From ee92ef1fef8c301522acb10da52b89b30fea1b5e Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Thu, 6 Nov 2025 21:03:23 +0000 Subject: [PATCH] prometheus: use aws_credentials for consistency --- cookbooks/prometheus/recipes/server.rb | 9 +++++---- .../prometheus/templates/default/aws-credentials.erb | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/cookbooks/prometheus/recipes/server.rb b/cookbooks/prometheus/recipes/server.rb index 1e297ebd3..9578adeeb 100644 --- a/cookbooks/prometheus/recipes/server.rb +++ b/cookbooks/prometheus/recipes/server.rb @@ -24,7 +24,7 @@ include_recipe "networking" passwords = data_bag_item("prometheus", "passwords") tokens = data_bag_item("prometheus", "tokens") -aws = data_bag_item("prometheus", "aws") +aws_credentials = data_bag_item("prometheus", "aws") admins = data_bag_item("apache", "admins") prometheus_exporter "fastly" do @@ -63,8 +63,8 @@ prometheus_exporter "cloudwatch" do --enable-feature=aws-sdk-v2 --enable-feature=always-return-info-metrics ] - environment "AWS_ACCESS_KEY_ID" => aws["cloudwatch_access_key_id"], - "AWS_SECRET_ACCESS_KEY" => aws["cloudwatch_secret_access_key"] + environment "AWS_ACCESS_KEY_ID" => aws_credentials["cloudwatch_access_key_id"], + "AWS_SECRET_ACCESS_KEY" => aws_credentials["cloudwatch_secret_access_key"] subscribes :restart, "template[/etc/prometheus/cloudwatch.yml]" end @@ -397,7 +397,8 @@ template "/var/lib/prometheus/.aws/credentials" do user "prometheus" group "prometheus" mode "600" - variables :aws => aws + variables :aws_credentials => aws_credentials + sensitive true end template "/usr/local/bin/prometheus-backup-data" do diff --git a/cookbooks/prometheus/templates/default/aws-credentials.erb b/cookbooks/prometheus/templates/default/aws-credentials.erb index 7831be373..3785a58bd 100644 --- a/cookbooks/prometheus/templates/default/aws-credentials.erb +++ b/cookbooks/prometheus/templates/default/aws-credentials.erb @@ -1,6 +1,6 @@ [osm-prometheus-data] -aws_access_key_id = <%= @aws["prometheus_access_key_id"] %> -aws_secret_access_key = <%= @aws["prometheus_secret_access_key"] %> +aws_access_key_id = <%= @aws_credentials["prometheus_access_key_id"] %> +aws_secret_access_key = <%= @aws_credentials["prometheus_secret_access_key"] %> [osm-prometheus-data-upload] role_arn=arn:aws:iam::173189593406:role/osm-prometheus-data-upload-role -- 2.39.5