Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding TLS to node exporter - cleaner version #1277

Merged
merged 33 commits into from
Nov 15, 2019
Merged

Adding TLS to node exporter - cleaner version #1277

merged 33 commits into from
Nov 15, 2019

Commits on Oct 11, 2019

  1. https package imported 

    Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Node_exporter.go https changes

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

yaml.v2 added to vendor and spelling fixes

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Added package declaration

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Resolved vendor import issues

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Resolved vendor import spacing

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    efc9bc6 View commit details
    Browse the repository at this point in the history

  2. README.md updates 

    Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

tls-config comments improved

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Readme updated to reflect config

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Node_exporter TLS to tlsFile and tls_config error handling updated

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

tls_config adjustments to unmarshalling and removed buildNameToCertificates

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    34684c0 View commit details
    Browse the repository at this point in the history

  3. License added, failing to load YAML error adjusted and LoadTLSConfig … 

    …changed to ConfigToTLSConfig

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

RootCAs and InsecureSkipVerify removed

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    8370a64 View commit details
    Browse the repository at this point in the history

  4. paths to cert and key added to main struct, minor formatting on struct 

    Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Struct formatted correctly

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Config Struct formatted correctly

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    a8444f6 View commit details
    Browse the repository at this point in the history

  5. tls Capitalised to TLS in flag description 

    Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

README.md updated formatting and yaml layout

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Improved error handling in tls_config.go

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    327f4dc View commit details
    Browse the repository at this point in the history

  6. error handling added to invalid clientAuth using /pkg/errors 

    Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

tls_config.go spacing formatting

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

pkg/errors added to modules.txt

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    e46baa1 View commit details
    Browse the repository at this point in the history

  7. GetConfigForClient set, additional server abstractions in node_export… 

    …er, tls-config.yml now pseudo valid, README.md updated

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

tls_config formatted Listen function comment

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    a294c16 View commit details
    Browse the repository at this point in the history

  8. Re-added NoClientCert option, Removed servername option as not requir… 

    …ed for server side

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Removed extra space left by else removal

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    45be351 View commit details
    Browse the repository at this point in the history

  9. tls_config.go error handling adjusted, errors on correct path non-pem… 

    … certs and keys

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

spacing fixes

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Removed now uneccesary imports

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    c295b7f View commit details
    Browse the repository at this point in the history

  10. tls_config_test.go added with testfiles in https/testdata 

    Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    98e11c4 View commit details
    Browse the repository at this point in the history

  11. Fixed testing race error 

    Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    b789275 View commit details
    Browse the repository at this point in the history

  12. README.md updated 

    Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

tls_config.go display erroneous string

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Comment added around confirming the cert and key paths

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Error diplayed

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Replaced poem in tls_config_junk with random strings

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

tls_config.go certand key path checking updated to not repeat code, tests updated to dynamically run on an empty port

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

wait time incresed in tests

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Delay moved within function

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

delay in tests increased

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Time extended for buildkite

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

test time reduced

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

passing c.x as TLSConfig instead of c.TLSConfig.x and increased time for tests

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Cert, key and ca chain updated as per common

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

automatic detection of empty port removed back to hardcoded port, wait reduced

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

automatic detection of empty port removed back to hardcoded port - space removed

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Moved defer after funcs to avoid timeout, wait time incresed to 200ms

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

tests adjusted based on set port

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    cd63d4f View commit details
    Browse the repository at this point in the history

  13. tests for config reloading and port rotation 

    Signed-off-by: James Ritchie <james.g.ritchie@baesystems.com>
    @jritchieBAE @ksherryBAE
    jritchieBAE authored and ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    2b9b292 View commit details
    Browse the repository at this point in the history

  14. changes based on comments 

    Signed-off-by: James Ritchie <james.g.ritchie@baesystems.com>
    @jritchieBAE @ksherryBAE
    jritchieBAE authored and ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    f9596a5 View commit details
    Browse the repository at this point in the history

  15. .pem ignored in circleci/config.yml 

    Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

.pem ignored in circleci/config.yml add *

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

.pem ignored in circleci/config.yml -L flags

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>

Updated numeric from numberic to pass circleci

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    eb7939f View commit details
    Browse the repository at this point in the history

