From ddd827ba03263390fccabb44e597c9e512b9f160 Mon Sep 17 00:00:00 2001
From: Diogo Kiss <dki@tradeshift.com>
Date: Tue, 3 Nov 2015 14:37:25 +0100
Subject: [PATCH] [check_consul] add SSL support to Consul checks.

---
 checks.d/consul.py         | 14 +++++++++++++-
 conf.d/consul.yaml.example | 15 +++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/checks.d/consul.py b/checks.d/consul.py
index 48116257da..638baaa215 100644
--- a/checks.d/consul.py
+++ b/checks.d/consul.py
@@ -40,7 +40,19 @@ def __init__(self, name, init_config, agentConfig, instances=None):
     def consul_request(self, instance, endpoint):
         url = urljoin(instance.get('url'), endpoint)
         try:
-            resp = requests.get(url)
+
+            clientcertfile = instance.get('client_cert_file', self.init_config.get('client_cert_file', False))
+            privatekeyfile = instance.get('private_key_file', self.init_config.get('private_key_file', False))
+            cabundlefile = instance.get('ca_bundle_file', self.init_config.get('ca_bundle_file', True))
+
+            if clientcertfile:
+                if privatekeyfile:
+                    resp = requests.get(url, cert=(clientcertfile,privatekeyfile), verify=cabundlefile)
+                else:
+                    resp = requests.get(url, cert=clientcertfile, verify=cabundlefile)
+            else:
+                resp = requests.get(url, verify=cabundlefile)
+
         except requests.exceptions.Timeout:
             self.log.exception('Consul request to {0} timed out'.format(url))
             raise
diff --git a/conf.d/consul.yaml.example b/conf.d/consul.yaml.example
index 8079bb6bfd..8491c83183 100644
--- a/conf.d/consul.yaml.example
+++ b/conf.d/consul.yaml.example
@@ -3,8 +3,23 @@ init_config:
 
 instances:
     # Where your Consul HTTP Server Lives
+    # Remind to use https instead of http if your Consul setup is configured to do so.
     - url: http://localhost:8500
 
+      # If Consul setup uses SSL, you might need to set the following options as well.
+
+      # You can specify a local cert to use as client side certificate
+      # as a single file (containing the private key and the certificate concatenated)
+      # client_cert_file: '/path/to/client.concatenated.pem'
+
+      # Or as two separate files (for certificate and key):
+      # client_cert_file: '/path/to/client.cert.pem'
+      # private_key_file: '/path/to/private.key.pem'
+
+      # Whether to verifiy SSL certificates for HTTPS requests.
+      # Possible values: True, False or '/path/to/your/trusted_ca_bundle_file'
+      # ca_bundle_file: '/path/to/trusted_ca_bundle_file'
+
       # Whether to perform checks against the Consul service Catalog
       catalog_checks: yes