mirror of
https://github.com/prometheus/node_exporter.git
synced 2025-01-20 15:29:00 +01:00
Make TLS config consistent with Prometheus (#1685)
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
This commit is contained in:
parent
fa4edd700e
commit
091bed01b0
@ -9,16 +9,17 @@ If the config is kept within the https directory.
|
||||
The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy.
|
||||
|
||||
## Sample Config
|
||||
|
||||
```
|
||||
tlsConfig :
|
||||
tls_config:
|
||||
# Certificate and key files for server to use to authenticate to client
|
||||
tlsCertPath : <filename>
|
||||
tlsKeyPath : <filename>
|
||||
cert_file: <filename>
|
||||
key_file: <filename>
|
||||
|
||||
# Server policy for client authentication. Maps to ClientAuth Policies
|
||||
# For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
|
||||
[ clientAuth : <string> | default = "NoClientCert" ]
|
||||
[ client_auth_type: <string> | default = "NoClientCert" ]
|
||||
|
||||
# CA certificate for client certificate authentication to the server
|
||||
[ clientCAs : <filename> ]
|
||||
[ client_ca_file: <filename> ]
|
||||
```
|
||||
|
@ -1,4 +1,4 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : "testdata/server.crt"
|
||||
tlsKeyPath : "testdata/server.key"
|
||||
clientCAs : "somefile"
|
||||
tls_config :
|
||||
cert_file : "testdata/server.crt"
|
||||
key_file : "testdata/server.key"
|
||||
client_ca_file : "somefile"
|
@ -1,4 +1,4 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : "testdata/server.crt"
|
||||
tlsKeyPath : "testdata/server.key"
|
||||
clientAuth : "RequireAndVerifyClientCert"
|
||||
tls_config :
|
||||
cert_file : "testdata/server.crt"
|
||||
key_file : "testdata/server.key"
|
||||
client_auth_type : "RequireAndVerifyClientCert"
|
8
https/testdata/tls_config_noAuth.bad.yml
vendored
8
https/testdata/tls_config_noAuth.bad.yml
vendored
@ -1,4 +1,4 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : "testdata/server.crt"
|
||||
tlsKeyPath : "testdata/server.key"
|
||||
clientCAs : "testdata/tls-ca-chain.pem"
|
||||
tls_config :
|
||||
cert_file : "testdata/server.crt"
|
||||
key_file : "testdata/server.key"
|
||||
client_ca_file : "testdata/tls-ca-chain.pem"
|
||||
|
@ -1,5 +1,5 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : "testdata/server.crt"
|
||||
tlsKeyPath : "testdata/server.key"
|
||||
clientAuth : "RequireAndVerifyClientCert"
|
||||
clientCAs: "testdata/tls-ca-chain.pem"
|
||||
tls_config :
|
||||
cert_file : "testdata/server.crt"
|
||||
key_file : "testdata/server.key"
|
||||
client_auth_type : "RequireAndVerifyClientCert"
|
||||
client_ca_file: "testdata/tls-ca-chain.pem"
|
10
https/testdata/tls_config_noAuth.good.yml
vendored
10
https/testdata/tls_config_noAuth.good.yml
vendored
@ -1,5 +1,5 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : "testdata/server.crt"
|
||||
tlsKeyPath : "testdata/server.key"
|
||||
clientAuth : "VerifyClientCertIfGiven"
|
||||
clientCAs : "testdata/tls-ca-chain.pem"
|
||||
tls_config :
|
||||
cert_file : "testdata/server.crt"
|
||||
key_file : "testdata/server.key"
|
||||
client_auth_type : "VerifyClientCertIfGiven"
|
||||
client_ca_file : "testdata/tls-ca-chain.pem"
|
||||
|
@ -1,3 +1,3 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : ""
|
||||
tlsKeyPath : "testdata/server.key"
|
||||
tls_config :
|
||||
cert_file : ""
|
||||
key_file : "testdata/server.key"
|
@ -1,3 +1,3 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : "somefile"
|
||||
tlsKeyPath : "testdata/server.key"
|
||||
tls_config :
|
||||
cert_file : "somefile"
|
||||
key_file : "testdata/server.key"
|
@ -1,3 +1,3 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : ""
|
||||
tlsKeyPath : ""
|
||||
tls_config :
|
||||
cert_file : ""
|
||||
key_file : ""
|
@ -1,3 +1,3 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : "somefile"
|
||||
tlsKeyPath : "somefile"
|
||||
tls_config :
|
||||
cert_file : "somefile"
|
||||
key_file : "somefile"
|
@ -1,3 +1,3 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : "testdata/server.crt"
|
||||
tlsKeyPath : ""
|
||||
tls_config :
|
||||
cert_file : "testdata/server.crt"
|
||||
key_file : ""
|
@ -1,3 +1,3 @@
|
||||
tlsConfig :
|
||||
tlsCertPath : "testdata/server.cert"
|
||||
tlsKeyPath : "somefile"
|
||||
tls_config :
|
||||
cert_file : "testdata/server.cert"
|
||||
key_file : "somefile"
|
@ -25,14 +25,14 @@ import (
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
TLSConfig TLSStruct `yaml:"tlsConfig"`
|
||||
TLSConfig TLSStruct `yaml:"tls_config"`
|
||||
}
|
||||
|
||||
type TLSStruct struct {
|
||||
TLSCertPath string `yaml:"tlsCertPath"`
|
||||
TLSKeyPath string `yaml:"tlsKeyPath"`
|
||||
ClientAuth string `yaml:"clientAuth"`
|
||||
ClientCAs string `yaml:"clientCAs"`
|
||||
TLSCertPath string `yaml:"cert_file"`
|
||||
TLSKeyPath string `yaml:"key_file"`
|
||||
ClientAuth string `yaml:"client_auth_type"`
|
||||
ClientCAs string `yaml:"client_ca_file"`
|
||||
}
|
||||
|
||||
func getTLSConfig(configPath string) (*tls.Config, error) {
|
||||
|
@ -1,10 +1,11 @@
|
||||
tlsConfig :
|
||||
tls_config:
|
||||
# Certificate and key files for server to use to authenticate to client
|
||||
tlsCertPath : <filename>
|
||||
tlsKeyPath : <filename>
|
||||
cert_file: <filename>
|
||||
key_file: <filename>
|
||||
|
||||
# Server policy for client authentication. Maps to ClientAuth Policies
|
||||
[ clientAuth : <string> ]
|
||||
# For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
|
||||
[ client_auth_type: <string> | default = "NoClientCert" ]
|
||||
|
||||
# CA certificate for client certificate authentication to the server
|
||||
[ clientCAs : <filename> ]
|
||||
[ client_ca_file: <filename> ]
|
||||
|
Loading…
Reference in New Issue
Block a user