Merge pull request #784 from roidelapluie/rel-019

Release 0.19.0

Author: Julien Pivotto

CHANGELOG.md

@@ -0,0 +1,19 @@
+## 0.19.0 / 2021-05-07
+
+This release is built with go 1.16.4, which contains a [bugfix](https://github.com/golang/go/issues/45712)
+that can cause an untrusted target to make Blackbox Exporter crash.
+
+In the HTTP probe, `no_follow_redirect` has been changed to `follow_redirect`.
+This release accepts both, with a precedence to the `no_follow_redirect` parameter.
+In the next release, `no_follow_redirect` will be removed.
+
+* [CHANGE] HTTP proble: no_follow_redirect has been renamed to follow_redirect.
+* [FEATURE] Add support for decompression of HTTP responses. #764
+* [FEATURE] Enable TLS and basic authentication. #784
+* [FEATURE] HTTP probe: *experimental* OAuth2 support.
+* [ENHANCEMENT] Add a health endpoint. #752
+* [ENHANCEMENT] Add a metric for unknown probes. #716
+* [ENHANCEMENT] Use preferred protocol first when resolving hostname. #728
+* [ENHANCEMENT] Validating the configuration tries to compile regexes. #729
+* [BUGFIX] HTTP probe: Fix error checking. #723
+* [BUGFIX] HTTP probe: Fix how the tls phase is calculated. #758

CONFIGURATION.md

@@ -62,7 +62,7 @@ The other placeholders are specified separately.
   [ compression: <string> | default = "" ]
 
   # Whether or not the probe will follow any redirects.
-  [ no_follow_redirects: <boolean> | default = false ]
+  [ follow_redirects: <boolean> | default = true ]
 
   # Probe fails if SSL is present.
   [ fail_if_ssl: <boolean> | default = false ]
@@ -105,6 +105,10 @@ The other placeholders are specified separately.
   # HTTP proxy server to use to connect to the targets.
   [ proxy_url: <string> ]
 
+  # OAuth 2.0 configuration to use to connect to the targets.
+  oauth2:
+      [ <oauth2> ]
+
   # The IP protocol of the HTTP probe (ip4, ip6).
   [ preferred_ip_protocol: <string> | default = "ip6" ]
   [ ip_protocol_fallback: <boolean> | default = true ]
@@ -265,3 +269,32 @@ validate_additional_rrs:
 [ server_name: <string> ]
 
 ```
+
+#### <oauth2>
+
+OAuth 2.0 authentication using the client credentials grant type. Blackbox
+exporter fetches an access token from the specified endpoint with the given
+client access and secret keys.
+
+NOTE: This is *experimental* in the blackbox exporter and might not be
+reflected properly in the probe metrics at the moment.
+
+```yml
+client_id: <string>
+[ client_secret: <secret> ]
+
+# Read the client secret from a file.
+# It is mutually exclusive with `client_secret`.
+[ client_secret_file: <filename> ]
+
+# Scopes for the token request.
+scopes:
+  [ - <string> ... ]
+
+# The URL to fetch the token from.
+token_url: <string>
+
+# Optional parameters to append to the token URL.
+endpoint_params:
+  [ <string>: <string> ... ]
+```

VERSION

@@ -1 +1 @@
-0.18.0
+0.19.0

config/config.go

@@ -28,6 +28,8 @@ import (
 
 	yaml "gopkg.in/yaml.v3"
 
+	"github.com/go-kit/kit/log"
+	"github.com/go-kit/kit/log/level"
 	"github.com/miekg/dns"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/common/config"
@@ -57,6 +59,7 @@ var (
 	// DefaultHTTPProbe set default value for HTTPProbe
 	DefaultHTTPProbe = HTTPProbe{
 		IPProtocolFallback: true,
+		HTTPClientConfig:   config.DefaultHTTPClientConfig,
 	}
 
 	// DefaultTCPProbe set default value for TCPProbe
@@ -89,7 +92,7 @@ type SafeConfig struct {
 	C *Config
 }
 
-func (sc *SafeConfig) ReloadConfig(confFile string) (err error) {
+func (sc *SafeConfig) ReloadConfig(confFile string, logger log.Logger) (err error) {
 	var c = &Config{}
 	defer func() {
 		if err != nil {
@@ -112,6 +115,17 @@ func (sc *SafeConfig) ReloadConfig(confFile string) (err error) {
 		return fmt.Errorf("error parsing config file: %s", err)
 	}
 
+	for name, module := range c.Modules {
+		if module.HTTP.NoFollowRedirects != nil {
+			// Hide the old flag from the /config page.
+			module.HTTP.NoFollowRedirects = nil
+			c.Modules[name] = module
+			if logger != nil {
+				level.Warn(logger).Log("msg", "no_follow_redirects is deprecated and will be removed in the next release. It is replaced by follow_redirects.", "module", name)
+			}
+		}
+	}
+
 	sc.Lock()
 	sc.C = c
 	sc.Unlock()
@@ -181,7 +195,7 @@ type HTTPProbe struct {
 	ValidHTTPVersions            []string                `yaml:"valid_http_versions,omitempty"`
 	IPProtocol                   string                  `yaml:"preferred_ip_protocol,omitempty"`
 	IPProtocolFallback           bool                    `yaml:"ip_protocol_fallback,omitempty"`
-	NoFollowRedirects            bool                    `yaml:"no_follow_redirects,omitempty"`
+	NoFollowRedirects            *bool                   `yaml:"no_follow_redirects,omitempty"`
 	FailIfSSL                    bool                    `yaml:"fail_if_ssl,omitempty"`
 	FailIfNotSSL                 bool                    `yaml:"fail_if_not_ssl,omitempty"`
 	Method                       string                  `yaml:"method,omitempty"`
@@ -277,6 +291,10 @@ func (s *HTTPProbe) UnmarshalYAML(unmarshal func(interface{}) error) error {
 		return err
 	}
 
+	if s.NoFollowRedirects != nil {
+		s.HTTPClientConfig.FollowRedirects = !*s.NoFollowRedirects
+	}
+
 	for key, value := range s.Headers {
 		switch strings.Title(key) {
 		case "Accept-Encoding":

config/config_test.go

@@ -25,7 +25,7 @@ func TestLoadConfig(t *testing.T) {
 		C: &Config{},
 	}
 
-	err := sc.ReloadConfig("testdata/blackbox-good.yml")
+	err := sc.ReloadConfig("testdata/blackbox-good.yml", nil)
 	if err != nil {
 		t.Errorf("Error loading config %v: %v", "blackbox.yml", err)
 	}
@@ -90,7 +90,7 @@ func TestLoadBadConfigs(t *testing.T) {
 	}
 	for _, test := range tests {
 		t.Run(test.input, func(t *testing.T) {
-			got := sc.ReloadConfig(test.input)
+			got := sc.ReloadConfig(test.input, nil)
 			if got == nil || got.Error() != test.want {
 				t.Fatalf("ReloadConfig(%q) = %v; want %q", test.input, got, test.want)
 			}
@@ -103,7 +103,7 @@ func TestHideConfigSecrets(t *testing.T) {
 		C: &Config{},
 	}
 
-	err := sc.ReloadConfig("testdata/blackbox-good.yml")
+	err := sc.ReloadConfig("testdata/blackbox-good.yml", nil)
 	if err != nil {
 		t.Errorf("Error loading config %v: %v", "testdata/blackbox-good.yml", err)
 	}

go.mod

@@ -1,15 +1,15 @@
 module github.com/prometheus/blackbox_exporter
 
 require (
-	github.com/andybalholm/brotli v1.0.1
+	github.com/andybalholm/brotli v1.0.2
 	github.com/go-kit/kit v0.10.0
-	github.com/miekg/dns v1.1.40
+	github.com/miekg/dns v1.1.41
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.9.0
+	github.com/prometheus/client_golang v1.10.0
 	github.com/prometheus/client_model v0.2.0
-	github.com/prometheus/common v0.18.0
+	github.com/prometheus/common v0.23.0
 	github.com/prometheus/exporter-toolkit v0.5.1
-	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
+	golang.org/x/net v0.0.0-20210505214959-0714010a04ed
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 )