Ability to connect to an endpoint that is protected by HTTP authentication and/or SSL Client Certificates #39
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
December 25, 2019 21:38
…lient-certificate protected scrape endpoints. Updated test and example to match
golangcibot
reviewed
Dec 25, 2019
golangcibot
reviewed
Dec 25, 2019
added 2 commits
December 25, 2019 22:18
bakins
reviewed
Dec 30, 2019
Owner
bakins
left a comment
bakins
left a comment
There was a problem hiding this comment.
Left a comment on when we load the auth info.
FWIW, I no longer use HTTP for the exporter and may drop support for it in version 2.
|
|
||
| resp, err := http.DefaultClient.Do(&req) | ||
| var client *http.Client | ||
| if c.exporter.authConfig.ClientCert != "" { |
Owner
There was a problem hiding this comment.
We could load this when we first start the process and exit the process if there is an issue with loading authentication information initially.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Basic idea: pass a configuration file as a new, optional argument. The config file specifies HTTP authentication credentials and/or SSL/TLS authentication certificates. Syntax: YAML
If the config file has been given and there is a client certificate specified in it, then in collector.go a http client with added TLS configuration will be used instead of the http.defaultClient.
If HTTP authentication credentials have been specified, the request will be updated to include these.
From there on everything works as usual/was not changed.
I also added everything necessary to test this: TLS certificates for both server and client, provided an example configuration, updated the nginx config (copy-pasted existing block, added certificate directives), updated the README, and added a README for how to generate certificates so people can generate their own in case of need.