diff --git a/config/config.go b/config/config.go index 8f629954..a9cfa421 100644 --- a/config/config.go +++ b/config/config.go @@ -23,6 +23,7 @@ import ( "strings" "time" + commoncfg "github.com/prometheus/common/config" "github.com/prometheus/common/model" "gopkg.in/yaml.v2" ) @@ -159,6 +160,11 @@ func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error { if _, ok := names[rcv.Name]; ok { return fmt.Errorf("notification config name %q is not unique", rcv.Name) } + for _, wh := range rcv.WebhookConfigs { + if wh.HTTPConfig == nil { + wh.HTTPConfig = c.Global.HTTPConfig + } + } for _, ec := range rcv.EmailConfigs { if ec.Smarthost == "" { if c.Global.SMTPSmarthost == "" { @@ -193,6 +199,9 @@ func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error { } } for _, sc := range rcv.SlackConfigs { + if sc.HTTPConfig == nil { + sc.HTTPConfig = c.Global.HTTPConfig + } if sc.APIURL == "" { if c.Global.SlackAPIURL == "" { return fmt.Errorf("no global Slack API URL set") @@ -201,6 +210,9 @@ func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error { } } for _, hc := range rcv.HipchatConfigs { + if hc.HTTPConfig == nil { + hc.HTTPConfig = c.Global.HTTPConfig + } if hc.APIURL == "" { if c.Global.HipchatAPIURL == "" { return fmt.Errorf("no global Hipchat API URL set") @@ -217,7 +229,15 @@ func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error { hc.AuthToken = c.Global.HipchatAuthToken } } + for _, poc := range rcv.PushoverConfigs { + if poc.HTTPConfig == nil { + poc.HTTPConfig = c.Global.HTTPConfig + } + } for _, pdc := range rcv.PagerdutyConfigs { + if pdc.HTTPConfig == nil { + pdc.HTTPConfig = c.Global.HTTPConfig + } if pdc.URL == "" { if c.Global.PagerdutyURL == "" { return fmt.Errorf("no global PagerDuty URL set") @@ -226,6 +246,9 @@ func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error { } } for _, ogc := range rcv.OpsGenieConfigs { + if ogc.HTTPConfig == nil { + ogc.HTTPConfig = c.Global.HTTPConfig + } if ogc.APIURL == "" { if c.Global.OpsGenieAPIURL == "" { return fmt.Errorf("no global OpsGenie URL set") @@ -269,6 +292,9 @@ func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error { } } for _, voc := range rcv.VictorOpsConfigs { + if voc.HTTPConfig == nil { + voc.HTTPConfig = c.Global.HTTPConfig + } if voc.APIURL == "" { if c.Global.VictorOpsAPIURL == "" { return fmt.Errorf("no global VictorOps URL set") @@ -328,6 +354,7 @@ func checkReceiver(r *Route, receivers map[string]struct{}) error { // DefaultGlobalConfig provides global default values. var DefaultGlobalConfig = GlobalConfig{ ResolveTimeout: model.Duration(5 * time.Minute), + HTTPConfig: &commoncfg.HTTPClientConfig{}, SMTPRequireTLS: true, PagerdutyURL: "https://events.pagerduty.com/v2/enqueue", @@ -344,6 +371,8 @@ type GlobalConfig struct { // if it has not been updated. ResolveTimeout model.Duration `yaml:"resolve_timeout" json:"resolve_timeout"` + HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` + SMTPFrom string `yaml:"smtp_from,omitempty" json:"smtp_from,omitempty"` SMTPHello string `yaml:"smtp_hello,omitempty" json:"smtp_hello,omitempty"` SMTPSmarthost string `yaml:"smtp_smarthost,omitempty" json:"smtp_smarthost,omitempty"` diff --git a/config/config_test.go b/config/config_test.go index 99c6d5e3..43f2453e 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -21,6 +21,7 @@ import ( "testing" "time" + commoncfg "github.com/prometheus/common/config" "github.com/prometheus/common/model" "github.com/stretchr/testify/require" "gopkg.in/yaml.v2" @@ -318,6 +319,7 @@ func TestEmptyFieldsAndRegex(t *testing.T) { var expectedConf = Config{ Global: &GlobalConfig{ + HTTPConfig: &commoncfg.HTTPClientConfig{}, ResolveTimeout: model.Duration(5 * time.Minute), SMTPSmarthost: "localhost:25", SMTPFrom: "alertmanager@example.org", diff --git a/config/notifiers.go b/config/notifiers.go index 80f37d82..70945dcd 100644 --- a/config/notifiers.go +++ b/config/notifiers.go @@ -18,6 +18,8 @@ import ( "net/url" "strings" "time" + + commoncfg "github.com/prometheus/common/config" ) var ( @@ -193,6 +195,8 @@ func (c *EmailConfig) UnmarshalYAML(unmarshal func(interface{}) error) error { type PagerdutyConfig struct { NotifierConfig `yaml:",inline" json:",inline"` + HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` + ServiceKey Secret `yaml:"service_key,omitempty" json"service_key,omitempty"` RoutingKey Secret `yaml:"routing_key,omitempty" json:"routing_key,omitempty"` URL string `yaml:"url,omitempty" json:"url,omitempty"` @@ -226,6 +230,8 @@ func (c *PagerdutyConfig) UnmarshalYAML(unmarshal func(interface{}) error) error type SlackConfig struct { NotifierConfig `yaml:",inline" json:",inline"` + HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` + APIURL Secret `yaml:"api_url,omitempty" json:"api_url,omitempty"` // Slack channel override, (like #other-channel or @username). @@ -263,6 +269,8 @@ func (c *SlackConfig) UnmarshalYAML(unmarshal func(interface{}) error) error { type HipchatConfig struct { NotifierConfig `yaml:",inline" json:",inline"` + HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` + APIURL string `yaml:"api_url,omitempty" json:"api_url,omitempty"` AuthToken Secret `yaml:"auth_token,omitempty" json:"auth_token,omitempty"` RoomID string `yaml:"room_id,omitempty" json:"room_id,omitempty"` @@ -294,6 +302,8 @@ func (c *HipchatConfig) UnmarshalYAML(unmarshal func(interface{}) error) error { type WebhookConfig struct { NotifierConfig `yaml:",inline" json:",inline"` + HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` + // URL to send POST request to. URL string `yaml:"url" json:"url"` @@ -326,6 +336,8 @@ func (c *WebhookConfig) UnmarshalYAML(unmarshal func(interface{}) error) error { type WechatConfig struct { NotifierConfig `yaml:",inline" json:",inline"` + HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` + APISecret string `yaml:"api_secret,omitempty" json:"api_secret,omitempty"` CorpID string `yaml:"corp_id,omitempty" json:"corp_id,omitempty"` Message string `yaml:"message,omitempty" json:"message,omitempty"` @@ -359,6 +371,8 @@ func (c *WechatConfig) UnmarshalYAML(unmarshal func(interface{}) error) error { type OpsGenieConfig struct { NotifierConfig `yaml:",inline" json:",inline"` + HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` + APIKey Secret `yaml:"api_key,omitempty" json:"api_key,omitempty"` APIURL string `yaml:"api_url,omitempty" json:"api_url,omitempty"` Message string `yaml:"message,omitempty" json:"message,omitempty"` @@ -388,6 +402,8 @@ func (c *OpsGenieConfig) UnmarshalYAML(unmarshal func(interface{}) error) error type VictorOpsConfig struct { NotifierConfig `yaml:",inline" json:",inline"` + HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` + APIKey Secret `yaml:"api_key" json:"api_key"` APIURL string `yaml:"api_url" json:"api_url"` RoutingKey string `yaml:"routing_key" json:"routing_key"` @@ -429,6 +445,8 @@ func (d duration) MarshalText() ([]byte, error) { type PushoverConfig struct { NotifierConfig `yaml:",inline" json:",inline"` + HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` + UserKey Secret `yaml:"user_key,omitempty" json:"user_key,omitempty"` Token Secret `yaml:"token,omitempty" json:"token,omitempty"` Title string `yaml:"title,omitempty" json:"title,omitempty"` diff --git a/config/notifiers_test.go b/config/notifiers_test.go index d2b871fb..4acf22df 100644 --- a/config/notifiers_test.go +++ b/config/notifiers_test.go @@ -1,6 +1,7 @@ package config import ( + "strings" "testing" "gopkg.in/yaml.v2" @@ -111,6 +112,62 @@ url: '' } } +func TestWebhookHttpConfigIsValid(t *testing.T) { + in := ` +url: 'http://example.com' +http_config: + bearer_token: foo + bearer_token_file: /tmp/bar +` + var cfg WebhookConfig + err := yaml.Unmarshal([]byte(in), &cfg) + + expected := "at most one of bearer_token & bearer_token_file must be configured" + + if err == nil { + t.Fatalf("no error returned, expected:\n%v", expected) + } + if err.Error() != expected { + t.Errorf("\nexpected:\n%v\ngot:\n%v", expected, err.Error()) + } +} + +func TestWebhookHttpConfigIsOptional(t *testing.T) { + in := ` +url: 'http://example.com' +` + var cfg WebhookConfig + err := yaml.Unmarshal([]byte(in), &cfg) + + if err != nil { + t.Fatalf("no error expected, returned:\n%v", err.Error()) + } +} + +func TestWebhookPasswordIsObsfucated(t *testing.T) { + in := ` +url: 'http://example.com' +http_config: + basic_auth: + username: foo + password: supersecret +` + var cfg WebhookConfig + err := yaml.Unmarshal([]byte(in), &cfg) + + if err != nil { + t.Fatalf("no error expected, returned:\n%v", err.Error()) + } + + ycfg, err := yaml.Marshal(cfg) + if err != nil { + t.Fatalf("no error expected, returned:\n%v", err.Error()) + } + if strings.Contains(string(ycfg), "supersecret") { + t.Errorf("Found password in the YAML cfg: %s\n", ycfg) + } +} + func TestWechatAPIKeyIsPresent(t *testing.T) { in := ` api_secret: '' diff --git a/notify/impl.go b/notify/impl.go index 179290ba..f3a31f92 100644 --- a/notify/impl.go +++ b/notify/impl.go @@ -34,6 +34,7 @@ import ( "github.com/go-kit/kit/log" "github.com/go-kit/kit/log/level" + commoncfg "github.com/prometheus/common/config" "github.com/prometheus/common/model" "github.com/prometheus/common/version" "golang.org/x/net/context" @@ -146,15 +147,14 @@ var userAgentHeader = fmt.Sprintf("Alertmanager/%s", version.Version) // Webhook implements a Notifier for generic webhooks. type Webhook struct { - // The URL to which notifications are sent. - URL string + conf *config.WebhookConfig tmpl *template.Template logger log.Logger } // NewWebhook returns a new Webhook. func NewWebhook(conf *config.WebhookConfig, t *template.Template, l log.Logger) *Webhook { - return &Webhook{URL: conf.URL, tmpl: t, logger: l} + return &Webhook{conf: conf, tmpl: t, logger: l} } // WebhookMessage defines the JSON object send to webhook endpoints. @@ -186,14 +186,19 @@ func (w *Webhook) Notify(ctx context.Context, alerts ...