prometheus-community
diff --git a/‎.github/workflows/go.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/go.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/release.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 100 additions & 1 deletion b/‎README.md‎
Lines changed: 100 additions & 1 deletion
diff --git a/‎go.mod‎
Lines changed: 5 additions & 4 deletions b/‎go.mod‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎go.sum‎
Lines changed: 10 additions & 0 deletions b/‎go.sum‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎pkg/probe/main.go‎
Lines changed: 10 additions & 1 deletion b/‎pkg/probe/main.go‎
Lines changed: 10 additions & 1 deletion
@@ -15,7 +15,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ^1.18
         id: go
 
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v3
         # Go setup
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ^1.18
         id: go
@@ -43,7 +43,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
       - name: Add execution plugin
         run: npm install @semantic-release/exec
       - name: Release to GitHub
 
@@ -11,6 +11,7 @@ Prometheus exporter for FortiGate® firewalls.
 
   * [Supported Metrics](#supported-metrics)
   * [Usage](#usage)
+    + [Dynamic configuration](#dynamic-configuration)
     + [Available CLI parameters](#available-cli-parameters)
     + [Fortigate Configuration](#fortigate-configuration)
     + [Prometheus Configuration](#prometheus-configuration)
@@ -245,6 +246,37 @@ Per-VDOM, managed access point and interface:
    * `fortigate_wifi_managed_ap_interface_rx_dropped_packets_total`
    * `fortigate_wifi_managed_ap_interface_tx_dropped_packets_total`
 
+Per-VDOM, managed switch and interface:
+* _Switch/ManagedSwitch_
+  * `fortigate_managed_switch_collisions_total`
+  * `fortigate_managed_switch_crc_alignments_total`
+  * `fortigate_managed_switch_fragments_total`
+  * `fortigate_managed_switch_info`
+  * `fortigate_managed_switch_jabbers_total`
+  * `fortigate_managed_switch_l3_packets_total`
+  * `fortigate_managed_switch_max_poe_budget_watt`
+  * `fortigate_managed_switch_port_info`
+  * `fortigate_managed_switch_port_power_status`
+  * `fortigate_managed_switch_port_power_watt`
+  * `fortigate_managed_switch_port_status`
+  * `fortigate_managed_switch_rx_bcast_packets_total`
+  * `fortigate_managed_switch_rx_bytes_total`
+  * `fortigate_managed_switch_rx_drops_total`
+  * `fortigate_managed_switch_rx_errors_total`
+  * `fortigate_managed_switch_rx_mcast_packets_total`
+  * `fortigate_managed_switch_rx_oversize_total`
+  * `fortigate_managed_switch_rx_packets_total`
+  * `fortigate_managed_switch_rx_ucast_packets_total`
+  * `fortigate_managed_switch_tx_bcast_packets_total`
+  * `fortigate_managed_switch_tx_bytes_total`
+  * `fortigate_managed_switch_tx_drops_total`
+  * `fortigate_managed_switch_tx_errors_total`
+  * `fortigate_managed_switch_tx_mcast_packets_total`
+  * `fortigate_managed_switch_tx_oversize_total`
+  * `fortigate_managed_switch_tx_packets_total`
+  * `fortigate_managed_switch_tx_ucast_packets_total`
+  * `fortigate_managed_switch_under_size_total`
+    
 ## Usage
 
 Example:
@@ -323,6 +355,39 @@ Special cases:
 
 To probe a FortiGate, do something like `curl 'localhost:9710/probe?target=https://my-fortigate'`
 
+### Dynamic configuration
+In use cases where the Fortigates that is to be scraped through the fortigate-exporter is configured in 
+Prometheus using some discovery method it becomes problematic that the `fortigate-key.yaml` configuration also
+has to be updated for each fortigate, and that the fortigate-exporter needs to be restarted on each change. 
+For that scenario the token can be passed as a query parameter, `token`, to the fortigate. 
+
+Example:
+```bash
+curl 'localhost:9710/probe?target=https://192.168.2.31&token=ghi6eItWzWewgbrFMsazvBVwDjZzzb'
+```
+It is also possible to pass a `profile` query parameter. The value will match an entry in the `fortigate-key.yaml` 
+file, but only to use the `probes` section for include/exclude directives.
+
+Example:
+```bash
+curl 'localhost:9710/probe?target=https://192.168.2.31&token=ghi6eItWzWewgbrFMsazvBVwDjZzzb&profile=fs124e'
+```
+The `profile=fs124e` would match the following entry in `fortigate-key.yaml`.
+
+Example:
+```yaml
+fs124e:
+  # token: not used 
+  probes:
+    include:
+      - System
+      - Firewall
+    exclude:
+      - System/LinkMonitor
+```
+
+
+
 ### Available CLI parameters
 
