prometheus · mahendrapaipuri · Jan 28, 2025 · Feb 1, 2025 · Feb 6, 2025
diff --git a/web/tls_config.go b/web/tls_config.go
@@ -40,25 +40,25 @@ var (
 )
 
 type Config struct {
-	TLSConfig  TLSConfig                     `yaml:"tls_server_config"`
-	HTTPConfig HTTPConfig                    `yaml:"http_server_config"`
-	Users      map[string]config_util.Secret `yaml:"basic_auth_users"`
+	TLSConfig  TLSConfig                     `yaml:"tls_server_config,omitempty"`
+	HTTPConfig HTTPConfig                    `yaml:"http_server_config,omitempty"`
+	Users      map[string]config_util.Secret `yaml:"basic_auth_users,omitempty"`
 }
 
 type TLSConfig struct {
-	TLSCert                  string             `yaml:"cert"`
-	TLSKey                   config_util.Secret `yaml:"key"`
-	ClientCAsText            string             `yaml:"client_ca"`
-	TLSCertPath              string             `yaml:"cert_file"`
-	TLSKeyPath               string             `yaml:"key_file"`
-	ClientAuth               string             `yaml:"client_auth_type"`
-	ClientCAs                string             `yaml:"client_ca_file"`
-	CipherSuites             []Cipher           `yaml:"cipher_suites"`
-	CurvePreferences         []Curve            `yaml:"curve_preferences"`
-	MinVersion               TLSVersion         `yaml:"min_version"`
-	MaxVersion               TLSVersion         `yaml:"max_version"`
-	PreferServerCipherSuites bool               `yaml:"prefer_server_cipher_suites"`
-	ClientAllowedSans        []string           `yaml:"client_allowed_sans"`
+	TLSCert                  string             `yaml:"cert,omitempty"`
+	TLSKey                   config_util.Secret `yaml:"key,omitempty"`
+	ClientCAsText            string             `yaml:"client_ca,omitempty"`
+	TLSCertPath              string             `yaml:"cert_file,omitempty"`
+	TLSKeyPath               string             `yaml:"key_file,omitempty"`
+	ClientAuth               string             `yaml:"client_auth_type,omitempty"`
+	ClientCAs                string             `yaml:"client_ca_file,omitempty"`
+	CipherSuites             []Cipher           `yaml:"cipher_suites,omitempty"`
+	CurvePreferences         []Curve            `yaml:"curve_preferences,omitempty"`
+	MinVersion               TLSVersion         `yaml:"min_version,omitempty"`
+	MaxVersion               TLSVersion         `yaml:"max_version,omitempty"`
+	PreferServerCipherSuites bool               `yaml:"prefer_server_cipher_suites,omitempty"`
+	ClientAllowedSans        []string           `yaml:"client_allowed_sans,omitempty"`
 }
 
 type FlagConfig struct {
@@ -467,9 +467,9 @@ func (c *Curve) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	return errors.New("unknown curve: " + s)
 }
 
-func (c *Curve) MarshalYAML() (interface{}, error) {
+func (c Curve) MarshalYAML() (interface{}, error) {
 	for s, curveid := range curves {
-		if *c == curveid {
+		if c == curveid {
 			return s, nil
 		}
 	}
@@ -498,9 +498,9 @@ func (tv *TLSVersion) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	return errors.New("unknown TLS version: " + s)
 }
 
-func (tv *TLSVersion) MarshalYAML() (interface{}, error) {
+func (tv TLSVersion) MarshalYAML() (interface{}, error) {
 	for s, v := range tlsVersions {
-		if *tv == v {
+		if tv == v {
 			return s, nil
 		}
 	}

diff --git a/web/tls_config_test.go b/web/tls_config_test.go
@@ -27,9 +27,13 @@ import (
 	"net/http"
 	"os"
 	"regexp"
+	"strings"
 	"sync"
 	"testing"
 	"time"
+
+	"github.com/prometheus/common/config"
+	"gopkg.in/yaml.v2"
 )
 
 // Helpers for literal FlagConfig
@@ -693,3 +697,126 @@ func TestUsers(t *testing.T) {
 		t.Run(testInputs.Name, testInputs.Test)
 	}
 }
+
+func TestConfigGeneration(t *testing.T) {
+	// Secrets to be rendered without any masking
+	config.MarshalSecretValue = true
+
+	testTables := []struct {
+		Name     string
+		Config   Config
+		Expected string
+	}{
+		{
+			Name: "Only basic auth",
+			Config: Config{
+				Users: map[string]config.Secret{
+					"admin": config.Secret("$2y$10$X0h1gDsPszWURQaxFh.zoubFi6DXncSjhoQNJgRrnGs7EsimhC7zG"),
+				},
+			},
+			Expected: `
+basic_auth_users:
+  admin: $2y$10$X0h1gDsPszWURQaxFh.zoubFi6DXncSjhoQNJgRrnGs7EsimhC7zG`,
+		},
+		{
+			Name: "Only TLS",
+			Config: Config{
+				TLSConfig: TLSConfig{
+					TLSCertPath: "cert.pem",
+					TLSKeyPath:  "key.pem",
+					MinVersion:  TLSVersion(tls.VersionTLS12),
+					CurvePreferences: []Curve{
+						Curve(tls.CurveP256),
+						Curve(tls.CurveP521),
+					},
+					CipherSuites: []Cipher{
+						Cipher(tls.TLS_AES_128_GCM_SHA256),
+					},
+					ClientAllowedSans: []string{
+						"example.com",
+						"example.org",
+					},
+				},
+			},
+			Expected: `
+tls_server_config:
+  cert_file: cert.pem
+  key_file: key.pem
+  cipher_suites:
+  - TLS_AES_128_GCM_SHA256
+  curve_preferences:
+  - CurveP256
+  - CurveP521
+  min_version: TLS12
+  client_allowed_sans:
+  - example.com
+  - example.org`,
+		},
+		{
+			Name: "Only HTTP config",
+			Config: Config{
+				HTTPConfig: HTTPConfig{
+					HTTP2: true,
+					Header: map[string]string{
+						"X-Custom-Header": "value",
+					},
+				},
+			},
+			Expected: `
+http_server_config:
+  http2: true
+  headers:
+    X-Custom-Header: value`,
+		},
+		{
+			Name: "Basic auth and TLS",
+			Config: Config{
+				Users: map[string]config.Secret{
+					"admin": config.Secret("$2y$10$X0h1gDsPszWURQaxFh.zoubFi6DXncSjhoQNJgRrnGs7EsimhC7zG"),
+				},
+				TLSConfig: TLSConfig{
+					TLSCertPath: "cert.pem",
+					TLSKeyPath:  "key.pem",
+					MinVersion:  TLSVersion(tls.VersionTLS12),
+					CurvePreferences: []Curve{
+						Curve(tls.CurveP256),
+						Curve(tls.CurveP521),
+					},
+					CipherSuites: []Cipher{
+						Cipher(tls.TLS_AES_128_GCM_SHA256),
+					},
+					ClientAllowedSans: []string{
+						"example.com",
+						"example.org",
+					},
+				},
+			},
+			Expected: `
+tls_server_config:
+  cert_file: cert.pem
+  key_file: key.pem
+  cipher_suites:
+  - TLS_AES_128_GCM_SHA256
+  curve_preferences:
+  - CurveP256
+  - CurveP521
+  min_version: TLS12
+  client_allowed_sans:
+  - example.com
+  - example.org
+basic_auth_users:
+  admin: $2y$10$X0h1gDsPszWURQaxFh.zoubFi6DXncSjhoQNJgRrnGs7EsimhC7zG`,
+		},
+	}
+
+	for _, test := range testTables {
+		yamlConfig, err := yaml.Marshal(&test.Config)
+		if err != nil {
+			t.Error(err)
+		}
+
+		if strings.TrimSpace(test.Expected) != strings.TrimSpace(string(yamlConfig)) {
+			t.Fatalf("Expected config: %s, got config: %s", test.Expected, string(yamlConfig))
+		}
+	}
+}