// NewHTTPClient returns a new HTTP client configured for the given scrape configuration. func NewHTTPClient(cfg *config.ScrapeConfig) (*http.Client, error) { tlsConfig, err := httputil.NewTLSConfig(cfg.TLSConfig) if err != nil { return nil, err } // The only timeout we care about is the configured scrape timeout. // It is applied on request. So we leave out any timings here. var rt http.RoundTripper = &http.Transport{ Proxy: http.ProxyURL(cfg.ProxyURL.URL), DisableKeepAlives: true, TLSClientConfig: tlsConfig, } // If a bearer token is provided, create a round tripper that will set the // Authorization header correctly on each request. bearerToken := cfg.BearerToken if len(bearerToken) == 0 && len(cfg.BearerTokenFile) > 0 { b, err := ioutil.ReadFile(cfg.BearerTokenFile) if err != nil { return nil, fmt.Errorf("unable to read bearer token file %s: %s", cfg.BearerTokenFile, err) } bearerToken = strings.TrimSpace(string(b)) } if len(bearerToken) > 0 { rt = httputil.NewBearerAuthRoundTripper(bearerToken, rt) } if cfg.BasicAuth != nil { rt = httputil.NewBasicAuthRoundTripper(cfg.BasicAuth.Username, cfg.BasicAuth.Password, rt) } // Return a new client with the configured round tripper. return httputil.NewClient(rt), nil }
func newKubernetesHTTPClient(conf *config.KubernetesSDConfig) (*http.Client, error) { bearerTokenFile := conf.BearerTokenFile caFile := conf.TLSConfig.CAFile if conf.InCluster { if len(bearerTokenFile) == 0 { bearerTokenFile = serviceAccountToken } if len(caFile) == 0 { // With recent versions, the CA certificate is mounted as a secret // but we need to handle older versions too. In this case, don't // set the CAFile & the configuration will have to use InsecureSkipVerify. if _, err := os.Stat(serviceAccountCACert); err == nil { caFile = serviceAccountCACert } } } tlsOpts := httputil.TLSOptions{ InsecureSkipVerify: conf.TLSConfig.InsecureSkipVerify, CAFile: caFile, CertFile: conf.TLSConfig.CertFile, KeyFile: conf.TLSConfig.KeyFile, } tlsConfig, err := httputil.NewTLSConfig(tlsOpts) if err != nil { return nil, err } var rt http.RoundTripper = &http.Transport{ Dial: func(netw, addr string) (c net.Conn, err error) { c, err = net.DialTimeout(netw, addr, time.Duration(conf.RequestTimeout)) return }, TLSClientConfig: tlsConfig, } // If a bearer token is provided, create a round tripper that will set the // Authorization header correctly on each request. bearerToken := conf.BearerToken if len(bearerToken) == 0 && len(bearerTokenFile) > 0 { b, err := ioutil.ReadFile(bearerTokenFile) if err != nil { return nil, fmt.Errorf("unable to read bearer token file %s: %s", bearerTokenFile, err) } bearerToken = string(b) } if len(bearerToken) > 0 { rt = httputil.NewBearerAuthRoundTripper(bearerToken, rt) } if conf.BasicAuth != nil { rt = httputil.NewBasicAuthRoundTripper(conf.BasicAuth.Username, conf.BasicAuth.Password, rt) } return &http.Client{ Transport: rt, }, nil }
func newHTTPClient(cfg *config.ScrapeConfig) (*http.Client, error) { tlsConfig := &tls.Config{} // If a CA cert is provided then let's read it in so we can validate the // scrape target's certificate properly. if len(cfg.CACert) > 0 { caCertPool := x509.NewCertPool() // Load CA cert. caCert, err := ioutil.ReadFile(cfg.CACert) if err != nil { return nil, fmt.Errorf("unable to use specified CA cert %s: %s", cfg.CACert, err) } caCertPool.AppendCertsFromPEM(caCert) tlsConfig.RootCAs = caCertPool } // If a client cert & key is provided then configure TLS config accordingly. if cfg.ClientCert != nil && len(cfg.ClientCert.Cert) > 0 && len(cfg.ClientCert.Key) > 0 { cert, err := tls.LoadX509KeyPair(cfg.ClientCert.Cert, cfg.ClientCert.Key) if err != nil { return nil, fmt.Errorf("unable to use specified client cert (%s) & key (%s): %s", cfg.ClientCert.Cert, cfg.ClientCert.Key, err) } tlsConfig.Certificates = []tls.Certificate{cert} } tlsConfig.BuildNameToCertificate() // Get a default roundtripper with the scrape timeout. rt := httputil.NewDeadlineRoundTripper(time.Duration(cfg.ScrapeTimeout), cfg.ProxyURL.URL) tr := rt.(*http.Transport) // Set the TLS config from above tr.TLSClientConfig = tlsConfig rt = tr // If a bearer token is provided, create a round tripper that will set the // Authorization header correctly on each request. bearerToken := cfg.BearerToken if len(bearerToken) == 0 && len(cfg.BearerTokenFile) > 0 { b, err := ioutil.ReadFile(cfg.BearerTokenFile) if err != nil { return nil, fmt.Errorf("unable to read bearer token file %s: %s", cfg.BearerTokenFile, err) } bearerToken = string(b) } if len(bearerToken) > 0 { rt = httputil.NewBearerAuthRoundTripper(bearerToken, rt) } if cfg.BasicAuth != nil { rt = httputil.NewBasicAuthRoundTripper(cfg.BasicAuth.Username, cfg.BasicAuth.Password, rt) } // Return a new client with the configured round tripper. return httputil.NewClient(rt), nil }
