Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugins/common/tls/config.go: Filter client certs by dns names #9910

Merged
merged 1 commit into from
Oct 25, 2021
Merged

plugins/common/tls/config.go: Filter client certs by dns names #9910

merged 1 commit into from
Oct 25, 2021

Conversation

isodude
Copy link
Contributor

@isodude isodude commented Oct 12, 2021
edited
Loading

Makes it possible to filter client certificates by their dns names.

Signed-off-by: Josef Johansson [email protected]

Required for all PRs:

resolves #9272

plugins/common/tls/config.go: Filter client certs by dns names

@isodude isodude force-pushed the tls branch 4 times, most recently from fdcee77 to 8ddd15c Compare October 12, 2021 08:42
srebhan
srebhan requested changes Oct 13, 2021
View reviewed changes
Copy link
Member

@srebhan srebhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @isodude for this interesting PR! I have some comments in the code. Nothing too big.

plugins/common/tls/config.go Outdated Show resolved Hide resolved
plugins/common/tls/config.go Show resolved Hide resolved
plugins/common/tls/config.go Outdated Show resolved Hide resolved
plugins/common/tls/config.go Outdated Show resolved Hide resolved
@srebhan srebhan self-assigned this Oct 13, 2021
@srebhan srebhan added feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin security raise security concerns or improve the security of Telegraf labels Oct 13, 2021
@isodude isodude requested a review from srebhan October 15, 2021 10:23
srebhan
srebhan reviewed Oct 15, 2021
View reviewed changes
Copy link
Member

@srebhan srebhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@isodude that looks good. I only have one more minor improvement to the code. Please take a look...

plugins/common/tls/config.go Outdated Show resolved Hide resolved
@isodude isodude force-pushed the tls branch 6 times, most recently from 9966e05 to b569f22 Compare October 16, 2021 08:57
@telegraf-tiger
Copy link
Contributor

📦 Looks like new artifacts were built from this PR.

Expand this list to get them here! 🐯

Artifact URLs

DEB RPM TAR GZ ZIP
amd64.deb aarch64.rpm darwin_amd64.tar.gz windows_amd64.zip
arm64.deb armel.rpm freebsd_amd64.tar.gz windows_i386.zip
armel.deb armv6hl.rpm freebsd_armv7.tar.gz
armhf.deb i386.rpm freebsd_i386.tar.gz
i386.deb ppc64le.rpm linux_amd64.tar.gz
mips.deb s390x.rpm linux_arm64.tar.gz
mipsel.deb x86_64.rpm linux_armel.tar.gz
ppc64el.deb linux_armhf.tar.gz
s390x.deb linux_i386.tar.gz
linux_mips.tar.gz
linux_mipsel.tar.gz
linux_ppc64le.tar.gz
linux_s390x.tar.gz
static_linux_amd64.tar.gz

srebhan
srebhan approved these changes Oct 18, 2021
View reviewed changes
Copy link
Member

@srebhan srebhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Thanks for this nice contribution @isodude!

@srebhan srebhan added the ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. label Oct 18, 2021
@isodude
Copy link
Contributor Author

isodude commented Oct 18, 2021

Thanks, you're welcome!

