Prometheus / InfluxDB exporter for the Mercedes Benz "Bring Your Own Car" (BYOCAR) API products
Find a file
Knut Ahlers 1e3303d84a
Update dependencies
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2023-04-14 13:49:19 +02:00
internal Fix: Gracefully handle data not being available for query type 2022-12-04 00:50:10 +01:00
.gitignore Initial version 2022-11-20 00:47:49 +01:00
auth.go Initial version 2022-11-20 00:47:49 +01:00
config.go Add InfluxDB exporter 2022-11-20 14:44:55 +01:00
Dockerfile Add Dockerfile 2022-11-20 00:52:16 +01:00
fetcher.go Fix: Gracefully handle data not being available for query type 2022-12-04 00:50:10 +01:00
go.mod Update dependencies 2023-04-14 13:49:19 +02:00
go.sum Update dependencies 2023-04-14 13:49:19 +02:00
History.md prepare release v0.2.1 2022-12-04 00:54:02 +01:00
LICENSE Initial version 2022-11-20 00:47:49 +01:00
main.go Add InfluxDB exporter 2022-11-20 14:44:55 +01:00
README.md Update README 2022-11-20 16:06:57 +01:00

Luzifer / mercedes-byocar-exporter

This repository contains an Prometheus & InfluxDB exporter for the Mercedes Benz "Bring Your Own Car" (BYOCAR) API products.

Features:

  • Store credentials either in Vault or in a local JSON file
  • Fetch data for all cars in your MercedesME account
  • Prometheus exporter for the metrics
  • InfluxDB exporter avoiding spamming entries to the database by using reported dates from Mercedes API

Usage

# mercedes-byocar-exporter
Usage of mercedes-byocar-exporter:
      --client-id string          Client-ID of Mercedes Developers Console App
      --client-secret string      Client-Secret of Mercedes Developers Console App
      --credential-file string    Where to store tokens when using client-id from CLI parameters (default "credentials.json")
      --fetch-interval duration   How often to ask the Mercedes API for updates (default 15m0s)
      --influx-export string      Set to url (http[s]://user:pass@host[:port]/database) to enable Influx exporter
      --listen string             Port/IP to listen on (default ":3000")
      --log-level string          Log level (debug, info, warn, error, fatal) (default "info")
      --redirect-url string       Redirect URL registered in Mercedes Developers Console (default "http://127.0.0.1:3000/store-token")
      --vault-key string          Use credentials from and update in Vault
      --vehicle-id strings        Vehicle identification number (e.g. WDB111111ZZZ22222)
      --version                   Prints current version and exits

Setup: Create the Mercedes Developer App

Setup: Deploy the exporter

You can

  • build the Go application by running go build in the checkout
  • build the Docker container by running docker build . in the checkout
  • get a pre-built image

When running with local JSON-file as storage you need to specify the client-id, client-secret and credential-file flags or corresponding environment variables (CLIENT_ID, CLIENT_SECRET, CREDENTIAL_FILE).

When running with Vault as storage backend specify the vault-key (VAULT_KEY), VAULT_ADDR and VAULT_TOKEN or VAULT_ROLE_ID / VAULT_SECRET_ID for access to Vault. Inside Vault KV v1 backend store this JSON (set your client-id and secret): {"client-id": "", "client-secret": ""} and make sure the process can write to that key to store user tokens.

In all cases specify one or more --vehicle-id (VEHICLE_ID=WDB111111ZZZ22222,WDB111111ZZZ22223) to fetch data for. All of those cars must be associated to your Mercedes ID.

Setup: Authorize exporter

When everything is running you should be able to access the exporter:

  • https://exporter.example.com/auth - Redirect to authorize your project to access your car(s)
  • https://exporter.example.com/healthz - Health-Check endpoint
  • https://exporter.example.com/metrics - Text-version of exported metrics

You need to access the /auth route once to fetch access- and refresh-keys. If something wents wrong with those keys you can re-authorize the app using this route.

Setup: Security

⚠️ This exporter does not have any security measures like access control and will never have them!

I strongly advice to put the exporter behind auth or any non-public network and ensure no unauthorized user can access any of the endpoints:

  • The /auth endpoint can be used to mess with the authorization (even though this makes no sense as it will just replace the credentials)
  • The /metrics endpoint will expose your VIN/FIN to anyone accessing it