From 28ac5c58551b5d241dfeca5948b1110e3f76c632 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Wed, 13 Jan 2021 21:53:54 +0100 Subject: [PATCH] Update exporter-toolkit to 0.5.0 The exporter-toolkit has a new release that renames the https package to web to make it more meaningful. Signed-off-by: Julien Pivotto --- go.mod | 2 +- go.sum | 4 +- main.go | 8 +- .../exporter-toolkit/https/README.md | 81 ------------------- .../prometheus/exporter-toolkit/web/README.md | 10 +++ .../{https => web}/kingpinflag/flag.go | 0 .../{https => web}/tls_config.go | 15 +++- .../exporter-toolkit/{https => web}/users.go | 2 +- .../{https => web}/web-config.yml | 0 vendor/modules.txt | 6 +- 10 files changed, 32 insertions(+), 96 deletions(-) delete mode 100644 vendor/github.com/prometheus/exporter-toolkit/https/README.md create mode 100644 vendor/github.com/prometheus/exporter-toolkit/web/README.md rename vendor/github.com/prometheus/exporter-toolkit/{https => web}/kingpinflag/flag.go (100%) rename vendor/github.com/prometheus/exporter-toolkit/{https => web}/tls_config.go (96%) rename vendor/github.com/prometheus/exporter-toolkit/{https => web}/users.go (99%) rename vendor/github.com/prometheus/exporter-toolkit/{https => web}/web-config.yml (100%) diff --git a/go.mod b/go.mod index 80f7afe..2c747f2 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/prometheus/client_golang v1.7.1 github.com/prometheus/client_model v0.2.0 github.com/prometheus/common v0.15.0 - github.com/prometheus/exporter-toolkit v0.4.0 + github.com/prometheus/exporter-toolkit v0.5.0 golang.org/x/net v0.0.0-20200625001655-4c5254603344 gopkg.in/alecthomas/kingpin.v2 v2.2.6 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 diff --git a/go.sum b/go.sum index 30ffdcb..ea15eb4 100644 --- a/go.sum +++ b/go.sum @@ -241,8 +241,8 @@ github.com/prometheus/common v0.10.0 h1:RyRA7RzGXQZiW+tGMr7sxa85G1z0yOpM1qq5c8lN github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.15.0 h1:4fgOnadei3EZvgRwxJ7RMpG1k1pOZth5Pc13tyspaKM= github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/exporter-toolkit v0.4.0 h1:O7Bw+ZKEMzW7vD10IuVF70b8EE4JIG7BvHFj9UKz49g= -github.com/prometheus/exporter-toolkit v0.4.0/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg= +github.com/prometheus/exporter-toolkit v0.5.0 h1:GwrxhCviqOl8Mm0vKqkh7Xy54m+FPlHEJacFs48M3gY= +github.com/prometheus/exporter-toolkit v0.5.0/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= diff --git a/main.go b/main.go index 69839bf..af1279d 100644 --- a/main.go +++ b/main.go @@ -39,8 +39,8 @@ import ( "github.com/prometheus/common/promlog" "github.com/prometheus/common/promlog/flag" "github.com/prometheus/common/version" - "github.com/prometheus/exporter-toolkit/https" - httpsflag "github.com/prometheus/exporter-toolkit/https/kingpinflag" + "github.com/prometheus/exporter-toolkit/web" + webflag "github.com/prometheus/exporter-toolkit/web/kingpinflag" "gopkg.in/alecthomas/kingpin.v2" "gopkg.in/yaml.v3" @@ -54,7 +54,7 @@ var ( } configFile = kingpin.Flag("config.file", "Blackbox exporter configuration file.").Default("blackbox.yml").String() - httpsConfig = httpsflag.AddFlags(kingpin.CommandLine) + webConfig = webflag.AddFlags(kingpin.CommandLine) listenAddress = kingpin.Flag("web.listen-address", "The address to listen on for HTTP requests.").Default(":9115").String() timeoutOffset = kingpin.Flag("timeout-offset", "Offset to subtract from timeout in seconds.").Default("0.5").Float64() configCheck = kingpin.Flag("config.check", "If true validate the config file and then exit.").Default().Bool() @@ -379,7 +379,7 @@ func run() int { go func() { level.Info(logger).Log("msg", "Listening on address", "address", *listenAddress) - if err := https.Listen(srv, *httpsConfig, logger); err != http.ErrServerClosed { + if err := web.ListenAndServe(srv, *webConfig, logger); err != http.ErrServerClosed { level.Error(logger).Log("msg", "Error starting HTTP server", "err", err) close(srvc) } diff --git a/vendor/github.com/prometheus/exporter-toolkit/https/README.md b/vendor/github.com/prometheus/exporter-toolkit/https/README.md deleted file mode 100644 index e6c9896..0000000 --- a/vendor/github.com/prometheus/exporter-toolkit/https/README.md +++ /dev/null @@ -1,81 +0,0 @@ -# HTTPS Package for Prometheus - -The `https` directory contains a Go package and a sample configuration file for -running `node_exporter` with HTTPS instead of HTTP. We currently support TLS 1.3 -and TLS 1.2. - -To run a server with TLS, use the flag `--web.config`. - -e.g. `./node_exporter --web.config="web-config.yml"` -If the config is kept within the https directory. - -The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy. - -## Sample Config - -``` -tls_server_config: - # Certificate and key files for server to use to authenticate to client. - cert_file: - key_file: - - # Server policy for client authentication. Maps to ClientAuth Policies. - # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType) - [ client_auth_type: | default = "NoClientCert" ] - - # CA certificate for client certificate authentication to the server. - [ client_ca_file: ] - - # Minimum TLS version that is acceptable. - [ min_version: | default = "TLS12" ] - - # Maximum TLS version that is acceptable. - [ max_version: | default = "TLS13" ] - - # List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - # Go default cipher suites are used. Available cipher suites are documented - # in the go documentation: - # https://golang.org/pkg/crypto/tls/#pkg-constants - [ cipher_suites: - [ - ] ] - - # prefer_server_cipher_suites controls whether the server selects the - # client's most preferred