fix: Couchbase insecure certificate validation (#9458)

plugins/inputs/couchbase/README.md

@@ -20,6 +20,14 @@ This plugin gets metrics for each Couchbase node, as well as detailed metrics fo
 
   ## Filter bucket fields to include only here.
   # bucket_stats_included = ["quota_percent_used", "ops_per_sec", "disk_fetches", "item_count", "disk_used", "data_used", "mem_used"]
+
+  ## Optional TLS Config
+  # tls_ca = "/etc/telegraf/ca.pem"
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key = "/etc/telegraf/key.pem"
+  ## Use TLS but skip chain & host verification (defaults to false)
+  ## If set to false, tls_cert and tls_key are required
+  # insecure_skip_verify = false
 ```
 
 ## Measurements:

plugins/inputs/couchbase/couchbase.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/influxdata/telegraf"
 	"github.com/influxdata/telegraf/filter"
+	"github.com/influxdata/telegraf/plugins/common/tls"
 	"github.com/influxdata/telegraf/plugins/inputs"
 )
 
@@ -20,6 +21,9 @@ type Couchbase struct {
 	BucketStatsIncluded []string `toml:"bucket_stats_included"`
 
 	bucketInclude filter.Filter
+	client        *http.Client
+
+	tls.ClientConfig
 }
 
 var sampleConfig = `
@@ -36,10 +40,17 @@ var sampleConfig = `
 
   ## Filter bucket fields to include only here.
   # bucket_stats_included = ["quota_percent_used", "ops_per_sec", "disk_fetches", "item_count", "disk_used", "data_used", "mem_used"]
+
+  ## Optional TLS Config
+  # tls_ca = "/etc/telegraf/ca.pem"
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key = "/etc/telegraf/key.pem"
+  ## Use TLS but skip chain & host verification (defaults to false)
+  ## If set to false, tls_cert and tls_key are required
+  # insecure_skip_verify = false
 `
 
 var regexpURI = regexp.MustCompile(`(\S+://)?(\S+\:\S+@)`)
-var client = &http.Client{Timeout: 10 * time.Second}
 
 func (cb *Couchbase) SampleConfig() string {
 	return sampleConfig
@@ -369,7 +380,7 @@ func (cb *Couchbase) queryDetailedBucketStats(server, bucket string, bucketStats
 		return err
 	}
 
-	r, err := client.Do(req)
+	r, err := cb.client.Do(req)
 	if err != nil {
 		return err
 	}
@@ -387,6 +398,24 @@ func (cb *Couchbase) Init() error {
 
 	cb.bucketInclude = f
 
+	tlsConfig, err := cb.TLSConfig()
+	if err != nil {
+		return err
+	}
+
+	cb.client = &http.Client{
+		Timeout: 10 * time.Second,
+		Transport: &http.Transport{
+			MaxIdleConnsPerHost: couchbaseClient.MaxIdleConnsPerHost,
+			TLSClientConfig:     tlsConfig,
+		},
+	}
+
+	couchbaseClient.SetSkipVerify(cb.ClientConfig.InsecureSkipVerify)
+	couchbaseClient.SetCertFile(cb.ClientConfig.TLSCert)
+	couchbaseClient.SetKeyFile(cb.ClientConfig.TLSKey)
+	couchbaseClient.SetRootFile(cb.ClientConfig.TLSCA)
+
 	return nil
 }
 

plugins/inputs/couchbase/couchbase_test.go

@@ -2,6 +2,7 @@ package couchbase
 
 import (
 	"encoding/json"
+	"github.com/influxdata/telegraf/plugins/common/tls"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -26,8 +27,12 @@ func TestGatherServer(t *testing.T) {
 		}
 	}))
 
-	var cb Couchbase
+	cb := Couchbase{
-	cb.BucketStatsIncluded = []string{"quota_percent_used", "ops_per_sec", "disk_fetches", "item_count", "disk_used", "data_used", "mem_used"}
+		BucketStatsIncluded: []string{"quota_percent_used", "ops_per_sec", "disk_fetches", "item_count", "disk_used", "data_used", "mem_used"},
+		ClientConfig: tls.ClientConfig{
+			InsecureSkipVerify: true,
+		},
+	}
 	err := cb.Init()
 	require.NoError(t, err)
 
@@ -105,6 +110,9 @@ func TestGatherDetailedBucketMetrics(t *testing.T) {
 			var err error
 			var cb Couchbase
 			cb.BucketStatsIncluded = []string{"couch_total_disk_size"}
+			cb.ClientConfig = tls.ClientConfig{
+				InsecureSkipVerify: true,
+			}
 			err = cb.Init()
 			require.NoError(t, err)
 			var acc testutil.Accumulator