diff options
| author | Julien Pivotto <roidelapluie@inuits.eu> | 2020-04-25 13:42:45 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-25 13:42:45 +0200 |
| commit | 091bed01b084d8972a8d11a8a1325ce12646660a (patch) | |
| tree | 21de7bb9e5b3ced749f4b8464d6e5e4f7c6a4781 /https | |
| parent | fa4edd700ebc1b3614bcd953c215d3f2ab2e0b35 (diff) | |
| download | prometheus_node_collector-091bed01b084d8972a8d11a8a1325ce12646660a.tar.bz2 prometheus_node_collector-091bed01b084d8972a8d11a8a1325ce12646660a.tar.xz prometheus_node_collector-091bed01b084d8972a8d11a8a1325ce12646660a.zip | |
Make TLS config consistent with Prometheus (#1685)
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
Diffstat (limited to 'https')
| -rw-r--r-- | https/README.md | 11 | ||||
| -rw-r--r-- | https/testdata/tls_config_auth_clientCAs_invalid.bad.yml | 8 | ||||
| -rw-r--r-- | https/testdata/tls_config_auth_clientCAs_missing.bad.yml | 8 | ||||
| -rw-r--r-- | https/testdata/tls_config_noAuth.bad.yml | 8 | ||||
| -rw-r--r-- | https/testdata/tls_config_noAuth.good.blocking.yml | 10 | ||||
| -rw-r--r-- | https/testdata/tls_config_noAuth.good.yml | 10 | ||||
| -rw-r--r-- | https/testdata/tls_config_noAuth_certPath_empty.bad.yml | 6 | ||||
| -rw-r--r-- | https/testdata/tls_config_noAuth_certPath_invalid.bad.yml | 6 | ||||
| -rw-r--r-- | https/testdata/tls_config_noAuth_certPath_keyPath_empty.bad.yml | 6 | ||||
| -rw-r--r-- | https/testdata/tls_config_noAuth_certPath_keyPath_invalid.bad.yml | 6 | ||||
| -rw-r--r-- | https/testdata/tls_config_noAuth_keyPath_empty.bad.yml | 6 | ||||
| -rw-r--r-- | https/testdata/tls_config_noAuth_keyPath_invalid.bad.yml | 6 | ||||
| -rw-r--r-- | https/tls_config.go | 10 | ||||
| -rw-r--r-- | https/web-config.yml | 11 |
14 files changed, 57 insertions, 55 deletions
diff --git a/https/README.md b/https/README.md index d9cb564..946f2cf 100644 --- a/https/README.md +++ b/https/README.md | |||
| @@ -9,16 +9,17 @@ If the config is kept within the https directory. | |||
| 9 | The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy. | 9 | The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy. |
| 10 | 10 | ||
| 11 | ## Sample Config | 11 | ## Sample Config |
| 12 | |||
| 12 | ``` | 13 | ``` |
| 13 | tlsConfig : | 14 | tls_config: |
| 14 | # Certificate and key files for server to use to authenticate to client | 15 | # Certificate and key files for server to use to authenticate to client |
| 15 | tlsCertPath : <filename> | 16 | cert_file: <filename> |
| 16 | tlsKeyPath : <filename> | 17 | key_file: <filename> |
| 17 | 18 | ||
| 18 | # Server policy for client authentication. Maps to ClientAuth Policies | 19 | # Server policy for client authentication. Maps to ClientAuth Policies |
| 19 | # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType) | 20 | # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType) |
| 20 | [ clientAuth : <string> | default = "NoClientCert" ] | 21 | [ client_auth_type: <string> | default = "NoClientCert" ] |
| 21 | 22 | ||
| 22 | # CA certificate for client certificate authentication to the server | 23 | # CA certificate for client certificate authentication to the server |
| 23 | [ clientCAs : <filename> ] | 24 | [ client_ca_file: <filename> ] |
| 24 | ``` | 25 | ``` |
diff --git a/https/testdata/tls_config_auth_clientCAs_invalid.bad.yml b/https/testdata/tls_config_auth_clientCAs_invalid.bad.yml index c34cc4f..742889f 100644 --- a/https/testdata/tls_config_auth_clientCAs_invalid.bad.yml +++ b/https/testdata/tls_config_auth_clientCAs_invalid.bad.yml | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "testdata/server.crt" | 2 | cert_file : "testdata/server.crt" |
| 3 | tlsKeyPath : "testdata/server.key" | 3 | key_file : "testdata/server.key" |
| 4 | clientCAs : "somefile" \ No newline at end of file | 4 | client_ca_file : "somefile" \ No newline at end of file |
