kubernetes-sigs/prometheus-adapter
1
0
Fork 1
mirror of https://github.com/kubernetes-sigs/prometheus-adapter.git synced 2026-04-05 17:27:51 +00:00
Code Issues Projects Releases Packages Activity Actions

Set MinVersion: tls.VersionTLS12 in prometheus client's TLSClientConfig

Browse source 
Having no explicit MinVersion is reported by [gosec] as G402 (CWE-295):
`TLS MinVersion too low`

Using MinVersion: tls.VersionTLS12 because it's what client-go uses:
cf 1ac8d45935/transport/transport.go (L92)

That way, the Kubernetes API client and the Prometheus client in
prometheus-adapter use the same TLS config MinVersion.

[gosec]: https://github.com/securego/gosec
This commit is contained in:
Olivier Lemasle 2022-11-28 23:18:51 +01:00
parent 8958457968
commit dc0c0058d0
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cmd/adapter/adapter.go
View file

@ -408,10 +408,10 @@ func makePrometheusCAClient(caFilePath string, tlsCertFilePath string, tlsKeyFil
}
return &http.Client{
Transport: &http.Transport{
//nolint:gosec
TLSClientConfig: &tls.Config{
RootCAs: pool,
Certificates: []tls.Certificate{tlsClientCerts},
MinVersion: tls.VersionTLS12,
},
},
}, nil
@ -419,9 +419,9 @@ func makePrometheusCAClient(caFilePath string, tlsCertFilePath string, tlsKeyFil
return &http.Client{
Transport: &http.Transport{
//nolint:gosec
TLSClientConfig: &tls.Config{
RootCAs: pool,
RootCAs: pool,
MinVersion: tls.VersionTLS12,
},
},
}, nil