Skip to content

Commit

Permalink
Merge pull request kube-logging#1634 from kube-logging/grpc-tls-options
Browse files Browse the repository at this point in the history 
fix(syslog-ng-loki-output): fix invalid tls options
  • Loading branch information
@kristofgyuracz
kristofgyuracz authored Jan 8, 2024
2 parents 2d00cd3 + 7bf8c3d commit a866a85
Show file tree
Hide file tree
Showing 11 changed files with 68 additions and 202 deletions.
48 changes: 0 additions & 48 deletions charts/logging-operator/crds/logging.banzaicloud.io_syslogngclusteroutputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -974,39 +974,6 @@ spec:
type: object
tls:
properties:
ca_dir:
properties:
mountFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
ca_file:
properties:
mountFrom:
Expand Down Expand Up @@ -1073,8 +1040,6 @@ spec:
type: object
type: object
type: object
cipher-suite:
type: string
key_file:
properties:
mountFrom:
Expand Down Expand Up @@ -1108,19 +1073,6 @@ spec:
type: object
type: object
type: object
peer_verify:
type: boolean
ssl_version:
enum:
- sslv3
- tlsv1
- tlsv1_0
- tlsv1_1
- tlsv1_2
- tlsv1_3
type: string
use-system-cert-store:
type: boolean
type: object
type: object
batch-lines:
Expand Down
48 changes: 0 additions & 48 deletions charts/logging-operator/crds/logging.banzaicloud.io_syslogngoutputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -970,39 +970,6 @@ spec:
type: object
tls:
properties:
ca_dir:
properties:
mountFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
ca_file:
properties:
mountFrom:
Expand Down Expand Up @@ -1069,8 +1036,6 @@ spec:
type: object
type: object
type: object
cipher-suite:
type: string
key_file:
properties:
mountFrom:
Expand Down Expand Up @@ -1104,19 +1069,6 @@ spec:
type: object
type: object
type: object
peer_verify:
type: boolean
ssl_version:
enum:
- sslv3
- tlsv1
- tlsv1_0
- tlsv1_1
- tlsv1_2
- tlsv1_3
type: string
use-system-cert-store:
type: boolean
type: object
type: object
batch-lines:
Expand Down
48 changes: 0 additions & 48 deletions config/crd/bases/logging.banzaicloud.io_syslogngclusteroutputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -974,39 +974,6 @@ spec:
type: object
tls:
properties:
ca_dir:
properties:
mountFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
ca_file:
properties:
mountFrom:
Expand Down Expand Up @@ -1073,8 +1040,6 @@ spec:
type: object
type: object
type: object
cipher-suite:
type: string
key_file:
properties:
mountFrom:
Expand Down Expand Up @@ -1108,19 +1073,6 @@ spec:
type: object
type: object
type: object
peer_verify:
type: boolean
ssl_version:
enum:
- sslv3
- tlsv1
- tlsv1_0
- tlsv1_1
- tlsv1_2
- tlsv1_3
type: string
use-system-cert-store:
type: boolean
type: object
type: object
batch-lines:
Expand Down
48 changes: 0 additions & 48 deletions config/crd/bases/logging.banzaicloud.io_syslogngoutputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -970,39 +970,6 @@ spec:
type: object
tls:
properties:
ca_dir:
properties:
mountFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
ca_file:
properties:
mountFrom:
Expand Down Expand Up @@ -1069,8 +1036,6 @@ spec:
type: object
type: object
type: object
cipher-suite:
type: string
key_file:
properties:
mountFrom:
Expand Down Expand Up @@ -1104,19 +1069,6 @@ spec:
type: object
type: object
type: object
peer_verify:
type: boolean
ssl_version:
enum:
- sslv3
- tlsv1
- tlsv1_0
- tlsv1_1
- tlsv1_2
- tlsv1_3
type: string
use-system-cert-store:
type: boolean
type: object
type: object
batch-lines:
Expand Down
4 changes: 3 additions & 1 deletion docs/configuration/plugins/syslogng-outputs/auth.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ generated_file: true
## Configuration
## Auth

Authentication settings. Only one authentication method can be set. Default: Insecure

### adc (*ADC, optional) {#auth-adc}

Application Default Credentials (ADC).
Expand All @@ -26,7 +28,7 @@ Application Layer Transport Security (ALTS) is a simple to use authentication, o
This is the default method, authentication is disabled (`auth(insecure())`).


### tls (*TLS, optional) {#auth-tls}
### tls (*GrpcTLS, optional) {#auth-tls}

This option sets various options related to TLS encryption, for example, key/certificate files and trusted CA locations. TLS can be used only with tcp-based transport protocols. For details, see [TLS for syslog-ng outputs](../tls/) and the [documentation of the AxoSyslog syslog-ng distribution](https://axoflow.com/docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions).

Expand Down
18 changes: 18 additions & 0 deletions docs/configuration/plugins/syslogng-outputs/tls.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,21 @@ Use the certificate store of the system for verifying HTTPS certificates. For de



## GrpcTLS

### ca_file (*secret.Secret, optional) {#grpctls-ca_file}

The name of a file that contains a set of trusted CA certificates in PEM format. (Optional) For details, see the [AxoSyslog Core documentation](https://axoflow.com/docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions/#ca-file).


