Kubernetes SD authentication options cleanup

This commit is contained in:
Jimmi Dyson 2015-10-23 16:47:10 +01:00
parent 1b206efdb9
commit 7ff5cc66ea
6 changed files with 73 additions and 29 deletions

View File

@ -626,22 +626,6 @@ type MarathonSDConfig struct {
XXX map[string]interface{} `yaml:",inline"`
}
// KubernetesSDConfig is the configuration for Kubernetes service discovery.
type KubernetesSDConfig struct {
Masters []URL `yaml:"masters"`
KubeletPort int `yaml:"kubelet_port,omitempty"`
InCluster bool `yaml:"in_cluster,omitempty"`
BearerTokenFile string `yaml:"bearer_token_file,omitempty"`
Username string `yaml:"username,omitempty"`
Password string `yaml:"password,omitempty"`
RetryInterval Duration `yaml:"retry_interval,omitempty"`
RequestTimeout Duration `yaml:"request_timeout,omitempty"`
TLSConfig TLSConfig `yaml:"tls_config,omitempty"`
// Catches all undefined fields and must be empty after parsing.
XXX map[string]interface{} `yaml:",inline"`
}
// UnmarshalYAML implements the yaml.Unmarshaler interface.
func (c *MarathonSDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
*c = DefaultMarathonSDConfig
@ -657,6 +641,22 @@ func (c *MarathonSDConfig) UnmarshalYAML(unmarshal func(interface{}) error) erro
return checkOverflow(c.XXX, "marathon_sd_config")
}
// KubernetesSDConfig is the configuration for Kubernetes service discovery.
type KubernetesSDConfig struct {
Masters []URL `yaml:"masters"`
KubeletPort int `yaml:"kubelet_port,omitempty"`
InCluster bool `yaml:"in_cluster,omitempty"`
BasicAuth *BasicAuth `yaml:"basic_auth,omitempty"`
BearerToken string `yaml:"bearer_token,omitempty"`
BearerTokenFile string `yaml:"bearer_token_file,omitempty"`
RetryInterval Duration `yaml:"retry_interval,omitempty"`
RequestTimeout Duration `yaml:"request_timeout,omitempty"`
TLSConfig TLSConfig `yaml:"tls_config,omitempty"`
// Catches all undefined fields and must be empty after parsing.
XXX map[string]interface{} `yaml:",inline"`
}
// UnmarshalYAML implements the yaml.Unmarshaler interface.
func (c *KubernetesSDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
*c = DefaultKubernetesSDConfig
@ -668,6 +668,12 @@ func (c *KubernetesSDConfig) UnmarshalYAML(unmarshal func(interface{}) error) er
if len(c.Masters) == 0 {
return fmt.Errorf("Kubernetes SD configuration requires at least one Kubernetes master")
}
if len(c.BearerToken) > 0 && len(c.BearerTokenFile) > 0 {
return fmt.Errorf("at most one of bearer_token & bearer_token_file must be configured")
}
if c.BasicAuth != nil && (len(c.BearerToken) > 0 || len(c.BearerTokenFile) > 0) {
return fmt.Errorf("at most one of basic_auth, bearer_token & bearer_token_file must be configured")
}
return checkOverflow(c.XXX, "kubernetes_sd_config")
}

View File

@ -203,9 +203,11 @@ var expectedConf = &Config{
KubernetesSDConfigs: []*KubernetesSDConfig{
{
Masters: []URL{kubernetesSDHostURL()},
Username: "myusername",
Password: "mypassword",
Masters: []URL{kubernetesSDHostURL()},
BasicAuth: &BasicAuth{
Username: "myusername",
Password: "mypassword",
},
KubeletPort: 10255,
RequestTimeout: Duration(10 * time.Second),
RetryInterval: Duration(1 * time.Second),
@ -324,6 +326,12 @@ var expectedErrors = []struct {
}, {
filename: "bearertoken_basicauth.bad.yml",
errMsg: "at most one of basic_auth, bearer_token & bearer_token_file must be configured",
}, {
filename: "kubernetes_bearertoken.bad.yml",
errMsg: "at most one of bearer_token & bearer_token_file must be configured",
}, {
filename: "kubernetes_bearertoken_basicauth.bad.yml",
errMsg: "at most one of basic_auth, bearer_token & bearer_token_file must be configured",
}, {
filename: "marathon_no_servers.bad.yml",
errMsg: "Marathon SD config must contain at least one Marathon server",

View File

@ -107,8 +107,10 @@ scrape_configs:
kubernetes_sd_configs:
- masters:
- 'https://localhost:1234'
username: 'myusername'
password: 'mypassword'
basic_auth:
username: 'myusername'
password: 'mypassword'
- job_name: service-marathon
marathon_sd_configs:

View File

@ -0,0 +1,10 @@
scrape_configs:
- job_name: prometheus
kubernetes_sd_configs:
- masters:
- 'https://localhost:1234'
bearer_token: 1234
bearer_token_file: somefile

View File

@ -0,0 +1,12 @@
scrape_configs:
- job_name: prometheus
kubernetes_sd_configs:
- masters:
- 'https://localhost:1234'
bearer_token: 1234
basic_auth:
username: user
password: password

View File

@ -624,16 +624,22 @@ func newKubernetesHTTPClient(conf *config.KubernetesSDConfig) (*http.Client, err
TLSClientConfig: tlsConfig,
}
bearerToken, err := ioutil.ReadFile(bearerTokenFile)
if err != nil {
return nil, err
// If a bearer token is provided, create a round tripper that will set the
// Authorization header correctly on each request.
bearerToken := conf.BearerToken
if len(bearerToken) == 0 && len(bearerTokenFile) > 0 {
b, err := ioutil.ReadFile(bearerTokenFile)
if err != nil {
return nil, fmt.Errorf("unable to read bearer token file %s: %s", bearerTokenFile, err)
}
bearerToken = string(b)
}
if len(bearerToken) > 0 {
rt = httputil.NewBearerAuthRoundTripper(bearerToken, rt)
}
if len(bearerToken) > 0 {
rt = httputil.NewBearerAuthRoundTripper(string(bearerToken), rt)
}
if len(conf.Username) > 0 && len(conf.Password) > 0 {
rt = httputil.NewBasicAuthRoundTripper(conf.Username, conf.Password, rt)
if conf.BasicAuth != nil {
rt = httputil.NewBasicAuthRoundTripper(conf.BasicAuth.Username, conf.BasicAuth.Password, rt)
}
return &http.Client{