*types.Alert) (bool, err return false, err } - req, err := http.NewRequest("POST", w.URL, &buf) + req, err := http.NewRequest("POST", w.conf.URL, &buf) if err != nil { return true, err } req.Header.Set("Content-Type", contentTypeJSON) req.Header.Set("User-Agent", userAgentHeader) - resp, err := ctxhttp.Do(ctx, http.DefaultClient, req) + c, err := commoncfg.NewHTTPClientFromConfig(w.conf.HTTPConfig) + if err != nil { + return false, err + } + + resp, err := ctxhttp.Do(ctx, c, req) if err != nil { return true, err } @@ -206,7 +211,7 @@ func (w *Webhook) retry(statusCode int) (bool, error) { // Webhooks are assumed to respond with 2xx response codes on a successful // request and 5xx response codes are assumed to be recoverable. if statusCode/100 != 2 { - return (statusCode/100 == 5), fmt.Errorf("unexpected status code %v from %s", statusCode, w.URL) + return (statusCode/100 == 5), fmt.Errorf("unexpected status code %v from %s", statusCode, w.conf.URL) } return false, nil @@ -466,7 +471,7 @@ type pagerDutyPayload struct { CustomDetails map[string]string `json:"custom_details,omitempty"` } -func (n *PagerDuty) notifyV1(ctx context.Context, eventType, key string, tmpl func(string) string, details map[string]string, as ...*types.Alert) (bool, error) { +func (n *PagerDuty) notifyV1(ctx context.Context, c *http.Client, eventType, key string, tmpl func(string) string, details map[string]string, as ...*types.Alert) (bool, error) { msg := &pagerDutyMessage{ ServiceKey: tmpl(string(n.conf.ServiceKey)), @@ -488,7 +493,7 @@ func (n *PagerDuty) notifyV1(ctx context.Context, eventType, key string, tmpl fu return false, err } - resp, err := ctxhttp.Post(ctx, http.DefaultClient, n.conf.URL, contentTypeJSON, &buf) + resp, err := ctxhttp.Post(ctx, c, n.conf.URL, contentTypeJSON, &buf) if err != nil { return true, err } @@ -497,7 +502,7 @@ func (n *PagerDuty) notifyV1(ctx context.Context, eventType, key string, tmpl fu return n.retryV1(resp.StatusCode) } -func (n *PagerDuty) notifyV2(ctx context.Context, eventType, key string, tmpl func(string) string, details map[string]string, as ...*types.Alert) (bool, error) { +func (n *PagerDuty) notifyV2(ctx context.Context, c *http.Client, eventType, key string, tmpl func(string) string, details map[string]string, as ...*types.Alert) (bool, error) { if n.conf.Severity == "" { n.conf.Severity = "error" } @@ -532,7 +537,7 @@ func (n *PagerDuty) notifyV2(ctx context.Context, eventType, key string, tmpl fu return false, err } - resp, err := ctxhttp.Post(ctx, http.DefaultClient, n.conf.URL, contentTypeJSON, &buf) + resp, err := ctxhttp.Post(ctx, c, n.conf.URL, contentTypeJSON, &buf) if err != nil { return true, err } @@ -572,10 +577,15 @@ func (n *PagerDuty) Notify(ctx context.Context, as ...*types.Alert) (bool, error return false, err } - if n.conf.ServiceKey != "" { - return n.notifyV1(ctx, eventType, key, tmpl, details, as...) + c, err := commoncfg.NewHTTPClientFromConfig(n.conf.HTTPConfig) + if err != nil { + return false, err } - return n.notifyV2(ctx, eventType, key, tmpl, details, as...) + + if n.conf.ServiceKey != "" { + return n.notifyV1(ctx, c, eventType, key, tmpl, details, as...) + } + return n.notifyV2(ctx, c, eventType, key, tmpl, details, as...) } func (n *PagerDuty) retryV1(statusCode int) (bool, error) { @@ -696,7 +706,12 @@ func (n *Slack) Notify(ctx context.Context, as ...*types.Alert) (bool, error) { return false, err } - resp, err := ctxhttp.Post(ctx, http.DefaultClient, string(n.conf.APIURL), contentTypeJSON, &buf) + c, err := commoncfg.NewHTTPClientFromConfig(n.conf.HTTPConfig) + if err != nil { + return false, err + } + + resp, err := ctxhttp.Post(ctx, c, string(n.conf.APIURL), contentTypeJSON, &buf) if err != nil { return true, err } @@ -773,7 +788,12 @@ func (n *Hipchat) Notify(ctx context.Context, as ...