diff --git a/CHANGELOG.md b/CHANGELOG.md index c2aecab50d25..103fb003ebee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -95,6 +95,9 @@ Main (unreleased) - Updated docs for MSSQL Integration to show additional authentication capabilities. (@StefanKurek) +- `grafana-agent` and `grafana-agent-flow` fallback to default X.509 trusted root certificates + when the `GODEBUG=x509usefallbackroots=1` environment variable is set. (@hainenber) + v0.39.2 (2024-1-31) -------------------- diff --git a/cmd/grafana-agent-flow/main.go b/cmd/grafana-agent-flow/main.go index e64f007a9e38..60ad1707f0dd 100644 --- a/cmd/grafana-agent-flow/main.go +++ b/cmd/grafana-agent-flow/main.go @@ -17,6 +17,10 @@ import ( // Register integrations _ "github.com/grafana/agent/pkg/integrations/install" + + // Embed a set of fallback X.509 trusted roots + // Allows the app to work correctly even when the OS does not provide a verifier or systems roots pool + _ "golang.org/x/crypto/x509roots/fallback" ) func init() { diff --git a/cmd/grafana-agent/main.go b/cmd/grafana-agent/main.go index f2aa40fc860e..976d5654812c 100644 --- a/cmd/grafana-agent/main.go +++ b/cmd/grafana-agent/main.go @@ -21,6 +21,10 @@ import ( // Register integrations _ "github.com/grafana/agent/pkg/integrations/install" + + // Embed a set of fallback X.509 trusted roots + // Allows the app to work correctly even when the OS does not provide a verifier or systems roots pool + _ "golang.org/x/crypto/x509roots/fallback" ) func init() { diff --git a/go.mod b/go.mod index eee36bc67aa4..207afe279450 100644 --- a/go.mod +++ b/go.mod @@ -616,6 +616,7 @@ require ( github.com/open-telemetry/opentelemetry-collector-contrib/receiver/prometheusreceiver v0.87.0 github.com/open-telemetry/opentelemetry-collector-contrib/receiver/vcenterreceiver v0.87.0 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.42.0 + golang.org/x/crypto/x509roots/fallback v0.0.0-20240208163226-62c9f1799c91 k8s.io/apimachinery v0.28.3 ) diff --git a/go.sum b/go.sum index 73da63596501..3678d04048f4 100644 --- a/go.sum +++ b/go.sum @@ -2513,6 +2513,8 @@ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto/x509roots/fallback v0.0.0-20240208163226-62c9f1799c91 h1:Lyizcy9jX02jYR0ceBkL6S+jRys8Uepf7wt1vrz6Ras= +golang.org/x/crypto/x509roots/fallback v0.0.0-20240208163226-62c9f1799c91/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= diff --git a/pkg/flow/internal/controller/component_node_manager.go b/pkg/flow/internal/controller/component_node_manager.go index 152823da4ca5..b4f70bfd87da 100644 --- a/pkg/flow/internal/controller/component_node_manager.go +++ b/pkg/flow/internal/controller/component_node_manager.go @@ -74,3 +74,10 @@ func findLocalDeclare(reg *CustomComponentRegistry, componentName string) (ast.B } return nil, nil } + +func (m *ComponentNodeManager) setCustomComponentRegistry(reg *CustomComponentRegistry) { + m.mut.Lock() + defer m.mut.Unlock() + + m.customComponentReg = reg +} diff --git a/pkg/flow/internal/controller/custom_component_registry.go b/pkg/flow/internal/controller/custom_component_registry.go index dccdb776cf94..1a63e53767f7 100644 --- a/pkg/flow/internal/controller/custom_component_registry.go +++ b/pkg/flow/internal/controller/custom_component_registry.go @@ -1,13 +1,17 @@ package controller import ( + "sync" + "github.com/grafana/river/ast" ) // CustomComponentRegistry holds custom component definitions that are available in the context. type CustomComponentRegistry struct { - parent *CustomComponentRegistry // nil if root config - declares map[string]ast.Body // customComponentName: template + parent *CustomComponentRegistry // nil if root config + + mut sync.RWMutex + declares map[string]ast.Body // customComponentName: template } // NewCustomComponentRegistry creates a new CustomComponentRegistry with a parent. @@ -21,5 +25,7 @@ func NewCustomComponentRegistry(parent *CustomComponentRegistry) *CustomComponen // registerDeclare stores a local declare block. func (s *CustomComponentRegistry) registerDeclare(declare *ast.BlockStmt) { + s.mut.Lock() + defer s.mut.Unlock() s.declares[declare.Label] = declare.Body } diff --git a/pkg/flow/internal/controller/loader.go b/pkg/flow/internal/controller/loader.go index c9a62d8ad3b8..278c6434b2f1 100644 --- a/pkg/flow/internal/controller/loader.go +++ b/pkg/flow/internal/controller/loader.go @@ -150,7 +150,7 @@ func (l *Loader) Apply(options ApplyOptions) diag.Diagnostics { // Create a new CustomComponentRegistry based on the provided one. // The provided one should be nil for the root config. - l.componentNodeManager.customComponentReg = NewCustomComponentRegistry(options.CustomComponentRegistry) + l.componentNodeManager.setCustomComponentRegistry(NewCustomComponentRegistry(options.CustomComponentRegistry)) newGraph, diags := l.loadNewGraph(options.Args, options.ComponentBlocks, options.ConfigBlocks, options.DeclareBlocks) if diags.HasErrors() { return diags