Merge pull request #8512 from roidelapluie/update-common-for-credentials

Update common to support credential types

config/config.go

@@ -618,7 +618,7 @@ func (c *RemoteWriteConfig) UnmarshalYAML(unmarshal func(interface{}) error) err
 	}
 	for header := range c.Headers {
 		if strings.ToLower(header) == "authorization" {
-			return errors.New("authorization header must be changed via the basic_auth, bearer_token, or bearer_token_file parameter")
+			return errors.New("authorization header must be changed via the basic_auth or authorization parameter")
 		}
 		if _, ok := unchangeableHeaders[strings.ToLower(header)]; ok {
 			return errors.Errorf("%s is an unchangeable header", header)

config/config_test.go

@@ -141,7 +141,10 @@ var expectedConf = &Config{
 			Scheme:      DefaultScrapeConfig.Scheme,
 
 			HTTPClientConfig: config.HTTPClientConfig{
-				BearerTokenFile: filepath.FromSlash("testdata/valid_token_file"),
+				Authorization: &config.Authorization{
+					Type:            "Bearer",
+					CredentialsFile: filepath.FromSlash("testdata/valid_token_file"),
+				},
 			},
 
 			ServiceDiscoveryConfigs: discovery.Configs{
@@ -344,7 +347,10 @@ var expectedConf = &Config{
 					KeyFile:  filepath.FromSlash("testdata/valid_key_file"),
 				},
 
-				BearerToken: "mysecret",
+				Authorization: &config.Authorization{
+					Type:        "Bearer",
+					Credentials: "mysecret",
+				},
 			},
 		},
 		{
@@ -603,7 +609,10 @@ var expectedConf = &Config{
 			ServiceDiscoveryConfigs: discovery.Configs{
 				&digitalocean.SDConfig{
 					HTTPClientConfig: config.HTTPClientConfig{
-						BearerToken: "abcdef",
+						Authorization: &config.Authorization{
+							Type:        "Bearer",
+							Credentials: "abcdef",
+						},
 					},
 					Port:            80,
 					RefreshInterval: model.Duration(60 * time.Second),
@@ -665,7 +674,10 @@ var expectedConf = &Config{
 			ServiceDiscoveryConfigs: discovery.Configs{
 				&hetzner.SDConfig{
 					HTTPClientConfig: config.HTTPClientConfig{
-						BearerToken: "abcdef",
+						Authorization: &config.Authorization{
+							Type:        "Bearer",
+							Credentials: "abcdef",
+						},
 					},
 					Port:            80,
 					RefreshInterval: model.Duration(60 * time.Second),
@@ -919,6 +931,9 @@ var expectedErrors = []struct {
 	}, {
 		filename: "kubernetes_bearertoken_basicauth.bad.yml",
 		errMsg:   "at most one of basic_auth, bearer_token & bearer_token_file must be configured",
+	}, {
+		filename: "kubernetes_authorization_basicauth.bad.yml",
+		errMsg:   "at most one of basic_auth & authorization must be configured",
 	}, {
 		filename: "marathon_no_servers.bad.yml",
 		errMsg:   "marathon_sd: must contain at least one Marathon server",
@@ -931,6 +946,9 @@ var expectedErrors = []struct {
 	}, {
 		filename: "marathon_authtoken_bearertoken.bad.yml",
 		errMsg:   "marathon_sd: at most one of bearer_token, bearer_token_file, auth_token & auth_token_file must be configured",
+	}, {
+		filename: "marathon_authtoken_authorization.bad.yml",
+		errMsg:   "marathon_sd: at most one of auth_token, auth_token_file & authorization must be configured",
 	}, {
 		filename: "openstack_role.bad.yml",
 		errMsg:   "unknown OpenStack SD role",
@@ -957,7 +975,7 @@ var expectedErrors = []struct {
 		errMsg:   `x-prometheus-remote-write-version is an unchangeable header`,
 	}, {
 		filename: "remote_write_authorization_header.bad.yml",
-		errMsg:   `authorization header must be changed via the basic_auth, bearer_token, or bearer_token_file parameter`,
+		errMsg:   `authorization header must be changed via the basic_auth or authorization parameter`,
 	}, {
 		filename: "remote_write_url_missing.bad.yml",
 		errMsg:   `url for remote_write is empty`,

config/testdata/conf.good.yml

@@ -79,7 +79,8 @@ scrape_configs:
     replacement:   static
     target_label:  abc
 
-  bearer_token_file: valid_token_file
+  authorization:
+    credentials_file: valid_token_file
 
 
 - job_name: service-x
@@ -158,7 +159,8 @@ scrape_configs:
     cert_file: valid_cert_file
     key_file: valid_key_file
 
-  bearer_token: mysecret
+  authorization:
+    credentials: mysecret
 
 - job_name: service-kubernetes
 
@@ -263,7 +265,8 @@ scrape_configs:
 
 - job_name: digitalocean-droplets
   digitalocean_sd_configs:
-    - bearer_token: abcdef
+    - authorization:
+        credentials: abcdef
 
 - job_name: dockerswarm
   dockerswarm_sd_configs:
@@ -284,7 +287,8 @@ scrape_configs:
 - job_name: hetzner
   hetzner_sd_configs:
     - role: hcloud
-      bearer_token: abcdef
+      authorization:
+        credentials: abcdef
     - role: robot
       basic_auth:
         username: abcdef

config/testdata/kubernetes_authorization_basicauth.bad.yml

@@ -0,0 +1,13 @@
+scrape_configs:
+  - job_name: prometheus
+
+    kubernetes_sd_configs:
+    - role: pod
+      api_server: 'https://localhost:1234'
+
+      authorization:
+          credentials: 1234
+      basic_auth:
+        username: user
+        password: password
+

config/testdata/kubernetes_http_config_without_api_server.bad.yml

@@ -2,4 +2,5 @@ scrape_configs:
   - job_name: prometheus
     kubernetes_sd_configs:
     - role: pod
-      bearer_token: 1234
+      authorization:
+        credentials: 1234

config/testdata/marathon_authtoken_authorization.bad.yml

@@ -0,0 +1,10 @@
+scrape_configs:
+  - job_name: prometheus
+
+    marathon_sd_configs:
+    - servers:
+      - 'https://localhost:1234'
+
+      auth_token: 1234
+      authorization:
+        credentials: 4567

config/testdata/roundtrip.good.yml

@@ -53,7 +53,8 @@ scrape_configs:
       key_file:  valid_key_file
 
   digitalocean_sd_configs:
-    - bearer_token: <secret>
+    - authorization:
+        credentials: <secret>
 
   dockerswarm_sd_configs:
   - host: http://127.0.0.1:2375

discovery/digitalocean/digitalocean.go

@@ -89,7 +89,7 @@ func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	if err != nil {
 		return err
 	}
-	return nil
+	return c.HTTPClientConfig.Validate()
 }
 
 // Discovery periodically performs DigitalOcean requests. It implements

discovery/dockerswarm/dockerswarm.go

@@ -102,7 +102,7 @@ func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	default:
 		return fmt.Errorf("invalid role %s, expected tasks, services, or nodes", c.Role)
 	}
-	return nil
+	return c.HTTPClientConfig.Validate()
 }
 
 // Discovery periodically performs Docker Swarm requests. It implements

discovery/hetzner/hetzner.go

@@ -110,7 +110,7 @@ func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	if c.Role == "" {
 		return errors.New("role missing (one of: robot, hcloud)")
 	}
-	return nil
+	return c.HTTPClientConfig.Validate()
 }
 
