gatus/client/config.go

package client

import (
	"context"
	"crypto/tls"
	"errors"
	"log"
	"net"
	"net/http"
	"regexp"
	"strconv"
	"time"

	"golang.org/x/oauth2"
	"golang.org/x/oauth2/clientcredentials"
)

const (
	defaultHTTPTimeout = 10 * time.Second
)

var (
	ErrInvalidDNSResolver        = errors.New("invalid DNS resolver specified. Required format is {proto}://{ip}:{port}")
	ErrInvalidDNSResolverPort    = errors.New("invalid DNS resolver port")
	ErrInvalidClientOAuth2Config = errors.New("invalid oauth2 configuration: must define all fields for client credentials flow (token-url, client-id, client-secret, scopes)")

	defaultConfig = Config{
		Insecure:       false,
		IgnoreRedirect: false,
		Timeout:        defaultHTTPTimeout,
	}
)

// GetDefaultConfig returns a copy of the default configuration
func GetDefaultConfig() *Config {
	cfg := defaultConfig
	return &cfg
}

// Config is the configuration for clients
type Config struct {
	// Insecure determines whether to skip verifying the server's certificate chain and host name
	Insecure bool `yaml:"insecure,omitempty"`

	// IgnoreRedirect determines whether to ignore redirects (true) or follow them (false, default)
	IgnoreRedirect bool `yaml:"ignore-redirect,omitempty"`

	// Timeout for the client
	Timeout time.Duration `yaml:"timeout"`

	// DNSResolver override for the HTTP client
	// Expected format is {protocol}://{host}:{port}, e.g. tcp://8.8.8.8:53
	DNSResolver string `yaml:"dns-resolver,omitempty"`

	// OAuth2Config is the OAuth2 configuration used for the client.
	//
	// If non-nil, the http.Client returned by getHTTPClient will automatically retrieve a token if necessary.
	// See configureOAuth2 for more details.
	OAuth2Config *OAuth2Config `yaml:"oauth2,omitempty"`

	httpClient *http.Client
}

// DNSResolverConfig is the parsed configuration from the DNSResolver config string.
type DNSResolverConfig struct {
	Protocol string
	Host     string
	Port     string
}

// OAuth2Config is the configuration for the OAuth2 client credentials flow
type OAuth2Config struct {
	TokenURL     string   `yaml:"token-url"` // e.g. https://dev-12345678.okta.com/token
	ClientID     string   `yaml:"client-id"`
	ClientSecret string   `yaml:"client-secret"`
	Scopes       []string `yaml:"scopes"` // e.g. ["openid"]
}

// ValidateAndSetDefaults validates the client configuration and sets the default values if necessary
func (c *Config) ValidateAndSetDefaults() error {
	if c.Timeout < time.Millisecond {
		c.Timeout = 10 * time.Second
	}
	if c.HasCustomDNSResolver() {
		// Validate the DNS resolver now to make sure it will not return an error later.
		if _, err := c.parseDNSResolver(); err != nil {
			return err
		}
	}
	if c.HasOAuth2Config() && !c.OAuth2Config.isValid() {
		return ErrInvalidClientOAuth2Config
	}
	return nil
}

// HasCustomDNSResolver returns whether a custom DNSResolver is configured
func (c *Config) HasCustomDNSResolver() bool {
	return len(c.DNSResolver) > 0
}

// parseDNSResolver parses the DNS resolver into the DNSResolverConfig struct
func (c *Config) parseDNSResolver() (*DNSResolverConfig, error) {
	re := regexp.MustCompile(`^(?P<proto>(.*))://(?P<host>[A-Za-z0-9\-\.]+):(?P<port>[0-9]+)?(.*)$`)
	matches := re.FindStringSubmatch(c.DNSResolver)
	if len(matches) == 0 {
		return nil, ErrInvalidDNSResolver
	}
	r := make(map[string]string)
	for i, k := range re.SubexpNames() {
		if i != 0 && k != "" {
			r[k] = matches[i]
		}
	}
	port, err := strconv.Atoi(r["port"])
	if err != nil {
		return nil, err
	}
	if port < 1 || port > 65535 {
		return nil, ErrInvalidDNSResolverPort
	}
	return &DNSResolverConfig{
		Protocol: r["proto"],
		Host:     r["host"],
		Port:     r["port"],
	}, nil
}

// HasOAuth2Config returns true if the client has OAuth2 configuration parameters
func (c *Config) HasOAuth2Config() bool {
	return c.OAuth2Config != nil
}

