Merge pull request #2479 from YKlausz/consul-tls

Adding consul capability to connect via tls
2017-03-20 11:40:18 +01:00 · 2017-03-20 11:40:18 +01:00 · 525da88c35
parent 0958c83d5d 75880b594f
commit 525da88c35
4 changed files with 30 additions and 3 deletions
--- a/config/config.go
+++ b/config/config.go
@ -246,6 +246,11 @@ func resolveFilepaths(baseDir string, cfg *Config) {
 			mcfg.TLSConfig.CertFile = join(mcfg.TLSConfig.CertFile)
 			mcfg.TLSConfig.KeyFile = join(mcfg.TLSConfig.KeyFile)
 		}
+		for _, consulcfg := range cfg.ConsulSDConfigs {
+			consulcfg.TLSConfig.CAFile = join(consulcfg.TLSConfig.CAFile)
+			consulcfg.TLSConfig.CertFile = join(consulcfg.TLSConfig.CertFile)
+			consulcfg.TLSConfig.KeyFile = join(consulcfg.TLSConfig.KeyFile)
+		}
 	}

 	for _, cfg := range cfg.ScrapeConfigs {
@ -824,6 +829,7 @@ type ConsulSDConfig struct {
 	// Defaults to all services if empty.
 	Services []string `yaml:"services"`

+	TLSConfig TLSConfig `yaml:"tls_config,omitempty"`
 	// Catches all undefined fields and must be empty after parsing.
 	XXX map[string]interface{} `yaml:",inline"`
 }
--- a/config/config_test.go
+++ b/config/config_test.go
@ -247,7 +247,13 @@ var expectedConf = &Config{
 						Server:       "localhost:1234",
 						Services:     []string{"nginx", "cache", "mysql"},
 						TagSeparator: DefaultConsulSDConfig.TagSeparator,
-						Scheme:       DefaultConsulSDConfig.Scheme,
+						Scheme:       "https",
+						TLSConfig: TLSConfig{
+							CertFile:           "testdata/valid_cert_file",
+							KeyFile:            "testdata/valid_key_file",
+							CAFile:             "testdata/valid_ca_file",
+							InsecureSkipVerify: false,
+						},
 					},
 				},
 			},
--- a/config/testdata/conf.good.yml
+++ b/config/testdata/conf.good.yml
@ -114,6 +114,12 @@ scrape_configs:
  consul_sd_configs:
  - server: 'localhost:1234'
    services: ['nginx', 'cache', 'mysql']
+    scheme: https
+    tls_config:
+      ca_file: valid_ca_file
+      cert_file: valid_cert_file
+      key_file:  valid_key_file
+      insecure_skip_verify: false

  relabel_configs:
  - source_labels: [__meta_sd_consul_tags]
--- a/discovery/consul/consul.go
+++ b/discovery/consul/consul.go
@ -16,6 +16,7 @@ package consul
 import (
 	"fmt"
 	"net"
+	"net/http"
 	"strconv"
 	"strings"
 	"time"
@ -24,9 +25,9 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/common/log"
 	"github.com/prometheus/common/model"
-	"golang.org/x/net/context"
-
 	"github.com/prometheus/prometheus/config"
+	"github.com/prometheus/prometheus/util/httputil"
+	"golang.org/x/net/context"
 )

 const (
@ -92,6 +93,13 @@ type Discovery struct {

 // NewDiscovery returns a new Discovery for the given config.
 func NewDiscovery(conf *config.ConsulSDConfig) (*Discovery, error) {
+	tls, err := httputil.NewTLSConfig(conf.TLSConfig)
+	if err != nil {
+		return nil, err
+	}
+	transport := &http.Transport{TLSClientConfig: tls}
+	wrapper := &http.Client{Transport: transport}
+
 	clientConf := &consul.Config{
 		Address:    conf.Server,
 		Scheme:     conf.Scheme,
@ -101,6 +109,7 @@ func NewDiscovery(conf *config.ConsulSDConfig) (*Discovery, error) {
 			Username: conf.Username,
 			Password: conf.Password,
 		},
+		HttpClient: wrapper,
 	}
 	client, err := consul.NewClient(clientConf)
 	if err != nil {