-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for TLS configuration in NSQ input to reach HTTPS nsqd endpoints #3903
Conversation
}) | ||
if err != nil { | ||
return fmt.Errorf("fail to build tls config: %v", err) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is going to act a little strange if the tls.Config isn't created succesfully, because the second time Gather is called it will not return an error here. You may want to look at the nginx input for a good example.
plugins/inputs/nsq/nsq.go
Outdated
@@ -78,21 +110,54 @@ func (n *NSQ) Gather(acc telegraf.Accumulator) error { | |||
return nil | |||
} | |||
|
|||
var tr = &http.Transport{ | |||
ResponseHeaderTimeout: time.Duration(3 * time.Second), | |||
func (n *NSQ) buildTLSConfig() (*tls.Config, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use internal.GetTLSConfig
to do this: https://github.com/influxdata/telegraf/blob/master/internal/internal.go#L118
plugins/inputs/nsq/nsq.go
Outdated
func (n *NSQ) getHttpClient() *http.Client { | ||
n.httpClientOnce.Do(func() { | ||
tr := &http.Transport{ | ||
ResponseHeaderTimeout: time.Duration(3 * time.Second), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you remove the ResponseHeaderTimeout and only use the Timeout on http.Client?
@Soulou do you have time to address the changes requested by Daniel? |
My apologies for the delay, @glinton. I'm going to do them before the end of August |
Sorry to pester you @Soulou, but just looking for an update. Thanks |
…dpoints Goal: A completely secure NSQ doesn't have any HTTP endpoint, but only HTTPS, often with x509 client authentication. This PR aims at configuring the HTTP client to correctly connects to nsqd Choices: TLS configuration build is only done once, and the first `Gather()` will return an error, if configuration is invalid, then it will be silent. The HTTP client is only built once, to limit allocations
a08c6cd
to
8b0f188
Compare
Rebased and updated, really sorry for the delay @glinton |
Required for all PRs: