From 146d8157c54033575c952d0584e150ffa28e05cc Mon Sep 17 00:00:00 2001 From: Shaun Verch Date: Mon, 1 May 2017 16:44:41 -0400 Subject: [PATCH] Support getting credentials from instance metadata This is needed to allow using IAM Instance Profiles rather than hard coding the keys in the config file --- metadata.rb | 13 ++++++++++--- recipes/aws_cloudwatch.rb | 2 -- .../default/aws_cloudwatch/newrelic_plugin.yml.erb | 12 +++++++++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/metadata.rb b/metadata.rb index 432a3a1..44aa5cf 100644 --- a/metadata.rb +++ b/metadata.rb @@ -56,14 +56,21 @@ :display_name => 'New Relic AWS Cloudwatch Plugin Access Key', :description => 'AWS Access Key for New Relic AWS Cloudwatch Plugin', :type => 'string', - :required => 'required', + :required => 'optional', :recipes => ['newrelic_plugins::aws_cloudwatch'] attribute 'newrelic/aws_cloudwatch/aws_secret_key', :display_name => 'New Relic AWS Cloudwatch Plugin Secret Key', :description => 'AWS Secret Key for New Relic AWS Cloudwatch Plugin', :type => 'string', - :required => 'required', + :required => 'optional', + :recipes => ['newrelic_plugins::aws_cloudwatch'] + +attribute 'newrelic/aws_cloudwatch/use_aws_metadata', + :display_name => 'New Relic AWS Cloudwatch Plugin Use Instance Metadata', + :description => 'Use Instance Metadata for New Relic AWS Cloudwatch Plugin', + :type => 'boolean', + :required => 'optional', :recipes => ['newrelic_plugins::aws_cloudwatch'] attribute 'newrelic/aws_cloudwatch/agents', @@ -261,4 +268,4 @@ :description => 'User to run as for New Relic Wikipedia Example Ruby Plugin', :type => 'string', :required => 'required', - :recipes => ['newrelic_plugins::wikipedia_example_ruby'] \ No newline at end of file + :recipes => ['newrelic_plugins::wikipedia_example_ruby'] diff --git a/recipes/aws_cloudwatch.rb b/recipes/aws_cloudwatch.rb index e12b223..99da1ca 100644 --- a/recipes/aws_cloudwatch.rb +++ b/recipes/aws_cloudwatch.rb @@ -7,8 +7,6 @@ 'node[:newrelic][:license_key]', 'node[:newrelic][:aws_cloudwatch][:install_path]', 'node[:newrelic][:aws_cloudwatch][:user]', - 'node[:newrelic][:aws_cloudwatch][:aws_access_key]', - 'node[:newrelic][:aws_cloudwatch][:aws_secret_key]', 'node[:newrelic][:aws_cloudwatch][:agents]' ] end diff --git a/templates/default/aws_cloudwatch/newrelic_plugin.yml.erb b/templates/default/aws_cloudwatch/newrelic_plugin.yml.erb index 2ea4945..9c63020 100644 --- a/templates/default/aws_cloudwatch/newrelic_plugin.yml.erb +++ b/templates/default/aws_cloudwatch/newrelic_plugin.yml.erb @@ -16,8 +16,18 @@ newrelic: # aws: # Update with your AWS account keys: + <%- if node[:newrelic][:aws_cloudwatch][:aws_access_key] %> access_key: '<%= node[:newrelic][:aws_cloudwatch][:aws_access_key] %>' + <%- end %> + <%- if node[:newrelic][:aws_cloudwatch][:aws_secret_key] %> secret_key: '<%= node[:newrelic][:aws_cloudwatch][:aws_secret_key] %>' + <%- end %> + + # Disable the key checks and enable usage of AWS instance metadata for setting keys + <%- if node[:newrelic][:aws_cloudwatch][:use_aws_metadata] %> + use_aws_metadata: <%= node[:newrelic][:aws_cloudwatch][:use_aws_metadata] %> + <%- end %> + # Specify AWS regions to query for metrics # regions: # us-east-1 @@ -41,4 +51,4 @@ agents: <% node[:newrelic][:aws_cloudwatch][:agents].each do |agent| %> <%= agent %>: overview: false -<% end %> \ No newline at end of file +<% end %>