1.14.1 (#80)

* Update to Kotlin 1.7.20 * Add support for agents to ignore SSL certificates on https endpoints * Update jars * Clean up JSON generation for discovery
pambrose · Oct 14, 2022 · 40dc448 · 40dc448
1 parent a69310b
commit 40dc448
Show file tree

Hide file tree

Showing 17 changed files with 300 additions and 107 deletions.
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-VERSION=1.14.0
+VERSION=1.14.1
 
 default: versioncheck
 

diff --git a/README.md b/README.md
@@ -112,8 +112,8 @@ scrape_configs:
 The docker images are available via:
 
 ```bash
-docker pull pambrose/prometheus-proxy:1.14.0
-docker pull pambrose/prometheus-agent:1.14.0
+docker pull pambrose/prometheus-proxy:1.14.1
+docker pull pambrose/prometheus-agent:1.14.1
 ```
 
 Start a proxy container with:
@@ -122,15 +122,15 @@ Start a proxy container with:
 docker run --rm -p 8082:8082 -p 8092:8092 -p 50051:50051 -p 8080:8080 \
         --env ADMIN_ENABLED=true \
         --env METRICS_ENABLED=true \
-        pambrose/prometheus-proxy:1.14.0
+        pambrose/prometheus-proxy:1.14.1
 ```
 
 Start an agent container with:
 
 ```bash
 docker run --rm -p 8083:8083 -p 8093:8093 \
         --env AGENT_CONFIG='https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/simple.conf' \
-        pambrose/prometheus-agent:1.14.0
+        pambrose/prometheus-agent:1.14.1
 ```
 
 Using the config
@@ -148,7 +148,7 @@ is in your current directory, run an agent container with:
 docker run --rm -p 8083:8083 -p 8093:8093 \
     --mount type=bind,source="$(pwd)"/prom-agent.conf,target=/app/prom-agent.conf \
     --env AGENT_CONFIG=prom-agent.conf \
-    pambrose/prometheus-agent:1.14.0
+    pambrose/prometheus-agent:1.14.1
 ```
 
 **Note:** The `WORKDIR` of the proxy and agent images is `/app`, so make sure to use `/app` as the base directory in the
@@ -217,6 +217,7 @@ argument is an agent config value, which should have an `agent.pathConfigs` valu
 | --max_retries      | SCRAPE_MAX_RETRIES <br> agent.scrapeMaxRetries                             | 0       | Scrape maximum retries (0 disables scrape retries)         |
 | --chunk            | CHUNK_CONTENT_SIZE_KBS <br> agent.chunkContentSizeKbs                      | 32      | Threshold for chunking data to Proxy and buffer size (KBs) |
 | --gzip             | MIN_GZIP_SIZE_BYTES <br> agent.minGzipSizeBytes                            | 1024    | Minimum size for content to be gzipped (bytes)             |
+| --trust_all_x509   | TRUST_ALL_X509_CERTIFICATES <br> agent.http.enableTrustAllX509Certificates | false   | Disable SSL verification for agent https endpoints         |
 | --cert, -t         | CERT_CHAIN_FILE_PATH <br> agent.tls.certChainFilePath                      |         | Certificate chain file path                                |
 | --key, -k          | PRIVATE_KEY_FILE_PATH <br> agent.tls.privateKeyFilePath                    |         | Private key file path                                      |
 | --trust, -s        | TRUST_CERT_COLLECTION_FILE_PATH <br> agent.tls.trustCertCollectionFilePath |         | Trust certificate collection file path                     |
@@ -248,14 +249,14 @@ These admin servlets are available when the admin servlet is enabled:
 The admin servlets can be enabled with the `ADMIN_ENABLED` environment var, the `--admin` CLI option, or with the
 `proxy.admin.enabled` and `agent.admin.enabled` properties.
 
-The debug servlet can be enabled with the `DEBUG_ENABLED` env var, `--debug` CLI option , or with the
+The debug servlet can be enabled with the `DEBUG_ENABLED` environment var, the `--debug` CLI option , or with the
 `proxy.admin.debugEnabled` and `agent.admin.debugEnabled` properties. The debug servlet requires that the admin servlets
 are enabled. The debug servlet is at: `/debug` on the admin port.
 
 Descriptions of the servlets are [here](http://metrics.dropwizard.io/3.2.2/manual/servlets.html). The path names can be
 changed in the configuration file. To disable an admin servlet, assign its property path to "".
 
-## Adding TLS to Agent-Proxy connections
+## Adding TLS to Agent-Proxy Connections
 
 Agents connect to a proxy using [gRPC](https://grpc.io). gRPC supports TLS with or without mutual authentication. The
 necessary certificate and key file paths can be specified via CLI args, environment variables and configuration file
@@ -267,13 +268,13 @@ necessary to test TLS support.
 
 Running TLS without mutual authentication requires these settingss:
 
-* certChainFilePath and privateKeyFilePath on the proxy
-* trustCertCollectionFilePath on the agent
+* `certChainFilePath` and `privateKeyFilePath` on the proxy
+* `trustCertCollectionFilePath` on the agent
 
 Running TLS with mutual authentication requires these settingss:
 
-* certChainFilePath, privateKeyFilePath and trustCertCollectionFilePath on the proxy
-* certChainFilePath, privateKeyFilePath and trustCertCollectionFilePath on the agent
+* `certChainFilePath`, `privateKeyFilePath` and `trustCertCollectionFilePath` on the proxy
+* `certChainFilePath`, `privateKeyFilePath` and `trustCertCollectionFilePath` on the agent
 
 ### Running with TLS
 
@@ -293,23 +294,29 @@ docker run --rm -p 8082:8082 -p 8092:8092 -p 50440:50440 -p 8080:8080 \
     --env PROXY_CONFIG=tls-no-mutual-auth.conf \
     --env ADMIN_ENABLED=true \
     --env METRICS_ENABLED=true \
-    pambrose/prometheus-proxy:1.14.0
+    pambrose/prometheus-proxy:1.14.1
 
