Add support for Azure Key Vault and updated deps

Makefile

@@ -3,7 +3,7 @@ OS_TYPE        ?= $(shell uname -s | tr '[:upper:]' '[:lower:]')
 ARCH_TYPE      ?= $(subst x86_64,amd64,$(patsubst i%86,386,$(ARCH)))
 GOOS           ?= $(shell go env GOOS)
 GOARCH         ?= $(shell go env GOARCH)
-VERSION        ?= 1.5.5
+VERSION        ?= 1.6.0
 LDFLAGS        := -X main.Version=$(VERSION)
 GOFLAGS        := -ldflags "$(LDFLAGS) -s -w"
 BUILD_ARGS      = --build-arg VERSION=$(VERSION)

README.md

@@ -19,6 +19,7 @@ Contributions are welcome - please see [contributing](CONTRIBUTING.md).
   - [Kubernetes](#kubernetes)
   - [Standalone binary](#standalone-binary)
   - [Using OCI Vault](#using-oci-vault)
+  - [Using Azure Vault](#using-azure-vault)
 - [Custom metrics](#custom-metrics)
 - [Controlling memory usage](#controlling-memory-usage)
 - [Grafana dashboards](#grafana-dashboards)
@@ -29,7 +30,8 @@ Contributions are welcome - please see [contributing](CONTRIBUTING.md).
 
 | Release | Date                 | Changelog                                                       |
 |---------|----------------------|-----------------------------------------------------------------|
-| 1.5.5   | March 13th, 2025     | [1.5.5 Changelog](./changelog.md#version-155-march-13-2025)      |
+| 1.6.0   | April 17, 2025       | [1.6.0 Changelog](./changelog.md#version-160-april-17-2025)     |
+| 1.5.5   | March 13th, 2025     | [1.5.5 Changelog](./changelog.md#version-155-march-13-2025)     |
 | 1.5.4   | March 3rd, 2025      | [1.5.4 Changelog](./changelog.md#version-154-march-3-2025)      |
 | 1.5.3   | January 28th, 2025   | [1.5.3 Changelog](./changelog.md#version-153-january-28-2025)   |
 | 1.5.2   | December 2nd, 2024   | [1.5.2 Changelog](./changelog.md#version-152-december-2-2024)   |
@@ -374,7 +376,7 @@ docker run -it --rm \
     -e DB_PASSWORD=Welcome12345 \
     -e DB_CONNECT_STRING=free23ai:1521/freepdb \
     -p 9161:9161 \
-    container-registry.oracle.com/database/observability-exporter:1.5.5
+    container-registry.oracle.com/database/observability-exporter:1.6.0
 ```
 
 ##### Using a wallet
@@ -420,7 +422,7 @@ docker run -it --rm \
     -e DB_CONNECT_STRING=devdb_tp \
     -v ./wallet:/wallet \
     -p 9161:9161 \
-    container-registry.oracle.com/database/observability-exporter:1.5.5
+    container-registry.oracle.com/database/observability-exporter:1.6.0
 ```
 > **Note:** If you are using `podman` you must specify the `:z` suffix on the volume mount so that the container will be able to access the files in the volume.  For example: `-v ./wallet:/wallet:z`
 
@@ -607,6 +609,27 @@ The exporter will read the password from a secret stored in OCI Vault if you set
 
 > Note that the process must be running under a user that has the OCI CLI installed and configured correctly to access the desired tenancy and region. The OCI Profile used is `DEFAULT`.
 
+### Using Azure Vault
+
+The exporter will read the database username and password from secrets stored in Azure Key Vault if you set these environment variables:
+
+- `AZ_VAULT_ID` should be set to the ID of the Azure Key Vault that you wish to use
+- `AZ_VAULT_USERNAME_SECRET` should be set to the name of the secret in the Azure Key Vault which contains the database username
+- `AZ_VAULT_PASSWORD_SECRET` should be set to the name of the secret in the Azure Key Vault which contains the database password
+
+#### Authentication
+
+If you are running the exporter outside Azure, we recommend using [application service principal](https://learn.microsoft.com/en-us/azure/developer/go/sdk/authentication/authentication-on-premises-apps).  
+
+If you are running the exporter inside Azure, we recommend using a [managed identity](https://learn.microsoft.com/en-us/azure/developer/go/sdk/authentication/authentication-azure-hosted-apps).
+
+You should set the following additional environment variables to allow the exporter to authenticate to Azure:
+
+- `AZURE_TENANT_ID` should be set to your tenant ID
+- `AZURE_CLIENT_ID` should be set to the client ID to authenticate to Azure
+- `AZURE_CLIENT_SECRET` should be set to the client secret to authenticate to Azure
+
+
 ## Custom metrics
 
