From 93ed28e7453f6b7ab00d1544e1b6eb88022570b1 Mon Sep 17 00:00:00 2001
From: Daniel Nelson <daniel@wavesofdawn.com>
Date: Tue, 31 Jul 2018 15:07:21 -0700
Subject: [PATCH] Add support for configuring an AWS endpoint_url (#4485)

---
 internal/config/aws/credentials.go       | 21 ++++++++------
 plugins/inputs/cloudwatch/README.md      |  6 ++++
 plugins/inputs/cloudwatch/cloudwatch.go  | 36 +++++++++++++++---------
 plugins/outputs/cloudwatch/cloudwatch.go | 36 +++++++++++++++---------
 plugins/outputs/kinesis/kinesis.go       | 36 +++++++++++++++---------
 5 files changed, 84 insertions(+), 51 deletions(-)

diff --git a/internal/config/aws/credentials.go b/internal/config/aws/credentials.go
index b1f57fceb..1e4f91b13 100644
--- a/internal/config/aws/credentials.go
+++ b/internal/config/aws/credentials.go
@@ -9,13 +9,14 @@ import (
 )
 
 type CredentialConfig struct {
-	Region    string
-	AccessKey string
-	SecretKey string
-	RoleARN   string
-	Profile   string
-	Filename  string
-	Token     string
+	Region      string
+	AccessKey   string
+	SecretKey   string
+	RoleARN     string
+	Profile     string
+	Filename    string
+	Token       string
+	EndpointURL string
 }
 
 func (c *CredentialConfig) Credentials() client.ConfigProvider {
@@ -28,7 +29,8 @@ func (c *CredentialConfig) Credentials() client.ConfigProvider {
 
 func (c *CredentialConfig) rootCredentials() client.ConfigProvider {
 	config := &aws.Config{
-		Region: aws.String(c.Region),
+		Region:   aws.String(c.Region),
+		Endpoint: &c.EndpointURL,
 	}
 	if c.AccessKey != "" || c.SecretKey != "" {
 		config.Credentials = credentials.NewStaticCredentials(c.AccessKey, c.SecretKey, c.Token)
@@ -42,7 +44,8 @@ func (c *CredentialConfig) rootCredentials() client.ConfigProvider {
 func (c *CredentialConfig) assumeCredentials() client.ConfigProvider {
 	rootCredentials := c.rootCredentials()
 	config := &aws.Config{
-		Region: aws.String(c.Region),
+		Region:   aws.String(c.Region),
+		Endpoint: &c.EndpointURL,
 	}
 	config.Credentials = stscreds.NewCredentials(rootCredentials, c.RoleARN)
 	return session.New(config)
diff --git a/plugins/inputs/cloudwatch/README.md b/plugins/inputs/cloudwatch/README.md
index 88a5b098f..dfb5bf95d 100644
--- a/plugins/inputs/cloudwatch/README.md
+++ b/plugins/inputs/cloudwatch/README.md
@@ -35,6 +35,12 @@ API endpoint. In the following order the plugin will attempt to authenticate.
   #profile = ""
   #shared_credential_file = ""
 
+  ## Endpoint to make request against, the correct endpoint is automatically
+  ## determined and this option should only be set if you wish to override the
+  ## default.
+  ##   ex: endpoint_url = "http://localhost:8000"
+  # endpoint_url = ""
+
   # The minimum period for Cloudwatch metrics is 1 minute (60s). However not all
   # metrics are made available to the 1 minute period. Some are collected at
   # 3 minute, 5 minute, or larger intervals. See https://aws.amazon.com/cloudwatch/faqs/#monitoring.
diff --git a/plugins/inputs/cloudwatch/cloudwatch.go b/plugins/inputs/cloudwatch/cloudwatch.go
index b4f91f745..9ba15b6ac 100644
--- a/plugins/inputs/cloudwatch/cloudwatch.go
+++ b/plugins/inputs/cloudwatch/cloudwatch.go
@@ -19,13 +19,14 @@ import (
 
 type (
 	CloudWatch struct {
-		Region    string `toml:"region"`
-		AccessKey string `toml:"access_key"`
-		SecretKey string `toml:"secret_key"`
-		RoleARN   string `toml:"role_arn"`
-		Profile   string `toml:"profile"`
-		Filename  string `toml:"shared_credential_file"`
-		Token     string `toml:"token"`
+		Region      string `toml:"region"`
+		AccessKey   string `toml:"access_key"`
+		SecretKey   string `toml:"secret_key"`
+		RoleARN     string `toml:"role_arn"`
+		Profile     string `toml:"profile"`
+		Filename    string `toml:"shared_credential_file"`
+		Token       string `toml:"token"`
+		EndpointURL string `toml:"endpoint_url"`
 
 		Period      internal.Duration `toml:"period"`
 		Delay       internal.Duration `toml:"delay"`
@@ -79,6 +80,12 @@ func (c *CloudWatch) SampleConfig() string {
   #profile = ""
   #shared_credential_file = ""
 
