Save name came through ENV vars to let Logstash decide using value from either keystore or ENV. (#16026)

mashhurs · kaisecheng · web-flow · commit e429795039e3 · 2024-03-27T09:22:27.000-07:00
* Save  name came through ENV vars to let Logstash decide using either keystore or ENV value.

* Apply suggestions from code review to simplify array declaration.

Co-authored-by: kaisecheng &lt;69120390+kaisecheng@users.noreply.github.com&gt;

---------

Co-authored-by: kaisecheng &lt;69120390+kaisecheng@users.noreply.github.com&gt;
diff --git a/docker/data/logstash/env2yaml/env2yaml.go b/docker/data/logstash/env2yaml/env2yaml.go
@@ -21,18 +21,116 @@ import (
 	"log"
 	"os"
 	"strings"
+	"fmt"
 )
 
-// If the given string can be parsed as YAML, then do so and return the
-// resulting entity. Otherwise, return the string unmodified.
-func FromYamlIfPossible(str string) interface{} {
-	var entity interface{}
-	err := yaml.Unmarshal([]byte(str), &entity)
-	if err == nil {
-		return entity
-	} else {
-		return str
-	}
+var validSettings = []string{
+	"api.enabled",
+	"api.http.host",
+	"api.http.port",
+	"api.environment",
+	"node.name",
+	"path.data",
+	"pipeline.id",
+	"pipeline.workers",
+	"pipeline.output.workers",
+	"pipeline.batch.size",
+	"pipeline.batch.delay",
+	"pipeline.unsafe_shutdown",
+	"pipeline.ecs_compatibility",
+	"pipeline.ordered",
+	"pipeline.plugin_classloaders",
+	"pipeline.separate_logs",
+	"path.config",
+	"config.string",
+	"config.test_and_exit",
+	"config.reload.automatic",
+	"config.reload.interval",
+	"config.debug",
+	"config.support_escapes",
+	"config.field_reference.escape_style",
+	"event_api.tags.illegal",
+	"queue.type",
+	"path.queue",
+	"queue.page_capacity",
+	"queue.max_events",
+	"queue.max_bytes",
+	"queue.checkpoint.acks",
+	"queue.checkpoint.writes",
+	"queue.checkpoint.interval",
+	"queue.drain",
+	"dead_letter_queue.enable",
+	"dead_letter_queue.max_bytes",
+	"dead_letter_queue.flush_interval",
+	"dead_letter_queue.storage_policy",
+	"dead_letter_queue.retain.age",
+	"path.dead_letter_queue",
+	"http.enabled",     // DEPRECATED: prefer `api.enabled`
+	"http.environment", // DEPRECATED: prefer `api.environment`
+	"http.host",        // DEPRECATED: prefer `api.http.host`
+	"http.port",        // DEPRECATED: prefer `api.http.port`
+	"log.level",
+	"log.format",
+	"modules",
+	"metric.collect",
+	"path.logs",
+	"path.plugins",
+	"api.auth.type",
+	"api.auth.basic.username",
+	"api.auth.basic.password",
+	"api.auth.basic.password_policy.mode",
+	"api.auth.basic.password_policy.length.minimum",
+	"api.auth.basic.password_policy.include.upper",
+	"api.auth.basic.password_policy.include.lower",
+	"api.auth.basic.password_policy.include.digit",
+	"api.auth.basic.password_policy.include.symbol",
+	"allow_superuser",
+	"monitoring.cluster_uuid",
+	"xpack.monitoring.enabled",
+	"xpack.monitoring.collection.interval",
+	"xpack.monitoring.elasticsearch.hosts",
+	"xpack.monitoring.elasticsearch.username",
+	"xpack.monitoring.elasticsearch.password",
+	"xpack.monitoring.elasticsearch.proxy",
+	"xpack.monitoring.elasticsearch.api_key",
+	"xpack.monitoring.elasticsearch.cloud_auth",
+	"xpack.monitoring.elasticsearch.cloud_id",
+	"xpack.monitoring.elasticsearch.sniffing",
+	"xpack.monitoring.elasticsearch.ssl.certificate_authority",
+	"xpack.monitoring.elasticsearch.ssl.ca_trusted_fingerprint",
+	"xpack.monitoring.elasticsearch.ssl.verification_mode",
+	"xpack.monitoring.elasticsearch.ssl.truststore.path",
+	"xpack.monitoring.elasticsearch.ssl.truststore.password",
+	"xpack.monitoring.elasticsearch.ssl.keystore.path",
+	"xpack.monitoring.elasticsearch.ssl.keystore.password",
+	"xpack.monitoring.elasticsearch.ssl.certificate",
+	"xpack.monitoring.elasticsearch.ssl.key",
+	"xpack.monitoring.elasticsearch.ssl.cipher_suites",
+	"xpack.management.enabled",
+	"xpack.management.logstash.poll_interval",
+	"xpack.management.pipeline.id",
+	"xpack.management.elasticsearch.hosts",
+	"xpack.management.elasticsearch.username",
+	"xpack.management.elasticsearch.password",
+	"xpack.management.elasticsearch.proxy",
+	"xpack.management.elasticsearch.api_key",
+	"xpack.management.elasticsearch.cloud_auth",
+	"xpack.management.elasticsearch.cloud_id",
+	"xpack.management.elasticsearch.sniffing",
+	"xpack.management.elasticsearch.ssl.certificate_authority",
+	"xpack.management.elasticsearch.ssl.ca_trusted_fingerprint",
+	"xpack.management.elasticsearch.ssl.verification_mode",
+	"xpack.management.elasticsearch.ssl.truststore.path",
+	"xpack.management.elasticsearch.ssl.truststore.password",
+	"xpack.management.elasticsearch.ssl.keystore.path",
+	"xpack.management.elasticsearch.ssl.keystore.password",
+	"xpack.management.elasticsearch.ssl.certificate",
+	"xpack.management.elasticsearch.ssl.key",
+	"xpack.management.elasticsearch.ssl.cipher_suites",
+	"xpack.geoip.download.endpoint",
+	"xpack.geoip.downloader.enabled",
+	"cloud.id",
+	"cloud.auth",
 }
 
