Improve the key validation in secret identifier.#17351
Merged
mashhurs merged 7 commits intoelastic:mainfrom Apr 24, 2025
Merged
Improve the key validation in secret identifier.#17351mashhurs merged 7 commits intoelastic:mainfrom
mashhurs merged 7 commits intoelastic:mainfrom
Conversation
Contributor
|
This pull request does not have a backport label. Could you fix it @mashhurs? 🙏
|
mashhurs
added
backport-active-9
Member
This sounds like a breaking change.
|
Contributor
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
Contributor
Author
Yeah, didn't think of the case if keystore had invalid keys already included.
|
yaauie
reviewed
Apr 8, 2025
Member
There was a problem hiding this comment.
Mechanically, this works, and safely guards against adding keys that cannot be referenced in the pipelines without breaking users whose keystores include offending keys.
I've left suggestions about DRY-ing it up a bit, and improving the admitedly-difficult description of the effective key pattern requirement.
logstash-core/src/main/java/org/logstash/secret/SecretIdentifier.java
Outdated
Show resolved
Hide resolved
logstash-core/src/main/java/org/logstash/secret/SecretIdentifier.java
Outdated
Show resolved
Hide resolved
Contributor
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
1 similar comment
Contributor
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
mashhurs
force-pushed
the
secret-identifier-key-validator
branch
from
9139460 to
6ac79ce
Compare
Contributor
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
…ey names to the keystore through keystore CLI. Keysotre now warns on invalid keys if they were already added.
[doc] better explanation of accepting key format. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com>
…ription. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com>
mashhurs
force-pushed
the
secret-identifier-key-validator
branch
from
6ac79ce to
bfea29d
Compare
Contributor
Author
|
Rebased against main as we were having CI issues, fixed by #17531 |
Contributor
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
yaauie
reviewed
Apr 10, 2025
Member
yaauie
left a comment
yaauie
left a comment
There was a problem hiding this comment.
👍🏼 looking on-track.
I've left a comment about message format, and suggested more useful random key generation for tests.
logstash-core/src/main/java/org/logstash/secret/cli/SecretStoreCli.java
Outdated
Show resolved
Hide resolved
logstash-core/src/test/java/org/logstash/secret/cli/SecretStoreCliTest.java
Outdated
Show resolved
Hide resolved
logstash-core/src/main/java/org/logstash/secret/SecretIdentifier.java
Outdated
Show resolved
Hide resolved
mashhurs
commented
Apr 11, 2025
logstash-core/src/main/java/org/logstash/secret/SecretIdentifier.java
Outdated
Show resolved
Hide resolved
Warning and error messages well formatted. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com>
Contributor
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
Contributor
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
yaauie
approved these changes
Apr 23, 2025
Member
yaauie
left a comment
yaauie
left a comment
There was a problem hiding this comment.
Works as advertised.
I've left one nit-pick about making the validation step more cohesive, but you're free to decide whether to resolve it or not.
logstash-core/src/main/java/org/logstash/secret/SecretIdentifier.java
Outdated
Show resolved
Hide resolved
|
💚 Build Succeeded
History
cc @mashhurs |
Contributor
|
@Mergifyio backport 8.17 8.18 8.19 9.0 |
Contributor
✅ Backports have been createdDetails
|
mergify bot
pushed a commit
that referenced
this pull request
Apr 24, 2025
* Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md
3 tasks
mergify bot
pushed a commit
that referenced
this pull request
Apr 24, 2025
* Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md
mergify bot
pushed a commit
that referenced
this pull request
Apr 24, 2025
* Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md
This was referenced Apr 24, 2025
mergify bot
pushed a commit
that referenced
this pull request
Apr 24, 2025
* Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com> (cherry picked from commit d24675a)
3 tasks
mashhurs
added a commit
that referenced
this pull request
Apr 24, 2025
* Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com> (cherry picked from commit d24675a) Co-authored-by: Mashhur <99575341+mashhurs@users.noreply.github.com>
mashhurs
added a commit
that referenced
this pull request
Apr 24, 2025
…ier. (#17585) * Improve the key validation in secret identifier. (#17351) * Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md * Adjust the doc against 8.x --------- Co-authored-by: Mashhur <99575341+mashhurs@users.noreply.github.com> Co-authored-by: Mashhur <mashhur.sattorov@elastic.co>
mashhurs
added a commit
that referenced
this pull request
Apr 24, 2025
…ier. (#17586) * Improve the key validation in secret identifier. (#17351) * Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md * Adjust docs against 8.x --------- Co-authored-by: Mashhur <99575341+mashhurs@users.noreply.github.com> Co-authored-by: Mashhur <mashhur.sattorov@elastic.co>
mashhurs
added a commit
that referenced
this pull request
Apr 24, 2025
…ier. (#17587) * Improve the key validation in secret identifier. (#17351) * Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md * Adjust docs against 8.x --------- Co-authored-by: Mashhur <99575341+mashhurs@users.noreply.github.com> Co-authored-by: Mashhur <mashhur.sattorov@elastic.co>
colleenmcginnis
pushed a commit
to colleenmcginnis/logstash
that referenced
this pull request
Jul 28, 2025
colleenmcginnis
pushed a commit
that referenced
this pull request
Aug 14, 2025
* add applies_to badge to changes introduced in #17351 * add applies_to badge to changes introduced in #17759 * reorder list items * use 9.0.1 not 9.1.0 * Update docs/reference/keystore.md Co-authored-by: Karen Metts <35154725+karenzone@users.noreply.github.com> --------- Co-authored-by: Karen Metts <35154725+karenzone@users.noreply.github.com>
mergify bot
pushed a commit
that referenced
this pull request
Aug 14, 2025
* add applies_to badge to changes introduced in #17351 * add applies_to badge to changes introduced in #17759 * reorder list items * use 9.0.1 not 9.1.0 * Update docs/reference/keystore.md Co-authored-by: Karen Metts <35154725+karenzone@users.noreply.github.com> --------- Co-authored-by: Karen Metts <35154725+karenzone@users.noreply.github.com> (cherry picked from commit aed28eb)
colleenmcginnis
pushed a commit
that referenced
this pull request
Aug 14, 2025
* add applies_to badge to changes introduced in #17351 * add applies_to badge to changes introduced in #17759 * reorder list items * use 9.0.1 not 9.1.0 * Update docs/reference/keystore.md --------- (cherry picked from commit aed28eb) Co-authored-by: Colleen McGinnis <colleen.mcginnis@elastic.co> Co-authored-by: Karen Metts <35154725+karenzone@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release notes
${...}).What does this PR do?
Before this change, key-value can be added to keystore but it might impossible to reference the key because
ConfigVariableExpanderignores if key name doesn't align withSUBSTITUTION_PLACEHOLDER_REGEXImproves user experience with the secret store CLI that when providing key name, LS validates to accept a value which can be used in pipeline (aligns with
ConfigVariableExpander#SUBSTITUTION_PLACEHOLDER_REGEX).If already invalid key(s) were added, it warns to remove/replace the keys.
Why is it important/What is the impact to the user?
No user impact. Keystore CLI restricts adding meaningless keys to keystore.
Checklist
[] I have made corresponding changes to the documentation[] I have made corresponding change to the default configuration files (and/or docker env variables)Author's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Logs