  16. README.md adjusted 25/06 

    Signed-off-by: KSherry <kieran.sherry@baesystems.com>

Error handling improved in tls_config 25/06

Signed-off-by: KSherry <kieran.sherry@baesystems.com>

Readme.md grammar, tls_config.go change len 0 to empty string

Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    42f0913 View commit details
    Browse the repository at this point in the history

  17. Fail early when cert or key path aren't set 

    Also format comments properly

Signed-off-by: Simon Pasquier <spasquie@redhat.com>
    @simonpasquier @ksherryBAE
    simonpasquier authored and ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    7bdf0d1 View commit details
    Browse the repository at this point in the history

  18. Bump to gopkg.in/yaml.v2 v2.2.2 

    Signed-off-by: Simon Pasquier <spasquie@redhat.com>
    @simonpasquier @ksherryBAE
    simonpasquier authored and ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    65a1987 View commit details
    Browse the repository at this point in the history

  19. fix typo in .circleci/config.yml 

    Signed-off-by: Simon Pasquier <spasquie@redhat.com>
    @simonpasquier @ksherryBAE
    simonpasquier authored and ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    ca7e88f View commit details
    Browse the repository at this point in the history

  20. Update 'web.tls-config' option description 

    Signed-off-by: Simon Pasquier <spasquie@redhat.com>
    @simonpasquier @ksherryBAE
    simonpasquier authored and ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    fffe2e4 View commit details
    Browse the repository at this point in the history

  21. tls-config flag changed to https-config 

    Signed-off-by: KSherry <kieran.sherry@baesystems.com>

Provides warning when ClientCAs set without client auth policy

Signed-off-by: KSherry <kieran.sherry@baesystems.com>

Client CA warning added

Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    044b53a View commit details
    Browse the repository at this point in the history

  22. https-config flag changed to authentication-config and not having a C… 

    …A policy now errors out

Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    e2f9d1c View commit details
    Browse the repository at this point in the history

  23. https-config flag changed to authentication-config and not having a C… 

    …A policy now errors out spelling fix

Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    8ca504a View commit details
    Browse the repository at this point in the history

  24. flag changed to web.config clientAuth set to default but still error … 

    …out if CA provided without policy

Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    693f9f5 View commit details
    Browse the repository at this point in the history

  25. Tests reconfigured for latest changes 

    Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    b46c01f View commit details
    Browse the repository at this point in the history

  26. Fixed --web.config in README.md 

    Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    b7cd4b9 View commit details
    Browse the repository at this point in the history

  27. Client auth will error on invalid input but default to NoClientCert i… 

    …f nil

Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    325d9f3 View commit details
    Browse the repository at this point in the history

  28. Removed subdir in README.md, changed tls-config.yml to web-config.yml… 

    … and adjusted client auth line

Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    6ba3b4f View commit details
    Browse the repository at this point in the history

  29. TLSConfig to TLSStruct in function call to fix rebase error 

    Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    9dbf519 View commit details
    Browse the repository at this point in the history

  30. go.sum fix merge error 

    Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 11, 2019
    Configuration menu
    Copy the full SHA
    efad30b View commit details
    Browse the repository at this point in the history

Commits on Oct 14, 2019

  1. update vendor/ 

    Signed-off-by: KSherry <kieran.sherry@baesystems.com>
    @ksherryBAE
    ksherryBAE committed Oct 14, 2019
    Configuration menu
    Copy the full SHA
    a0f0b94 View commit details
    Browse the repository at this point in the history

Commits on Oct 20, 2019

  1. update vendor/ 

    Signed-off-by: Ben RIdley <benridley29@gmail.com>
    @benridley
    benridley committed Oct 20, 2019
    Configuration menu
    Copy the full SHA
    47d0e62 View commit details
    Browse the repository at this point in the history

Commits on Oct 24, 2019

  1. Merge pull request #2 from benridley/tls-server-auth-cleanup 

    update vendor/
    @ksherryBAE
    ksherryBAE committed Oct 24, 2019
    Configuration menu
    Copy the full SHA
    f2d6f10 View commit details
    Browse the repository at this point in the history