 // Given a setting name, return a downcased version with delimiters removed.
@@ -46,118 +144,9 @@ func squashSetting(setting string) string {
 // Given a setting name like "pipeline.workers" or "PIPELINE_UNSAFE_SHUTDOWN",
 // return the canonical setting name. eg. 'pipeline.unsafe_shutdown'
 func normalizeSetting(setting string) (string, error) {
-	valid_settings := []string{
-		"api.enabled",
-		"api.http.host",
-		"api.http.port",
-		"api.environment",
-		"node.name",
-		"path.data",
-		"pipeline.id",
-		"pipeline.workers",
-		"pipeline.output.workers",
-		"pipeline.batch.size",
-		"pipeline.batch.delay",
-		"pipeline.unsafe_shutdown",
-		"pipeline.ecs_compatibility",
-		"pipeline.ordered",
-		"pipeline.plugin_classloaders",
-		"pipeline.separate_logs",
-		"path.config",
-		"config.string",
-		"config.test_and_exit",
-		"config.reload.automatic",
-		"config.reload.interval",
-		"config.debug",
-		"config.support_escapes",
-		"config.field_reference.escape_style",
-		"event_api.tags.illegal",
-		"queue.type",
-		"path.queue",
-		"queue.page_capacity",
-		"queue.max_events",
-		"queue.max_bytes",
-		"queue.checkpoint.acks",
-		"queue.checkpoint.writes",
-		"queue.checkpoint.interval",
-		"queue.drain",
-		"dead_letter_queue.enable",
-		"dead_letter_queue.max_bytes",
-		"dead_letter_queue.flush_interval",
-		"dead_letter_queue.storage_policy",
-		"dead_letter_queue.retain.age",
-		"path.dead_letter_queue",
-		"http.enabled",     // DEPRECATED: prefer `api.enabled`
-		"http.environment", // DEPRECATED: prefer `api.environment`
-		"http.host",        // DEPRECATED: prefer `api.http.host`
-		"http.port",        // DEPRECATED: prefer `api.http.port`
-		"log.level",
-		"log.format",
-		"modules",
-		"metric.collect",
-		"path.logs",
-		"path.plugins",
-		"api.auth.type",
-		"api.auth.basic.username",
-		"api.auth.basic.password",
-		"api.auth.basic.password_policy.mode",
-		"api.auth.basic.password_policy.length.minimum",
-		"api.auth.basic.password_policy.include.upper",
-		"api.auth.basic.password_policy.include.lower",
-		"api.auth.basic.password_policy.include.digit",
-		"api.auth.basic.password_policy.include.symbol",
-		"allow_superuser",
-		"monitoring.cluster_uuid",
-		"xpack.monitoring.enabled",
-		"xpack.monitoring.collection.interval",
-		"xpack.monitoring.elasticsearch.hosts",
-		"xpack.monitoring.elasticsearch.username",
-		"xpack.monitoring.elasticsearch.password",
-		"xpack.monitoring.elasticsearch.proxy",
-		"xpack.monitoring.elasticsearch.api_key",
-		"xpack.monitoring.elasticsearch.cloud_auth",
-		"xpack.monitoring.elasticsearch.cloud_id",
-		"xpack.monitoring.elasticsearch.sniffing",
