Skip to content

Commit

Permalink
x509 certs authentication now supported for Prometheus input plugin (i…
Browse files Browse the repository at this point in the history
  • Loading branch information
victorgp authored and Srini Chebrolu committed Jun 24, 2016
1 parent e1b0706 commit 5557ae1
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 9 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ should now look like:
- [#1374](https://github.com/influxdata/telegraf/pull/1374): Change "default" retention policy to "".
- [#1379] (https://github.com/influxdata/telegraf/issues/1379): Fix covering Amazon Linux for post remove flow.
- [#1377](https://github.com/influxdata/telegraf/issues/1377): Graphite output mangling '%' character.
- [#1396](https://github.com/influxdata/telegraf/pull/1396): Prometheus input plugin now supports x509 certs authentication

## v1.0 beta 1 [2016-06-07]

Expand Down
20 changes: 20 additions & 0 deletions plugins/inputs/prometheus/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,26 @@ to filter and some tags
kubeservice = "kube-apiserver"
```

```toml
# Authorize with a bearer token skipping cert verification
[[inputs.prometheus]]
# An array of urls to scrape metrics from.
urls = ["http://my-kube-apiserver:8080/metrics"]
bearer_token = '/path/to/bearer/token'
insecure_skip_verify = true
```

```toml
# Authorize using x509 certs
[[inputs.prometheus]]
# An array of urls to scrape metrics from.
urls = ["https://my-kube-apiserver:8080/metrics"]

ssl_ca = '/path/to/cafile'
ssl_cert = '/path/to/certfile'
ssl_key = '/path/to/keyfile'
```

### Measurements & Fields & Tags:

Measurements and fields could be any thing.
Expand Down
34 changes: 25 additions & 9 deletions plugins/inputs/prometheus/prometheus.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package prometheus

import (
"crypto/tls"
"errors"
"fmt"
"github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/internal"
"github.com/influxdata/telegraf/plugins/inputs"
"io/ioutil"
"net"
Expand All @@ -16,20 +16,32 @@ import (
type Prometheus struct {
Urls []string

// Use SSL but skip chain & host verification
InsecureSkipVerify bool
// Bearer Token authorization file path
BearerToken string `toml:"bearer_token"`

// Path to CA file
SSLCA string `toml:"ssl_ca"`
// Path to host cert file
SSLCert string `toml:"ssl_cert"`
// Path to cert key file
SSLKey string `toml:"ssl_key"`
// Use SSL but skip chain & host verification
InsecureSkipVerify bool
}

var sampleConfig = `
## An array of urls to scrape metrics from.
urls = ["http://localhost:9100/metrics"]
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
## Use bearer token for authorization
# bearer_token = /path/to/bearer/token
## Optional SSL Config
# ssl_ca = /path/to/cafile
# ssl_cert = /path/to/certfile
# ssl_key = /path/to/keyfile
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
`

func (p *Prometheus) SampleConfig() string {
Expand Down Expand Up @@ -78,15 +90,19 @@ func (p *Prometheus) gatherURL(url string, acc telegraf.Accumulator) error {
var token []byte
var resp *http.Response

tlsCfg, err := internal.GetTLSConfig(
p.SSLCert, p.SSLKey, p.SSLCA, p.InsecureSkipVerify)
if err != nil {
return err
}

var rt http.RoundTripper = &http.Transport{
Dial: (&net.Dialer{
Timeout: 5 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 5 * time.Second,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: p.InsecureSkipVerify,
},
TLSHandshakeTimeout: 5 * time.Second,
TLSClientConfig: tlsCfg,
ResponseHeaderTimeout: time.Duration(3 * time.Second),
DisableKeepAlives: true,
}
Expand Down

0 comments on commit 5557ae1

Please sign in to comment.