From dbd02ebb744c3954687b000df675bd08235ffd05 Mon Sep 17 00:00:00 2001
From: Daniel Nelson <daniel@wavesofdawn.com>
Date: Wed, 23 May 2018 14:28:17 -0700
Subject: [PATCH] Add support for TLS and username/password auth to aerospike
 input (#4183)

---
 plugins/inputs/aerospike/README.md    | 21 +++++++++++++
 plugins/inputs/aerospike/aerospike.go | 43 +++++++++++++++++++++++++--
 2 files changed, 62 insertions(+), 2 deletions(-)

diff --git a/plugins/inputs/aerospike/README.md b/plugins/inputs/aerospike/README.md
index 149c6aa2..56775d90 100644
--- a/plugins/inputs/aerospike/README.md
+++ b/plugins/inputs/aerospike/README.md
@@ -9,6 +9,27 @@ The metric names, to make it less complicated in querying, have replaced all `-`
 
 All metrics are attempted to be cast to integers, then booleans, then strings.
 
+### Configuration:
+```toml
+# Read stats from aerospike server(s)
+[[inputs.aerospike]]
+  ## Aerospike servers to connect to (with port)
+  ## This plugin will query all namespaces the aerospike
+  ## server has configured and get stats for them.
+  servers = ["localhost:3000"]
+
+  # username = "telegraf"
+  # password = "pa$$word"
+
+  ## Optional TLS Config
+  # enable_tls = false
+  # tls_ca = "/etc/telegraf/ca.pem"
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key = "/etc/telegraf/key.pem"
+  ## If false, skip chain & host verification
+  # insecure_skip_verify = true
+```
+
 ### Measurements:
 
 The aerospike metrics are under two measurement names:
diff --git a/plugins/inputs/aerospike/aerospike.go b/plugins/inputs/aerospike/aerospike.go
index f77fdf10..3caee7e7 100644
--- a/plugins/inputs/aerospike/aerospike.go
+++ b/plugins/inputs/aerospike/aerospike.go
@@ -1,6 +1,7 @@
 package aerospike
 
 import (
+	"crypto/tls"
 	"errors"
 	"log"
 	"net"
@@ -10,13 +11,24 @@ import (
 	"time"
 
 	"github.com/influxdata/telegraf"
+	tlsint "github.com/influxdata/telegraf/internal/tls"
 	"github.com/influxdata/telegraf/plugins/inputs"
 
 	as "github.com/aerospike/aerospike-client-go"
 )
 
 type Aerospike struct {
-	Servers []string
+	Servers []string `toml:"servers"`
+
+	Username string `toml:"username"`
+	Password string `toml:"password"`
+
+	EnableTLS bool `toml:"enable_tls"`
+	EnableSSL bool `toml:"enable_ssl"` // deprecated in 1.7; use enable_tls
+	tlsint.ClientConfig
+
+	initialized bool
+	tlsConfig   *tls.Config
 }
 
 var sampleConfig = `
@@ -24,6 +36,17 @@ var sampleConfig = `
   ## This plugin will query all namespaces the aerospike
   ## server has configured and get stats for them.
   servers = ["localhost:3000"]
+
+  # username = "telegraf"
+  # password = "pa$$word"
+
+  ## Optional TLS Config
+  # enable_tls = false
+  # tls_ca = "/etc/telegraf/ca.pem"
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key = "/etc/telegraf/key.pem"
+  ## If false, skip chain & host verification
+  # insecure_skip_verify = true
  `
 
 func (a *Aerospike) SampleConfig() string {
@@ -35,6 +58,18 @@ func (a *Aerospike) Description() string {
 }
 
 func (a *Aerospike) Gather(acc telegraf.Accumulator) error {
+	if !a.initialized {
+		tlsConfig, err := a.ClientConfig.TLSConfig()
+		if err != nil {
+			return err
+		}
+		if tlsConfig == nil && (a.EnableTLS || a.EnableSSL) {
+			tlsConfig = &tls.Config{}
+		}
+		a.tlsConfig = tlsConfig
+		a.initialized = true
+	}
+
 	if len(a.Servers) == 0 {
 		return a.gatherServer("127.0.0.1:3000", acc)
 	}
@@ -63,7 +98,11 @@ func (a *Aerospike) gatherServer(hostport string, acc telegraf.Accumulator) erro
 		iport = 3000
 	}
 
-	c, err := as.NewClient(host, iport)
+	policy := as.NewClientPolicy()
+	policy.User = a.Username
+	policy.Password = a.Password
+	policy.TlsConfig = a.tlsConfig
+	c, err := as.NewClientWithPolicy(policy, host, iport)
 	if err != nil {
 		return err
 	}
-- 
GitLab