Credential replacement

[dinu111]

Hello,

I have one short question to make sure I correctly understand the configuration.

What im trying to do is avoid setting the connection string via the data_source_name in the helm templates like so data_source_name: 'oracle://user:[email protected]:0000/test'.

From what I read and found this PR 430 this can be achieved if I set it as an env variable using SQLEXPORTER_TARGET_DSN and then i can just use that to grab the entire connection string from our vault and that would basically look like this after everything is configured SQLEXPORTER_TARGET_DSN="oracle://user:[email protected]:0000/test"

My question is, if i use the above env variable then i wont need to set the data_source_name in the vaules.yaml at all and a configuration that is something like this for the config part should be enough:

  config:
    global:
      # Scrape timeout
      scrape_timeout: 30s
      # Scrape timeout offset. Must be strictly positive.
      scrape_timeout_offset: 500ms
      # Interval between dropping scrape_errors_total metric: by default the metric is persistent.
      scrape_error_drop_interval: 0s
      # Minimum interval between collector runs.
      min_interval: 0s
      # Number of open connections.
      max_connections: 3
      # Number of idle connections.
      max_idle_connections: 3
    target:
      collectors: [test_scrape]
    collectors:
      - collector_name: test_scrape
        metrics:
          - help: "A test metric from Oracle"
            metric_name: oracle_test_metric
            type: gauge
            values: ["count"]
            query: |
              SELECT 1 AS count FROM dual

[burningalchemist]

Hi @dinu111, data_source_name is a required field in the configuration so far. We might improve it later so it can be removed completely. The issue with that is lack of visibility, sometimes it's a little bit difficult to identify the configuration.

But overall, you can provide any DSN string like (e.g. oracle://db_host/db_name) and then use SQL_EXPORTER_TARGET_DSN to override it with the password etc. The overridden value will have higher priority over the config file.

Alternative option is that you provide your own arbitrary env variable(s) in the DSN string like oracle://$DB_USER:$DB_PASSWORD@db-host/db-name/ and populate these env variables. The exporter will scan and expand them if the env variable is set.

[dinu111]

Hi @burningalchemist , thank you for your fast response, so then this would mean i can set the SQLEXPORTER_TARGET_DSN="oracle://user:[email protected]:0000/test" and this would overwrite the data_source_name so that then in my values.yaml I can just set an arbitrary string like so:

  config:
    global:
      # Scrape timeout
      scrape_timeout: 30s
      # Scrape timeout offset. Must be strictly positive.
      scrape_timeout_offset: 500ms
      # Interval between dropping scrape_errors_total metric: by default the metric is persistent.
      scrape_error_drop_interval: 0s
      # Minimum interval between collector runs.
      min_interval: 0s
      # Number of open connections.
      max_connections: 3
      # Number of idle connections.
      max_idle_connections: 3
      
      data_source_name: "oracle://my-oracle-db-oracle-db-service.cin-bed-int-quickscan.svc.cluster.local:1521" **--> doesnt really matter because its overwritten**
    collectors:
      - collector_name: test_scrape
        metrics:
          - help: "A test metric from Oracle"
            metric_name: oracle_test_metric
            type: gauge
            values: ["count"]
            query: |
              SELECT 1 AS count FROM dual

[burningalchemist]

Yeah, exactly. 👍

[dinu111]

That sounds great, thank you for the answer. This question can be closed.