Merge pull request #34 from newrelic/mmacias-validatecerts

Added validate_certs configuration option

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## 1.5.0 (2019-12-10)
+## Added
+- Added `validate_certs` configuration option (default: `true`). Set it to `false` if you have self-signed certificates
+  and want to avoid the integration to fail.
+
 ## 1.4.0 (2019-11-15)
 ### Changed
 - Renamed the integration executable from nr-apache to nri-apache in order to be consistent with the package naming. **Important Note:** if you have any security module rules (eg. SELinux), alerts or automation that depends on the name of this binary, these will have to be updated.

src/apache.go

@@ -3,12 +3,13 @@ package main
 import (
 	"errors"
 	"fmt"
-	"github.com/newrelic/infra-integrations-sdk/data/metric"
-	"github.com/newrelic/infra-integrations-sdk/persist"
 	"net/url"
 	"os"
 	"time"
 
+	"github.com/newrelic/infra-integrations-sdk/data/metric"
+	"github.com/newrelic/infra-integrations-sdk/persist"
+
 	sdkArgs "github.com/newrelic/infra-integrations-sdk/args"
 	"github.com/newrelic/infra-integrations-sdk/integration"
 	"github.com/newrelic/infra-integrations-sdk/log"
@@ -20,11 +21,12 @@ type argumentList struct {
 	CABundleFile     string `default:"" help:"Alternative Certificate Authority bundle file"`
 	CABundleDir      string `default:"" help:"Alternative Certificate Authority bundle directory"`
 	RemoteMonitoring bool   `default:"false" help:"Identifies the monitored entity as 'remote'. In doubt: set to true."`
+	ValidateCerts    bool   `default:"true" help:"If the status URL is HTTPS with a self-signed certificate, set this to false if you want to avoid certificate validation"`
 }
 
 const (
 	integrationName    = "com.newrelic.apache"
-	integrationVersion = "1.4.0"
+	integrationVersion = "1.5.0"
 
 	defaultHTTPTimeout = time.Second * 1
 
@@ -63,9 +65,10 @@ func main() {
 
 		ms := metricSet(e, "ApacheSample", hostname, port, args.RemoteMonitoring)
 		provider := &Status{
-			CABundleDir:  args.CABundleDir,
-			CABundleFile: args.CABundleFile,
-			HTTPTimeout:  defaultHTTPTimeout,
+			CABundleDir:   args.CABundleDir,
+			CABundleFile:  args.CABundleFile,
+			HTTPTimeout:   defaultHTTPTimeout,
+			ValidateCerts: args.ValidateCerts,
 		}
 		fatalIfErr(getMetricsData(provider, ms))
 	}

src/status.go

@@ -17,17 +17,14 @@ import (
 
 // Status will create new HTTP client based on its configuration
 type Status struct {
-	CABundleFile string
-	CABundleDir  string
-	HTTPTimeout  time.Duration
+	CABundleFile  string
+	CABundleDir   string
+	ValidateCerts bool
+	HTTPTimeout   time.Duration
 }
 
 // NewClient creates a new http.Client based on the provider's configuration
 func (p Status) NewClient() *http.Client {
-	return httpClient(p.CABundleFile, p.CABundleDir, p.HTTPTimeout)
-}
-
-func httpClient(certFile string, certDirectory string, httpTimeout time.Duration) *http.Client {
 	// go default http transport settings
 	transport := &http.Transport{
 		Proxy:                 http.ProxyFromEnvironment,
@@ -38,12 +35,19 @@ func httpClient(certFile string, certDirectory string, httpTimeout time.Duration
 		ExpectContinueTimeout: 1 * time.Second,
 	}
 
-	if certFile != "" || certDirectory != "" {
-		transport.TLSClientConfig = &tls.Config{RootCAs: getCertPool(certFile, certDirectory)}
+	if p.CABundleFile != "" || p.CABundleDir != "" {
+		transport.TLSClientConfig = &tls.Config{RootCAs: getCertPool(p.CABundleFile, p.CABundleDir)}
+	}
+	if !p.ValidateCerts {
+		if transport.TLSClientConfig == nil {
+			transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		} else {
+			transport.TLSClientConfig.InsecureSkipVerify = true
+		}
 	}
 
 	return &http.Client{
-		Timeout:   httpTimeout * time.Second,
+		Timeout:   p.HTTPTimeout * time.Second,
 		Transport: transport,
 	}
 }

src/status_test.go

@@ -103,9 +103,10 @@ func TestNewClient(t *testing.T) {
 	ca3.WriteString(yetAnotherCA)
 
 	c := Status{
-		CABundleFile: ca1.Name(),
-		CABundleDir:  tempDir,
-		HTTPTimeout:  30,
+		CABundleFile:  ca1.Name(),
+		CABundleDir:   tempDir,
+		HTTPTimeout:   30,
+		ValidateCerts: true,
 	}.NewClient()
 
 	eTimeout := 30 * time.Second