Add mutual TLS support to prometheus_client output plugin #5473
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Robert Sullivan <rsullivan@pivotal.io>
|
This would be a nice feature, we actually have most of this implemented for use in plugins. The best example to follow is in For tests, look in https://github.com/influxdata/telegraf/tree/master/testutil/pki |
trevorwhitney
force-pushed
the
prometheus_mtls
branch
from
23ab3ea to
0b65983
Compare
Signed-off-by: Jesse Weaver <jeweaver@pivotal.io>
trevorwhitney
force-pushed
the
prometheus_mtls
branch
from
0b65983 to
05af32b
Compare
danielnelson
suggested changes
Feb 25, 2019
| "github.com/influxdata/telegraf/plugins/outputs/prometheus_client" | ||
| "github.com/influxdata/telegraf/testutil" | ||
| "github.com/influxdata/toml" | ||
| . "github.com/onsi/gomega" |
There was a problem hiding this comment.
We will need to remove this dependency, I don't want to add it only for testing this one aspect.
There was a problem hiding this comment.
Replaced with require
| @@ -105,6 +106,12 @@ var sampleConfig = ` | |||
| ## If set, enable TLS with the given certificate. | |||
| # tls_cert = "/etc/ssl/telegraf.crt" | |||
| # tls_key = "/etc/ssl/telegraf.key" | |||
|
|
|||
| ## If set, enable TLS client authentication with the given CA. | |||
| # tls_ca = "/etc/ssl/telegraf_ca.crt" | |||
There was a problem hiding this comment.
Update this option:
## Set one or more allowed client CA certificate file names to
## enable mutually authenticated TLS connections
# tls_allowed_cacerts = ["/etc/telegraf/clientca.pem"]
| # tls_ca = "/etc/ssl/telegraf_ca.crt" | ||
|
|
||
| ## Boolean value indicating whether or not to skip SSL verification | ||
| # insecure_skip_verify = false |
There was a problem hiding this comment.
Remove this option, it's not available for the server configuration. Don't forget to update the README as well.
added 2 commits
February 26, 2019 11:34
Signed-off-by: Robert Sullivan <rsullivan@pivotal.io>
Signed-off-by: Robert Sullivan <rsullivan@pivotal.io>
glinton
approved these changes
Feb 26, 2019
danielnelson
approved these changes
Feb 27, 2019
danielnelson
added
the
feat
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Robert Sullivan rsullivan@pivotal.io
Required for all PRs: