elastic · herrBez · Apr 13, 2024 · Feb 22, 2024 · Feb 23, 2024 · Feb 23, 2024
diff --git a/metricbeat/docs/modules/aerospike.asciidoc b/metricbeat/docs/modules/aerospike.asciidoc
@@ -41,8 +41,25 @@ metricbeat.modules:
  enabled: true
  period: 10s
  hosts: ["localhost:3000"]
+
+ # Aerospike Cluster Name
+ #cluster_name: myclustername
+
+ # Optional SSL/TLS (disabled by default)
+ #ssl.enabled: true
+
+ # List of root certificates for SSL/TLS server verification
+ #ssl.certificate_authorities: ["/etc/pki/root/ca.crt"]
+
+ # Certificate for SSL/TLS client authentication
+ #ssl.certificate: "/etc/pki/client/cert.crt"
+
+ # Client certificate key file
+ #ssl.key: "/etc/pki/client/cert.key"
 ----
 
+This module supports TLS connections when using `ssl` config field, as described in <<configuration-ssl>>.
+
 [float]
 === Metricsets
 

@@ -149,6 +149,21 @@ metricbeat.modules:
  period: 10s
  hosts: ["localhost:3000"]
 
+ # Aerospike Cluster Name
+ #cluster_name: myclustername
+
+ # Optional SSL/TLS (disabled by default)
+ #ssl.enabled: true
+
+ # List of root certificates for SSL/TLS server verification
+ #ssl.certificate_authorities: ["/etc/pki/root/ca.crt"]
+
+ # Certificate for SSL/TLS client authentication
+ #ssl.certificate: "/etc/pki/client/cert.crt"
+
+ # Client certificate key file
+ #ssl.key: "/etc/pki/client/cert.key"
+
 #-------------------------------- Apache Module --------------------------------
 - module: apache
  metricsets: ["status"]

@@ -3,3 +3,18 @@
  enabled: true
  period: 10s
  hosts: ["localhost:3000"]
+
+ # Aerospike Cluster Name
+ #cluster_name: myclustername
+
+ # Optional SSL/TLS (disabled by default)
+ #ssl.enabled: true
+
+ # List of root certificates for SSL/TLS server verification
+ #ssl.certificate_authorities: ["/etc/pki/root/ca.crt"]
+
+ # Certificate for SSL/TLS client authentication
+ #ssl.certificate: "/etc/pki/client/cert.crt"
+
+ # Client certificate key file
+ #ssl.key: "/etc/pki/client/cert.key"
@@ -3,3 +3,18 @@
  # - namespace
  period: 10s
  hosts: ["localhost:3000"]
+
+ # Aerospike Cluster Name
+ #cluster_name: myclustername
+
+ # Optional SSL/TLS (disabled by default)
+ #ssl.enabled: true
+
+ # List of root certificates for SSL/TLS server verification
+ #ssl.certificate_authorities: ["/etc/pki/root/ca.crt"]
+
+ # Certificate for SSL/TLS client authentication
+ #ssl.certificate: "/etc/pki/client/cert.crt"
+
+ # Client certificate key file
+ #ssl.key: "/etc/pki/client/cert.key"
@@ -3,6 +3,7 @@
  description: >
  Aerospike module
  release: ga
+ settings: ["ssl"]
  fields:
  - name: aerospike
  type: group

@@ -22,9 +22,37 @@ import (
  "strconv"
  "strings"
 
+ "github.com/elastic/elastic-agent-libs/transport/tlscommon"
+
  as "github.com/aerospike/aerospike-client-go"
 )
 
+type Config struct {
+ ClusterName string `config:"cluster_name"`
+ TLS *tlscommon.Config `config:"ssl"`
+}
+
+// DefaultConfig return default config for the aerospike module.
+func DefaultConfig() Config {
+ return Config{}
+}
+
+func ParseClientPolicy(config Config) (*as.ClientPolicy, error) {
+ clientPolicy := as.NewClientPolicy()
+ if config.TLS.IsEnabled() {
+ tlsconfig, err := tlscommon.LoadTLSConfig(config.TLS)
+ if err != nil {
+ return nil, fmt.Errorf("could not initialize TLS configurations %w", err)
+ }
+ clientPolicy.TlsConfig = tlsconfig.ToConfig()
+ }
+
+ if config.ClusterName != "" {
+ clientPolicy.ClusterName = config.ClusterName
+ }
+ return clientPolicy, nil
+}
+
 func ParseHost(host string) (*as.Host, error) {
  pieces := strings.Split(host, ":")
  if len(pieces) != 2 {

@@ -23,6 +23,8 @@ import (
 
  "github.com/stretchr/testify/assert"
 
+ "github.com/elastic/elastic-agent-libs/transport/tlscommon"
+
  as "github.com/aerospike/aerospike-client-go"
 )
 
