Add the Teleport Integration

.codecov.yml

@@ -570,6 +570,10 @@ coverage:
         target: 75
         flags:
         - teamcity
+      Teleport:
+        target: 75
+        flags:
+        - teleport
       Tekton:
         target: 75
         flags:
@@ -1392,6 +1396,11 @@ flags:
     paths:
     - teamcity/datadog_checks/teamcity
     - teamcity/tests
+  teleport:
+    carryforward: true
+    paths:
+    - teleport/datadog_checks/teleport
+    - teleport/tests
   tekton:
     carryforward: true
     paths:

.github/workflows/config/labeler.yml

@@ -335,10 +335,10 @@ integration/oracle:
 - oracle/**/*
 integration/otel:
 - otel/**/*
-integration/pan_firewall:
-- pan_firewall/**/*
 integration/palo_alto_panorama:
 - palo_alto_panorama/**/*
+integration/pan_firewall:
+- pan_firewall/**/*
 integration/pdh_check:
 - pdh_check/**/*
 integration/pgbouncer:
@@ -447,6 +447,8 @@ integration/teamcity:
 - teamcity/**/*
 integration/tekton:
 - tekton/**/*
+integration/teleport:
+- teleport/**/*
 integration/temporal:
 - temporal/**/*
 integration/tenable:

.github/workflows/test-all.yml

@@ -3203,6 +3203,25 @@ jobs:
       test-py3: ${{ inputs.test-py3 }}
       minimum-base-package: ${{ inputs.minimum-base-package }}
     secrets: inherit
+  je68b3b9:
+    uses: ./.github/workflows/test-target.yml
+    with:
+      job-name: Teleport
+      target: teleport
+      platform: linux
+      runner: '["ubuntu-22.04"]'
+      repo: "${{ inputs.repo }}"
+      python-version: "${{ inputs.python-version }}"
+      standard: ${{ inputs.standard }}
+      latest: ${{ inputs.latest }}
+      agent-image: "${{ inputs.agent-image }}"
+      agent-image-py2: "${{ inputs.agent-image-py2 }}"
+      agent-image-windows: "${{ inputs.agent-image-windows }}"
+      agent-image-windows-py2: "${{ inputs.agent-image-windows-py2 }}"
+      test-py2: ${{ inputs.test-py2 }}
+      test-py3: ${{ inputs.test-py3 }}
+      minimum-base-package: ${{ inputs.minimum-base-package }}
+    secrets: inherit
   j840fec7:
     uses: ./.github/workflows/test-target.yml
     with:

teleport/CHANGELOG.md

@@ -0,0 +1,7 @@
+# CHANGELOG - Teleport
+
+## 1.0.0 / 2024-02-07
+
+***Added***:
+
+* Initial Release

teleport/README.md

@@ -0,0 +1,63 @@
+# Agent Check: Teleport
+
+## Overview
+
+This check monitors [Teleport][1] through the Datadog Agent.
+
+## Setup
+
+Follow the instructions below to install and configure this check for an Agent running on a host. For containerized environments, see the [Autodiscovery Integration Templates][3] for guidance on applying these instructions.
+
+### Installation
+
+The Teleport check is included in the [Datadog Agent][2] package.
+No additional installation is needed on your server.
+
+### Prerequisites
+
+The Teleport check gathers Teleport's metrics and performance data using two distinct endpoints:
+   - The [Health endpoint](https://goteleport.com/docs/management/diagnostics/monitoring/#healthz) provides the overall health status of your Teleport instance.
+   - The [OpenMetrics endpoint](https://goteleport.com/docs/reference/metrics/#auth-service-and-backends) extracts metrics on the Teleport instance and the various services operating within that instance.
+
+These endpoints aren't activated by default. To enable the diagnostic HTTP endpoints in your Teleport instance, please refer to the public Teleport [documentation](https://goteleport.com/docs/management/diagnostics/monitoring/#enable-health-monitoring).
+
+### Configuration
+
+1. Edit the `teleport.d/conf.yaml` file, in the `conf.d/` folder at the root of your Agent's configuration directory to start collecting your teleport performance data. See the [sample teleport.d/conf.yaml][4] for all available configuration options.
+
+2. [Restart the Agent][5].
+
+### Validation
+
+[Run the Agent's status subcommand][6] and look for `teleport` under the Checks section.
+
+## Data Collected
+
+### Metrics
+
+See [metadata.csv][7] for a list of metrics provided by this integration.
+
+### Events
+
+The Teleport integration does not include any events.
+
+### Service Checks
+
+The Teleport integration does not include any service checks.
+
+See [service_checks.json][8] for a list of service checks provided by this integration.
+
+## Troubleshooting
+
+Need help? Contact [Datadog support][9].
+
+
+[1]: **LINK_TO_INTEGRATION_SITE**
+[2]: https://app.datadoghq.com/account/settings/agent/latest
+[3]: https://docs.datadoghq.com/agent/kubernetes/integrations/
+[4]: https://github.com/DataDog/integrations-core/blob/master/teleport/datadog_checks/teleport/data/conf.yaml.example
+[5]: https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent
+[6]: https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information
+[7]: https://github.com/DataDog/integrations-core/blob/master/teleport/metadata.csv
+[8]: https://github.com/DataDog/integrations-core/blob/master/teleport/assets/service_checks.json
+[9]: https://docs.datadoghq.com/help/

