From 3ef4dff4ec60511da5a9dc920e103641036a1b65 Mon Sep 17 00:00:00 2001
From: Leszek Charkiewicz <lcharkiewicz@users.noreply.github.com>
Date: Wed, 6 Jun 2018 02:12:30 +0200
Subject: [PATCH] Add SSL/TLS support to Redis input (#4236)

---
 Godeps                         |  2 +-
 plugins/inputs/redis/README.md |  7 +++++++
 plugins/inputs/redis/redis.go  | 23 +++++++++++++++++++----
 3 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/Godeps b/Godeps
index 4096d93a..5bc29b20 100644
--- a/Godeps
+++ b/Godeps
@@ -28,7 +28,7 @@ github.com/golang/snappy 7db9049039a047d955fe8c19b83c8ff5abd765c7
 github.com/go-ole/go-ole be49f7c07711fcb603cff39e1de7c67926dc0ba7
 github.com/google/go-cmp f94e52cad91c65a63acc1e75d4be223ea22e99bc
 github.com/gorilla/mux 53c1911da2b537f792e7cafcb446b05ffe33b996
-github.com/go-redis/redis 73b70592cdaa9e6abdfcfbf97b4a90d80728c836
+github.com/go-redis/redis 83fb42932f6145ce52df09860384a4653d2d332a
 github.com/go-sql-driver/mysql 2e00b5cd70399450106cec6431c2e2ce3cae5034
 github.com/hailocab/go-hostpool e80d13ce29ede4452c43dea11e79b9bc8a15b478
 github.com/hashicorp/consul 5174058f0d2bda63fa5198ab96c33d9a909c58ed
diff --git a/plugins/inputs/redis/README.md b/plugins/inputs/redis/README.md
index c68f6624..da4e8b71 100644
--- a/plugins/inputs/redis/README.md
+++ b/plugins/inputs/redis/README.md
@@ -14,6 +14,13 @@
   ## If no servers are specified, then localhost is used as the host.
   ## If no port is specified, 6379 is used
   servers = ["tcp://localhost:6379"]
+
+  ## Optional TLS Config
+  # tls_ca = "/etc/telegraf/ca.pem"
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key = "/etc/telegraf/key.pem"
+  ## Use TLS but skip chain & host verification
+  # insecure_skip_verify = true
 ```
 
 ### Measurements & Fields:
diff --git a/plugins/inputs/redis/redis.go b/plugins/inputs/redis/redis.go
index 5c5238f5..766463cf 100644
--- a/plugins/inputs/redis/redis.go
+++ b/plugins/inputs/redis/redis.go
@@ -13,11 +13,13 @@ import (
 
 	"github.com/go-redis/redis"
 	"github.com/influxdata/telegraf"
+	"github.com/influxdata/telegraf/internal/tls"
 	"github.com/influxdata/telegraf/plugins/inputs"
 )
 
 type Redis struct {
 	Servers []string
+	tls.ClientConfig
 
 	clients     []Client
 	initialized bool
@@ -56,6 +58,13 @@ var sampleConfig = `
   ## If no servers are specified, then localhost is used as the host.
   ## If no port is specified, 6379 is used
   servers = ["tcp://localhost:6379"]
+
+  ## Optional TLS Config
+  # tls_ca = "/etc/telegraf/ca.pem"
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key = "/etc/telegraf/key.pem"
+  ## Use TLS but skip chain & host verification
+  # insecure_skip_verify = true
 `
 
 func (r *Redis) SampleConfig() string {
@@ -109,12 +118,18 @@ func (r *Redis) init(acc telegraf.Accumulator) error {
 			address = u.Host
 		}
 
+		tlsConfig, err := r.ClientConfig.TLSConfig()
+		if err != nil {
+			return err
+		}
+
 		client := redis.NewClient(
 			&redis.Options{
-				Addr:     address,
-				Password: password,
-				Network:  u.Scheme,
-				PoolSize: 1,
+				Addr:      address,
+				Password:  password,
+				Network:   u.Scheme,
+				PoolSize:  1,
+				TLSConfig: tlsConfig,
 			},
 		)
 
-- 
GitLab