feat: add tls block in common/net/config to use in http/grpc block

[fgouteroux]

PR Description

Add the tls in http and grpc block:

prometheus.receive_http "default" {
  http {
    listen_address = "0.0.0.0"
    listen_port    = 9090

    tls {
      cert_file = "/etc/alloy/ssl/cert.pem"
      key_file  = "/etc/alloy/ssl/key.pem"
    }

  }

Which issue(s) this PR fixes

Fixes #1082

Notes to the Reviewer

PR Checklist

• CHANGELOG.md updated
• Documentation added
• Tests updated
• Config converters updated

[CLAassistant]

All committers have signed the CLA.

[ptodev]

Hi @fgouteroux , thank you for the PR! Could you please edit the docs for those components to include the new config arguments? It'd be good to also add tests which start those components with TLS enabled and test sending data to them.

[dehaansa]

One note in addition to paulin's request - we'll also need an entry in the changelog. If you don't have capacity to put the finishing touches on the PR w/ docs & changelog, let us know and we'll try to allocate some capacity to update them.

[fgouteroux]

@ptodev @dehaansa I try to update doc but I'm not sure I do it well.

As this PR update internal/component/common/net/config.go, I think it could impact other component than loki.source.api and prometheus.receive_http.

After a quick search into component calling fnet.ServerConfig I found:

• aws_firehose
• gcplog
• heroku
• pyroscope.receive_http

I would appreciate a review about this in order to be sure that it doesn't break anything.

Thanks

[fgouteroux]

I think this is the wrong place for this information. The http block can have arguments to configure the block. If the tls_config block is a child block of the http block, then it should be added as a child block to the components that use this child block... based on a quick grep, that would be:

But I think it's more simple to keep in loki-server-http.md as the http block reference is already defined, is not ?

### `http`

{{< docs/shared lookup="reference/components/loki-server-http.md" source="alloy" version="<ALLOY_VERSION>" >}}

Please guide me on what you expect, I will follow your suggestions.

[kalleep]

Nice work, left a couple of suggestions just so we keep it consistent with other components.

I think we can also update converter code too support these new arguments. The one I found was promtail converter. Currently we are rejecting configs that include tls config https://github.com/grafana/alloy/blob/main/internal/converter/internal/common/weaveworks_server.go#L55-L66.

I can update these after the pr is merged if you don't want to or don't have the time to do it

[fgouteroux]

Nice work, left a couple of suggestions just so we keep it consistent with other components.

I think we can also update converter code too support these new arguments. The one I found was promtail converter. Currently we are rejecting configs that include tls config https://github.com/grafana/alloy/blob/main/internal/converter/internal/common/weaveworks_server.go#L55-L66.

I can update these after the pr is merged if you don't want to or don't have the time to do it

If you can do it, it will be better, I'm in holidays soon. thx.

[fgouteroux]

@kalleep I applied your suggestions, let me know if missing something.

[dehaansa]

I think this is the wrong place for this information. The http block can have arguments to configure the block. If the tls_config block is a child block of the http block, then it should be added as a child block to the components that use this child block... based on a quick grep, that would be:

But I think it's more simple to keep in loki-server-http.md as the http block reference is already defined, is not ?

### `http`

{{< docs/shared lookup="reference/components/loki-server-http.md" source="alloy" version="<ALLOY_VERSION>" >}}

Please guide me on what you expect, I will follow your suggestions.

It might be simpler, but not consistent with the rest of our docs. We separate attributes and blocks. Below is an example of what the blocks section looks like for another component with nested blocks.

## Blocks

You can use the following blocks with `discovery.consul`:

| Block                                 | Description                                                | Required |
| ------------------------------------- | ---------------------------------------------------------- | -------- |
| [`authorization`][authorization]      | Configure generic authorization to the endpoint.           | no       |
| [`basic_auth`][basic_auth]            | Configure `basic_auth` for authenticating to the endpoint. | no       |
| [`oauth2`][oauth2]                    | Configure OAuth 2.0 for authenticating to the endpoint.    | no       |
| `oauth2` > [`tls_config`][tls_config] | Configure TLS settings for connecting to the endpoint.     | no       |
| [`tls_config`][tls_config]            | Configure TLS settings for connecting to the endpoint.     | no       |

[fgouteroux]

@dehaansa doc updated to use block. I also rename loki-server-http.md to server-http.md as it is used by others components

[clayton-cornell]

@fgouteroux There are some doc structure issues with your proposed changes that will cause some issues with the published content. It's a bit difficult to explain in a suggestion box here in the web UI. Do you mind if I check out your fork and make the changes myself and push back to the PR?

[fgouteroux]

@fgouteroux There are some doc structure issues with your proposed changes that will cause some issues with the published content. It's a bit difficult to explain in a suggestion box here in the web UI. Do you mind if I check out your fork and make the changes myself and push back to the PR?

@clayton-cornell yes no worries

[kalleep]

Sorry forgot to submit my review

[kalleep]

Suggested change

	if h.TLSConfig != nil {
	h.TLSConfig.Into(&c.HTTPTLSConfig)
	}
	if h.TLSConfig.MinVersion != c.MinVersion {
	c.MinVersion = h.TLSConfig.MinVersion
	}
	if h.TLSConfig.CipherSuites != c.CipherSuites {
	c.CipherSuites = h.TLSConfig.CipherSuites
	}
	if h.TLSConfig != nil {
	h.TLSConfig.Into(&c.HTTPTLSConfig)
	if h.TLSConfig.MinVersion != c.MinVersion {
	c.MinVersion = h.TLSConfig.MinVersion
	}
	if h.TLSConfig.CipherSuites != c.CipherSuites {
	c.CipherSuites = h.TLSConfig.CipherSuites
	}
	}

[kalleep]

This will fix the panic you see in tests

[clayton-cornell]

@fgouteroux I've reworked the doc structure a bit. We have to be really careful if we include headings in shared content because we can't always guarantee that the heading levels will be right. It's simpler in the long run to keep shared content as a single block of content at a single heading level.

So, with rework the topics should look like this for topics that just have HTTP:

and this for topics with both gRPC and HTTP: