Merge branch 'main' into main

Author: tshcherban

docker-compose.yml

@@ -206,3 +206,13 @@ services:
         ports:
             - "${TEST_MONGODB_STANDALONE_PORT:-27017}:27017"
         command: mongod --port 27017  --oplogSize 16
+
+    standalone-encrypted:
+        container_name: "standalone-encrypted"
+        image: percona/percona-server-mongodb:5.0.13-11
+        ports:
+            - "${TEST_MONGODB_STANDALONE_ENCRYPTED_PORT:-27027}:27017"
+        volumes:
+            - ./docker/secret/mongodb_secrets.txt:/secret/mongodb_secrets.txt
+            - ./docker/scripts:/scripts
+        command: /scripts/run-mongodb-encrypted.sh

docker/scripts/run-mongodb-encrypted.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# set proper permissions for secret file, otherwise mongodb won't start
+chmod 600 /secret/mongodb_secrets.txt
+mongod --port 27017  --oplogSize 16 --bind_ip_all --enableEncryption --encryptionKeyFile  /secret/mongodb_secrets.txt

docker/secret/mongodb_secrets.txt

@@ -0,0 +1 @@
+zN94kcTrN2CC/X1L9a54/VebKctZnJ/QIO3JdzUWKdY=

exporter/diagnostic_data_collector.go

@@ -26,6 +26,12 @@ import (
 	"go.mongodb.org/mongo-driver/mongo"
 )
 
+const (
+	kmipEncryption         = "kmip"
+	vaultEncryption        = "vault"
+	localKeyFileEncryption = "localKeyFile"
+)
+
 type diagnosticDataCollector struct {
 	ctx  context.Context
 	base *baseCollector
@@ -89,6 +95,13 @@ func (d *diagnosticDataCollector) collect(ch chan<- prometheus.Metric) {
 	metrics := makeMetrics("", m, d.topologyInfo.baseLabels(), d.compatibleMode)
 	metrics = append(metrics, locksMetrics(logger, m)...)
 
+	securityMetric, err := d.getSecurityMetricFromLineOptions(client)
+	if err != nil {
+		logger.Errorf("cannot decode getCmdLineOtpions: %s", err)
+	} else if securityMetric != nil {
+		metrics = append(metrics, securityMetric)
+	}
+
 	if d.compatibleMode {
 		metrics = append(metrics, specialMetrics(d.ctx, client, m, logger)...)
 
@@ -111,5 +124,67 @@ func (d *diagnosticDataCollector) collect(ch chan<- prometheus.Metric) {
 	}
 }
 
+func (d *diagnosticDataCollector) getSecurityMetricFromLineOptions(client *mongo.Client) (prometheus.Metric, error) {
+	var cmdLineOpionsBson bson.M
+	cmdLineOptions := bson.D{{Key: "getCmdLineOpts", Value: "1"}}
+	resCmdLineOptions := client.Database("admin").RunCommand(d.ctx, cmdLineOptions)
+	if resCmdLineOptions.Err() != nil {
+		return nil, errors.Wrap(resCmdLineOptions.Err(), "cannot execute getCmdLineOpts command")
+	}
+	if err := resCmdLineOptions.Decode(&cmdLineOpionsBson); err != nil {
+		return nil, errors.Wrap(err, "cannot parse response of the getCmdLineOpts command")
+	}
+
+	if cmdLineOpionsBson == nil || cmdLineOpionsBson["parsed"] == nil {
+		return nil, errors.New("cmdlined options is empty")
+	}
+	parsedOptions, ok := cmdLineOpionsBson["parsed"].(bson.M)
+	if !ok {
+		return nil, errors.New("cannot cast parsed options to BSON")
+	}
+	securityOptions, ok := parsedOptions["security"].(bson.M)
+	if !ok {
+		return nil, nil
+	}
+
+	metric, err := d.retrieveSecurityEncryptionMetric(securityOptions)
+	if err != nil {
+		return nil, err
+	}
+
+	return metric, nil
+}
+
+func (d *diagnosticDataCollector) retrieveSecurityEncryptionMetric(securityOptions bson.M) (prometheus.Metric, error) {
+	_, ok := securityOptions["enableEncryption"]
+	if !ok {
+		return nil, nil
+	}
+
+	var encryptionType string
+	_, ok = securityOptions["kmip"]
+	if ok {
+		encryptionType = kmipEncryption
+	}
+	_, ok = securityOptions["vault"]
+	if ok {
+		encryptionType = vaultEncryption
+	}
+	_, ok = securityOptions["encryptionKeyFile"]
+	if ok {
+		encryptionType = localKeyFileEncryption
+	}
+
+	labels := map[string]string{"type": encryptionType}
+	desc := prometheus.NewDesc("mongodb_security_encryption_enabled", "Shows that encryption is enabled",
+		nil, labels)
+	metric, err := prometheus.NewConstMetric(desc, prometheus.GaugeValue, float64(1))
+	if err != nil {
+		return nil, errors.Wrap(err, "cannot create metric mongodb_security_encryption_enabled")
+	}
+
+	return metric, nil
+}
+
 // check interface.
 var _ prometheus.Collector = (*diagnosticDataCollector)(nil)

exporter/diagnostic_data_collector_test.go

@@ -292,7 +292,7 @@ func TestDisconnectedDiagnosticDataCollector(t *testing.T) {
 	mongodb_mongod_storage_engine{engine="Engine is unavailable"} 1
 	# HELP mongodb_version_info The server version
 	# TYPE mongodb_version_info gauge
-	mongodb_version_info{edition="",mongodb="server version is unavailable",vendor=""} 1` + "\n")
+	mongodb_version_info{edition="",mongodb="",vendor=""} 1` + "\n")
 	// Filter metrics for 2 reasons:
 	// 1. The result is huge
 	// 2. We need to check against know values. Don't use metrics that return counters like uptime

exporter/encryption_info_test.go

@@ -0,0 +1,67 @@
+// mongodb_exporter
+// Copyright (C) 2017 Percona LLC
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+package exporter
+
+import (
+	"context"
+	"io"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/prometheus/client_golang/prometheus/testutil"
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/percona/mongodb_exporter/internal/tu"
+)
+
+func TestGetEncryptionInfo(t *testing.T) {
+	t.Parallel()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+
+	client := tu.TestClient(ctx, tu.MongoDBStandAloneEncryptedPort, t)
+	t.Cleanup(func() {
+		err := client.Disconnect(ctx)
+		assert.NoError(t, err)
+	})
+	logger := logrus.New()
+	logger.Out = io.Discard // disable logs in tests
+
+	ti := labelsGetterMock{}
+
+	c := newDiagnosticDataCollector(ctx, client, logger, true, ti)
+
+	// The last \n at the end of this string is important
+	expected := strings.NewReader(`
+	# HELP mongodb_security_encryption_enabled Shows that encryption is enabled
+	# TYPE mongodb_security_encryption_enabled gauge
+	mongodb_security_encryption_enabled{type="localKeyFile"} 1
+	# HELP mongodb_version_info The server version
+	# TYPE mongodb_version_info gauge
+	mongodb_version_info{edition="Community",mongodb="5.0.13-11",vendor="Percona"} 1` + "\n")
+
+	filter := []string{
+		"mongodb_security_encryption_enabled",
+		"mongodb_version_info",
+	}
+
+	err := testutil.CollectAndCompare(c, expected, filter...)
+	assert.NoError(t, err)
+}

exporter/v1_compatibility.go

@@ -799,7 +799,7 @@ func specialMetrics(ctx context.Context, client *mongo.Client, m bson.M, l *logr
 	}
 
 	metrics = append(metrics, storageEngine(m))
-	metrics = append(metrics, serverVersion(m, buildInfo))
+	metrics = append(metrics, serverVersion(buildInfo))
 	metrics = append(metrics, myState(ctx, client))
 
 	if mm := replSetMetrics(m); mm != nil {
@@ -825,7 +825,6 @@ func retrieveMongoDBBuildInfo(ctx context.Context, client *mongo.Client, l *logr
 		return buildInfo{}, errors.Wrap(err, "Failed to run buildInfo command")
 	}
 
-	var edition string
 	modules, ok := buildInfoDoc["modules"].(bson.A)
 	if !ok {
 		return buildInfo{}, errors.Wrap(err, "Failed to cast module information variable")
@@ -837,7 +836,7 @@ func retrieveMongoDBBuildInfo(ctx context.Context, client *mongo.Client, l *logr
 	} else {
 		bi.Edition = CommunityEdition
 	}
-	l.Debug("MongoDB edition: ", edition)
+	l.Debug("MongoDB edition: ", bi.Edition)
 
 	_, ok = buildInfoDoc["psmdbVersion"]
 	if ok {
@@ -846,6 +845,11 @@ func retrieveMongoDBBuildInfo(ctx context.Context, client *mongo.Client, l *logr
 		bi.Vendor = MongoDBVendor
 	}
 