@@ -96,3 +98,68 @@ func TestParseInfo(t *testing.T) {
  assert.Equal(t, test.expected, result, test.Name)
  }
 }
+
+func pointer[T any](d T) *T {
+ return &d
+}
+
+func TestParseClientPolicy(t *testing.T) {
+ sampleClusterName := "TestCluster"
+
+ TLSPolicy := as.NewClientPolicy()
+ tlsconfig, _ := tlscommon.LoadTLSConfig(&tlscommon.Config{Enabled: pointer(true)})
+ TLSPolicy.TlsConfig = tlsconfig.ToConfig()
+
+ ClusterNamePolicy := as.NewClientPolicy()
+ ClusterNamePolicy.ClusterName = sampleClusterName
+
+ tests := []struct {
+ Name string
+ Config Config
+ expectedClientPolicy *as.ClientPolicy
+ expectedErr error
+ }{
+ {
+ Name: "Empty configuration leads to default policy",
+ Config: Config{},
+ expectedClientPolicy: as.NewClientPolicy(),
+ expectedErr: nil,
+ },
+ {
+ Name: "TLS Declaration",
+ Config: Config{
+ TLS: &tlscommon.Config{
+ Enabled: pointer(true),
+ },
+ },
+ expectedClientPolicy: TLSPolicy,
+ expectedErr: nil,
+ },
+ {
+ Name: "Cluster Name Setting",
+ Config: Config{
+ ClusterName: sampleClusterName,
+ },
+ expectedClientPolicy: ClusterNamePolicy,
+ expectedErr: nil,
+ },
+ }
+
+ for _, test := range tests {
+ result, err := ParseClientPolicy(test.Config)
+ if err != nil {
+ if test.expectedErr != nil {
+ assert.Equalf(t, test.expectedErr.Error(), err.Error(),
+ "Aerospike policy the error produced is not the one expected: got '%s', expected '%s'", err.Error(), test.expectedErr.Error())
+ continue
+ }
+ t.Error(err)
+ continue
+ }
+ assert.Equalf(t, test.expectedClientPolicy.ClusterName, result.ClusterName,
+ "Aerospike policy cluster name is wrong. Got '%s' expected '%s'", result.ClusterName, test.expectedClientPolicy.ClusterName)
+ if test.Config.TLS.IsEnabled() {
+ assert.NotNil(t, result.TlsConfig, "Aerospike policy: TLS is not set even though TLS is specified in the configuration")
+ }
+ }
+}
@@ -42,15 +42,16 @@ func init() {
 // multiple fetch calls.
 type MetricSet struct {
  mb.BaseMetricSet
- host *as.Host
- client *as.Client
+ host *as.Host
+ clientPolicy *as.ClientPolicy
+ client *as.Client
 }
 
 // New create a new instance of the MetricSet
 // Part of new is also setting up the configuration by processing additional
 // configuration entries if needed.
 func New(base mb.BaseMetricSet) (mb.MetricSet, error) {
- config := struct{}{}
+ config := aerospike.DefaultConfig()
  if err := base.Module().UnpackConfig(&config); err != nil {
  return nil, err
  }
@@ -60,9 +61,15 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) {
  return nil, fmt.Errorf("Invalid host format, expected hostname:port: %w", err)
  }
 
+ clientPolicy, err := aerospike.ParseClientPolicy(config)
+ if err != nil {
+ return nil, fmt.Errorf("could not initialize aerospike client policy: %w", err)
+ }
+
  return &MetricSet{
  BaseMetricSet: base,
  host: host,
+ clientPolicy: clientPolicy,
  }, nil
 }
 
@@ -105,7 +112,7 @@ func (m *MetricSet) Fetch(reporter mb.ReporterV2) error {
 // create an aerospike client if it doesn't exist yet
 func (m *MetricSet) connect() error {
  if m.client == nil {
- client, err := as.NewClientWithPolicyAndHost(as.NewClientPolicy(), m.host)
+ client, err := as.NewClientWithPolicyAndHost(m.clientPolicy, m.host)
  if err != nil {
  return err
  }

@@ -6,3 +6,18 @@
  # - namespace
  period: 10s
  hosts: ["localhost:3000"]
+
+ # Aerospike Cluster Name
+ #cluster_name: myclustername
+
+ # Optional SSL/TLS (disabled by default)
+ #ssl.enabled: true
+
+ # List of root certificates for SSL/TLS server verification
+ #ssl.certificate_authorities: ["/etc/pki/root/ca.crt"]
+
+ # Certificate for SSL/TLS client authentication
+ #ssl.certificate: "/etc/pki/client/cert.crt"
+
+ # Client certificate key file
+ #ssl.key: "/etc/pki/client/cert.key"
@@ -158,6 +158,21 @@ metricbeat.modules:
  period: 10s
  hosts: ["localhost:3000"]
 
+ # Aerospike Cluster Name
+ #cluster_name: myclustername
+
+ # Optional SSL/TLS. By default is off.
+ #ssl.enabled: true
+
+ # List of root certificates for SSL/TLS server verification
+ #ssl.certificate_authorities: ["/etc/pki/root/ca.crt"]
+
+ # Certificate for SSL/TLS client authentication
+ #ssl.certificate: "/etc/pki/client/cert.crt"
+
+ # Client certificate key file
+ #ssl.key: "/etc/pki/client/cert.key"
+
 #------------------------------- Airflow Module -------------------------------
 - module: airflow
  host: "localhost"