1.5.0

* Support for TLS

.travis.yml

@@ -2,8 +2,8 @@ language: java
 
 jdk:
   #- oraclejdk11
-  #- openjdk11
-  - openjdk8
+  - openjdk11
+  #- openjdk8
 
 after_success:
   - ./gradlew jacocoTestReport coveralls

Makefile

@@ -1,4 +1,4 @@
-VERSION=1.4.5
+VERSION=1.5.0
 
 default: compile
 
@@ -17,7 +17,7 @@ tests:
 	./gradlew check
 
 config:
-	java -jar ./etc/jars/tscfg-0.9.94.jar --spec etc/config/config.conf --pn io.prometheus.common --cn ConfigVals --dd src/main/java/io/prometheus/common
+	java -jar ./etc/jars/tscfg-0.9.95.jar --spec etc/config/config.conf --pn io.prometheus.common --cn ConfigVals --dd src/main/java/io/prometheus/common
 
 distro: clean compile jars
 

bin/docker-agent.sh

@@ -3,4 +3,4 @@
 docker run --rm -p 8083:8083 -p 8093:8093 \
   -e HOSTNAME=${HOSTNAME} \
   -e AGENT_CONFIG='https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/simple.conf' \
-  pambrose/prometheus-agent:1.4.5
+  pambrose/prometheus-agent:1.5.0

bin/docker-proxy.sh

@@ -3,4 +3,4 @@
 docker run --rm -p 8082:8082 -p 8092:8092 -p 50051:50051 -p 8080:8080 \
   -e HOSTNAME=${HOSTNAME} \
   -e PROXY_CONFIG='https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/simple.conf' \
-  pambrose/prometheus-proxy:1.4.5
+  pambrose/prometheus-proxy:1.5.0

build.gradle

@@ -1,54 +1,56 @@
 plugins {
   id 'idea'
   id 'java'
-  id 'org.jetbrains.kotlin.jvm' version '1.3.60'
-  id 'org.jetbrains.kotlin.plugin.serialization' version '1.3.60'
+  id 'org.jetbrains.kotlin.jvm' version '1.3.61'
+  id 'org.jetbrains.kotlin.plugin.serialization' version '1.3.61'
   id 'com.google.protobuf' version '0.8.10'
   id "com.github.ben-manes.versions" version '0.27.0'
   id 'com.github.johnrengelman.shadow' version '5.2.0'
 }
 
 group = 'io.prometheus'
-version = '1.4.5'
+version = '1.5.0'
 
 sourceCompatibility = 1.8
 targetCompatibility = 1.8
 
-def kotlinVersion = '1.3.60'
+def utilsVersion = '1.1.11'
 def serializationVersion = '0.13.0'
 def coroutinesVersion = '1.3.2'
-def utilsVersion = '1.1.8'
 
 def grpcVersion = '1.25.0'
 def protocVersion = '3.10.0'
 
-def ktorVersion = '1.2.4'
+def ktorVersion = '1.2.5'
 def annotationVersion = '1.3.2'
 def prometheusVersion = '0.8.0'
-def loggingVersion = '1.7.7'
 def dropwizardVersion = '4.1.1'
-def zipkinVersion = '5.9.0'
+def zipkinVersion = '5.9.1'
 def jettyVersion = '9.4.22.v20191022'
-def kluentVersion = '1.57'
 def tscfgVersion = '1.3.4'
 def contribVersion = '0.8.1'
 def jcommanderVersion = '1.78'
+
+def loggingVersion = '1.7.8'
 def logbackVersion = '1.2.3'
 def slf4jVersion = '1.7.28'
+
+def kluentVersion = '1.58'
 def junitVersion = '5.5.2'
 
 repositories {
   maven { url = "https://kotlin.bintray.com/kotlinx" }
-  maven { url = 'https://dl.bintray.com/kotlin/kotlin-dev/' }
   maven { url = 'https://maven-central.storage-download.googleapis.com/repos/central/data/' }
-  mavenCentral()
   jcenter()
   maven { url = 'https://jitpack.io' }
 }
 