 The exporter allows definition of arbitrary custom metrics in one or more TOML files. To specify this file to the
@@ -715,7 +738,7 @@ An exmaple of [custom metrics for Transacational Event Queues](./custom-metrics-
 If you run the exporter as a container image and want to include your custom metrics in the image itself, you can use the following example `Dockerfile` to create a new image:
 
 ```Dockerfile
-FROM container-registry.oracle.com/database/observability-exporter:1.5.5
+FROM container-registry.oracle.com/database/observability-exporter:1.6.0
 COPY custom-metrics.toml /
 ENTRYPOINT ["/oracledb_exporter", "--custom.metrics", "/custom-metrics.toml"]
 ```

THIRD_PARTY_LICENSES.txt

@@ -12,13 +12,86 @@ Copyright (c) 2016, 2025, Oracle and/or its affiliates.
 
 ----------------------------------- Licenses -----------------------------------
 -  Apache-2.0
+-  BSD-2-Clause
 -  BSD-3-Clause
 -  BSD-3-Clause--modified-by-Google
 -  MIT
 -  UPL-1.0
 
 --------------------------------- (separator) ----------------------------------
 
+== Dependency
+github.com/Azure/azure-sdk-for-go/sdk/azcore
+
+== License Type
+SPDX:MIT
+
+== Copyright
+Copyright (c) Microsoft Corporation.
+Copyright (c) Microsoft Corporation. All rights reserved.
+Copyright 2017 Microsoft Corporation. All rights reserved.
+
+--------------------------------- (separator) ----------------------------------
+
+== Dependency
+github.com/Azure/azure-sdk-for-go/sdk/azidentity
+
+== License Type
+SPDX:MIT
+
+== Copyright
+Copyright (c) Microsoft Corporation.
+Copyright (c) Microsoft Corporation. All rights reserved.
+
+--------------------------------- (separator) ----------------------------------
+
+== Dependency
+github.com/Azure/azure-sdk-for-go/sdk/internal
+
+== License Type
+SPDX:MIT
+
+== Copyright
+Copyright (c) Microsoft Corporation.
+Copyright (c) Microsoft Corporation. All rights reserved.
+Copyright 2017 Microsoft Corporation. All rights reserved.
+
+--------------------------------- (separator) ----------------------------------
+
+== Dependency
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets
+
+== License Type
+SPDX:MIT
+
+== Copyright
+Copyright (c) Microsoft Corporation. All rights reserved.
+
+--------------------------------- (separator) ----------------------------------
+
+== Dependency
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal
+
+== License Type
+SPDX:MIT
+
+== Copyright
+Copyright (c) Microsoft Corporation. All rights reserved.
+
+--------------------------------- (separator) ----------------------------------
+
+== Dependency
+github.com/AzureAD/microsoft-authentication-library-for-go
+
+== License Type
+SPDX:MIT
+
+== Copyright
+Copyright (c) Microsoft Corporation.
+Copyright (c) Microsoft Corporation.  All rights reserved. Licensed under the MIT License (the "License").
+
+--------------------------------- (separator) ----------------------------------
+
 == Dependency
 github.com/BurntSushi/toml
 
@@ -1415,4 +1488,4 @@ SOFTWARE.
 
