
167-
proxyConfig.getMulticastingTenantList();
166+
Map<String, TenantInfo> multicastingTenantList = TokenManager.getMulticastingTenantList();
168167
// Initialize tenantName and multicastingTenantProxyConfig here to track current checking
169168
// tenant for better exception handling message
170169
String tenantName = APIContainer.CENTRAL_TENANT_NAME;
171-
Map<String, String> multicastingTenantProxyConfig =
170+
TenantInfo multicastingTenantProxyConfig =
172171
multicastingTenantList.get(APIContainer.CENTRAL_TENANT_NAME);
173172
try {
174173
AgentConfiguration multicastingConfig;
175-
for (Map.Entry<String, Map<String, String>> multicastingTenantEntry :
174+
for (Map.Entry<String, TenantInfo> multicastingTenantEntry :
176175
multicastingTenantList.entrySet()) {
177176
tenantName = multicastingTenantEntry.getKey();
178177
multicastingTenantProxyConfig = multicastingTenantEntry.getValue();
179-
logger.info(
180-
"Checking in tenants: " + multicastingTenantProxyConfig.get(APIContainer.API_SERVER));
178+
logger.info("Checking in tenants: " + multicastingTenantProxyConfig.getWFServer());
181179
multicastingConfig =
182180
apiContainer
183181
.getProxyV2APIForTenant(tenantName)
184182
.proxyCheckin(
185183
proxyId,
186-
"Bearer " + multicastingTenantProxyConfig.get(APIContainer.API_TOKEN),
184+
"Bearer " + multicastingTenantProxyConfig.getBearerToken(),
187185
proxyConfig.getHostname()
188186
+ (multicastingTenantList.size() > 1 ? "-multi_tenant" : ""),
189187
proxyConfig.getProxyname(),
@@ -215,8 +213,7 @@ private Map<String, AgentConfiguration> checkin() {
215213
break;
216214
case 404:
217215
case 405:
218-
String serverUrl =
219-
multicastingTenantProxyConfig.get(APIContainer.API_SERVER).replaceAll("/$", "");
216+
String serverUrl = multicastingTenantProxyConfig.getWFServer().replaceAll("/$", "");
220217
if (successfulCheckIns.get() == 0 && !retryImmediately && !serverUrl.endsWith("/api")) {
221218
this.serverEndpointUrl = serverUrl + "/api/";
222219
checkinError(
@@ -228,9 +225,9 @@ private Map<String, AgentConfiguration> checkin() {
228225
}
229226
String secondaryMessage =
230227
serverUrl.endsWith("/api")
231-
? "Current setting: " + multicastingTenantProxyConfig.get(APIContainer.API_SERVER)
228+
? "Current setting: " + multicastingTenantProxyConfig.getWFServer()
232229
: "Server endpoint URLs normally end with '/api/'. Current setting: "
233-
+ multicastingTenantProxyConfig.get(APIContainer.API_SERVER);
230+
+ multicastingTenantProxyConfig.getBearerToken();
234231
checkinError(
235232
"HTTP "
236233
+ ex.getResponse().getStatus()
@@ -258,7 +255,7 @@ private Map<String, AgentConfiguration> checkin() {
258255
"HTTP "
259256
+ ex.getResponse().getStatus()
260257
+ " error: Unable to check in with Wavefront! "
261-
+ multicastingTenantProxyConfig.get(APIContainer.API_SERVER)
258+
+ multicastingTenantProxyConfig.getWFServer()
262259
+ ": "
263260
+ Throwables.getRootCause(ex).getMessage());
264261
}
@@ -268,14 +265,14 @@ private Map<String, AgentConfiguration> checkin() {
268265
if (rootCause instanceof UnknownHostException) {
269266
checkinError(
270267
"Unknown host: "
271-
+ multicastingTenantProxyConfig.get(APIContainer.API_SERVER)
268+
+ multicastingTenantProxyConfig.getWFServer()
272269
+ ". Please verify your DNS and network settings!");
273270
return null;
274271
}
275272
if (rootCause instanceof ConnectException) {
276273
checkinError(
277274
"Unable to connect to "
278-
+ multicastingTenantProxyConfig.get(APIContainer.API_SERVER)
275+
+ multicastingTenantProxyConfig.getWFServer()
279276
+ ": "
280277
+ rootCause.getMessage()
281278
+ " Please verify your network/firewall settings!");
@@ -284,22 +281,22 @@ private Map<String, AgentConfiguration> checkin() {
284281
if (rootCause instanceof SocketTimeoutException) {
285282
checkinError(
286283
"Unable to check in with "
287-
+ multicastingTenantProxyConfig.get(APIContainer.API_SERVER)
284+
+ multicastingTenantProxyConfig.getWFServer()
288285
+ ": "
289286
+ rootCause.getMessage()
290287
+ " Please verify your network/firewall settings!");
291288
return null;
292289
}
293290
checkinError(
294291
"Request processing error: Unable to retrieve proxy configuration! "
295-
+ multicastingTenantProxyConfig.get(APIContainer.API_SERVER)
292+
+ multicastingTenantProxyConfig.getWFServer()
296293
+ ": "
297294
+ rootCause);
298295
return null;
299296
} catch (Exception ex) {
300297
checkinError(
301298
"Unable to retrieve proxy configuration from remote server! "
302-
+ multicastingTenantProxyConfig.get(APIContainer.API_SERVER)
299+
+ multicastingTenantProxyConfig.getWFServer()
303300
+ ": "
304301
+ Throwables.getRootCause(ex));
305302
return null;

0 commit comments

Comments
 (0)