diff --git a/plugins/inputs/prometheus/metrics_receiver_test.go b/plugins/inputs/prometheus/metrics_receiver_test.go index 8865798cb8..b3c683468d 100644 --- a/plugins/inputs/prometheus/metrics_receiver_test.go +++ b/plugins/inputs/prometheus/metrics_receiver_test.go @@ -132,7 +132,7 @@ func Test_loadConfigFromFileWithTargetAllocator(t *testing.T) { assert.NoError(t, err) assert.True(t, taManager.enabled) assert.Equal(t, taManager.config.TargetAllocator.CollectorID, "collector-1") - assert.Equal(t, taManager.config.TargetAllocator.TLSSetting.CAFile, DEFAULT_TLS_CA_FILE_PATH) + assert.Equal(t, taManager.config.TargetAllocator.TLSSetting.CAFile, DefaultTLSCaFilePath) } diff --git a/plugins/inputs/prometheus/target_allocator.go b/plugins/inputs/prometheus/target_allocator.go index f87a958d7e..5cee3784a9 100644 --- a/plugins/inputs/prometheus/target_allocator.go +++ b/plugins/inputs/prometheus/target_allocator.go @@ -30,7 +30,11 @@ import ( "github.com/aws/amazon-cloudwatch-agent/cfg/envconfig" ) -var DEFAULT_TLS_CA_FILE_PATH = filepath.Join("/etc", "amazon-cloudwatch-observability-agent-cert", "tls-ca.crt") +var ( + DefaultTLSCaFilePath = filepath.Join("/etc", "amazon-cloudwatch-observability-agent-cert", "tls-ca.crt") + DefaultTLSCertFilePath = filepath.Join("/etc", "amazon-cloudwatch-observability-agent-ta-client-cert", "client.crt") + DefaultTLSKeyFilePath = filepath.Join("/etc", "amazon-cloudwatch-observability-agent-ta-client-cert", "client.key") +) const DEFAULT_TLS_RELOAD_INTERVAL_SECONDS = 10 * time.Second @@ -149,7 +153,9 @@ func (tam *TargetAllocatorManager) loadConfig(filename string) error { return nil // no target allocator return } //has target allocator - tam.config.TargetAllocator.TLSSetting.CAFile = DEFAULT_TLS_CA_FILE_PATH + tam.config.TargetAllocator.TLSSetting.CAFile = DefaultTLSCaFilePath + tam.config.TargetAllocator.TLSSetting.CertFile = DefaultTLSCertFilePath + tam.config.TargetAllocator.TLSSetting.KeyFile = DefaultTLSKeyFilePath tam.config.TargetAllocator.TLSSetting.ReloadInterval = DEFAULT_TLS_RELOAD_INTERVAL_SECONDS return nil } diff --git a/translator/translate/otel/receiver/prometheus/translator.go b/translator/translate/otel/receiver/prometheus/translator.go index 656c22b143..7ed67bac93 100644 --- a/translator/translate/otel/receiver/prometheus/translator.go +++ b/translator/translate/otel/receiver/prometheus/translator.go @@ -21,7 +21,9 @@ import ( const ( otelConfigParsingError = "has invalid keys: global" - defaultTlsCaPath = "/etc/amazon-cloudwatch-observability-agent-cert/tls-ca.crt" + defaultTLSCaPath = "/etc/amazon-cloudwatch-observability-agent-cert/tls-ca.crt" + defaultTLSCertPath = "/etc/amazon-cloudwatch-observability-agent-ta-client-cert/client.crt" + defaultTLSKeyPath = "/etc/amazon-cloudwatch-observability-agent-ta-client-cert/client.key" ) var ( @@ -92,9 +94,11 @@ func (t *translator) Translate(conf *confmap.Conf) (component.Config, error) { cfg.PrometheusConfig.TracingConfig = promCfg.TracingConfig } else { // given prometheus config is in otel format so check if target allocator is being used - // then add the default cert for TargetAllocator + // then add the default ca, cert, and key for TargetAllocator if cfg.TargetAllocator != nil && len(cfg.TargetAllocator.CollectorID) > 0 { - cfg.TargetAllocator.TLSSetting.Config.CAFile = defaultTlsCaPath + cfg.TargetAllocator.TLSSetting.Config.CAFile = defaultTLSCaPath + cfg.TargetAllocator.TLSSetting.Config.CertFile = defaultTLSCertPath + cfg.TargetAllocator.TLSSetting.Config.KeyFile = defaultTLSKeyPath cfg.TargetAllocator.TLSSetting.ReloadInterval = 10 * time.Second } } diff --git a/translator/translate/otel/receiver/prometheus/translator_test.go b/translator/translate/otel/receiver/prometheus/translator_test.go index b5c5073db0..bc1251124d 100644 --- a/translator/translate/otel/receiver/prometheus/translator_test.go +++ b/translator/translate/otel/receiver/prometheus/translator_test.go @@ -80,7 +80,9 @@ func TestTranslator(t *testing.T) { ClientConfig: confighttp.ClientConfig{ TLSSetting: configtls.ClientConfig{ Config: configtls.Config{ - CAFile: defaultTlsCaPath, + CAFile: defaultTLSCaPath, + CertFile: defaultTLSCertPath, + KeyFile: defaultTLSKeyPath, ReloadInterval: 10 * time.Second, }, },