*types.Alert) (bool, error) return false, err } - resp, err := ctxhttp.Post(ctx, http.DefaultClient, url, contentTypeJSON, &buf) + c, err := commoncfg.NewHTTPClientFromConfig(n.conf.HTTPConfig) + if err != nil { + return false, err + } + + resp, err := ctxhttp.Post(ctx, c, url, contentTypeJSON, &buf) if err != nil { return true, err } @@ -851,6 +871,11 @@ func (n *Wechat) Notify(ctx context.Context, as ...*types.Alert) (bool, error) { return false, err } + c, err := commoncfg.NewHTTPClientFromConfig(n.conf.HTTPConfig) + if err != nil { + return false, err + } + // Refresh AccessToken over 2 hours if n.accessToken == "" || time.Now().Sub(n.accessTokenAt) > 2*time.Hour { parameters := url.Values{} @@ -875,7 +900,7 @@ func (n *Wechat) Notify(ctx context.Context, as ...*types.Alert) (bool, error) { req.Header.Set("Content-Type", contentTypeJSON) - resp, err := http.DefaultClient.Do(req.WithContext(ctx)) + resp, err := c.Do(req.WithContext(ctx)) if err != nil { return true, err } @@ -919,7 +944,7 @@ func (n *Wechat) Notify(ctx context.Context, as ...*types.Alert) (bool, error) { return true, err } - resp, err := http.DefaultClient.Do(req.WithContext(ctx)) + resp, err := c.Do(req.WithContext(ctx)) if err != nil { return true, err } @@ -986,7 +1011,12 @@ func (n *OpsGenie) Notify(ctx context.Context, as ...*types.Alert) (bool, error) return retry, err } - resp, err := ctxhttp.Do(ctx, http.DefaultClient, req) + c, err := commoncfg.NewHTTPClientFromConfig(n.conf.HTTPConfig) + if err != nil { + return false, err + } + + resp, err := ctxhttp.Do(ctx, c, req) if err != nil { return true, err @@ -1179,7 +1209,12 @@ func (n *VictorOps) Notify(ctx context.Context, as ...*types.Alert) (bool, error return false, err } - resp, err := ctxhttp.Post(ctx, http.DefaultClient, apiURL, contentTypeJSON, &buf) + c, err := commoncfg.NewHTTPClientFromConfig(n.conf.HTTPConfig) + if err != nil { + return false, err + } + + resp, err := ctxhttp.Post(ctx, c, apiURL, contentTypeJSON, &buf) if err != nil { return true, err } @@ -1271,7 +1306,12 @@ func (n *Pushover) Notify(ctx context.Context, as ...*types.Alert) (bool, error) u.RawQuery = parameters.Encode() level.Debug(n.logger).Log("msg", "Sending Pushover message", "incident", key, "url", u.String()) - resp, err := ctxhttp.Post(ctx, http.DefaultClient, u.String(), "text/plain", nil) + c, err := commoncfg.NewHTTPClientFromConfig(n.conf.HTTPConfig) + if err != nil { + return false, err + } + + resp, err := ctxhttp.Post(ctx, c, u.String(), "text/plain", nil) if err != nil { return true, err } diff --git a/notify/impl_test.go b/notify/impl_test.go index 3a2b0a84..85f17b5b 100644 --- a/notify/impl_test.go +++ b/notify/impl_test.go @@ -2,7 +2,9 @@ package notify import ( "fmt" + "io/ioutil" "net/http" + "net/url" "testing" "time" @@ -10,17 +12,15 @@ import ( "github.com/stretchr/testify/require" "golang.org/x/net/context" - "io/ioutil" - "net/url" - "github.com/prometheus/alertmanager/config" "github.com/prometheus/alertmanager/template" "github.com/prometheus/alertmanager/types" + commoncfg "github.com/prometheus/common/config" "github.com/prometheus/common/model" ) func TestWebhookRetry(t *testing.T) { - notifier := new(Webhook) + notifier := &Webhook{conf: &config.WebhookConfig{URL: "http://example.com/"}} for statusCode, expected := range retryTests(defaultRetryCodes()) { actual, _ := notifier.retry(statusCode) require.Equal(t, expected, actual, fmt.Sprintf("error on status %d", statusCode)) @@ -275,6 +275,8 @@ func TestWechat(t *testing.T) { CorpID: "invalidCorpID", AgentID: "1", ToUser: "admin", + + HTTPConfig: &commoncfg.HTTPClientConfig{}, } notifier := NewWechat(conf, tmpl, logger) diff --git a/vendor/github.com/prometheus/common/config/config.go b/vendor/github.com/prometheus/common/config/config.go new file mode 100644 index 00000000..9195c34b --- /dev/null +++ b/vendor/github.com/prometheus/common/config/config.go @@ -0,0 +1,47 @@ +// Copyright 2016 The Prometheus Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package config + +import ( + "fmt" + "strings" +) + +func checkOverflow(m map[string]interface{}, ctx string) error { + if len(m) > 0 { + var keys []string + for k := range m { + keys = append(keys, k) + } + return fmt.Errorf("unknown fields in %s: %s", ctx, strings.Join(keys, ", ")) + } + return nil +} + +// Secret special type for storing secrets. +type Secret string + +// MarshalYAML implements the yaml.Marshaler interface for Secrets. +func (s Secret) MarshalYAML() (interface{}, error) { + if s != "" { + return "", nil + } + return nil, nil +} + +//UnmarshalYAML implements the yaml.Unmarshaler interface for Secrets. +func (s *Secret) UnmarshalYAML(unmarshal func(interface{}) error) error { + type plain Secret + return unmarshal((*plain)(s)) +} diff --git a/vendor/github.com/prometheus/common/config/http_config.go b/vendor/github.com/prometheus/common/config/http_config.go new file mode 100644 index 00000000..ea231bf8 --- /dev/null +++ b/vendor/github.com/prometheus/common/config/http_config.go @@ -0,0 +1,281 @@ +// Copyright 2016 The Prometheus Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package config + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "io/ioutil" + "net/http" + "net/url" + "strings" + + "gopkg.in/yaml.v2" +) + +// BasicAuth contains basic HTTP authentication credentials. +type BasicAuth struct { + Username string `yaml:"username"` + Password Secret `yaml:"password"` + + // Catches all undefined fields and must be empty after parsing. + XXX map[string]interface{} `yaml:",inline"` +} + +// URL is a custom URL type that allows validation at configuration load time. +type URL struct { + *url.URL +} + +// UnmarshalYAML implements the yaml.Unmarshaler interface for URLs. +func (u *URL) UnmarshalYAML(unmarshal func(interface{}) error) error { + var s string + if err := unmarshal(&s); err != nil { + return err + } + + urlp, err := url.Parse(s) + if err != nil { + return err + } + u.URL = urlp + return nil +} + +// MarshalYAML implements the yaml.Marshaler interface for URLs. +func (u URL) MarshalYAML() (interface{}, error) { + if u.URL != nil { + return u.String(), nil + } + return nil, nil +} + +// HTTPClientConfig configures an HTTP client. +type HTTPClientConfig struct { + // The HTTP basic authentication credentials for the targets. + BasicAuth *BasicAuth `yaml:"basic_auth,omitempty"` + // The bearer token for the targets. + BearerToken Secret `yaml:"bearer_token,omitempty"` + // The bearer token file for the targets. + BearerTokenFile string `yaml:"bearer_token_file,omitempty"` + // HTTP proxy server to use to connect to the targets. + ProxyURL URL `yaml:"proxy_url,omitempty"` + // TLSConfig to use to connect to the targets. + TLSConfig TLSConfig `yaml:"tls_config,omitempty"` + + // Catches all undefined fields and must be empty after parsing. + XXX map[string]interface{} `yaml:",inline"` +} + +// Validate validates the HTTPClientConfig to check only one of BearerToken, +// BasicAuth and BearerTokenFile is configured. +func (c *HTTPClientConfig) Validate() error { + if len(c.BearerToken) > 0 && len(c.BearerTokenFile) > 0 { + return fmt.Errorf("at most one of bearer_token & bearer_token_file must be configured") + } + if c.BasicAuth != nil && (len(c.BearerToken) > 0 || len(c.BearerTokenFile) > 0) { + return fmt.Errorf("at most one of basic_auth, bearer_token & bearer_token_file must be configured") + } + return nil +} + +// UnmarshalYAML implements the yaml.Unmarshaler interface +func (c *HTTPClientConfig) UnmarshalYAML(unmarshal func(interface{}) error) error { + type plain HTTPClientConfig + err := unmarshal((*plain)(c)) + if err != nil { + return err + } + err = c.Validate() + if err != nil { + return c.Validate() + } + return checkOverflow(c.XXX, "http_client_config") +} + +// UnmarshalYAML implements the yaml.Unmarshaler interface. +func (a *BasicAuth) UnmarshalYAML(unmarshal func(interface{}) error) error { + type plain BasicAuth + err := unmarshal((*plain)(a)) + if err != nil { + return err + } + return checkOverflow(a.XXX, "basic_auth") +} + +// NewHTTPClientFromConfig returns a new HTTP client configured for the +// given config.HTTPClientConfig. +func NewHTTPClientFromConfig(cfg *HTTPClientConfig) (*http.Client, error) { + tlsConfig, err := NewTLSConfig(&cfg.TLSConfig) + if err != nil { + return nil, err + } + + // It's the caller's job to handle timeouts + var rt http.RoundTripper = &http.Transport{ + Proxy: http.ProxyURL(cfg.ProxyURL.URL), + DisableKeepAlives: true, + TLSClientConfig: tlsConfig, + } + + // If a bearer token is provided, create a round tripper that will set the + // Authorization header correctly on each request. + bearerToken := cfg.BearerToken + if len(bearerToken) == 0 && len(cfg.BearerTokenFile) > 0 { + b, err := ioutil.ReadFile(cfg.BearerTokenFile) + if err != nil { + return nil, fmt.Errorf("unable to read bearer token file %s: %s", cfg.BearerTokenFile, err) + } + bearerToken = Secret(strings.TrimSpace(string(b))) + } + + if len(bearerToken) > 0 { + rt = NewBearerAuthRoundTripper(bearerToken, rt) + } + + if cfg.BasicAuth != nil { + rt = NewBasicAuthRoundTripper(cfg.BasicAuth.Username, Secret(cfg.BasicAuth.Password), rt) + } + + // Return a new client with the configured round tripper. + return &http.Client{Transport: rt}, nil +} + +type bearerAuthRoundTripper struct { + bearerToken Secret + rt http.RoundTripper +} + +type basicAuthRoundTripper struct { + username string + password Secret + rt http.RoundTripper +} + +// NewBasicAuthRoundTripper will apply a BASIC auth authorization header to a request unless it has +// already been set. +func NewBasicAuthRoundTripper(username string, password Secret, rt http.RoundTripper) http.RoundTripper { + return &basicAuthRoundTripper{username, password, rt} +} + +func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { + if len(req.Header.Get("Authorization")) == 0 { + req = cloneRequest(req) + req.Header.Set("Authorization", "Bearer "+string(rt.bearerToken)) + } + + return rt.rt.RoundTrip(req) +} + +// NewBearerAuthRoundTripper adds the provided bearer token to a request unless the authorization +// header has already been set. +func NewBearerAuthRoundTripper(bearer Secret, rt http.RoundTripper) http.RoundTripper { + return &bearerAuthRoundTripper{bearer, rt} +} + +func (rt *basicAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { + if len(req.Header.Get("Authorization")) != 0 { + return rt.RoundTrip(req) + } + req = cloneRequest(req) + req.SetBasicAuth(rt.username, string(rt.password)) + return rt.rt.RoundTrip(req) +} + +// cloneRequest returns a