Kubernetes SD config check

2024-11-09 23:24:05 -08:00 · 2015-09-09 13:08:05 +01:00 · 2015-09-09 13:08:05 +01:00 · ec04ba38a2
parent 58c32f84ce
commit ec04ba38a2
2 changed files with 36 additions and 22 deletions
--- a/cmd/promtool/main.go
+++ b/cmd/promtool/main.go
@ -62,6 +62,15 @@ func CheckConfigCmd(t cli.Term, args ...string) int {
 	return 0
 }

+func checkFileExists(fn string) error {
+	// Nothing set, nothing to error on.
+	if fn == "" {
+		return nil
+	}
+	_, err := os.Stat(fn)
+	return err
+}
+
 func checkConfig(t cli.Term, filename string) ([]string, error) {
 	t.Infof("Checking %s", filename)

@ -76,15 +85,6 @@ func checkConfig(t cli.Term, filename string) ([]string, error) {
 		return nil, err
 	}

-	check := func(fn string) error {
-		// Nothing set, nothing to error on.
-		if fn == "" {
-			return nil
-		}
-		_, err := os.Stat(fn)
-		return err
-	}
-
 	var ruleFiles []string
 	for _, rf := range cfg.RuleFiles {
 		rfs, err := filepath.Glob(rf)
@ -96,7 +96,7 @@ func checkConfig(t cli.Term, filename string) ([]string, error) {
 			if len(rfs) == 0 {
 				return nil, fmt.Errorf("%q does not point to an existing file", rf)
 			}
-			if err := check(rfs[0]); err != nil {
+			if err := checkFileExists(rfs[0]); err != nil {
 				return nil, fmt.Errorf("error checking rule file %q: %s", rfs[0], err)
 			}
 		}
@ -104,28 +104,42 @@ func checkConfig(t cli.Term, filename string) ([]string, error) {
 	}

 	for _, scfg := range cfg.ScrapeConfigs {
-		if err := check(scfg.BearerTokenFile); err != nil {
+		if err := checkFileExists(scfg.BearerTokenFile); err != nil {
 			return nil, fmt.Errorf("error checking bearer token file %q: %s", scfg.BearerTokenFile, err)
 		}

-		if err := check(scfg.TLSConfig.CertFile); err != nil {
-			return nil, fmt.Errorf("error checking client cert file %q: %s", scfg.TLSConfig.CertFile, err)
-		}
-		if err := check(scfg.TLSConfig.KeyFile); err != nil {
-			return nil, fmt.Errorf("error checking client key file %q: %s", scfg.TLSConfig.KeyFile, err)
+		if err := checkTLSConfig(scfg.TLSConfig); err != nil {
+			return nil, err
 		}

-		if len(scfg.TLSConfig.CertFile) > 0 && len(scfg.TLSConfig.KeyFile) == 0 {
-			return nil, fmt.Errorf("client cert file %s specified without client key file", scfg.TLSConfig.CertFile)
-		}
-		if len(scfg.TLSConfig.KeyFile) > 0 && len(scfg.TLSConfig.CertFile) == 0 {
-			return nil, fmt.Errorf("client key file %s specified without client cert file", scfg.TLSConfig.KeyFile)
+		for _, kd := range scfg.KubernetesSDConfigs {
+			if err := checkTLSConfig(kd.TLSConfig); err != nil {
+				return nil, err
+			}
 		}
 	}

 	return ruleFiles, nil
 }

+func checkTLSConfig(tlsConfig config.TLSConfig) error {
+	if err := checkFileExists(tlsConfig.CertFile); err != nil {
+		return fmt.Errorf("error checking client cert file %q: %s", tlsConfig.CertFile, err)
+	}
+	if err := checkFileExists(tlsConfig.KeyFile); err != nil {
+		return fmt.Errorf("error checking client key file %q: %s", tlsConfig.KeyFile, err)
+	}
+
+	if len(tlsConfig.CertFile) > 0 && len(tlsConfig.KeyFile) == 0 {
+		return fmt.Errorf("client cert file %q specified without client key file", tlsConfig.CertFile)
+	}
+	if len(tlsConfig.KeyFile) > 0 && len(tlsConfig.CertFile) == 0 {
+		return fmt.Errorf("client key file %q specified without client cert file", tlsConfig.KeyFile)
+	}
+
+	return nil
+}
+
 // CheckRulesCmd validates rule files.
 func CheckRulesCmd(t cli.Term, args ...string) int {
 	if len(args) == 0 {
--- a/config/config.go
+++ b/config/config.go
@ -334,7 +334,7 @@ type ScrapeConfig struct {
 	BearerTokenFile string `yaml:"bearer_token_file,omitempty"`
 	// HTTP proxy server to use to connect to the targets.
 	ProxyURL URL `yaml:"proxy_url,omitempty"`
-	// Inlined TLSConfig.
+	// TLSConfig to use to connect to the targets.
 	TLSConfig TLSConfig `yaml:"tls_config,omitempty"`

 	// List of labeled target groups for this job.