option api.server.disable_usage_metrics_export (#4021)

Author: mmetc

pkg/apiserver/apiserver.go

@@ -34,9 +34,7 @@ import (
 const keyLength = 32
 
 type APIServer struct {
-	URL            string
-	UnixSocket     string
-	TLS            *csconfig.TLSCfg
+	cfg            *csconfig.LocalApiServerCfg
 	dbClient       *database.Client
 	controller     *controllers.Controller
 	flushScheduler *gocron.Scheduler
@@ -281,9 +279,7 @@ func NewServer(ctx context.Context, config *csconfig.LocalApiServerCfg) (*APISer
 	controller.TrustedIPs = trustedIPs
 
 	return &APIServer{
-		URL:            config.ListenURI,
-		UnixSocket:     config.ListenSocket,
-		TLS:            config.TLS,
+		cfg:		config,
 		dbClient:       dbClient,
 		controller:     controller,
 		flushScheduler: flushScheduler,
@@ -357,22 +353,24 @@ func (s *APIServer) initAPIC(ctx context.Context) {
 		return nil
 	})
 
-	s.apic.metricsTomb.Go(func() error {
-		s.apic.SendUsageMetrics(ctx)
-		return nil
-	})
+	if !s.cfg.DisableUsageMetricsExport {
+		s.apic.metricsTomb.Go(func() error {
+			s.apic.SendUsageMetrics(ctx)
+			return nil
+		})
+	}
 }
 
 func (s *APIServer) Run(ctx context.Context, apiReady chan bool) error {
 	defer trace.CatchPanic("lapi/runServer")
 
-	tlsCfg, err := s.TLS.GetTLSConfig()
+	tlsCfg, err := s.cfg.TLS.GetTLSConfig()
 	if err != nil {
 		return fmt.Errorf("while creating TLS config: %w", err)
 	}
 
 	s.httpServer = &http.Server{
-		Addr:      s.URL,
+		Addr:      s.cfg.ListenURI,
 		Handler:   s.router,
 		TLSConfig: tlsCfg,
 		Protocols: &http.Protocols{},
@@ -408,18 +406,18 @@ func (s *APIServer) listenAndServeLAPI(ctx context.Context, apiReady chan bool)
 	startServer := func(listener net.Listener, canTLS bool) {
 		var err error
 
-		if canTLS && s.TLS != nil && (s.TLS.CertFilePath != "" || s.TLS.KeyFilePath != "") {
-			if s.TLS.KeyFilePath == "" {
+		if canTLS && s.cfg.TLS != nil && (s.cfg.TLS.CertFilePath != "" || s.cfg.TLS.KeyFilePath != "") {
+			if s.cfg.TLS.KeyFilePath == "" {
 				serverError <- errors.New("missing TLS key file")
 				return
 			}
 
-			if s.TLS.CertFilePath == "" {
+			if s.cfg.TLS.CertFilePath == "" {
 				serverError <- errors.New("missing TLS cert file")
 				return
 			}
 
-			err = s.httpServer.ServeTLS(listener, s.TLS.CertFilePath, s.TLS.KeyFilePath)
+			err = s.httpServer.ServeTLS(listener, s.cfg.TLS.CertFilePath, s.cfg.TLS.KeyFilePath)
 		} else {
 			err = s.httpServer.Serve(listener)
 		}
@@ -446,7 +444,7 @@ func (s *APIServer) listenAndServeLAPI(ctx context.Context, apiReady chan bool)
 
 		log.Infof("CrowdSec Local API listening on %s", url)
 		startServer(listener, true)
-	}(s.URL)
+	}(s.cfg.ListenURI)
 
 	// Starting Unix socket listener
 	go func(socket string) {
@@ -468,7 +466,7 @@ func (s *APIServer) listenAndServeLAPI(ctx context.Context, apiReady chan bool)
 
 		log.Infof("CrowdSec Local API listening on Unix socket %s", socket)
 		startServer(listener, false)
-	}(s.UnixSocket)
+	}(s.cfg.ListenSocket)
 
 	apiReady <- true
 
@@ -485,10 +483,10 @@ func (s *APIServer) listenAndServeLAPI(ctx context.Context, apiReady chan bool)
 			log.Errorf("while shutting down http server: %v", err)
 		}
 
-		if s.UnixSocket != "" {
-			if err := os.Remove(s.UnixSocket); err != nil {
+		if s.cfg.ListenSocket != "" {
+			if err := os.Remove(s.cfg.ListenSocket); err != nil {
 				if !errors.Is(err, fs.ErrNotExist) {
-					log.Errorf("can't remove socket %s: %s", s.UnixSocket, err)
+					log.Errorf("can't remove socket %s: %s", s.cfg.ListenSocket, err)
 				}
 			}
 		}
@@ -555,7 +553,7 @@ func hasPlugins(profiles []*csconfig.ProfileCfg) bool {
 }
 
 func (s *APIServer) InitPlugins(ctx context.Context, cConfig *csconfig.Config, pluginBroker *csplugin.PluginBroker) error {
-	if hasPlugins(cConfig.API.Server.Profiles) {
+	if hasPlugins(s.cfg.Profiles) {
 		log.Info("initiating plugin broker")
 		// On windows, the plugins are always run as medium-integrity processes, so we don't care about plugin_config
 		if cConfig.PluginConfig == nil && runtime.GOOS != "windows" {
@@ -566,7 +564,7 @@ func (s *APIServer) InitPlugins(ctx context.Context, cConfig *csconfig.Config, p
 			return errors.New("plugins are enabled, but config_paths.plugin_dir is not defined")
 		}
 
-		err := pluginBroker.Init(ctx, cConfig.PluginConfig, cConfig.API.Server.Profiles, cConfig.ConfigPaths)
+		err := pluginBroker.Init(ctx, cConfig.PluginConfig, s.cfg.Profiles, cConfig.ConfigPaths)
 		if err != nil {
 			return fmt.Errorf("plugin broker: %w", err)
 		}
@@ -584,18 +582,18 @@ func (s *APIServer) InitController() error {
 		return fmt.Errorf("controller init: %w", err)
 	}
 
-	if s.TLS == nil {
+	if s.cfg.TLS == nil {
 		return nil
 	}
 
 	// TLS is configured: create the TLSAuth middleware for agents and bouncers
 
 	cacheExpiration := time.Hour
-	if s.TLS.CacheExpiration != nil {
-		cacheExpiration = *s.TLS.CacheExpiration
+	if s.cfg.TLS.CacheExpiration != nil {
+		cacheExpiration = *s.cfg.TLS.CacheExpiration
 	}
 
-	s.controller.HandlerV1.Middlewares.JWT.TlsAuth, err = v1.NewTLSAuth(s.TLS.AllowedAgentsOU, s.TLS.CRLPath,
+	s.controller.HandlerV1.Middlewares.JWT.TlsAuth, err = v1.NewTLSAuth(s.cfg.TLS.AllowedAgentsOU, s.cfg.TLS.CRLPath,
 		cacheExpiration,
 		log.WithFields(log.Fields{
 			"component": "tls-auth",
@@ -605,7 +603,7 @@ func (s *APIServer) InitController() error {
 		return fmt.Errorf("while creating TLS auth for agents: %w", err)
 	}
 
-	s.controller.HandlerV1.Middlewares.APIKey.TlsAuth, err = v1.NewTLSAuth(s.TLS.AllowedBouncersOU, s.TLS.CRLPath,
+	s.controller.HandlerV1.Middlewares.APIKey.TlsAuth, err = v1.NewTLSAuth(s.cfg.TLS.AllowedBouncersOU, s.cfg.TLS.CRLPath,
 		cacheExpiration,
 		log.WithFields(log.Fields{
 			"component": "tls-auth",

pkg/csconfig/api.go

@@ -247,6 +247,7 @@ type LocalApiServerCfg struct {
 	CapiWhitelistsPath            string                   `yaml:"capi_whitelists_path,omitempty"`
 	CapiWhitelists                *CapiWhitelist           `yaml:"-"`
 	AutoRegister                  *LocalAPIAutoRegisterCfg `yaml:"auto_registration,omitempty"`
+	DisableUsageMetricsExport     bool                     `yaml:"disable_usage_metrics_export"`
 }
 
 func (c *LocalApiServerCfg) GetTrustedIPs() ([]net.IPNet, error) {