Clean up TLS configuration in prometheus_client output plugin
Signed-off-by: Jesse Weaver <jeweaver@pivotal.io>
This commit is contained in:
Robert Sullivan
committed by
Jesse Weaver
Jesse Weaver
parent
c9fb1fcdca
commit
05af32b191
@@ -2,28 +2,23 @@ package prometheus_client_test
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
"github.com/influxdata/telegraf/plugins/outputs/prometheus_client"
|
||||
"github.com/influxdata/telegraf/testutil"
|
||||
"github.com/influxdata/toml"
|
||||
. "github.com/onsi/gomega"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
)
|
||||
|
||||
var ca, _ = filepath.Abs("assets/telegrafCA.crt")
|
||||
var cert, _ = filepath.Abs("assets/telegraf.crt")
|
||||
var key, _ = filepath.Abs("assets/telegraf.key")
|
||||
var pki = testutil.NewPKI("../../../testutil/pki")
|
||||
|
||||
var configWithTLS = fmt.Sprintf(`
|
||||
listen = "127.0.0.1:9090"
|
||||
tls_ca = "%s"
|
||||
tls_allowed_cacerts = ["%s"]
|
||||
tls_cert = "%s"
|
||||
tls_key = "%s"
|
||||
`, ca, cert, key)
|
||||
`, pki.TLSServerConfig().TLSAllowedCACerts[0], pki.TLSServerConfig().TLSCert, pki.TLSServerConfig().TLSKey)
|
||||
|
||||
var configWithoutTLS = `
|
||||
listen = "127.0.0.1:9090"
|
||||
@@ -37,14 +32,6 @@ type PrometheusClientTestContext struct {
|
||||
*GomegaWithT
|
||||
}
|
||||
|
||||
func init() {
|
||||
path, _ := filepath.Abs("./scripts/generate_certs.sh")
|
||||
_, err := exec.Command(path).CombinedOutput()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestWorksWithoutTLS(t *testing.T) {
|
||||
tc := buildTestContext(t, []byte(configWithoutTLS))
|
||||
err := tc.Output.Connect()
|
||||
@@ -114,7 +101,7 @@ func buildTestContext(t *testing.T, config []byte) *PrometheusClientTestContext
|
||||
httpClient *http.Client
|
||||
)
|
||||
|
||||
if output.TLSCA != "" {
|
||||
if len(output.TLSAllowedCACerts) != 0 {
|
||||
httpClient = buildClientWithTLS(output)
|
||||
} else {
|
||||
httpClient = buildClientWithoutTLS()
|
||||
@@ -133,26 +120,10 @@ func buildClientWithoutTLS() *http.Client {
|
||||
}
|
||||
|
||||
func buildClientWithTLS(output *prometheus_client.PrometheusClient) *http.Client {
|
||||
cert, err := tls.LoadX509KeyPair(output.TLSCert, output.TLSKey)
|
||||
tlsConfig, err := pki.TLSClientConfig().TLSConfig()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
caCert, err := ioutil.ReadFile(output.TLSCA)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
caCertPool := x509.NewCertPool()
|
||||
caCertPool.AppendCertsFromPEM(caCert)
|
||||
|
||||
tlsConfig := &tls.Config{
|
||||
Certificates: []tls.Certificate{cert},
|
||||
RootCAs: caCertPool,
|
||||
MinVersion: tls.VersionTLS12,
|
||||
CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
||||
ServerName: "telegraf",
|
||||
}
|
||||
tlsConfig.BuildNameToCertificate()
|
||||
transport := &http.Transport{TLSClientConfig: tlsConfig}
|
||||
return &http.Client{Transport: transport}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user