Allow specification of CA cert for HTTP status check (#418)

ffleming · truthbk · commit 0bf223a1e608 · 2018-04-16T16:06:19.000+02:00
* add ca_certs configuration * test for ca_certs line * fix scoping bug previously, the ca_certs conditional was nested in the 'tls cert check is disabled' conditional. while it doesn't make a _ton_ of sense to provide a ca cert when you aren't checking it, allowing users to do so makes migrating from an unchecked to a checked workflow easier. I don't see a downside to allowing this behavior. * whitespace to trigger build * Revert "whitespace to trigger build" This reverts commit e875f27.
diff --git a/manifests/integrations/http_check.pp b/manifests/integrations/http_check.pp
@@ -49,6 +49,9 @@
 #       check to create a metric 'network.http.response_time', tagged with
 #       the url, reporting the response time in seconds.
 #
+#   ca_certs
+#       An optional string representing the path to CA certificates.
+#
 #   disable_ssl_validation
 #       The setting disable_ssl_validation parameter to true will instruct
 #       the http client to accept self signed, expired and otherwise
@@ -168,6 +171,7 @@
   $tags      = [],
   $contact   = [],
   $instances  = undef,
+  $ca_certs  = undef,
 ) inherits datadog_agent::params {
   include datadog_agent
 
@@ -194,6 +198,7 @@
       'allow_redirects'              => $allow_redirects,
       'tags'                         => $tags,
       'contact'                      => $contact,
+      'ca_certs'                     => $ca_certs,
     }]
   } elsif !$instances{
     $_instances = []
diff --git a/spec/classes/datadog_agent_integrations_http_check_spec.rb b/spec/classes/datadog_agent_integrations_http_check_spec.rb
@@ -69,7 +69,8 @@
           check_certificate_expiration: true,
           days_warning: 14,
           days_critical: 7,
-          allow_redirects: true
+          allow_redirects: true,
+          ca_certs: '/dev/null'
         }}
 
         it { should contain_file(conf_file).with_content(%r{name: foo.bar.baz}) }
@@ -90,6 +91,7 @@
         it { should contain_file(conf_file).with_content(%r{days_warning: 14}) }
         it { should contain_file(conf_file).with_content(%r{days_critical: 7}) }
         it { should contain_file(conf_file).with_content(%r{allow_redirects: true}) }
+        it { should contain_file(conf_file).with_content(%r{ca_certs: /dev/null}) }
       end
 
       context 'with headers parameter array' do
diff --git a/templates/agent-conf.d/http_check.yaml.erb b/templates/agent-conf.d/http_check.yaml.erb
@@ -42,6 +42,9 @@ instances:
 <% unless instance['no_proxy'].nil? -%>
     no_proxy: <%= instance['no_proxy'] %>
 <% end -%>
+<% if instance['ca_certs'] -%>
+    ca_certs: <%= instance['ca_certs'] %>
+<% end -%>
 <% unless instance['check_certificate_expiration'].nil? -%>
     check_certificate_expiration: <%= instance['check_certificate_expiration'] %>
 <% if instance['check_certificate_expiration'] == true -%>
