Fix TLS and SSL config option parsing (#4247)

Godeps

@@ -34,7 +34,7 @@ github.com/hailocab/go-hostpool e80d13ce29ede4452c43dea11e79b9bc8a15b478
 github.com/hashicorp/consul 5174058f0d2bda63fa5198ab96c33d9a909c58ed
 github.com/influxdata/go-syslog 84f3b60009444d298f97454feb1f20cf91d1fa6e
 github.com/influxdata/tail c43482518d410361b6c383d7aebce33d0471d7bc
-github.com/influxdata/toml 5d1d907f22ead1cd47adde17ceec5bda9cacaf8f
+github.com/influxdata/toml 2a2e3012f7cfbef64091cc79776311e65dfa211b
 github.com/influxdata/wlog 7c63b0a71ef8300adc255344d275e10e5c3a71ec
 github.com/fsnotify/fsnotify c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9
 github.com/jackc/pgx 63f58fd32edb5684b9e9f4cfaac847c6b42b3917

internal/tls/config.go

@@ -17,7 +17,7 @@ type ClientConfig struct {
 	// Deprecated in 1.7; use TLS variables above
 	SSLCA   string `toml:"ssl_ca"`
 	SSLCert string `toml:"ssl_cert"`
-	SSLKey  string `toml:"ssl_ca"`
+	SSLKey  string `toml:"ssl_key"`
 }
 
 // ServerConfig represents the standard server TLS config.

plugins/inputs/openldap/README.md

@@ -14,7 +14,7 @@ To use this plugin you must enable the [monitoring](https://www.openldap.org/dev
   # ldaps, starttls, or no encryption. default is an empty string, disabling all encryption.
   # note that port will likely need to be changed to 636 for ldaps
   # valid options: "" | "starttls" | "ldaps"
-  ssl = ""
+  tls = ""
 
   # skip peer certificate verification. Default is false.
   insecure_skip_verify = false

plugins/inputs/openldap/openldap.go

@@ -15,9 +15,11 @@ import (
 type Openldap struct {
 	Host               string
 	Port               int
-	Ssl                string
+	SSL                string `toml:"ssl"` // Deprecated in 1.7; use TLS
+	TLS                string `toml:"tls"`
 	InsecureSkipVerify bool
-	SslCa              string
+	SSLCA              string `toml:"ssl_ca"` // Deprecated in 1.7; use TLSCA
+	TLSCA              string `toml:"tls_ca"`
 	BindDn             string
 	BindPassword       string
 	ReverseMetricNames bool
@@ -30,7 +32,7 @@ const sampleConfig string = `
   # ldaps, starttls, or no encryption. default is an empty string, disabling all encryption.
   # note that port will likely need to be changed to 636 for ldaps
   # valid options: "" | "starttls" | "ldaps"
-  ssl = ""
+  tls = ""
 
   # skip peer certificate verification. Default is false.
   insecure_skip_verify = false
@@ -70,9 +72,11 @@ func NewOpenldap() *Openldap {
 	return &Openldap{
 		Host:               "localhost",
 		Port:               389,
-		Ssl:                "",
+		SSL:                "",
+		TLS:                "",
 		InsecureSkipVerify: false,
-		SslCa:              "",
+		SSLCA:              "",
+		TLSCA:              "",
 		BindDn:             "",
 		BindPassword:       "",
 		ReverseMetricNames: false,
@@ -81,12 +85,19 @@ func NewOpenldap() *Openldap {
 
 // gather metrics
 func (o *Openldap) Gather(acc telegraf.Accumulator) error {
+	if o.TLS == "" {
+		o.TLS = o.SSL
+	}
+	if o.TLSCA == "" {
+		o.TLSCA = o.SSLCA
+	}
+
 	var err error
 	var l *ldap.Conn
-	if o.Ssl != "" {
+	if o.TLS != "" {
 		// build tls config
 		clientTLSConfig := tls.ClientConfig{
-			SSLCA:              o.SslCa,
+			TLSCA:              o.TLSCA,
 			InsecureSkipVerify: o.InsecureSkipVerify,
 		}
 		tlsConfig, err := clientTLSConfig.TLSConfig()
@@ -94,13 +105,13 @@ func (o *Openldap) Gather(acc telegraf.Accumulator) error {
 			acc.AddError(err)
 			return nil
 		}
-		if o.Ssl == "ldaps" {
+		if o.TLS == "ldaps" {
 			l, err = ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", o.Host, o.Port), tlsConfig)
 			if err != nil {
 				acc.AddError(err)
 				return nil
 			}
-		} else if o.Ssl == "starttls" {
+		} else if o.TLS == "starttls" {
 			l, err = ldap.Dial("tcp", fmt.Sprintf("%s:%d", o.Host, o.Port))
 			if err != nil {
 				acc.AddError(err)
@@ -108,7 +119,7 @@ func (o *Openldap) Gather(acc telegraf.Accumulator) error {
 			}
 			err = l.StartTLS(tlsConfig)
 		} else {
-			acc.AddError(fmt.Errorf("Invalid setting for ssl: %s", o.Ssl))
+			acc.AddError(fmt.Errorf("Invalid setting for ssl: %s", o.TLS))
 			return nil
 		}
 	} else {

plugins/inputs/openldap/openldap_test.go

 package openldap
 
 import (
-	"gopkg.in/ldap.v2"
 	"strconv"
 	"testing"
 
+	"gopkg.in/ldap.v2"
+
 	"github.com/influxdata/telegraf/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -74,7 +75,7 @@ func TestOpenldapStartTLS(t *testing.T) {
 	o := &Openldap{
 		Host:               testutil.GetLocalHost(),
 		Port:               389,
-		Ssl:                "starttls",
+		SSL:                "starttls",
 		InsecureSkipVerify: true,
 	}
 
@@ -92,7 +93,7 @@ func TestOpenldapLDAPS(t *testing.T) {
 	o := &Openldap{
 		Host:               testutil.GetLocalHost(),
 		Port:               636,
-		Ssl:                "ldaps",
+		SSL:                "ldaps",
 		InsecureSkipVerify: true,
 	}
 
@@ -110,7 +111,7 @@ func TestOpenldapInvalidSSL(t *testing.T) {
 	o := &Openldap{
 		Host:               testutil.GetLocalHost(),
 		Port:               636,
-		Ssl:                "invalid",
+		SSL:                "invalid",
 		InsecureSkipVerify: true,
 	}
 
@@ -129,7 +130,7 @@ func TestOpenldapBind(t *testing.T) {
 	o := &Openldap{
 		Host:               testutil.GetLocalHost(),
 		Port:               389,
-		Ssl:                "",
+		SSL:                "",
 		InsecureSkipVerify: true,
 		BindDn:             "cn=manager,cn=config",
 		BindPassword:       "secret",
@@ -157,7 +158,7 @@ func TestOpenldapReverseMetrics(t *testing.T) {
 	o := &Openldap{
 		Host:               testutil.GetLocalHost(),
 		Port:               389,
-		Ssl:                "",
+		SSL:                "",
 		InsecureSkipVerify: true,
 		BindDn:             "cn=manager,cn=config",
 		BindPassword:       "secret",