Merge pull request #5 from arangodb-helper/feature/jwt-file

JWT File

Author: Lars Maier

exporter.go

@@ -102,7 +102,7 @@ type Exporter struct {
 }
 
 // NewExporter returns an initialized Exporter.
-func NewExporter(arangodbEndpoint, jwtSecret string, sslVerify bool, timeout time.Duration) (*Exporter, error) {
+func NewExporter(arangodbEndpoint, jwt string, sslVerify bool, timeout time.Duration) (*Exporter, error) {
 	connCfg := driver_http.ConnectionConfig{
 		Endpoints: []string{arangodbEndpoint},
 	}
@@ -113,8 +113,8 @@ func NewExporter(arangodbEndpoint, jwtSecret string, sslVerify bool, timeout tim
 	if err != nil {
 		return nil, maskAny(err)
 	}
-	if jwtSecret != "" {
-		hdr, err := CreateArangodJwtAuthorizationHeader(jwtSecret)
+	if jwt != "" {
+		hdr, err := CreateArangodJwtAuthorizationHeader(jwt)
 		if err != nil {
 			return nil, maskAny(err)
 		}

jwt.go

@@ -33,15 +33,20 @@ const (
 // CreateArangodJwtAuthorizationHeader calculates a JWT authorization header, for authorization
 // of a request to an arangod server, based on the given secret.
 // If the secret is empty, nothing is done.
-func CreateArangodJwtAuthorizationHeader(jwtSecret string) (string, error) {
+func CreateArangodJwtAuthorizationHeader(jwt string) (string, error) {
+	return "bearer " + jwt, nil
+}
+
+// CreateArangodJWT creates a superuser arangod jwt
+func CreateArangodJWT(jwtSecret string) (string, error) {
 	if jwtSecret == "" {
 		return "", nil
 	}
 	// Create a new token object, specifying signing method and the claims
 	// you would like it to contain.
 	token := jg.NewWithClaims(jg.SigningMethodHS256, jg.MapClaims{
 		"iss":       issArangod,
-		"server_id": "foo",
+		"server_id": "exporter",
 	})
 
 	// Sign and get the complete encoded token as a string using the secret
@@ -50,5 +55,5 @@ func CreateArangodJwtAuthorizationHeader(jwtSecret string) (string, error) {
 		return "", maskAny(err)
 	}
 
-	return "bearer " + signedToken, nil
+	return signedToken, nil
 }

main.go

@@ -24,6 +24,7 @@ package main
 
 import (
 	"fmt"
+	"io/ioutil"
 	"net/http"
 	_ "net/http/pprof"
 	"time"
@@ -49,6 +50,7 @@ var (
 	arangodbOptions struct {
 		endpoint  string
 		jwtSecret string
+		jwtFile   string
 		timeout   time.Duration
 	}
 )
@@ -61,7 +63,10 @@ func init() {
 
 	f.StringVar(&arangodbOptions.endpoint, "arangodb.endpoint", "http://127.0.0.1:8529", "Endpoint used to reach the ArangoDB server")
 	f.StringVar(&arangodbOptions.jwtSecret, "arangodb.jwtsecret", "", "JWT Secret used for authentication with ArangoDB server")
+	f.StringVar(&arangodbOptions.jwtFile, "arangodb.jwt-file", "", "File containing the JWT for authentication with ArangoDB server")
 	f.DurationVar(&arangodbOptions.timeout, "arangodb.timeout", time.Second*15, "Timeout of statistics requests for ArangoDB")
+
+	f.MarkDeprecated("arangodb.jwtsecret", "please use --arangodb.jwt-file instead")
 }
 
 func main() {
@@ -71,7 +76,22 @@ func main() {
 func cmdMainRun(cmd *cobra.Command, args []string) {
 	log.Infoln(fmt.Sprintf("Starting arangodb-exporter %s, build %s", projectVersion, projectBuild))
 
-	exporter, err := NewExporter(arangodbOptions.endpoint, arangodbOptions.jwtSecret, false, arangodbOptions.timeout)
+	var token string
+	if arangodbOptions.jwtFile != "" {
+		data, err := ioutil.ReadFile(arangodbOptions.jwtFile)
+		if err != nil {
+			log.Fatal(err)
+		}
+		token = string(data)
+	} else if arangodbOptions.jwtSecret != "" {
+		var err error
+		token, err = CreateArangodJWT(arangodbOptions.jwtSecret)
+		if err != nil {
+			log.Fatal(err)
+		}
+	}
+
+	exporter, err := NewExporter(arangodbOptions.endpoint, token, false, arangodbOptions.timeout)
 	if err != nil {
 		log.Fatal(err)
 	}