Fix TLS and SSL config option parsing (#4247)

This commit is contained in:
Daniel Nelson 2018-06-06 18:29:59 -07:00 committed by GitHub
parent 312843cb0b
commit 661cdc4e81
5 changed files with 31 additions and 19 deletions

2
Godeps
View File

@ -34,7 +34,7 @@ github.com/hailocab/go-hostpool e80d13ce29ede4452c43dea11e79b9bc8a15b478
github.com/hashicorp/consul 5174058f0d2bda63fa5198ab96c33d9a909c58ed
github.com/influxdata/go-syslog 84f3b60009444d298f97454feb1f20cf91d1fa6e
github.com/influxdata/tail c43482518d410361b6c383d7aebce33d0471d7bc
github.com/influxdata/toml 5d1d907f22ead1cd47adde17ceec5bda9cacaf8f
github.com/influxdata/toml 2a2e3012f7cfbef64091cc79776311e65dfa211b
github.com/influxdata/wlog 7c63b0a71ef8300adc255344d275e10e5c3a71ec
github.com/fsnotify/fsnotify c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9
github.com/jackc/pgx 63f58fd32edb5684b9e9f4cfaac847c6b42b3917

View File

@ -17,7 +17,7 @@ type ClientConfig struct {
// Deprecated in 1.7; use TLS variables above
SSLCA string `toml:"ssl_ca"`
SSLCert string `toml:"ssl_cert"`
SSLKey string `toml:"ssl_ca"`
SSLKey string `toml:"ssl_key"`
}
// ServerConfig represents the standard server TLS config.

View File

@ -14,7 +14,7 @@ To use this plugin you must enable the [monitoring](https://www.openldap.org/dev
# ldaps, starttls, or no encryption. default is an empty string, disabling all encryption.
# note that port will likely need to be changed to 636 for ldaps
# valid options: "" | "starttls" | "ldaps"
ssl = ""
tls = ""
# skip peer certificate verification. Default is false.
insecure_skip_verify = false

View File

@ -15,9 +15,11 @@ import (
type Openldap struct {
Host string
Port int
Ssl string
SSL string `toml:"ssl"` // Deprecated in 1.7; use TLS
TLS string `toml:"tls"`
InsecureSkipVerify bool
SslCa string
SSLCA string `toml:"ssl_ca"` // Deprecated in 1.7; use TLSCA
TLSCA string `toml:"tls_ca"`
BindDn string
BindPassword string
ReverseMetricNames bool
@ -30,7 +32,7 @@ const sampleConfig string = `
# ldaps, starttls, or no encryption. default is an empty string, disabling all encryption.
# note that port will likely need to be changed to 636 for ldaps
# valid options: "" | "starttls" | "ldaps"
ssl = ""
tls = ""
# skip peer certificate verification. Default is false.
insecure_skip_verify = false
@ -70,9 +72,11 @@ func NewOpenldap() *Openldap {
return &Openldap{
Host: "localhost",
Port: 389,
Ssl: "",
SSL: "",
TLS: "",
InsecureSkipVerify: false,
SslCa: "",
SSLCA: "",
TLSCA: "",
BindDn: "",
BindPassword: "",
ReverseMetricNames: false,
@ -81,12 +85,19 @@ func NewOpenldap() *Openldap {
// gather metrics
func (o *Openldap) Gather(acc telegraf.Accumulator) error {
if o.TLS == "" {
o.TLS = o.SSL
}
if o.TLSCA == "" {
o.TLSCA = o.SSLCA
}
var err error
var l *ldap.Conn
if o.Ssl != "" {
if o.TLS != "" {
// build tls config
clientTLSConfig := tls.ClientConfig{
SSLCA: o.SslCa,
TLSCA: o.TLSCA,
InsecureSkipVerify: o.InsecureSkipVerify,
}
tlsConfig, err := clientTLSConfig.TLSConfig()
@ -94,13 +105,13 @@ func (o *Openldap) Gather(acc telegraf.Accumulator) error {
acc.AddError(err)
return nil
}
if o.Ssl == "ldaps" {
if o.TLS == "ldaps" {
l, err = ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", o.Host, o.Port), tlsConfig)
if err != nil {
acc.AddError(err)
return nil
}
} else if o.Ssl == "starttls" {
} else if o.TLS == "starttls" {
l, err = ldap.Dial("tcp", fmt.Sprintf("%s:%d", o.Host, o.Port))
if err != nil {
acc.AddError(err)
@ -108,7 +119,7 @@ func (o *Openldap) Gather(acc telegraf.Accumulator) error {
}
err = l.StartTLS(tlsConfig)
} else {
acc.AddError(fmt.Errorf("Invalid setting for ssl: %s", o.Ssl))
acc.AddError(fmt.Errorf("Invalid setting for ssl: %s", o.TLS))
return nil
}
} else {

View File

@ -1,10 +1,11 @@
package openldap
import (
"gopkg.in/ldap.v2"
"strconv"
"testing"
"gopkg.in/ldap.v2"
"github.com/influxdata/telegraf/testutil"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@ -74,7 +75,7 @@ func TestOpenldapStartTLS(t *testing.T) {
o := &Openldap{
Host: testutil.GetLocalHost(),
Port: 389,
Ssl: "starttls",
SSL: "starttls",
InsecureSkipVerify: true,
}
@ -92,7 +93,7 @@ func TestOpenldapLDAPS(t *testing.T) {
o := &Openldap{
Host: testutil.GetLocalHost(),
Port: 636,
Ssl: "ldaps",
SSL: "ldaps",
InsecureSkipVerify: true,
}
@ -110,7 +111,7 @@ func TestOpenldapInvalidSSL(t *testing.T) {
o := &Openldap{
Host: testutil.GetLocalHost(),
Port: 636,
Ssl: "invalid",
SSL: "invalid",
InsecureSkipVerify: true,
}
@ -129,7 +130,7 @@ func TestOpenldapBind(t *testing.T) {
o := &Openldap{
Host: testutil.GetLocalHost(),
Port: 389,
Ssl: "",
SSL: "",
InsecureSkipVerify: true,
BindDn: "cn=manager,cn=config",
BindPassword: "secret",
@ -157,7 +158,7 @@ func TestOpenldapReverseMetrics(t *testing.T) {
o := &Openldap{
Host: testutil.GetLocalHost(),
Port: 389,
Ssl: "",
SSL: "",
InsecureSkipVerify: true,
BindDn: "cn=manager,cn=config",
BindPassword: "secret",