Merge pull request #2479 from YKlausz/consul-tls

Adding consul capability to connect via tls
2017-03-20 11:40:18 +01:00 · 2017-03-20 11:40:18 +01:00 · 525da88c35
parent 0958c83d5d 75880b594f
commit 525da88c35
4 changed files with 30 additions and 3 deletions
--- a/config/config.go
+++ b/config/config.go
@ -246,6 +246,11 @@ func resolveFilepaths(baseDir string, cfg *Config) {
 			mcfg.TLSConfig.CertFile = join(mcfg.TLSConfig.CertFile)
 			mcfg.TLSConfig.KeyFile = join(mcfg.TLSConfig.KeyFile)
 		}
 		for _, consulcfg := range cfg.ConsulSDConfigs {
 			consulcfg.TLSConfig.CAFile = join(consulcfg.TLSConfig.CAFile)
 			consulcfg.TLSConfig.CertFile = join(consulcfg.TLSConfig.CertFile)
 			consulcfg.TLSConfig.KeyFile = join(consulcfg.TLSConfig.KeyFile)
 		}
 	}
 	for _, cfg := range cfg.ScrapeConfigs {
@ -824,6 +829,7 @@ type ConsulSDConfig struct {
 	// Defaults to all services if empty.
 	Services []string `yaml:"services"`
 	TLSConfig TLSConfig `yaml:"tls_config,omitempty"`
 	// Catches all undefined fields and must be empty after parsing.
 	XXX map[string]interface{} `yaml:",inline"`
 }
--- a/config/config_test.go
+++ b/config/config_test.go
@ -247,7 +247,13 @@ var expectedConf = &Config{
 						Server:       "localhost:1234",
 						Services:     []string{"nginx", "cache", "mysql"},
 						TagSeparator: DefaultConsulSDConfig.TagSeparator,
-						Scheme:       DefaultConsulSDConfig.Scheme,
+						Scheme:       "https",
 						TLSConfig: TLSConfig{
 							CertFile:           "testdata/valid_cert_file",
 							KeyFile:            "testdata/valid_key_file",
 							CAFile:             "testdata/valid_ca_file",
 							InsecureSkipVerify: false,
 						},
 					},
 				},
 			},
--- a/config/testdata/conf.good.yml
+++ b/config/testdata/conf.good.yml
@ -114,6 +114,12 @@ scrape_configs:
  consul_sd_configs:
  - server: 'localhost:1234'
    services: ['nginx', 'cache', 'mysql']
    scheme: https
    tls_config:
      ca_file: valid_ca_file
      cert_file: valid_cert_file
      key_file:  valid_key_file
      insecure_skip_verify: false
  relabel_configs:
  - source_labels: [__meta_sd_consul_tags]
--- a/discovery/consul/consul.go
+++ b/discovery/consul/consul.go
@ -16,6 +16,7 @@ package consul
 import (
 	"fmt"
 	"net"
 	"net/http"
 	"strconv"
 	"strings"
 	"time"
@ -24,9 +25,9 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/common/log"
 	"github.com/prometheus/common/model"
 	"golang.org/x/net/context"
 	"github.com/prometheus/prometheus/config"
 	"github.com/prometheus/prometheus/util/httputil"
 	"golang.org/x/net/context"
 )
 const (
@ -92,6 +93,13 @@ type Discovery struct {
 // NewDiscovery returns a new Discovery for the given config.
 func NewDiscovery(conf *config.ConsulSDConfig) (*Discovery, error) {
 	tls, err := httputil.NewTLSConfig(conf.TLSConfig)
 	if err != nil {
 		return nil, err
 	}
 	transport := &http.Transport{TLSClientConfig: tls}
 	wrapper := &http.Client{Transport: transport}
 	clientConf := &consul.Config{
 		Address:    conf.Server,
 		Scheme:     conf.Scheme,
@ -101,6 +109,7 @@ func NewDiscovery(conf *config.ConsulSDConfig) (*Discovery, error) {
 			Username: conf.Username,
 			Password: conf.Password,
 		},
 		HttpClient: wrapper,
 	}
 	client, err := consul.NewClient(clientConf)
 	if err != nil {