diff --git a/cmd/prometheus/main.go b/cmd/prometheus/main.go index 07a9381db..c6d30ebb9 100644 --- a/cmd/prometheus/main.go +++ b/cmd/prometheus/main.go @@ -46,8 +46,8 @@ import ( "github.com/prometheus/common/promlog" promlogflag "github.com/prometheus/common/promlog/flag" "github.com/prometheus/common/version" - "github.com/prometheus/exporter-toolkit/https" - httpsflag "github.com/prometheus/exporter-toolkit/https/kingpinflag" + toolkit_web "github.com/prometheus/exporter-toolkit/web" + toolkit_webflag "github.com/prometheus/exporter-toolkit/web/kingpinflag" jcfg "github.com/uber/jaeger-client-go/config" jprom "github.com/uber/jaeger-lib/metrics/prometheus" "go.uber.org/atomic" @@ -153,7 +153,7 @@ func main() { a.Flag("web.listen-address", "Address to listen on for UI, API, and telemetry."). Default("0.0.0.0:9090").StringVar(&cfg.web.ListenAddress) - httpsConfig := httpsflag.AddFlags(a) + webConfig := toolkit_webflag.AddFlags(a) a.Flag("web.read-timeout", "Maximum duration before timing out read of the request, and closing idle connections."). @@ -568,7 +568,7 @@ func main() { os.Exit(1) } - err = https.Validate(*httpsConfig) + err = toolkit_web.Validate(*webConfig) if err != nil { level.Error(logger).Log("msg", "Unable to validate web configuration file", "err", err) os.Exit(1) @@ -788,7 +788,7 @@ func main() { // Web handler. g.Add( func() error { - if err := webHandler.Run(ctxWeb, listener, *httpsConfig); err != nil { + if err := webHandler.Run(ctxWeb, listener, *webConfig); err != nil { return errors.Wrapf(err, "error starting web server") } return nil diff --git a/cmd/promtool/main.go b/cmd/promtool/main.go index 1a13c537e..631b8d40a 100644 --- a/cmd/promtool/main.go +++ b/cmd/promtool/main.go @@ -37,7 +37,7 @@ import ( config_util "github.com/prometheus/common/config" "github.com/prometheus/common/model" "github.com/prometheus/common/version" - "github.com/prometheus/exporter-toolkit/https" + "github.com/prometheus/exporter-toolkit/web" "gopkg.in/alecthomas/kingpin.v2" "github.com/prometheus/prometheus/config" @@ -249,7 +249,7 @@ func CheckWebConfig(files ...string) int { failed := false for _, f := range files { - if err := https.Validate(f); err != nil { + if err := web.Validate(f); err != nil { fmt.Fprintln(os.Stderr, f, "FAILED:", err) failed = true continue diff --git a/go.mod b/go.mod index b6f41c170..dafadc3cc 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( github.com/prometheus/client_golang v1.9.0 github.com/prometheus/client_model v0.2.0 github.com/prometheus/common v0.15.0 - github.com/prometheus/exporter-toolkit v0.4.0 + github.com/prometheus/exporter-toolkit v0.5.0 github.com/samuel/go-zookeeper v0.0.0-20201211165307-7117e9ea2414 github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749 github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546 diff --git a/go.sum b/go.sum index 238d8cdf8..c0c555dbe 100644 --- a/go.sum +++ b/go.sum @@ -711,8 +711,8 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.15.0 h1:4fgOnadei3EZvgRwxJ7RMpG1k1pOZth5Pc13tyspaKM= github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/exporter-toolkit v0.4.0 h1:O7Bw+ZKEMzW7vD10IuVF70b8EE4JIG7BvHFj9UKz49g= -github.com/prometheus/exporter-toolkit v0.4.0/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg= +github.com/prometheus/exporter-toolkit v0.5.0 h1:GwrxhCviqOl8Mm0vKqkh7Xy54m+FPlHEJacFs48M3gY= +github.com/prometheus/exporter-toolkit v0.5.0/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= diff --git a/vendor/github.com/prometheus/exporter-toolkit/https/README.md b/vendor/github.com/prometheus/exporter-toolkit/https/README.md deleted file mode 100644 index e6c9896f1..000000000 --- a/vendor/github.com/prometheus/exporter-toolkit/https/README.md +++ /dev/null @@ -1,81 +0,0 @@ -# HTTPS Package for Prometheus - -The `https` directory contains a Go package and a sample configuration file for -running `node_exporter` with HTTPS instead of HTTP. We currently support