client_python icon indicating copy to clipboard operation
client_python copied to clipboard

Published 20 hours ago verified publisher icon prometheus

Promethues client_python doesn't support TLS as well as authentication

Open sriharshabm opened this issue 3 years ago • 6 comments

Current Prometheus client_python does support basic auth towards pushgateway but it doesn't support TLS as well as authentication towards prometheus server. Is there any plan to support it? Will it be accepted if we are ready to contribute?

sriharshabm avatar Feb 01 '22 17:02 sriharshabm

Hello, I assume you are referring to start_http_server, in which case there are no plans to support it right now. The goal of that function is to keep it as basic as possible and for more advanced use cases users should set up the server themselves.

csmarchbanks avatar Feb 02 '22 16:02 csmarchbanks

I was reading this I think I got so confused - https://github.com/prometheus/client_python/pull/120

So, my point is that when the OP mentioned "it doesn't support TLS as well as authentication towards prometheus server" I was wondering if it would be possible to have TLS enabled on the pushgateway server. The answer is YES.

However, how in God's name is the handler supposed to be configured in order to pass on the certificate/key or a bundle on the client side in order for the TLS portion to actually work? I mean, the implementations of basic_auth_handler and default_handler are only using basic_auth (username / pwd) to authenticate? Am I missing something? Or is this the case where I literally have to create my own handler?

fernandino143 avatar Sep 06 '22 13:09 fernandino143

Rereading this issue, I think it is covering two separate things:

  1. Lack of TLS authentication when using the pushgateway. I would be happy to accept a change to add a TLS handler for push gateway.
  2. Lack of Authentication for Prometheus scraping - this client has no plans to support auth when serving metrics via start_http_server.

csmarchbanks avatar Sep 06 '22 19:09 csmarchbanks

I would love to help (1) but I'm getting humiliated when trying to create one myself when using the latest python client

fernandino143 avatar Sep 07 '22 12:09 fernandino143

@fernandino143 I created https://github.com/prometheus/client_python/pull/841 to support this, would you mind giving it a try on your system? Any feedback on how it is implemented/the arguments is also welcome!

csmarchbanks avatar Sep 20 '22 19:09 csmarchbanks

Yep. That's very similar to the one I had in https://github.com/prometheus/client_python/pull/838 and closed it (internal stuff). But you made it look good. Give me a few moments to test this properly, but I think it does the trick.

fernandino143 avatar Sep 21 '22 13:09 fernandino143