New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mgr/influx: Add InfluxDB SSL Option #19374
Conversation
Hmm, I have ##19229 open with a bunch more fixes. Should we maybe combine this into one PR? |
src/pybind/mgr/influx/module.py
Outdated
ssl = False | ||
|
||
# Verify https cert | ||
verify_ssl = self.get_config("verify_ssl", default="false") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we make verify_ssl true by default? It feels a bit dangerous to have a "ssl=true" setting that by default doesn't validate the certs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the influxdb client also defaults to false
https://github.com/influxdata/influxdb-python/blob/master/influxdb/client.py#L71
a0491a5
to
950ea0c
Compare
src/pybind/mgr/influx/module.py
Outdated
@@ -45,6 +45,8 @@ class Module(MgrModule): | |||
'username': None, | |||
'password': None, | |||
'interval': 5 | |||
'ssl': 'false', | |||
'verify_ssl': 'false', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't they both be a boolean instead of a string?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The get_config
command returns strings and the influxdb-client expects bool.
In every case I need to cast to bool.
If I would set the defaults to True
I would need one more cast, because:
True == 'true'
False
self.config['ssl'] = ssl.lower() == 'true' | ||
verify_ssl = \ | ||
self.get_config("verify_ssl", default=self.config_keys['verify_ssl']) | ||
self.config['verify_ssl'] = verify_ssl.lower() == 'true' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see you cast from String to Bool here, but how does that work when somebody changes the configuration on runtime?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did not recognized this dynamic option. I will fix this.
Do we want verify_ssl
to be true by default?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I was a bit busy with a lot of things. Looking good to me! LGTM |
Add possibility to connect to InfluxDB via https. Also adding the option for verifying the https cert. Signed-off-by: Tobias Gall <tobias.gall@mailbox.org>
Add possibility to connect to InfluxDB via https.
Also adding the option for verifying the https cert.