+	bi.Version, ok = buildInfoDoc["version"].(string)
+	if !ok {
+		return buildInfo{}, errors.Wrap(err, "Failed to cast version information variable")
+	}
+
 	return bi, nil
 }
 
@@ -866,16 +870,11 @@ func storageEngine(m bson.M) prometheus.Metric {
 	return metric
 }
 
-func serverVersion(m bson.M, bi buildInfo) prometheus.Metric { //nolint:ireturn
-	v := walkTo(m, []string{"serverStatus", "version"})
+func serverVersion(bi buildInfo) prometheus.Metric { //nolint:ireturn
 	name := "mongodb_version_info"
 	help := "The server version"
 
-	serverVersion, ok := v.(string)
-	if !ok {
-		serverVersion = "server version is unavailable"
-	}
-	labels := map[string]string{"mongodb": serverVersion, "edition": bi.Edition, "vendor": bi.Vendor}
+	labels := map[string]string{"mongodb": bi.Version, "edition": bi.Edition, "vendor": bi.Vendor}
 
 	d := prometheus.NewDesc(name, help, nil, labels)
 	metric, _ := prometheus.NewConstMetric(d, prometheus.GaugeValue, float64(1))
@@ -1053,7 +1052,11 @@ func mongosMetrics(ctx context.Context, client *mongo.Client, l *logrus.Logger)
 		metrics = append(metrics, metric)
 	}
 
-	metrics = append(metrics, balancerEnabled(ctx, client))
+	if metric, err := balancerEnabled(ctx, client); err != nil {
+		l.Debugf("cannot create metric for balancer is enabled: %s", err)
+	} else {
+		metrics = append(metrics, metric)
+	}
 
 	metric, err := chunksTotal(ctx, client)
 	if err != nil {
@@ -1164,17 +1167,19 @@ func chunksBalanced(ctx context.Context, client *mongo.Client) (prometheus.Metri
 	return prometheus.NewConstMetric(d, prometheus.GaugeValue, value)
 }
 
-func balancerEnabled(ctx context.Context, client *mongo.Client) prometheus.Metric {
+func balancerEnabled(ctx context.Context, client *mongo.Client) (prometheus.Metric, error) {
 	type bss struct {
-		stopped bool `bson:"stopped"`
+		Stopped bool `bson:"stopped"`
 	}
 	var bs bss
 	enabled := 0
 
 	err := client.Database("config").Collection("settings").FindOne(ctx, bson.M{"_id": "balancer"}).Decode(&bs)
 	if err != nil {
-		enabled = 1
-	} else if !bs.stopped {
+		return nil, err
+	}
+
+	if !bs.Stopped {
 		enabled = 1
 	}
 
@@ -1184,7 +1189,7 @@ func balancerEnabled(ctx context.Context, client *mongo.Client) prometheus.Metri
 	d := prometheus.NewDesc(name, help, nil, nil)
 	metric, _ := prometheus.NewConstMetric(d, prometheus.GaugeValue, float64(enabled))
 
-	return metric
+	return metric, nil
 }
 
 func chunksTotal(ctx context.Context, client *mongo.Client) (prometheus.Metric, error) {
@@ -1348,6 +1353,7 @@ type rawStatus struct {
 }
 
 type buildInfo struct {
+	Version string
 	Edition string
 	Vendor  string
 }

go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/prometheus/exporter-toolkit v0.7.1
 	github.com/shirou/gopsutil v3.21.8+incompatible // indirect
 	github.com/sirupsen/logrus v1.9.0
-	github.com/stretchr/testify v1.8.0
+	github.com/stretchr/testify v1.8.1
 	go.mongodb.org/mongo-driver v1.10.3
 )
 

go.sum

@@ -321,15 +321,17 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tklauser/go-sysconf v0.3.9 h1:JeUVdAOWhhxVcU6Eqr/ATFHgXk/mmiItdKeJPev3vTo=

internal/tu/testutils.go

@@ -50,6 +50,8 @@ const (
 	MongoDBStandAlonePort = "27017"
 	// MongoDBConfigServer1Port MongoDB config server primary Port.
 	MongoDBConfigServer1Port = "17009"
+	// MongoDBStandAloneEncryptedPort MongoDB standalone encrypted instance Port.
+	MongoDBStandAloneEncryptedPort = "27027"
 )
 
 // GetenvDefault gets a variable from the environment and returns its value or the