FEATURE: add files envs for secrets

.gitignore

@@ -20,4 +20,6 @@
 # Go workspace file
 go.work
 *opnsense-exporter-local
-local.Makefile
+local.Makefile
+key
+secret

CONTRIBUTING.md

@@ -0,0 +1,45 @@
+## Contributing
+
+### Requirements
+
+- Go 1.22
+- GNU Make
+- Docker (optional)
+- OPNsense Box with admin access
+
+### Environment
+
+This guide is for osx and Linux.
+
+### Create API key and secret in OPNsense
+
+`SYSTEM>ACCESS>USERS>[user]>API KEYS`
+
+[OPNsense Documentation](https://docs.opnsense.org/development/how-tos/api.html#creating-keys)
+
+### Run the exporter locally
+
+```bash
+OPS_ADDRESS="ops.example.com" OPS_API_KEY=your-api-key OPS_API_SECRET=your-api-secret make local-run
+```
+
+- test it
+
+```bash
+curl http://localhost:8080/metrics
+```
+
+### Before PR
+
+- Make sure to sync the vendor if the dependencies have changed.
+
+```bash
+make sync-vendor
+```
+
+- Make sure to run the tests and linters.
+
+```bash
+make test
+make lint
+```

Makefile

@@ -28,7 +28,7 @@ local-run:
 		--web.disable-exporter-metrics \
 
 test:
-	go test -v ./...
+	go test ./...
 
 clean:
 	gofmt -s -w $(shell find . -type f -name '*.go'| grep -v "/vendor/\|/.git/")

README.md

@@ -11,8 +11,8 @@ The missing OPNsense exporter for Prometheus
 ## Table of Contents
 
 - **[About](#about)**
+- **[Contributing](./CONTRIBUTING.md)**
 - **[OPNsense User Permissions](#opnsense-user-permissions)**
-- **[Development](#development)**
 - **[Usage](#usage)**
   - **[Docker](#docker)**
   - **[Docker Compose](#docker-compose)**
@@ -31,37 +31,6 @@ Focusing specifically on OPNsense, this exporter provides metrics about OPNsense
 
 While the `node_exporter` must be installed on the firewall itself, this exporter can be installed on any machine that has network access to the OPNsense API.
 
-## Development
-
-This guide is for osx and Linux.
-
-### Create API key and secret in OPNsense
-
-`SYSTEM>ACCESS>USERS>[user]>API KEYS`
-
-[OPNsense Documentation](https://docs.opnsense.org/development/how-tos/api.html#creating-keys)
-
-### Run the exporter locally
-
-```bash
-OPS_ADDRESS="ops.example.com" OPS_API_KEY=your-api-key OPS_API_SECRET=your-api-secret make local-run
-curl http://localhost:8080/metrics
-```
-
-### Before PR
-
-- Make sure to sync the vendor if the dependencies have changed.
-
-```bash
-make sync-vendor
-```
-
-- Make sure to run the tests and linters.
-
-```bash
-make test
-make lint
-```
 
 ## OPNsense user permissions
 
@@ -92,6 +61,8 @@ TODO: Add example how to add custom CA certificates to the container.
 
 ### Docker Compose
 
+- With environment variables
+
 ```yaml
 version: '3'
 services:
@@ -114,6 +85,42 @@ services:
       - "8080:8080"
 ```
 
+- With docker secrets
+
+Create the secrets
+
+```bash
+echo "<OPS_API_KEY>" | docker secret create opnsense-api-key -
+echo "<OPS_API_SECRET>" | docker secret create opnsense-api-secret -
+```
+
+Run the compose
+
+```yaml
+version: '3'
+services:
+  opnsense-exporter:
+    image: ghcr.io/athennamind/opnsense-exporter:latest
+    container_name: opensense-exporter
+    restart: always
+    command:
+      - /opnsense-exporter
+      - --opnsense.protocol=https
+      - --opnsense.address=ops.example.com
+      - --exporter.instance-label=instance1
+      - --web.listen-address=:8080
+      #- --exporter.disable-arp-table
+      #- --exporter.disable-cron-table
+    environment:
+      OPS_API_KEY_FILE: /run/secrets/opnsense-api-key
+      OPS_API_SECRET_FILE: /run/secrets/opnsense-api-secret
+    secrets:
+      - opnsense_api_key
+      - opnsense_api_secret
+    ports:
+      - "8080:8080"
+```
+
 ### Systemd
 
 **TODO**

internal/collector/collector_test.go

@@ -3,20 +3,23 @@ package collector
 import (
 	"testing"
 
