feat(inputs.redfish): Add token based authentication mechanism

[ManuelPrandini]

Please direct all support questsions to slack or the forums. Thank you.

Hi to everyone,
I don't know if is already implemented, but I need to pass the auth token as parameter, when I use redfish input plugin to retrieve metrics. I don't found in the documentation any kind of field in the configuration file that give me this possibility.
Thanks in advance

[telegraf-tiger]

Hello! I recommend posting this question in our Community Slack or Community Forums, we have a lot of talented community members there who could help answer your question more quickly. You can also learn more about Telegraf by enrolling at InfluxDB University for free!

Heads up, this issue will be automatically closed after 7 days of inactivity. Thank you!

[powersj]

What type of system requires this auth header versus a username/password?

Additionally, what happens when you set the username/password? What error do you get?

[Hipska]

@powersj Conversation continued in https://influxcommunity.slack.com/archives/CH99HUH8V/p1713516740749229

[ManuelPrandini]

If I use redfish input plugin with this configmap:

[[inputs.redfish]]
#  ## Redfish API Base URL.
  address = "https://<IP>:<PORT>"
#
#  ## Credentials for the Redfish API. Can also use secrets.
  username = "admin"
  password = "admin"
#
#  ## System Id to collect data for in Redfish APIs.
  computer_system_id="StorageServices.USE2600011DVS00F.FileSystems.cstor-OST0002"
#
#  ## Metrics to collect
#  ## The metric collects to gather. Choose from "power" and "thermal".
#  # include_metrics = ["power", "thermal"]
#
#  ## Tag sets allow you to include redfish OData link parent data
#  ## For Example.
#  ## Thermal data is an OData link with parent Chassis which has a link of Location.
#  ## For more info see the Redfish Resource and Schema Guide at DMTFs website.
#  ## Available sets are: "chassis.location" and "chassis"
#  # include_tag_sets = ["chassis.location"]
#
#  ## Workarounds
#  ## Defines workarounds for certain hardware vendors. Choose from:
#  ## * ilo4-thermal - Do not pass 0Data-Version header to Thermal endpoint
#  # workarounds = []
#
#  ## Amount of time allowed to complete the HTTP request
#  # timeout = "5s"
#
#  ## Optional TLS Config
#  # tls_ca = "/etc/telegraf/ca.pem"
#  # tls_cert = "/etc/telegraf/cert.pem"
#  # tls_key = "/etc/telegraf/key.pem"
#  ## Use TLS but skip chain & host verification
  insecure_skip_verify = true

I got the following error: [inputs.redfish] Error in plugin: received status code 401 (Unauthorized) for address https://:, expected 200.

In my scenario I'can' configure ca.pem, cert.pem and key.pem but with a curl I have access to auth token.
The hardware used to retrieve the metrics is the Cray ClusterStor E1000 Storage System.

[powersj]

the Cray ClusterStor E1000 Storage System.

Looking at https://support.hpe.com/hpesc/public/docDisplay?docId=sd00002916en_us&page=GUID-691BAD62-285D-41F8-952D-58054DA9E64E.html it does appears that the login sequence requires obtaining token and then using that token for additional requests. This is different than other redfish users I've seen previously.

We would need to add a new config option, something like:

## Authentication Mode
## Choose from:
##   * basic_auth - Pass username and password as basic auth params
##   * token - Obtain a token from /redfish/v1/SessionService/Sessions
# auth_mode = "basic_auth"

In addition to obtaining the token and then using it, it does seem to expire after 12 hours per the above link, so some additional work would need to be done to ensure it is not expired and if so renew/refresh/obtain a new one.

[Hipska]

Indeed, that's why I instructed @ManuelPrandini to create a Feature Request for this.

[ManuelPrandini]

Yes, @powersj what you say is correct. The token expires every 12 hours, then must be refreshed. Yes maybe an authentication mode with this kind of mechanism could be great!

[srebhan]

@powersj maybe this is helpful: https://pkg.go.dev/github.com/stmcginnis/gofish