search

prometheus / prometheus

The Prometheus monitoring system and time series database.
https://prometheus.io/
Apache License 2.0
54.9k stars 9.04k forks source link

client_allowed_sans is not working #12400

Open duj4 opened 1 year ago

duj4 commented 1 year ago

What did you do?

I tried to enable client_allowed_sans in web-config.file so that in mTLS it could verify the client hostname.

What did you expect to see?

I hope this could work.

What did you see instead? Under which circumstances?

Prometheus complained error as below: msg="Unable to parse configuration" err="yaml: unmarshal errors:\n line 8: field client_allowed_sans not found in type web.TLSStruct".

System information

Linux 4.18.0-425.19.2.el8_7.x86_64 x86_64

Prometheus version

prometheus, version 2.44.0
  build user: root@739e8181c5db
  build date: 20230514-06:18:11
  go version: go1.20.4
  platform: linux/amd64
  tags: netgo,builtinassets,stringlabels

Prometheus configuration file

web-config.yml:
tls_server_config:
  cert_file: <path-to-cert>
  key_file: <path-to-key>

  client_allowed_sans:
  - <client_hostname>

  client_auth_type: RequireAndVerifyClientCert
  client_ca_file: <path-to-ca>

Alertmanager version

N/A

Alertmanager configuration file

N/A

Logs

msg="Unable to parse configuration" err="yaml: unmarshal errors:\n line 8: field client_allowed_sans not found in type web.TLSStruct".
rgroothuijsen commented 1 year ago

Should work now, as the required dependencies have been updated. This was a new field added in exporter-toolkit 0.10.0, and until recently the Prometheus dependency was at 0.9.1.

duj4 commented 1 year ago

Should work now, as the required dependencies have been updated. This was a new field added in exporter-toolkit 0.10.0, and until recently the Prometheus dependency was at 0.9.1.

Thanks @rgroothuijsen , yes it is working after upgrading Prometheus to 2.45.0, any news about when Alertmanager will support this?