This tutorial I explain REST API used in Grafana to update Password which use to authenticate with Prometheus.
Following curl script will gather all data source from Grafana
curl -X GET \
-H "Content-type: application/json" \
-H "Accept: application/json" \
-u "admin:admin" \
"http://192.168.225.179:3000/api/datasources"
{"id":4,"uid":"b50f38ef-26ce-4455-ac72-bf412eeadc2a","orgId":1,"name":"Prometheus","type":"prometheus","typeName":"Prometheus","typeLogoUrl":"/public/app/plugins/datasource/prometheus/img/prometheus_logo.svg","access":"proxy","url":"http://192.168.225.179:80","user":"","database":"","basicAuth":true,"isDefault":false,"jsonData":{"httpMethod":"POST"},"readOnly":false}]Capture data from Data Source from above output like id, name, access, url, etc for your Prometheus data source
Now gather info for Prometheus Data Source like basicAuthUser using below curl code
curl -X GET \
-H "Content-type: application/json" \
-H "Accept: application/json" \
-u "admin:admin" \
"http://127.0.0.1:3000/api/datasources/name/Prometheus"
{"id":4,"uid":"b50f38ef-26ce-4455-ac72-bf412eeadc2a","orgId":1,"name":"Prometheus","type":"prometheus","typeLogoUrl":"/public/app/plugins/datasource/prometheus/img/prometheus_logo.svg","access":"proxy","url":"http://192.168.225.179:80","user":"","database":"","basicAuth":true,"basicAuthUser":"prom","withCredentials":false,"isDefault":false,"jsonData":{},"secureJsonFields":{"basicAuthPassword":true},"version":1,"readOnly":false}In above code we gathered basicAuthUser as prom ( “basicAuthUser”:”prom”) for for Prometheus Data Source.
Now lets update above Prometheus Data Source password in grafana using json file, here its pass.json. Example pass.json is as below
#cat pass.json
{
"id":4,
"orgId":1,
"name":"Prometheus",
"type":"prometheus",
"access":"proxy",
"url":"http://192.168.225.179:80",
"password":"",
"user":"",
"database":"",
"basicAuth":true,
"basicAuthUser":"prom",
"secureJsonData": {
"basicAuthPassword": "amit123"
},
"isDefault":false,
"jsonData":null
}
Now lets update above pass.json where we are updating password in Grafana for Prometheus Data source.
curl -X PUT \
-H "Content-type: application/json" \
-u "admin:admin" \
-d@pass.json \
"http://127.0.0.1:3000/api/datasources/4"
{"datasource":{"id":4,"uid":"b50f38ef-26ce-4455-ac72-bf412eeadc2a","orgId":1,"name":"Prometheus","type":"prometheus","typeLogoUrl":"/public/app/plugins/datasource/prometheus/img/prometheus_logo.svg","access":"proxy","url":"http://192.168.225.179:80","user":"","database":"","basicAuth":true,"basicAuthUser":"prom","withCredentials":false,"isDefault":false,"jsonData":{},"secureJsonFields":{"basicAuthPassword":true},"version":1,"readOnly":false},"id":4,"message":"Datasource updated","name":"Prometheus"}As you can see in above code of curl we use -d option to use pass.json to update password (“basicAuthPassword”: “amit123”) mentioned in it, for Prometheus data source in Grafana.
Here you get message “message”:”Datasource updated”,”name”:”Prometheus” as shown in above code if password updated in Grafana for Prometheus data source
NOTE: Admin password for grafana can be also updated via admin REST API – more info at https://grafana.com/docs/grafana/latest/developers/http_api/admin/
Summary : All these REST API can be used to rotate password periodically (Admin user and data source – like Prometheus password) for Grafana for security practice.
IT Consulting & IT Training 
Leave a comment