 dependencies {
-  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlinVersion}"
-  implementation "org.jetbrains.kotlin:kotlin-reflect:${kotlinVersion}"
+  implementation platform('org.jetbrains.kotlin:kotlin-bom')
+
+  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8"
+  implementation "org.jetbrains.kotlin:kotlin-reflect"
+
   implementation "org.jetbrains.kotlinx:kotlinx-serialization-runtime:${serializationVersion}"
   implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core:${coroutinesVersion}"
   implementation "org.jetbrains.kotlinx:kotlinx-coroutines-jdk8:${coroutinesVersion}"
@@ -209,4 +211,5 @@ test {
     exceptionFormat "full"
     showStandardStreams = true
   }
-}
+}
+

etc/compose/proxy.yml

@@ -1,6 +1,6 @@
 prometheus-proxy:
   autoredeploy: true
-  image: 'pambrose/prometheus-proxy:1.4.5'
+  image: 'pambrose/prometheus-proxy:1.5.0'
   ports:
     - '8080:8080'
     - '8082:8082'

etc/config/config.conf

@@ -1,15 +1,15 @@
 
 proxy {
 
+  agent.port = 50051                        // Listen port for agent connections
+
   http {
     port = 8080                             // Listen port for proxied scrapes
     maxThreads = -1
     minThreads = -1
     idleTimeoutSecs = 45
   }
 
-  agent.port = 50051                        // Listen port for agent connections
-
   admin {
     enabled = false                         // Enable Admin servlets
     port = 8092                             // Admin servlets port
@@ -21,6 +21,12 @@ proxy {
     recentRequestsQueueSize = 50            // Size of queue for recent activities on debug servlet
   }
 
+  tls {
+    certChainFilePath = ""                  // Server certificate chain file path
+    privateKeyFilePath = ""                 // Server private key file path
+    trustCertCollectionFilePath = ""        // Trust certificate collection file path
+  }
+
   metrics {
     enabled = false                         // Enable Proxy metrics
     port = 8082                             // Listen port for metrics endpoint
@@ -83,6 +89,13 @@ agent {
     debugEnabled = false                    // Enable agent debug servlet on admin port
   }
 
+  tls {
+    overrideAuthority = ""                  // Overide authority
+    certChainFilePath = ""                  // Client certificate chain file path
+    privateKeyFilePath = ""                 // Client private key file path
+    trustCertCollectionFilePath = ""        // Trust certificate collection file path
+  }
+
   metrics {
     enabled = false                         // Enable Agent metrics
     port = 8083                             // Listen port for metrics endpoint
@@ -101,7 +114,7 @@ agent {
     }
   }
 
-  pathConfigs: [                            // List of path configs registered with a Proxy
+  pathConfigs: [                             // List of path configs registered with a Proxy
     {
       name: String                          // Endpint name
       path: String                          // Path used by the proxy

etc/docker/agent.df

@@ -1,23 +1,26 @@
-FROM openjdk:8-jre-alpine
+FROM adoptopenjdk/openjdk11:alpine-jre
 MAINTAINER Paul Ambrose "[email protected]"
 
 # Define the user to use in this instance to prevent using root that even in a container, can be a security risk.
 ENV APPLICATION_USER prometheus
 
 # Then add the user, create the /app folder and give permissions to our user.
-RUN adduser -D -g '' $APPLICATION_USER
+RUN adduser --disabled-password --gecos '' $APPLICATION_USER
+
 RUN mkdir /app
 RUN chown -R $APPLICATION_USER /app
 
 # Mark this container to use the specified $APPLICATION_USER
 USER $APPLICATION_USER
 
-COPY ./build/libs/prometheus-agent.jar /app/prometheus-agent.jar
+# Make /app the working directory
 WORKDIR /app
 
+COPY ./build/libs/prometheus-agent.jar /app/prometheus-agent.jar
+
 EXPOSE 8083
 EXPOSE 8093
 
 CMD []
 
-ENTRYPOINT ["java", "-server", "-XX:+UnlockExperimentalVMOptions", "-XX:+UseCGroupMemoryLimitForHeap", "-XX:InitialRAMFraction=2", "-XX:MinRAMFraction=2", "-XX:MaxRAMFraction=2", "-XX:+UseG1GC", "-XX:MaxGCPauseMillis=100", "-XX:+UseStringDeduplication", "-jar", "/app/prometheus-agent.jar"]
+ENTRYPOINT ["java", "-server", "-XX:+UnlockExperimentalVMOptions", "-XX:+UseG1GC", "-XX:MaxGCPauseMillis=100", "-XX:+UseStringDeduplication", "-jar", "/app/prometheus-agent.jar"]

etc/docker/proxy.df

@@ -1,25 +1,29 @@
-FROM openjdk:8-jre-alpine
+FROM adoptopenjdk/openjdk11:alpine-jre
 MAINTAINER Paul Ambrose "[email protected]"
 
 # Define the user to use in this instance to prevent using root that even in a container, can be a security risk.
 ENV APPLICATION_USER prometheus
 
 # Then add the user, create the /app folder and give permissions to our user.
-RUN adduser -D -g '' $APPLICATION_USER
+RUN adduser --disabled-password --gecos '' $APPLICATION_USER
+
 RUN mkdir /app
 RUN chown -R $APPLICATION_USER /app
 
 # Mark this container to use the specified $APPLICATION_USER
 USER $APPLICATION_USER
 
-COPY ./build/libs/prometheus-proxy.jar /app/prometheus-proxy.jar
+# Make /app the working directory
 WORKDIR /app
 
+COPY ./build/libs/prometheus-proxy.jar /app/prometheus-proxy.jar
+
 EXPOSE 8080
 EXPOSE 8082
 EXPOSE 8092
 EXPOSE 50051
+EXPOSE 50440
 
 CMD []
 
-ENTRYPOINT ["java", "-server", "-XX:+UnlockExperimentalVMOptions", "-XX:+UseCGroupMemoryLimitForHeap", "-XX:InitialRAMFraction=2", "-XX:MinRAMFraction=2", "-XX:MaxRAMFraction=2", "-XX:+UseG1GC", "-XX:MaxGCPauseMillis=100", "-XX:+UseStringDeduplication", "-jar", "/app/prometheus-proxy.jar"]
+ENTRYPOINT ["java", "-server", "-XX:+UnlockExperimentalVMOptions", "-XX:+UseG1GC", "-XX:MaxGCPauseMillis=100", "-XX:+UseStringDeduplication", "-jar", "/app/prometheus-proxy.jar"]

examples/tls-no-mutual-auth.conf

@@ -0,0 +1,26 @@
+proxy {
+
+  agent.port = 50440
+
+  tls {
+    certChainFilePath = "testing/certs/server1.pem"       // Server certificate chain file path
+    privateKeyFilePath = "testing/certs/server1.key"      // Server private key file path
+    trustCertCollectionFilePath = ""                      // Trust certificate collection file path
+  }
+}
+
+agent {
+
+  proxy {
+    hostname = "localhost"                                // Proxy hostname
+    port = 50440                                          // Proxy port
+  }
+
+  // Only trustCertCollectionFilePath is required on the client with TLS (no mutual authentication)
+  tls {
+    overrideAuthority = "foo.test.google.fr"              // Override authority (for testing only)
+    certChainFilePath = ""                                // Client certificate chain file path
+    privateKeyFilePath = ""                               // Client private key file path
+    trustCertCollectionFilePath = "testing/certs/ca.pem"  // Trust certificate collection file path
+  }
+}

examples/tls-with-mutual-auth.conf

@@ -0,0 +1,26 @@
+proxy {
+
+  agent.port = 50440
+
+  tls {
+    certChainFilePath = "testing/certs/server1.pem"       // Server certificate chain file path
+    privateKeyFilePath = "testing/certs/server1.key"      // Server private key file path
+    trustCertCollectionFilePath = "testing/certs/ca.pem"  // Trust certificate collection file path
+  }
+}
+
+agent {
+
+  proxy {
+    hostname = "localhost"                                // Proxy hostname
+    port = 50440                                          // Proxy port
+  }
+
+  // Only trustCertCollectionFilePath is required on the client with TLS (with mutual authentication)
+  tls {
+    overrideAuthority = "foo.test.google.fr"              // Override authority (for testing only)
+    certChainFilePath = "testing/certs/client.pem"        // Client certificate chain file path
+    privateKeyFilePath = "testing/certs/client.key"       // Client private key file path
+    trustCertCollectionFilePath = "testing/certs/ca.pem"  // Trust certificate collection file path
+  }
+}

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
-#Tue Nov 12 10:30:24 PST 2019
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.0-all.zip
+#Fri Nov 22 10:04:40 PST 2019
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.0.1-all.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStorePath=wrapper/dists