Merge pull request #29 from prometheus/add-basic-auth

Add Basic Auth support
2014-12-18 12:59:59 +01:00 · 2014-12-18 12:59:59 +01:00 · 318203921f
parent bb3132714c 16048c1399
commit 318203921f
1 changed files with 42 additions and 10 deletions
--- a/node_exporter.go
+++ b/node_exporter.go
@ -5,7 +5,6 @@ import (
 	"flag"
 	"fmt"
 	"io/ioutil"
-	"log"
 	"net/http"
 	"os"
 	"os/signal"
@ -23,11 +22,13 @@ import (
 const subsystem = "exporter"

 var (
-	configFile        = flag.String("config", "node_exporter.conf", "config file.")
-	memProfile        = flag.String("memprofile", "", "write memory profile to this file")
-	listeningAddress  = flag.String("listen", ":8080", "address to listen on")
-	enabledCollectors = flag.String("enabledCollectors", "attributes,diskstats,filesystem,loadavg,meminfo,stat,time,netdev,netstat", "comma-seperated list of collectors to use")
-	printCollectors   = flag.Bool("printCollectors", false, "If true, print available collectors and exit")
+	configFile        = flag.String("config", "node_exporter.conf", "Path to config file.")
+	memProfile        = flag.String("memprofile", "", "Write memory profile to this file.")
+	listeningAddress  = flag.String("listen", ":8080", "Address to listen on.")
+	enabledCollectors = flag.String("enabledCollectors", "attributes,diskstats,filesystem,loadavg,meminfo,stat,time,netdev,netstat", "Comma-separated list of collectors to use.")
+	printCollectors   = flag.Bool("printCollectors", false, "If true, print available collectors and exit.")
+	authUser          = flag.String("auth.user", "", "Username for basic auth.")
+	authPass          = flag.String("auth.pass", "", "Password for basic auth.")

 	collectorLabelNames = []string{"collector", "result"}

@ -66,6 +67,23 @@ func (n NodeCollector) Collect(ch chan<- prometheus.Metric) {
 	scrapeDurations.Collect(ch)
 }

+type basicAuthHandler struct {
+	handler  http.HandlerFunc
+	user     string
+	password string
+}
+
+func (h *basicAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	user, password, ok := r.BasicAuth()
+	if !ok || password != h.password || user != h.user {
+		w.Header().Set("WWW-Authenticate", "Basic realm=\"metrics\"")
+		http.Error(w, "Invalid username or password", http.StatusUnauthorized)
+		return
+	}
+	h.handler(w, r)
+	return
+}
+
 func Execute(name string, c collector.Collector, ch chan<- prometheus.Metric) {
 	begin := time.Now()
 	err := c.Update(ch)
@ -123,7 +141,7 @@ func main() {
 	}
 	collectors, err := loadCollectors(*configFile)
 	if err != nil {
-		log.Fatalf("Couldn't load config and collectors: %s", err)
+		glog.Fatalf("Couldn't load config and collectors: %s", err)
 	}

 	glog.Infof("Enabled collectors:")
@ -137,9 +155,23 @@ func main() {
 	sigUsr1 := make(chan os.Signal)
 	signal.Notify(sigUsr1, syscall.SIGUSR1)

+	handler := prometheus.Handler()
+	if *authUser != "" || *authPass != "" {
+		if *authUser == "" || *authPass == "" {
+			glog.Fatal("You need to specify -auth.user and -auth.pass to enable basic auth")
+		}
+		handler = &basicAuthHandler{
+			handler:  prometheus.Handler().ServeHTTP,
+			user:     *authUser,
+			password: *authPass,
+		}
+	}
 	go func() {
-		http.Handle("/metrics", prometheus.Handler())
-		http.ListenAndServe(*listeningAddress, nil)
+		http.Handle("/metrics", handler)
+		err := http.ListenAndServe(*listeningAddress, nil)
+		if err != nil {
+			glog.Fatal(err)
+		}
 	}()

 	for {
@ -150,7 +182,7 @@ func main() {
 				glog.Infof("Writing memory profile to %s", *memProfile)
 				f, err := os.Create(*memProfile)
 				if err != nil {
-					log.Fatal(err)
+					glog.Fatal(err)
 				}
 				pprof.WriteHeapProfile(f)
 				f.Close()