+	"github.com/AthennaMind/opnsense-exporter/internal/options"
 	"github.com/AthennaMind/opnsense-exporter/opnsense"
 	"github.com/go-kit/log"
 )
 
 func TestWithoutArpCollector(t *testing.T) {
+	conf := options.OPNSenseConfig{
+		Protocol: "http",
+		APIKey:   "test",
+	}
+
 	client, err := opnsense.NewClient(
+		conf,
 		"test",
-		"test",
-		"test",
-		"test",
-		"test",
-		false,
 		log.NewNopLogger(),
 	)
+
 	if err != nil {
 		t.Errorf("Expected no error, got %v", err)
 	}

internal/options/collectors.go

@@ -0,0 +1,34 @@
+package options
+
+import "github.com/alecthomas/kingpin/v2"
+
+var (
+	arpTableCollectorDisabled = kingpin.Flag(
+		"exporter.disable-arp-table",
+		"Disable the scraping of the ARP table",
+	).Envar("OPNSENSE_EXPORTER_DISABLE_ARP_TABLE").Default("false").Bool()
+	cronTableCollectorDisabled = kingpin.Flag(
+		"exporter.disable-cron-table",
+		"Disable the scraping of the cron table",
+	).Envar("OPNSENSE_EXPORTER_DISABLE_CRON_TABLE").Default("false").Bool()
+	wireguardCollectorDisabled = kingpin.Flag(
+		"exporter.disable-wireguard",
+		"Disable the scraping of Wireguard service",
+	).Envar("OPNSENSE_EXPORTER_DISABLE_WIREGUARD").Default("false").Bool()
+)
+
+// Collectors holds the configuration for the collectors
+type CollectorsSwitches struct {
+	ARP       bool
+	Cron      bool
+	Wireguard bool
+}
+
+// Collectors returns the configuration for the collectors
+func Collectors() CollectorsSwitches {
+	return CollectorsSwitches{
+		ARP:       !*arpTableCollectorDisabled,
+		Cron:      !*cronTableCollectorDisabled,
+		Wireguard: !*wireguardCollectorDisabled,
+	}
+}

internal/options/exporter.go

@@ -0,0 +1,29 @@
+package options
+
+import (
+	"github.com/alecthomas/kingpin/v2"
+	"github.com/prometheus/exporter-toolkit/web/kingpinflag"
+)
+
+var (
+	MetricsPath = kingpin.Flag(
+		"web.telemetry-path",
+		"Path under which to expose metrics.",
+	).Default("/metrics").String()
+	DisableExporterMetrics = kingpin.Flag(
+		"web.disable-exporter-metrics",
+		"Exclude metrics about the exporter itself (promhttp_*, process_*, go_*).",
+	).Envar("OPNSENSE_EXPORTER_DISABLE_EXPORTER_METRICS").Bool()
+	MaxProcs = kingpin.Flag(
+		"runtime.gomaxprocs",
+		"The target number of CPUs that the Go runtime will run on (GOMAXPROCS)",
+	).Envar("GOMAXPROCS").Default("2").Int()
+	InstanceLabel = kingpin.Flag(
+		"exporter.instance-label",
+		"Label to use to identify the instance in every metric. "+
+			"If you have multiple instances of the exporter, you can differentiate them by using "+
+			"different value in this flag, that represents the instance of the target OPNsense.",
+	).Envar("OPNSENSE_EXPORTER_INSTANCE_LABEL").Required().String()
+
+	WebConfig = kingpinflag.AddFlags(kingpin.CommandLine, ":8080")
+)

internal/options/init.go

@@ -0,0 +1,13 @@
+package options
+
+import (
+	"os"
+
+	"github.com/alecthomas/kingpin/v2"
+)
+
+func Init() {
+	kingpin.CommandLine.UsageWriter(os.Stdout)
+	kingpin.HelpFlag.Short('h')
+	kingpin.Parse()
+}

internal/options/log.go

@@ -0,0 +1,38 @@
+package options
+
+import (
+	"github.com/alecthomas/kingpin/v2"
+	"github.com/go-kit/log"
+	"github.com/prometheus/common/promlog"
+)
+
+var (
+	logLevel = kingpin.Flag(
+		"log.level",
+		"Log level. One of: [debug, info, warn, error]").
+		Default("info").
+		String()
+	logFormat = kingpin.Flag(
+		"log.format",
+		"Log format. One of: [logfmt, json]").
+		Default("logfmt").
+		String()
+)
+
+func Logger() (log.Logger, error) {
+
+	promlogConfig := &promlog.Config{
+		Level:  &promlog.AllowedLevel{},
+		Format: &promlog.AllowedFormat{},
+	}
+
+	if err := promlogConfig.Level.Set(*logLevel); err != nil {
+		return nil, err
+	}
+
+	if err := promlogConfig.Format.Set(*logFormat); err != nil {
+		return nil, err
+	}
+
+	return promlog.New(promlogConfig), nil
+}