func newHTTPClient(cfg *config.ScrapeConfig) (*http.Client, error) { rt := httputil.NewDeadlineRoundTripper(time.Duration(cfg.ScrapeTimeout), cfg.ProxyURL.URL) tlsOpts := httputil.TLSOptions{ InsecureSkipVerify: cfg.TLSConfig.InsecureSkipVerify, CAFile: cfg.TLSConfig.CAFile, } if len(cfg.TLSConfig.CertFile) > 0 && len(cfg.TLSConfig.KeyFile) > 0 { tlsOpts.CertFile = cfg.TLSConfig.CertFile tlsOpts.KeyFile = cfg.TLSConfig.KeyFile } tlsConfig, err := httputil.NewTLSConfig(tlsOpts) if err != nil { return nil, err } // Get a default roundtripper with the scrape timeout. tr := rt.(*http.Transport) // Set the TLS config from above tr.TLSClientConfig = tlsConfig rt = tr // If a bearer token is provided, create a round tripper that will set the // Authorization header correctly on each request. bearerToken := cfg.BearerToken if len(bearerToken) == 0 && len(cfg.BearerTokenFile) > 0 { b, err := ioutil.ReadFile(cfg.BearerTokenFile) if err != nil { return nil, fmt.Errorf("unable to read bearer token file %s: %s", cfg.BearerTokenFile, err) } bearerToken = string(b) } if len(bearerToken) > 0 { rt = httputil.NewBearerAuthRoundTripper(bearerToken, rt) } if cfg.BasicAuth != nil { rt = httputil.NewBasicAuthRoundTripper(cfg.BasicAuth.Username, cfg.BasicAuth.Password, rt) } // Return a new client with the configured round tripper. return httputil.NewClient(rt), nil }
// NewClient creates a new Client. func NewClient(conf config.RemoteWriteConfig) (*Client, error) { tlsConfig, err := httputil.NewTLSConfig(conf.TLSConfig) if err != nil { return nil, err } // The only timeout we care about is the configured push timeout. // It is applied on request. So we leave out any timings here. var rt http.RoundTripper = &http.Transport{ Proxy: http.ProxyURL(conf.ProxyURL.URL), TLSClientConfig: tlsConfig, } if conf.BasicAuth != nil { rt = httputil.NewBasicAuthRoundTripper(conf.BasicAuth.Username, conf.BasicAuth.Password, rt) } return &Client{ url: *conf.URL, client: httputil.NewClient(rt), timeout: time.Duration(conf.RemoteTimeout), }, nil }
func newKubernetesHTTPClient(conf *config.KubernetesSDConfig) (*http.Client, error) { bearerTokenFile := conf.BearerTokenFile caFile := conf.CAFile if conf.InCluster { if len(bearerTokenFile) == 0 { bearerTokenFile = serviceAccountToken } if len(caFile) == 0 { // With recent versions, the CA certificate is provided as a token // but we need to handle older versions too. In this case, don't // set the CAFile & the configuration will have to use Insecure. if _, err := os.Stat(serviceAccountCACert); err == nil { caFile = serviceAccountCACert } } } tlsConfig := &tls.Config{InsecureSkipVerify: conf.Insecure} // Load client cert if specified. if len(conf.CertFile) > 0 && len(conf.KeyFile) > 0 { cert, err := tls.LoadX509KeyPair(conf.CertFile, conf.KeyFile) if err != nil { return nil, err } tlsConfig.Certificates = []tls.Certificate{cert} } caCertPool := x509.NewCertPool() if len(caFile) > 0 { // Load CA cert. caCert, err := ioutil.ReadFile(caFile) if err != nil { return nil, err } caCertPool.AppendCertsFromPEM(caCert) } tlsConfig.RootCAs = caCertPool tlsConfig.BuildNameToCertificate() tr := &http.Transport{ Dial: func(netw, addr string) (c net.Conn, err error) { c, err = net.DialTimeout(netw, addr, time.Duration(conf.RequestTimeout)) return }, } tr.TLSClientConfig = tlsConfig var rt http.RoundTripper rt = tr bearerToken, err := ioutil.ReadFile(bearerTokenFile) if err != nil { return nil, err } if len(bearerToken) > 0 { rt = httputil.NewBearerAuthRoundTripper(string(bearerToken), rt) } if len(conf.Username) > 0 && len(conf.Password) > 0 { rt = httputil.NewBasicAuthRoundTripper(conf.Username, conf.Password, rt) } return &http.Client{ Transport: rt, }, nil }