 === ATTRIBUTION-HELPER-GENERATED:
 === Attribution helper version: {Major:0 Minor:11 GitVersion:0.10.0-114-g3747dab9 GitCommit:3747dab92eb29c0dbe6409ffbb824b9ae3a04b87 GitTreeState:clean BuildDate:2024-05-31T13:48:06Z GoVersion:go1.21.4 Compiler:gc Platform:linux/amd64}
-=== License file based on go.mod with md5 sum:  771c94b3ddce81ff2e234b02d85209e4
+=== License file based on go.mod with md5 sum:  1f9ef04b4e97726da4230878cc4247bc

azvault/azvault.go

@@ -0,0 +1,43 @@
+// Copyright (c) 2023, 2025, Oracle and/or its affiliates.
+// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+package azvault
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/prometheus/common/promslog"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets"
+)
+
+func GetVaultSecret(vaultId string, secretName string) string {
+	promLogConfig := &promslog.Config{}
+	logger := promslog.New(promLogConfig)
+
+	vaultURI := fmt.Sprintf("https://%s.vault.azure.net/", vaultId)
+
+	// create a credential
+	cred, err := azidentity.NewDefaultAzureCredential(nil)
+	if err != nil {
+		logger.Error("Failed to obtain an Azure Credential", "err", err)
+	}
+
+	// establish a connection to the key vault client
+	client, err := azsecrets.NewClient(vaultURI, cred, nil)
+
+	// get the secret - empty string version means "latest"
+	version := ""
+	secret := ""
+	resp, err := client.GetSecret(context.TODO(), secretName, version, nil)
+	if err != nil {
+		logger.Error("Failed to get secret from vault", "err", err)
+	} else {
+		secret = *resp.Value
+	}
+
+	return strings.TrimRight(secret, "\r\n") // make sure a \r and/or \n didn't make it into the secret
+}

changelog.md

@@ -4,6 +4,16 @@
 
 Our current priorities are support for RAC and mutliple databases (including #84 and #89).  We expect to address these in an upcoming release.
 
+### Version 1.6.0, April 17, 2025
+
+This release includes the following changes:
+
+- Added support for Azure Key Vault (#200).
+- Updated some third-party dependencies.
+
+Thank you to the following people for their suggestions and contributions: 
+
+- Brian, Damian et al.
 
 ### Version 1.5.5, March 13, 2025
 

docker-compose/compose.yaml

@@ -43,7 +43,7 @@ services:
       start_period: 30s
 
   exporter:
-    image: container-registry.oracle.com/database/observability-exporter:1.5.5
+    image: container-registry.oracle.com/database/observability-exporter:1.6.0
     container_name: exporter
     # command:
       # - '--log.level=debug'

go.mod

@@ -5,40 +5,51 @@ go 1.23.0
 toolchain go1.23.7
 
 require (
-	github.com/BurntSushi/toml v1.4.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
+	github.com/BurntSushi/toml v1.5.0
 	github.com/alecthomas/kingpin/v2 v2.4.0
-	github.com/godror/godror v0.47.0
-	github.com/oracle/oci-go-sdk/v65 v65.86.0
+	github.com/godror/godror v0.48.1
+	github.com/oracle/oci-go-sdk/v65 v65.89.1
 	github.com/prometheus/client_golang v1.21.1
-	github.com/prometheus/common v0.62.0
+	github.com/prometheus/common v0.63.0
 	github.com/prometheus/exporter-toolkit v0.14.0
 )
 
 require (
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.4.1 // indirect
 	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/go-logfmt/logfmt v0.6.0 // indirect
 	github.com/godror/knownpb v0.1.2 // indirect
 	github.com/gofrs/flock v0.8.1 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/jpillora/backoff v1.0.0 // indirect
 	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mdlayher/socket v0.4.1 // indirect
 	github.com/mdlayher/vsock v1.2.1 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/sony/gobreaker v0.5.0 // indirect
 	github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
-	golang.org/x/crypto v0.35.0 // indirect
+	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/net v0.36.0 // indirect
-	golang.org/x/oauth2 v0.24.0 // indirect
-	golang.org/x/sync v0.11.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/text v0.22.0 // indirect
-	google.golang.org/protobuf v1.36.1 // indirect
+	golang.org/x/net v0.37.0 // indirect
+	golang.org/x/oauth2 v0.25.0 // indirect
+	golang.org/x/sync v0.12.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )