Support ElasticSearch client certificate authentication #21
Conversation
|
👍 looks good. don't see much momentum on this project anymore which is unfortunate |
|
Hey. We've taken over the project and I would like to ask you to take a look at this PR once again. |
|
Great news! I am still fine with it! Please get in touch if you need further support! ;-) |
|
@jrummler Could you please rebase your PR? The changes itself look good, I'd like to merge them. |
elasticsearch_exporter.go
Outdated
| @@ -429,3 +435,47 @@ func main() { | |||
| }) | |||
| log.Fatal(http.ListenAndServe(*listenAddress, nil)) | |||
| } | |||
|
|
|||
| func createElasticSearchTlsConfig(pemFile, pemCertFile, pemPrivateKeyFile string) (*tls.Config) { | |||
| if (len(pemFile) > 0) { | |||
There was a problem hiding this comment.
This one can be inverted to if (len(pemFile) <= ) { return nil } so that we can get rid of the extra else at the bottom of this func. I think that applies for a few other conditions in this func too. It might be nitpicking, but definitely something I'd do different.
|
Guys, I have merged the changes. Since I do not use this tool anymore, I had no possibility to test the functionality. |
If ElasticSearch is protected by Shield/SearchGuard the exporter must do the client certificate authentication. This enables configuring this via PEM files containing the certificates / client cert / client private key.
Example call would be: