config: resolve more file paths (#5284)

Signed-off-by: Simon Pasquier <spasquie@redhat.com>

config/config.go

@@ -153,11 +153,17 @@ func resolveFilepaths(baseDir string, cfg *Config) {
 		cfg.RuleFiles[i] = join(rf)
 	}
 
+	tlsPaths := func(cfg *config_util.TLSConfig) {
+		cfg.CAFile = join(cfg.CAFile)
+		cfg.CertFile = join(cfg.CertFile)
+		cfg.KeyFile = join(cfg.KeyFile)
+	}
 	clientPaths := func(scfg *config_util.HTTPClientConfig) {
+		if scfg.BasicAuth != nil {
+			scfg.BasicAuth.PasswordFile = join(scfg.BasicAuth.PasswordFile)
+		}
 		scfg.BearerTokenFile = join(scfg.BearerTokenFile)
-		scfg.TLSConfig.CAFile = join(scfg.TLSConfig.CAFile)
-		scfg.TLSConfig.CertFile = join(scfg.TLSConfig.CertFile)
-		scfg.TLSConfig.KeyFile = join(scfg.TLSConfig.KeyFile)
+		tlsPaths(&scfg.TLSConfig)
 	}
 	sdPaths := func(cfg *sd_config.ServiceDiscoveryConfig) {
 		for _, kcfg := range cfg.KubernetesSDConfigs {
@@ -165,15 +171,16 @@ func resolveFilepaths(baseDir string, cfg *Config) {
 		}
 		for _, mcfg := range cfg.MarathonSDConfigs {
 			mcfg.AuthTokenFile = join(mcfg.AuthTokenFile)
-			mcfg.HTTPClientConfig.BearerTokenFile = join(mcfg.HTTPClientConfig.BearerTokenFile)
-			mcfg.HTTPClientConfig.TLSConfig.CAFile = join(mcfg.HTTPClientConfig.TLSConfig.CAFile)
-			mcfg.HTTPClientConfig.TLSConfig.CertFile = join(mcfg.HTTPClientConfig.TLSConfig.CertFile)
-			mcfg.HTTPClientConfig.TLSConfig.KeyFile = join(mcfg.HTTPClientConfig.TLSConfig.KeyFile)
+			clientPaths(&mcfg.HTTPClientConfig)
 		}
 		for _, consulcfg := range cfg.ConsulSDConfigs {
-			consulcfg.TLSConfig.CAFile = join(consulcfg.TLSConfig.CAFile)
-			consulcfg.TLSConfig.CertFile = join(consulcfg.TLSConfig.CertFile)
-			consulcfg.TLSConfig.KeyFile = join(consulcfg.TLSConfig.KeyFile)
+			tlsPaths(&consulcfg.TLSConfig)
+		}
+		for _, cfg := range cfg.OpenstackSDConfigs {
+			tlsPaths(&cfg.TLSConfig)
+		}
+		for _, cfg := range cfg.TritonSDConfigs {
+			tlsPaths(&cfg.TLSConfig)
 		}
 		for _, filecfg := range cfg.FileSDConfigs {
 			for i, fn := range filecfg.Files {
@@ -190,6 +197,12 @@ func resolveFilepaths(baseDir string, cfg *Config) {
 		clientPaths(&cfg.HTTPClientConfig)
 		sdPaths(&cfg.ServiceDiscoveryConfig)
 	}
+	for _, cfg := range cfg.RemoteReadConfigs {
+		clientPaths(&cfg.HTTPClientConfig)
+	}
+	for _, cfg := range cfg.RemoteWriteConfigs {
+		clientPaths(&cfg.HTTPClientConfig)
+	}
 }
 
 func (c Config) String() string {

config/config_test.go

@@ -23,9 +23,13 @@ import (
 	"testing"
 	"time"
 
-	"github.com/prometheus/prometheus/pkg/relabel"
+	config_util "github.com/prometheus/common/config"
+	"github.com/prometheus/common/model"
+	"github.com/stretchr/testify/assert"
+	"gopkg.in/yaml.v2"
 
 	"github.com/prometheus/prometheus/discovery/azure"
+	sd_config "github.com/prometheus/prometheus/discovery/config"
 	"github.com/prometheus/prometheus/discovery/consul"
 	"github.com/prometheus/prometheus/discovery/dns"
 	"github.com/prometheus/prometheus/discovery/ec2"
@@ -36,12 +40,8 @@ import (
 	"github.com/prometheus/prometheus/discovery/targetgroup"
 	"github.com/prometheus/prometheus/discovery/triton"
 	"github.com/prometheus/prometheus/discovery/zookeeper"
-
-	config_util "github.com/prometheus/common/config"
-	"github.com/prometheus/common/model"
-	sd_config "github.com/prometheus/prometheus/discovery/config"
+	"github.com/prometheus/prometheus/pkg/relabel"
 	"github.com/prometheus/prometheus/util/testutil"
-	"gopkg.in/yaml.v2"
 )
 
 func mustParseURL(u string) *config_util.URL {
@@ -88,6 +88,12 @@ var expectedConf = &Config{
 			URL:           mustParseURL("http://remote2/push"),
 			RemoteTimeout: model.Duration(30 * time.Second),
 			QueueConfig:   DefaultQueueConfig,
+			HTTPClientConfig: config_util.HTTPClientConfig{
+				TLSConfig: config_util.TLSConfig{
+					CertFile: filepath.FromSlash("testdata/valid_cert_file"),
+					KeyFile:  filepath.FromSlash("testdata/valid_key_file"),
+				},
+			},
 		},
 	},
 
