Merge pull request #119 from arthurzenika/114-add-rds-iam-authentication

Support for rds-postgres URL with rdsutils.BuildAuthToken

Author: dewey

README.md

@@ -212,6 +212,19 @@ environment.
 LOGLEVEL=info ./sql_exporter
 ```
 
+Database specific configurations
+--------------------------------
+
+For some database backends some special functionality is available :
+
+* cloudsql-postgres: a special `*` caracter can be used to query all databases
+  accessible by the account
+* cloudsql-mysql : same as above
+* rds-postgres : this type of URL expects a working AWS configuration
+  which will use action the equivalent of `rds generate-db-auth-token`
+  for the password. For this driver, the `AWS_REGION` environment variable
+  must be set.
+
 Why this exporter exists
 ========================
 

config.yml.dist

@@ -178,3 +178,18 @@ jobs:
         node_name,
         schema_name,
         projection_name;
+- name: "rds"
+  interval: '5m'
+  connections:
+  - 'rds-postgres://postgres_usr:AUTHTOKEN@mypostgresql.c6c8mwvfdgv0.us-west-2.rds.amazonaws.com/db_name'
+  queries:
+  - name: "running_queries"
+    help: "Number of running queries"
+    labels:
+      - "datname"
+      - "usename"
+    values:
+      - "count"
+    query:  |
+            SELECT datname::text, usename::text, COUNT(*)::float AS count
+            FROM pg_stat_activity GROUP BY datname, usename;

job.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/url"
+	"os"
 	"regexp"
 	"strconv"
 	"strings"
@@ -23,6 +24,9 @@ import (
 	"github.com/snowflakedb/gosnowflake"
 	_ "github.com/vertica/vertica-sql-go" // register the Vertica driver
 	sqladmin "google.golang.org/api/sqladmin/v1beta4"
+
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/rds/rdsutils"
 )
 
 var (
@@ -91,7 +95,6 @@ func (j *Job) updateConnections() {
 	// parse the connection URLs and create a connection object for each
 	if len(j.conns) < len(j.Connections) {
 		for _, conn := range j.Connections {
-
 			// Check if we need to use cloudsql driver
 			if useCloudSQL, cloudsqlDriver := isValidCloudSQLDriver(conn); useCloudSQL {
 				// Do CloudSQL stuff
@@ -221,6 +224,27 @@ func (j *Job) updateConnections() {
 				})
 				continue
 			}
+			if strings.HasPrefix(conn, "rds-postgres://") {
+				// reuse postgres SQLDriver by stripping rds- from connexion URL after building the RDS
+				// authentication token
+				conn = strings.TrimPrefix(conn, "rds-")
+				// FIXME - parsing twice the conn url to extract host & username
+				u, err := url.Parse(conn)
+				if err != nil {
+  				   level.Error(j.log).Log("msg", "Failed to parse URL", "url", conn, "err", err)
+				   continue
+                                 }
+				region := os.Getenv("AWS_REGION")
+				sess := session.Must(session.NewSessionWithOptions(session.Options{
+					SharedConfigState: session.SharedConfigEnable,
+				}))
+				token, err := rdsutils.BuildAuthToken(u.Host, region, u.User.Username(), sess.Config.Credentials)
+				if err != nil {
+					level.Error(j.log).Log("msg", "Failed to parse URL", "url", conn, "err", err)
+					continue
+				}
+				conn = strings.Replace(conn, "AUTHTOKEN", url.QueryEscape(token), 1)
+			}
 
 			u, err := url.Parse(conn)
 			if err != nil {

vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/builder.go

@@ -152,6 +152,7 @@ github.com/aws/aws-sdk-go/private/protocol/restjson
 github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil
 github.com/aws/aws-sdk-go/service/athena
 github.com/aws/aws-sdk-go/service/athena/athenaiface
+github.com/aws/aws-sdk-go/service/rds/rdsutils
 github.com/aws/aws-sdk-go/service/sso
 github.com/aws/aws-sdk-go/service/sso/ssoiface
 github.com/aws/aws-sdk-go/service/ssooidc