TLS 1.3 -and TLS 1.2. - -To run a server with TLS, use the flag `--web.config`. - -e.g. `./node_exporter --web.config="web-config.yml"` -If the config is kept within the https directory. - -The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy. - -## Sample Config - -``` -tls_server_config: - # Certificate and key files for server to use to authenticate to client. - cert_file: - key_file: - - # Server policy for client authentication. Maps to ClientAuth Policies. - # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType) - [ client_auth_type: | default = "NoClientCert" ] - - # CA certificate for client certificate authentication to the server. - [ client_ca_file: ] - - # Minimum TLS version that is acceptable. - [ min_version: | default = "TLS12" ] - - # Maximum TLS version that is acceptable. - [ max_version: | default = "TLS13" ] - - # List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - # Go default cipher suites are used. Available cipher suites are documented - # in the go documentation: - # https://golang.org/pkg/crypto/tls/#pkg-constants - [ cipher_suites: - [ - ] ] - - # prefer_server_cipher_suites controls whether the server selects the - # client's most preferred ciphersuite, or the server's most preferred - # ciphersuite. If true then the server's preference, as expressed in - # the order of elements in cipher_suites, is used. - [ prefer_server_cipher_suites: | default = true ] - - # Elliptic curves that will be used in an ECDHE handshake, in preference - # order. Available curves are documented in the go documentation: - # https://golang.org/pkg/crypto/tls/#CurveID - [ curve_preferences: - [ - ] ] - -http_server_config: - # Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. - # This can not be changed on the fly. - [ http2: | default = true ] - -# Usernames and hashed passwords that have full access to the web -# server via basic authentication. If empty, no basic authentication is -# required. Passwords are hashed with bcrypt. -basic_auth_users: - [ : ... ] -``` - -## About bcrypt - -There are several tools out there to generate bcrypt passwords, e.g. -[htpasswd](https://httpd.apache.org/docs/2.4/programs/htpasswd.html): - -`htpasswd -nBC 10 "" | tr -d ':\n'` - -That command will prompt you for a password and output the hashed password, -which will look something like: -`$2y$10$X0h1gDsPszWURQaxFh.zoubFi6DXncSjhoQNJgRrnGs7EsimhC7zG` - -The cost (10 in the example) influences the time it takes for computing the -hash. A higher cost will en up slowing down the authentication process. -Depending on the machine, a cost of 10 will take about ~70ms where a cost of -18 can take up to a few seconds. That hash will be computed on every -password-protected request. diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/README.md b/vendor/github.com/prometheus/exporter-toolkit/web/README.md new file mode 100644 index 000000000..1e16644be --- /dev/null +++ b/vendor/github.com/prometheus/exporter-toolkit/web/README.md @@ -0,0 +1,10 @@ +# web package + +This package can be used by Prometheus exporters to enable TLS and +authentication. + +We actively encourage the community to use this repository, to provide a +consistent experience across the ecosystem. + +Developers documentation can be found on +[pkg.go.dev](https://pkg.go.dev/github.com/prometheus/exporter-toolkit/). diff --git a/vendor/github.com/prometheus/exporter-toolkit/https/kingpinflag/flag.go b/vendor/github.com/prometheus/exporter-toolkit/web/kingpinflag/flag.go similarity index 100% rename from vendor/github.com/prometheus/exporter-toolkit/https/kingpinflag/flag.go rename to vendor/github.com/prometheus/exporter-toolkit/web/kingpinflag/flag.go diff --git a/vendor/github.com/prometheus/exporter-toolkit/https/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go similarity index 96% rename from vendor/github.com/prometheus/exporter-toolkit/https/tls_config.go rename to vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go