Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ssl_enabled option #44

Merged
merged 1 commit into from
Jun 17, 2024
Merged

Add ssl_enabled option #44

merged 1 commit into from
Jun 17, 2024

Conversation

edmocosta
Copy link
Contributor

@edmocosta edmocosta commented Jun 5, 2024
edited
Loading

Added a new ssl_enabled setting for enabling/disabling the other SSL configurations, so plugins using this mixing will be compliant with the Logstash SSL standards.

Closes: #45

@edmocosta edmocosta changed the title [WIP] Add ssl_enabled option Add ssl_enabled option Jun 5, 2024
@edmocosta edmocosta marked this pull request as ready for review June 5, 2024 15:38
@edmocosta edmocosta requested review from jsvd and removed request for jsvd June 5, 2024 15:38
kaisecheng
kaisecheng reviewed Jun 12, 2024
View reviewed changes
lib/logstash/plugin_mixins/http_client.rb
@@ -75,6 +75,9 @@ def self.included(base)
# See https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html#setValidateAfterInactivity(int)[these docs for more info]
base.config :validate_after_inactivity, :validate => :number, :default => 200

# Enable/disable the SSL configurations
base.config :ssl_enabled, :validate => :boolean, :default => true
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

es-output and es-input have ssl_enabled with no default value. It bases on the host prefix, https or http, to enable ssl feature, which is kind of setting to auto.

Would default to true changes the behaviour of existing plugins?
Could the mixin default to auto and preserve the current smart ssl feature?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @kaisecheng! This mixin already assumes ssl_enabled => true, adding all the configured ssl_* settings to the manticore's client, without giving users an option to disable them (other than comment out the SSL configuration). That said, it shouldn't change any existing behaviour.

Currently, this mixin is being used by the HTTP filter, output and poller plugins, and won't affect ES and other plugins that does not use it under the hood.

The ideal behaviour of the ssl_enabled flag is under discussing, there are different behaviours for this option depending on the plugin, and that will be standardised on the second phase of the SSL Standardisation project. Adding this option only makes it compliant with the defined common settings.

Could the mixin default to auto and preserve the current smart ssl feature?

For the existing plugin using this mixin, no. The client itself does not know how the plugin will use it, it doesn't know the URLs it will request, for example. it only adds the configs and builds the client, hading it over to the plugins to execute the requests and add any other smart features.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry, I mixed the http plugin with es plugin 🤦 The settings make perfect sense

@edmocosta edmocosta requested a review from jsvd June 17, 2024 08:27
jsvd
jsvd approved these changes Jun 17, 2024
View reviewed changes
Copy link
Member

@jsvd jsvd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@edmocosta edmocosta merged commit 44a9de6 into logstash-plugins:main Jun 17, 2024
2 checks passed
@edmocosta edmocosta deleted the add-ssl-enabled-option branch June 17, 2024 12:18
This was referenced Jun 17, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaisecheng kaisecheng kaisecheng left review comments

@jsvd jsvd jsvd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add ssl_enabled option
3 participants
@edmocosta @jsvd @kaisecheng