From 43a41ff975ed5eb717cefa4f49ff56064a0c2cf2 Mon Sep 17 00:00:00 2001 From: Argyrios Samourkasidis Date: Mon, 23 Oct 2023 21:32:59 +0200 Subject: [PATCH] PR review comments and README.rst - [script.py]: Remove `from ssl import SSLContext` statement. Close ssl related FileType objects. - [README.rst]: Add references to the SSL arguments --- README.rst | 9 ++++++++- prometheus_aioexporter/script.py | 7 ++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/README.rst b/README.rst index 7052c08..007f9c1 100644 --- a/README.rst +++ b/README.rst @@ -14,7 +14,7 @@ Usage ----- The library provides a ``PrometheusExporterScript`` class that serves as an -entry point to create services that export Prometheus metrics via an HTTP +entry point to create services that export Prometheus metrics via an HTTP(s) endpoint. Creating a new exporter is just a matter of subclassing @@ -79,6 +79,9 @@ Exporter command-line -L {CRITICAL,ERROR,WARNING,INFO,DEBUG}, --log-level {CRITICAL,ERROR,WARNING,INFO,DEBUG} minimum level for log messages (default: WARNING) --process-stats include process stats in metrics (default: False) + --ssl-private-key full path to the ssl private key + --ssl-public-key full path to the ssl public key + --ssl-ca full path to the ssl certificate authority (CA) Further options can be added by implementing ``configure_argument_parser()``, @@ -87,6 +90,10 @@ which receives the ``argparse.ArgumentParser`` instance used by the script. The ``script`` variable from the example above can be referenced in ``pyproject.toml`` to generate the script, like +In order to serve metrics on the HTTPs endpoint both ``ssl-private-key`` and +``ssl-public-key`` need to be define. The ssl certificate authority +(i.e. ``ssl-ca``) is optional. + .. code:: toml [project.scripts] diff --git a/prometheus_aioexporter/script.py b/prometheus_aioexporter/script.py index 5b22d4d..21a5302 100644 --- a/prometheus_aioexporter/script.py +++ b/prometheus_aioexporter/script.py @@ -4,7 +4,6 @@ from collections.abc import Iterable import logging import ssl -from ssl import SSLContext import sys from typing import IO @@ -181,19 +180,21 @@ def _configure_registry(self, include_process_stats: bool = False) -> None: ProcessCollector(registry=None) ) - def _get_ssl_context(self, args: argparse.Namespace) -> SSLContext | None: + def _get_ssl_context(self, args: argparse.Namespace) -> ssl.SSLContext | None: if args.ssl_private_key is None or args.ssl_public_key is None: return None cafile = None if args.ssl_ca: cafile = args.ssl_ca.name + args.ssl_ca.close() ssl_context = ssl.create_default_context( purpose=ssl.Purpose.CLIENT_AUTH, cafile=cafile ) ssl_context.load_cert_chain( args.ssl_public_key.name, args.ssl_private_key.name ) - + args.ssl_public_key.close() + args.ssl_private_key.close() return ssl_context def _get_exporter(self, args: argparse.Namespace) -> PrometheusExporter: