-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to connect to an endpoint that is protected by HTTP authentication and/or SSL Client Certificates #39
base: master
Are you sure you want to change the base?
Conversation
…lient-certificate protected scrape endpoints. Updated test and example to match
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a comment on when we load the auth info.
FWIW, I no longer use HTTP for the exporter and may drop support for it in version 2.
@@ -123,7 +124,30 @@ func getDataHTTP(u *url.URL) ([]byte, error) { | |||
Host: u.Host, | |||
} | |||
|
|||
resp, err := http.DefaultClient.Do(&req) | |||
var client *http.Client | |||
if c.exporter.authConfig.ClientCert != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could load this when we first start the process and exit the process if there is an issue with loading authentication information initially.
Basic idea: pass a configuration file as a new, optional argument. The config file specifies HTTP authentication credentials and/or SSL/TLS authentication certificates. Syntax: YAML
If the config file has been given and there is a client certificate specified in it, then in collector.go a http client with added TLS configuration will be used instead of the http.defaultClient.
If HTTP authentication credentials have been specified, the request will be updated to include these.
From there on everything works as usual/was not changed.
I also added everything necessary to test this: TLS certificates for both server and client, provided an example configuration, updated the nginx config (copy-pasted existing block, added certificate directives), updated the README, and added a README for how to generate certificates so people can generate their own in case of need.