diff --git a/https/testdata/tls_config_auth_clientCAs_missing.bad.yml b/https/testdata/tls_config_auth_clientCAs_missing.bad.yml index fc92932..5f172a9 100644 --- a/https/testdata/tls_config_auth_clientCAs_missing.bad.yml +++ b/https/testdata/tls_config_auth_clientCAs_missing.bad.yml | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "testdata/server.crt" | 2 | cert_file : "testdata/server.crt" |
| 3 | tlsKeyPath : "testdata/server.key" | 3 | key_file : "testdata/server.key" |
| 4 | clientAuth : "RequireAndVerifyClientCert" \ No newline at end of file | 4 | client_auth_type : "RequireAndVerifyClientCert" \ No newline at end of file |
diff --git a/https/testdata/tls_config_noAuth.bad.yml b/https/testdata/tls_config_noAuth.bad.yml index f0dd228..afba277 100644 --- a/https/testdata/tls_config_noAuth.bad.yml +++ b/https/testdata/tls_config_noAuth.bad.yml | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "testdata/server.crt" | 2 | cert_file : "testdata/server.crt" |
| 3 | tlsKeyPath : "testdata/server.key" | 3 | key_file : "testdata/server.key" |
| 4 | clientCAs : "testdata/tls-ca-chain.pem" | 4 | client_ca_file : "testdata/tls-ca-chain.pem" |
diff --git a/https/testdata/tls_config_noAuth.good.blocking.yml b/https/testdata/tls_config_noAuth.good.blocking.yml index f567693..3a21424 100644 --- a/https/testdata/tls_config_noAuth.good.blocking.yml +++ b/https/testdata/tls_config_noAuth.good.blocking.yml | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "testdata/server.crt" | 2 | cert_file : "testdata/server.crt" |
| 3 | tlsKeyPath : "testdata/server.key" | 3 | key_file : "testdata/server.key" |
| 4 | clientAuth : "RequireAndVerifyClientCert" | 4 | client_auth_type : "RequireAndVerifyClientCert" |
| 5 | clientCAs: "testdata/tls-ca-chain.pem" \ No newline at end of file | 5 | client_ca_file: "testdata/tls-ca-chain.pem" \ No newline at end of file |
diff --git a/https/testdata/tls_config_noAuth.good.yml b/https/testdata/tls_config_noAuth.good.yml index 76e46cf..d762d8e 100644 --- a/https/testdata/tls_config_noAuth.good.yml +++ b/https/testdata/tls_config_noAuth.good.yml | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "testdata/server.crt" | 2 | cert_file : "testdata/server.crt" |
| 3 | tlsKeyPath : "testdata/server.key" | 3 | key_file : "testdata/server.key" |
| 4 | clientAuth : "VerifyClientCertIfGiven" | 4 | client_auth_type : "VerifyClientCertIfGiven" |
| 5 | clientCAs : "testdata/tls-ca-chain.pem" | 5 | client_ca_file : "testdata/tls-ca-chain.pem" |
diff --git a/https/testdata/tls_config_noAuth_certPath_empty.bad.yml b/https/testdata/tls_config_noAuth_certPath_empty.bad.yml index 39c7abd..f7aaa94 100644 --- a/https/testdata/tls_config_noAuth_certPath_empty.bad.yml +++ b/https/testdata/tls_config_noAuth_certPath_empty.bad.yml | |||
| @@ -1,3 +1,3 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "" | 2 | cert_file : "" |
| 3 | tlsKeyPath : "testdata/server.key" \ No newline at end of file | 3 | key_file : "testdata/server.key" \ No newline at end of file |
diff --git a/https/testdata/tls_config_noAuth_certPath_invalid.bad.yml b/https/testdata/tls_config_noAuth_certPath_invalid.bad.yml index 5bdbd1a..09344f9 100644 --- a/https/testdata/tls_config_noAuth_certPath_invalid.bad.yml +++ b/https/testdata/tls_config_noAuth_certPath_invalid.bad.yml | |||
| @@ -1,3 +1,3 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "somefile" | 2 | cert_file : "somefile" |
| 3 | tlsKeyPath : "testdata/server.key" \ No newline at end of file | 3 | key_file : "testdata/server.key" \ No newline at end of file |
diff --git a/https/testdata/tls_config_noAuth_certPath_keyPath_empty.bad.yml b/https/testdata/tls_config_noAuth_certPath_keyPath_empty.bad.yml index 938e5d6..2ed9195 100644 --- a/https/testdata/tls_config_noAuth_certPath_keyPath_empty.bad.yml +++ b/https/testdata/tls_config_noAuth_certPath_keyPath_empty.bad.yml | |||