 docker run --rm -p 8083:8083 -p 8093:8093 \
     --mount type=bind,source="$(pwd)"/testing/certs,target=/app/testing/certs \
     --mount type=bind,source="$(pwd)"/examples/tls-no-mutual-auth.conf,target=/app/tls-no-mutual-auth.conf \
     --env AGENT_CONFIG=tls-no-mutual-auth.conf \
     --env PROXY_HOSTNAME=mymachine.lan:50440 \
     --name docker-agent \
-    pambrose/prometheus-agent:1.14.0
+    pambrose/prometheus-agent:1.14.1
 ```
 
 **Note:** The `WORKDIR` of the proxy and agent images is `/app`, so make sure to use `/app` as the base directory in the
 target for `--mount` options.
 
-## Scraping a Prometheus instance
-It's possible to scrape an existing prometheus server using the `/federate` endpoint. 
-This enables using the existing service discovery features already built into Prometheus. 
+## Scraping HTTPS Endpoints
+
+Disable SSL verification for agent https endpoints with the `TRUST_ALL_X509_CERTIFICATES` environment var,
+the `--trust_all_x509` CLI option, or the `agent.http.enableTrustAllX509Certificates` property,
+
+## Scraping a Prometheus Instance
+
+It's possible to scrape an existing prometheus server using the `/federate` endpoint.
+This enables using the existing service discovery features already built into Prometheus.
 
 An example config can be found in
 [federate.conf](https://github.com/pambrose/prometheus-proxy/blob/master/examples/federate.conf).

diff --git a/bin/docker-agent.sh b/bin/docker-agent.sh
@@ -3,4 +3,4 @@
 docker run --rm -p 8083:8083 -p 8093:8093 \
   --env AGENT_CONFIG='https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/simple.conf' \
   --env PROXY_HOSTNAME=mymachine.lan \
-  pambrose/prometheus-agent:1.14.0
+  pambrose/prometheus-agent:1.14.1
diff --git a/bin/docker-proxy.sh b/bin/docker-proxy.sh
@@ -2,4 +2,4 @@
 
 docker run --rm -p 8082:8082 -p 8092:8092 -p 50051:50051 -p 8080:8080 \
   --env PROXY_CONFIG='https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/simple.conf' \
-  pambrose/prometheus-proxy:1.14.0
+  pambrose/prometheus-proxy:1.14.1
diff --git a/build.gradle b/build.gradle
@@ -2,23 +2,23 @@ plugins {
     id 'idea'
     id 'java'
     id 'maven-publish'
-    id 'org.jetbrains.kotlin.jvm' version '1.7.10'
-    id 'com.google.protobuf' version '0.8.19'
-    id 'org.jmailen.kotlinter' version "3.11.1"
+    id 'org.jetbrains.kotlin.jvm' version '1.7.20'
+    id 'com.google.protobuf' version '0.8.18'   // Keep in sync with grpc
+    id 'org.jmailen.kotlinter' version "3.12.0"
     id "com.github.ben-manes.versions" version '0.42.0'
     id 'com.github.johnrengelman.shadow' version '7.1.2'
     id 'com.github.gmazzo.buildconfig' version '3.1.0'
-    //id 'org.jetbrains.kotlinx.kover' version '0.5.0'
+    id 'org.jetbrains.kotlinx.kover' version '0.6.1'
     // Turn these off until jacoco fixes their kotlin 1.5.0 SMAP issue
     // id 'jacoco'
     // id 'com.github.kt3k.coveralls' version '2.12.0'
 }
 
 group = 'io.prometheus'
-version = '1.14.0'
+version = '1.14.1'
 
-sourceCompatibility = 1.8
-targetCompatibility = 1.8
+sourceCompatibility = 11
+targetCompatibility = 11
 
 repositories {
     //maven { url "https://maven.pkg.jetbrains.space/public/p/ktor/eap" }
@@ -64,6 +64,8 @@ dependencies {
     implementation "io.ktor:ktor-client:$ktor_version"
     implementation "io.ktor:ktor-client-cio:$ktor_version"
     implementation "io.ktor:ktor-client-auth:$ktor_version"
+    implementation "io.ktor:ktor-network:$ktor_version"
+    implementation "io.ktor:ktor-network-tls:$ktor_version"
 
     implementation "io.ktor:ktor-server:$ktor_version"
     implementation "io.ktor:ktor-server-cio:$ktor_version"
@@ -88,7 +90,7 @@ buildConfig {
 
     buildConfigField('String', 'APP_NAME', "\"${project.name}\"")
     buildConfigField('String', 'APP_VERSION', "\"${project.version}\"")
-    buildConfigField('String', 'APP_RELEASE_DATE', "\"9/30/22\"")
+    buildConfigField('String', 'APP_RELEASE_DATE', "\"10/14/22\"")
 }
 
 publishing {
@@ -213,7 +215,7 @@ compileKotlin.dependsOn ':generateProto'
 
 compileKotlin {
     kotlinOptions {
-        jvmTarget = "1.8"
+        jvmTarget = "11"
         freeCompilerArgs += ['-Xbackend-threads=8',
                              "-opt-in=kotlin.time.ExperimentalTime",
                              "-opt-in=kotlin.contracts.ExperimentalContracts",
@@ -225,7 +227,7 @@ compileKotlin {
 
 compileTestKotlin {
     kotlinOptions {
-        jvmTarget = "1.8"
+        jvmTarget = "11"
         freeCompilerArgs += ['-Xbackend-threads=8',
                              "-opt-in=kotlinx.coroutines.InternalCoroutinesApi",
                              "-opt-in=kotlinx.coroutines.DelicateCoroutinesApi"]
@@ -258,4 +260,63 @@ kotlinter {
                      "no-trailing-spaces",
                      "wrapping",
                      "multiline-if-else",]
+}
+
+koverMerged {
+    enable()  // create Kover merged reports
+
+    filters { // common filters for all default Kover merged tasks
+        classes { // common class filter for all default Kover merged tasks
+            includes.add("io.prometheus.*") // class inclusion rules
