diff --git a/config/config.go b/config/config.go index 087b24c89..3ec28e4d7 100644 --- a/config/config.go +++ b/config/config.go @@ -153,11 +153,17 @@ func resolveFilepaths(baseDir string, cfg *Config) { cfg.RuleFiles[i] = join(rf) } + tlsPaths := func(cfg *config_util.TLSConfig) { + cfg.CAFile = join(cfg.CAFile) + cfg.CertFile = join(cfg.CertFile) + cfg.KeyFile = join(cfg.KeyFile) + } clientPaths := func(scfg *config_util.HTTPClientConfig) { + if scfg.BasicAuth != nil { + scfg.BasicAuth.PasswordFile = join(scfg.BasicAuth.PasswordFile) + } scfg.BearerTokenFile = join(scfg.BearerTokenFile) - scfg.TLSConfig.CAFile = join(scfg.TLSConfig.CAFile) - scfg.TLSConfig.CertFile = join(scfg.TLSConfig.CertFile) - scfg.TLSConfig.KeyFile = join(scfg.TLSConfig.KeyFile) + tlsPaths(&scfg.TLSConfig) } sdPaths := func(cfg *sd_config.ServiceDiscoveryConfig) { for _, kcfg := range cfg.KubernetesSDConfigs { @@ -165,15 +171,16 @@ func resolveFilepaths(baseDir string, cfg *Config) { } for _, mcfg := range cfg.MarathonSDConfigs { mcfg.AuthTokenFile = join(mcfg.AuthTokenFile) - mcfg.HTTPClientConfig.BearerTokenFile = join(mcfg.HTTPClientConfig.BearerTokenFile) - mcfg.HTTPClientConfig.TLSConfig.CAFile = join(mcfg.HTTPClientConfig.TLSConfig.CAFile) - mcfg.HTTPClientConfig.TLSConfig.CertFile = join(mcfg.HTTPClientConfig.TLSConfig.CertFile) - mcfg.HTTPClientConfig.TLSConfig.KeyFile = join(mcfg.HTTPClientConfig.TLSConfig.KeyFile) + clientPaths(&mcfg.HTTPClientConfig) } for _, consulcfg := range cfg.ConsulSDConfigs { - consulcfg.TLSConfig.CAFile = join(consulcfg.TLSConfig.CAFile) - consulcfg.TLSConfig.CertFile = join(consulcfg.TLSConfig.CertFile) - consulcfg.TLSConfig.KeyFile = join(consulcfg.TLSConfig.KeyFile) + tlsPaths(&consulcfg.TLSConfig) + } + for _, cfg := range cfg.OpenstackSDConfigs { + tlsPaths(&cfg.TLSConfig) + } + for _, cfg := range cfg.TritonSDConfigs { + tlsPaths(&cfg.TLSConfig) } for _, filecfg := range cfg.FileSDConfigs { for i, fn := range filecfg.Files { @@ -190,6 +197,12 @@ func resolveFilepaths(baseDir string, cfg *Config) { clientPaths(&cfg.HTTPClientConfig) sdPaths(&cfg.ServiceDiscoveryConfig) } + for _, cfg := range cfg.RemoteReadConfigs { + clientPaths(&cfg.HTTPClientConfig) + } + for _, cfg := range cfg.RemoteWriteConfigs { + clientPaths(&cfg.HTTPClientConfig) + } } func (c Config) String() string { diff --git a/config/config_test.go b/config/config_test.go index d8c939db0..298289de7 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -23,9 +23,13 @@ import ( "testing" "time" - "github.com/prometheus/prometheus/pkg/relabel" + config_util "github.com/prometheus/common/config" + "github.com/prometheus/common/model" + "github.com/stretchr/testify/assert" + "gopkg.in/yaml.v2" "github.com/prometheus/prometheus/discovery/azure" + sd_config "github.com/prometheus/prometheus/discovery/config" "github.com/prometheus/prometheus/discovery/consul" "github.com/prometheus/prometheus/discovery/dns" "github.com/prometheus/prometheus/discovery/ec2" @@ -36,12 +40,8 @@ import ( "github.com/prometheus/prometheus/discovery/targetgroup" "github.com/prometheus/prometheus/discovery/triton" "github.com/prometheus/prometheus/discovery/zookeeper" - - config_util "github.com/prometheus/common/config" - "github.com/prometheus/common/model" - sd_config "github.com/prometheus/prometheus/discovery/config" + "github.com/prometheus/prometheus/pkg/relabel" "github.com/prometheus/prometheus/util/testutil" - "gopkg.in/yaml.v2" ) func mustParseURL(u string) *config_util.URL { @@ -88,6 +88,12 @@ var expectedConf = &Config{ URL: mustParseURL("http://remote2/push"), RemoteTimeout: model.Duration(30 * time.Second), QueueConfig: DefaultQueueConfig, + HTTPClientConfig: config_util.HTTPClientConfig{ + TLSConfig: config_util.TLSConfig{ + CertFile: filepath.FromSlash("testdata/valid_cert_file"), + KeyFile: filepath.FromSlash("testdata/valid_key_file"), + }, + }, }, }, @@ -102,6 +108,12 @@ var expectedConf = &Config{ RemoteTimeout: model.Duration(1 * time.Minute), ReadRecent: false, RequiredMatchers: model.LabelSet{"job": "special"}, + HTTPClientConfig: config_util.HTTPClientConfig{ + TLSConfig: config_util.TLSConfig{ + CertFile: filepath.FromSlash("testdata/valid_cert_file"), + KeyFile: filepath.FromSlash("testdata/valid_key_file"), + }, + }, }, }, @@ -346,6 +358,10 @@ var expectedConf = &Config{ Username: "myusername", Password: "mysecret", }, + TLSConfig: config_util.TLSConfig{ + CertFile: filepath.FromSlash("testdata/valid_cert_file"), + KeyFile: filepath.FromSlash("testdata/valid_key_file"), + }, }, NamespaceDiscovery: kubernetes.NamespaceDiscovery{}, }, @@ -360,6 +376,12 @@ var expectedConf = &Config{ MetricsPath: DefaultScrapeConfig.MetricsPath, Scheme: DefaultScrapeConfig.Scheme, + HTTPClientConfig: config_util.HTTPClientConfig{ + BasicAuth: &config_util.BasicAuth{ + Username: "myusername", + PasswordFile: filepath.FromSlash("testdata/valid_password_file"), + }, + }, ServiceDiscoveryConfig: sd_config.ServiceDiscoveryConfig{ KubernetesSDConfigs: []*kubernetes.SDConfig{ @@ -561,9 +583,9 @@ var expectedConf = &Config{ Port: 80, RefreshInterval: model.Duration(60 * time.Second), TLSConfig: config_util.TLSConfig{ - CAFile: "valid_ca_file", - CertFile: "valid_cert_file", - KeyFile: "valid_key_file", + CAFile: "testdata/valid_ca_file", + CertFile: "testdata/valid_cert_file", + KeyFile: "testdata/valid_key_file", }, }, }, @@ -603,7 +625,7 @@ func TestLoadConfig(t *testing.T) { testutil.Ok(t, err) expectedConf.original = c.original - testutil.Equals(t, expectedConf, c) + assert.Equal(t, expectedConf, c) } // YAML marshaling must not reveal authentication credentials. diff --git a/config/testdata/conf.good.yml b/config/testdata/conf.good.yml index 2db750d10..23ea7cdf9 100644 --- a/config/testdata/conf.good.yml +++ b/config/testdata/conf.good.yml @@ -19,6 +19,9 @@ remote_write: regex: expensive.* action: drop - url: http://remote2/push + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file remote_read: - url: http://remote1/read @@ -27,6 +30,9 @@ remote_read: read_recent: false required_matchers: job: special + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file scrape_configs: - job_name: prometheus @@ -153,6 +159,9 @@ scrape_configs: kubernetes_sd_configs: - role: endpoints api_server: 'https://localhost:1234' + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file basic_auth: username: 'myusername' @@ -167,6 +176,11 @@ scrape_configs: names: - default + basic_auth: + username: 'myusername' + password_file: valid_password_file + + - job_name: service-marathon marathon_sd_configs: - servers: @@ -231,8 +245,8 @@ scrape_configs: refresh_interval: 1m version: 1 tls_config: - cert_file: testdata/valid_cert_file - key_file: testdata/valid_key_file + cert_file: valid_cert_file + key_file: valid_key_file - job_name: service-openstack openstack_sd_configs: diff --git a/vendor/modules.txt b/vendor/modules.txt index e25f60c34..f051f5f77 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -262,8 +262,8 @@ github.com/shurcooL/httpfs/vfsutil # github.com/shurcooL/vfsgen v0.0.0-20180711163814-62bca832be04 github.com/shurcooL/vfsgen # github.com/stretchr/testify v1.2.2 -github.com/stretchr/testify/require github.com/stretchr/testify/assert +github.com/stretchr/testify/require # go.opencensus.io v0.18.1-0.20181204023538-aab39bd6a98b go.opencensus.io/plugin/ochttp go.opencensus.io/plugin/ochttp/propagation/tracecontext