Mark previously deprecated SSL settings as obsolete#183
Merged
robbavey merged 3 commits intologstash-plugins:mainfrom Jan 10, 2025
Merged
Mark previously deprecated SSL settings as obsolete#183robbavey merged 3 commits intologstash-plugins:mainfrom
robbavey merged 3 commits intologstash-plugins:mainfrom
Conversation
- SSL settings that were marked deprecated in version `3.15.0` are now marked obsolete, and will prevent the plugin from starting. - These settings are: - `ca_file`, which should be replaced by `ssl_certificate_authorities` - `keystore`, which should be replaced by `ssl_keystore_path` - `keystore_password`, which should be replaced by `ssl_keystore_password` - `keystore_type`, which should be replaced by `ssl_keystore_password` - `ssl`, which should be replaced by `ssl_enabled`
robbavey
force-pushed
the
obsolete_ssl
branch
from
ced1b0b to
e39d7ba
Compare
donoghuc
reviewed
Dec 16, 2024
7 tasks
donoghuc
reviewed
Dec 16, 2024
donoghuc
reviewed
Dec 16, 2024
donoghuc
requested changes
Dec 16, 2024
Contributor
donoghuc
left a comment
donoghuc
left a comment
There was a problem hiding this comment.
The setup of ssl parameters seems a bit complex now:
def setup_ssl_params!
# Infer the value if neither the deprecate `ssl` and `ssl_enabled` were set
infer_ssl_enabled_from_hosts
end
def infer_ssl_enabled_from_hosts
return if original_params.include?('ssl_enabled')
@ssl_enabled = params['ssl_enabled'] = effectively_ssl?
end
def effectively_ssl?
return true if @ssl_enabled
hosts = Array(@hosts)
return false if hosts.nil? || hosts.empty?
hosts.all? { |host| host && host.to_s.start_with?("https") }
endI think that boils down to just:
def setup_ssl!
return if original_params.include?('ssl_enabled')
@ssl_enabled = if @ssl_enabled
true
else
Array(@hosts).all? { |host| host && host.to_s.start_with?("https") }
end
params['ssl_enabled'] = @ssl_enabled
endThough i'm not entirely sure what mutating params does in this. In general the params scope is kind of a mystery to me 😅
robbavey
force-pushed
the
obsolete_ssl
branch
from
8fe5229 to
0a28120
Compare
robbavey
force-pushed
the
obsolete_ssl
branch
from
0a28120 to
be18f6f
Compare
Member
Author
|
This was about as simple as I could get to: |
Member
Author
|
Over to @karenzone for doc review |
karenzone
reviewed
Dec 23, 2024
Contributor
karenzone
left a comment
karenzone
left a comment
There was a problem hiding this comment.
Line 113: Update links:
- <<plugins-{type}s-{plugin}-ssl_keystore_path>> and/or <<plugins-{type}s-{plugin}-ssl_keystore_password>>
15 tasks
Member
Author
|
Ready for another round @karenzone |
flexitrev
pushed a commit
that referenced
this pull request
Jan 16, 2025
* Mark previously deprecated SSL settings as obsolete - SSL settings that were marked deprecated in version `3.15.0` are now marked obsolete, and will prevent the plugin from starting. - These settings are: - `ca_file`, which should be replaced by `ssl_certificate_authorities` - `keystore`, which should be replaced by `ssl_keystore_path` - `keystore_password`, which should be replaced by `ssl_keystore_password` - `keystore_type`, which should be replaced by `ssl_keystore_password` - `ssl`, which should be replaced by `ssl_enabled`
alexcams
pushed a commit
to alexcams/logstash-filter-elasticsearch
that referenced
this pull request
Jan 22, 2026
* test setup: ensure presence of /etc/protocols * test setup: actually run secure_integration tests When SECURE_INTEGRATION is speicified, the (non-secure) `:integration` specs are excluded, so we cannot have the `:secure_integration` specs wrapped in a context flagged as `:integration`. * test setup: regnerate test certs (and add regen script) * test setup: give ES the full cert chain In order for the `ca_trusted_fingerprint` specs to work with the CA's fingerprint, ES needs to be configured to present a cert chain that includes the CA. * resilience: prevent failures from crashing plugin When an Event cannot be created directly from the hit, or when the docinfo cannot be merged into a non-hash field in the hit, emit an Event tagged with `_elasticsearch_input_failure` that contains the JSON-encoded hit in `[event][original]` instead of crashing. * add link to changelog * remove orphan method from refactor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
3.15.0are now marked obsolete, and will prevent the plugin from starting.ca_file, which should be replaced byssl_certificate_authoritieskeystore, which should be replaced byssl_keystore_pathkeystore_password, which should be replaced byssl_keystore_passwordkeystore_type, which should be replaced byssl_keystore_passwordssl, which should be replaced byssl_enabledRelates: #179