+  ## Endpoint to make request against, the correct endpoint is automatically
+  ## determined and this option should only be set if you wish to override the
+  ## default.
+  ##   ex: endpoint_url = "http://localhost:8000"
+  # endpoint_url = ""
+
   # The minimum period for Cloudwatch metrics is 1 minute (60s). However not all
   # metrics are made available to the 1 minute period. Some are collected at
   # 3 minute, 5 minute, or larger intervals. See https://aws.amazon.com/cloudwatch/faqs/#monitoring.
@@ -224,13 +231,14 @@ func init() {
  */
 func (c *CloudWatch) initializeCloudWatch() error {
 	credentialConfig := &internalaws.CredentialConfig{
-		Region:    c.Region,
-		AccessKey: c.AccessKey,
-		SecretKey: c.SecretKey,
-		RoleARN:   c.RoleARN,
-		Profile:   c.Profile,
-		Filename:  c.Filename,
-		Token:     c.Token,
+		Region:      c.Region,
+		AccessKey:   c.AccessKey,
+		SecretKey:   c.SecretKey,
+		RoleARN:     c.RoleARN,
+		Profile:     c.Profile,
+		Filename:    c.Filename,
+		Token:       c.Token,
+		EndpointURL: c.EndpointURL,
 	}
 	configProvider := credentialConfig.Credentials()
 
diff --git a/plugins/outputs/cloudwatch/cloudwatch.go b/plugins/outputs/cloudwatch/cloudwatch.go
index f7ccc1fee..52ab41a28 100644
--- a/plugins/outputs/cloudwatch/cloudwatch.go
+++ b/plugins/outputs/cloudwatch/cloudwatch.go
@@ -17,13 +17,14 @@ import (
 )
 
 type CloudWatch struct {
-	Region    string `toml:"region"`
-	AccessKey string `toml:"access_key"`
-	SecretKey string `toml:"secret_key"`
-	RoleARN   string `toml:"role_arn"`
-	Profile   string `toml:"profile"`
-	Filename  string `toml:"shared_credential_file"`
-	Token     string `toml:"token"`
+	Region      string `toml:"region"`
+	AccessKey   string `toml:"access_key"`
+	SecretKey   string `toml:"secret_key"`
+	RoleARN     string `toml:"role_arn"`
+	Profile     string `toml:"profile"`
+	Filename    string `toml:"shared_credential_file"`
+	Token       string `toml:"token"`
+	EndpointURL string `toml:"endpoint_url"`
 
 	Namespace string `toml:"namespace"` // CloudWatch Metrics Namespace
 	svc       *cloudwatch.CloudWatch
@@ -48,6 +49,12 @@ var sampleConfig = `
   #profile = ""
   #shared_credential_file = ""
 
+  ## Endpoint to make request against, the correct endpoint is automatically
+  ## determined and this option should only be set if you wish to override the
+  ## default.
+  ##   ex: endpoint_url = "http://localhost:8000"
+  # endpoint_url = ""
+
   ## Namespace for the CloudWatch MetricDatums
   namespace = "InfluxData/Telegraf"
 `
@@ -62,13 +69,14 @@ func (c *CloudWatch) Description() string {
 
 func (c *CloudWatch) Connect() error {
 	credentialConfig := &internalaws.CredentialConfig{
-		Region:    c.Region,
-		AccessKey: c.AccessKey,
-		SecretKey: c.SecretKey,
-		RoleARN:   c.RoleARN,
-		Profile:   c.Profile,
-		Filename:  c.Filename,
-		Token:     c.Token,
+		Region:      c.Region,
+		AccessKey:   c.AccessKey,
+		SecretKey:   c.SecretKey,
+		RoleARN:     c.RoleARN,
+		Profile:     c.Profile,
+		Filename:    c.Filename,
+		Token:       c.Token,
+		EndpointURL: c.EndpointURL,
 	}
 	configProvider := credentialConfig.Credentials()
 
diff --git a/plugins/outputs/kinesis/kinesis.go b/plugins/outputs/kinesis/kinesis.go
index d77ff08a5..014379146 100644
--- a/plugins/outputs/kinesis/kinesis.go
+++ b/plugins/outputs/kinesis/kinesis.go
@@ -17,13 +17,14 @@ import (
 
 type (
 	KinesisOutput struct {
-		Region    string `toml:"region"`
-		AccessKey string `toml:"access_key"`
-		SecretKey string `toml:"secret_key"`
-		RoleARN   string `toml:"role_arn"`
-		Profile   string `toml:"profile"`
-		Filename  string `toml:"shared_credential_file"`
-		Token     string `toml:"token"`
+		Region      string `toml:"region"`
+		AccessKey   string `toml:"access_key"`
+		SecretKey   string `toml:"secret_key"`
+		RoleARN     string `toml:"role_arn"`
+		Profile     string `toml:"profile"`
+		Filename    string `toml:"shared_credential_file"`
+		Token       string `toml:"token"`
+		EndpointURL string `toml:"endpoint_url"`
 
 		StreamName         string     `toml:"streamname"`
 		PartitionKey       string     `toml:"partitionkey"`
@@ -60,6 +61,12 @@ var sampleConfig = `
   #profile = ""
   #shared_credential_file = ""
 
+  ## Endpoint to make request against, the correct endpoint is automatically
+  ## determined and this option should only be set if you wish to override the
+  ## default.
+  ##   ex: endpoint_url = "http://localhost:8000"
+  # endpoint_url = ""
+
   ## Kinesis StreamName must exist prior to starting telegraf.
   streamname = "StreamName"
   ## DEPRECATED: PartitionKey as used for sharding data.
@@ -126,13 +133,14 @@ func (k *KinesisOutput) Connect() error {
 	}
 
 	credentialConfig := &internalaws.CredentialConfig{
-		Region:    k.Region,
-		AccessKey: k.AccessKey,
-		SecretKey: k.SecretKey,
-		RoleARN:   k.RoleARN,
-		Profile:   k.Profile,
-		Filename:  k.Filename,
-		Token:     k.Token,
+		Region:      k.Region,
+		AccessKey:   k.AccessKey,
+		SecretKey:   k.SecretKey,
+		RoleARN:     k.RoleARN,
+		Profile:     k.Profile,
+		Filename:    k.Filename,
+		Token:       k.Token,
+		EndpointURL: k.EndpointURL,
 	}
 	configProvider := credentialConfig.Credentials()
 	svc := kinesis.New(configProvider)