From 28073ab0342617bfee15605b99f3d177bed39797 Mon Sep 17 00:00:00 2001
From: Luke Winikates <521457+LukeWinikates@users.noreply.github.com>
Date: Mon, 5 Jun 2023 09:34:31 -0400
Subject: [PATCH] feat(outputs.wavefront): Add TLS and HTTP Timeout
 configuration fields (#13349)

---
 plugins/outputs/wavefront/README.md         | 18 ++++++++++++++++++
 plugins/outputs/wavefront/sample.conf       | 18 ++++++++++++++++++
 plugins/outputs/wavefront/wavefront.go      | 13 ++++++++++++-
 plugins/outputs/wavefront/wavefront_test.go |  2 ++
 4 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/plugins/outputs/wavefront/README.md b/plugins/outputs/wavefront/README.md
index 1975c9653..22d454af1 100644
--- a/plugins/outputs/wavefront/README.md
+++ b/plugins/outputs/wavefront/README.md
@@ -75,6 +75,24 @@ to use them.
   ## of metrics will block for a longer time, but this will be handled gracefully by the internal buffering in
   ## Telegraf.
   #immediate_flush = true
+
+  ## Optional TLS Config
+  ## Set to true/false to enforce TLS being enabled/disabled. If not set,
+  ## enable TLS only if any of the other options are specified.
+  # tls_enable =
+  ## Trusted root certificates for server
+  # tls_ca = "/path/to/cafile"
+  ## Used for TLS client certificate authentication
+  # tls_cert = "/path/to/certfile"
+  ## Used for TLS client certificate authentication
+  # tls_key = "/path/to/keyfile"
+  ## Send the specified TLS server name via SNI
+  # tls_server_name = "kubernetes.example.com"
+  ## Use TLS but skip chain & host verification
+  # insecure_skip_verify = false
+
+  ## HTTP Timeout
+  #timeout="10s"
 ```
 
 ### Convert Path & Metric Separator
diff --git a/plugins/outputs/wavefront/sample.conf b/plugins/outputs/wavefront/sample.conf
index 14088ea0a..e396592e0 100644
--- a/plugins/outputs/wavefront/sample.conf
+++ b/plugins/outputs/wavefront/sample.conf
@@ -50,3 +50,21 @@
   ## of metrics will block for a longer time, but this will be handled gracefully by the internal buffering in
   ## Telegraf.
   #immediate_flush = true
+
+  ## Optional TLS Config
+  ## Set to true/false to enforce TLS being enabled/disabled. If not set,
+  ## enable TLS only if any of the other options are specified.
+  # tls_enable =
+  ## Trusted root certificates for server
+  # tls_ca = "/path/to/cafile"
+  ## Used for TLS client certificate authentication
+  # tls_cert = "/path/to/certfile"
+  ## Used for TLS client certificate authentication
+  # tls_key = "/path/to/keyfile"
+  ## Send the specified TLS server name via SNI
+  # tls_server_name = "kubernetes.example.com"
+  ## Use TLS but skip chain & host verification
+  # insecure_skip_verify = false
+
+  ## HTTP Timeout
+  #timeout="10s"
\ No newline at end of file
diff --git a/plugins/outputs/wavefront/wavefront.go b/plugins/outputs/wavefront/wavefront.go
index aa071fbe6..05c38253d 100644
--- a/plugins/outputs/wavefront/wavefront.go
+++ b/plugins/outputs/wavefront/wavefront.go
@@ -7,11 +7,13 @@ import (
 	"net/url"
 	"regexp"
 	"strings"
+	"time"
 
 	wavefront "github.com/wavefronthq/wavefront-sdk-go/senders"
 
 	"github.com/influxdata/telegraf"
 	"github.com/influxdata/telegraf/config"
+	"github.com/influxdata/telegraf/plugins/common/tls"
 	"github.com/influxdata/telegraf/plugins/outputs"
 	serializer "github.com/influxdata/telegraf/plugins/serializers/wavefront"
 )
@@ -32,13 +34,14 @@ type Wavefront struct {
 	ConvertPaths         bool                            `toml:"convert_paths"`
 	ConvertBool          bool                            `toml:"convert_bool"`
 	HTTPMaximumBatchSize int                             `toml:"http_maximum_batch_size"`
+	Timeout              config.Duration                 `toml:"timeout"`
 	UseRegex             bool                            `toml:"use_regex"`
 	UseStrict            bool                            `toml:"use_strict"`
 	TruncateTags         bool                            `toml:"truncate_tags"`
 	ImmediateFlush       bool                            `toml:"immediate_flush"`
 	SourceOverride       []string                        `toml:"source_override"`
 	StringToNumber       map[string][]map[string]float64 `toml:"string_to_number" deprecated:"1.9.0;use the enum processor instead"`
-
+	tls.ClientConfig
 	sender wavefront.Sender
 	Log    telegraf.Logger `toml:"-"`
 }
@@ -97,9 +100,16 @@ func (w *Wavefront) Connect() error {
 		connectionURL = senderURLFromHostAndPort(w.Host, w.Port)
 	}
 
+	tlsConfig, err := w.TLSConfig()
+	if err != nil {
+		return err
+	}
+
 	sender, err := wavefront.NewSender(connectionURL,
 		wavefront.BatchSize(w.HTTPMaximumBatchSize),
 		wavefront.FlushIntervalSeconds(flushSeconds),
+		wavefront.TLSConfigOptions(tlsConfig),
+		wavefront.Timeout(time.Duration(w.Timeout)),
 	)
 
 	if err != nil {
@@ -306,6 +316,7 @@ func init() {
 			TruncateTags:         false,
 			ImmediateFlush:       true,
 			HTTPMaximumBatchSize: 10000,
+			Timeout:              config.Duration(10 * time.Second),
 		}
 	})
 }
diff --git a/plugins/outputs/wavefront/wavefront_test.go b/plugins/outputs/wavefront/wavefront_test.go
index 115d10782..54dd1d253 100644
--- a/plugins/outputs/wavefront/wavefront_test.go
+++ b/plugins/outputs/wavefront/wavefront_test.go
@@ -383,6 +383,8 @@ func TestSenderURLFromURLAndToken(t *testing.T) {
 func TestDefaults(t *testing.T) {
 	defaultWavefront := outputs.Outputs["wavefront"]().(*Wavefront)
 	require.Equal(t, 10000, defaultWavefront.HTTPMaximumBatchSize)
+	require.Equal(t, config.Duration(10*time.Second), defaultWavefront.Timeout)
+	require.Equal(t, "", defaultWavefront.TLSCA)
 }
 
 // Benchmarks to test performance of string replacement via Regex and Sanitize