From 19794ad2e08a6e71eb005e3837ca6d59048f1bf5 Mon Sep 17 00:00:00 2001
From: DiniFarb <andreas.vogt89@bluewin.ch>
Date: Mon, 10 Jul 2023 20:58:19 +0200
Subject: [PATCH 1/5] feat: load config file from url (#1207)

Signed-off-by: DiniFarb <andreas.vogt89@bluewin.ch>
---
 config/config.go | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/config/config.go b/config/config.go
index e131c3501..a4bb108f7 100644
--- a/config/config.go
+++ b/config/config.go
@@ -15,6 +15,9 @@ package config
 
 import (
 	"fmt"
+	"io"
+	"net/http"
+	"net/url"
 	"os"
 
 	"github.com/alecthomas/kingpin/v2"
@@ -35,17 +38,35 @@ type Resolver struct {
 // NewResolver returns a Resolver structure.
 func NewResolver(file string, logger log.Logger) (*Resolver, error) {
 	flags := map[string]string{}
-	_ = level.Info(logger).Log("msg", fmt.Sprintf("Loading configuration file: %v", file))
-	if _, err := os.Stat(file); err != nil {
-		return nil, err
-	}
-	b, err := os.ReadFile(file)
+	var fileBytes []byte
+	url, err := url.ParseRequestURI(file)
 	if err != nil {
 		return nil, err
 	}
+	if url.Scheme == "http" || url.Scheme == "https" {
+		_ = level.Info(logger).Log("msg", fmt.Sprintf("Loading configuration file from URL: %v", file))
+		resp, err := http.Get(file)
+		if err != nil {
+			return nil, err
+		}
+		defer resp.Body.Close()
+		fileBytes, err = io.ReadAll(resp.Body)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		_ = level.Info(logger).Log("msg", fmt.Sprintf("Loading configuration file: %v", file))
+		if _, err := os.Stat(file); err != nil {
+			return nil, err
+		}
+		fileBytes, err = os.ReadFile(file)
+		if err != nil {
+			return nil, err
+		}
+	}
 
 	var rawValues map[string]interface{}
-	err = yaml.Unmarshal(b, &rawValues)
+	err = yaml.Unmarshal(fileBytes, &rawValues)
 	if err != nil {
 		return nil, err
 	}

From 6797126e78d5bb59043724798a065ec66385e852 Mon Sep 17 00:00:00 2001
From: DiniFarb <andreas.vogt89@bluewin.ch>
Date: Mon, 10 Jul 2023 21:05:01 +0200
Subject: [PATCH 2/5] update readme

Signed-off-by: DiniFarb <andreas.vogt89@bluewin.ch>
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index fc78d3688..788fd5177 100644
--- a/README.md
+++ b/README.md
@@ -173,6 +173,8 @@ This enables the additional process and container collectors on top of the defau
 
 YAML configuration files can be specified with the `--config.file` flag. e.g. `.\windows_exporter.exe --config.file=config.yml`. If you are using the absolute path, make sure to quote the path, e.g. `.\windows_exporter.exe --config.file="C:\Program Files\windows_exporter\config.yml"`
 
+It is also possible to load the configuration from a URL. e.g. `.\windows_exporter.exe --config.file="https://example.com/config.yml"`
+
 ```yaml
 collectors:
   enabled: cpu,cs,net,service

From 11ec45e7101698cc5f3c7d8f43823ee349610060 Mon Sep 17 00:00:00 2001
From: DiniFarb <andreas.vogt89@bluewin.ch>
Date: Tue, 11 Jul 2023 07:36:36 +0200
Subject: [PATCH 3/5] feat: Skip TLS verify in loading config from url

Signed-off-by: DiniFarb <andreas.vogt89@bluewin.ch>
---
 config/config.go | 12 ++++++++++--
 exporter.go      |  6 +++++-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/config/config.go b/config/config.go
index a4bb108f7..53e6115d9 100644
--- a/config/config.go
+++ b/config/config.go
@@ -14,6 +14,7 @@
 package config
 
 import (
+	"crypto/tls"
 	"fmt"
 	"io"
 	"net/http"
@@ -36,7 +37,7 @@ type Resolver struct {
 }
 
 // NewResolver returns a Resolver structure.
-func NewResolver(file string, logger log.Logger) (*Resolver, error) {
+func NewResolver(file string, logger log.Logger, insecure_skip_verify bool) (*Resolver, error) {
 	flags := map[string]string{}
 	var fileBytes []byte
 	url, err := url.ParseRequestURI(file)
@@ -45,7 +46,14 @@ func NewResolver(file string, logger log.Logger) (*Resolver, error) {
 	}
 	if url.Scheme == "http" || url.Scheme == "https" {
 		_ = level.Info(logger).Log("msg", fmt.Sprintf("Loading configuration file from URL: %v", file))
-		resp, err := http.Get(file)
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: insecure_skip_verify},
+		}
+		if insecure_skip_verify {
+			_ = level.Warn(logger).Log("msg", "Loading configuration file with TLS verification disabled")
+		}
+		client := &http.Client{Transport: tr}
+		resp, err := client.Get(file)
 		if err != nil {
 			return nil, err
 		}
diff --git a/exporter.go b/exporter.go
index 9cabd07c6..a14729c33 100644
--- a/exporter.go
+++ b/exporter.go
@@ -105,6 +105,10 @@ func main() {
 			"config.file",
 			"YAML configuration file to use. Values set in this file will be overridden by CLI flags.",
 		).String()
+		insecure_skip_verify = app.Flag(
+			"config.file.insecure-skip-verify",
+			"Skip TLS verification in loading YAML configuration.",
+		).Default("false").Bool()
 		webConfig   = webflag.AddFlags(app, ":9182")
 		metricsPath = app.Flag(
 			"telemetry.path",
@@ -152,7 +156,7 @@ func main() {
 
 	_ = level.Debug(logger).Log("msg", "Logging has Started")
 	if *configFile != "" {
-		resolver, err := config.NewResolver(*configFile, logger)
+		resolver, err := config.NewResolver(*configFile, logger, *insecure_skip_verify)
 		if err != nil {
 			_ = level.Error(logger).Log("msg", "could not load config file", "err", err)
 			os.Exit(1)

From 279a8fce89868dc2328083bf9103b9f6f45b75fb Mon Sep 17 00:00:00 2001
From: DiniFarb <andreas.vogt89@bluewin.ch>
Date: Tue, 11 Jul 2023 07:38:42 +0200
Subject: [PATCH 4/5] Update readme: config file part

Signed-off-by: DiniFarb <andreas.vogt89@bluewin.ch>
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 788fd5177..fda045ed5 100644
--- a/README.md
+++ b/README.md
@@ -175,6 +175,8 @@ YAML configuration files can be specified with the `--config.file` flag. e.g. `.
 
 It is also possible to load the configuration from a URL. e.g. `.\windows_exporter.exe --config.file="https://example.com/config.yml"`
 
+If you need to skip TLS verification, you can use the `--config.file.insecure-skip-verify` flag. e.g. `.\windows_exporter.exe --config.file="https://example.com/config.yml" --config.file.insecure-skip-verify`
+
 ```yaml
 collectors:
   enabled: cpu,cs,net,service

From b08ce0697c65cef318d27995a19231a934280006 Mon Sep 17 00:00:00 2001
From: DiniFarb <andreas.vogt89@bluewin.ch>
Date: Thu, 13 Jul 2023 10:22:52 +0200
Subject: [PATCH 5/5] Update readme (flag part)

Signed-off-by: DiniFarb <andreas.vogt89@bluewin.ch>
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index fda045ed5..6e2634cd7 100644
--- a/README.md
+++ b/README.md
@@ -89,6 +89,8 @@ Flag     | Description | Default value
 `--collectors.print` | If true, print available collectors and exit. |
 `--scrape.timeout-margin` | Seconds to subtract from the timeout allowed by the client. Tune to allow for overhead or high loads. | `0.5`
 `--web.config.file` | A [web config][web_config] for setting up TLS and Auth | None
+`--config.file` | [Using a config file](#using-a-configuration-file) from path or URL | None
+`--config.file.insecure-skip-verify` | Skip TLS when loading config file from URL | false
 
 ## Installation
 The latest release can be downloaded from the [releases page](https://github.com/prometheus-community/windows_exporter/releases).