index 192e5338a..2f244a512 100644 --- a/vendor/github.com/prometheus/exporter-toolkit/https/tls_config.go +++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go @@ -11,8 +11,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package https allows the implementation of TLS. -package https +package web import ( "crypto/tls" @@ -174,9 +173,9 @@ func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error) { return cfg, nil } -// Listen starts the server on the given address. Based on the file +// ListenAndServe starts the server on the given address. Based on the file // tlsConfigPath, TLS or basic auth could be enabled. -func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error { +func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error { listener, err := net.Listen("tcp", server.Addr) if err != nil { return err @@ -341,3 +340,11 @@ func (tv *tlsVersion) MarshalYAML() (interface{}, error) { } return fmt.Sprintf("%v", tv), nil } + +// Listen starts the server on the given address. Based on the file +// tlsConfigPath, TLS or basic auth could be enabled. +// +// Deprecated: Use ListenAndServe instead. +func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error { + return ListenAndServe(server, tlsConfigPath, logger) +} diff --git a/vendor/github.com/prometheus/exporter-toolkit/https/users.go b/vendor/github.com/prometheus/exporter-toolkit/web/users.go similarity index 99% rename from vendor/github.com/prometheus/exporter-toolkit/https/users.go rename to vendor/github.com/prometheus/exporter-toolkit/web/users.go index 317b0e4f8..7b9cd6a2a 100644 --- a/vendor/github.com/prometheus/exporter-toolkit/https/users.go +++ b/vendor/github.com/prometheus/exporter-toolkit/web/users.go @@ -11,7 +11,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package https +package web import ( "net/http" diff --git a/vendor/github.com/prometheus/exporter-toolkit/https/web-config.yml b/vendor/github.com/prometheus/exporter-toolkit/web/web-config.yml similarity index 100% rename from vendor/github.com/prometheus/exporter-toolkit/https/web-config.yml rename to vendor/github.com/prometheus/exporter-toolkit/web/web-config.yml diff --git a/vendor/modules.txt b/vendor/modules.txt index fbcb0543d..ff31f22fd 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -395,10 +395,10 @@ github.com/prometheus/common/promlog/flag github.com/prometheus/common/route github.com/prometheus/common/server github.com/prometheus/common/version -# github.com/prometheus/exporter-toolkit v0.4.0 +# github.com/prometheus/exporter-toolkit v0.5.0 ## explicit -github.com/prometheus/exporter-toolkit/https -github.com/prometheus/exporter-toolkit/https/kingpinflag +github.com/prometheus/exporter-toolkit/web +github.com/prometheus/exporter-toolkit/web/kingpinflag # github.com/prometheus/procfs v0.2.0 github.com/prometheus/procfs github.com/prometheus/procfs/internal/fs diff --git a/web/web.go b/web/web.go index 2160e5b4d..c780612f0 100644 --- a/web/web.go +++ b/web/web.go @@ -50,7 +50,7 @@ import ( "github.com/prometheus/common/model" "github.com/prometheus/common/route" "github.com/prometheus/common/server" - "github.com/prometheus/exporter-toolkit/https" + toolkit_web "github.com/prometheus/exporter-toolkit/web" "go.uber.org/atomic" "golang.org/x/net/netutil" @@ -544,7 +544,7 @@ func (h *Handler) Listener() (net.Listener, error) { } // Run serves the HTTP endpoints. -func (h *Handler) Run(ctx context.Context, listener net.Listener, httpsConfig string) error { +func (h *Handler) Run(ctx context.Context, listener net.Listener, webConfig string) error { if listener == nil { var err error listener, err = h.Listener() @@ -580,7 +580,7 @@ func (h *Handler) Run(ctx context.Context, listener net.Listener, httpsConfig st errCh := make(chan error) go func() { - errCh <- https.Serve(listener, httpSrv, httpsConfig, h.logger) + errCh <- toolkit_web.Serve(listener, httpSrv, webConfig, h.logger) }() select {