@MyaLongmire MyaLongmire merged commit 76251d3 into influxdata:master Oct 25, 2021
phemmer added a commit to phemmer/telegraf that referenced this pull request Oct 26, 2021
@phemmer
Merge remote-tracking branch 'origin/master' into postgres
674c971 
* origin/master: (176 commits)
  fix: Linter fixes for plugins/inputs/[h-j]* (influxdata#9986)
  fix(inputs/kube_inventory): don't skip resources with zero s/ns timestamps (influxdata#9978)
  fix: update gjson to v1.10.2 (influxdata#9998)
  fix: procstat tags were not getting generated correctly (influxdata#9973)
  chore: create bug report form (influxdata#9976)
  fix: Allow for non x86 macs in Go install script (influxdata#9982)
  test: add sqlserver plugin integration tests (influxdata#9943)
  feat: plugins/common/tls/config.go: Filter client certificates by DNS names (influxdata#9910)
  feat: add option to skip table creation in azure data explorer output (influxdata#9942)
  docs: update nightlies links (influxdata#9989)
  fix: add s390x to nightlies (influxdata#9990)
  feat: Add more details to processors.ifname logmessages (influxdata#9984)
  docs: Create SECURITY.md (influxdata#9951)
  fix: set NIGHTLY=1 for correctly named nightly artifacts (influxdata#9987)
  feat: Kafka Add metadata full to config (influxdata#9833)
  chore: Update to AWS SDK v2 (influxdata#9647)
  chore: lint ignore fmt.Printf unhandled error (influxdata#9967)
  fix: starlark pop operation for non-existing keys (influxdata#9954)
  feat: update etc/telegraf.conf and etc/telegraf_windows.conf (influxdata#9876)
  fix: Check return code of zfs command for FreeBSD. (influxdata#9956)
  chore: update go to 1.17.2 (influxdata#9873)
  fix: Graylog plugin TLS support and message format (influxdata#9862)
  docs: update README with info on package repos (influxdata#9964)
  feat: Modbus connection settings (serial) (influxdata#9256)
  fix: segfault in ingress, persistentvolumeclaim, statefulset in kube_inventory (influxdata#9585)
  fix: add normalization of tags for ethtool input plugin (influxdata#9901)
  chore: remove empty build.py (influxdata#9958)
  fix: internet_speed input plugin not collecting/reporting latency (influxdata#9957)
  chore: reference db2 external plugin (influxdata#9952)
  chore: update readme go version from 1.14 to 1.17 (influxdata#9944)
  fix: decode Prometheus scrape path from Kuberentes labels (influxdata#9662)
  docs: fix broken link (influxdata#9812)
  fix: Correct conversion of int with specific bit size (influxdata#9933)
  fix: update golanci-lint to v1.42.1 (influxdata#9932)
  feat: Azure Event Hubs output plugin (influxdata#9346)
  feat: more fields for papertrail event webhook (influxdata#9940)
  fix: solve compatibility issue for mongodb inputs when using 5.x relicaset (influxdata#9892)
  docs: Add symlink to command documentation (influxdata#9926)
  docs: update contributing.md (influxdata#9914)
  chore: reference oracle external plugin (influxdata#9934)
  ...
phemmer added a commit to phemmer/telegraf that referenced this pull request Oct 26, 2021
@phemmer
Merge remote-tracking branch 'origin/master' into postgres
4552a53 
* origin/master: (176 commits)
  fix: Linter fixes for plugins/inputs/[h-j]* (influxdata#9986)
  fix(inputs/kube_inventory): don't skip resources with zero s/ns timestamps (influxdata#9978)
  fix: update gjson to v1.10.2 (influxdata#9998)
  fix: procstat tags were not getting generated correctly (influxdata#9973)
  chore: create bug report form (influxdata#9976)
  fix: Allow for non x86 macs in Go install script (influxdata#9982)
  test: add sqlserver plugin integration tests (influxdata#9943)
  feat: plugins/common/tls/config.go: Filter client certificates by DNS names (influxdata#9910)
  feat: add option to skip table creation in azure data explorer output (influxdata#9942)
  docs: update nightlies links (influxdata#9989)
  fix: add s390x to nightlies (influxdata#9990)
  feat: Add more details to processors.ifname logmessages (influxdata#9984)
  docs: Create SECURITY.md (influxdata#9951)
  fix: set NIGHTLY=1 for correctly named nightly artifacts (influxdata#9987)
