Add support for TLS client and batch size options for splunk (#183)

Co-authored-by: Mark McDonnell <Integralist@users.noreply.github.com>
fastly · Jan 7, 2021 · 0856a06 · 0856a06
1 parent 7bc9416
commit 0856a06
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 0 deletions.
diff --git a/pkg/app/run_test.go b/pkg/app/run_test.go
@@ -1491,6 +1491,12 @@ COMMANDS
                                    The hostname used to verify the server's
                                    certificate. It can either be the Common Name
                                    or a Subject Alternative Name (SAN)
+        --tls-client-cert=TLS-CLIENT-CERT
+                                   The client certificate used to make
+                                   authenticated requests. Must be in PEM format
+        --tls-client-key=TLS-CLIENT-KEY
+                                   The client private key used to make
+                                   authenticated requests. Must be in PEM format
         --format=FORMAT            Apache style log formatting
         --format-version=FORMAT-VERSION
                                    The version of the custom logging format used
@@ -1535,6 +1541,12 @@ COMMANDS
                                    The hostname used to verify the server's
                                    certificate. It can either be the Common Name
                                    or a Subject Alternative Name (SAN)
+        --tls-client-cert=TLS-CLIENT-CERT
+                                   The client certificate used to make
+                                   authenticated requests. Must be in PEM format
+        --tls-client-key=TLS-CLIENT-KEY
+                                   The client private key used to make
+                                   authenticated requests. Must be in PEM format
         --format=FORMAT            Apache style log formatting
         --format-version=FORMAT-VERSION
                                    The version of the custom logging format used

diff --git a/pkg/logging/splunk/create.go b/pkg/logging/splunk/create.go
@@ -24,6 +24,8 @@ type CreateCommand struct {
 	// optional
 	TLSHostname       common.OptionalString
 	TLSCACert         common.OptionalString
+	TLSClientCert     common.OptionalString
+	TLSClientKey      common.OptionalString
 	Format            common.OptionalString
 	FormatVersion     common.OptionalUint
 	ResponseCondition common.OptionalString
@@ -47,6 +49,8 @@ func NewCreateCommand(parent common.Registerer, globals *config.Data) *CreateCom
 
 	c.CmdClause.Flag("tls-ca-cert", "A secure certificate to authenticate the server with. Must be in PEM format").Action(c.TLSCACert.Set).StringVar(&c.TLSCACert.Value)
 	c.CmdClause.Flag("tls-hostname", "The hostname used to verify the server's certificate. It can either be the Common Name or a Subject Alternative Name (SAN)").Action(c.TLSHostname.Set).StringVar(&c.TLSHostname.Value)
+	c.CmdClause.Flag("tls-client-cert", "The client certificate used to make authenticated requests. Must be in PEM format").Action(c.TLSClientCert.Set).StringVar(&c.TLSClientCert.Value)
+	c.CmdClause.Flag("tls-client-key", "The client private key used to make authenticated requests. Must be in PEM format").Action(c.TLSClientKey.Set).StringVar(&c.TLSClientKey.Value)
 	c.CmdClause.Flag("format", "Apache style log formatting").Action(c.Format.Set).StringVar(&c.Format.Value)
 	c.CmdClause.Flag("format-version", "The version of the custom logging format used for the configured endpoint. Can be either 2 (default) or 1").Action(c.FormatVersion.Set).UintVar(&c.FormatVersion.Value)
 	c.CmdClause.Flag("response-condition", "The name of an existing condition in the configured endpoint, or leave blank to always execute").Action(c.ResponseCondition.Set).StringVar(&c.ResponseCondition.Value)
@@ -78,6 +82,14 @@ func (c *CreateCommand) createInput() (*fastly.CreateSplunkInput, error) {
 		input.TLSCACert = c.TLSCACert.Value
 	}
 
