Make TLS config consistent with Prometheus (#1685)

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
This commit is contained in:
Julien Pivotto 2020-04-25 13:42:45 +02:00 committed by GitHub
parent fa4edd700e
commit 091bed01b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 57 additions and 55 deletions

View File

@ -9,16 +9,17 @@ If the config is kept within the https directory.
The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy.
## Sample Config
```
tlsConfig :
tls_config:
# Certificate and key files for server to use to authenticate to client
tlsCertPath : <filename>
tlsKeyPath : <filename>
cert_file: <filename>
key_file: <filename>
# Server policy for client authentication. Maps to ClientAuth Policies
# For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
[ clientAuth : <string> | default = "NoClientCert" ]
[ client_auth_type: <string> | default = "NoClientCert" ]
# CA certificate for client certificate authentication to the server
[ clientCAs : <filename> ]
[ client_ca_file: <filename> ]
```

View File

@ -1,4 +1,4 @@
tlsConfig :
tlsCertPath : "testdata/server.crt"
tlsKeyPath : "testdata/server.key"
clientCAs : "somefile"
tls_config :
cert_file : "testdata/server.crt"
key_file : "testdata/server.key"
client_ca_file : "somefile"

View File

@ -1,4 +1,4 @@
tlsConfig :
tlsCertPath : "testdata/server.crt"
tlsKeyPath : "testdata/server.key"
clientAuth : "RequireAndVerifyClientCert"
tls_config :
cert_file : "testdata/server.crt"
key_file : "testdata/server.key"
client_auth_type : "RequireAndVerifyClientCert"

View File

@ -1,4 +1,4 @@
tlsConfig :
tlsCertPath : "testdata/server.crt"
tlsKeyPath : "testdata/server.key"
clientCAs : "testdata/tls-ca-chain.pem"
tls_config :
cert_file : "testdata/server.crt"
key_file : "testdata/server.key"
client_ca_file : "testdata/tls-ca-chain.pem"

View File

@ -1,5 +1,5 @@
tlsConfig :
tlsCertPath : "testdata/server.crt"
tlsKeyPath : "testdata/server.key"
clientAuth : "RequireAndVerifyClientCert"
clientCAs: "testdata/tls-ca-chain.pem"
tls_config :
cert_file : "testdata/server.crt"
key_file : "testdata/server.key"
client_auth_type : "RequireAndVerifyClientCert"
client_ca_file: "testdata/tls-ca-chain.pem"

View File

@ -1,5 +1,5 @@
tlsConfig :
tlsCertPath : "testdata/server.crt"
tlsKeyPath : "testdata/server.key"
clientAuth : "VerifyClientCertIfGiven"
clientCAs : "testdata/tls-ca-chain.pem"
tls_config :
cert_file : "testdata/server.crt"
key_file : "testdata/server.key"
client_auth_type : "VerifyClientCertIfGiven"
client_ca_file : "testdata/tls-ca-chain.pem"

View File

@ -1,3 +1,3 @@
tlsConfig :
tlsCertPath : ""
tlsKeyPath : "testdata/server.key"
tls_config :
cert_file : ""
key_file : "testdata/server.key"

View File

@ -1,3 +1,3 @@
tlsConfig :
tlsCertPath : "somefile"
tlsKeyPath : "testdata/server.key"
tls_config :
cert_file : "somefile"
key_file : "testdata/server.key"

View File

@ -1,3 +1,3 @@
tlsConfig :
tlsCertPath : ""
tlsKeyPath : ""
tls_config :
cert_file : ""
key_file : ""

View File

@ -1,3 +1,3 @@
tlsConfig :
tlsCertPath : "somefile"
tlsKeyPath : "somefile"
tls_config :
cert_file : "somefile"
key_file : "somefile"

View File

@ -1,3 +1,3 @@
tlsConfig :
tlsCertPath : "testdata/server.crt"
tlsKeyPath : ""
tls_config :
cert_file : "testdata/server.crt"
key_file : ""

View File

@ -1,3 +1,3 @@
tlsConfig :
tlsCertPath : "testdata/server.cert"
tlsKeyPath : "somefile"
tls_config :
cert_file : "testdata/server.cert"
key_file : "somefile"

View File

@ -25,14 +25,14 @@ import (
)
type Config struct {
TLSConfig TLSStruct `yaml:"tlsConfig"`
TLSConfig TLSStruct `yaml:"tls_config"`
}
type TLSStruct struct {
TLSCertPath string `yaml:"tlsCertPath"`
TLSKeyPath string `yaml:"tlsKeyPath"`
ClientAuth string `yaml:"clientAuth"`
ClientCAs string `yaml:"clientCAs"`
TLSCertPath string `yaml:"cert_file"`
TLSKeyPath string `yaml:"key_file"`
ClientAuth string `yaml:"client_auth_type"`
ClientCAs string `yaml:"client_ca_file"`
}
func getTLSConfig(configPath string) (*tls.Config, error) {

View File

@ -1,10 +1,11 @@
tlsConfig :
tls_config:
# Certificate and key files for server to use to authenticate to client
tlsCertPath : <filename>
tlsKeyPath : <filename>
cert_file: <filename>
key_file: <filename>
# Server policy for client authentication. Maps to ClientAuth Policies
[ clientAuth : <string> ]
# For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
[ client_auth_type: <string> | default = "NoClientCert" ]
# CA certificate for client certificate authentication to the server
[ clientCAs : <filename> ]
[ client_ca_file: <filename> ]