 // Discovery periodically performs Hetzner requests. It implements

discovery/marathon/marathon.go

@@ -111,6 +111,9 @@ func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	if (len(c.HTTPClientConfig.BearerToken) > 0 || len(c.HTTPClientConfig.BearerTokenFile) > 0) && (len(c.AuthToken) > 0 || len(c.AuthTokenFile) > 0) {
 		return errors.New("marathon_sd: at most one of bearer_token, bearer_token_file, auth_token & auth_token_file must be configured")
 	}
+	if c.HTTPClientConfig.Authorization != nil && (len(c.AuthToken) > 0 || len(c.AuthTokenFile) > 0) {
+		return errors.New("marathon_sd: at most one of auth_token, auth_token_file & authorization must be configured")
+	}
 	return c.HTTPClientConfig.Validate()
 }
 

docs/configuration/configuration.md

@@ -169,12 +169,16 @@ basic_auth:
   [ password_file: <string> ]
 
 # Sets the `Authorization` header on every scrape request with
-# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
+# the configured credentials.
-[ bearer_token: <secret> ]
+authorization:
-
+  # Sets the authentication type of the request.
-# Sets the `Authorization` header on every scrape request with the bearer token
+  [ type: <string> | default: Bearer ]
-# read from the configured file. It is mutually exclusive with `bearer_token`.
+  # Sets the credentials of the request. It is mutually exclusive with
-[ bearer_token_file: <filename> ]
+  # `credentials_file`.
+  [ credentials: <secret> ]
+  # Sets the credentials of the request with the credentials read from the
+  # configured file. It is mutually exclusive with `credentials`.
+  [ credentials_file: <filename> ]
 
 # Configures the scrape request's TLS settings.
 tls_config:
@@ -436,7 +440,7 @@ The following meta labels are available on targets during [relabeling](#relabel_
 
 ```yaml
 # Authentication information used to authenticate to the API server.
-# Note that `basic_auth`, `bearer_token` and `bearer_token_file` options are
+# Note that `basic_auth` and `authorization` options are
 # mutually exclusive.
 # password and password_file are mutually exclusive.
 
@@ -446,11 +450,16 @@ basic_auth:
   [ password: <secret> ]
   [ password_file: <string> ]
 
-# Optional bearer token authentication information.
+# Optional the `Authorization` header configuration.
-[ bearer_token: <secret> ]
+authorization:
-
+  # Sets the authentication type.
-# Optional bearer token file authentication information.
+  [ type: <string> | default: Bearer ]
-[ bearer_token_file: <filename> ]
+  # Sets the credentials. It is mutually exclusive with
+  # `credentials_file`.
+  [ credentials: <secret> ]
+  # Sets the credentials with the credentials read from the configured file.
+  # It is mutually exclusive with `credentials`.
+  [ credentials_file: <filename> ]
 
 # Optional proxy URL.
 [ proxy_url: <string> ]
@@ -592,7 +601,7 @@ role: <string>
 [ refresh_interval: <duration> | default = 60s ]
 
 # Authentication information used to authenticate to the Docker daemon.
-# Note that `basic_auth`, `bearer_token` and `bearer_token_file` options are
+# Note that `basic_auth` and `authorization` options are
 # mutually exclusive.
 # password and password_file are mutually exclusive.
 
@@ -602,11 +611,16 @@ basic_auth:
   [ password: <secret> ]
   [ password_file: <string> ]
 
-# Optional bearer token authentication information.
+# Optional the `Authorization` header configuration.
-[ bearer_token: <secret> ]
+authorization:
-
+  # Sets the authentication type.
-# Optional bearer token file authentication information.
+  [ type: <string> | default: Bearer ]
-[ bearer_token_file: <filename> ]
+  # Sets the credentials. It is mutually exclusive with
+  # `credentials_file`.
+  [ credentials: <secret> ]
+  # Sets the credentials with the credentials read from the configured file.
+  # It is mutually exclusive with `credentials`.
+  [ credentials_file: <filename> ]
 ```
 
 The [relabeling phase](#relabel_config) is the preferred and more powerful
@@ -989,7 +1003,7 @@ The labels below are only available for targets with `role` set to `robot`:
 role: <string>
 
 # Authentication information used to authenticate to the API server.
-# Note that `basic_auth`, `bearer_token` and `bearer_token_file` options are
+# Note that `basic_auth` and `authorization` options are
 # mutually exclusive.
 # password and password_file are mutually exclusive.
 
