From 18531e276454c1faf07f6d4e30761f050018a66b Mon Sep 17 00:00:00 2001 From: klaper Date: Fri, 3 Jun 2022 23:06:16 +0200 Subject: [PATCH 1/3] TLS and Insecure can be set per device --- collector/collector.go | 20 +++++--------------- config/config.go | 14 ++++++++------ config/config.test.yml | 3 +++ config/config_test.go | 15 +++++++++++++++ main.go | 16 +++++++--------- 5 files changed, 38 insertions(+), 30 deletions(-) diff --git a/collector/collector.go b/collector/collector.go index 61e7c3c3..2b2356a8 100644 --- a/collector/collector.go +++ b/collector/collector.go @@ -48,11 +48,9 @@ var ( ) type collector struct { - devices []config.Device - collectors []routerOSCollector - timeout time.Duration - enableTLS bool - insecureTLS bool + devices []config.Device + collectors []routerOSCollector + timeout time.Duration } // WithBGP enables BGP routing metrics @@ -167,14 +165,6 @@ func WithTimeout(d time.Duration) Option { } } -// WithTLS enables TLS -func WithTLS(insecure bool) Option { - return func(c *collector) { - c.enableTLS = true - c.insecureTLS = insecure - } -} - // WithIpsec enables ipsec metrics func WithIpsec() Option { return func(c *collector) { @@ -366,7 +356,7 @@ func (c *collector) connect(d *config.Device) (*routeros.Client, error) { var err error log.WithField("device", d.Name).Debug("trying to Dial") - if !c.enableTLS { + if !d.EnableTLS { if (d.Port) == "" { d.Port = apiPort } @@ -377,7 +367,7 @@ func (c *collector) connect(d *config.Device) (*routeros.Client, error) { // return routeros.DialTimeout(d.Address+apiPort, d.User, d.Password, c.timeout) } else { tlsCfg := &tls.Config{ - InsecureSkipVerify: c.insecureTLS, + InsecureSkipVerify: d.InsecureTLS, } if (d.Port) == "" { d.Port = apiPortTLS diff --git a/config/config.go b/config/config.go index 7905d256..8b75471b 100644 --- a/config/config.go +++ b/config/config.go @@ -35,12 +35,14 @@ type Config struct { // Device represents a target device type Device struct { - Name string `yaml:"name"` - Address string `yaml:"address,omitempty"` - Srv SrvRecord `yaml:"srv,omitempty"` - User string `yaml:"user"` - Password string `yaml:"password"` - Port string `yaml:"port"` + Name string `yaml:"name"` + Address string `yaml:"address,omitempty"` + Srv SrvRecord `yaml:"srv,omitempty"` + User string `yaml:"user"` + Password string `yaml:"password"` + Port string `yaml:"port"` + EnableTLS bool `yaml:"tls"` + InsecureTLS bool `yaml:"insecure"` } type SrvRecord struct { diff --git a/config/config.test.yml b/config/config.test.yml index 753d44d0..6e06ddaf 100644 --- a/config/config.test.yml +++ b/config/config.test.yml @@ -7,6 +7,9 @@ devices: address: 192.168.2.1 user: test password: 123 + port: 324 + tls: true + insecure: true features: bgp: true diff --git a/config/config_test.go b/config/config_test.go index 7317566a..a0687c96 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -19,6 +19,8 @@ func TestShouldParse(t *testing.T) { assertDevice("test1", "192.168.1.1", "foo", "bar", c.Devices[0], t) assertDevice("test2", "192.168.2.1", "test", "123", c.Devices[1], t) + assertDeviceConnection("", false, false, c.Devices[0], t) + assertDeviceConnection("324", true, true, c.Devices[1], t) assertFeature("BGP", c.Features.BGP, t) assertFeature("Conntrack", c.Features.Conntrack, t) assertFeature("DHCP", c.Features.DHCP, t) @@ -60,6 +62,19 @@ func assertDevice(name, address, user, password string, c Device, t *testing.T) } } +func assertDeviceConnection(port string, tls, insecure bool, c Device, t *testing.T) { + if c.Port != port { + t.Fatalf("expected port %s, got %s", port, c.Port) + } + + if c.EnableTLS != tls { + t.Fatalf("expected tls %t, got %t", tls, c.EnableTLS) + } + if c.InsecureTLS != insecure { + t.Fatalf("expected insecure %t, got %t", insecure, c.InsecureTLS) + } +} + func assertFeature(name string, v bool, t *testing.T) { if !v { t.Fatalf("exprected feature %s to be enabled", name) diff --git a/main.go b/main.go index f6596b82..01144677 100644 --- a/main.go +++ b/main.go @@ -133,11 +133,13 @@ func loadConfigFromFlags() (*config.Config, error) { return &config.Config{ Devices: []config.Device{ config.Device{ - Name: *device, - Address: *address, - User: *user, - Password: *password, - Port: *deviceport, + Name: *device, + Address: *address, + User: *user, + Password: *password, + Port: *deviceport, + EnableTLS: *tls, + InsecureTLS: *insecure, }, }, }, nil @@ -278,9 +280,5 @@ func collectorOptions() []collector.Option { opts = append(opts, collector.WithTimeout(*timeout)) } - if *tls { - opts = append(opts, collector.WithTLS(*insecure)) - } - return opts } From 571009f7bd1588e50e14dfda0a18d30bdcf4f13f Mon Sep 17 00:00:00 2001 From: klaper Date: Sat, 4 Jun 2022 14:41:25 +0200 Subject: [PATCH 2/3] Updated README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 8f150be2..8e0087a1 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,9 @@ devices: address: 10.10.0.1 user: prometheus password: changeme + port: 8729 + tls: true + insecure: true - name: my_second_router address: 10.10.0.2 port: 8999 From f43ad5cd54be4c2eac11d94e429d9d800e51fa11 Mon Sep 17 00:00:00 2001 From: klaper Date: Sat, 4 Jun 2022 14:42:10 +0200 Subject: [PATCH 3/3] tls default are set when loading yaml config --- config/config.go | 23 ++++++++++++++++++----- config/config.test.yml | 4 ++-- config/config_test.go | 2 +- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/config/config.go b/config/config.go index 8b75471b..6cd2952f 100644 --- a/config/config.go +++ b/config/config.go @@ -1,10 +1,11 @@ package config import ( + log "github.com/sirupsen/logrus" "io" "io/ioutil" - yaml "gopkg.in/yaml.v2" + "gopkg.in/yaml.v2" ) // Config represents the configuration for the exporter @@ -40,9 +41,9 @@ type Device struct { Srv SrvRecord `yaml:"srv,omitempty"` User string `yaml:"user"` Password string `yaml:"password"` - Port string `yaml:"port"` - EnableTLS bool `yaml:"tls"` - InsecureTLS bool `yaml:"insecure"` + Port string `yaml:"port,omitempty"` + EnableTLS bool `yaml:"tls,omitempty"` + InsecureTLS bool `yaml:"insecure,omitempty"` } type SrvRecord struct { @@ -54,7 +55,7 @@ type DnsServer struct { Port int `yaml:"port"` } -// Load reads YAML from reader and unmashals in Config +// Load reads YAML from reader and unmarshalls in Config func Load(r io.Reader) (*Config, error) { b, err := ioutil.ReadAll(r) if err != nil { @@ -69,3 +70,15 @@ func Load(r io.Reader) (*Config, error) { return c, nil } + +func (d *Device) UnmarshalYAML(unmarshal func(interface{}) error) error { + type inputDevice Device + defaults := &inputDevice{Port: "8728", EnableTLS: false, InsecureTLS: false} + err := unmarshal(defaults) + if err != nil { + log.WithError(err).Error("Device unmarshal error") + return err + } + *d = (Device)(*defaults) + return nil +} diff --git a/config/config.test.yml b/config/config.test.yml index 6e06ddaf..9c445c65 100644 --- a/config/config.test.yml +++ b/config/config.test.yml @@ -6,8 +6,8 @@ devices: - name: test2 address: 192.168.2.1 user: test - password: 123 - port: 324 + password: '123' + port: '324' tls: true insecure: true diff --git a/config/config_test.go b/config/config_test.go index a0687c96..b7328e1d 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -19,7 +19,7 @@ func TestShouldParse(t *testing.T) { assertDevice("test1", "192.168.1.1", "foo", "bar", c.Devices[0], t) assertDevice("test2", "192.168.2.1", "test", "123", c.Devices[1], t) - assertDeviceConnection("", false, false, c.Devices[0], t) + assertDeviceConnection("8728", false, false, c.Devices[0], t) assertDeviceConnection("324", true, true, c.Devices[1], t) assertFeature("BGP", c.Features.BGP, t) assertFeature("Conntrack", c.Features.Conntrack, t)