teleport/assets/configuration/spec.yaml

@@ -0,0 +1,23 @@
+name: Teleport
+files:
+- name: teleport.yaml
+  options:
+  - template: init_config
+    options:
+    - template: init_config/default
+  - template: instances
+    options:
+    - name: "teleport_url"
+      required: true
+      description: "The Teleport URL to connect to."
+      value:
+        type: string
+        example: "http://127.0.0.1"
+    - name: "diag_port"
+      description: "The Teleport Diagnostic Port."
+      value:
+        type: integer
+        example: 3000
+
+
+    - template: instances/default

teleport/assets/service_checks.json

@@ -0,0 +1 @@
+[]

teleport/changelog.d/16877.added

@@ -0,0 +1 @@
+Add the Teleport Integration

teleport/datadog_checks/__init__.py

@@ -0,0 +1,4 @@
+# (C) Datadog, Inc. 2024-present
+# All rights reserved
+# Licensed under a 3-clause BSD style license (see LICENSE)
+__path__ = __import__('pkgutil').extend_path(__path__, __name__)  # type: ignore

teleport/datadog_checks/teleport/__about__.py

@@ -0,0 +1,4 @@
+# (C) Datadog, Inc. 2024-present
+# All rights reserved
+# Licensed under a 3-clause BSD style license (see LICENSE)
+__version__ = '1.0.0'

teleport/datadog_checks/teleport/__init__.py

@@ -0,0 +1,7 @@
+# (C) Datadog, Inc. 2024-present
+# All rights reserved
+# Licensed under a 3-clause BSD style license (see LICENSE)
+from .__about__ import __version__
+from .check import TeleportCheck
+
+__all__ = ['__version__', 'TeleportCheck']

teleport/datadog_checks/teleport/check.py

@@ -0,0 +1,88 @@
+# (C) Datadog, Inc. 2024-present
+# All rights reserved
+# Licensed under a 3-clause BSD style license (see LICENSE)
+
+from datadog_checks.base import OpenMetricsBaseCheckV2
+from datadog_checks.base.checks.openmetrics.v2.transform import get_native_dynamic_transformer
+
+from .metrics import METRIC_MAP, METRIC_MAP_BY_SERVICE
+
+
+class TeleportCheck(OpenMetricsBaseCheckV2):
+    __NAMESPACE__ = 'teleport'
+    DEFAULT_METRIC_LIMIT = 0
+    DEFAULT_DIAG_PORT = 3000
+
+    def __init__(self, name, init_config, instances):
+        super().__init__(name, init_config, instances)
+        self.check_initializations.appendleft(self._parse_config)
+        self.check_initializations.append(self._configure_additional_transformers)
+
+    def check(self, _):
+        try:
+            health_endpoint = f"{self.diag_addr}/healthz"
+            response = self.http.get(health_endpoint)
+            response.raise_for_status()
+            self.count("health.up", 1, tags=["teleport_status:ok"])
+        except Exception as e:
+            self.log.error(
+                "Cannot connect to Teleport HTTP diagnostic health endpoint '%s': %s.\nPlease make sure to enable Teleport's diagnostic HTTP endpoints.",  # noqa: E501
+                health_endpoint,
+                str(e),
+            )  # noqa: E501
+            self.count("health.up", 0, tags=["teleport_status:unreachable"])
+            raise
+
+        super().check(_)
+
+    def _parse_config(self):
+        self.teleport_url = self.instance.get("teleport_url")
+        self.diag_port = self.instance.get("diag_port", self.DEFAULT_DIAG_PORT)
+        if self.teleport_url:
+            self.diag_addr = "{}:{}".format(self.teleport_url, self.diag_port)
+            self.instance.setdefault("openmetrics_endpoint", "{}/metrics".format(self.diag_addr))
+            self.instance.setdefault("rename_labels", {'version': "teleport_version"})
+
+    def _configure_additional_transformers(self):
+        metric_transformer = self.scrapers[self.instance['openmetrics_endpoint']].metric_transformer
+        metric_transformer.add_custom_transformer(r'.*', self.configure_transformer_teleport_metrics(), pattern=True)
+
+    def configure_transformer_teleport_metrics(self):
+        def transform(_metric, sample_data, _runtime_data):
+            for sample, tags, hostname in sample_data:
+                metric_name = _metric.name
+                metric_type = _metric.type
+
+                # ignore metrics we don't collect
+                if metric_name not in METRIC_MAP:
+                    continue
+
+                # extract `teleport_service` tag
+                service = METRIC_MAP_BY_SERVICE.get(metric_name, "teleport")
+                tags = tags + [f"teleport_service:{service}"]
+
+                # get mapped metric name
+                new_metric_name = METRIC_MAP[metric_name]
+                if isinstance(new_metric_name, dict) and "name" in new_metric_name:
+                    new_metric_name = new_metric_name["name"]
+
+                # send metric
+                metric_transformer = self.scrapers[self.instance['openmetrics_endpoint']].metric_transformer
+
+                if metric_type == "counter":
+                    self.count(new_metric_name + ".count", sample.value, tags=tags, hostname=hostname)
+                elif metric_type == "gauge":
+                    self.gauge(new_metric_name, sample.value, tags=tags, hostname=hostname)
+                else:
+                    native_transformer = get_native_dynamic_transformer(
+                        self, new_metric_name, None, metric_transformer.global_options
+                    )
+
+                    def add_tag_to_sample(sample, service):
+                        [sample, tags, hostname] = sample
+                        return [sample, tags + [f"teleport_service:{service}"], hostname]
+
+                    modified_sample_data = (add_tag_to_sample(x, service) for x in sample_data)
+                    native_transformer(_metric, modified_sample_data, _runtime_data)
+
+        return transform