-		"xpack.monitoring.elasticsearch.ssl.certificate_authority",
-		"xpack.monitoring.elasticsearch.ssl.ca_trusted_fingerprint",
-		"xpack.monitoring.elasticsearch.ssl.verification_mode",
-		"xpack.monitoring.elasticsearch.ssl.truststore.path",
-		"xpack.monitoring.elasticsearch.ssl.truststore.password",
-		"xpack.monitoring.elasticsearch.ssl.keystore.path",
-		"xpack.monitoring.elasticsearch.ssl.keystore.password",
-		"xpack.monitoring.elasticsearch.ssl.certificate",
-		"xpack.monitoring.elasticsearch.ssl.key",
-		"xpack.monitoring.elasticsearch.ssl.cipher_suites",
-		"xpack.management.enabled",
-		"xpack.management.logstash.poll_interval",
-		"xpack.management.pipeline.id",
-		"xpack.management.elasticsearch.hosts",
-		"xpack.management.elasticsearch.username",
-		"xpack.management.elasticsearch.password",
-		"xpack.management.elasticsearch.proxy",
-		"xpack.management.elasticsearch.api_key",
-		"xpack.management.elasticsearch.cloud_auth",
-		"xpack.management.elasticsearch.cloud_id",
-		"xpack.management.elasticsearch.sniffing",
-		"xpack.management.elasticsearch.ssl.certificate_authority",
-		"xpack.management.elasticsearch.ssl.ca_trusted_fingerprint",
-		"xpack.management.elasticsearch.ssl.verification_mode",
-		"xpack.management.elasticsearch.ssl.truststore.path",
-		"xpack.management.elasticsearch.ssl.truststore.password",
-		"xpack.management.elasticsearch.ssl.keystore.path",
-		"xpack.management.elasticsearch.ssl.keystore.password",
-		"xpack.management.elasticsearch.ssl.certificate",
-		"xpack.management.elasticsearch.ssl.key",
-		"xpack.management.elasticsearch.ssl.cipher_suites",
-		"xpack.geoip.download.endpoint",
-		"xpack.geoip.downloader.enabled",
-		"cloud.id",
-		"cloud.auth",
-	}
-
-	for _, valid_setting := range valid_settings {
-		if squashSetting(setting) == squashSetting(valid_setting) {
-			return valid_setting, nil
+	for _, validSetting := range validSettings {
+		if squashSetting(setting) == squashSetting(validSetting) {
+			return validSetting, nil
 		}
 	}
 	return "", errors.New("Invalid setting: " + setting)
@@ -186,12 +175,12 @@ func main() {
 	for _, line := range os.Environ() {
 		kv := strings.SplitN(line, "=", 2)
 		key := kv[0]
-		value := kv[1]
 		setting, err := normalizeSetting(key)
 		if err == nil {
 			foundNewSettings = true
 			log.Printf("Setting '%s' from environment.", setting)
-			settings[setting] = FromYamlIfPossible(value)
+			// we need to keep ${KEY} in the logstash.yml to let Logstash decide using ${KEY}'s value from either keystore or environment
+			settings[setting] = fmt.Sprintf("${%s}", key)
 		}
 	}
 
