Add default TLS client cert and key paths for Prometheus input and receiver (#1510)

Author: musa-asad

plugins/inputs/prometheus/metrics_receiver_test.go

@@ -132,7 +132,7 @@ func Test_loadConfigFromFileWithTargetAllocator(t *testing.T) {
 	assert.NoError(t, err)
 	assert.True(t, taManager.enabled)
 	assert.Equal(t, taManager.config.TargetAllocator.CollectorID, "collector-1")
-	assert.Equal(t, taManager.config.TargetAllocator.TLSSetting.CAFile, DEFAULT_TLS_CA_FILE_PATH)
+	assert.Equal(t, taManager.config.TargetAllocator.TLSSetting.CAFile, DefaultTLSCaFilePath)
 
 }
 

plugins/inputs/prometheus/target_allocator.go

@@ -30,7 +30,11 @@ import (
 	"github.com/aws/amazon-cloudwatch-agent/cfg/envconfig"
 )
 
-var DEFAULT_TLS_CA_FILE_PATH = filepath.Join("/etc", "amazon-cloudwatch-observability-agent-cert", "tls-ca.crt")
+var (
+	DefaultTLSCaFilePath   = filepath.Join("/etc", "amazon-cloudwatch-observability-agent-cert", "tls-ca.crt")
+	DefaultTLSCertFilePath = filepath.Join("/etc", "amazon-cloudwatch-observability-agent-ta-client-cert", "client.crt")
+	DefaultTLSKeyFilePath  = filepath.Join("/etc", "amazon-cloudwatch-observability-agent-ta-client-cert", "client.key")
+)
 
 const DEFAULT_TLS_RELOAD_INTERVAL_SECONDS = 10 * time.Second
 
@@ -149,7 +153,9 @@ func (tam *TargetAllocatorManager) loadConfig(filename string) error {
 		return nil // no target allocator return
 	}
 	//has target allocator
-	tam.config.TargetAllocator.TLSSetting.CAFile = DEFAULT_TLS_CA_FILE_PATH
+	tam.config.TargetAllocator.TLSSetting.CAFile = DefaultTLSCaFilePath
+	tam.config.TargetAllocator.TLSSetting.CertFile = DefaultTLSCertFilePath
+	tam.config.TargetAllocator.TLSSetting.KeyFile = DefaultTLSKeyFilePath
 	tam.config.TargetAllocator.TLSSetting.ReloadInterval = DEFAULT_TLS_RELOAD_INTERVAL_SECONDS
 	return nil
 }

translator/translate/otel/receiver/prometheus/translator.go

@@ -21,7 +21,9 @@ import (
 
 const (
 	otelConfigParsingError = "has invalid keys: global"
-	defaultTlsCaPath       = "/etc/amazon-cloudwatch-observability-agent-cert/tls-ca.crt"
+	defaultTLSCaPath       = "/etc/amazon-cloudwatch-observability-agent-cert/tls-ca.crt"
+	defaultTLSCertPath     = "/etc/amazon-cloudwatch-observability-agent-ta-client-cert/client.crt"
+	defaultTLSKeyPath      = "/etc/amazon-cloudwatch-observability-agent-ta-client-cert/client.key"
 )
 
 var (
@@ -92,9 +94,11 @@ func (t *translator) Translate(conf *confmap.Conf) (component.Config, error) {
 		cfg.PrometheusConfig.TracingConfig = promCfg.TracingConfig
 	} else {
 		// given prometheus config is in otel format so check if target allocator is being used
-		// then add the default cert for TargetAllocator
+		// then add the default ca, cert, and key for TargetAllocator
 		if cfg.TargetAllocator != nil && len(cfg.TargetAllocator.CollectorID) > 0 {
-			cfg.TargetAllocator.TLSSetting.Config.CAFile = defaultTlsCaPath
+			cfg.TargetAllocator.TLSSetting.Config.CAFile = defaultTLSCaPath
+			cfg.TargetAllocator.TLSSetting.Config.CertFile = defaultTLSCertPath
+			cfg.TargetAllocator.TLSSetting.Config.KeyFile = defaultTLSKeyPath
 			cfg.TargetAllocator.TLSSetting.ReloadInterval = 10 * time.Second
 		}
 	}

translator/translate/otel/receiver/prometheus/translator_test.go

@@ -80,7 +80,9 @@ func TestTranslator(t *testing.T) {
 					ClientConfig: confighttp.ClientConfig{
 						TLSSetting: configtls.ClientConfig{
 							Config: configtls.Config{
-								CAFile:         defaultTlsCaPath,
+								CAFile:         defaultTLSCaPath,
+								CertFile:       defaultTLSCertPath,
+								KeyFile:        defaultTLSKeyPath,
 								ReloadInterval: 10 * time.Second,
 							},
 						},