From e8fc3ca70c2abc45af0fdf6fa7ab5cf689716586 Mon Sep 17 00:00:00 2001 From: Daniel Nelson Date: Fri, 23 Mar 2018 11:53:18 -0700 Subject: [PATCH] Add TLS support to kapacitor input (#3927) --- plugins/inputs/kapacitor/README.md | 7 +++++ plugins/inputs/kapacitor/kapacitor.go | 39 ++++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/plugins/inputs/kapacitor/README.md b/plugins/inputs/kapacitor/README.md index 822aef1bf5420..ae5b365da94fd 100644 --- a/plugins/inputs/kapacitor/README.md +++ b/plugins/inputs/kapacitor/README.md @@ -14,6 +14,13 @@ The Kapacitor plugin will collect metrics from the given Kapacitor instances. ## Time limit for http requests timeout = "5s" + + ## Optional SSL Config + # ssl_ca = "/etc/telegraf/ca.pem" + # ssl_cert = "/etc/telegraf/cert.pem" + # ssl_key = "/etc/telegraf/key.pem" + ## Use SSL but skip chain & host verification + # insecure_skip_verify = false ``` ### Measurements & Fields diff --git a/plugins/inputs/kapacitor/kapacitor.go b/plugins/inputs/kapacitor/kapacitor.go index 4c75bd0ce5e14..ea0ca055b9cbe 100644 --- a/plugins/inputs/kapacitor/kapacitor.go +++ b/plugins/inputs/kapacitor/kapacitor.go @@ -21,6 +21,15 @@ type Kapacitor struct { Timeout internal.Duration + // Path to CA file + SSLCA string `toml:"ssl_ca"` + // Path to host cert file + SSLCert string `toml:"ssl_cert"` + // Path to cert key file + SSLKey string `toml:"ssl_key"` + // Use SSL but skip chain & host verification + InsecureSkipVerify bool + client *http.Client } @@ -38,12 +47,23 @@ func (*Kapacitor) SampleConfig() string { ## Time limit for http requests timeout = "5s" + + ## Optional SSL Config + # ssl_ca = "/etc/telegraf/ca.pem" + # ssl_cert = "/etc/telegraf/cert.pem" + # ssl_key = "/etc/telegraf/key.pem" + ## Use SSL but skip chain & host verification + # insecure_skip_verify = false ` } func (k *Kapacitor) Gather(acc telegraf.Accumulator) error { if k.client == nil { - k.client = &http.Client{Timeout: k.Timeout.Duration} + client, err := k.createHttpClient() + if err != nil { + return err + } + k.client = client } var wg sync.WaitGroup @@ -61,6 +81,23 @@ func (k *Kapacitor) Gather(acc telegraf.Accumulator) error { return nil } +func (k *Kapacitor) createHttpClient() (*http.Client, error) { + tlsCfg, err := internal.GetTLSConfig( + k.SSLCert, k.SSLKey, k.SSLCA, k.InsecureSkipVerify) + if err != nil { + return nil, err + } + + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: tlsCfg, + }, + Timeout: k.Timeout.Duration, + } + + return client, nil +} + type object struct { Name string `json:"name"` Values map[string]interface{} `json:"values"`