From 8826cd4321b719bab0c0a90fa448c352ee4ea3a7 Mon Sep 17 00:00:00 2001 From: Sebastian Widmer Date: Tue, 7 Nov 2023 16:15:13 +0100 Subject: [PATCH] TLS config when connecting to Alertmanager --- Dockerfile | 2 ++ go.mod | 2 +- main.go | 45 +++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 46 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3f0a87e..07e3184 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,8 @@ RUN make all FROM debian:bookworm-slim +RUN apt-get update && apt-get install -y curl ca-certificates && rm -rf /var/lib/apt/lists/* + COPY --from=builder /build/alerts_exporter /usr/local/bin/alerts_exporter ENTRYPOINT [ "alerts_exporter" ] diff --git a/go.mod b/go.mod index 1ea8349..b163181 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/bastjan/alerts_exporter go 1.21.3 require ( + github.com/go-openapi/runtime v0.26.0 github.com/prometheus/alertmanager v0.26.0 github.com/prometheus/client_golang v1.17.0 golang.org/x/exp v0.0.0-20231006140011-7918f672742d @@ -19,7 +20,6 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/loads v0.21.2 // indirect - github.com/go-openapi/runtime v0.26.0 // indirect github.com/go-openapi/spec v0.20.8 // indirect github.com/go-openapi/strfmt v0.21.7 // indirect github.com/go-openapi/swag v0.22.3 // indirect diff --git a/main.go b/main.go index fbe70d1..da291d9 100644 --- a/main.go +++ b/main.go @@ -7,7 +7,8 @@ import ( "net/http" alertscollector "github.com/bastjan/alerts_exporter/internal/alerts_collector" - "github.com/prometheus/alertmanager/api/v2/client" + openapiclient "github.com/go-openapi/runtime/client" + alertmanagerclient "github.com/prometheus/alertmanager/api/v2/client" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" ) @@ -16,9 +17,23 @@ var host string var withInhibited, withSilenced, withUnprocessed, withActive bool var filters stringSliceFlag +var tlsCert, tlsCertKey, tlsCaCert, tlsServerName string +var tlsInsecure bool +var useTLS bool +var bearerToken string + func main() { flag.StringVar(&host, "host", "localhost:9093", "The host of the Alertmanager") + flag.BoolVar(&useTLS, "tls", false, "Use TLS when connecting to Alertmanager") + flag.StringVar(&tlsCert, "tls-cert", "", "Path to client certificate for TLS authentication") + flag.StringVar(&tlsCertKey, "tls-cert-key", "", "Path to client certificate key for TLS authentication") + flag.StringVar(&tlsCaCert, "tls-ca-cert", "", "Path to CA certificate. System certificates are used if not provided.") + flag.StringVar(&tlsServerName, "tls-server-name", "", "Server name to verify the hostname on the returned certificates. It must be a substring of either the Common Name or a Subject Alternative Name in the certificate. If empty, the hostname given in the address parameter is used.") + flag.BoolVar(&tlsInsecure, "insecure", false, "Disable TLS host verification") + + flag.StringVar(&bearerToken, "bearer-token", "", "Bearer token to use for authentication") + flag.BoolVar(&withActive, "with-active", true, "Query for active alerts") flag.BoolVar(&withInhibited, "with-inhibited", true, "Query for inhibited alerts") flag.BoolVar(&withSilenced, "with-silenced", true, "Query for silenced alerts") @@ -27,7 +42,33 @@ func main() { flag.Parse() - ac := client.NewHTTPClientWithConfig(nil, client.DefaultTransportConfig().WithHost(host)) + opts := openapiclient.TLSClientOptions{ + Certificate: tlsCert, + Key: tlsCertKey, + CA: tlsCaCert, + ServerName: tlsServerName, + } + if tlsInsecure { + opts.InsecureSkipVerify = true + opts.ServerName = "" + } + var schemes []string + if useTLS { + schemes = []string{"https"} + } + + hc, err := openapiclient.TLSClient(opts) + if err != nil { + log.Fatal(err) + } + + rt := openapiclient.NewWithClient(host, alertmanagerclient.DefaultBasePath, schemes, hc) + + if bearerToken != "" { + rt.DefaultAuthentication = openapiclient.BearerToken(bearerToken) + } + + ac := alertmanagerclient.New(rt, nil) reg := prometheus.NewRegistry()