  feat: Kafka Add metadata full to config (influxdata#9833)
  chore: Update to AWS SDK v2 (influxdata#9647)
  chore: lint ignore fmt.Printf unhandled error (influxdata#9967)
  fix: starlark pop operation for non-existing keys (influxdata#9954)
  feat: update etc/telegraf.conf and etc/telegraf_windows.conf (influxdata#9876)
  fix: Check return code of zfs command for FreeBSD. (influxdata#9956)
  chore: update go to 1.17.2 (influxdata#9873)
  fix: Graylog plugin TLS support and message format (influxdata#9862)
  docs: update README with info on package repos (influxdata#9964)
  feat: Modbus connection settings (serial) (influxdata#9256)
  fix: segfault in ingress, persistentvolumeclaim, statefulset in kube_inventory (influxdata#9585)
  fix: add normalization of tags for ethtool input plugin (influxdata#9901)
  chore: remove empty build.py (influxdata#9958)
  fix: internet_speed input plugin not collecting/reporting latency (influxdata#9957)
  chore: reference db2 external plugin (influxdata#9952)
  chore: update readme go version from 1.14 to 1.17 (influxdata#9944)
  fix: decode Prometheus scrape path from Kuberentes labels (influxdata#9662)
  docs: fix broken link (influxdata#9812)
  fix: Correct conversion of int with specific bit size (influxdata#9933)
  fix: update golanci-lint to v1.42.1 (influxdata#9932)
  feat: Azure Event Hubs output plugin (influxdata#9346)
  feat: more fields for papertrail event webhook (influxdata#9940)
  fix: solve compatibility issue for mongodb inputs when using 5.x relicaset (influxdata#9892)
  docs: Add symlink to command documentation (influxdata#9926)
  docs: update contributing.md (influxdata#9914)
  chore: reference oracle external plugin (influxdata#9934)
  ...
VladislavSenkevich pushed a commit to gwos/telegraf that referenced this pull request Nov 23, 2021
@isodude
feat: plugins/common/tls/config.go: Filter client certificates by DNS…
e8ee0a6 
… names (influxdata#9910)
phemmer added a commit to phemmer/telegraf that referenced this pull request Nov 30, 2021
@phemmer
Merge remote-tracking branch 'origin/master' into postgres
7f8a962 
* origin/master: (176 commits)
  fix: Linter fixes for plugins/inputs/[h-j]* (influxdata#9986)
  fix(inputs/kube_inventory): don't skip resources with zero s/ns timestamps (influxdata#9978)
  fix: update gjson to v1.10.2 (influxdata#9998)
  fix: procstat tags were not getting generated correctly (influxdata#9973)
  chore: create bug report form (influxdata#9976)
  fix: Allow for non x86 macs in Go install script (influxdata#9982)
  test: add sqlserver plugin integration tests (influxdata#9943)
  feat: plugins/common/tls/config.go: Filter client certificates by DNS names (influxdata#9910)
  feat: add option to skip table creation in azure data explorer output (influxdata#9942)
  docs: update nightlies links (influxdata#9989)
  fix: add s390x to nightlies (influxdata#9990)
  feat: Add more details to processors.ifname logmessages (influxdata#9984)
  docs: Create SECURITY.md (influxdata#9951)
  fix: set NIGHTLY=1 for correctly named nightly artifacts (influxdata#9987)
  feat: Kafka Add metadata full to config (influxdata#9833)
  chore: Update to AWS SDK v2 (influxdata#9647)
  chore: lint ignore fmt.Printf unhandled error (influxdata#9967)
  fix: starlark pop operation for non-existing keys (influxdata#9954)
  feat: update etc/telegraf.conf and etc/telegraf_windows.conf (influxdata#9876)
  fix: Check return code of zfs command for FreeBSD. (influxdata#9956)
  chore: update go to 1.17.2 (influxdata#9873)
  fix: Graylog plugin TLS support and message format (influxdata#9862)
  docs: update README with info on package repos (influxdata#9964)
  feat: Modbus connection settings (serial) (influxdata#9256)
  fix: segfault in ingress, persistentvolumeclaim, statefulset in kube_inventory (influxdata#9585)
  fix: add normalization of tags for ethtool input plugin (influxdata#9901)
  chore: remove empty build.py (influxdata#9958)
  fix: internet_speed input plugin not collecting/reporting latency (influxdata#9957)
  chore: reference db2 external plugin (influxdata#9952)
