Add TLS support for metric beat http server

[leopucci]

No description provided.

[elasticmachine]

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

[leopucci]

This patch solves #11457

[leopucci]

How to use:
add ssl config on http.yml

- module: http
  metricsets:
    - server
  host: "localhost"
  port: "8080"
  enabled: true
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
  ssl.certificate: "/etc/pki/client/cert.pem"
  ssl.key: "/etc/pki/client/cert.key"
  paths:
    - path: "/foo"
      namespace: "foo"
  #    fields: # added to the the response in root. overwrites existing fields
  #      key: "value"

[leopucci]

@andrewkroh can you help me understand what this means so I could solve it?

./helper/server/http/config.go
./helper/server/http/http.go
Code differs from goimports' style ^

[leopucci]

https://discuss.elastic.co/t/code-differs-from-goimports-style/84671

[ruflin]

@leopucci Run make fmt and it should solve your issue.

Any chance to get some tests added to this PR? It also needs a changelog entry.

[leopucci]

@ruflin the CI build is failing... i don't know how to make fmt on the CI build.
I will add some tests and add the changelog :)

[ruflin]

The CI build is failing because some linting rules are not passing. You need to run make fmt inside the Beats directory and then commit again.

[leopucci]

Thanks!

[andrewkroh]

Thanks for working on this. Can you also add an entry to the CHANGELOG.next.asciidoc file under the "Added" section for Metricbeat.

[leopucci]

Thanks @andrewkroh for reviewing. Will change right away

[leopucci]

@andrewkroh Thanks for the revisions :)

[ruflin]

Thanks for all the work @leopucci I think this will also need an update in the docs about the new options: https://github.com/elastic/beats/blob/master/metricbeat/module/http/server/_meta/docs.asciidoc To make CI happy, you must run make fmt update again.

[leopucci]

@ruflin @andrewkroh Thanks for helping me to understand the whole process

[odacremolbap]

Hey @leopucci

awesome code here!
just a couple minor glitches at tests

Thanks a lot for the PR

[leopucci]

Hola @odacremolbap !
I have changed the tests to TDT....
GO is a powerful language. I'm excited with it.
Thanks for taking some time to review my code :)

[odacremolbap]

@leopucci Thanks a lot for going down this rabbit hole!

I think we are getting to a nice pattern here, let's improve it a bit more. Let me re-review.

[leopucci]

:) I have made some more changes trying to understand why Travis ci is failing.. Locally the tests happen OK!

[odacremolbap]

Looking very good, thanks for the effort, it is being worth it :-)

Check for requested changes and bring your own opinion on them

[leopucci]

@odacremolbap Thanks for your help! I've tested and committed the new code!

[odacremolbap]

The reason tests are not succeeding is https://github.com/elastic/beats/blob/master/metricbeat/tests/system/test_http.py#L58

I'll have time in some hours to take a deeper look, but you can probably go ahead and modify that string to match the prefix for the HTTP and HTTPS server start log line

[leopucci]

I will!

[leopucci]

Done :)

[andrewkroh]

Suggested change

	if h.server.TLSConfig != nil && h.server.TLSConfig.Certificates != nil {
	if h.server.TLSConfig != nil {

[leopucci]

This can't be done. I've tested and for some reason, HTTP server creates a TLSConfig after calling ListenAndServe(), so the HTTP server will print the wrong message if we remove that, and HTTP tests will fail.

[andrewkroh]

Oh, OK. Then I'm glad you tested it!

[leopucci]

\o/!

[odacremolbap]

@leopucci thanks again for this contribution, this is looking superb 🍕
please, squash & merge

[odacremolbap]

... and rebase ... 😉

[odacremolbap]

@leopucci
I would say you can merge master at your branch, and keep your changes to solve the conflict.
https://github.com/elastic/beats/pull/11482/conflicts

Looks like it is only the coredns line conflicting there, so be sure to include that one at your branch and you should be good to go.

Ping me if I can help

[leopucci]

@odacremolbap Strange... my file already includes coredns line. Don't know if it is the `` around it. The only mod on this file is the new SSL support

[odacremolbap]

weird
maybe you can try to solve the conflict using GH UI, the Resolve conflicts button.

[leopucci]

@odacremolbap Only those with write access to this repository can merge pull requests.
I think i will not be able to resolve the conflict. On the UI the buttons are not enabled

[kaiyan-sheng]

Is it HTTP here?

[leopucci]

Hi Kaiyan, it is HTTPS.

[leopucci]

Hummmm... there is this logp.Critical that is not adjusted.. thanks i will change it now

[leopucci]

@andrewkroh @odacremolbap today was git branches learning day... recreated all pull requests...
#11611
Sorry for the mess!

[odacremolbap]

you are super welcomed, @leopucci
glad to see you try this hard

[leopucci]

=)