Skip to content

Commit 6e3cd4d

Browse files
nalburynalbury
authored
Merge pull request nalbury#23 from parinapatel/main
Adds Support for mTLS Certs
2 parents 2ab6dc5 + f372371 commit 6e3cd4d

2 files changed

Lines changed: 37 additions & 4 deletions

File tree

cmd/root.go

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,13 @@ var rootCmd = &cobra.Command{
5555
pql.Auth.Type = viper.GetString("auth-type")
5656
pql.Auth.Credentials = config.Secret(viper.GetString("auth-credentials"))
5757
pql.Auth.CredentialsFile = viper.GetString("auth-credentials-file")
58+
pql.TLSConfig = config.TLSConfig{
59+
CAFile: viper.GetString("tls_config.ca_cert_file"),
60+
CertFile: viper.GetString("tls_config.cert_file"),
61+
KeyFile: viper.GetString("tls_config.key_file"),
62+
ServerName: viper.GetString("tls_config.servername"),
63+
InsecureSkipVerify: viper.GetBool("tls_config.insecure_skip_verify"),
64+
}
5865

5966
pql.Host = viper.GetString("host")
6067
pql.Step = viper.GetString("step")
@@ -72,7 +79,7 @@ var rootCmd = &cobra.Command{
7279
pql.Time = t
7380
}
7481
// Create and set client interface
75-
cl, err := promql.CreateClientWithAuth(pql.Host, pql.Auth)
82+
cl, err := promql.CreateClientWithAuth(pql.Host, pql.Auth, pql.TLSConfig)
7683
if err != nil {
7784
errlog.Fatalln(err)
7885
}
@@ -160,6 +167,23 @@ func init() {
160167
if err := viper.BindPFlag("auth-credentials-file", rootCmd.PersistentFlags().Lookup("auth-credentials-file")); err != nil {
161168
errlog.Fatalln(err)
162169
}
170+
rootCmd.PersistentFlags().String("tls_config.ca_cert_file","","CA cert Path for TLS config")
171+
if err := viper.BindPFlag("tls_config.ca_cert_file",rootCmd.PersistentFlags().Lookup("tls_config.ca_cert_file")); err != nil {
172+
errlog.Fatalln(err)
173+
}
174+
rootCmd.PersistentFlags().String("tls_config.cert_file","","client cert Path for TLS config")
175+
if err := viper.BindPFlag("tls_config.cert_file",rootCmd.PersistentFlags().Lookup("tls_config.cert_file")); err != nil {
176+
errlog.Fatalln(err)
177+
}
178+
rootCmd.PersistentFlags().String("tls_config.key_file","","client key for TLS config")
179+
if err := viper.BindPFlag("tls_config.key_file",rootCmd.PersistentFlags().Lookup("tls_config.key_file")); err != nil {
180+
errlog.Fatalln(err)
181+
}
182+
rootCmd.PersistentFlags().String("tls_config.servername","","server name for TLS config")
183+
if err := viper.BindPFlag("tls_config.servername",rootCmd.PersistentFlags().Lookup("tls_config.servername")); err != nil {
184+
errlog.Fatalln(err)
185+
}
186+
rootCmd.PersistentFlags().Bool("tls_config.insecure_skip_verify",false,"disable the TLS verification of server certificates.")
163187
}
164188

165189
// initConfig reads in config file and ENV variables if set.

pkg/promql/promql.go

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -43,22 +43,30 @@ func CreateClient(host string) (v1.API, error) {
4343
}
4444

4545
// CreateClientWithAuth creates a Client interface witht the provided hostname and auth config
46-
func CreateClientWithAuth(host string, authCfg config.Authorization) (v1.API, error) {
46+
func CreateClientWithAuth(host string, authCfg config.Authorization, tlsCfg config.TLSConfig) (v1.API, error) {
4747
cfg := api.Config{
4848
Address: host,
4949
}
50+
cmmnConfig := config.HTTPClientConfig{
51+
TLSConfig: tlsCfg,
52+
}
53+
rt, err := config.NewRoundTripperFromConfig(cmmnConfig, "promql", false, false)
54+
if err != nil {
55+
return nil, err
56+
}
5057
if authCfg != (config.Authorization{}) {
5158
switch {
5259
case authCfg.Type == "":
5360
return nil, fmt.Errorf("please specify an authentication type, run promql --help for more details")
5461
case authCfg.Credentials != "" && authCfg.CredentialsFile != "":
5562
return nil, fmt.Errorf("please specify either auth credentials or an auth credential file, not both")
5663
case authCfg.Credentials != "":
57-
cfg.RoundTripper = config.NewAuthorizationCredentialsRoundTripper(authCfg.Type, config.Secret(authCfg.Credentials), api.DefaultRoundTripper)
64+
cfg.RoundTripper = config.NewAuthorizationCredentialsRoundTripper(authCfg.Type, config.Secret(authCfg.Credentials), rt)
5865
default:
59-
cfg.RoundTripper = config.NewAuthorizationCredentialsFileRoundTripper(authCfg.Type, authCfg.CredentialsFile, api.DefaultRoundTripper)
66+
cfg.RoundTripper = config.NewAuthorizationCredentialsFileRoundTripper(authCfg.Type, authCfg.CredentialsFile, rt)
6067
}
6168
}
69+
cfg.RoundTripper = rt
6270
a, err := api.NewClient(cfg)
6371
if err != nil {
6472
return nil, err
@@ -79,6 +87,7 @@ type PromQL struct {
7987
NoHeaders bool
8088
Auth config.Authorization
8189
Client v1.API
90+
TLSConfig config.TLSConfig
8291
}
8392

8493
// InstantQuery performs an instant query and returns the result

0 commit comments

Comments
 (0)