+            //excludes.addAll("io.prometheus.subpackage.*") // class exclusion rules
+        }
+
+        projects { // common projects filter for all default Kover merged tasks
+            //excludes.addAll("project1", ":child:project") // Specifies the projects excluded in the merged tasks
+        }
+    }
+
+
+    xmlReport {
+        onCheck.set(true)
+        // true to run koverMergedXmlReport task during the execution of the check task (if it exists) of the current project
+        reportFile.set(layout.buildDirectory.file("my-merged-report/result.xml")) // change report file name
+        overrideClassFilter { // override common class filter
+            includes.add("io.prometheus.*") // override class inclusion rules
+            //excludes.addAll("io.prometheus.subpackage.*") // override class exclusion rules
+        }
+    }
+
+    htmlReport {
+        onCheck.set(true)
+        // true to run koverMergedHtmlReport task during the execution of the check task (if it exists) of the current project
+        reportDir.set(layout.buildDirectory.dir("my-merged-report/html-result")) // change report directory
+        overrideClassFilter { // override common class filter
+            includes.add("io.prometheus.*") // override class inclusion rules
+            //excludes.addAll("io.prometheus.subpackage.*") // override class exclusion rules
+        }
+    }
+
+    verify {
+        onCheck.set(true)
+        // true to run koverMergedVerify task during the execution of the check task (if it exists) of the current project
+        rule { // add verification rule
+            //isEnabled = true // false to disable rule checking
+            name = null // custom name for the rule
+            target = 'ALL' // specify by which entity the code for separate coverage evaluation will be grouped
+
+            overrideClassFilter { // override common class filter
+                includes.add("io.prometheus.verify.*") // override class inclusion rules
+                // excludes.addAll("io.prometheus.verify.subpackage.*") // override class exclusion rules
+            }
+
+            bound { // add rule bound
+                minValue = 10
+                maxValue = 20
+                counter = 'LINE' // change coverage metric to evaluate (LINE, INSTRUCTION, BRANCH)
+                valueType = 'COVERED_PERCENTAGE'
+                // change counter value (COVERED_COUNT, MISSED_COUNT, COVERED_PERCENTAGE, MISSED_PERCENTAGE)
+            }
+        }
+    }
 }
diff --git a/etc/compose/proxy.yml b/etc/compose/proxy.yml
@@ -1,6 +1,6 @@
 prometheus-proxy:
   autoredeploy: true
-  image: 'pambrose/prometheus-proxy:1.14.0'
+  image: 'pambrose/prometheus-proxy:1.14.1'
   ports:
     - '8080:8080'
     - '8082:8082'

diff --git a/etc/config/config.conf b/etc/config/config.conf
@@ -5,7 +5,7 @@ proxy {
 
   service.discovery {
     enabled = false                               // Enable service discovery
-    path = "discovery"                             // Service discovery path
+    path = "discovery"                            // Service discovery path
     targetPrefix = "http://localhost:8080/"       // Service discovery target prefix
   }
 
@@ -97,6 +97,10 @@ agent {
     port = 50051                                  // Proxy port
   }
 
+  http {
+    enableTrustAllX509Certificates = false        // Enabling will disable SSL verification for agent https endpoints
+  }
+
   admin {
     enabled = false                               // Enable Admin servlets
     port = 8093                                   // Admin servlets port

diff --git a/examples/tls-no-mutual-auth.conf b/examples/tls-no-mutual-auth.conf
@@ -16,6 +16,10 @@ agent {
     port = 50440                                          // Proxy port
   }
 
+  http {
+    enableTrustAllX509Certificates = true
+  }
+
   // Only trustCertCollectionFilePath is required on the client with TLS (no mutual authentication)
   tls {
     overrideAuthority = "foo.test.google.fr"              // Override authority (for testing only)

diff --git a/gradle.properties b/gradle.properties
@@ -6,24 +6,24 @@ org.gradle.parallel=true
 org.gradle.caching=true
 org.gradle.jvmargs=-Xmx2048m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
 annotation_version=1.3.2
-dropwizard_version=4.2.11
+dropwizard_version=4.2.12
 gengrpc_version=1.3.0
-grpc_version=1.49.0
+grpc_version=1.50.0
 jcommander_version=1.82
-jetty_version=9.4.48.v20220622
-junit_version=5.9.0
+jetty_version=9.4.49.v20220914
+junit_version=5.9.1
 kluent_version=1.68
-kotlin_version=1.7.10
-ktor_version=2.1.0
-logback_version=1.4.0
-logging_version=2.1.23
+kotlin_version=1.7.20
+ktor_version=2.1.2
+logback_version=1.4.4
+logging_version=3.0.2
 # Keep in sync with grpc
 tcnative_version=2.0.54.Final
 prometheus_version=0.16.0
 # Keep in sync with grpc
-protoc_version=3.21.1
+protoc_version=3.21.7
 serialization_version=1.4.0
-slf4j_version=2.0.0
+slf4j_version=2.0.3
 typesafe_version=1.4.2
-utils_version=1.28.0
-zipkin_version=5.13.11
+utils_version=1.30.0
+zipkin_version=5.14.1