http: implement TLS and InsecureSkipVerify (#58)

author Gerhard Lausser <gerhard.lausser@consol.de>

Sat, 10 Sep 2016 17:42:31 +0000 (19:42 +0200)

committer Brian Brazil <brian-brazil@users.noreply.github.com>

Sat, 10 Sep 2016 17:42:31 +0000 (18:42 +0100)
author Gerhard Lausser <gerhard.lausser@consol.de>
Sat, 10 Sep 2016 17:42:31 +0000 (19:42 +0200)
committer Brian Brazil <brian-brazil@users.noreply.github.com>
Sat, 10 Sep 2016 17:42:31 +0000 (18:42 +0100)
diff --git a/README.md b/README.md

index 809aed256491d82bee3173a9f24ddc7d048ca49a..84780715b92f1606850812347754c7da747a2e50 100644 (file)
--- a/README.md
+++ b/README.md
@@ -43,6 +43,8 @@ modules:
        - "Could not connect to database"
        fail_if_not_matches_regexp:
        - "Download the latest version here"
+      tls_config:
+        insecure_skip_verify: false
    tcp_connect:
      prober: tcp
      timeout: 5s
diff --git a/http.go b/http.go

index c246f5f9eb45dbfcb1f1241d5c6d3753987be2fa..df8ddbadc88b98c68976af2935080db035fc0a99 100644 (file)
--- a/http.go
+++ b/http.go
@@ -62,6 +62,15 @@ func probeHTTP(target string, w http.ResponseWriter, module Module) (success boo
                 Timeout: module.Timeout,
         }
  
+       tlsconfig, err := module.HTTP.TLSConfig.GenerateConfig()
+       if err != nil {
+               log.Errorf("Error generating TLS config: %s", err)
+               return false
+       }
+       client.Transport = &http.Transport{
+               TLSClientConfig: tlsconfig,
+       }
+
         client.CheckRedirect = func(_ *http.Request, via []*http.Request) error {
                 redirects = len(via)
                 if redirects > 10 || config.NoFollowRedirects {
diff --git a/http_test.go b/http_test.go

index cddfe2fb6cdf5c95f048e8d6c309019f6b301364..85877b5f210db9c2e769ce6766c2ed2e9386334f 100644 (file)
--- a/http_test.go
+++ b/http_test.go
@@ -15,6 +15,7 @@ package main
  
  import (
         "fmt"
+       "github.com/prometheus/common/config"
         "net/http"
         "net/http/httptest"
         "strings"
@@ -268,3 +269,60 @@ func TestHTTPHeaders(t *testing.T) {
                 t.Fatalf("Probe failed unexpectedly.")
         }
  }
+
+func TestFailIfSelfSignedCA(t *testing.T) {
+       ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+       }))
+       defer ts.Close()
+
+       recorder := httptest.NewRecorder()
+       result := probeHTTP(ts.URL, recorder,
+               Module{Timeout: time.Second, HTTP: HTTPProbe{
+                       TLSConfig: config.TLSConfig{InsecureSkipVerify: false},
+               }})
+       body := recorder.Body.String()
+       if result {
+               t.Fatalf("Fail if selfsigned CA test suceeded unexpectedly, got %s", body)
+       }
+       if !strings.Contains(body, "probe_http_ssl 0\n") {
+               t.Fatalf("Expected HTTP without SSL because of CA failure, got %s", body)
+       }
+}
+
+func TestSucceedIfSelfSignedCA(t *testing.T) {
+       ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+       }))
+       defer ts.Close()
+
+       recorder := httptest.NewRecorder()
+       result := probeHTTP(ts.URL, recorder,
+               Module{Timeout: time.Second, HTTP: HTTPProbe{
+                       TLSConfig: config.TLSConfig{InsecureSkipVerify: true},
+               }})
+       body := recorder.Body.String()
+       if !result {
+               t.Fatalf("Fail if (not strict) selfsigned CA test fails unexpectedly, got %s", body)
+       }
+       if !strings.Contains(body, "probe_http_ssl 1\n") {
+               t.Fatalf("Expected HTTP with SSL, got %s", body)
+       }
+}
+
+func TestTLSConfigIsIgnoredForPlainHTTP(t *testing.T) {
+       ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+       }))
+       defer ts.Close()
+
+       recorder := httptest.NewRecorder()
+       result := probeHTTP(ts.URL, recorder,
+               Module{Timeout: time.Second, HTTP: HTTPProbe{
+                       TLSConfig: config.TLSConfig{InsecureSkipVerify: false},
+               }})
+       body := recorder.Body.String()
+       if !result {
+               t.Fatalf("Fail if InsecureSkipVerify affects simple http fails unexpectedly, got %s", body)
+       }
+       if !strings.Contains(body, "probe_http_ssl 0\n") {
+               t.Fatalf("Expected HTTP without SSL, got %s", body)
+       }
+}
diff --git a/main.go b/main.go

index b8447d14da5850e73ffa11fad01fee570906d194..db2844cd87e0497ea6de9bd9c56e892d2bfb4551 100644 (file)
--- a/main.go
+++ b/main.go
@@ -58,6 +58,7 @@ type HTTPProbe struct {
         Headers                map[string]string `yaml:"headers"`
         FailIfMatchesRegexp    []string          `yaml:"fail_if_matches_regexp"`
         FailIfNotMatchesRegexp []string          `yaml:"fail_if_not_matches_regexp"`
+       TLSConfig              config.TLSConfig  `yaml:"tls_config"`
  }
  
  type QueryResponse struct {
author	Gerhard Lausser <gerhard.lausser@consol.de>
	Sat, 10 Sep 2016 17:42:31 +0000 (19:42 +0200)
committer	Brian Brazil <brian-brazil@users.noreply.github.com>
	Sat, 10 Sep 2016 17:42:31 +0000 (18:42 +0100)
README.md		patch \| blob \| blame \| history
http.go		patch \| blob \| blame \| history
http_test.go		patch \| blob \| blame \| history
main.go		patch \| blob \| blame \| history