@@ -1000,12 +1014,17 @@ basic_auth:
   [ password: <secret> ]
   [ password_file: <string> ]
 
-# Optional bearer token authentication information, required when role is hcloud
+# Optional the `Authorization` header configuration. required when role is
-# Role robot does not support bearer token authentication.
+# hcloud. Role robot does not support bearer token authentication.
-[ bearer_token: <secret> ]
+authorization:
-
+  # Sets the authentication type.
-# Optional bearer token file authentication information.
+  [ type: <string> | default: Bearer ]
-[ bearer_token_file: <filename> ]
+  # Sets the credentials. It is mutually exclusive with
+  # `credentials_file`.
+  [ credentials: <secret> ]
+  # Sets the credentials with the credentials read from the configured file.
+  # It is mutually exclusive with `credentials`.
+  [ credentials_file: <filename> ]
 
 # Optional proxy URL.
 [ proxy_url: <string> ]
@@ -1154,7 +1173,7 @@ See below for the configuration options for Kubernetes discovery:
 role: <string>
 
 # Optional authentication information used to authenticate to the API server.
-# Note that `basic_auth`, `bearer_token` and `bearer_token_file` options are
+# Note that `basic_auth` and `authorization` options are
 # mutually exclusive.
 # password and password_file are mutually exclusive.
 
@@ -1164,11 +1183,16 @@ basic_auth:
   [ password: <secret> ]
   [ password_file: <string> ]
 
-# Optional bearer token authentication information.
+# Optional the `Authorization` header configuration.
-[ bearer_token: <secret> ]
+authorization:
-
+  # Sets the authentication type.
-# Optional bearer token file authentication information.
+  [ type: <string> | default: Bearer ]
-[ bearer_token_file: <filename> ]
+  # Sets the credentials. It is mutually exclusive with
+  # `credentials_file`.
+  [ credentials: <secret> ]
+  # Sets the credentials with the credentials read from the configured file.
+  # It is mutually exclusive with `credentials`.
+  [ credentials_file: <filename> ]
 
 # Optional proxy URL.
 [ proxy_url: <string> ]
@@ -1253,15 +1277,19 @@ basic_auth:
   [ password: <secret> ]
   [ password_file: <string> ]
 
-# Sets the `Authorization` header on every request with
+# Optional the `Authorization` header configuration.
-# the configured bearer token. It is mutually exclusive with `bearer_token_file` and other authentication mechanisms.
+# NOTE: The current version of DC/OS marathon (v1.11.0) does not support
-# NOTE: The current version of DC/OS marathon (v1.11.0) does not support standard Bearer token authentication. Use `auth_token` instead.
+# standard `Authentication` header, use `auth_token` or `auth_token_file`
-[ bearer_token: <string> ]
+# instead.
-
+authorization:
-# Sets the `Authorization` header on every request with the bearer token
+  # Sets the authentication type.
-# read from the configured file. It is mutually exclusive with `bearer_token` and other authentication mechanisms.
+  [ type: <string> | default: Bearer ]
-# NOTE: The current version of DC/OS marathon (v1.11.0) does not support standard Bearer token authentication. Use `auth_token_file` instead.
+  # Sets the credentials. It is mutually exclusive with
-[ bearer_token_file: <filename> ]
+  # `credentials_file`.
+  [ credentials: <secret> ]
+  # Sets the credentials with the credentials read from the configured file.
+  # It is mutually exclusive with `credentials`.
+  [ credentials_file: <filename> ]
 
 # TLS configuration for connecting to marathon servers
 tls_config:
@@ -1447,13 +1475,16 @@ basic_auth:
   [ password: <secret> ]
   [ password_file: <string> ]
 
