From e8fc3ca70c2abc45af0fdf6fa7ab5cf689716586 Mon Sep 17 00:00:00 2001
From: Daniel Nelson <daniel@wavesofdawn.com>
Date: Fri, 23 Mar 2018 11:53:18 -0700
Subject: [PATCH] Add TLS support to kapacitor input (#3927)

---
 plugins/inputs/kapacitor/README.md    |  7 +++++
 plugins/inputs/kapacitor/kapacitor.go | 39 ++++++++++++++++++++++++++-
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/plugins/inputs/kapacitor/README.md b/plugins/inputs/kapacitor/README.md
index 822aef1b..ae5b365d 100644
--- a/plugins/inputs/kapacitor/README.md
+++ b/plugins/inputs/kapacitor/README.md
@@ -14,6 +14,13 @@ The Kapacitor plugin will collect metrics from the given Kapacitor instances.
 
   ## Time limit for http requests
   timeout = "5s"
+
+  ## Optional SSL Config
+  # ssl_ca = "/etc/telegraf/ca.pem"
+  # ssl_cert = "/etc/telegraf/cert.pem"
+  # ssl_key = "/etc/telegraf/key.pem"
+  ## Use SSL but skip chain & host verification
+  # insecure_skip_verify = false
 ```
 
 ### Measurements & Fields
diff --git a/plugins/inputs/kapacitor/kapacitor.go b/plugins/inputs/kapacitor/kapacitor.go
index 4c75bd0c..ea0ca055 100644
--- a/plugins/inputs/kapacitor/kapacitor.go
+++ b/plugins/inputs/kapacitor/kapacitor.go
@@ -21,6 +21,15 @@ type Kapacitor struct {
 
 	Timeout internal.Duration
 
+	// Path to CA file
+	SSLCA string `toml:"ssl_ca"`
+	// Path to host cert file
+	SSLCert string `toml:"ssl_cert"`
+	// Path to cert key file
+	SSLKey string `toml:"ssl_key"`
+	// Use SSL but skip chain & host verification
+	InsecureSkipVerify bool
+
 	client *http.Client
 }
 
@@ -38,12 +47,23 @@ func (*Kapacitor) SampleConfig() string {
 
   ## Time limit for http requests
   timeout = "5s"
+
+  ## Optional SSL Config
+  # ssl_ca = "/etc/telegraf/ca.pem"
+  # ssl_cert = "/etc/telegraf/cert.pem"
+  # ssl_key = "/etc/telegraf/key.pem"
+  ## Use SSL but skip chain & host verification
+  # insecure_skip_verify = false
 `
 }
 
 func (k *Kapacitor) Gather(acc telegraf.Accumulator) error {
 	if k.client == nil {
-		k.client = &http.Client{Timeout: k.Timeout.Duration}
+		client, err := k.createHttpClient()
+		if err != nil {
+			return err
+		}
+		k.client = client
 	}
 
 	var wg sync.WaitGroup
@@ -61,6 +81,23 @@ func (k *Kapacitor) Gather(acc telegraf.Accumulator) error {
 	return nil
 }
 
+func (k *Kapacitor) createHttpClient() (*http.Client, error) {
+	tlsCfg, err := internal.GetTLSConfig(
+		k.SSLCert, k.SSLKey, k.SSLCA, k.InsecureSkipVerify)
+	if err != nil {
+		return nil, err
+	}
+
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: tlsCfg,
+		},
+		Timeout: k.Timeout.Duration,
+	}
+
+	return client, nil
+}
+
 type object struct {
 	Name   string                 `json:"name"`
 	Values map[string]interface{} `json:"values"`
-- 
GitLab