clone of the provided *http.Request. +// The clone is a shallow copy of the struct and its Header map. +func cloneRequest(r *http.Request) *http.Request { + // Shallow copy of the struct. + r2 := new(http.Request) + *r2 = *r + // Deep copy of the Header. + r2.Header = make(http.Header) + for k, s := range r.Header { + r2.Header[k] = s + } + return r2 +} + +// NewTLSConfig creates a new tls.Config from the given config.TLSConfig. +func NewTLSConfig(cfg *TLSConfig) (*tls.Config, error) { + tlsConfig := &tls.Config{InsecureSkipVerify: cfg.InsecureSkipVerify} + + // If a CA cert is provided then let's read it in so we can validate the + // scrape target's certificate properly. + if len(cfg.CAFile) > 0 { + caCertPool := x509.NewCertPool() + // Load CA cert. + caCert, err := ioutil.ReadFile(cfg.CAFile) + if err != nil { + return nil, fmt.Errorf("unable to use specified CA cert %s: %s", cfg.CAFile, err) + } + caCertPool.AppendCertsFromPEM(caCert) + tlsConfig.RootCAs = caCertPool + } + + if len(cfg.ServerName) > 0 { + tlsConfig.ServerName = cfg.ServerName + } + + // If a client cert & key is provided then configure TLS config accordingly. + if len(cfg.CertFile) > 0 && len(cfg.KeyFile) == 0 { + return nil, fmt.Errorf("client cert file %q specified without client key file", cfg.CertFile) + } else if len(cfg.KeyFile) > 0 && len(cfg.CertFile) == 0 { + return nil, fmt.Errorf("client key file %q specified without client cert file", cfg.KeyFile) + } else if len(cfg.CertFile) > 0 && len(cfg.KeyFile) > 0 { + cert, err := tls.LoadX509KeyPair(cfg.CertFile, cfg.KeyFile) + if err != nil { + return nil, fmt.Errorf("unable to use specified client cert (%s) & key (%s): %s", cfg.CertFile, cfg.KeyFile, err) + } + tlsConfig.Certificates = []tls.Certificate{cert} + } + tlsConfig.BuildNameToCertificate() + + return tlsConfig, nil +} + +// TLSConfig configures the options for TLS connections. +type TLSConfig struct { + // The CA cert to use for the targets. + CAFile string `yaml:"ca_file,omitempty"` + // The client cert file for the targets. + CertFile string `yaml:"cert_file,omitempty"` + // The client key file for the targets. + KeyFile string `yaml:"key_file,omitempty"` + // Used to verify the hostname for the targets. + ServerName string `yaml:"server_name,omitempty"` + // Disable target certificate validation. + InsecureSkipVerify bool `yaml:"insecure_skip_verify"` + + // Catches all undefined fields and must be empty after parsing. + XXX map[string]interface{} `yaml:",inline"` +} + +// UnmarshalYAML implements the yaml.Unmarshaler interface. +func (c *TLSConfig) UnmarshalYAML(unmarshal func(interface{}) error) error { + type plain TLSConfig + if err := unmarshal((*plain)(c)); err != nil { + return err + } + return checkOverflow(c.XXX, "TLS config") +} + +func (c HTTPClientConfig) String() string { + b, err := yaml.Marshal(c) + if err != nil { + return fmt.Sprintf("", err) + } + return string(b) +} diff --git a/vendor/vendor.json b/vendor/vendor.json index a02c0fa1..674b7277 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -287,6 +287,12 @@ "revision": "1e01b2bdbae8edb393fcf555732304f34d192fc9", "revisionTime": "2016-11-21T14:22:35Z" }, + { + "checksumSHA1": "i+0TxE6bOpJdPNOeNHpO0vMzFh4=", + "path": "github.com/prometheus/common/config", + "revision": "89604d197083d4781071d3c65855d24ecfb0a563", + "revisionTime": "2018-01-10T21:49:58Z" + }, { "checksumSHA1": "xfnn0THnqNwjwimeTClsxahYrIo=", "path": "github.com/prometheus/common/expfmt",