teleport/datadog_checks/teleport/config_models/__init__.py

@@ -0,0 +1,24 @@
+# (C) Datadog, Inc. 2024-present
+# All rights reserved
+# Licensed under a 3-clause BSD style license (see LICENSE)
+
+# This file is autogenerated.
+# To change this file you should edit assets/configuration/spec.yaml and then run the following commands:
+#     ddev -x validate config -s <INTEGRATION_NAME>
+#     ddev -x validate models -s <INTEGRATION_NAME>
+
+from .instance import InstanceConfig
+from .shared import SharedConfig
+
+
+class ConfigMixin:
+    _config_model_instance: InstanceConfig
+    _config_model_shared: SharedConfig
+
+    @property
+    def config(self) -> InstanceConfig:
+        return self._config_model_instance
+
+    @property
+    def shared_config(self) -> SharedConfig:
+        return self._config_model_shared

teleport/datadog_checks/teleport/config_models/defaults.py

@@ -0,0 +1,24 @@
+# (C) Datadog, Inc. 2024-present
+# All rights reserved
+# Licensed under a 3-clause BSD style license (see LICENSE)
+
+# This file is autogenerated.
+# To change this file you should edit assets/configuration/spec.yaml and then run the following commands:
+#     ddev -x validate config -s <INTEGRATION_NAME>
+#     ddev -x validate models -s <INTEGRATION_NAME>
+
+
+def instance_diag_port():
+    return 3000
+
+
+def instance_disable_generic_tags():
+    return False
+
+
+def instance_empty_default_hostname():
+    return False
+
+
+def instance_min_collection_interval():
+    return 15

teleport/datadog_checks/teleport/config_models/instance.py

@@ -0,0 +1,63 @@
+# (C) Datadog, Inc. 2024-present
+# All rights reserved
+# Licensed under a 3-clause BSD style license (see LICENSE)
+
+# This file is autogenerated.
+# To change this file you should edit assets/configuration/spec.yaml and then run the following commands:
+#     ddev -x validate config -s <INTEGRATION_NAME>
+#     ddev -x validate models -s <INTEGRATION_NAME>
+
+from __future__ import annotations
+
+from typing import Optional
+
+from pydantic import BaseModel, ConfigDict, field_validator, model_validator
+
+from datadog_checks.base.utils.functions import identity
+from datadog_checks.base.utils.models import validation
+
+from . import defaults, validators
+
+
+class MetricPatterns(BaseModel):
+    model_config = ConfigDict(
+        arbitrary_types_allowed=True,
+        frozen=True,
+    )
+    exclude: Optional[tuple[str, ...]] = None
+    include: Optional[tuple[str, ...]] = None
+
+
+class InstanceConfig(BaseModel):
+    model_config = ConfigDict(
+        validate_default=True,
+        arbitrary_types_allowed=True,
+        frozen=True,
+    )
+    diag_port: Optional[int] = None
+    disable_generic_tags: Optional[bool] = None
+    empty_default_hostname: Optional[bool] = None
+    metric_patterns: Optional[MetricPatterns] = None
+    min_collection_interval: Optional[float] = None
+    service: Optional[str] = None
+    tags: Optional[tuple[str, ...]] = None
+    teleport_url: str
+
+    @model_validator(mode='before')
+    def _initial_validation(cls, values):
+        return validation.core.initialize_config(getattr(validators, 'initialize_instance', identity)(values))
+
+    @field_validator('*', mode='before')
+    def _validate(cls, value, info):
+        field = cls.model_fields[info.field_name]
+        field_name = field.alias or info.field_name
+        if field_name in info.context['configured_fields']:
+            value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)
+        else:
+            value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()
+
+        return validation.utils.make_immutable(value)
+
+    @model_validator(mode='after')
+    def _final_validation(cls, model):
+        return validation.core.check_model(getattr(validators, 'check_instance', identity)(model))