Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLS client authentication #264

Merged
merged 6 commits into from
Jun 21, 2019
Merged

Support TLS client authentication #264

merged 6 commits into from
Jun 21, 2019

Conversation

joesis
Copy link
Contributor

@joesis joesis commented May 30, 2019

It adds two features to support scraping rediss instances in our setup.

  1. Don't remove password when the scheme is rediss.
  2. Add options to support client certificate.

I'm not sure if it's any useful to other users but if the basic ideas are accepted, I can change tests and README accordingly.

@codecov
Copy link

codecov bot commented May 30, 2019
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (master@d140a26). Click here to learn what that means.
The diff coverage is 26.66%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master     #264   +/-   ##
=========================================
  Coverage          ?   75.82%           
=========================================
  Files             ?        2           
  Lines             ?      761           
  Branches          ?        0           
=========================================
  Hits              ?      577           
  Misses            ?      156           
  Partials          ?       28
Impacted Files Coverage Δ
main.go 0% <0%> (ø)
exporter.go 88.09% <100%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d140a26...dcc2b0c. Read the comment docs.

joesis
joesis commented May 30, 2019
View reviewed changes
oliver006
oliver006 reviewed May 30, 2019
View reviewed changes
@oliver006
Copy link
Owner

@joesis - are you still working on this PR? The cert support looks good and, once the README is done, I'd be happy to merge this.

@joesis joesis changed the title Better support for rediss Support TLS client authentication Jun 20, 2019
@joesis
Copy link
Contributor Author

joesis commented Jun 20, 2019

Okay changed README @oliver006.

@oliver006
Copy link
Owner

The last build failed with a rather odd error and it seems like there's stuff missing from your drone file (the redis 2.8 test instance is not up).
Can you make sure your branch is rebased off of origin/master and then kick the drone build to run again?
Aside from that, I think your change looks pretty good!

@joesis
Copy link
Contributor Author

joesis commented Jun 21, 2019

Hmm I could have sworn that I saw CI passed but that can't be true... Rebased master and all green now!

oliver006
oliver006 reviewed Jun 21, 2019
View reviewed changes
README.md Outdated
@@ -128,6 +128,8 @@ redis-only-metrics | REDIS_EXPORTER_REDIS_ONLY_METRICS | Whether to also
include-system-metrics | REDIS_EXPORTER_INCL_SYSTEM_METRICS | Whether to include system metrics like `total_system_memory_bytes`, defaults to false.
is-tile38 | REDIS_EXPORTER_IS_TILE38 | Whether to scrape Tile38 specific metrics, defaults to false.
skip-tls-verification | REDIS_EXPORTER_SKIP_TLS_VERIFICATION | Whether to to skip TLS verification
tls-client-key-file | REDIS_EXPORTER_TLS_CLIENT_KEY_FILE | Full path to the client key file if the server requires TLS client authentication
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: your docs say full path to the client key file. Does that mean the expected parameter is a path (and the redis lib figures out what the file is) or is it the full name of the client key file?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fyi, the text here is somewhat inconsistent with the --help output which says Optional client certificate file...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the path including the file name which is passed to tls.LoadX509KeyPair. I should make the doc consistent with the flag description. Which is less ambiguous to you?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, in that case maybe dbe a bit more explicit that it's a file name that's expected:
e.g. Name of the client key file (including full path) if the server requires TLS client authentication

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated both the README and flag descriptions!

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Woooooooot !

@oliver006
Copy link
Owner

Looks good, just one last question regarding the README.

@oliver006 oliver006 merged commit e949f34 into oliver006:master Jun 21, 2019
@oliver006
Copy link
Owner

Released as https://github.com/oliver006/redis_exporter/releases/tag/v1.0.3 - thanks for the PR!

@joesis joesis deleted the not-remove-pswd-for-rediss branch July 24, 2019 12:25
@oliver006 oliver006 mentioned this pull request May 27, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oliver006 oliver006 oliver006 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joesis @oliver006