 | flag  | default value  |  description  |
@@ -374,7 +439,7 @@ To improve security, limit permissions to required ones only (least privilege pr
 |Wifi/APStatus                | wifi               |api/v2/monitor/wifi/ap_status |
 |Wifi/Clients                 | wifi               |api/v2/monitor/wifi/client |
 |Wifi/ManagedAP               | wifi               |api/v2/monitor/wifi/managed_ap |
-
+|Switch/ManagedSwitch         | switch	           |api/v2/monitor/switch-controller/managed-switch|
 If you omit to grant some of these permissions you will receive log messages warning about
 403 errors and relevant metrics will be unavailable, but other metrics will still work.
 If you do not need some probes to be run, do not grant permission for them and use `include/exclude` feature (see `Usage` section).
@@ -438,6 +503,40 @@ An example configuration for Prometheus looks something like this:
         replacement: '[::1]:9710'
 ```
 
+If using [Dynamic configuration](#dynamic-configuration):
+```yaml
+  - job_name: 'fortigate_exporter'
+    metrics_path: /probe
+    file_sd_configs:
+      - files:
+          - /etc/prometheus/file_sd/fws/*.yml
+    params:
+      profile:
+      - fs124e
+    relabel_configs:
+    - source_labels: [__address__]
+      target_label: __param_target
+    - source_labels: [token]
+      target_label: __param_token
+    - source_labels: [__param_target]
+      regex: '(?:.+)(?::\/\/)([^:]*).*'
+      target_label: instance
+    - target_label: __address__
+      replacement: '[::1]:9710'
+    - action: labeldrop
+      regex: token
+```
+> Make sure to use the last labeldrop on the `token` label so that the tokens is not be part of your time series.
+
+> Since `token` is a label it will be shown in the Prometheus webgui at `http://<your prometheus>:9090/targets`.
+> 
+> **Make sure you protect your Prometheus if you add the token part of your prometheus config** 
+> 
+> Some options to protect Prometheus:
+> - Only expose UI to localhost --web.listen-address="127.0.0.1:9090"
+> - Basic authentication access - https://prometheus.io/docs/guides/basic-auth/
+> - **It is your responsibility!**
+
 ### Docker
 
 You can either use the automatic builds on
 
@@ -3,9 +3,10 @@ module github.com/bluecmd/fortigate_exporter
 go 1.18
 
 require (
-	github.com/google/go-jsonnet v0.18.0
-	github.com/prometheus/client_golang v1.13.0
+	github.com/google/go-jsonnet v0.19.1
+	github.com/prometheus/client_golang v1.14.0
 	gopkg.in/yaml.v2 v2.4.0
+	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
@@ -14,10 +15,10 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
+	golang.org/x/sys v0.1.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	sigs.k8s.io/yaml v1.1.0 // indirect
 )
@@ -59,6 +59,7 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
+github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -114,6 +115,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-jsonnet v0.18.0 h1:/6pTy6g+Jh1a1I2UMoAODkqELFiVIdOxbNwv0DDzoOg=
 github.com/google/go-jsonnet v0.18.0/go.mod h1:C3fTzyVJDslXdiTqw/bTFk7vSGyCtH3MGRbDfvEwGd0=
+github.com/google/go-jsonnet v0.19.1 h1:MORxkrG0elylUqh36R4AcSPX0oZQa9hvI3lroN+kDhs=
+github.com/google/go-jsonnet v0.19.1/go.mod h1:5JVT33JVCoehdTj5Z2KJq1eIdt3Nb8PCmZ+W5D8U350=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -170,11 +173,15 @@ github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
 github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
+github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
+github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
+github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
@@ -331,6 +338,8 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -478,6 +487,7 @@ gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 
@@ -16,7 +16,16 @@ func ProbeHandler(w http.ResponseWriter, r *http.Request) {
 	savedConfig := config.GetConfig()
 
 	params := r.URL.Query()
+	paramMap := make(map[string]string)
 	target := params.Get("target")
+	paramMap["target"] = params.Get("target")
+	if params.Get("token") != "" {
+		paramMap["token"] = params.Get("token")
+	}
+	if params.Get("profile") != "" {
+		paramMap["profile"] = params.Get("profile")
+	}
+
 	if target == "" {
 		http.Error(w, "Target parameter missing or empty", http.StatusBadRequest)
 		return
@@ -37,7 +46,7 @@ func ProbeHandler(w http.ResponseWriter, r *http.Request) {
 	start := time.Now()
 	pc := &ProbeCollector{}
 	registry.MustRegister(pc)
-	success, err := pc.Probe(ctx, target, &http.Client{}, savedConfig)
+	success, err := pc.Probe(ctx, paramMap, &http.Client{}, savedConfig)
 	if err != nil {
 		log.Printf("Probe request rejected; error is: %v", err)
 		http.Error(w, fmt.Sprintf("probe: %v", err), http.StatusBadRequest)