pyrox.dev / nixpkgs
lol
fork atom

nixos/prometheus-exporters/fastly: fix secret handling

The exporter expects the token as an environment variable, not a path
to the file containing the token.

Martin Weinelt 62f35da2 b25a2b5f

options
unified split
Changed files
+5 -6
nixos
modules
services
monitoring
prometheus
exporters
fastly.nix
tests
prometheus-exporters.nix
+4 -5
nixos/modules/services/monitoring/prometheus/exporters/fastly.nix 
···

       
31

       
31

       
 

       
      '';


     

       
32

       
32

       
 

       
    };


     

       
33

       
33

       
 

       



     

       
34

       

       
-

       
    tokenPath = mkOption {


     

       

       
34

       
+

       
    environmentFile = mkOption {


     

       
35

       
35

       
 

       
      type = path;


     

       
36

       
36

       
 

       
      description = ''


     

       
37

       

       
-

       
        A run-time path to the token file, which is supposed to be provisioned


     

       
38

       

       
-

       
        outside of Nix store.


     

       

       
37

       
+

       
        An environment file containg at least the FASTLY_API_TOKEN= environment


     

       

       
38

       
+

       
        variable.


     

       
39

       
39

       
 

       
      '';


     

       
40

       
40

       
 

       
    };


     

       
41

       
41

       
 

       
  };


     

       
42

       
42

       
 

       
  serviceOpts = {


     

       
43

       
43

       
 

       
    serviceConfig = {


     

       
44

       

       
-

       
      LoadCredential = "fastly-api-token:${cfg.tokenPath}";


     

       
45

       

       
-

       
      Environment = [ "FASTLY_API_TOKEN=%d/fastly-api-token" ];


     

       

       
44

       
+

       
      EnvironmentFile = cfg.environmentFile;


     

       
46

       
45

       
 

       
      ExecStart = escapeSystemdExecArgs (


     

       
47

       
46

       
 

       
        [


     

       
48

       
47

       
 

       
          (getExe pkgs.prometheus-fastly-exporter)
+1 -1
nixos/tests/prometheus-exporters.nix 
···

       
399

       
399

       
 

       
    fastly = {


     

       
400

       
400

       
 

       
      exporterConfig = {


     

       
401

       
401

       
 

       
        enable = true;


     

       
402

       

       
-

       
        tokenPath = pkgs.writeText "token" "abc123";


     

       

       
402

       
+

       
        environmentFile = pkgs.writeText "fastly-exporter-env" "FASTLY_API_TOKEN=abc123";


     

       
403

       
403

       
 

       
      };


     

       
404

       
404

       
 

       



     

       
405

       
405

       
 

       
      exporterTest = ''