+	if c.TLSClientCert.WasSet {
+		input.TLSClientCert = c.TLSClientCert.Value
+	}
+
+	if c.TLSClientKey.WasSet {
+		input.TLSClientKey = c.TLSClientKey.Value
+	}
+
 	if c.Format.WasSet {
 		input.Format = c.Format.Value
 	}

diff --git a/pkg/logging/splunk/describe.go b/pkg/logging/splunk/describe.go
@@ -50,6 +50,8 @@ func (c *DescribeCommand) Exec(in io.Reader, out io.Writer) error {
 	fmt.Fprintf(out, "Token: %s\n", splunk.Token)
 	fmt.Fprintf(out, "TLS CA certificate: %s\n", splunk.TLSCACert)
 	fmt.Fprintf(out, "TLS hostname: %s\n", splunk.TLSHostname)
+	fmt.Fprintf(out, "TLS client certificate: %s\n", splunk.TLSClientCert)
+	fmt.Fprintf(out, "TLS client key: %s\n", splunk.TLSClientKey)
 	fmt.Fprintf(out, "Format: %s\n", splunk.Format)
 	fmt.Fprintf(out, "Format version: %d\n", splunk.FormatVersion)
 	fmt.Fprintf(out, "Response condition: %s\n", splunk.ResponseCondition)

diff --git a/pkg/logging/splunk/list.go b/pkg/logging/splunk/list.go
@@ -64,6 +64,8 @@ func (c *ListCommand) Exec(in io.Reader, out io.Writer) error {
 		fmt.Fprintf(out, "\t\tToken: %s\n", splunk.Token)
 		fmt.Fprintf(out, "\t\tTLS CA certificate: %s\n", splunk.TLSCACert)
 		fmt.Fprintf(out, "\t\tTLS hostname: %s\n", splunk.TLSHostname)
+		fmt.Fprintf(out, "\t\tTLS client certificate: %s\n", splunk.TLSClientCert)
+		fmt.Fprintf(out, "\t\tTLS client key: %s\n", splunk.TLSClientKey)
 		fmt.Fprintf(out, "\t\tFormat: %s\n", splunk.Format)
 		fmt.Fprintf(out, "\t\tFormat version: %d\n", splunk.FormatVersion)
 		fmt.Fprintf(out, "\t\tResponse condition: %s\n", splunk.ResponseCondition)

diff --git a/pkg/logging/splunk/splunk_integration_test.go b/pkg/logging/splunk/splunk_integration_test.go
@@ -279,6 +279,8 @@ func listSplunksOK(i *fastly.ListSplunksInput) ([]*fastly.Splunk, error) {
 			Token:             "tkn",
 			TLSCACert:         "-----BEGIN CERTIFICATE-----foo",
 			TLSHostname:       "example.com",
+			TLSClientCert:     "-----BEGIN CERTIFICATE-----bar",
+			TLSClientKey:      "-----BEGIN PRIVATE KEY-----bar",
 		},
 		{
 			ServiceID:         i.ServiceID,
@@ -292,6 +294,8 @@ func listSplunksOK(i *fastly.ListSplunksInput) ([]*fastly.Splunk, error) {
 			Token:             "tkn1",
 			TLSCACert:         "-----BEGIN CERTIFICATE-----foo",
 			TLSHostname:       "example.com",
+			TLSClientCert:     "-----BEGIN CERTIFICATE-----qux",
+			TLSClientKey:      "-----BEGIN PRIVATE KEY-----qux",
 		},
 	}, nil
 }
@@ -319,6 +323,8 @@ Version: 1
 		Token: tkn
 		TLS CA certificate: -----BEGIN CERTIFICATE-----foo
 		TLS hostname: example.com
+		TLS client certificate: -----BEGIN CERTIFICATE-----bar
+		TLS client key: -----BEGIN PRIVATE KEY-----bar
 		Format: %h %l %u %t "%r" %>s %b
 		Format version: 2
 		Response condition: Prevent default logging
@@ -331,6 +337,8 @@ Version: 1
 		Token: tkn1
 		TLS CA certificate: -----BEGIN CERTIFICATE-----foo
 		TLS hostname: example.com
+		TLS client certificate: -----BEGIN CERTIFICATE-----qux
+		TLS client key: -----BEGIN PRIVATE KEY-----qux
 		Format: %h %l %u %t "%r" %>s %b
 		Format version: 2
 		Response condition: Prevent default logging
@@ -347,6 +355,8 @@ func getSplunkOK(i *fastly.GetSplunkInput) (*fastly.Splunk, error) {
 		FormatVersion:     2,
 		TLSCACert:         "-----BEGIN CERTIFICATE-----foo",
 		TLSHostname:       "example.com",
+		TLSClientCert:     "-----BEGIN CERTIFICATE-----bar",
+		TLSClientKey:      "-----BEGIN PRIVATE KEY-----bar",
 		ResponseCondition: "Prevent default logging",
 		Placement:         "none",
 		Token:             "tkn",
@@ -365,6 +375,8 @@ URL: example.com
 Token: tkn
 TLS CA certificate: -----BEGIN CERTIFICATE-----foo
 TLS hostname: example.com
+TLS client certificate: -----BEGIN CERTIFICATE-----bar
+TLS client key: -----BEGIN PRIVATE KEY-----bar
 Format: %h %l %u %t "%r" %>s %b
 Format version: 2
 Response condition: Prevent default logging
@@ -380,6 +392,8 @@ func updateSplunkOK(i *fastly.UpdateSplunkInput) (*fastly.Splunk, error) {
 		Token:             "tkn",
 		TLSCACert:         "-----BEGIN CERTIFICATE-----foo",
 		TLSHostname:       "example.com",
+		TLSClientCert:     "-----BEGIN CERTIFICATE-----bar",
+		TLSClientKey:      "-----BEGIN PRIVATE KEY-----bar",
 		Format:            `%h %l %u %t "%r" %>s %b`,
 		FormatVersion:     2,
 		ResponseCondition: "Prevent default logging",