ciphersuite, or the server's most preferred - # ciphersuite. If true then the server's preference, as expressed in - # the order of elements in cipher_suites, is used. - [ prefer_server_cipher_suites: | default = true ] - - # Elliptic curves that will be used in an ECDHE handshake, in preference - # order. Available curves are documented in the go documentation: - # https://golang.org/pkg/crypto/tls/#CurveID - [ curve_preferences: - [ - ] ] - -http_server_config: - # Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. - # This can not be changed on the fly. - [ http2: | default = true ] - -# Usernames and hashed passwords that have full access to the web -# server via basic authentication. If empty, no basic authentication is -# required. Passwords are hashed with bcrypt. -basic_auth_users: - [ : ... ] -``` - -## About bcrypt - -There are several tools out there to generate bcrypt passwords, e.g. -[htpasswd](https://httpd.apache.org/docs/2.4/programs/htpasswd.html): - -`htpasswd -nBC 10 "" | tr -d ':\n'` - -That command will prompt you for a password and output the hashed password, -which will look something like: -`$2y$10$X0h1gDsPszWURQaxFh.zoubFi6DXncSjhoQNJgRrnGs7EsimhC7zG` - -The cost (10 in the example) influences the time it takes for computing the -hash. A higher cost will en up slowing down the authentication process. -Depending on the machine, a cost of 10 will take about ~70ms where a cost of -18 can take up to a few seconds. That hash will be computed on every -password-protected request. diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/README.md b/vendor/github.com/prometheus/exporter-toolkit/web/README.md new file mode 100644 index 0000000..1e16644 --- /dev/null +++ b/vendor/github.com/prometheus/exporter-toolkit/web/README.md @@ -0,0 +1,10 @@ +# web package + +This package can be used by Prometheus exporters to enable TLS and +authentication. + +We actively encourage the community to use this repository, to provide a +consistent experience across the ecosystem. + +Developers documentation can be found on +[pkg.go.dev](https://pkg.go.dev/github.com/prometheus/exporter-toolkit/). diff --git a/vendor/github.com/prometheus/exporter-toolkit/https/kingpinflag/flag.go b/vendor/github.com/prometheus/exporter-toolkit/web/kingpinflag/flag.go similarity index 100% rename from vendor/github.com/prometheus/exporter-toolkit/https/kingpinflag/flag.go rename to vendor/github.com/prometheus/exporter-toolkit/web/kingpinflag/flag.go diff --git a/vendor/github.com/prometheus/exporter-toolkit/https/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go similarity index 96% rename from vendor/github.com/prometheus/exporter-toolkit/https/tls_config.go rename to vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go index 192e533..2f244a5 100644 --- a/vendor/github.com/prometheus/exporter-toolkit/https/tls_config.go +++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go @@ -11,8 +11,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package https allows the implementation of TLS. -package https +package web import ( "crypto/tls" @@ -174,9 +173,9 @@ func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error) { return cfg, nil } -// Listen starts the server on the given address. Based on the file +// ListenAndServe starts the server on the given address. Based on the file // tlsConfigPath, TLS or basic auth could be enabled. -func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error { +func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error { listener, err := net.Listen("tcp", server.Addr) if err != nil { return err @@ -341,3 +340,11 @@ func (tv *tlsVersion) MarshalYAML() (interface{}, error) { } return fmt.Sprintf("%v", tv), nil } + +// Listen starts the server on the given address. Based on the file +// tlsConfigPath, TLS or basic auth could be enabled. +// +// Deprecated: Use ListenAndServe instead. +func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error { + return ListenAndServe(server, tlsConfigPath, logger) +} diff --git a/vendor/github.com/prometheus/exporter-toolkit/https/users.go b/vendor/github.com/prometheus/exporter-toolkit/web/users.go similarity index 99% rename from vendor/github.com/prometheus/exporter-toolkit/https/users.go rename to vendor/github.com/prometheus/exporter-toolkit/web/users.go index 317b0e4..7b9cd6a 100644 --- a/vendor/github.com/prometheus/exporter-toolkit/https/users.go +++ b/vendor/github.com/prometheus/exporter-toolkit/web/users.go @@ -11,7 +11,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package https +package web import ( "net/http" diff --git a/vendor/github.com/prometheus/exporter-toolkit/https/web-config.yml b/vendor/github.com/prometheus/exporter-toolkit/web/web-config.yml similarity index 100% rename from vendor/github.com/prometheus/exporter-toolkit/https/web-config.yml rename to vendor/github.com/prometheus/exporter-toolkit/web/web-config.yml diff --git a/vendor/modules.txt b/vendor/modules.txt index 15dc4b1..6d071a9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -42,9 +42,9 @@ github.com/prometheus/common/model github.com/prometheus/common/promlog github.com/prometheus/common/promlog/flag github.com/prometheus/common/version -# github.com/prometheus/exporter-toolkit v0.4.0 -github.com/prometheus/exporter-toolkit/https -github.com/prometheus/exporter-toolkit/https/kingpinflag +# github.com/prometheus/exporter-toolkit v0.5.0 +github.com/prometheus/exporter-toolkit/web +github.com/prometheus/exporter-toolkit/web/kingpinflag # github.com/prometheus/procfs v0.1.3 github.com/prometheus/procfs github.com/prometheus/procfs/internal/fs -- 2.25.1