mirror of
https://github.com/prometheus/node_exporter.git
synced 2025-01-03 09:57:47 -08:00
Make TLS config consistent with Prometheus (#1685)
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
This commit is contained in:
parent
fa4edd700e
commit
091bed01b0
|
@ -9,16 +9,17 @@ If the config is kept within the https directory.
|
||||||
The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy.
|
The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy.
|
||||||
|
|
||||||
## Sample Config
|
## Sample Config
|
||||||
|
|
||||||
```
|
```
|
||||||
tlsConfig :
|
tls_config:
|
||||||
# Certificate and key files for server to use to authenticate to client
|
# Certificate and key files for server to use to authenticate to client
|
||||||
tlsCertPath : <filename>
|
cert_file: <filename>
|
||||||
tlsKeyPath : <filename>
|
key_file: <filename>
|
||||||
|
|
||||||
# Server policy for client authentication. Maps to ClientAuth Policies
|
# Server policy for client authentication. Maps to ClientAuth Policies
|
||||||
# For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
|
# For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
|
||||||
[ clientAuth : <string> | default = "NoClientCert" ]
|
[ client_auth_type: <string> | default = "NoClientCert" ]
|
||||||
|
|
||||||
# CA certificate for client certificate authentication to the server
|
# CA certificate for client certificate authentication to the server
|
||||||
[ clientCAs : <filename> ]
|
[ client_ca_file: <filename> ]
|
||||||
```
|
```
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : "testdata/server.crt"
|
cert_file : "testdata/server.crt"
|
||||||
tlsKeyPath : "testdata/server.key"
|
key_file : "testdata/server.key"
|
||||||
clientCAs : "somefile"
|
client_ca_file : "somefile"
|
|
@ -1,4 +1,4 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : "testdata/server.crt"
|
cert_file : "testdata/server.crt"
|
||||||
tlsKeyPath : "testdata/server.key"
|
key_file : "testdata/server.key"
|
||||||
clientAuth : "RequireAndVerifyClientCert"
|
client_auth_type : "RequireAndVerifyClientCert"
|
8
https/testdata/tls_config_noAuth.bad.yml
vendored
8
https/testdata/tls_config_noAuth.bad.yml
vendored
|
@ -1,4 +1,4 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : "testdata/server.crt"
|
cert_file : "testdata/server.crt"
|
||||||
tlsKeyPath : "testdata/server.key"
|
key_file : "testdata/server.key"
|
||||||
clientCAs : "testdata/tls-ca-chain.pem"
|
client_ca_file : "testdata/tls-ca-chain.pem"
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : "testdata/server.crt"
|
cert_file : "testdata/server.crt"
|
||||||
tlsKeyPath : "testdata/server.key"
|
key_file : "testdata/server.key"
|
||||||
clientAuth : "RequireAndVerifyClientCert"
|
client_auth_type : "RequireAndVerifyClientCert"
|
||||||
clientCAs: "testdata/tls-ca-chain.pem"
|
client_ca_file: "testdata/tls-ca-chain.pem"
|
10
https/testdata/tls_config_noAuth.good.yml
vendored
10
https/testdata/tls_config_noAuth.good.yml
vendored
|
@ -1,5 +1,5 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : "testdata/server.crt"
|
cert_file : "testdata/server.crt"
|
||||||
tlsKeyPath : "testdata/server.key"
|
key_file : "testdata/server.key"
|
||||||
clientAuth : "VerifyClientCertIfGiven"
|
client_auth_type : "VerifyClientCertIfGiven"
|
||||||
clientCAs : "testdata/tls-ca-chain.pem"
|
client_ca_file : "testdata/tls-ca-chain.pem"
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : ""
|
cert_file : ""
|
||||||
tlsKeyPath : "testdata/server.key"
|
key_file : "testdata/server.key"
|
|
@ -1,3 +1,3 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : "somefile"
|
cert_file : "somefile"
|
||||||
tlsKeyPath : "testdata/server.key"
|
key_file : "testdata/server.key"
|
|
@ -1,3 +1,3 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : ""
|
cert_file : ""
|
||||||
tlsKeyPath : ""
|
key_file : ""
|
|
@ -1,3 +1,3 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : "somefile"
|
cert_file : "somefile"
|
||||||
tlsKeyPath : "somefile"
|
key_file : "somefile"
|
|
@ -1,3 +1,3 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : "testdata/server.crt"
|
cert_file : "testdata/server.crt"
|
||||||
tlsKeyPath : ""
|
key_file : ""
|
|
@ -1,3 +1,3 @@
|
||||||
tlsConfig :
|
tls_config :
|
||||||
tlsCertPath : "testdata/server.cert"
|
cert_file : "testdata/server.cert"
|
||||||
tlsKeyPath : "somefile"
|
key_file : "somefile"
|
|
@ -25,14 +25,14 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
TLSConfig TLSStruct `yaml:"tlsConfig"`
|
TLSConfig TLSStruct `yaml:"tls_config"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type TLSStruct struct {
|
type TLSStruct struct {
|
||||||
TLSCertPath string `yaml:"tlsCertPath"`
|
TLSCertPath string `yaml:"cert_file"`
|
||||||
TLSKeyPath string `yaml:"tlsKeyPath"`
|
TLSKeyPath string `yaml:"key_file"`
|
||||||
ClientAuth string `yaml:"clientAuth"`
|
ClientAuth string `yaml:"client_auth_type"`
|
||||||
ClientCAs string `yaml:"clientCAs"`
|
ClientCAs string `yaml:"client_ca_file"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func getTLSConfig(configPath string) (*tls.Config, error) {
|
func getTLSConfig(configPath string) (*tls.Config, error) {
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
tlsConfig :
|
tls_config:
|
||||||
# Certificate and key files for server to use to authenticate to client
|
# Certificate and key files for server to use to authenticate to client
|
||||||
tlsCertPath : <filename>
|
cert_file: <filename>
|
||||||
tlsKeyPath : <filename>
|
key_file: <filename>
|
||||||
|
|
||||||
# Server policy for client authentication. Maps to ClientAuth Policies
|
# Server policy for client authentication. Maps to ClientAuth Policies
|
||||||
[ clientAuth : <string> ]
|
# For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
|
||||||
|
[ client_auth_type: <string> | default = "NoClientCert" ]
|
||||||
|
|
||||||
# CA certificate for client certificate authentication to the server
|
# CA certificate for client certificate authentication to the server
|
||||||
[ clientCAs : <filename> ]
|
[ client_ca_file: <filename> ]
|
||||||
|
|
Loading…
Reference in a new issue