Skip to content

added support for certificates and insecure #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cooperspencer wants to merge 2 commits into
base: master
Choose a base branch
from
Open

added support for certificates and insecure #96

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
14bf4d8
added support for certificates and insecure
cooperspencer Jun 25, 2024
0d06ee0
switched fmt.Sprintf against net.JoinHostPort
cooperspencer Jul 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 30 additions & 11 deletions collector/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package collector

import (
"bufio"
"crypto/tls"
"encoding/base64"
"errors"
"fmt"
Expand All @@ -27,8 +28,11 @@ type connectionHandler interface {
}

type connectionHandlerImpl struct {
hostname string
port int
hostname string
port int
certificate string
key string
insecure bool
}

/*SquidClient provides functionality to fetch squid metrics */
Expand All @@ -51,11 +55,14 @@ func buildBasicAuthString(login string, password string) string {
}

type CacheObjectRequest struct {
Hostname string
Port int
Login string
Password string
Headers []string
Hostname string
Port int
Login string
Password string
Headers []string
Certificate string
Key string
Insecure bool
}

/*NewCacheObjectClient initializes a new cache client */
Expand All @@ -64,6 +71,9 @@ func NewCacheObjectClient(cor *CacheObjectRequest) *CacheObjectClient {
&connectionHandlerImpl{
cor.Hostname,
cor.Port,
cor.Certificate,
cor.Key,
cor.Insecure,
},
buildBasicAuthString(cor.Login, cor.Password),
cor.Headers,
Expand All @@ -72,12 +82,10 @@ func NewCacheObjectClient(cor *CacheObjectRequest) *CacheObjectClient {

func (c *CacheObjectClient) readFromSquid(endpoint string) (*bufio.Reader, error) {
conn, err := c.ch.connect()

if err != nil {
return nil, err
}
r, err := get(conn, endpoint, c.basicAuthString, c.headers)

if err != nil {
return nil, err
}
Expand Down Expand Up @@ -207,7 +215,19 @@ func (c *CacheObjectClient) GetInfos() (types.Counters, error) {
}

func (ch *connectionHandlerImpl) connect() (net.Conn, error) {
return net.Dial("tcp", fmt.Sprintf("%s:%d", ch.hostname, ch.port))
if ch.certificate != "" && ch.key != "" {
cert, err := tls.LoadX509KeyPair(ch.certificate, ch.key)
Copy link
Owner

@boynux boynux May 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this PR, I think this is a good addition. however I'm not sure if squid server supports client certs for this work, does it?

If you meant to support when the cache manager port is behind a secure port as the insecure flag implies then I think the right approach might be what's explained here: https://gist.github.com/denji/12b3a568f092ab951456?permalink_comment_id=1695690#gistcomment-1695690

Please let me know if I misunderstood anything :)

if err != nil {
return nil, err
}
tlsconfig := tls.Config{Certificates: []tls.Certificate{cert}}
return tls.Dial("tcp", net.JoinHostPort(ch.hostname, strconv.Itoa(ch.port)), &tlsconfig)
} else if ch.insecure {
tlsconfig := tls.Config{InsecureSkipVerify: ch.insecure}
return tls.Dial("tcp", net.JoinHostPort(ch.hostname, strconv.Itoa(ch.port)), &tlsconfig)
}

return net.Dial("tcp", net.JoinHostPort(ch.hostname, strconv.Itoa(ch.port)))
}

func get(conn net.Conn, path string, basicAuthString string, headers []string) (*http.Response, error) {
Expand Down Expand Up @@ -347,7 +367,6 @@ func decodeInfoStrings(line string) (types.Counter, error) {
} else {
value = slices[0]
}

}

value = strings.Replace(value, "%", "", -1)
Expand Down
18 changes: 12 additions & 6 deletions collector/metrics.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,15 @@ type Exporter struct {
}

type CollectorConfig struct {
Hostname string
Port int
Login string
Password string
Labels config.Labels
Headers []string
Hostname string
Port int
Login string
Password string
Labels config.Labels
Headers []string
TLSCertificate string
TLSKey string
Insecure bool
}

/*New initializes a new exporter */
Expand All @@ -58,6 +61,9 @@ func New(c *CollectorConfig) *Exporter {
c.Login,
c.Password,
c.Headers,
c.TLSCertificate,
c.TLSKey,
c.Insecure,
}),

c.Hostname,
Expand Down
14 changes: 14 additions & 0 deletions config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ const (
defaultSquidPort = 3128
defaultExtractServiceTimes = true
defaultUseProxyHeader = false
defaultInsecure = false
)

const (
Expand All @@ -31,6 +32,9 @@ const (
squidPidfile = "SQUID_PIDFILE"
squidExtractServiceTimes = "SQUID_EXTRACTSERVICETIMES"
squidUseProxyHeader = "SQUID_USE_PROXY_HEADER"
squidInsecure = "SQUID_INSECURE"
squidTLSCertificate = "SQUID_TLS_CERTIFICATE"
squidTLSKey = "SQUID_TLS_KEY"
)

var (
Expand All @@ -57,6 +61,10 @@ type Config struct {
Pidfile string

UseProxyHeader bool

TLSCertificate string
TLSKey string
Insecure bool
}

/*NewConfig creates a new config object from command line args */
Expand Down Expand Up @@ -88,6 +96,12 @@ func NewConfig() *Config {
flag.BoolVar(&c.UseProxyHeader, "squid-use-proxy-header",
loadEnvBoolVar(squidUseProxyHeader, defaultUseProxyHeader), "Use proxy headers when fetching metrics")

flag.BoolVar(&c.Insecure, "squid-insecure",
loadEnvBoolVar(squidInsecure, defaultInsecure), "Ignore certificate")

flag.StringVar(&c.TLSCertificate, "squid-tls-certificate", loadEnvStringVar(squidTLSCertificate, ""), "Certificate used by squid")
flag.StringVar(&c.TLSKey, "squid-tls-key", loadEnvStringVar(squidTLSKey, ""), "Key used by squid")

VersionFlag = flag.Bool("version", false, "Print the version and exit")

flag.Parse()
Expand Down
18 changes: 11 additions & 7 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package main
import (
"fmt"
"log"
"net"
"net/http"
"os"
"strconv"
Expand Down Expand Up @@ -37,14 +38,17 @@ func main() {
headers = append(headers, createProxyHeader(cfg))
}

log.Println("Scraping metrics from", fmt.Sprintf("%s:%d", cfg.SquidHostname, cfg.SquidPort))
log.Println("Scraping metrics from", net.JoinHostPort(cfg.SquidHostname, strconv.Itoa(cfg.SquidPort)))
e := collector.New(&collector.CollectorConfig{
Hostname: cfg.SquidHostname,
Port: cfg.SquidPort,
Login: cfg.Login,
Password: cfg.Password,
Labels: cfg.Labels,
Headers: headers,
Hostname: cfg.SquidHostname,
Port: cfg.SquidPort,
Login: cfg.Login,
Password: cfg.Password,
Labels: cfg.Labels,
Headers: headers,
TLSCertificate: cfg.TLSCertificate,
TLSKey: cfg.TLSKey,
Insecure: cfg.Insecure,
})
prometheus.MustRegister(e)

Expand Down