From 2e9b589bfaa0bd209917dab4e97dbf2d2832937e Mon Sep 17 00:00:00 2001 From: Arve Knudsen Date: Tue, 5 Jul 2022 15:55:09 +0200 Subject: [PATCH] server: Remove advanced TLS config parameters Remove advanced TLS config parameters stemming from github.com/prometheus/exporter-toolkit/web, that were introduced in commit 953ac9fb41437fee0bffcb364333ba624a35e043. Motivation for their removal being that users would most likely not want to change them, and they add corresponding configuration parameters to the Grafana Mimir project, that we don't want. We also think they're not interesting to the Grafana Tempo and Loki projects. Signed-off-by: Arve Knudsen --- server/server.go | 26 ++++++++++++++++++++++---- server/server_test.go | 5 ++--- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/server/server.go b/server/server.go index 6f6840cc..a956665b 100644 --- a/server/server.go +++ b/server/server.go @@ -50,6 +50,14 @@ type SignalHandler interface { Stop() } +// TLSConfig contains TLS parameters for Config. +type TLSConfig struct { + TLSCertPath string `yaml:"cert_file"` + TLSKeyPath string `yaml:"key_file"` + ClientAuth string `yaml:"client_auth_type"` + ClientCAs string `yaml:"client_ca_file"` +} + // Config for a Server type Config struct { MetricsNamespace string `yaml:"-"` @@ -62,8 +70,8 @@ type Config struct { GRPCListenPort int `yaml:"grpc_listen_port"` GRPCConnLimit int `yaml:"grpc_listen_conn_limit"` - HTTPTLSConfig web.TLSStruct `yaml:"http_tls_config"` - GRPCTLSConfig web.TLSStruct `yaml:"grpc_tls_config"` + HTTPTLSConfig TLSConfig `yaml:"http_tls_config"` + GRPCTLSConfig TLSConfig `yaml:"grpc_tls_config"` RegisterInstrumentation bool `yaml:"register_instrumentation"` ExcludeRequestInLog bool `yaml:"-"` @@ -239,7 +247,12 @@ func New(cfg Config) (*Server, error) { var httpTLSConfig *tls.Config if len(cfg.HTTPTLSConfig.TLSCertPath) > 0 && len(cfg.HTTPTLSConfig.TLSKeyPath) > 0 { // Note: ConfigToTLSConfig from prometheus/exporter-toolkit is awaiting security review. - httpTLSConfig, err = web.ConfigToTLSConfig(&cfg.HTTPTLSConfig) + httpTLSConfig, err = web.ConfigToTLSConfig(&web.TLSStruct{ + TLSCertPath: cfg.HTTPTLSConfig.TLSCertPath, + TLSKeyPath: cfg.HTTPTLSConfig.TLSKeyPath, + ClientAuth: cfg.HTTPTLSConfig.ClientAuth, + ClientCAs: cfg.HTTPTLSConfig.ClientCAs, + }) if err != nil { return nil, fmt.Errorf("error generating http tls config: %v", err) } @@ -247,7 +260,12 @@ func New(cfg Config) (*Server, error) { var grpcTLSConfig *tls.Config if len(cfg.GRPCTLSConfig.TLSCertPath) > 0 && len(cfg.GRPCTLSConfig.TLSKeyPath) > 0 { // Note: ConfigToTLSConfig from prometheus/exporter-toolkit is awaiting security review. - grpcTLSConfig, err = web.ConfigToTLSConfig(&cfg.GRPCTLSConfig) + grpcTLSConfig, err = web.ConfigToTLSConfig(&web.TLSStruct{ + TLSCertPath: cfg.GRPCTLSConfig.TLSCertPath, + TLSKeyPath: cfg.GRPCTLSConfig.TLSKeyPath, + ClientAuth: cfg.GRPCTLSConfig.ClientAuth, + ClientCAs: cfg.GRPCTLSConfig.ClientCAs, + }) if err != nil { return nil, fmt.Errorf("error generating grpc tls config: %v", err) } diff --git a/server/server_test.go b/server/server_test.go index 37143f0a..14073e79 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -22,7 +22,6 @@ import ( google_protobuf "github.com/golang/protobuf/ptypes/empty" "github.com/gorilla/mux" "github.com/prometheus/client_golang/prometheus" - "github.com/prometheus/exporter-toolkit/web" "github.com/stretchr/testify/require" "github.com/weaveworks/common/httpgrpc" "github.com/weaveworks/common/logging" @@ -522,13 +521,13 @@ func TestTLSServer(t *testing.T) { HTTPListenNetwork: DefaultNetwork, HTTPListenAddress: "localhost", HTTPListenPort: 9193, - HTTPTLSConfig: web.TLSStruct{ + HTTPTLSConfig: TLSConfig{ TLSCertPath: "certs/server.crt", TLSKeyPath: "certs/server.key", ClientAuth: "RequireAndVerifyClientCert", ClientCAs: "certs/root.crt", }, - GRPCTLSConfig: web.TLSStruct{ + GRPCTLSConfig: TLSConfig{ TLSCertPath: "certs/server.crt", TLSKeyPath: "certs/server.key", ClientAuth: "VerifyClientCertIfGiven",