prometheus/mysqld_exporter
1
0
Fork 0
mirror of https://github.com/prometheus/mysqld_exporter.git synced 2025-07-31 17:44:21 +03:00
Code Activity

Add MySQL TLS configurations (#718)

Browse Source 
This PR is a modified version of the #674 to match the FormDSN supported by the #708.

Fixes: https://github.com/prometheus/mysqld_exporter/issues/673

Signed-off-by: Nico Braun <rainbowstack@gmail.com>
Signed-off-by: Yasushi MIYAZAKI <MIYAZAKI.Yasushi@gmail.com>
Co-authored-by: Nico Braun <rainbowstack@gmail.com>
This commit is contained in:
Yasushi MIYAZAKI
2023-03-16 17:23:43 +09:00
committed by GitHub
parent c0d5150878
commit ac1c2d604f
3 changed files with 109 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
config/config.go
View File

@ -70,6 +70,7 @@ type MySqlConfig struct {
SslCert string `ini:"ssl-cert"` SslCert string `ini:"ssl-cert"`
SslKey string `ini:"ssl-key"` SslKey string `ini:"ssl-key"`
TlsInsecureSkipVerify bool `ini:"ssl-skip-verfication"` TlsInsecureSkipVerify bool `ini:"ssl-skip-verfication"`
Tls string `ini:"tls"`
} }
type MySqlConfigHandler struct { type MySqlConfigHandler struct {
@ -132,6 +133,8 @@ func (ch *MySqlConfigHandler) ReloadConfig(filename string, mysqldAddress string
mysqlcfg := &MySqlConfig{ mysqlcfg := &MySqlConfig{
TlsInsecureSkipVerify: tlsInsecureSkipVerify, TlsInsecureSkipVerify: tlsInsecureSkipVerify,
} }
// FIXME: this error check seems orphaned
if err != nil { if err != nil {
level.Error(logger).Log("msg", "failed to load config", "section", sectionName, "err", err) level.Error(logger).Log("msg", "failed to load config", "section", sectionName, "err", err)
continue continue
@ -197,12 +200,17 @@ func (m MySqlConfig) FormDSN(target string) (string, error) {
config.Addr = target config.Addr = target
} }
if m.SslCa != "" { if m.TlsInsecureSkipVerify {
if err := m.CustomizeTLS(); err != nil { config.TLSConfig = "skip-verify"
err = fmt.Errorf("failed to register a custom TLS configuration for mysql dsn: %w", err) } else {
return "", err config.TLSConfig = m.Tls
if m.SslCa != "" {
if err := m.CustomizeTLS(); err != nil {
err = fmt.Errorf("failed to register a custom TLS configuration for mysql dsn: %w", err)
return "", err
}
config.TLSConfig = "custom"
} }
config.TLSConfig = "custom"
} }
return config.FormatDSN(), nil return config.FormatDSN(), nil

81
config/config_test.go
View File

@ -149,12 +149,12 @@ func TestFormDSN(t *testing.T) {
) )
convey.Convey("Host exporter dsn", t, func() { convey.Convey("Host exporter dsn", t, func() {
if err := c.ReloadConfig("testdata/client.cnf", "localhost:3306", "", true, log.NewNopLogger()); err != nil { if err := c.ReloadConfig("testdata/client.cnf", "localhost:3306", "", false, log.NewNopLogger()); err != nil {
t.Error(err) t.Error(err)
} }
convey.Convey("Default Client", func() { convey.Convey("Default Client", func() {
cfg := c.GetConfig() cfg := c.GetConfig()
section, _ := cfg.Sections["client"] section := cfg.Sections["client"]
if dsn, err = section.FormDSN(""); err != nil { if dsn, err = section.FormDSN(""); err != nil {
t.Error(err) t.Error(err)
} }
@ -162,7 +162,7 @@ func TestFormDSN(t *testing.T) {
}) })
convey.Convey("Target specific with explicit port", func() { convey.Convey("Target specific with explicit port", func() {
cfg := c.GetConfig() cfg := c.GetConfig()
section, _ := cfg.Sections["client.server1"] section := cfg.Sections["client.server1"]
if dsn, err = section.FormDSN("server1:5000"); err != nil { if dsn, err = section.FormDSN("server1:5000"); err != nil {
t.Error(err) t.Error(err)
} }
@ -170,3 +170,78 @@ func TestFormDSN(t *testing.T) {
}) })
}) })
} }
func TestFormDSNWithSslSkipVerify(t *testing.T) {
var (
c = MySqlConfigHandler{
Config: &Config{},
}
err error
dsn string
)
convey.Convey("Host exporter dsn with tls skip verify", t, func() {
if err := c.ReloadConfig("testdata/client.cnf", "localhost:3306", "", true, log.NewNopLogger()); err != nil {
t.Error(err)
}
convey.Convey("Default Client", func() {
cfg := c.GetConfig()
section := cfg.Sections["client"]
if dsn, err = section.FormDSN(""); err != nil {
t.Error(err)
}
convey.So(dsn, convey.ShouldEqual, "root:abc@tcp(server2:3306)/?tls=skip-verify")
})
convey.Convey("Target specific with explicit port", func() {
cfg := c.GetConfig()
section := cfg.Sections["client.server1"]
if dsn, err = section.FormDSN("server1:5000"); err != nil {
t.Error(err)
}
convey.So(dsn, convey.ShouldEqual, "test:foo@tcp(server1:5000)/?tls=skip-verify")
})
})
}
func TestFormDSNWithCustomTls(t *testing.T) {
var (
c = MySqlConfigHandler{
Config: &Config{},
}
err error
dsn string
)
convey.Convey("Host exporter dsn with custom tls", t, func() {
if err := c.ReloadConfig("testdata/client_custom_tls.cnf", "localhost:3306", "", false, log.NewNopLogger()); err != nil {
t.Error(err)
}
convey.Convey("Target tls enabled", func() {
cfg := c.GetConfig()
section := cfg.Sections["client_tls_true"]
if dsn, err = section.FormDSN(""); err != nil {
t.Error(err)
}
convey.So(dsn, convey.ShouldEqual, "usr:pwd@tcp(server2:3306)/?tls=true")
})
convey.Convey("Target tls preferred", func() {
cfg := c.GetConfig()
section := cfg.Sections["client_tls_preferred"]
if dsn, err = section.FormDSN(""); err != nil {
t.Error(err)
}
convey.So(dsn, convey.ShouldEqual, "usr:pwd@tcp(server3:3306)/?tls=preferred")
})
convey.Convey("Target tls skip-verify", func() {
cfg := c.GetConfig()
section := cfg.Sections["client_tls_skip_verify"]
if dsn, err = section.FormDSN(""); err != nil {
t.Error(err)
}
convey.So(dsn, convey.ShouldEqual, "usr:pwd@tcp(server3:3306)/?tls=skip-verify")
})
})
}

18
config/testdata/client_custom_tls.cnf vendored Normal file
View File

@ -0,0 +1,18 @@
[client_tls_true]
host = server2
port = 3306
user = usr
password = pwd
tls=true
[client_tls_preferred]
host = server3
port = 3306
user = usr
password = pwd
tls=preferred
[client_tls_skip_verify]
host = server3
port = 3306
user = usr
password = pwd
tls=skip-verify