-# Sets the `Authorization` header on every request with
+# Optional the `Authorization` header configuration.
-# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
+authorization:
-[ bearer_token: <string> ]
+  # Sets the authentication type.
-
+  [ type: <string> | default: Bearer ]
-# Sets the `Authorization` header on every request with the bearer token
+  # Sets the credentials. It is mutually exclusive with
-# read from the configured file. It is mutually exclusive with `bearer_token`.
+  # `credentials_file`.
-[ bearer_token_file: <filename> ]
+  [ credentials: <secret> ]
+  # Sets the credentials with the credentials read from the configured file.
+  # It is mutually exclusive with `credentials`.
+  [ credentials_file: <filename> ]
 
 # Configures the scrape request's TLS settings.
 tls_config:
@@ -1616,13 +1647,16 @@ basic_auth:
   [ password: <secret> ]
   [ password_file: <string> ]
 
-# Sets the `Authorization` header on every request with
+# Optional the `Authorization` header configuration.
-# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
+authorization:
-[ bearer_token: <string> ]
+  # Sets the authentication type.
-
+  [ type: <string> | default: Bearer ]
-# Sets the `Authorization` header on every request with the bearer token
+  # Sets the credentials. It is mutually exclusive with
-# read from the configured file. It is mutually exclusive with `bearer_token`.
+  # `credentials_file`.
-[ bearer_token_file: <filename> ]
+  [ credentials: <secret> ]
+  # Sets the credentials with the credentials read from the configured file.
+  # It is mutually exclusive with `credentials`.
+  [ credentials_file: <filename> ]
 
 # Configures the scrape request's TLS settings.
 tls_config:
@@ -1742,13 +1776,16 @@ basic_auth:
   [ password: <secret> ]
   [ password_file: <string> ]
 
-# Sets the `Authorization` header on every remote write request with
+# Optional the `Authorization` header configuration.
-# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
+authorization:
-[ bearer_token: <string> ]
+  # Sets the authentication type.
-
+  [ type: <string> | default: Bearer ]
-# Sets the `Authorization` header on every remote write request with the bearer token
+  # Sets the credentials. It is mutually exclusive with
-# read from the configured file. It is mutually exclusive with `bearer_token`.
+  # `credentials_file`.
-[ bearer_token_file: <filename> ]
+  [ credentials: <secret> ]
+  # Sets the credentials with the credentials read from the configured file.
+  # It is mutually exclusive with `credentials`.
+  [ credentials_file: <filename> ]
 
 # Configures the remote write request's TLS settings.
 tls_config:
@@ -1825,13 +1862,16 @@ basic_auth:
   [ password: <secret> ]
   [ password_file: <string> ]
 
-# Sets the `Authorization` header on every remote read request with
+# Optional the `Authorization` header configuration.
-# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
+authorization:
-[ bearer_token: <string> ]
+  # Sets the authentication type.
-
+  [ type: <string> | default: Bearer ]
-# Sets the `Authorization` header on every remote read request with the bearer token
+  # Sets the credentials. It is mutually exclusive with
-# read from the configured file. It is mutually exclusive with `bearer_token`.
+  # `credentials_file`.
-[ bearer_token_file: <filename> ]
+  [ credentials: <secret> ]
+  # Sets the credentials with the credentials read from the configured file.
+  # It is mutually exclusive with `credentials`.
+  [ credentials_file: <filename> ]
 
 # Configures the remote read request's TLS settings.
 tls_config:

documentation/examples/prometheus-digitalocean.yml

@@ -12,7 +12,8 @@ scrape_configs:
   - job_name: 'node'
 
     digitalocean_sd_configs:
-      - bearer_token: "<replace with a Personal Access Token>"
+      - authorization:
+          credentials: "<replace with a Personal Access Token>"
     relabel_configs:
       # Only scrape targets that have a tag 'monitoring'.
       - source_labels: [__meta_digitalocean_tags]

documentation/examples/prometheus-hetzner.yml

@@ -12,7 +12,8 @@ scrape_configs:
   - job_name: 'node'
 
     hetzner_sd_configs:
-      - bearer_token: "<replace with a Hetzner Cloud API Token>"
+      - authorization:
+          credentials: "<replace with a Hetzner Cloud API Token>"
         platform: "hcloud"
     relabel_configs:
       # Use the public IPv4 and port 9100 to scrape the target.
@@ -24,7 +25,8 @@ scrape_configs:
   - job_name: 'node_private'
 
     hetzner_sd_configs:
-      - bearer_token: "<replace with a Hetzner Cloud API Token>"
+      - authorization:
+          credentials: "<replace with a Hetzner Cloud API Token>"
         platform: "hcloud"
     relabel_configs:
       # Use the private IPv4 within the Hetzner Cloud Network and port 9100 to scrape the target.

documentation/examples/prometheus-kubernetes.yml

@@ -25,7 +25,7 @@ scrape_configs:
   # `http`.
   scheme: https
 
-  # This TLS & bearer token file config is used to connect to the actual scrape
+  # This TLS & authorization config is used to connect to the actual scrape
   # endpoints for cluster components. This is separate to discovery auth
   # configuration because discovery & scraping are two separate concerns in
   # Prometheus. The discovery auth config is automatic if Prometheus runs inside
@@ -40,7 +40,8 @@ scrape_configs:
     # disable certificate verification by uncommenting the line below.
     #
     # insecure_skip_verify: true
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+  authorization:
+    credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token
 
   # Keep only the default/kubernetes service endpoints for the https port. This
   # will add targets for each API server which Kubernetes adds an endpoint to
@@ -62,7 +63,7 @@ scrape_configs:
   # `http`.
   scheme: https
 
-  # This TLS & bearer token file config is used to connect to the actual scrape
+  # This TLS & authorization config is used to connect to the actual scrape
   # endpoints for cluster components. This is separate to discovery auth
   # configuration because discovery & scraping are two separate concerns in
   # Prometheus. The discovery auth config is automatic if Prometheus runs inside
@@ -77,7 +78,8 @@ scrape_configs:
     # disable certificate verification by uncommenting the line below.
     #
     # insecure_skip_verify: true
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+  authorization:
+    credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token
 
   kubernetes_sd_configs:
   - role: node
@@ -112,7 +114,7 @@ scrape_configs:
   # are used.
   metrics_path: /metrics/cadvisor
 
-  # This TLS & bearer token file config is used to connect to the actual scrape
+  # This TLS & authorization config is used to connect to the actual scrape
   # endpoints for cluster components. This is separate to discovery auth
   # configuration because discovery & scraping are two separate concerns in
   # Prometheus. The discovery auth config is automatic if Prometheus runs inside
@@ -127,7 +129,8 @@ scrape_configs:
     # disable certificate verification by uncommenting the line below.
     #
     # insecure_skip_verify: true
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+  authorization:
+    credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token
 
   kubernetes_sd_configs:
   - role: node

go.mod

@@ -48,7 +48,7 @@ require (
 	github.com/prometheus/alertmanager v0.21.0
 	github.com/prometheus/client_golang v1.9.0
 	github.com/prometheus/client_model v0.2.0
-	github.com/prometheus/common v0.15.0
+	github.com/prometheus/common v0.17.0
 	github.com/prometheus/exporter-toolkit v0.5.1
 	github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749
 	github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546

go.sum

@@ -715,6 +715,8 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.15.0 h1:4fgOnadei3EZvgRwxJ7RMpG1k1pOZth5Pc13tyspaKM=
 github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
+github.com/prometheus/common v0.17.0 h1:kDIZLI74SS+3tedSvEkykgBkD7txMxaJAPj8DtJUKYA=
+github.com/prometheus/common v0.17.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
 github.com/prometheus/exporter-toolkit v0.5.1 h1:9eqgis5er9xN613ZSADjypCJaDGj9ZlcWBvsIHa8/3c=
 github.com/prometheus/exporter-toolkit v0.5.1/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=