Merge pull request #2195 from pabrahamsson/elastic_ssl

[elastic] Add support for SSL (Elasticsearch Shield)
DataDog · Apr 25, 2016 · e0cf5cf · e0cf5cf
2 parents 69d7233 + 165635e
commit e0cf5cf
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 1 deletion.
diff --git a/checks.d/elastic.py b/checks.d/elastic.py
@@ -31,6 +31,9 @@ class NodeNotFound(Exception):
         'url',
         'username',
         'pending_task_stats',
+        'ssl_verify',
+        'ssl_cert',
+        'ssl_key',
     ])
 
 
@@ -298,6 +301,9 @@ def get_instance_config(self, instance):
             cluster_stats=cluster_stats,
             password=instance.get('password'),
             service_check_tags=service_check_tags,
+            ssl_cert=instance.get('ssl_cert'),
+            ssl_key=instance.get('ssl_key'),
+            ssl_verify=instance.get('ssl_verify'),
             tags=tags,
             timeout=timeout,
             url=url,
@@ -445,12 +451,27 @@ def _get_data(self, url, config, send_sc=True):
         else:
             auth = None
 
+        # Load SSL configuration, if available.
+        # ssl_verify can be a bool or a string (http://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification)
+        if isinstance(config.ssl_verify, bool) or isinstance(config.ssl_verify, str):
+            verify = config.ssl_verify
+        else:
+            verify = None
+        if config.ssl_cert and config.ssl_key:
+            cert = (config.ssl_cert, config.ssl_key)
+        elif config.ssl_cert:
+            cert = config.ssl_cert
+        else:
+            cert = None
+
         try:
             resp = requests.get(
                 url,
                 timeout=config.timeout,
                 headers=headers(self.agentConfig),
-                auth=auth
+                auth=auth,
+                verify=verify,
+                cert=cert
             )
             resp.raise_for_status()
         except Exception as e:

diff --git a/conf.d/elastic.yaml.example b/conf.d/elastic.yaml.example
@@ -35,6 +35,9 @@ instances:
     # cluster_stats: false
     # pshard_stats: false
     # pending_task_stats: true
+    # ssl_verify: false
+    # ssl_cert: /path/to/cert.pem
+    # ssl_key: /path/to/cert.key
     # tags:
     #   - 'tag1:key1'
     #   - 'tag2:key2'
diff --git a/tests/checks/integration/test_elastic.py b/tests/checks/integration/test_elastic.py
@@ -383,6 +383,27 @@ def test_config_parser(self):
         self.assertEquals(c.service_check_tags,
                           ["host:192.168.42.42", "port:12999"])
 
+        instance = {
+            "username": "user",
+            "password": "pass",
+            "url": "https://foo.bar:9200",
+            "ssl_verify": "true",
+            "ssl_cert": "/path/to/cert.pem",
+            "ssl_key": "/path/to/cert.key",
+        }
+
+        c = check.get_instance_config(instance)
+        self.assertEquals(c.username, "user")
+        self.assertEquals(c.password, "pass")
+        self.assertEquals(c.cluster_stats, False)
+        self.assertEquals(c.url, "https://foo.bar:9200")
+        self.assertEquals(c.tags, ["url:https://foo.bar:9200"])
+        self.assertEquals(c.timeout, check.DEFAULT_TIMEOUT)
+        self.assertEquals(c.service_check_tags, ["host:foo.bar", "port:9200"])
+        self.assertEquals(c.ssl_verify, "true")
+        self.assertEquals(c.ssl_cert, "/path/to/cert.pem")
+        self.assertEquals(c.ssl_key, "/path/to/cert.key")
+
     def test_health_event(self):
         dummy_tags = ['foo:bar', 'elastique:recherche']
         config = {'instances': [