From 633dfe2a193e148a10c40c2e32380bdf5810921f Mon Sep 17 00:00:00 2001
From: Daniel Nelson <daniel.nelson@influxdb.com>
Date: Fri, 2 Aug 2019 16:56:49 -0700
Subject: [PATCH] Add secure option to NATS output to mirror input

---
 plugins/outputs/nats/README.md | 21 +++++++--------------
 plugins/outputs/nats/nats.go   | 28 ++++++++++++++--------------
 2 files changed, 21 insertions(+), 28 deletions(-)

diff --git a/plugins/outputs/nats/README.md b/plugins/outputs/nats/README.md
index d9462650a..f6dc04f53 100644
--- a/plugins/outputs/nats/README.md
+++ b/plugins/outputs/nats/README.md
@@ -2,7 +2,7 @@
 
 This plugin writes to a (list of) specified NATS instance(s).
 
-```
+```toml
 [[outputs.nats]]
   ## URLs of NATS servers
   servers = ["nats://localhost:4222"]
@@ -11,9 +11,14 @@ This plugin writes to a (list of) specified NATS instance(s).
   # password = ""
   ## NATS subject for producer messages
   subject = "telegraf"
+
+  ## Use Transport Layer Security
+  # secure = false
+
   ## Optional TLS Config
-  ## CA certificate used to self-sign NATS server(s) TLS certificate(s)
   # tls_ca = "/etc/telegraf/ca.pem"
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key = "/etc/telegraf/key.pem"
   ## Use TLS but skip chain & host verification
   # insecure_skip_verify = false
 
@@ -23,15 +28,3 @@ This plugin writes to a (list of) specified NATS instance(s).
   ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md
   data_format = "influx"
 ```
-
-### Required parameters:
-
-* `servers`:  List of strings, this is for NATS clustering support. Each URL should start with `nats://`.
-* `subject`: The NATS subject to publish to.
-
-### Optional parameters:
-
-* `username`: Username for NATS
-* `password`: Password for NATS
-* `tls_ca`: TLS CA
-* `insecure_skip_verify`: Use SSL but skip chain & host verification (default: false)
diff --git a/plugins/outputs/nats/nats.go b/plugins/outputs/nats/nats.go
index ef2c4bbf2..e4817d6c9 100644
--- a/plugins/outputs/nats/nats.go
+++ b/plugins/outputs/nats/nats.go
@@ -12,13 +12,11 @@ import (
 )
 
 type NATS struct {
-	// Servers is the NATS server pool to connect to
-	Servers []string
-	// Credentials
-	Username string
-	Password string
-	// NATS subject to publish metrics to
-	Subject string
+	Servers  []string `toml:"servers"`
+	Secure   bool     `toml:"secure"`
+	Username string   `toml:"username"`
+	Password string   `toml:"password"`
+	Subject  string   `toml:"subject"`
 	tls.ClientConfig
 
 	conn       *nats_client.Conn
@@ -34,6 +32,9 @@ var sampleConfig = `
   ## NATS subject for producer messages
   subject = "telegraf"
 
+  ## Use Transport Layer Security
+  # secure = false
+
   ## Optional TLS Config
   # tls_ca = "/etc/telegraf/ca.pem"
   # tls_cert = "/etc/telegraf/cert.pem"
@@ -70,13 +71,12 @@ func (n *NATS) Connect() error {
 		opts.Password = n.Password
 	}
 
-	// override TLS, if it was specified
-	tlsConfig, err := n.ClientConfig.TLSConfig()
-	if err != nil {
-		return err
-	}
-	if tlsConfig != nil {
-		// set NATS connection TLS options
+	if n.Secure {
+		tlsConfig, err := n.ClientConfig.TLSConfig()
+		if err != nil {
+			return err
+		}
+
 		opts.Secure = true
 		opts.TLSConfig = tlsConfig
 	}