// isValid() returns true if the OAuth2 configuration is valid
func (c *OAuth2Config) isValid() bool {
	return len(c.TokenURL) > 0 && len(c.ClientID) > 0 && len(c.ClientSecret) > 0 && len(c.Scopes) > 0
}

// GetHTTPClient return an HTTP client matching the Config's parameters.
func (c *Config) getHTTPClient() *http.Client {
	if c.httpClient == nil {
		c.httpClient = &http.Client{
			Timeout: c.Timeout,
			Transport: &http.Transport{
				MaxIdleConns:        100,
				MaxIdleConnsPerHost: 20,
				Proxy:               http.ProxyFromEnvironment,
				TLSClientConfig: &tls.Config{
					InsecureSkipVerify: c.Insecure,
				},
			},
			CheckRedirect: func(req *http.Request, via []*http.Request) error {
				if c.IgnoreRedirect {
					// Don't follow redirects
					return http.ErrUseLastResponse
				}
				// Follow redirects
				return nil
			},
		}
		if c.HasCustomDNSResolver() {
			dnsResolver, err := c.parseDNSResolver()
			if err != nil {
				// We're ignoring the error, because it should have been validated on startup ValidateAndSetDefaults.
				// It shouldn't happen, but if it does, we'll log it... Better safe than sorry ;)
				log.Println("[client][getHTTPClient] THIS SHOULD NOT HAPPEN. Silently ignoring invalid DNS resolver due to error:", err.Error())
			} else {
				dialer := &net.Dialer{
					Resolver: &net.Resolver{
						PreferGo: true,
						Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
							d := net.Dialer{}
							return d.DialContext(ctx, dnsResolver.Protocol, dnsResolver.Host+":"+dnsResolver.Port)
						},
					},
				}
				c.httpClient.Transport.(*http.Transport).DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
					return dialer.DialContext(ctx, network, addr)
				}
			}
		}
		if c.HasOAuth2Config() {
			c.httpClient = configureOAuth2(c.httpClient, *c.OAuth2Config)
		}
	}
	return c.httpClient
}

// configureOAuth2 returns an HTTP client that will obtain and refresh tokens as necessary.
// The returned Client and its Transport should not be modified.
func configureOAuth2(httpClient *http.Client, c OAuth2Config) *http.Client {
	oauth2cfg := clientcredentials.Config{
		ClientID:     c.ClientID,
		ClientSecret: c.ClientSecret,
		Scopes:       c.Scopes,
		TokenURL:     c.TokenURL,
	}
	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, httpClient)
	return oauth2cfg.Client(ctx)
}
#126: Add client configuration 2021-07-29 03:41:26 +02:00			`package client`

			`import (`
feat(client): OAuth2 Client credential support (#259) * Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments 2022-03-10 02:53:51 +01:00			`"context"`
#126: Add client configuration 2021-07-29 03:41:26 +02:00			`"crypto/tls"`
feat(client): OAuth2 Client credential support (#259) * Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments 2022-03-10 02:53:51 +01:00			`"errors"`
refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`"log"`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`"net"`
#126: Add client configuration 2021-07-29 03:41:26 +02:00			`"net/http"`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`"regexp"`
refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`"strconv"`
#126: Add client configuration 2021-07-29 03:41:26 +02:00			`"time"`
feat(client): OAuth2 Client credential support (#259) * Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments 2022-03-10 02:53:51 +01:00
			`"golang.org/x/oauth2"`
			`"golang.org/x/oauth2/clientcredentials"`
#126: Add client configuration 2021-07-29 03:41:26 +02:00			`)`

			`const (`
			`defaultHTTPTimeout = 10 * time.Second`
			`)`

			`var (`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`ErrInvalidDNSResolver = errors.New("invalid DNS resolver specified. Required format is {proto}://{ip}:{port}")`
refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`ErrInvalidDNSResolverPort = errors.New("invalid DNS resolver port")`
chore: Improve oauth2 configuration error 2022-12-16 05:25:37 +01:00			`ErrInvalidClientOAuth2Config = errors.New("invalid oauth2 configuration: must define all fields for client credentials flow (token-url, client-id, client-secret, scopes)")`
refactor: Align new code from #259 with existing code 2022-03-10 03:05:57 +01:00
#126: Add client configuration 2021-07-29 03:41:26 +02:00			`defaultConfig = Config{`
			`Insecure: false,`
			`IgnoreRedirect: false,`
			`Timeout: defaultHTTPTimeout,`
			`}`
			`)`

			`// GetDefaultConfig returns a copy of the default configuration`
			`func GetDefaultConfig() *Config {`
			`cfg := defaultConfig`
			`return &cfg`
			`}`