| @@ -1,3 +1,3 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "" | 2 | cert_file : "" |
| 3 | tlsKeyPath : "" \ No newline at end of file | 3 | key_file : "" \ No newline at end of file |
diff --git a/https/testdata/tls_config_noAuth_certPath_keyPath_invalid.bad.yml b/https/testdata/tls_config_noAuth_certPath_keyPath_invalid.bad.yml index b93ffd6..972e457 100644 --- a/https/testdata/tls_config_noAuth_certPath_keyPath_invalid.bad.yml +++ b/https/testdata/tls_config_noAuth_certPath_keyPath_invalid.bad.yml | |||
| @@ -1,3 +1,3 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "somefile" | 2 | cert_file : "somefile" |
| 3 | tlsKeyPath : "somefile" \ No newline at end of file | 3 | key_file : "somefile" \ No newline at end of file |
diff --git a/https/testdata/tls_config_noAuth_keyPath_empty.bad.yml b/https/testdata/tls_config_noAuth_keyPath_empty.bad.yml index 424f92f..87a5265 100644 --- a/https/testdata/tls_config_noAuth_keyPath_empty.bad.yml +++ b/https/testdata/tls_config_noAuth_keyPath_empty.bad.yml | |||
| @@ -1,3 +1,3 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "testdata/server.crt" | 2 | cert_file : "testdata/server.crt" |
| 3 | tlsKeyPath : "" \ No newline at end of file | 3 | key_file : "" \ No newline at end of file |
diff --git a/https/testdata/tls_config_noAuth_keyPath_invalid.bad.yml b/https/testdata/tls_config_noAuth_keyPath_invalid.bad.yml index 2625074..b3985f3 100644 --- a/https/testdata/tls_config_noAuth_keyPath_invalid.bad.yml +++ b/https/testdata/tls_config_noAuth_keyPath_invalid.bad.yml | |||
| @@ -1,3 +1,3 @@ | |||
| 1 | tlsConfig : | 1 | tls_config : |
| 2 | tlsCertPath : "testdata/server.cert" | 2 | cert_file : "testdata/server.cert" |
| 3 | tlsKeyPath : "somefile" \ No newline at end of file | 3 | key_file : "somefile" \ No newline at end of file |
diff --git a/https/tls_config.go b/https/tls_config.go index 423c267..7d381b8 100644 --- a/https/tls_config.go +++ b/https/tls_config.go | |||
| @@ -25,14 +25,14 @@ import ( | |||
| 25 | ) | 25 | ) |
| 26 | 26 | ||
| 27 | type Config struct { | 27 | type Config struct { |
| 28 | TLSConfig TLSStruct `yaml:"tlsConfig"` | 28 | TLSConfig TLSStruct `yaml:"tls_config"` |
| 29 | } | 29 | } |
| 30 | 30 | ||
| 31 | type TLSStruct struct { | 31 | type TLSStruct struct { |
| 32 | TLSCertPath string `yaml:"tlsCertPath"` | 32 | TLSCertPath string `yaml:"cert_file"` |
| 33 | TLSKeyPath string `yaml:"tlsKeyPath"` | 33 | TLSKeyPath string `yaml:"key_file"` |
| 34 | ClientAuth string `yaml:"clientAuth"` | 34 | ClientAuth string `yaml:"client_auth_type"` |
| 35 | ClientCAs string `yaml:"clientCAs"` | 35 | ClientCAs string `yaml:"client_ca_file"` |
| 36 | } | 36 | } |
| 37 | 37 | ||
| 38 | func getTLSConfig(configPath string) (*tls.Config, error) { | 38 | func getTLSConfig(configPath string) (*tls.Config, error) { |
diff --git a/https/web-config.yml b/https/web-config.yml index 0f439da..9937291 100644 --- a/https/web-config.yml +++ b/https/web-config.yml | |||
| @@ -1,10 +1,11 @@ | |||
| 1 | tlsConfig : | 1 | tls_config: |
| 2 | # Certificate and key files for server to use to authenticate to client | 2 | # Certificate and key files for server to use to authenticate to client |
| 3 | tlsCertPath : <filename> | 3 | cert_file: <filename> |
| 4 | tlsKeyPath : <filename> | 4 | key_file: <filename> |
| 5 | 5 | ||
| 6 | # Server policy for client authentication. Maps to ClientAuth Policies | 6 | # Server policy for client authentication. Maps to ClientAuth Policies |
| 7 | [ clientAuth : <string> ] | 7 | # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType) |
| 8 | [ client_auth_type: <string> | default = "NoClientCert" ] | ||
| 8 | 9 | ||
| 9 | # CA certificate for client certificate authentication to the server | 10 | # CA certificate for client certificate authentication to the server |
| 10 | [ clientCAs : <filename> ] | 11 | [ client_ca_file: <filename> ] |