  chore: update readme go version from 1.14 to 1.17 (influxdata#9944)
  fix: decode Prometheus scrape path from Kuberentes labels (influxdata#9662)
  docs: fix broken link (influxdata#9812)
  fix: Correct conversion of int with specific bit size (influxdata#9933)
  fix: update golanci-lint to v1.42.1 (influxdata#9932)
  feat: Azure Event Hubs output plugin (influxdata#9346)
  feat: more fields for papertrail event webhook (influxdata#9940)
  fix: solve compatibility issue for mongodb inputs when using 5.x relicaset (influxdata#9892)
  docs: Add symlink to command documentation (influxdata#9926)
  docs: update contributing.md (influxdata#9914)
  chore: reference oracle external plugin (influxdata#9934)
  ...
@isodude isodude deleted the tls branch December 8, 2021 12:13
phemmer added a commit to phemmer/telegraf that referenced this pull request Jan 3, 2022
@phemmer
Merge remote-tracking branch 'origin/master' into postgres
02ee794 
* origin/master: (176 commits)
  fix: Linter fixes for plugins/inputs/[h-j]* (influxdata#9986)
  fix(inputs/kube_inventory): don't skip resources with zero s/ns timestamps (influxdata#9978)
  fix: update gjson to v1.10.2 (influxdata#9998)
  fix: procstat tags were not getting generated correctly (influxdata#9973)
  chore: create bug report form (influxdata#9976)
  fix: Allow for non x86 macs in Go install script (influxdata#9982)
  test: add sqlserver plugin integration tests (influxdata#9943)
  feat: plugins/common/tls/config.go: Filter client certificates by DNS names (influxdata#9910)
  feat: add option to skip table creation in azure data explorer output (influxdata#9942)
  docs: update nightlies links (influxdata#9989)
  fix: add s390x to nightlies (influxdata#9990)
  feat: Add more details to processors.ifname logmessages (influxdata#9984)
  docs: Create SECURITY.md (influxdata#9951)
  fix: set NIGHTLY=1 for correctly named nightly artifacts (influxdata#9987)
  feat: Kafka Add metadata full to config (influxdata#9833)
  chore: Update to AWS SDK v2 (influxdata#9647)
  chore: lint ignore fmt.Printf unhandled error (influxdata#9967)
  fix: starlark pop operation for non-existing keys (influxdata#9954)
  feat: update etc/telegraf.conf and etc/telegraf_windows.conf (influxdata#9876)
  fix: Check return code of zfs command for FreeBSD. (influxdata#9956)
  chore: update go to 1.17.2 (influxdata#9873)
  fix: Graylog plugin TLS support and message format (influxdata#9862)
  docs: update README with info on package repos (influxdata#9964)
  feat: Modbus connection settings (serial) (influxdata#9256)
  fix: segfault in ingress, persistentvolumeclaim, statefulset in kube_inventory (influxdata#9585)
  fix: add normalization of tags for ethtool input plugin (influxdata#9901)
  chore: remove empty build.py (influxdata#9958)
  fix: internet_speed input plugin not collecting/reporting latency (influxdata#9957)
  chore: reference db2 external plugin (influxdata#9952)
  chore: update readme go version from 1.14 to 1.17 (influxdata#9944)
  fix: decode Prometheus scrape path from Kuberentes labels (influxdata#9662)
  docs: fix broken link (influxdata#9812)
  fix: Correct conversion of int with specific bit size (influxdata#9933)
  fix: update golanci-lint to v1.42.1 (influxdata#9932)
  feat: Azure Event Hubs output plugin (influxdata#9346)
  feat: more fields for papertrail event webhook (influxdata#9940)
  fix: solve compatibility issue for mongodb inputs when using 5.x relicaset (influxdata#9892)
  docs: Add symlink to command documentation (influxdata#9926)
  docs: update contributing.md (influxdata#9914)
  chore: reference oracle external plugin (influxdata#9934)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srebhan srebhan srebhan approved these changes

@MyaLongmire MyaLongmire MyaLongmire approved these changes

@Hipska Hipska Hipska approved these changes

Assignees

@srebhan srebhan

Labels
feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. security raise security concerns or improve the security of Telegraf
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for TLS DNS name allowed lists
4 participants
@isodude @Hipska @MyaLongmire @srebhan