			`// Config is the configuration for clients`
			`type Config struct {`
			`// Insecure determines whether to skip verifying the server's certificate chain and host name`
refactor: Align new code from #259 with existing code 2022-03-10 03:05:57 +01:00			Insecure bool `yaml:"insecure,omitempty"`
#126: Add client configuration 2021-07-29 03:41:26 +02:00
			`// IgnoreRedirect determines whether to ignore redirects (true) or follow them (false, default)`
refactor: Align new code from #259 with existing code 2022-03-10 03:05:57 +01:00			IgnoreRedirect bool `yaml:"ignore-redirect,omitempty"`
#126: Add client configuration 2021-07-29 03:41:26 +02:00
			`// Timeout for the client`
			Timeout time.Duration `yaml:"timeout"`

refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`// DNSResolver override for the HTTP client`
chore: Replace 1.1.1.1 by 8.8.8.8 everywhere due to 1.1.1.1 being unreliable 2022-11-16 03:48:14 +01:00			`// Expected format is {protocol}://{host}:{port}, e.g. tcp://8.8.8.8:53`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			DNSResolver string `yaml:"dns-resolver,omitempty"`

refactor: Align new code from #259 with existing code 2022-03-10 03:05:57 +01:00			`// OAuth2Config is the OAuth2 configuration used for the client.`
			`//`
			`// If non-nil, the http.Client returned by getHTTPClient will automatically retrieve a token if necessary.`
			`// See configureOAuth2 for more details.`
feat(client): OAuth2 Client credential support (#259) * Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments 2022-03-10 02:53:51 +01:00			OAuth2Config *OAuth2Config `yaml:"oauth2,omitempty"`

#126: Add client configuration 2021-07-29 03:41:26 +02:00			`httpClient *http.Client`
			`}`

feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`// DNSResolverConfig is the parsed configuration from the DNSResolver config string.`
			`type DNSResolverConfig struct {`
			`Protocol string`
			`Host string`
			`Port string`
			`}`

feat(client): OAuth2 Client credential support (#259) * Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments 2022-03-10 02:53:51 +01:00			`// OAuth2Config is the configuration for the OAuth2 client credentials flow`
			`type OAuth2Config struct {`
			TokenURL string `yaml:"token-url"` // e.g. https://dev-12345678.okta.com/token
			ClientID string `yaml:"client-id"`
			ClientSecret string `yaml:"client-secret"`
			Scopes []string `yaml:"scopes"` // e.g. ["openid"]
			`}`

#126: Add client configuration 2021-07-29 03:41:26 +02:00			`// ValidateAndSetDefaults validates the client configuration and sets the default values if necessary`
feat(client): OAuth2 Client credential support (#259) * Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments 2022-03-10 02:53:51 +01:00			`func (c *Config) ValidateAndSetDefaults() error {`
#126: Add client configuration 2021-07-29 03:41:26 +02:00			`if c.Timeout < time.Millisecond {`
			`c.Timeout = 10 * time.Second`
			`}`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`if c.HasCustomDNSResolver() {`
refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`// Validate the DNS resolver now to make sure it will not return an error later.`
			`if _, err := c.parseDNSResolver(); err != nil {`
			`return err`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`}`
			`}`
feat(client): OAuth2 Client credential support (#259) * Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments 2022-03-10 02:53:51 +01:00			`if c.HasOAuth2Config() && !c.OAuth2Config.isValid() {`
			`return ErrInvalidClientOAuth2Config`
			`}`
			`return nil`
			`}`

refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`// HasCustomDNSResolver returns whether a custom DNSResolver is configured`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`func (c *Config) HasCustomDNSResolver() bool {`
			`return len(c.DNSResolver) > 0`
			`}`

refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`// parseDNSResolver parses the DNS resolver into the DNSResolverConfig struct`
			`func (c Config) parseDNSResolver() (DNSResolverConfig, error) {`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			re := regexp.MustCompile(`^(?P<proto>(.))://(?P<host>[A-Za-z0-9\-\.]+):(?P<port>[0-9]+)?(.)$`)
			`matches := re.FindStringSubmatch(c.DNSResolver)`
			`if len(matches) == 0 {`
refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`return nil, ErrInvalidDNSResolver`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`}`
			`r := make(map[string]string)`
			`for i, k := range re.SubexpNames() {`
			`if i != 0 && k != "" {`
			`r[k] = matches[i]`
			`}`
			`}`
refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`port, err := strconv.Atoi(r["port"])`
			`if err != nil {`
			`return nil, err`
			`}`
			`if port < 1 \|\| port > 65535 {`
			`return nil, ErrInvalidDNSResolverPort`
			`}`
			`return &DNSResolverConfig{`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`Protocol: r["proto"],`
			`Host: r["host"],`
			`Port: r["port"],`
			`}, nil`
			`}`

feat(client): OAuth2 Client credential support (#259) * Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments 2022-03-10 02:53:51 +01:00			`// HasOAuth2Config returns true if the client has OAuth2 configuration parameters`
			`func (c *Config) HasOAuth2Config() bool {`
			`return c.OAuth2Config != nil`
			`}`

			`// isValid() returns true if the OAuth2 configuration is valid`
			`func (c *OAuth2Config) isValid() bool {`
			`return len(c.TokenURL) > 0 && len(c.ClientID) > 0 && len(c.ClientSecret) > 0 && len(c.Scopes) > 0`
#126: Add client configuration 2021-07-29 03:41:26 +02:00			`}`

Rename Service to Endpoint (#192) * Add clarifications in comments * #191: Rename Service to Endpoint 2021-10-23 22:47:12 +02:00			`// GetHTTPClient return an HTTP client matching the Config's parameters.`
Fix #146: Alerting causes panic with some providers 2021-07-30 00:13:37 +02:00			`func (c Config) getHTTPClient() http.Client {`
#126: Add client configuration 2021-07-29 03:41:26 +02:00			`if c.httpClient == nil {`
			`c.httpClient = &http.Client{`
			`Timeout: c.Timeout,`
			`Transport: &http.Transport{`
			`MaxIdleConns: 100,`
			`MaxIdleConnsPerHost: 20,`
			`Proxy: http.ProxyFromEnvironment,`
			`TLSClientConfig: &tls.Config{`
			`InsecureSkipVerify: c.Insecure,`
			`},`
			`},`
			`CheckRedirect: func(req http.Request, via []http.Request) error {`
			`if c.IgnoreRedirect {`
			`// Don't follow redirects`
			`return http.ErrUseLastResponse`
			`}`
			`// Follow redirects`
			`return nil`
			`},`
			`}`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`if c.HasCustomDNSResolver() {`
refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`dnsResolver, err := c.parseDNSResolver()`
			`if err != nil {`
			`// We're ignoring the error, because it should have been validated on startup ValidateAndSetDefaults.`
			`// It shouldn't happen, but if it does, we'll log it... Better safe than sorry ;)`
			`log.Println("[client][getHTTPClient] THIS SHOULD NOT HAPPEN. Silently ignoring invalid DNS resolver due to error:", err.Error())`
			`} else {`
			`dialer := &net.Dialer{`
			`Resolver: &net.Resolver{`
			`PreferGo: true,`
			`Dial: func(ctx context.Context, network, address string) (net.Conn, error) {`
			`d := net.Dialer{}`
			`return d.DialContext(ctx, dnsResolver.Protocol, dnsResolver.Host+":"+dnsResolver.Port)`
			`},`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`},`
refactor(client): Clean up client dns resolver 2022-06-14 01:16:34 +02:00			`}`
			`c.httpClient.Transport.(*http.Transport).DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {`
			`return dialer.DialContext(ctx, network, addr)`
			`}`
feat(client): Added client configuration option for using a custom DNS resolver (#284) 2022-06-13 00:45:08 +02:00			`}`
			`}`
feat(client): OAuth2 Client credential support (#259) * Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments 2022-03-10 02:53:51 +01:00			`if c.HasOAuth2Config() {`
			`c.httpClient = configureOAuth2(c.httpClient, *c.OAuth2Config)`
			`}`
#126: Add client configuration 2021-07-29 03:41:26 +02:00			`}`
			`return c.httpClient`
			`}`
feat(client): OAuth2 Client credential support (#259) * Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments 2022-03-10 02:53:51 +01:00
			`// configureOAuth2 returns an HTTP client that will obtain and refresh tokens as necessary.`
			`// The returned Client and its Transport should not be modified.`
			`func configureOAuth2(httpClient http.Client, c OAuth2Config) http.Client {`
			`oauth2cfg := clientcredentials.Config{`
			`ClientID: c.ClientID,`
			`ClientSecret: c.ClientSecret,`
			`Scopes: c.Scopes,`
			`TokenURL: c.TokenURL,`
			`}`
			`ctx := context.WithValue(context.Background(), oauth2.HTTPClient, httpClient)`
			`return oauth2cfg.Client(ctx)`
			`}`