diff --git a/pkg/logging/splunk/splunk_test.go b/pkg/logging/splunk/splunk_test.go
@@ -44,6 +44,8 @@ func TestCreateSplunkInput(t *testing.T) {
 				Token:             "tkn",
 				TLSCACert:         "-----BEGIN CERTIFICATE-----foo",
 				TLSHostname:       "example.com",
+				TLSClientCert:     "-----BEGIN CERTIFICATE-----bar",
+				TLSClientKey:      "-----BEGIN PRIVATE KEY-----bar",
 			},
 		},
 		{
@@ -86,6 +88,8 @@ func TestUpdateSplunkInput(t *testing.T) {
 				Token:             fastly.String("tkn"),
 				TLSCACert:         fastly.String("-----BEGIN CERTIFICATE-----foo"),
 				TLSHostname:       fastly.String("example.com"),
+				TLSClientCert:     fastly.String("-----BEGIN CERTIFICATE-----bar"),
+				TLSClientKey:      fastly.String("-----BEGIN PRIVATE KEY-----bar"),
 			},
 		},
 		{
@@ -105,6 +109,8 @@ func TestUpdateSplunkInput(t *testing.T) {
 				Token:             fastly.String("new6"),
 				TLSCACert:         fastly.String("new7"),
 				TLSHostname:       fastly.String("new8"),
+				TLSClientCert:     fastly.String("new9"),
+				TLSClientKey:      fastly.String("new10"),
 			},
 		},
 		{
@@ -147,6 +153,8 @@ func createCommandAll() *CreateCommand {
 		Token:             common.OptionalString{Optional: common.Optional{WasSet: true}, Value: "tkn"},
 		TLSCACert:         common.OptionalString{Optional: common.Optional{WasSet: true}, Value: "-----BEGIN CERTIFICATE-----foo"},
 		TLSHostname:       common.OptionalString{Optional: common.Optional{WasSet: true}, Value: "example.com"},
+		TLSClientCert:     common.OptionalString{Optional: common.Optional{WasSet: true}, Value: "-----BEGIN CERTIFICATE-----bar"},
+		TLSClientKey:      common.OptionalString{Optional: common.Optional{WasSet: true}, Value: "-----BEGIN PRIVATE KEY-----bar"},
 	}
 }
 
@@ -180,6 +188,8 @@ func updateCommandAll() *UpdateCommand {
 		Token:             common.OptionalString{Optional: common.Optional{WasSet: true}, Value: "new6"},
 		TLSCACert:         common.OptionalString{Optional: common.Optional{WasSet: true}, Value: "new7"},
 		TLSHostname:       common.OptionalString{Optional: common.Optional{WasSet: true}, Value: "new8"},
+		TLSClientCert:     common.OptionalString{Optional: common.Optional{WasSet: true}, Value: "new9"},
+		TLSClientKey:      common.OptionalString{Optional: common.Optional{WasSet: true}, Value: "new10"},
 	}
 }
 
@@ -202,5 +212,7 @@ func getSplunkOK(i *fastly.GetSplunkInput) (*fastly.Splunk, error) {
 		Token:             "tkn",
 		TLSCACert:         "-----BEGIN CERTIFICATE-----foo",
 		TLSHostname:       "example.com",
+		TLSClientCert:     "-----BEGIN CERTIFICATE-----bar",
+		TLSClientKey:      "-----BEGIN PRIVATE KEY-----bar",
 	}, nil
 }
diff --git a/pkg/logging/splunk/update.go b/pkg/logging/splunk/update.go
@@ -30,6 +30,8 @@ type UpdateCommand struct {
 	Token             common.OptionalString
 	TLSCACert         common.OptionalString
 	TLSHostname       common.OptionalString
+	TLSClientCert     common.OptionalString
+	TLSClientKey      common.OptionalString
 }
 
 // NewUpdateCommand returns a usable command registered under the parent.
@@ -48,6 +50,8 @@ func NewUpdateCommand(parent common.Registerer, globals *config.Data) *UpdateCom
 	c.CmdClause.Flag("url", "The URL to POST to.").Action(c.URL.Set).StringVar(&c.URL.Value)
 	c.CmdClause.Flag("tls-ca-cert", "A secure certificate to authenticate the server with. Must be in PEM format").Action(c.TLSCACert.Set).StringVar(&c.TLSCACert.Value)
 	c.CmdClause.Flag("tls-hostname", "The hostname used to verify the server's certificate. It can either be the Common Name or a Subject Alternative Name (SAN)").Action(c.TLSHostname.Set).StringVar(&c.TLSHostname.Value)
+	c.CmdClause.Flag("tls-client-cert", "The client certificate used to make authenticated requests. Must be in PEM format").Action(c.TLSClientCert.Set).StringVar(&c.TLSClientCert.Value)
+	c.CmdClause.Flag("tls-client-key", "The client private key used to make authenticated requests. Must be in PEM format").Action(c.TLSClientKey.Set).StringVar(&c.TLSClientKey.Value)
 	c.CmdClause.Flag("format", "Apache style log formatting").Action(c.Format.Set).StringVar(&c.Format.Value)
 	c.CmdClause.Flag("format-version", "The version of the custom logging format used for the configured endpoint. Can be either 2 (default) or 1").Action(c.FormatVersion.Set).UintVar(&c.FormatVersion.Value)
 	c.CmdClause.Flag("response-condition", "The name of an existing condition in the configured endpoint, or leave blank to always execute").Action(c.ResponseCondition.Set).StringVar(&c.ResponseCondition.Value)
@@ -86,6 +90,8 @@ func (c *UpdateCommand) createInput() (*fastly.UpdateSplunkInput, error) {
 		Token:             fastly.String(splunk.Token),
 		TLSCACert:         fastly.String(splunk.TLSCACert),
 		TLSHostname:       fastly.String(splunk.TLSHostname),
+		TLSClientCert:     fastly.String(splunk.TLSClientCert),
+		TLSClientKey:      fastly.String(splunk.TLSClientKey),
 	}
 
 	// Set new values if set by user.
@@ -125,6 +131,14 @@ func (c *UpdateCommand) createInput() (*fastly.UpdateSplunkInput, error) {
 		input.TLSHostname = fastly.String(c.TLSHostname.Value)
 	}
 
+	if c.TLSClientCert.WasSet {
+		input.TLSClientCert = fastly.String(c.TLSClientCert.Value)
+	}
+
+	if c.TLSClientKey.WasSet {
+		input.TLSClientKey = fastly.String(c.TLSClientKey.Value)
+	}
+
 	return &input, nil
 }