check basic auth username and password set

Add check to ensure basic auth username and password are both set or both
unset. It isn't valid to set one without the other.
Update README file to include the new CLI parameters.
This commit is contained in:
Hector 2022-01-12 22:05:27 +00:00
parent e3d8c1e0e5
commit e176a3ea22
2 changed files with 16 additions and 8 deletions

View File

@ -39,18 +39,22 @@ See the [releases page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-expo
``` ```
$ fail2ban-prometheus-exporter -h $ fail2ban-prometheus-exporter -h
-web.listen-address string -collector.textfile
address to use for metrics server (default 0.0.0.0) enable the textfile collector
-collector.textfile.directory string
directory to read text files with metrics from
-port int -port int
port to use for the metrics server (default 9191) port to use for the metrics server (default 9191)
-socket string -socket string
path to the fail2ban server socket path to the fail2ban server socket
-version -version
show version info and exit show version info and exit
-collector.textfile -web.basic-auth.password string
enable the textfile collector password to use to protect endpoints with basic auth
-collector.textfile.directory string -web.basic-auth.username string
directory to read text files with metrics from username to use to protect endpoints with basic auth
-web.listen-address string
address to use for the metrics server (default "0.0.0.0")
``` ```
**Example** **Example**

View File

@ -30,8 +30,8 @@ func Parse() *AppSettings {
flag.StringVar(&appSettings.Fail2BanSocketPath, "socket", "", "path to the fail2ban server socket") flag.StringVar(&appSettings.Fail2BanSocketPath, "socket", "", "path to the fail2ban server socket")
flag.BoolVar(&appSettings.FileCollectorEnabled, "collector.textfile", false, "enable the textfile collector") flag.BoolVar(&appSettings.FileCollectorEnabled, "collector.textfile", false, "enable the textfile collector")
flag.StringVar(&appSettings.FileCollectorPath, "collector.textfile.directory", "", "directory to read text files with metrics from") flag.StringVar(&appSettings.FileCollectorPath, "collector.textfile.directory", "", "directory to read text files with metrics from")
flag.StringVar(&appSettings.BasicAuthUsername, "web.basic-auth.username", "", "set username for basic auth") flag.StringVar(&appSettings.BasicAuthUsername, "web.basic-auth.username", "", "username to use to protect endpoints with basic auth")
flag.StringVar(&appSettings.BasicAuthPassword, "web.basic-auth.password", "", "set password for basic auth") flag.StringVar(&appSettings.BasicAuthPassword, "web.basic-auth.password", "", "password to use to protect endpoints with basic auth")
flag.Parse() flag.Parse()
appSettings.validateFlags() appSettings.validateFlags()
@ -54,6 +54,10 @@ func (settings *AppSettings) validateFlags() {
fmt.Printf("file collector directory path must not be empty if collector enabled\n") fmt.Printf("file collector directory path must not be empty if collector enabled\n")
flagsValid = false flagsValid = false
} }
if (len(settings.BasicAuthUsername) > 0) != (len(settings.BasicAuthPassword) > 0) {
fmt.Printf("to enable basic auth both the username and the password must be provided")
flagsValid = false
}
} }
if !flagsValid { if !flagsValid {
flag.Usage() flag.Usage()