From 75880b594fc8e39c56efb27d980c2025048d5ac8 Mon Sep 17 00:00:00 2001 From: yklausz Date: Tue, 7 Mar 2017 15:47:40 +0100 Subject: [PATCH] Adding consul capability to connect via tls --- config/config.go | 6 ++++++ config/config_test.go | 8 +++++++- config/testdata/conf.good.yml | 6 ++++++ discovery/consul/consul.go | 13 +++++++++++-- 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/config/config.go b/config/config.go index 93d4c67e41..ac15d9be49 100644 --- a/config/config.go +++ b/config/config.go @@ -245,6 +245,11 @@ func resolveFilepaths(baseDir string, cfg *Config) { mcfg.TLSConfig.CertFile = join(mcfg.TLSConfig.CertFile) mcfg.TLSConfig.KeyFile = join(mcfg.TLSConfig.KeyFile) } + for _, consulcfg := range cfg.ConsulSDConfigs { + consulcfg.TLSConfig.CAFile = join(consulcfg.TLSConfig.CAFile) + consulcfg.TLSConfig.CertFile = join(consulcfg.TLSConfig.CertFile) + consulcfg.TLSConfig.KeyFile = join(consulcfg.TLSConfig.KeyFile) + } } for _, cfg := range cfg.ScrapeConfigs { @@ -823,6 +828,7 @@ type ConsulSDConfig struct { // Defaults to all services if empty. Services []string `yaml:"services"` + TLSConfig TLSConfig `yaml:"tls_config,omitempty"` // Catches all undefined fields and must be empty after parsing. XXX map[string]interface{} `yaml:",inline"` } diff --git a/config/config_test.go b/config/config_test.go index 4be6989b7b..04dcba6d61 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -247,7 +247,13 @@ var expectedConf = &Config{ Server: "localhost:1234", Services: []string{"nginx", "cache", "mysql"}, TagSeparator: DefaultConsulSDConfig.TagSeparator, - Scheme: DefaultConsulSDConfig.Scheme, + Scheme: "https", + TLSConfig: TLSConfig{ + CertFile: "testdata/valid_cert_file", + KeyFile: "testdata/valid_key_file", + CAFile: "testdata/valid_ca_file", + InsecureSkipVerify: false, + }, }, }, }, diff --git a/config/testdata/conf.good.yml b/config/testdata/conf.good.yml index 7fc6161138..05015da9f2 100644 --- a/config/testdata/conf.good.yml +++ b/config/testdata/conf.good.yml @@ -114,6 +114,12 @@ scrape_configs: consul_sd_configs: - server: 'localhost:1234' services: ['nginx', 'cache', 'mysql'] + scheme: https + tls_config: + ca_file: valid_ca_file + cert_file: valid_cert_file + key_file: valid_key_file + insecure_skip_verify: false relabel_configs: - source_labels: [__meta_sd_consul_tags] diff --git a/discovery/consul/consul.go b/discovery/consul/consul.go index 05eac61e84..010f6b3dce 100644 --- a/discovery/consul/consul.go +++ b/discovery/consul/consul.go @@ -16,6 +16,7 @@ package consul import ( "fmt" "net" + "net/http" "strconv" "strings" "time" @@ -24,9 +25,9 @@ import ( "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/common/log" "github.com/prometheus/common/model" - "golang.org/x/net/context" - "github.com/prometheus/prometheus/config" + "github.com/prometheus/prometheus/util/httputil" + "golang.org/x/net/context" ) const ( @@ -92,6 +93,13 @@ type Discovery struct { // NewDiscovery returns a new Discovery for the given config. func NewDiscovery(conf *config.ConsulSDConfig) (*Discovery, error) { + tls, err := httputil.NewTLSConfig(conf.TLSConfig) + if err != nil { + return nil, err + } + transport := &http.Transport{TLSClientConfig: tls} + wrapper := &http.Client{Transport: transport} + clientConf := &consul.Config{ Address: conf.Server, Scheme: conf.Scheme, @@ -101,6 +109,7 @@ func NewDiscovery(conf *config.ConsulSDConfig) (*Discovery, error) { Username: conf.Username, Password: conf.Password, }, + HttpClient: wrapper, } client, err := consul.NewClient(clientConf) if err != nil {