@@ -102,6 +108,12 @@ var expectedConf = &Config{
 			RemoteTimeout:    model.Duration(1 * time.Minute),
 			ReadRecent:       false,
 			RequiredMatchers: model.LabelSet{"job": "special"},
+			HTTPClientConfig: config_util.HTTPClientConfig{
+				TLSConfig: config_util.TLSConfig{
+					CertFile: filepath.FromSlash("testdata/valid_cert_file"),
+					KeyFile:  filepath.FromSlash("testdata/valid_key_file"),
+				},
+			},
 		},
 	},
 
@@ -346,6 +358,10 @@ var expectedConf = &Config{
 								Username: "myusername",
 								Password: "mysecret",
 							},
+							TLSConfig: config_util.TLSConfig{
+								CertFile: filepath.FromSlash("testdata/valid_cert_file"),
+								KeyFile:  filepath.FromSlash("testdata/valid_key_file"),
+							},
 						},
 						NamespaceDiscovery: kubernetes.NamespaceDiscovery{},
 					},
@@ -360,6 +376,12 @@ var expectedConf = &Config{
 
 			MetricsPath: DefaultScrapeConfig.MetricsPath,
 			Scheme:      DefaultScrapeConfig.Scheme,
+			HTTPClientConfig: config_util.HTTPClientConfig{
+				BasicAuth: &config_util.BasicAuth{
+					Username:     "myusername",
+					PasswordFile: filepath.FromSlash("testdata/valid_password_file"),
+				},
+			},
 
 			ServiceDiscoveryConfig: sd_config.ServiceDiscoveryConfig{
 				KubernetesSDConfigs: []*kubernetes.SDConfig{
@@ -561,9 +583,9 @@ var expectedConf = &Config{
 						Port:            80,
 						RefreshInterval: model.Duration(60 * time.Second),
 						TLSConfig: config_util.TLSConfig{
-							CAFile:   "valid_ca_file",
-							CertFile: "valid_cert_file",
-							KeyFile:  "valid_key_file",
+							CAFile:   "testdata/valid_ca_file",
+							CertFile: "testdata/valid_cert_file",
+							KeyFile:  "testdata/valid_key_file",
 						},
 					},
 				},
@@ -603,7 +625,7 @@ func TestLoadConfig(t *testing.T) {
 	testutil.Ok(t, err)
 
 	expectedConf.original = c.original
-	testutil.Equals(t, expectedConf, c)
+	assert.Equal(t, expectedConf, c)
 }
 
 // YAML marshaling must not reveal authentication credentials.

config/testdata/conf.good.yml

@@ -19,6 +19,9 @@ remote_write:
       regex:         expensive.*
       action:        drop
   - url: http://remote2/push
+    tls_config:
+      cert_file: valid_cert_file
+      key_file: valid_key_file
 
 remote_read:
   - url: http://remote1/read
@@ -27,6 +30,9 @@ remote_read:
     read_recent: false
     required_matchers:
       job: special
+    tls_config:
+      cert_file: valid_cert_file
+      key_file: valid_key_file
 
 scrape_configs:
 - job_name: prometheus
@@ -153,6 +159,9 @@ scrape_configs:
   kubernetes_sd_configs:
   - role: endpoints
     api_server: 'https://localhost:1234'
+    tls_config:
+      cert_file: valid_cert_file
+      key_file: valid_key_file
 
     basic_auth:
       username: 'myusername'
@@ -167,6 +176,11 @@ scrape_configs:
       names:
         - default
 
+  basic_auth:
+    username: 'myusername'
+    password_file: valid_password_file
+
+
 - job_name: service-marathon
   marathon_sd_configs:
   - servers:
@@ -231,8 +245,8 @@ scrape_configs:
     refresh_interval: 1m
     version: 1
     tls_config:
-      cert_file: testdata/valid_cert_file
-      key_file: testdata/valid_key_file
+      cert_file: valid_cert_file
+      key_file: valid_key_file
 
 - job_name: service-openstack
   openstack_sd_configs:

vendor/modules.txt

@@ -262,8 +262,8 @@ github.com/shurcooL/httpfs/vfsutil
 # github.com/shurcooL/vfsgen v0.0.0-20180711163814-62bca832be04
 github.com/shurcooL/vfsgen
 # github.com/stretchr/testify v1.2.2
-github.com/stretchr/testify/require
 github.com/stretchr/testify/assert
+github.com/stretchr/testify/require
 # go.opencensus.io v0.18.1-0.20181204023538-aab39bd6a98b
 go.opencensus.io/plugin/ochttp
 go.opencensus.io/plugin/ochttp/propagation/tracecontext