### cert_file (*secret.Secret, optional) {#grpctls-cert_file}

Name of a file, that contains an X.509 certificate (or a certificate chain) in PEM format, suitable as a TLS certificate, matching the private key set in the key-file() option. For details, see the [AxoSyslog Core documentation](https://axoflow.com/docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions/#cert-file).


### key_file (*secret.Secret, optional) {#grpctls-key_file}

The name of a file that contains an unencrypted private key in PEM format, suitable as a TLS key. For details, see the [AxoSyslog Core documentation](https://axoflow.com/docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions/#key-file).



3 changes: 3 additions & 0 deletions go.work.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2351,6 +2351,7 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0 h1:3jAYbRHQAqzLjd9I4tzxwJ8Pk/N6AqBcF6m1ZHrxG94=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0/go.mod h1:+N7zNjIJv4K+DeX67XXET0P+eIciESgaFDBqh+ZJFS4=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU=
go.opentelemetry.io/otel/metric v0.20.0 h1:4kzhXFP+btKm4jwxpjIqjs41A7MakRFUS86bqLHTIw8=
go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
go.opentelemetry.io/otel/metric v0.30.0/go.mod h1:/ShZ7+TS4dHzDFmfi1kSXMhMVubNoP0oIaBp70J6UXU=
Expand Down Expand Up @@ -2648,12 +2649,14 @@ google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:zqTuNwFl
google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64=
google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:O9kGHb51iE/nOGvQaDUuadVYqovW56s5emA88lQnj6Y=
google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0=
google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g=
google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8=
google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 h1:m8v1xLLLzMe1m5P+gCTF8nJB9epwZQUBERm20Oy1poQ=
google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ=
google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ=
google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:8mL13HKkDa+IuJ8yruA3ci0q+0vsUz4m//+ottjwS5o=
Expand Down
8 changes: 1 addition & 7 deletions pkg/sdk/logging/model/syslogng/config/output_tests/loki_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,19 +142,13 @@ func TestLokiOutputTable(t *testing.T) {
Workers: 3,
LogFIFOSize: 1000,
Auth: &output.Auth{
ALTS: &output.ALTS{},
ADC: &output.ADC{},
Insecure: &output.Insecure{},
TLS: &output.TLS{
PeerVerify: config.NewTrue(),
UseSystemCertStore: config.NewFalse(),
},
},
},
},
},
config: `destination "output_default_test-loki-out" {
loki(auth(alts() adc() insecure() tls(peer_verify(yes) use-system-cert-store(no))) url("test.local") batch-lines(2000) batch-timeout(10) workers(3) persist_name("output_default_test-loki-out") log-fifo-size(1000));
loki(auth(insecure()) url("test.local") batch-lines(2000) batch-timeout(10) workers(3) persist_name("output_default_test-loki-out") log-fifo-size(1000));
};
`,
},
Expand Down
3 changes: 2 additions & 1 deletion pkg/sdk/logging/model/syslogng/output/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ type _docAuth interface{} //nolint:deadcode,unused
type _metaAuth interface{} //nolint:deadcode,unused

// +kubebuilder:object:generate=true
// Authentication settings. Only one authentication method can be set. Default: Insecure
type Auth struct {
// Application Layer Transport Security (ALTS) is a simple to use authentication, only available within Google’s infrastructure.
ALTS *ALTS `json:"alts,omitempty"`
Expand All @@ -36,7 +37,7 @@ type Auth struct {
// This is the default method, authentication is disabled (`auth(insecure())`).
Insecure *Insecure `json:"insecure,omitempty"`
// This option sets various options related to TLS encryption, for example, key/certificate files and trusted CA locations. TLS can be used only with tcp-based transport protocols. For details, see [TLS for syslog-ng outputs](../tls/) and the [documentation of the AxoSyslog syslog-ng distribution](https://axoflow.com/docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions).
TLS *TLS `json:"tls,omitempty"`
TLS *GrpcTLS `json:"tls,omitempty"`
}

type ADC struct{}
Expand Down
10 changes: 10 additions & 0 deletions pkg/sdk/logging/model/syslogng/output/tls.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,3 +50,13 @@ type TLS struct {
// +kubebuilder:validation:Enum=sslv3;tlsv1;tlsv1_0;tlsv1_1;tlsv1_2;tlsv1_3
SslVersion string `json:"ssl_version,omitempty"`
}

// +kubebuilder:object:generate=true
type GrpcTLS struct {
// The name of a file that contains a set of trusted CA certificates in PEM format. (Optional) For details, see the [AxoSyslog Core documentation](https://axoflow.com/docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions/#ca-file).
CaFile *secret.Secret `json:"ca_file,omitempty"`
// The name of a file that contains an unencrypted private key in PEM format, suitable as a TLS key. For details, see the [AxoSyslog Core documentation](https://axoflow.com/docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions/#key-file).
KeyFile *secret.Secret `json:"key_file,omitempty"`
// Name of a file, that contains an X.509 certificate (or a certificate chain) in PEM format, suitable as a TLS certificate, matching the private key set in the key-file() option. For details, see the [AxoSyslog Core documentation](https://axoflow.com/docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions/#cert-file).
CertFile *secret.Secret `json:"cert_file,omitempty"`
}
Loading

0 comments on commit a866a85

Please sign in to comment.