ENH: enable TLS/SSL through local filepath in http source #359
Conversation
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
...ugins/common/src/main/java/com/amazon/dataprepper/plugins/certificate/model/Certificate.java
Show resolved
Hide resolved
| implementation "com.linecorp.armeria:armeria:1.9.2" | ||
| implementation "commons-io:commons-io:2.11.0" |
There was a problem hiding this comment.
We ought to move the versions of dependencies we use in multiple places out to the external file with the others that we've already defined.
There was a problem hiding this comment.
Right now we have a versionsMap in our build-resources.gradle to provide this consistency.
Gradle 7 should help us improve this, but it is not possible to update presently due to the OpenSearch plugin.
There was a problem hiding this comment.
We could add commons-io version into versionMap. There might be other common packages. We should do that in a separate PR.
There was a problem hiding this comment.
Please make a separate PR for this.
| @@ -44,8 +51,19 @@ public void start(Buffer<Record<String>> buffer) { | |||
| } | |||
| if (server == null) { | |||
| final ServerBuilder sb = Server.builder(); | |||
| // TODO: allow tls/ssl | |||
| sb.http(sourceConfig.getPort()); | |||
| if (sourceConfig.isSsl()) { | |||
There was a problem hiding this comment.
Nit: do we want to have isSsl or isSSL given that SSL is an acronym and not a proper word?
There was a problem hiding this comment.
I think isSSL makes more sense. This getter is autogenerated.
There was a problem hiding this comment.
I think we should stick with isSsl. Making initials lowercase is a common convention. For example, java.net.http.HttpRequest.
| force 'commons-logging:commons-logging:1.2' | ||
| force 'org.apache.httpcomponents:httpclient:4.5.13' | ||
| force 'org.apache.httpcomponents:httpcore:4.4.13' | ||
| force "org.hdrhistogram:HdrHistogram:2.1.12" | ||
| force 'joda-time:joda-time:2.10.10' |
There was a problem hiding this comment.
not for this PR, but we really shouldn't be using Joda time since it is now included in the JDKs.
There was a problem hiding this comment.
This might be here because the OpenSearch build plugin brings in its own dependencies.
There was a problem hiding this comment.
Ok, we can dive into it later.
...ttp-source/src/main/java/com/amazon/dataprepper/plugins/source/loghttp/HTTPSourceConfig.java
Outdated
Show resolved
Hide resolved
...ttp-source/src/main/java/com/amazon/dataprepper/plugins/source/loghttp/HTTPSourceConfig.java
Outdated
Show resolved
Hide resolved
...ttp-source/src/main/java/com/amazon/dataprepper/plugins/source/loghttp/HTTPSourceConfig.java
Outdated
Show resolved
Hide resolved
| @@ -44,8 +51,19 @@ public void start(Buffer<Record<String>> buffer) { | |||
| } | |||
| if (server == null) { | |||
| final ServerBuilder sb = Server.builder(); | |||
| // TODO: allow tls/ssl | |||
| sb.http(sourceConfig.getPort()); | |||
| if (sourceConfig.isSsl()) { | |||
There was a problem hiding this comment.
I think we should stick with isSsl. Making initials lowercase is a common convention. For example, java.net.http.HttpRequest.
| implementation "com.linecorp.armeria:armeria:1.9.2" | ||
| implementation "commons-io:commons-io:2.11.0" |
There was a problem hiding this comment.
Right now we have a versionsMap in our build-resources.gradle to provide this consistency.
Gradle 7 should help us improve this, but it is not possible to update presently due to the OpenSearch plugin.
| @@ -60,6 +69,38 @@ public void testValidConfig() { | |||
| assertEquals(TEST_THREAD_COUNT, sourceConfig.getThreadCount()); | |||
| assertEquals(TEST_MAX_CONNECTION_COUNT, sourceConfig.getMaxConnectionCount()); | |||
| assertEquals(TEST_MAX_PENDING_REQUESTS, sourceConfig.getMaxPendingRequests()); | |||
| assertFalse(sourceConfig.isSsl()); | |||
There was a problem hiding this comment.
We are going to start using Hamcrest consistently for assertions. But, this is fine for now.
| force 'commons-logging:commons-logging:1.2' | ||
| force 'org.apache.httpcomponents:httpclient:4.5.13' | ||
| force 'org.apache.httpcomponents:httpcore:4.4.13' | ||
| force "org.hdrhistogram:HdrHistogram:2.1.12" | ||
| force 'joda-time:joda-time:2.10.10' |
There was a problem hiding this comment.
This might be here because the OpenSearch build plugin brings in its own dependencies.
Signed-off-by: qchea <[email protected]>
| } | ||
|
|
||
| public CertificateProvider getCertificateProvider() { | ||
| // TODO: support more certificate providers |
There was a problem hiding this comment.
Make an issue for this, please.
| * GitHub history for details. | ||
| */ | ||
|
|
||
| package com.amazon.dataprepper.plugins.source.loghttp.certificate; |
There was a problem hiding this comment.
Not a blocker for now, but do we want to centralize the SSL certificate logic so we don't have these CertificateProviderFactories all over the codebase?
There was a problem hiding this comment.
The reason I did not centralize this class in the PR is b/c right now it takes the source plugin config as input arg. We will need to refactor out a common SSLConfig with all possible relevant parameters in order to do this centralization. The SSLConfig will be reused by the existing source plugins. I will reserve it for future iteration and open an issue.
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
Signed-off-by: qchea <[email protected]>
| @@ -16,8 +16,15 @@ dependencies { | |||
| api project(':data-prepper-api') | |||
| implementation 'com.fasterxml.jackson.core:jackson-databind' | |||
| implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml' | |||
| implementation "commons-io:commons-io:2.11.0" | |||
There was a problem hiding this comment.
Nothing you have to fix now, but going forward, please use single quotes for Gradle strings. Double quotes are GStrings which are used for string interpolation.
…arch-project#359) * ENH: ssl config parameters and tests Signed-off-by: qchea <[email protected]> * MAINT: comment string Signed-off-by: qchea <[email protected]> * REF: server SSLCertProvider into common plugin Signed-off-by: qchea <[email protected]> * TST: ssl enabled server Signed-off-by: qchea <[email protected]> * MAINT: TODO comment Signed-off-by: qchea <[email protected]> * MAINT: update README Signed-off-by: qchea <[email protected]> * STY: rename ssl related parameters and variables Signed-off-by: qchea <[email protected]> * ENH: ssl config parameters and tests Signed-off-by: qchea <[email protected]> * MAINT: comment string Signed-off-by: qchea <[email protected]> * REF: server SSLCertProvider into common plugin Signed-off-by: qchea <[email protected]> * TST: ssl enabled server Signed-off-by: qchea <[email protected]> * MAINT: TODO comment Signed-off-by: qchea <[email protected]> * MAINT: update README Signed-off-by: qchea <[email protected]> * STY: rename ssl related parameters and variables Signed-off-by: qchea <[email protected]>
Description
This PR
Note: For now we only support certificates from local file path corresponding to the config in Fluentbit HTTP plugin (client).
Issues Resolved
#358
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.