kubernetes-sigs/prometheus-adapter
1
0
Fork 1
mirror of https://github.com/kubernetes-sigs/prometheus-adapter.git synced 2026-04-06 01:38:10 +00:00
Code Issues Projects Releases Packages Activity Actions

Set MinVersion: tls.VersionTLS12 in prometheus client's TLSClientConfig

Browse source 
Having no explicit MinVersion is reported by [gosec] as G402 (CWE-295):
`TLS MinVersion too low`

Using MinVersion: tls.VersionTLS12 because it's what client-go uses:
cf 1ac8d45935/transport/transport.go (L92)

That way, the Kubernetes API client and the Prometheus client in
prometheus-adapter use the same TLS config MinVersion.

[gosec]: https://github.com/securego/gosec
This commit is contained in:
Olivier Lemasle 2022-11-28 23:18:51 +01:00
parent 8958457968
commit dc0c0058d0
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cmd/adapter/adapter.go
View file

@ -408,10 +408,10 @@ func makePrometheusCAClient(caFilePath string, tlsCertFilePath string, tlsKeyFil
} }
return &http.Client{ return &http.Client{
Transport: &http.Transport{ Transport: &http.Transport{
//nolint:gosec
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
RootCAs: pool, RootCAs: pool,
Certificates: []tls.Certificate{tlsClientCerts}, Certificates: []tls.Certificate{tlsClientCerts},
MinVersion: tls.VersionTLS12,
}, },
}, },
}, nil }, nil
@ -419,9 +419,9 @@ func makePrometheusCAClient(caFilePath string, tlsCertFilePath string, tlsKeyFil
return &http.Client{ return &http.Client{
Transport: &http.Transport{ Transport: &http.Transport{
//nolint:gosec
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
RootCAs: pool, RootCAs: pool,
MinVersion: tls.VersionTLS12,
}, },
}, },
}, nil }, nil