Merge pull request #76 from genegr/add-TLS

Add support for TLS, as per Issue #70

Author: sdodsley

README.md

@@ -80,11 +80,15 @@ Authentication is used by the exporter as the mechanism to cross authenticate to
 The first option requires specifying the api-token value as the authorization parameter of the specific job in the Prometheus configuration file.
 The second option provides the FlashArray/api-token key-pair map for a list of arrays in a simple YAML configuration file that is passed as parameter to the exporter. This makes possible to write more concise Prometheus configuration files and also to configure other scrapers that cannot use the HTTP authentication header.
 
+### TLS Support
+
+The exporter can be started in TLS mode (HTTPS, mutually exclusive with the HTTP mode) by providing the X.509 certificate and key files in the command parameters. Self-signed certificates are also accepted.
+
 ### Usage
 
 ```shell
 
-usage: pure-fa-om-exporter [-h|--help] [-a|--address "<value>"] [-p|--port <integer>] [-d|--debug] [-t|--tokens <file>]
+usage: pure-fa-om-exporter [-h|--help] [-a|--address "<value>"] [-p|--port <integer>] [-d|--debug] [-t|--tokens <file>] [-k|--key <file>] [-c|--cert <file>]
 
                            Pure Storage FA OpenMetrics exporter
 
@@ -95,6 +99,8 @@ Arguments:
   -p  --port     Port for this exporter to listen. Default: 9490
   -d  --debug    Enable debug. Default: false
   -t  --tokens   API token(s) map file
+  -c  --cert     SSL/TLS certificate file. Required only for TLS
+  -k  --key      SSL/TLS private key file. Required only for TLS
 ```
 
 The array token configuration file must have to following syntax:

cmd/fa-om-exporter/main.go

@@ -22,18 +22,28 @@ var version string = "development"
 var debug bool = false
 var arraytokens config.FlashArrayList
 
-func FileExists(args []string) error {
+func fileExists(args []string) error {
 	_, err := os.Stat(args[0])
 	return err
 }
 
+func isFile(filename string) bool {
+   info, err := os.Stat(filename)
+   if os.IsNotExist(err) {
+      return false
+   }
+   return !info.IsDir()
+}
+
 func main() {
 
 	parser := argparse.NewParser("pure-fa-om-exporter", "Pure Storage FA OpenMetrics exporter")
 	host := parser.String("a", "address", &argparse.Options{Required: false, Help: "IP address for this exporter to bind to", Default: "0.0.0.0"})
 	port := parser.Int("p", "port", &argparse.Options{Required: false, Help: "Port for this exporter to listen", Default: 9490})
 	d := parser.Flag("d", "debug", &argparse.Options{Required: false, Help: "Enable debug", Default: false})
-	at := parser.File("t", "tokens", os.O_RDONLY, 0600, &argparse.Options{Required: false, Validate: FileExists, Help: "API token(s) map file"})
+	at := parser.File("t", "tokens", os.O_RDONLY, 0600, &argparse.Options{Required: false, Validate: fileExists, Help: "API token(s) map file"})
+	cert := parser.String("c", "cert", &argparse.Options{Required: false, Help: "SSL/TLS certificate file. Required only for TLS"})
+	key := parser.String("k", "key", &argparse.Options{Required: false, Help: "SSL/TLS private key file. Required only for TLS"})
 	err := parser.Parse(os.Args)
 	if err != nil {
 		log.Fatalf("Error in token file: %v", err)
@@ -60,6 +70,16 @@ func main() {
 			log.Fatalf("Unmarshalling token file: %v", err)
 		}
 	}
+	if (len(*cert) > 0 && len(*key) == 0) || (len(*cert) == 0 && len(*key) > 0) {
+		log.Fatal("Both certificate and key must be specified to enable TLS")
+        }
+	if (len(*cert) > 0 && len(*key) > 0) {
+		if !isFile(*cert) {
+			log.Fatal("TLS cert file not found")
+        	} else if !isFile (*key) {
+			log.Fatal("TLS key file not found")
+		}
+        }
 	debug = *d
 	addr := fmt.Sprintf("%s:%d", *host, *port)
 	log.Printf("Start Pure FlashArray exporter %s on %s", version, addr)
@@ -83,7 +103,11 @@ func main() {
 	http.HandleFunc("/metrics", func(w http.ResponseWriter, r *http.Request) {
 		metricsHandler(w, r)
 	})
-	log.Fatal(http.ListenAndServe(addr, nil))
+	if isFile(*cert) && isFile(*key) {
+		log.Fatal(http.ListenAndServeTLS(addr, *cert, *key, nil))
+	} else {
+		log.Fatal(http.ListenAndServe(addr, nil))
+	}
 }
 
 func metricsHandler(w http.ResponseWriter, r *http.Request) {