Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for TLS configuration in NSQ input to reach HTTPS nsqd endpoints #3903

Merged
merged 4 commits into from
Oct 23, 2018

Conversation

Soulou
Copy link
Contributor

@Soulou Soulou commented Mar 19, 2018

Required for all PRs:

  • Signed CLA.
  • Associated README.md updated.
  • Has appropriate unit tests.

@danielnelson danielnelson added this to the 1.6.0 milestone Mar 19, 2018
@danielnelson danielnelson added the feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin label Mar 19, 2018
})
if err != nil {
return fmt.Errorf("fail to build tls config: %v", err)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is going to act a little strange if the tls.Config isn't created succesfully, because the second time Gather is called it will not return an error here. You may want to look at the nginx input for a good example.

@@ -78,21 +110,54 @@ func (n *NSQ) Gather(acc telegraf.Accumulator) error {
return nil
}

var tr = &http.Transport{
ResponseHeaderTimeout: time.Duration(3 * time.Second),
func (n *NSQ) buildTLSConfig() (*tls.Config, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

func (n *NSQ) getHttpClient() *http.Client {
n.httpClientOnce.Do(func() {
tr := &http.Transport{
ResponseHeaderTimeout: time.Duration(3 * time.Second),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you remove the ResponseHeaderTimeout and only use the Timeout on http.Client?

@danielnelson danielnelson modified the milestones: 1.6.0, 1.7.0 Mar 28, 2018
@danielnelson danielnelson modified the milestones: 1.7.0, 1.8.0 Jun 3, 2018
@glinton
Copy link
Contributor

glinton commented Aug 14, 2018

@Soulou do you have time to address the changes requested by Daniel?

@Soulou
Copy link
Contributor Author

Soulou commented Aug 17, 2018

My apologies for the delay, @glinton. I'm going to do them before the end of August

@glinton
Copy link
Contributor

glinton commented Sep 7, 2018

Sorry to pester you @Soulou, but just looking for an update. Thanks

@danielnelson danielnelson modified the milestones: 1.8.0, 1.9.0 Sep 11, 2018
…dpoints

Goal: A completely secure NSQ doesn't have any HTTP endpoint, but only
HTTPS, often with x509 client authentication. This PR aims at
configuring the HTTP client to correctly connects to nsqd

Choices: TLS configuration build is only done once, and the first
`Gather()` will return an error, if configuration is invalid, then it
will be silent. The HTTP client is only built once, to limit allocations
@Soulou
Copy link
Contributor Author

Soulou commented Oct 16, 2018

Rebased and updated, really sorry for the delay @glinton

@glinton glinton self-requested a review October 17, 2018 17:30
@danielnelson danielnelson merged commit 1227904 into influxdata:master Oct 23, 2018
otherpirate pushed a commit to otherpirate/telegraf that referenced this pull request Mar 15, 2019
otherpirate pushed a commit to otherpirate/telegraf that referenced this pull request Mar 15, 2019
dupondje pushed a commit to dupondje/telegraf that referenced this pull request Apr 22, 2019
athoune pushed a commit to bearstech/telegraf that referenced this pull request Apr 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants