From e404d31f9aab7367a67a13f3a1737e09e6cd2d91 Mon Sep 17 00:00:00 2001 From: JakeSCahill Date: Sun, 26 May 2024 08:55:20 +0100 Subject: [PATCH] doc updates --- .../components/pages/caches/aws_dynamodb.adoc | 5 +- .../components/pages/caches/aws_s3.adoc | 5 +- .../components/pages/caches/couchbase.adoc | 3 +- docs/modules/components/pages/caches/lru.adoc | 2 +- .../components/pages/caches/mongodb.adoc | 3 +- .../components/pages/caches/nats_kv.adoc | 34 +++---- .../components/pages/caches/redis.adoc | 12 +-- .../components/pages/caches/ristretto.adoc | 2 +- docs/modules/components/pages/caches/sql.adoc | 4 +- .../components/pages/caches/ttlru.adoc | 2 +- .../components/pages/inputs/amqp_0_9.adoc | 12 +-- .../components/pages/inputs/amqp_1.adoc | 15 ++- .../components/pages/inputs/aws_kinesis.adoc | 5 +- .../components/pages/inputs/aws_s3.adoc | 5 +- .../components/pages/inputs/aws_sqs.adoc | 5 +- .../pages/inputs/azure_blob_storage.adoc | 4 +- .../pages/inputs/azure_cosmosdb.adoc | 16 ++- .../components/pages/inputs/cassandra.adoc | 15 ++- .../pages/inputs/cockroachdb_changefeed.adoc | 21 ++-- .../components/pages/inputs/gcp_pubsub.adoc | 4 +- .../components/pages/inputs/http_client.adoc | 24 ++--- .../components/pages/inputs/http_server.adoc | 2 +- .../components/pages/inputs/kafka.adoc | 15 ++- .../components/pages/inputs/kafka_franz.adoc | 22 ++--- .../components/pages/inputs/mongodb.adoc | 3 +- .../modules/components/pages/inputs/mqtt.adoc | 15 ++- .../modules/components/pages/inputs/nats.adoc | 34 +++---- .../pages/inputs/nats_jetstream.adoc | 34 +++---- .../components/pages/inputs/nats_kv.adoc | 34 +++---- .../components/pages/inputs/nats_stream.adoc | 36 ++++--- docs/modules/components/pages/inputs/nsq.adoc | 12 +-- .../components/pages/inputs/parquet.adoc | 4 +- .../components/pages/inputs/pulsar.adoc | 2 +- .../components/pages/inputs/redis_list.adoc | 12 +-- .../components/pages/inputs/redis_pubsub.adoc | 12 +-- .../components/pages/inputs/redis_scan.adoc | 12 +-- .../pages/inputs/redis_streams.adoc | 12 +-- .../modules/components/pages/inputs/sftp.adoc | 6 +- .../components/pages/inputs/sql_raw.adoc | 4 +- .../components/pages/inputs/sql_select.adoc | 4 +- .../pages/inputs/twitter_search.adoc | 14 +-- .../components/pages/inputs/websocket.adoc | 21 ++-- .../components/pages/logger/about.adoc | 2 +- .../pages/metrics/aws_cloudwatch.adoc | 5 +- .../components/pages/metrics/influxdb.adoc | 15 ++- .../components/pages/metrics/prometheus.adoc | 5 +- .../components/pages/metrics/statsd.adoc | 2 +- .../components/pages/outputs/amqp_0_9.adoc | 12 +-- .../components/pages/outputs/amqp_1.adoc | 15 ++- .../pages/outputs/aws_dynamodb.adoc | 5 +- .../components/pages/outputs/aws_kinesis.adoc | 5 +- .../pages/outputs/aws_kinesis_firehose.adoc | 5 +- .../components/pages/outputs/aws_s3.adoc | 5 +- .../components/pages/outputs/aws_sns.adoc | 5 +- .../components/pages/outputs/aws_sqs.adoc | 5 +- .../pages/outputs/azure_blob_storage.adoc | 2 +- .../pages/outputs/azure_cosmosdb.adoc | 18 ++-- .../components/pages/outputs/cassandra.adoc | 15 ++- .../components/pages/outputs/discord.adoc | 2 +- .../pages/outputs/elasticsearch.adoc | 20 ++-- .../pages/outputs/gcp_bigquery.adoc | 4 +- .../components/pages/outputs/gcp_pubsub.adoc | 4 +- .../components/pages/outputs/http_client.adoc | 28 +++--- .../components/pages/outputs/http_server.adoc | 2 +- .../components/pages/outputs/kafka.adoc | 15 ++- .../components/pages/outputs/kafka_franz.adoc | 22 ++--- .../components/pages/outputs/mongodb.adoc | 9 +- .../components/pages/outputs/mqtt.adoc | 15 ++- .../components/pages/outputs/nats.adoc | 34 +++---- .../pages/outputs/nats_jetstream.adoc | 34 +++---- .../components/pages/outputs/nats_kv.adoc | 34 +++---- .../components/pages/outputs/nats_stream.adoc | 36 ++++--- .../modules/components/pages/outputs/nsq.adoc | 12 +-- .../components/pages/outputs/opensearch.adoc | 22 ++--- .../components/pages/outputs/redis_hash.adoc | 12 +-- .../components/pages/outputs/redis_list.adoc | 12 +-- .../pages/outputs/redis_pubsub.adoc | 12 +-- .../pages/outputs/redis_streams.adoc | 12 +-- .../components/pages/outputs/sftp.adoc | 6 +- .../pages/outputs/snowflake_put.adoc | 42 ++++---- .../components/pages/outputs/splunk_hec.adoc | 2 +- .../components/pages/outputs/sql_insert.adoc | 4 +- .../components/pages/outputs/sql_raw.adoc | 4 +- .../components/pages/outputs/websocket.adoc | 21 ++-- .../components/pages/processors/archive.adoc | 2 +- .../components/pages/processors/awk.adoc | 2 +- .../processors/aws_dynamodb_partiql.adoc | 5 +- .../pages/processors/aws_lambda.adoc | 5 +- .../pages/processors/azure_cosmosdb.adoc | 18 ++-- .../pages/processors/couchbase.adoc | 3 +- .../components/pages/processors/grok.adoc | 2 +- .../components/pages/processors/http.adoc | 26 +++-- .../pages/processors/javascript.adoc | 6 +- .../components/pages/processors/jq.adoc | 4 +- .../pages/processors/json_schema.adoc | 2 +- .../components/pages/processors/mongodb.adoc | 9 +- .../components/pages/processors/msgpack.adoc | 2 +- .../components/pages/processors/nats_kv.adoc | 36 ++++--- .../pages/processors/nats_request_reply.adoc | 34 +++---- .../components/pages/processors/parquet.adoc | 2 +- .../pages/processors/parquet_decode.adoc | 4 +- .../pages/processors/parquet_encode.adoc | 4 +- .../pages/processors/parse_log.adoc | 6 +- .../components/pages/processors/protobuf.adoc | 4 +- .../components/pages/processors/redis.adoc | 12 +-- .../pages/processors/redis_script.adoc | 14 +-- .../processors/schema_registry_decode.adoc | 29 +++--- .../processors/schema_registry_encode.adoc | 33 +++---- .../pages/processors/sentry_capture.adoc | 2 +- .../pages/processors/sql_insert.adoc | 4 +- .../components/pages/processors/sql_raw.adoc | 4 +- .../pages/processors/sql_select.adoc | 4 +- .../components/pages/processors/switch.adoc | 6 +- .../pages/processors/unarchive.adoc | 2 +- .../components/pages/processors/wasm.adoc | 4 +- .../components/pages/processors/workflow.adoc | 2 +- .../components/pages/rate_limits/redis.adoc | 12 +-- .../components/pages/scanners/avro.adoc | 6 +- .../pages/tracers/gcp_cloudtrace.adoc | 2 +- .../components/pages/tracers/jaeger.adoc | 2 +- .../tracers/open_telemetry_collector.adoc | 2 +- .../configuration/pages/templating.adoc | 3 +- .../guides/pages/bloblang/functions.adoc | 9 +- .../guides/pages/bloblang/methods.adoc | 97 ++++++------------- internal/impl/avro/scanner.go | 6 +- internal/impl/awk/processor.go | 2 +- internal/impl/aws/config/config.go | 2 +- internal/impl/azure/cosmosdb/docs.go | 8 +- internal/impl/azure/input_blob_storage.go | 4 +- internal/impl/azure/input_cosmosdb.go | 4 +- internal/impl/azure/output_blob_storage.go | 2 +- internal/impl/azure/output_cosmosdb.go | 4 +- internal/impl/azure/processor_cosmosdb.go | 4 +- internal/impl/changelog/bloblang.go | 4 +- internal/impl/cockroachdb/input_changefeed.go | 8 +- .../processor_schema_registry_decode.go | 8 +- .../processor_schema_registry_encode.go | 12 +-- internal/impl/dgraph/cache_ristretto.go | 2 +- internal/impl/discord/output.go | 2 +- internal/impl/gcp/input_pubsub.go | 4 +- internal/impl/gcp/output_bigquery.go | 4 +- internal/impl/gcp/output_pubsub.go | 4 +- internal/impl/gcp/tracer_cloudtrace.go | 2 +- internal/impl/jaeger/tracer_jaeger.go | 2 +- internal/impl/javascript/processor.go | 6 +- internal/impl/kafka/input_kafka_franz.go | 2 +- internal/impl/kafka/output_kafka_franz.go | 2 +- internal/impl/lang/bloblang.go | 6 +- internal/impl/maxmind/bloblang_geoip.go | 2 +- internal/impl/mongodb/common.go | 6 +- internal/impl/msgpack/bloblang.go | 4 +- internal/impl/msgpack/processor.go | 2 +- internal/impl/nats/auth.go | 16 +-- internal/impl/nats/input_stream.go | 2 +- internal/impl/nats/output_stream.go | 2 +- internal/impl/nats/processor_kv.go | 2 +- internal/impl/nsq/integration_test.go | 2 +- internal/impl/opensearch/output.go | 2 +- internal/impl/otlp/tracer_otlp.go | 2 +- internal/impl/parquet/bloblang.go | 2 +- internal/impl/parquet/input_parquet.go | 4 +- internal/impl/parquet/processor.go | 2 +- internal/impl/parquet/processor_decode.go | 4 +- internal/impl/parquet/processor_encode.go | 4 +- .../impl/prometheus/metrics_prometheus.go | 2 +- internal/impl/protobuf/processor_protobuf.go | 4 +- internal/impl/pulsar/input.go | 2 +- internal/impl/redis/script_processor.go | 2 +- internal/impl/sentry/processor_capture.go | 2 +- .../impl/snowflake/output_snowflake_put.go | 36 +++---- internal/impl/splunk/template_output.yaml | 2 +- internal/impl/sql/conn_fields.go | 10 +- internal/impl/statsd/metrics_statsd.go | 2 +- .../impl/twitter/template_search_input.yaml | 14 +-- internal/impl/wasm/processor_wazero.go | 4 +- 175 files changed, 791 insertions(+), 925 deletions(-) diff --git a/docs/modules/components/pages/caches/aws_dynamodb.adoc b/docs/modules/components/pages/caches/aws_dynamodb.adoc index 4b1abb2adf..a8b1fbe0dc 100644 --- a/docs/modules/components/pages/caches/aws_dynamodb.adoc +++ b/docs/modules/components/pages/caches/aws_dynamodb.adoc @@ -231,8 +231,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -254,7 +253,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/caches/aws_s3.adoc b/docs/modules/components/pages/caches/aws_s3.adoc index 1b7428cc6f..5f8f4aa84b 100644 --- a/docs/modules/components/pages/caches/aws_s3.adoc +++ b/docs/modules/components/pages/caches/aws_s3.adoc @@ -200,8 +200,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -223,7 +222,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/caches/couchbase.adoc b/docs/modules/components/pages/caches/couchbase.adoc index feaefb9431..05ba5435c7 100644 --- a/docs/modules/components/pages/caches/couchbase.adoc +++ b/docs/modules/components/pages/caches/couchbase.adoc @@ -84,8 +84,7 @@ Username to connect to the cluster. === `password` Password to connect to the cluster. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/caches/lru.adoc b/docs/modules/components/pages/caches/lru.adoc index 20b325e373..f84f5aa896 100644 --- a/docs/modules/components/pages/caches/lru.adoc +++ b/docs/modules/components/pages/caches/lru.adoc @@ -53,7 +53,7 @@ lru: This provides the lru package which implements a fixed-size thread safe LRU cache. -It uses the package https://github.com/hashicorp/golang-lru/v2[`lru`] +It uses the package https://github.com/hashicorp/golang-lru/v2[`lru`^] The field init_values can be used to pre-populate the memory cache with any number of key/value pairs: diff --git a/docs/modules/components/pages/caches/mongodb.adoc b/docs/modules/components/pages/caches/mongodb.adoc index 586da9ca67..ef2b317d80 100644 --- a/docs/modules/components/pages/caches/mongodb.adoc +++ b/docs/modules/components/pages/caches/mongodb.adoc @@ -67,8 +67,7 @@ The username to connect to the database. === `password` The password to connect to the database. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/caches/nats_kv.adoc b/docs/modules/components/pages/caches/nats_kv.adoc index ee9e4a7812..0591e91f1b 100644 --- a/docs/modules/components/pages/caches/nats_kv.adoc +++ b/docs/modules/components/pages/caches/nats_kv.adoc @@ -75,10 +75,10 @@ NATS component, so that monitoring tools between NATS and benthos can stay in sy == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -86,21 +86,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Fields @@ -175,8 +175,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -244,8 +243,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -276,9 +274,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -336,8 +336,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -350,8 +349,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/caches/redis.adoc b/docs/modules/components/pages/caches/redis.adoc index 5920f63e59..8097b09654 100644 --- a/docs/modules/components/pages/caches/redis.adoc +++ b/docs/modules/components/pages/caches/redis.adoc @@ -160,8 +160,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -229,8 +228,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -261,9 +259,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/caches/ristretto.adoc b/docs/modules/components/pages/caches/ristretto.adoc index 4a81b380b0..af6ec02172 100644 --- a/docs/modules/components/pages/caches/ristretto.adoc +++ b/docs/modules/components/pages/caches/ristretto.adoc @@ -14,7 +14,7 @@ component_type_dropdown::[] -Stores key/value pairs in a map held in the memory-bound https://github.com/dgraph-io/ristretto[Ristretto cache]. +Stores key/value pairs in a map held in the memory-bound https://github.com/dgraph-io/ristretto[Ristretto cache^]. [tabs] diff --git a/docs/modules/components/pages/caches/sql.adoc b/docs/modules/components/pages/caches/sql.adoc index 12a7555d03..a8e8042beb 100644 --- a/docs/modules/components/pages/caches/sql.adoc +++ b/docs/modules/components/pages/caches/sql.adoc @@ -156,9 +156,9 @@ The following is a list of supported drivers, their placeholder style, and their Please note that the `postgres` driver enforces SSL by default, you can override this with the parameter `sslmode=disable` if required. -The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. +The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs^] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication^], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. -The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes] for details. +The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`^] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys^] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries^]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes^] for details. *Type*: `string` diff --git a/docs/modules/components/pages/caches/ttlru.adoc b/docs/modules/components/pages/caches/ttlru.adoc index 2f9ef4df39..e400c743ee 100644 --- a/docs/modules/components/pages/caches/ttlru.adoc +++ b/docs/modules/components/pages/caches/ttlru.adoc @@ -55,7 +55,7 @@ The cache ttlru provides a simple, goroutine safe, cache with a fixed number of This TTL is reset on both modification and access of the value. As a result, if the cache is full, and no items have expired, when adding a new item, the item with the soonest expiration will be evicted. -It uses the package https://github.com/hashicorp/golang-lru/v2/expirable[`expirable`] +It uses the package https://github.com/hashicorp/golang-lru/v2/expirable[`expirable`^] The field init_values can be used to pre-populate the memory cache with any number of key/value pairs: diff --git a/docs/modules/components/pages/inputs/amqp_0_9.adoc b/docs/modules/components/pages/inputs/amqp_0_9.adoc index ae9f624a5d..4415b141f6 100644 --- a/docs/modules/components/pages/inputs/amqp_0_9.adoc +++ b/docs/modules/components/pages/inputs/amqp_0_9.adoc @@ -292,8 +292,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -361,8 +360,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -393,9 +391,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/amqp_1.adoc b/docs/modules/components/pages/inputs/amqp_1.adoc index dd50a091b5..c9f4d96596 100644 --- a/docs/modules/components/pages/inputs/amqp_1.adoc +++ b/docs/modules/components/pages/inputs/amqp_1.adoc @@ -205,8 +205,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -274,8 +273,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -306,9 +304,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -374,8 +374,7 @@ user: ${USER} === `sasl.password` A SASL plain text password. It is recommended that you use environment variables to populate this field. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/aws_kinesis.adoc b/docs/modules/components/pages/inputs/aws_kinesis.adoc index 26ab42a668..a857770020 100644 --- a/docs/modules/components/pages/inputs/aws_kinesis.adoc +++ b/docs/modules/components/pages/inputs/aws_kinesis.adoc @@ -284,8 +284,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -307,7 +306,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/inputs/aws_s3.adoc b/docs/modules/components/pages/inputs/aws_s3.adoc index 02dfd2e679..b14ecd6b55 100644 --- a/docs/modules/components/pages/inputs/aws_s3.adoc +++ b/docs/modules/components/pages/inputs/aws_s3.adoc @@ -182,8 +182,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -205,7 +204,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/inputs/aws_sqs.adoc b/docs/modules/components/pages/inputs/aws_sqs.adoc index ddf193969b..49b162af95 100644 --- a/docs/modules/components/pages/inputs/aws_sqs.adoc +++ b/docs/modules/components/pages/inputs/aws_sqs.adoc @@ -177,8 +177,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -200,7 +199,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/inputs/azure_blob_storage.adoc b/docs/modules/components/pages/inputs/azure_blob_storage.adoc index e9bafabd28..fd8894dab1 100644 --- a/docs/modules/components/pages/inputs/azure_blob_storage.adoc +++ b/docs/modules/components/pages/inputs/azure_blob_storage.adoc @@ -71,7 +71,7 @@ Supports multiple authentication methods but only one of the following is requir - `storage_connection_string` - `storage_account` and `storage_access_key` - `storage_account` and `storage_sas_token` -- `storage_account` to access via https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential] +- `storage_account` to access via https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential^] If multiple are set then the `storage_connection_string` is given priority. @@ -84,7 +84,7 @@ When downloading large files it's often necessary to process it in streamed part == Stream new files -By default this input will consume all files found within the target container and will then gracefully terminate. This is referred to as a "batch" mode of operation. However, it's possible to instead configure a container as https://learn.microsoft.com/en-gb/azure/event-grid/event-schema-blob-storage[an Event Grid source] and then use this as a <>, in which case new files are consumed as they're uploaded and Benthos will continue listening for and downloading files as they arrive. This is referred to as a "streamed" mode of operation. +By default this input will consume all files found within the target container and will then gracefully terminate. This is referred to as a "batch" mode of operation. However, it's possible to instead configure a container as https://learn.microsoft.com/en-gb/azure/event-grid/event-schema-blob-storage[an Event Grid source^] and then use this as a <>, in which case new files are consumed as they're uploaded and Benthos will continue listening for and downloading files as they arrive. This is referred to as a "streamed" mode of operation. == Metadata diff --git a/docs/modules/components/pages/inputs/azure_cosmosdb.adoc b/docs/modules/components/pages/inputs/azure_cosmosdb.adoc index cf9b8c112d..41c13f98ae 100644 --- a/docs/modules/components/pages/inputs/azure_cosmosdb.adoc +++ b/docs/modules/components/pages/inputs/azure_cosmosdb.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -Executes a SQL query against https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB] and creates a batch of messages from each page of items. +Executes a SQL query against https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB^] and creates a batch of messages from each page of items. Introduced in version v4.25.0. @@ -75,7 +75,7 @@ input: == Cross-partition queries -Cross-partition queries are currently not supported by the underlying driver. For every query, the PartitionKey values must be known in advance and specified in the config. https://github.com/Azure/azure-sdk-for-go/issues/18578#issuecomment-1222510989[See details]. +Cross-partition queries are currently not supported by the underlying driver. For every query, the PartitionKey values must be known in advance and specified in the config. https://github.com/Azure/azure-sdk-for-go/issues/18578#issuecomment-1222510989[See details^]. == Credentials @@ -83,7 +83,7 @@ Cross-partition queries are currently not supported by the underlying driver. Fo You can use one of the following authentication mechanisms: - Set the `endpoint` field and the `account_key` field -- Set only the `endpoint` field to use https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential] +- Set only the `endpoint` field to use https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential^] - Set the `connection_string` field @@ -145,8 +145,7 @@ endpoint: https://localhost:8081 === `account_key` Account key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -165,8 +164,7 @@ account_key: C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZ === `connection_string` Connection string. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -284,7 +282,7 @@ Whether messages that are rejected (nacked) at the output level should be automa == CosmosDB emulator -If you wish to run the CosmosDB emulator that is referenced in the documentation https://learn.microsoft.com/en-us/azure/cosmos-db/linux-emulator[here], the following Docker command should do the trick: +If you wish to run the CosmosDB emulator that is referenced in the documentation https://learn.microsoft.com/en-us/azure/cosmos-db/linux-emulator[here^], the following Docker command should do the trick: ```bash > docker run --rm -it -p 8081:8081 --name=cosmosdb -e AZURE_COSMOS_EMULATOR_PARTITION_COUNT=10 -e AZURE_COSMOS_EMULATOR_ENABLE_DATA_PERSISTENCE=false mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator @@ -292,7 +290,7 @@ If you wish to run the CosmosDB emulator that is referenced in the documentation Note: `AZURE_COSMOS_EMULATOR_PARTITION_COUNT` controls the number of partitions that will be supported by the emulator. The bigger the value, the longer it takes for the container to start up. -Additionally, instead of installing the container self-signed certificate which is exposed via `https://localhost:8081/_explorer/emulator.pem`, you can run https://mitmproxy.org/[mitmproxy] like so: +Additionally, instead of installing the container self-signed certificate which is exposed via `https://localhost:8081/_explorer/emulator.pem`, you can run https://mitmproxy.org/[mitmproxy^] like so: ```bash > mitmproxy -k --mode "reverse:https://localhost:8081" diff --git a/docs/modules/components/pages/inputs/cassandra.adoc b/docs/modules/components/pages/inputs/cassandra.adoc index b3f229f2ee..24c9b58749 100644 --- a/docs/modules/components/pages/inputs/cassandra.adoc +++ b/docs/modules/components/pages/inputs/cassandra.adoc @@ -168,8 +168,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -237,8 +236,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -269,9 +267,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -319,8 +319,7 @@ The username to authenticate as. === `password_authenticator.password` The password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/cockroachdb_changefeed.adoc b/docs/modules/components/pages/inputs/cockroachdb_changefeed.adoc index 73d1a3ce60..e2c7d11f1a 100644 --- a/docs/modules/components/pages/inputs/cockroachdb_changefeed.adoc +++ b/docs/modules/components/pages/inputs/cockroachdb_changefeed.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -Listens to a https://www.cockroachlabs.com/docs/stable/changefeed-examples[CockroachDB Core Changefeed] and creates a message for each row received. Each message is a json object looking like: +Listens to a https://www.cockroachlabs.com/docs/stable/changefeed-examples[CockroachDB Core Changefeed^] and creates a message for each row received. Each message is a json object looking like: ```json { "primary_key": "[\"1a7ff641-3e3b-47ee-94fe-a0cadb56cd8f\", 2]", // stringifed JSON array @@ -70,7 +70,7 @@ input: This input will continue to listen to the changefeed until shutdown. A backfill of the full current state of the table will be delivered upon each run unless a cache is configured for storing cursor timestamps, as this is how Benthos keeps track as to which changes have been successfully delivered. -Note: You must have `SET CLUSTER SETTING kv.rangefeed.enabled = true;` on your CRDB cluster, for more information refer to https://www.cockroachlabs.com/docs/stable/changefeed-examples?filters=core[the official CockroachDB documentation]. +Note: You must have `SET CLUSTER SETTING kv.rangefeed.enabled = true;` on your CRDB cluster, for more information refer to https://www.cockroachlabs.com/docs/stable/changefeed-examples?filters=core[the official CockroachDB documentation^]. == Fields @@ -118,8 +118,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -187,8 +186,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -219,9 +217,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -258,7 +258,7 @@ tables: === `cursor_cache` -A https://www.docs.redpanda.com/redpanda-connect/components/caches/about[cache resource] to use for storing the current latest cursor that has been successfully delivered, this allows Benthos to continue from that cursor upon restart, rather than consume the entire state of the table. +A https://www.docs.redpanda.com/redpanda-connect/components/caches/about[cache resource^] to use for storing the current latest cursor that has been successfully delivered, this allows Benthos to continue from that cursor upon restart, rather than consume the entire state of the table. *Type*: `string` @@ -267,7 +267,8 @@ A https://www.docs.redpanda.com/redpanda-connect/components/caches/about[cache r === `options` A list of options to be included in the changefeed (WITH X, Y...). -**NOTE: Both the CURSOR option and UPDATED will be ignored from these options when a `cursor_cache` is specified, as they are set explicitly by Benthos in this case.** + +NOTE: Both the CURSOR option and UPDATED will be ignored from these options when a `cursor_cache` is specified, as they are set explicitly by Benthos in this case. *Type*: `array` diff --git a/docs/modules/components/pages/inputs/gcp_pubsub.adoc b/docs/modules/components/pages/inputs/gcp_pubsub.adoc index e61dfd59ba..9a779359c4 100644 --- a/docs/modules/components/pages/inputs/gcp_pubsub.adoc +++ b/docs/modules/components/pages/inputs/gcp_pubsub.adoc @@ -61,7 +61,7 @@ input: -- ====== -For information on how to set up credentials see https://cloud.google.com/docs/authentication/production[this guide]. +For information on how to set up credentials see https://cloud.google.com/docs/authentication/production[this guide^]. == Metadata @@ -96,7 +96,7 @@ The target subscription ID. === `endpoint` -An optional endpoint to override the default of `pubsub.googleapis.com:443`. This can be used to connect to a region specific pubsub endpoint. For a list of valid values, see https://cloud.google.com/pubsub/docs/reference/service_apis_overview#list_of_regional_endpoints[this document]. +An optional endpoint to override the default of `pubsub.googleapis.com:443`. This can be used to connect to a region specific pubsub endpoint. For a list of valid values, see https://cloud.google.com/pubsub/docs/reference/service_apis_overview#list_of_regional_endpoints[this document^]. *Type*: `string` diff --git a/docs/modules/components/pages/inputs/http_client.adoc b/docs/modules/components/pages/inputs/http_client.adoc index 053e35687c..889ff1e9aa 100644 --- a/docs/modules/components/pages/inputs/http_client.adoc +++ b/docs/modules/components/pages/inputs/http_client.adoc @@ -308,8 +308,7 @@ A value used to identify the client to the service provider. === `oauth.consumer_secret` A secret used to establish ownership of the consumer key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -332,8 +331,7 @@ A value used to gain access to the protected resources on behalf of the user. === `oauth.access_token_secret` A secret provided in order to establish ownership of a given access token. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -373,8 +371,7 @@ A value used to identify the client to the token provider. === `oauth2.client_secret` A secret used to establish ownership of the client key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -454,8 +451,7 @@ A username to authenticate as. === `basic_auth.password` A password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -558,8 +554,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -627,8 +622,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -659,9 +653,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/http_server.adoc b/docs/modules/components/pages/inputs/http_server.adoc index 0a3262b65f..82d4d3c687 100644 --- a/docs/modules/components/pages/inputs/http_server.adoc +++ b/docs/modules/components/pages/inputs/http_server.adoc @@ -92,7 +92,7 @@ The following fields specify endpoints that are registered for sending messages, This endpoint expects POST requests where the entire request body is consumed as a single message. -If the request contains a multipart `content-type` header as per https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html[rfc1341] then the multiple parts are consumed as a batch of messages, where each body part is a message of the batch. +If the request contains a multipart `content-type` header as per https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html[rfc1341^] then the multiple parts are consumed as a batch of messages, where each body part is a message of the batch. === `ws_path` (defaults to `/post/ws`) diff --git a/docs/modules/components/pages/inputs/kafka.adoc b/docs/modules/components/pages/inputs/kafka.adoc index 61b2a36e06..ec8fb50eb1 100644 --- a/docs/modules/components/pages/inputs/kafka.adoc +++ b/docs/modules/components/pages/inputs/kafka.adoc @@ -239,8 +239,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -308,8 +307,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -340,9 +338,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -412,8 +412,7 @@ user: ${USER} === `sasl.password` A PLAIN password. It is recommended that you use environment variables to populate this field. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/kafka_franz.adoc b/docs/modules/components/pages/inputs/kafka_franz.adoc index 2f6f9721d9..755ffce749 100644 --- a/docs/modules/components/pages/inputs/kafka_franz.adoc +++ b/docs/modules/components/pages/inputs/kafka_franz.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -A Kafka input using the https://github.com/twmb/franz-go[Franz Kafka client library]. +A Kafka input using the https://github.com/twmb/franz-go[Franz Kafka client library^]. Introduced in version 3.61.0. @@ -268,8 +268,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -337,8 +336,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -369,9 +367,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -445,8 +445,7 @@ A username to provide for PLAIN or SCRAM-* authentication. === `sasl[].password` A password to provide for PLAIN or SCRAM-* authentication. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -529,8 +528,7 @@ The ID of credentials to use. === `sasl[].aws.credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -552,7 +550,7 @@ The token for the credentials being used, required when using short term credent === `sasl[].aws.credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/inputs/mongodb.adoc b/docs/modules/components/pages/inputs/mongodb.adoc index e1a1b30bd8..21b2543535 100644 --- a/docs/modules/components/pages/inputs/mongodb.adoc +++ b/docs/modules/components/pages/inputs/mongodb.adoc @@ -112,8 +112,7 @@ The username to connect to the database. === `password` The password to connect to the database. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/mqtt.adoc b/docs/modules/components/pages/inputs/mqtt.adoc index a81c657027..10f4e59e1f 100644 --- a/docs/modules/components/pages/inputs/mqtt.adoc +++ b/docs/modules/components/pages/inputs/mqtt.adoc @@ -214,8 +214,7 @@ A username to connect with. === `password` A password to connect with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -274,8 +273,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -343,8 +341,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -375,9 +372,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/nats.adoc b/docs/modules/components/pages/inputs/nats.adoc index 6a933f81af..937faa5cbd 100644 --- a/docs/modules/components/pages/inputs/nats.adoc +++ b/docs/modules/components/pages/inputs/nats.adoc @@ -94,10 +94,10 @@ NATS component, so that monitoring tools between NATS and benthos can stay in sy == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -105,21 +105,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Fields @@ -240,8 +240,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -309,8 +308,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -341,9 +339,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -401,8 +401,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -415,8 +414,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/nats_jetstream.adoc b/docs/modules/components/pages/inputs/nats_jetstream.adoc index e830aa6d8e..df59d5866d 100644 --- a/docs/modules/components/pages/inputs/nats_jetstream.adoc +++ b/docs/modules/components/pages/inputs/nats_jetstream.adoc @@ -111,10 +111,10 @@ NATS component, so that monitoring tools between NATS and benthos can stay in sy == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -122,21 +122,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Fields @@ -298,8 +298,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -367,8 +366,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -399,9 +397,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -459,8 +459,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -473,8 +472,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/nats_kv.adoc b/docs/modules/components/pages/inputs/nats_kv.adoc index 5912d7350a..ce0587b187 100644 --- a/docs/modules/components/pages/inputs/nats_kv.adoc +++ b/docs/modules/components/pages/inputs/nats_kv.adoc @@ -97,10 +97,10 @@ NATS component, so that monitoring tools between NATS and benthos can stay in sy == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -108,21 +108,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Fields @@ -254,8 +254,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -323,8 +322,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -355,9 +353,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -415,8 +415,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -429,8 +428,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/nats_stream.adoc b/docs/modules/components/pages/inputs/nats_stream.adoc index 9f08cee74b..9a2c3a3253 100644 --- a/docs/modules/components/pages/inputs/nats_stream.adoc +++ b/docs/modules/components/pages/inputs/nats_stream.adoc @@ -79,7 +79,7 @@ input: [CAUTION] .Deprecation notice ==== -The NATS Streaming Server is being deprecated. Critical bug fixes and security fixes will be applied until June of 2023. NATS-enabled applications requiring persistence should use https://docs.nats.io/nats-concepts/jetstream[JetStream]. +The NATS Streaming Server is being deprecated. Critical bug fixes and security fixes will be applied until June of 2023. NATS-enabled applications requiring persistence should use https://docs.nats.io/nats-concepts/jetstream[JetStream^]. ==== Tracking and persisting offsets through a durable name is also optional and works with or without a queue. If a durable name is not provided then subjects are consumed from the most recently published message. @@ -102,10 +102,10 @@ You can access these metadata fields using xref:configuration:interpolation.adoc == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -113,21 +113,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Fields @@ -268,8 +268,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -337,8 +336,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -369,9 +367,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -429,8 +429,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -443,8 +442,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/nsq.adoc b/docs/modules/components/pages/inputs/nsq.adoc index 61f371bdd6..ca74ae64ef 100644 --- a/docs/modules/components/pages/inputs/nsq.adoc +++ b/docs/modules/components/pages/inputs/nsq.adoc @@ -138,8 +138,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -207,8 +206,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -239,9 +237,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/parquet.adoc b/docs/modules/components/pages/inputs/parquet.adoc index b890e519df..730f8ea03e 100644 --- a/docs/modules/components/pages/inputs/parquet.adoc +++ b/docs/modules/components/pages/inputs/parquet.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -Reads and decodes https://parquet.apache.org/docs/[Parquet files] into a stream of structured messages. +Reads and decodes https://parquet.apache.org/docs/[Parquet files^] into a stream of structured messages. Introduced in version 4.8.0. @@ -53,7 +53,7 @@ input: -- ====== -This input uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases. +This input uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go^], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases. By default any BYTE_ARRAY or FIXED_LEN_BYTE_ARRAY value will be extracted as a byte slice (`[]byte`) unless the logical type is UTF8, in which case they are extracted as a string (`string`). diff --git a/docs/modules/components/pages/inputs/pulsar.adoc b/docs/modules/components/pages/inputs/pulsar.adoc index 983fae4f9c..4993f812ae 100644 --- a/docs/modules/components/pages/inputs/pulsar.adoc +++ b/docs/modules/components/pages/inputs/pulsar.adoc @@ -139,7 +139,7 @@ Specify the subscription name for this consumer. Specify the subscription type for this consumer. -> NOTE: Using a `key_shared` subscription type will __allow out-of-order delivery__ since nack-ing messages sets non-zero nack delivery delay - this can potentially cause consumers to stall. See https://pulsar.apache.org/docs/en/2.8.1/concepts-messaging/#negative-acknowledgement[Pulsar documentation] and https://github.com/apache/pulsar/issues/12208[this Github issue] for more details. +> NOTE: Using a `key_shared` subscription type will __allow out-of-order delivery__ since nack-ing messages sets non-zero nack delivery delay - this can potentially cause consumers to stall. See https://pulsar.apache.org/docs/en/2.8.1/concepts-messaging/#negative-acknowledgement[Pulsar documentation^] and https://github.com/apache/pulsar/issues/12208[this Github issue^] for more details. *Type*: `string` diff --git a/docs/modules/components/pages/inputs/redis_list.adoc b/docs/modules/components/pages/inputs/redis_list.adoc index 95a98319fa..1646f67c2b 100644 --- a/docs/modules/components/pages/inputs/redis_list.adoc +++ b/docs/modules/components/pages/inputs/redis_list.adoc @@ -163,8 +163,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -232,8 +231,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -264,9 +262,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/redis_pubsub.adoc b/docs/modules/components/pages/inputs/redis_pubsub.adoc index 586093fca5..7fa4123bdd 100644 --- a/docs/modules/components/pages/inputs/redis_pubsub.adoc +++ b/docs/modules/components/pages/inputs/redis_pubsub.adoc @@ -170,8 +170,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -239,8 +238,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -271,9 +269,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/redis_scan.adoc b/docs/modules/components/pages/inputs/redis_scan.adoc index 7190bbcd3d..fc997d6dfc 100644 --- a/docs/modules/components/pages/inputs/redis_scan.adoc +++ b/docs/modules/components/pages/inputs/redis_scan.adoc @@ -173,8 +173,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -242,8 +241,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -274,9 +272,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/redis_streams.adoc b/docs/modules/components/pages/inputs/redis_streams.adoc index 581f56edfc..408787b7f2 100644 --- a/docs/modules/components/pages/inputs/redis_streams.adoc +++ b/docs/modules/components/pages/inputs/redis_streams.adoc @@ -174,8 +174,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -243,8 +242,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -275,9 +273,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/sftp.adoc b/docs/modules/components/pages/inputs/sftp.adoc index eb5d13152f..345d0d3af6 100644 --- a/docs/modules/components/pages/inputs/sftp.adoc +++ b/docs/modules/components/pages/inputs/sftp.adoc @@ -119,8 +119,7 @@ The username to connect to the SFTP server. === `credentials.password` The password for the username to connect to the SFTP server. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -143,8 +142,7 @@ The private key for the username to connect to the SFTP server. === `credentials.private_key_pass` Optional passphrase for private key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/inputs/sql_raw.adoc b/docs/modules/components/pages/inputs/sql_raw.adoc index b3c40785a9..1fada44254 100644 --- a/docs/modules/components/pages/inputs/sql_raw.adoc +++ b/docs/modules/components/pages/inputs/sql_raw.adoc @@ -161,9 +161,9 @@ The following is a list of supported drivers, their placeholder style, and their Please note that the `postgres` driver enforces SSL by default, you can override this with the parameter `sslmode=disable` if required. -The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. +The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs^] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication^], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. -The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes] for details. +The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`^] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys^] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries^]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes^] for details. *Type*: `string` diff --git a/docs/modules/components/pages/inputs/sql_select.adoc b/docs/modules/components/pages/inputs/sql_select.adoc index d9dc1e7738..fb2be22256 100644 --- a/docs/modules/components/pages/inputs/sql_select.adoc +++ b/docs/modules/components/pages/inputs/sql_select.adoc @@ -169,9 +169,9 @@ The following is a list of supported drivers, their placeholder style, and their Please note that the `postgres` driver enforces SSL by default, you can override this with the parameter `sslmode=disable` if required. -The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. +The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs^] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication^], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. -The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes] for details. +The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`^] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys^] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries^]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes^] for details. *Type*: `string` diff --git a/docs/modules/components/pages/inputs/twitter_search.adoc b/docs/modules/components/pages/inputs/twitter_search.adoc index 9c885ba304..b23d1afa41 100644 --- a/docs/modules/components/pages/inputs/twitter_search.adoc +++ b/docs/modules/components/pages/inputs/twitter_search.adoc @@ -62,13 +62,13 @@ input: -- ====== -Continuously polls the [Twitter recent search V2 API](https://developer.twitter.com/en/docs/twitter-api/tweets/search/api-reference/get-tweets-search-recent) for tweets that match a given search query. +Continuously polls the https://developer.twitter.com/en/docs/twitter-api/tweets/search/api-reference/get-tweets-search-recent[Twitter recent search V2 API^] for tweets that match a given search query. -Each tweet received is emitted as a JSON object message, with a field `id` and `text` by default. Extra fields [can be obtained from the search API](https://developer.twitter.com/en/docs/twitter-api/fields) when listed with the `tweet_fields` field. +Each tweet received is emitted as a JSON object message, with a field `id` and `text` by default. Extra fields https://developer.twitter.com/en/docs/twitter-api/fields[can be obtained from the search API^] when listed with the `tweet_fields` field. -In order to paginate requests that are made the ID of the latest received tweet is stored in a [cache resource](/docs/components/caches/about), which is then used by subsequent requests to ensure only tweets after it are consumed. It is recommended that the cache you use is persistent so that Benthos can resume searches at the correct place on a restart. +In order to paginate requests that are made the ID of the latest received tweet is stored in a xref:components:caches/about.adoc[cache resource], which is then used by subsequent requests to ensure only tweets after it are consumed. It is recommended that the cache you use is persistent so that Benthos can resume searches at the correct place on a restart. -Authentication is done using OAuth 2.0 credentials which can be generated within the [Twitter developer portal](https://developer.twitter.com). +Authentication is done using OAuth 2.0 credentials which can be generated within the https://developer.twitter.com[Twitter developer portal^]. == Fields @@ -83,7 +83,7 @@ A search expression to use. === `tweet_fields` -An optional list of additional fields to obtain for each tweet, by default only the fields `id` and `text` are returned. For more info refer to the [twitter API docs.](https://developer.twitter.com/en/docs/twitter-api/fields) +An optional list of additional fields to obtain for each tweet, by default only the fields `id` and `text` are returned. For more info refer to the https://developer.twitter.com/en/docs/twitter-api/fields[twitter API docs^]. *Type*: `array` @@ -136,7 +136,7 @@ An optional rate limit resource to restrict API requests with. === `api_key` -An API key for OAuth 2.0 authentication. It is recommended that you populate this field using [environment variables](/docs/configuration/interpolation). +An API key for OAuth 2.0 authentication. It is recommended that you populate this field using xref:configuration:interpolation.adoc[environment variables]. *Type*: `string` @@ -144,7 +144,7 @@ An API key for OAuth 2.0 authentication. It is recommended that you populate thi === `api_secret` -An API secret for OAuth 2.0 authentication. It is recommended that you populate this field using [environment variables](/docs/configuration/interpolation). +An API secret for OAuth 2.0 authentication. It is recommended that you populate this field using xref:configuration:interpolation.adoc[environment variables]. *Type*: `string` diff --git a/docs/modules/components/pages/inputs/websocket.adoc b/docs/modules/components/pages/inputs/websocket.adoc index 1021e0f975..542cc16767 100644 --- a/docs/modules/components/pages/inputs/websocket.adoc +++ b/docs/modules/components/pages/inputs/websocket.adoc @@ -170,8 +170,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -239,8 +238,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -271,9 +269,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -345,8 +345,7 @@ A value used to identify the client to the service provider. === `oauth.consumer_secret` A secret used to establish ownership of the consumer key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -369,8 +368,7 @@ A value used to gain access to the protected resources on behalf of the user. === `oauth.access_token_secret` A secret provided in order to establish ownership of a given access token. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -410,8 +408,7 @@ A username to authenticate as. === `basic_auth.password` A password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/logger/about.adoc b/docs/modules/components/pages/logger/about.adoc index 2645340a66..6a5bd48109 100644 --- a/docs/modules/components/pages/logger/about.adoc +++ b/docs/modules/components/pages/logger/about.adoc @@ -8,7 +8,7 @@ internal/log/docs.adoc //// -{page-component-title} logging prints to stdout (or stderr if your output is stdout) and is formatted as https://brandur.org/logfmt[logfmt] by default. Use these configuration options to change both the logging formats as well as the destination of logs. +{page-component-title} logging prints to stdout (or stderr if your output is stdout) and is formatted as https://brandur.org/logfmt[logfmt^] by default. Use these configuration options to change both the logging formats as well as the destination of logs. [tabs] ====== diff --git a/docs/modules/components/pages/metrics/aws_cloudwatch.adoc b/docs/modules/components/pages/metrics/aws_cloudwatch.adoc index 63682805c5..9ade92dcbf 100644 --- a/docs/modules/components/pages/metrics/aws_cloudwatch.adoc +++ b/docs/modules/components/pages/metrics/aws_cloudwatch.adoc @@ -147,8 +147,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -170,7 +169,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/metrics/influxdb.adoc b/docs/modules/components/pages/metrics/influxdb.adoc index 1c9f0f0c16..93fd96f705 100644 --- a/docs/modules/components/pages/metrics/influxdb.adoc +++ b/docs/modules/components/pages/metrics/influxdb.adoc @@ -129,8 +129,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -198,8 +197,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -230,9 +228,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -263,8 +263,7 @@ A username (when applicable). === `password` A password (when applicable). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/metrics/prometheus.adoc b/docs/modules/components/pages/metrics/prometheus.adoc index cb41b91404..7716f69a3f 100644 --- a/docs/modules/components/pages/metrics/prometheus.adoc +++ b/docs/modules/components/pages/metrics/prometheus.adoc @@ -188,8 +188,7 @@ The Basic Authentication username. === `push_basic_auth.password` The Basic Authentication password. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -211,7 +210,7 @@ An optional file path to write all prometheus metrics on service shutdown. == Push gateway -The field `push_url` is optional and when set will trigger a push of metrics to a https://prometheus.io/docs/instrumenting/pushing/[Prometheus Push Gateway] once Benthos shuts down. It is also possible to specify a `push_interval` which results in periodic pushes. +The field `push_url` is optional and when set will trigger a push of metrics to a https://prometheus.io/docs/instrumenting/pushing/[Prometheus Push Gateway^] once Benthos shuts down. It is also possible to specify a `push_interval` which results in periodic pushes. The Push Gateway is useful for when Benthos instances are short lived. Do not include the "/metrics/jobs/..." path in the push URL. diff --git a/docs/modules/components/pages/metrics/statsd.adoc b/docs/modules/components/pages/metrics/statsd.adoc index d7634172bb..660a2341a8 100644 --- a/docs/modules/components/pages/metrics/statsd.adoc +++ b/docs/modules/components/pages/metrics/statsd.adoc @@ -14,7 +14,7 @@ component_type_dropdown::[] -Pushes metrics using the https://github.com/statsd/statsd[StatsD protocol]. Supported tagging formats are 'none', 'datadog' and 'influxdb'. +Pushes metrics using the https://github.com/statsd/statsd[StatsD protocol^]. Supported tagging formats are 'none', 'datadog' and 'influxdb'. ```yml # Config fields, showing default values diff --git a/docs/modules/components/pages/outputs/amqp_0_9.adoc b/docs/modules/components/pages/outputs/amqp_0_9.adoc index df08fb135e..33857cc4be 100644 --- a/docs/modules/components/pages/outputs/amqp_0_9.adoc +++ b/docs/modules/components/pages/outputs/amqp_0_9.adoc @@ -389,8 +389,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -458,8 +457,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -490,9 +488,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/amqp_1.adoc b/docs/modules/components/pages/outputs/amqp_1.adoc index 65c8fa77a9..69e9033f43 100644 --- a/docs/modules/components/pages/outputs/amqp_1.adoc +++ b/docs/modules/components/pages/outputs/amqp_1.adoc @@ -167,8 +167,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -236,8 +235,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -268,9 +266,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -344,8 +344,7 @@ user: ${USER} === `sasl.password` A SASL plain text password. It is recommended that you use environment variables to populate this field. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/aws_dynamodb.adoc b/docs/modules/components/pages/outputs/aws_dynamodb.adoc index 48d6366690..11d5dd1d6a 100644 --- a/docs/modules/components/pages/outputs/aws_dynamodb.adoc +++ b/docs/modules/components/pages/outputs/aws_dynamodb.adoc @@ -348,8 +348,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -371,7 +370,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/outputs/aws_kinesis.adoc b/docs/modules/components/pages/outputs/aws_kinesis.adoc index e1b5b8e068..d7627aa95c 100644 --- a/docs/modules/components/pages/outputs/aws_kinesis.adoc +++ b/docs/modules/components/pages/outputs/aws_kinesis.adoc @@ -287,8 +287,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -310,7 +309,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/outputs/aws_kinesis_firehose.adoc b/docs/modules/components/pages/outputs/aws_kinesis_firehose.adoc index 65e718a3a5..b1f4ef08bc 100644 --- a/docs/modules/components/pages/outputs/aws_kinesis_firehose.adoc +++ b/docs/modules/components/pages/outputs/aws_kinesis_firehose.adoc @@ -257,8 +257,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -280,7 +279,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/outputs/aws_s3.adoc b/docs/modules/components/pages/outputs/aws_s3.adoc index f5b6d1b0e8..9fc015ab31 100644 --- a/docs/modules/components/pages/outputs/aws_s3.adoc +++ b/docs/modules/components/pages/outputs/aws_s3.adoc @@ -496,8 +496,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -519,7 +518,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/outputs/aws_sns.adoc b/docs/modules/components/pages/outputs/aws_sns.adoc index 6e92068453..0a166b4342 100644 --- a/docs/modules/components/pages/outputs/aws_sns.adoc +++ b/docs/modules/components/pages/outputs/aws_sns.adoc @@ -192,8 +192,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -215,7 +214,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/outputs/aws_sqs.adoc b/docs/modules/components/pages/outputs/aws_sqs.adoc index b88b8d5235..325135bc30 100644 --- a/docs/modules/components/pages/outputs/aws_sqs.adoc +++ b/docs/modules/components/pages/outputs/aws_sqs.adoc @@ -314,8 +314,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -337,7 +336,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/outputs/azure_blob_storage.adoc b/docs/modules/components/pages/outputs/azure_blob_storage.adoc index 045343382b..1c2189b48e 100644 --- a/docs/modules/components/pages/outputs/azure_blob_storage.adoc +++ b/docs/modules/components/pages/outputs/azure_blob_storage.adoc @@ -72,7 +72,7 @@ Supports multiple authentication methods but only one of the following is requir - `storage_connection_string` - `storage_account` and `storage_access_key` - `storage_account` and `storage_sas_token` -- `storage_account` to access via https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential] +- `storage_account` to access via https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential^] If multiple are set then the `storage_connection_string` is given priority. diff --git a/docs/modules/components/pages/outputs/azure_cosmosdb.adoc b/docs/modules/components/pages/outputs/azure_cosmosdb.adoc index 45f47c1c79..57194e3959 100644 --- a/docs/modules/components/pages/outputs/azure_cosmosdb.adoc +++ b/docs/modules/components/pages/outputs/azure_cosmosdb.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -Creates or updates messages as JSON documents in https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB]. +Creates or updates messages as JSON documents in https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB^]. Introduced in version v4.25.0. @@ -80,7 +80,7 @@ output: -- ====== -When creating documents, each message must have the `id` property (case-sensitive) set (or use `auto_id: true`). It is the unique name that identifies the document, that is, no two documents share the same `id` within a logical partition. The `id` field must not exceed 255 characters. https://learn.microsoft.com/en-us/rest/api/cosmos-db/documents[See details]. +When creating documents, each message must have the `id` property (case-sensitive) set (or use `auto_id: true`). It is the unique name that identifies the document, that is, no two documents share the same `id` within a logical partition. The `id` field must not exceed 255 characters. https://learn.microsoft.com/en-us/rest/api/cosmos-db/documents[See details^]. The `partition_keys` field must resolve to the same value(s) across the entire message batch. @@ -90,13 +90,13 @@ The `partition_keys` field must resolve to the same value(s) across the entire m You can use one of the following authentication mechanisms: - Set the `endpoint` field and the `account_key` field -- Set only the `endpoint` field to use https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential] +- Set only the `endpoint` field to use https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential^] - Set the `connection_string` field == Batching -CosmosDB limits the maximum batch size to 100 messages and the payload must not exceed 2MB (https://learn.microsoft.com/en-us/azure/cosmos-db/concepts-limits#per-request-limits[details here]). +CosmosDB limits the maximum batch size to 100 messages and the payload must not exceed 2MB (https://learn.microsoft.com/en-us/azure/cosmos-db/concepts-limits#per-request-limits[details here^]). == Performance @@ -179,8 +179,7 @@ endpoint: https://localhost:8081 === `account_key` Account key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -199,8 +198,7 @@ account_key: C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZ === `connection_string` Connection string. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -513,7 +511,7 @@ The maximum number of messages to have in flight at a given time. Increase this == CosmosDB emulator -If you wish to run the CosmosDB emulator that is referenced in the documentation https://learn.microsoft.com/en-us/azure/cosmos-db/linux-emulator[here], the following Docker command should do the trick: +If you wish to run the CosmosDB emulator that is referenced in the documentation https://learn.microsoft.com/en-us/azure/cosmos-db/linux-emulator[here^], the following Docker command should do the trick: ```bash > docker run --rm -it -p 8081:8081 --name=cosmosdb -e AZURE_COSMOS_EMULATOR_PARTITION_COUNT=10 -e AZURE_COSMOS_EMULATOR_ENABLE_DATA_PERSISTENCE=false mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator @@ -521,7 +519,7 @@ If you wish to run the CosmosDB emulator that is referenced in the documentation Note: `AZURE_COSMOS_EMULATOR_PARTITION_COUNT` controls the number of partitions that will be supported by the emulator. The bigger the value, the longer it takes for the container to start up. -Additionally, instead of installing the container self-signed certificate which is exposed via `https://localhost:8081/_explorer/emulator.pem`, you can run https://mitmproxy.org/[mitmproxy] like so: +Additionally, instead of installing the container self-signed certificate which is exposed via `https://localhost:8081/_explorer/emulator.pem`, you can run https://mitmproxy.org/[mitmproxy^] like so: ```bash > mitmproxy -k --mode "reverse:https://localhost:8081" diff --git a/docs/modules/components/pages/outputs/cassandra.adoc b/docs/modules/components/pages/outputs/cassandra.adoc index b926013fb3..a37a781dc9 100644 --- a/docs/modules/components/pages/outputs/cassandra.adoc +++ b/docs/modules/components/pages/outputs/cassandra.adoc @@ -206,8 +206,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -275,8 +274,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -307,9 +305,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -357,8 +357,7 @@ The username to authenticate as. === `password_authenticator.password` The password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/discord.adoc b/docs/modules/components/pages/outputs/discord.adoc index ba7cb2bb1d..8719d7b428 100644 --- a/docs/modules/components/pages/outputs/discord.adoc +++ b/docs/modules/components/pages/outputs/discord.adoc @@ -28,7 +28,7 @@ output: This output POSTs messages to the `/channels/\{channel_id}/messages` Discord API endpoint authenticated as a bot using token based authentication. -If the format of a message is a JSON object matching the https://discord.com/developers/docs/resources/channel#message-object[Discord API message type] then it is sent directly, otherwise an object matching the API type is created with the content of the message added as a string. +If the format of a message is a JSON object matching the https://discord.com/developers/docs/resources/channel#message-object[Discord API message type^] then it is sent directly, otherwise an object matching the API type is created with the content of the message added as a string. == Fields diff --git a/docs/modules/components/pages/outputs/elasticsearch.adoc b/docs/modules/components/pages/outputs/elasticsearch.adoc index 4ca54b7213..9a97015480 100644 --- a/docs/modules/components/pages/outputs/elasticsearch.adoc +++ b/docs/modules/components/pages/outputs/elasticsearch.adoc @@ -256,8 +256,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -325,8 +324,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -357,9 +355,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -460,8 +460,7 @@ A username to authenticate as. === `basic_auth.password` A password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -638,8 +637,7 @@ The ID of credentials to use. === `aws.credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -661,7 +659,7 @@ The token for the credentials being used, required when using short term credent === `aws.credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/outputs/gcp_bigquery.adoc b/docs/modules/components/pages/outputs/gcp_bigquery.adoc index 1551013e65..787ab7c257 100644 --- a/docs/modules/components/pages/outputs/gcp_bigquery.adoc +++ b/docs/modules/components/pages/outputs/gcp_bigquery.adoc @@ -93,8 +93,8 @@ By default Benthos will use a shared credentials file when connecting to GCP ser == Format This output currently supports only CSV and NEWLINE_DELIMITED_JSON formats. Learn more about how to use GCP BigQuery with them here: -- https://cloud.google.com/bigquery/docs/loading-data-cloud-storage-json[`NEWLINE_DELIMITED_JSON`] -- https://cloud.google.com/bigquery/docs/loading-data-cloud-storage-csv[`CSV`] +- https://cloud.google.com/bigquery/docs/loading-data-cloud-storage-json[`NEWLINE_DELIMITED_JSON`^] +- https://cloud.google.com/bigquery/docs/loading-data-cloud-storage-csv[`CSV`^] Each message may contain multiple elements separated by newlines. For example a single message containing: diff --git a/docs/modules/components/pages/outputs/gcp_pubsub.adoc b/docs/modules/components/pages/outputs/gcp_pubsub.adoc index 8d426778ce..605883608b 100644 --- a/docs/modules/components/pages/outputs/gcp_pubsub.adoc +++ b/docs/modules/components/pages/outputs/gcp_pubsub.adoc @@ -81,7 +81,7 @@ output: -- ====== -For information on how to set up credentials, see https://cloud.google.com/docs/authentication/production[this guide]. +For information on how to set up credentials, see https://cloud.google.com/docs/authentication/production[this guide^]. == Troubleshooting @@ -125,7 +125,7 @@ This field supports xref:configuration:interpolation.adoc#bloblang-queries[inter === `endpoint` -An optional endpoint to override the default of `pubsub.googleapis.com:443`. This can be used to connect to a region specific pubsub endpoint. For a list of valid values, see https://cloud.google.com/pubsub/docs/reference/service_apis_overview#list_of_regional_endpoints[this document]. +An optional endpoint to override the default of `pubsub.googleapis.com:443`. This can be used to connect to a region specific pubsub endpoint. For a list of valid values, see https://cloud.google.com/pubsub/docs/reference/service_apis_overview#list_of_regional_endpoints[this document^]. *Type*: `string` diff --git a/docs/modules/components/pages/outputs/http_client.adoc b/docs/modules/components/pages/outputs/http_client.adoc index 633f70f79e..4f5a0cfa8e 100644 --- a/docs/modules/components/pages/outputs/http_client.adoc +++ b/docs/modules/components/pages/outputs/http_client.adoc @@ -121,7 +121,7 @@ When the number of retries expires the output will reject the message, the behav The URL and header values of this type can be dynamically set using function interpolations described in xref:configuration:interpolation.adoc#bloblang-queries[Bloblang queries]. -The body of the HTTP request is the raw contents of the message payload. If the message has multiple parts (is a batch) the request will be sent according to https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html[RFC1341]. This behavior can be disabled by setting the field <> to `false`. +The body of the HTTP request is the raw contents of the message payload. If the message has multiple parts (is a batch) the request will be sent according to https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html[RFC1341^]. This behavior can be disabled by setting the field <> to `false`. == Propagate responses @@ -280,8 +280,7 @@ A value used to identify the client to the service provider. === `oauth.consumer_secret` A secret used to establish ownership of the consumer key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -304,8 +303,7 @@ A value used to gain access to the protected resources on behalf of the user. === `oauth.access_token_secret` A secret provided in order to establish ownership of a given access token. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -345,8 +343,7 @@ A value used to identify the client to the token provider. === `oauth2.client_secret` A secret used to establish ownership of the client key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -426,8 +423,7 @@ A username to authenticate as. === `basic_auth.password` A password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -530,8 +526,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -599,8 +594,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -631,9 +625,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -783,7 +779,7 @@ An optional HTTP proxy URL. === `batch_as_multipart` -Send message batches as a single request using https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html[RFC1341]. If disabled messages in batches will be sent as individual requests. +Send message batches as a single request using https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html[RFC1341^]. If disabled messages in batches will be sent as individual requests. *Type*: `bool` diff --git a/docs/modules/components/pages/outputs/http_server.adoc b/docs/modules/components/pages/outputs/http_server.adoc index 2315fc40e2..1ccc2bb32e 100644 --- a/docs/modules/components/pages/outputs/http_server.adoc +++ b/docs/modules/components/pages/outputs/http_server.adoc @@ -68,7 +68,7 @@ Sets up an HTTP server that will send messages over HTTP(S) GET requests. If the Three endpoints will be registered at the paths specified by the fields `path`, `stream_path` and `ws_path`. Which allow you to consume a single message batch, a continuous stream of line delimited messages, or a websocket of messages for each request respectively. -When messages are batched the `path` endpoint encodes the batch according to https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html[RFC1341]. This behavior can be overridden by xref:configuration:batching.adoc#post-batch-processing[archiving your batches]. +When messages are batched the `path` endpoint encodes the batch according to https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html[RFC1341^]. This behavior can be overridden by xref:configuration:batching.adoc#post-batch-processing[archiving your batches]. Please note, messages are considered delivered as soon as the data is written to the client. There is no concept of at least once delivery on this output. diff --git a/docs/modules/components/pages/outputs/kafka.adoc b/docs/modules/components/pages/outputs/kafka.adoc index c4311586d2..7296857ed0 100644 --- a/docs/modules/components/pages/outputs/kafka.adoc +++ b/docs/modules/components/pages/outputs/kafka.adoc @@ -200,8 +200,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -269,8 +268,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -301,9 +299,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -373,8 +373,7 @@ user: ${USER} === `sasl.password` A PLAIN password. It is recommended that you use environment variables to populate this field. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/kafka_franz.adoc b/docs/modules/components/pages/outputs/kafka_franz.adoc index 76c975d643..958e72e480 100644 --- a/docs/modules/components/pages/outputs/kafka_franz.adoc +++ b/docs/modules/components/pages/outputs/kafka_franz.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -A Kafka output using the https://github.com/twmb/franz-go[Franz Kafka client library]. +A Kafka output using the https://github.com/twmb/franz-go[Franz Kafka client library^]. Introduced in version 3.61.0. @@ -443,8 +443,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -512,8 +511,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -544,9 +542,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -620,8 +620,7 @@ A username to provide for PLAIN or SCRAM-* authentication. === `sasl[].password` A password to provide for PLAIN or SCRAM-* authentication. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -704,8 +703,7 @@ The ID of credentials to use. === `sasl[].aws.credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -727,7 +725,7 @@ The token for the credentials being used, required when using short term credent === `sasl[].aws.credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/outputs/mongodb.adoc b/docs/modules/components/pages/outputs/mongodb.adoc index e1cbbe1192..fa4d74208a 100644 --- a/docs/modules/components/pages/outputs/mongodb.adoc +++ b/docs/modules/components/pages/outputs/mongodb.adoc @@ -132,8 +132,7 @@ The username to connect to the database. === `password` The password to connect to the database. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -206,7 +205,7 @@ The write concern timeout. === `document_map` -A bloblang map representing a document to store within MongoDB, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form]. The document map is required for the operations insert-one, replace-one and update-one. +A bloblang map representing a document to store within MongoDB, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form^]. The document map is required for the operations insert-one, replace-one and update-one. *Type*: `string` @@ -223,7 +222,7 @@ document_map: |- === `filter_map` -A bloblang map representing a filter for a MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form]. The filter map is required for all operations except insert-one. It is used to find the document(s) for the operation. For example in a delete-one case, the filter map should have the fields required to locate the document to delete. +A bloblang map representing a filter for a MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form^]. The filter map is required for all operations except insert-one. It is used to find the document(s) for the operation. For example in a delete-one case, the filter map should have the fields required to locate the document to delete. *Type*: `string` @@ -240,7 +239,7 @@ filter_map: |- === `hint_map` -A bloblang map representing the hint for the MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form]. This map is optional and is used with all operations except insert-one. It is used to improve performance of finding the documents in the mongodb. +A bloblang map representing the hint for the MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form^]. This map is optional and is used with all operations except insert-one. It is used to improve performance of finding the documents in the mongodb. *Type*: `string` diff --git a/docs/modules/components/pages/outputs/mqtt.adoc b/docs/modules/components/pages/outputs/mqtt.adoc index 773dde6d36..99adb0324d 100644 --- a/docs/modules/components/pages/outputs/mqtt.adoc +++ b/docs/modules/components/pages/outputs/mqtt.adoc @@ -211,8 +211,7 @@ A username to connect with. === `password` A password to connect with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -271,8 +270,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -340,8 +338,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -372,9 +369,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/nats.adoc b/docs/modules/components/pages/outputs/nats.adoc index c18e9e9021..4c15d7ed72 100644 --- a/docs/modules/components/pages/outputs/nats.adoc +++ b/docs/modules/components/pages/outputs/nats.adoc @@ -88,10 +88,10 @@ NATS component, so that monitoring tools between NATS and benthos can stay in sy == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -99,21 +99,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Fields @@ -266,8 +266,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -335,8 +334,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -367,9 +365,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -427,8 +427,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -441,8 +440,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/nats_jetstream.adoc b/docs/modules/components/pages/outputs/nats_jetstream.adoc index a4dbdf87ee..31ad711d11 100644 --- a/docs/modules/components/pages/outputs/nats_jetstream.adoc +++ b/docs/modules/components/pages/outputs/nats_jetstream.adoc @@ -88,10 +88,10 @@ NATS component, so that monitoring tools between NATS and benthos can stay in sy == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -99,21 +99,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Fields @@ -271,8 +271,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -340,8 +339,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -372,9 +370,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -432,8 +432,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -446,8 +445,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/nats_kv.adoc b/docs/modules/components/pages/outputs/nats_kv.adoc index 67715fef2c..62d2f4945a 100644 --- a/docs/modules/components/pages/outputs/nats_kv.adoc +++ b/docs/modules/components/pages/outputs/nats_kv.adoc @@ -85,10 +85,10 @@ NATS component, so that monitoring tools between NATS and benthos can stay in sy == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -96,21 +96,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Fields @@ -213,8 +213,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -282,8 +281,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -314,9 +312,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -374,8 +374,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -388,8 +387,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/nats_stream.adoc b/docs/modules/components/pages/outputs/nats_stream.adoc index ca6435dd88..78c032e946 100644 --- a/docs/modules/components/pages/outputs/nats_stream.adoc +++ b/docs/modules/components/pages/outputs/nats_stream.adoc @@ -72,7 +72,7 @@ output: [CAUTION] .Deprecation notice ==== -The NATS Streaming Server is being deprecated. Critical bug fixes and security fixes will be applied until June of 2023. NATS-enabled applications requiring persistence should use https://docs.nats.io/nats-concepts/jetstream[JetStream]. +The NATS Streaming Server is being deprecated. Critical bug fixes and security fixes will be applied until June of 2023. NATS-enabled applications requiring persistence should use https://docs.nats.io/nats-concepts/jetstream[JetStream^]. ==== @@ -80,10 +80,10 @@ The NATS Streaming Server is being deprecated. Critical bug fixes and security f == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -91,21 +91,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Performance @@ -204,8 +204,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -273,8 +272,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -305,9 +303,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -365,8 +365,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -379,8 +378,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/nsq.adoc b/docs/modules/components/pages/outputs/nsq.adoc index 1f259f81cc..a25047b32f 100644 --- a/docs/modules/components/pages/outputs/nsq.adoc +++ b/docs/modules/components/pages/outputs/nsq.adoc @@ -133,8 +133,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -202,8 +201,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -234,9 +232,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/opensearch.adoc b/docs/modules/components/pages/outputs/opensearch.adoc index bf3f5e540b..67ef72482f 100644 --- a/docs/modules/components/pages/outputs/opensearch.adoc +++ b/docs/modules/components/pages/outputs/opensearch.adoc @@ -108,7 +108,7 @@ Updating Documents:: + -- -When https://opensearch.org/docs/latest/api-reference/document-apis/update-document/[updating documents] the request body should contain a combination of a `doc`, `upsert`, and/or `script` fields at the top level, this should be done via mapping processors. +When https://opensearch.org/docs/latest/api-reference/document-apis/update-document/[updating documents^] the request body should contain a combination of a `doc`, `upsert`, and/or `script` fields at the top level, this should be done via mapping processors. ```yaml output: @@ -235,8 +235,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -304,8 +303,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -336,9 +334,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -395,8 +395,7 @@ A username to authenticate as. === `basic_auth.password` A password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -573,8 +572,7 @@ The ID of credentials to use. === `aws.credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -596,7 +594,7 @@ The token for the credentials being used, required when using short term credent === `aws.credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/outputs/redis_hash.adoc b/docs/modules/components/pages/outputs/redis_hash.adoc index 0b17908873..70c82fcf54 100644 --- a/docs/modules/components/pages/outputs/redis_hash.adoc +++ b/docs/modules/components/pages/outputs/redis_hash.adoc @@ -197,8 +197,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -266,8 +265,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -298,9 +296,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/redis_list.adoc b/docs/modules/components/pages/outputs/redis_list.adoc index 3cf474597a..812f215a5c 100644 --- a/docs/modules/components/pages/outputs/redis_list.adoc +++ b/docs/modules/components/pages/outputs/redis_list.adoc @@ -180,8 +180,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -249,8 +248,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -281,9 +279,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/redis_pubsub.adoc b/docs/modules/components/pages/outputs/redis_pubsub.adoc index 7ef89ae265..4b80a59950 100644 --- a/docs/modules/components/pages/outputs/redis_pubsub.adoc +++ b/docs/modules/components/pages/outputs/redis_pubsub.adoc @@ -179,8 +179,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -248,8 +247,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -280,9 +278,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/redis_streams.adoc b/docs/modules/components/pages/outputs/redis_streams.adoc index 46d5470258..961397dafd 100644 --- a/docs/modules/components/pages/outputs/redis_streams.adoc +++ b/docs/modules/components/pages/outputs/redis_streams.adoc @@ -189,8 +189,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -258,8 +257,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -290,9 +288,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/sftp.adoc b/docs/modules/components/pages/outputs/sftp.adoc index d2166dba98..52c7e0ee18 100644 --- a/docs/modules/components/pages/outputs/sftp.adoc +++ b/docs/modules/components/pages/outputs/sftp.adoc @@ -113,8 +113,7 @@ The username to connect to the SFTP server. === `credentials.password` The password for the username to connect to the SFTP server. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -137,8 +136,7 @@ The private key for the username to connect to the SFTP server. === `credentials.private_key_pass` Optional passphrase for private key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/outputs/snowflake_put.adoc b/docs/modules/components/pages/outputs/snowflake_put.adoc index 7c41e8dfff..3b0566fa9b 100644 --- a/docs/modules/components/pages/outputs/snowflake_put.adoc +++ b/docs/modules/components/pages/outputs/snowflake_put.adoc @@ -118,10 +118,10 @@ Snowpipe. === Key pair authentication This authentication mechanism allows Snowpipe functionality, but it does require configuring an SSH Private Key -beforehand. Please consult the https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[documentation] +beforehand. Please consult the https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[documentation^] for details on how to set it up and assign the Public Key to your user. -Note that the Snowflake documentation https://twitter.com/felipehoffa/status/1560811785606684672[used to suggest] +Note that the Snowflake documentation https://twitter.com/felipehoffa/status/1560811785606684672[used to suggest^] using this command: ```bash @@ -143,7 +143,7 @@ If you have an existing key encrypted with PKCS#5 v1.5, you can re-encrypt it wi openssl pkcs8 -in rsa_key_original.p8 -topk8 -v2 des3 -out rsa_key.p8 ``` -Please consult the https://linux.die.net/man/1/pkcs8[pkcs8 command documentation] for details on PKCS#5 algorithms. +Please consult the https://linux.die.net/man/1/pkcs8[pkcs8 command documentation^] for details on PKCS#5 algorithms. == Batching @@ -152,7 +152,7 @@ messages at the output level and join the batch of messages with an xref:components:processors/archive.adoc[`archive`] and/or xref:components:processors/compress.adoc[`compress`] processor. -For the optimal batch size, please consult the Snowflake https://docs.snowflake.com/en/user-guide/data-load-considerations-prepare.html[documentation]. +For the optimal batch size, please consult the Snowflake https://docs.snowflake.com/en/user-guide/data-load-considerations-prepare.html[documentation^]. == Snowpipe @@ -172,7 +172,7 @@ you can configure Benthos to use the implicit table stage `@%BENTHOS_TBL` as the `BENTHOS_PIPE` as the `snowpipe`. In this case, you must set `compression` to `AUTO` and, if using message batching, you'll need to configure an xref:components:processors/archive.adoc[`archive`] processor with the `concatenate` format. Since the `compression` is set to `AUTO`, the -https://github.com/snowflakedb/gosnowflake[gosnowflake] client library will compress the messages automatically so you +https://github.com/snowflakedb/gosnowflake[gosnowflake^] client library will compress the messages automatically so you don't need to add a xref:components:processors/compress.adoc[`compress`] processor for message batches. If you add `STRIP_OUTER_ARRAY = TRUE` in your Snowpipe `FILE_FORMAT` @@ -182,17 +182,17 @@ NOTE: Only Snowpipes with `FILE_FORMAT` `TYPE` `JSON` are currently supported. == Snowpipe troubleshooting -Snowpipe https://docs.snowflake.com/en/user-guide/data-load-snowpipe-rest-apis.html[provides] the `insertReport` +Snowpipe https://docs.snowflake.com/en/user-guide/data-load-snowpipe-rest-apis.html[provides^] the `insertReport` and `loadHistoryScan` REST API endpoints which can be used to get information about recent Snowpipe calls. In order to query them, you'll first need to generate a valid JWT token for your Snowflake account. There are two methods for doing so: -- Using the `snowsql` https://docs.snowflake.com/en/user-guide/snowsql.html[utility]: +- Using the `snowsql` https://docs.snowflake.com/en/user-guide/snowsql.html[utility^]: ```bash snowsql --private-key-path rsa_key.p8 --generate-jwt -a -u ``` -- Using the Python `sql-api-generate-jwt` https://docs.snowflake.com/en/developer-guide/sql-api/authenticating.html#generating-a-jwt-in-python[utility]: +- Using the Python `sql-api-generate-jwt` https://docs.snowflake.com/en/developer-guide/sql-api/authenticating.html#generating-a-jwt-in-python[utility^]: ```bash python3 sql-api-generate-jwt.py --private_key_file_path=rsa_key.p8 --account= --user= @@ -213,12 +213,12 @@ then configure `request_id: ${ @request_id }` ). Alternatively, you can xref:com == General troubleshooting -The underlying https://github.com/snowflakedb/gosnowflake[`gosnowflake` driver] requires write access to -the default directory to use for temporary files. Please consult the https://pkg.go.dev/os#TempDir[`os.TempDir`] +The underlying https://github.com/snowflakedb/gosnowflake[`gosnowflake` driver^] requires write access to +the default directory to use for temporary files. Please consult the https://pkg.go.dev/os#TempDir[`os.TempDir`^] docs for details on how to change this directory via environment variables. -A silent failure can occur due to https://github.com/snowflakedb/gosnowflake/issues/701[this issue], where the -underlying https://github.com/snowflakedb/gosnowflake[`gosnowflake` driver] doesn't return an error and doesn't +A silent failure can occur due to https://github.com/snowflakedb/gosnowflake/issues/701[this issue^], where the +underlying https://github.com/snowflakedb/gosnowflake[`gosnowflake` driver^] doesn't return an error and doesn't log a failure if it can't figure out the current username. One way to trigger this behavior is by running Benthos in a Docker container with a non-existent user ID (such as `--user 1000:1000`). @@ -237,7 +237,7 @@ Kafka / realtime brokers:: + -- -Upload message batches from realtime brokers such as Kafka persisting the batch partition and offsets in the stage path and filename similarly to the https://docs.snowflake.com/en/user-guide/kafka-connector-ts.html#step-1-view-the-copy-history-for-the-table[Kafka Connector scheme] and call Snowpipe to load them into a table. When batching is configured at the input level, it is done per-partition. +Upload message batches from realtime brokers such as Kafka persisting the batch partition and offsets in the stage path and filename similarly to the https://docs.snowflake.com/en/user-guide/kafka-connector-ts.html#step-1-view-the-copy-history-for-the-table[Kafka Connector scheme^] and call Snowpipe to load them into a table. When batching is configured at the input level, it is done per-partition. ```yaml input: @@ -439,8 +439,8 @@ output: === `account` -Account name, which is the same as the https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#where-are-account-identifiers-used[Account Identifier]. -However, when using an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator], +Account name, which is the same as the https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#where-are-account-identifiers-used[Account Identifier^]. +However, when using an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator^], the Account Identifier is formatted as `..` and this field needs to be populated using the `` part. @@ -451,7 +451,7 @@ populated using the `` part. === `region` Optional region field which needs to be populated when using -an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator] +an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator^] and it must be set to the `` part of the Account Identifier (`..`). @@ -468,7 +468,7 @@ region: us-west-2 === `cloud` Optional cloud platform field which needs to be populated -when using an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator] +when using an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator^] and it must be set to the `` part of the Account Identifier (`..`). @@ -497,8 +497,7 @@ Username. === `password` An optional password. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -519,8 +518,7 @@ The path to a file containing the private SSH key. === `private_key_pass` An optional private SSH key passphrase. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -565,7 +563,7 @@ Schema. === `stage` Stage name. Use either one of the - https://docs.snowflake.com/en/user-guide/data-load-local-file-system-create-stage.html[supported] stage types. + https://docs.snowflake.com/en/user-guide/data-load-local-file-system-create-stage.html[supported^] stage types. This field supports xref:configuration:interpolation.adoc#bloblang-queries[interpolation functions]. diff --git a/docs/modules/components/pages/outputs/splunk_hec.adoc b/docs/modules/components/pages/outputs/splunk_hec.adoc index 548b67dabe..2b118ed4f0 100644 --- a/docs/modules/components/pages/outputs/splunk_hec.adoc +++ b/docs/modules/components/pages/outputs/splunk_hec.adoc @@ -69,7 +69,7 @@ output: -- ====== -This output POSTs messages to a Splunk HTTP Endpoint Collector (HEC) using token based authentication. The format of the message must be a [valid event JSON](https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/FormateventsforHTTPEventCollector). Raw is not supported. +This output POSTs messages to a Splunk HTTP Endpoint Collector (HEC) using token based authentication. The format of the message must be a https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/FormateventsforHTTPEventCollector[valid event JSON^]. Raw is not supported. == Fields diff --git a/docs/modules/components/pages/outputs/sql_insert.adoc b/docs/modules/components/pages/outputs/sql_insert.adoc index c6e14103aa..32537b1fb6 100644 --- a/docs/modules/components/pages/outputs/sql_insert.adoc +++ b/docs/modules/components/pages/outputs/sql_insert.adoc @@ -177,9 +177,9 @@ The following is a list of supported drivers, their placeholder style, and their Please note that the `postgres` driver enforces SSL by default, you can override this with the parameter `sslmode=disable` if required. -The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. +The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs^] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication^], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. -The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes] for details. +The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`^] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys^] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries^]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes^] for details. *Type*: `string` diff --git a/docs/modules/components/pages/outputs/sql_raw.adoc b/docs/modules/components/pages/outputs/sql_raw.adoc index 2fb6a0ef0b..0b5c391806 100644 --- a/docs/modules/components/pages/outputs/sql_raw.adoc +++ b/docs/modules/components/pages/outputs/sql_raw.adoc @@ -173,9 +173,9 @@ The following is a list of supported drivers, their placeholder style, and their Please note that the `postgres` driver enforces SSL by default, you can override this with the parameter `sslmode=disable` if required. -The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. +The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs^] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication^], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. -The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes] for details. +The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`^] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys^] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries^]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes^] for details. *Type*: `string` diff --git a/docs/modules/components/pages/outputs/websocket.adoc b/docs/modules/components/pages/outputs/websocket.adoc index 6da8e243a2..f6ab752d86 100644 --- a/docs/modules/components/pages/outputs/websocket.adoc +++ b/docs/modules/components/pages/outputs/websocket.adoc @@ -120,8 +120,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -189,8 +188,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -221,9 +219,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -271,8 +271,7 @@ A value used to identify the client to the service provider. === `oauth.consumer_secret` A secret used to establish ownership of the consumer key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -295,8 +294,7 @@ A value used to gain access to the protected resources on behalf of the user. === `oauth.access_token_secret` A secret provided in order to establish ownership of a given access token. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -336,8 +334,7 @@ A username to authenticate as. === `basic_auth.password` A password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/processors/archive.adoc b/docs/modules/components/pages/processors/archive.adoc index 3d99683ab4..ff314c755a 100644 --- a/docs/modules/components/pages/processors/archive.adoc +++ b/docs/modules/components/pages/processors/archive.adoc @@ -45,7 +45,7 @@ The archiving format to apply. | Option | Summary | `binary` -| Archive messages to a https://github.com/benthosdev/benthos/blob/main/internal/message/message.go#L96[binary blob format]. +| Archive messages to a https://github.com/{project-github}/blob/main/internal/message/message.go#L96[binary blob format^]. | `concatenate` | Join the raw contents of each message into a single binary message. | `json_array` diff --git a/docs/modules/components/pages/processors/awk.adoc b/docs/modules/components/pages/processors/awk.adoc index a9b6f3b129..30110cc079 100644 --- a/docs/modules/components/pages/processors/awk.adoc +++ b/docs/modules/components/pages/processors/awk.adoc @@ -31,7 +31,7 @@ Comes with a wide range of <> for accessing mess Check out the <> in order to see how this processor can be used. -This processor uses https://github.com/benhoyt/goawk[GoAWK], in order to understand the differences in how the program works you can read more about it in https://github.com/benhoyt/goawk#differences-from-awk[goawk.differences]. +This processor uses https://github.com/benhoyt/goawk[GoAWK^], in order to understand the differences in how the program works you can read more about it in https://github.com/benhoyt/goawk#differences-from-awk[goawk.differences^]. == Fields diff --git a/docs/modules/components/pages/processors/aws_dynamodb_partiql.adoc b/docs/modules/components/pages/processors/aws_dynamodb_partiql.adoc index ef9dccec62..eb7aad9cc0 100644 --- a/docs/modules/components/pages/processors/aws_dynamodb_partiql.adoc +++ b/docs/modules/components/pages/processors/aws_dynamodb_partiql.adoc @@ -164,8 +164,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -187,7 +186,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/processors/aws_lambda.adoc b/docs/modules/components/pages/processors/aws_lambda.adoc index 3f4c330b83..4022fbca94 100644 --- a/docs/modules/components/pages/processors/aws_lambda.adoc +++ b/docs/modules/components/pages/processors/aws_lambda.adoc @@ -200,8 +200,7 @@ The ID of credentials to use. === `credentials.secret` The secret for the credentials being used. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -223,7 +222,7 @@ The token for the credentials being used, required when using short term credent === `credentials.from_ec2_role` -Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]. +Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` diff --git a/docs/modules/components/pages/processors/azure_cosmosdb.adoc b/docs/modules/components/pages/processors/azure_cosmosdb.adoc index d5b6cb5899..42b3034400 100644 --- a/docs/modules/components/pages/processors/azure_cosmosdb.adoc +++ b/docs/modules/components/pages/processors/azure_cosmosdb.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -Creates or updates messages as JSON documents in https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB]. +Creates or updates messages as JSON documents in https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB^]. Introduced in version v4.25.0. @@ -66,7 +66,7 @@ azure_cosmosdb: -- ====== -When creating documents, each message must have the `id` property (case-sensitive) set (or use `auto_id: true`). It is the unique name that identifies the document, that is, no two documents share the same `id` within a logical partition. The `id` field must not exceed 255 characters. https://learn.microsoft.com/en-us/rest/api/cosmos-db/documents[See details]. +When creating documents, each message must have the `id` property (case-sensitive) set (or use `auto_id: true`). It is the unique name that identifies the document, that is, no two documents share the same `id` within a logical partition. The `id` field must not exceed 255 characters. https://learn.microsoft.com/en-us/rest/api/cosmos-db/documents[See details^]. The `partition_keys` field must resolve to the same value(s) across the entire message batch. @@ -76,7 +76,7 @@ The `partition_keys` field must resolve to the same value(s) across the entire m You can use one of the following authentication mechanisms: - Set the `endpoint` field and the `account_key` field -- Set only the `endpoint` field to use https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential] +- Set only the `endpoint` field to use https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential^] - Set the `connection_string` field @@ -93,7 +93,7 @@ You can access these metadata fields using xref:configuration:interpolation.adoc == Batching -CosmosDB limits the maximum batch size to 100 messages and the payload must not exceed 2MB (https://learn.microsoft.com/en-us/azure/cosmos-db/concepts-limits#per-request-limits[details here]). +CosmosDB limits the maximum batch size to 100 messages and the payload must not exceed 2MB (https://learn.microsoft.com/en-us/azure/cosmos-db/concepts-limits#per-request-limits[details here^]). == Examples @@ -167,8 +167,7 @@ endpoint: https://localhost:8081 === `account_key` Account key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -187,8 +186,7 @@ account_key: C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZ === `connection_string` Connection string. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -401,7 +399,7 @@ Enable content response on write operations. To save some bandwidth, set this to == CosmosDB emulator -If you wish to run the CosmosDB emulator that is referenced in the documentation https://learn.microsoft.com/en-us/azure/cosmos-db/linux-emulator[here], the following Docker command should do the trick: +If you wish to run the CosmosDB emulator that is referenced in the documentation https://learn.microsoft.com/en-us/azure/cosmos-db/linux-emulator[here^], the following Docker command should do the trick: ```bash > docker run --rm -it -p 8081:8081 --name=cosmosdb -e AZURE_COSMOS_EMULATOR_PARTITION_COUNT=10 -e AZURE_COSMOS_EMULATOR_ENABLE_DATA_PERSISTENCE=false mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator @@ -409,7 +407,7 @@ If you wish to run the CosmosDB emulator that is referenced in the documentation Note: `AZURE_COSMOS_EMULATOR_PARTITION_COUNT` controls the number of partitions that will be supported by the emulator. The bigger the value, the longer it takes for the container to start up. -Additionally, instead of installing the container self-signed certificate which is exposed via `https://localhost:8081/_explorer/emulator.pem`, you can run https://mitmproxy.org/[mitmproxy] like so: +Additionally, instead of installing the container self-signed certificate which is exposed via `https://localhost:8081/_explorer/emulator.pem`, you can run https://mitmproxy.org/[mitmproxy^] like so: ```bash > mitmproxy -k --mode "reverse:https://localhost:8081" diff --git a/docs/modules/components/pages/processors/couchbase.adoc b/docs/modules/components/pages/processors/couchbase.adoc index 7ff26ea327..aaffacc575 100644 --- a/docs/modules/components/pages/processors/couchbase.adoc +++ b/docs/modules/components/pages/processors/couchbase.adoc @@ -92,8 +92,7 @@ Username to connect to the cluster. === `password` Password to connect to the cluster. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/processors/grok.adoc b/docs/modules/components/pages/processors/grok.adoc index b502b8ea8a..c22e54734d 100644 --- a/docs/modules/components/pages/processors/grok.adoc +++ b/docs/modules/components/pages/processors/grok.adoc @@ -57,7 +57,7 @@ Type hints within patterns are respected, therefore with the pattern `%\{WORD:fi == Performance -This processor currently uses the https://golang.org/s/re2syntax[Go RE2] regular expression engine, which is guaranteed to run in time linear to the size of the input. However, this property often makes it less performant than PCRE based implementations of grok. For more information, see https://swtch.com/~rsc/regexp/regexp1.html. +This processor currently uses the https://golang.org/s/re2syntax[Go RE2^] regular expression engine, which is guaranteed to run in time linear to the size of the input. However, this property often makes it less performant than PCRE based implementations of grok. For more information, see https://swtch.com/~rsc/regexp/regexp1.html. == Examples diff --git a/docs/modules/components/pages/processors/http.adoc b/docs/modules/components/pages/processors/http.adoc index 53060f5707..8fc5c92de3 100644 --- a/docs/modules/components/pages/processors/http.adoc +++ b/docs/modules/components/pages/processors/http.adoc @@ -300,8 +300,7 @@ A value used to identify the client to the service provider. === `oauth.consumer_secret` A secret used to establish ownership of the consumer key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -324,8 +323,7 @@ A value used to gain access to the protected resources on behalf of the user. === `oauth.access_token_secret` A secret provided in order to establish ownership of a given access token. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -365,8 +363,7 @@ A value used to identify the client to the token provider. === `oauth2.client_secret` A secret used to establish ownership of the client key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -446,8 +443,7 @@ A username to authenticate as. === `basic_auth.password` A password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -550,8 +546,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -619,8 +614,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -651,9 +645,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -803,7 +799,7 @@ An optional HTTP proxy URL. === `batch_as_multipart` -Send message batches as a single request using https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html[RFC1341]. +Send message batches as a single request using https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html[RFC1341^]. *Type*: `bool` diff --git a/docs/modules/components/pages/processors/javascript.adoc b/docs/modules/components/pages/processors/javascript.adoc index 0165e334b9..79ebf3559b 100644 --- a/docs/modules/components/pages/processors/javascript.adoc +++ b/docs/modules/components/pages/processors/javascript.adoc @@ -28,11 +28,11 @@ javascript: global_folders: [] ``` -The https://github.com/dop251/goja[execution engine] behind this processor provides full ECMAScript 5.1 support (including regex and strict mode). Most of the ECMAScript 6 spec is implemented but this is a work in progress. +The https://github.com/dop251/goja[execution engine^] behind this processor provides full ECMAScript 5.1 support (including regex and strict mode). Most of the ECMAScript 6 spec is implemented but this is a work in progress. -Imports via `require` should work similarly to NodeJS, and access to the console is supported which will print via the Benthos logger. More caveats can be found on https://github.com/dop251/goja#known-incompatibilities-and-caveats[GitHub]. +Imports via `require` should work similarly to NodeJS, and access to the console is supported which will print via the Benthos logger. More caveats can be found on https://github.com/dop251/goja#known-incompatibilities-and-caveats[GitHub^]. -This processor is implemented using the https://github.com/dop251/goja[github.com/dop251/goja] library. +This processor is implemented using the https://github.com/dop251/goja[github.com/dop251/goja^] library. == Fields diff --git a/docs/modules/components/pages/processors/jq.adoc b/docs/modules/components/pages/processors/jq.adoc index ae0f3fb642..fc4658bfa6 100644 --- a/docs/modules/components/pages/processors/jq.adoc +++ b/docs/modules/components/pages/processors/jq.adoc @@ -58,11 +58,11 @@ The provided query is executed on each message, targeting either the contents as Message metadata is also accessible within the query from the variable `$metadata`. -This processor uses the https://github.com/itchyny/gojq[gojq library], and therefore does not require jq to be installed as a dependency. However, this also means there are some https://github.com/itchyny/gojq#difference-to-jq[differences in how these queries are executed] versus the jq cli. +This processor uses the https://github.com/itchyny/gojq[gojq library^], and therefore does not require jq to be installed as a dependency. However, this also means there are some https://github.com/itchyny/gojq#difference-to-jq[differences in how these queries are executed^] versus the jq cli. If the query does not emit any value then the message is filtered, if the query returns multiple values then the resulting message will be an array containing all values. -The full query syntax is described in https://stedolan.github.io/jq/manual/[jq's documentation]. +The full query syntax is described in https://stedolan.github.io/jq/manual/[jq's documentation^]. == Error handling diff --git a/docs/modules/components/pages/processors/json_schema.adoc b/docs/modules/components/pages/processors/json_schema.adoc index be5db5afe1..38685dcad4 100644 --- a/docs/modules/components/pages/processors/json_schema.adoc +++ b/docs/modules/components/pages/processors/json_schema.adoc @@ -25,7 +25,7 @@ json_schema: schema_path: "" # No default (optional) ``` -Please refer to the https://json-schema.org/[JSON Schema website] for information and tutorials regarding the syntax of the schema. +Please refer to the https://json-schema.org/[JSON Schema website^] for information and tutorials regarding the syntax of the schema. == Fields diff --git a/docs/modules/components/pages/processors/mongodb.adoc b/docs/modules/components/pages/processors/mongodb.adoc index bf7a471dc7..9cd81b5691 100644 --- a/docs/modules/components/pages/processors/mongodb.adoc +++ b/docs/modules/components/pages/processors/mongodb.adoc @@ -111,8 +111,7 @@ The username to connect to the database. === `password` The password to connect to the database. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -186,7 +185,7 @@ The write concern timeout. === `document_map` -A bloblang map representing a document to store within MongoDB, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form]. The document map is required for the operations insert-one, replace-one and update-one. +A bloblang map representing a document to store within MongoDB, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form^]. The document map is required for the operations insert-one, replace-one and update-one. *Type*: `string` @@ -203,7 +202,7 @@ document_map: |- === `filter_map` -A bloblang map representing a filter for a MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form]. The filter map is required for all operations except insert-one. It is used to find the document(s) for the operation. For example in a delete-one case, the filter map should have the fields required to locate the document to delete. +A bloblang map representing a filter for a MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form^]. The filter map is required for all operations except insert-one. It is used to find the document(s) for the operation. For example in a delete-one case, the filter map should have the fields required to locate the document to delete. *Type*: `string` @@ -220,7 +219,7 @@ filter_map: |- === `hint_map` -A bloblang map representing the hint for the MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form]. This map is optional and is used with all operations except insert-one. It is used to improve performance of finding the documents in the mongodb. +A bloblang map representing the hint for the MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form^]. This map is optional and is used with all operations except insert-one. It is used to improve performance of finding the documents in the mongodb. *Type*: `string` diff --git a/docs/modules/components/pages/processors/msgpack.adoc b/docs/modules/components/pages/processors/msgpack.adoc index b30c7431b4..833d3da9e7 100644 --- a/docs/modules/components/pages/processors/msgpack.adoc +++ b/docs/modules/components/pages/processors/msgpack.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -Converts messages to or from the https://msgpack.org/[MessagePack] format. +Converts messages to or from the https://msgpack.org/[MessagePack^] format. Introduced in version 3.59.0. diff --git a/docs/modules/components/pages/processors/nats_kv.adoc b/docs/modules/components/pages/processors/nats_kv.adoc index 717ce3370b..264f35df3c 100644 --- a/docs/modules/components/pages/processors/nats_kv.adoc +++ b/docs/modules/components/pages/processors/nats_kv.adoc @@ -112,10 +112,10 @@ NATS component, so that monitoring tools between NATS and benthos can stay in sy == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -123,21 +123,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Fields @@ -207,7 +207,7 @@ The operation to perform on the KV bucket. === `key` -The key for each message. Supports https://docs.nats.io/nats-concepts/subjects#wildcards[wildcards] for the `history` and `keys` operations. +The key for each message. Supports https://docs.nats.io/nats-concepts/subjects#wildcards[wildcards^] for the `history` and `keys` operations. This field supports xref:configuration:interpolation.adoc#bloblang-queries[interpolation functions]. @@ -293,8 +293,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -362,8 +361,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -394,9 +392,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -454,8 +454,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -468,8 +467,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/processors/nats_request_reply.adoc b/docs/modules/components/pages/processors/nats_request_reply.adoc index ffea8cc3f4..7decbd65a4 100644 --- a/docs/modules/components/pages/processors/nats_request_reply.adoc +++ b/docs/modules/components/pages/processors/nats_request_reply.adoc @@ -102,10 +102,10 @@ NATS component, so that monitoring tools between NATS and benthos can stay in sy == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -113,21 +113,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the `nkey_file` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/developing-with-nats/security/nkey[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details]. +https://docs.nats.io/developing-with-nats/security/creds[More details^]. == Fields @@ -298,8 +298,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -367,8 +366,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -399,9 +397,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -459,8 +459,7 @@ user_credentials_file: ./user.creds === `auth.user_jwt` An optional plain text user JWT (given along with the corresponding user NKey Seed). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -473,8 +472,7 @@ This field contains sensitive information that usually shouldn't be added to a c === `auth.user_nkey_seed` An optional plain text user NKey Seed (given along with the corresponding user JWT). -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/processors/parquet.adoc b/docs/modules/components/pages/processors/parquet.adoc index cb6645f435..39d700a40f 100644 --- a/docs/modules/components/pages/processors/parquet.adoc +++ b/docs/modules/components/pages/processors/parquet.adoc @@ -20,7 +20,7 @@ component_type_dropdown::[] ==== This component is deprecated and will be removed in the next major version release. Please consider moving onto <>. ==== -Converts batches of documents to or from https://parquet.apache.org/docs/[Parquet files]. +Converts batches of documents to or from https://parquet.apache.org/docs/[Parquet files^]. Introduced in version 3.62.0. diff --git a/docs/modules/components/pages/processors/parquet_decode.adoc b/docs/modules/components/pages/processors/parquet_decode.adoc index f7f5ab745a..94a1382cc4 100644 --- a/docs/modules/components/pages/processors/parquet_decode.adoc +++ b/docs/modules/components/pages/processors/parquet_decode.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -Decodes https://parquet.apache.org/docs/[Parquet files] into a batch of structured messages. +Decodes https://parquet.apache.org/docs/[Parquet files^] into a batch of structured messages. Introduced in version 4.4.0. @@ -25,7 +25,7 @@ label: "" parquet_decode: {} ``` -This processor uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases. +This processor uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go^], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases. == Examples diff --git a/docs/modules/components/pages/processors/parquet_encode.adoc b/docs/modules/components/pages/processors/parquet_encode.adoc index 1ebcddf83d..aeb3404dde 100644 --- a/docs/modules/components/pages/processors/parquet_encode.adoc +++ b/docs/modules/components/pages/processors/parquet_encode.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -Encodes https://parquet.apache.org/docs/[Parquet files] from a batch of structured messages. +Encodes https://parquet.apache.org/docs/[Parquet files^] from a batch of structured messages. Introduced in version 4.4.0. @@ -51,7 +51,7 @@ parquet_encode: -- ====== -This processor uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases. +This processor uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go^], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases. == Examples diff --git a/docs/modules/components/pages/processors/parse_log.adoc b/docs/modules/components/pages/processors/parse_log.adoc index 4babc61756..eb59132314 100644 --- a/docs/modules/components/pages/processors/parse_log.adoc +++ b/docs/modules/components/pages/processors/parse_log.adoc @@ -94,7 +94,7 @@ Sets the strategy used to set the year for rfc3164 timestamps. Applicable to for === `default_timezone` -Sets the strategy to decide the timezone for rfc3164 timestamps. Applicable to format `syslog_rfc3164`. This value should follow the https://golang.org/pkg/time/#LoadLocation[time.LoadLocation] format. +Sets the strategy to decide the timezone for rfc3164 timestamps. Applicable to format `syslog_rfc3164`. This value should follow the https://golang.org/pkg/time/#LoadLocation[time.LoadLocation^] format. *Type*: `string` @@ -109,7 +109,7 @@ Currently the only supported structured data codec is `json`. === `syslog_rfc5424` -Attempts to parse a log following the https://tools.ietf.org/html/rfc5424[Syslog rfc5424] spec. The resulting structured document may contain any of the following fields: +Attempts to parse a log following the https://tools.ietf.org/html/rfc5424[Syslog rfc5424^] spec. The resulting structured document may contain any of the following fields: - `message` (string) - `timestamp` (string, RFC3339) @@ -125,7 +125,7 @@ Attempts to parse a log following the https://tools.ietf.org/html/rfc5424[Syslog === `syslog_rfc3164` -Attempts to parse a log following the https://tools.ietf.org/html/rfc3164[Syslog rfc3164] spec. The resulting structured document may contain any of the following fields: +Attempts to parse a log following the https://tools.ietf.org/html/rfc3164[Syslog rfc3164^] spec. The resulting structured document may contain any of the following fields: - `message` (string) - `timestamp` (string, RFC3339) diff --git a/docs/modules/components/pages/processors/protobuf.adoc b/docs/modules/components/pages/processors/protobuf.adoc index a300be16e0..81fe08dc31 100644 --- a/docs/modules/components/pages/processors/protobuf.adoc +++ b/docs/modules/components/pages/processors/protobuf.adoc @@ -30,9 +30,9 @@ protobuf: import_paths: [] ``` -The main functionality of this processor is to map to and from JSON documents, you can read more about JSON mapping of protobuf messages here: https://developers.google.com/protocol-buffers/docs/proto3#json[https://developers.google.com/protocol-buffers/docs/proto3#json] +The main functionality of this processor is to map to and from JSON documents, you can read more about JSON mapping of protobuf messages here: https://developers.google.com/protocol-buffers/docs/proto3#json[https://developers.google.com/protocol-buffers/docs/proto3#json^] -Using reflection for processing protobuf messages in this way is less performant than generating and using native code. Therefore when performance is critical it is recommended that you use Benthos plugins instead for processing protobuf messages natively, you can find an example of Benthos plugins at https://github.com/benthosdev/benthos-plugin-example[https://github.com/benthosdev/benthos-plugin-example] +Using reflection for processing protobuf messages in this way is less performant than generating and using native code. Therefore when performance is critical it is recommended that you use Benthos plugins instead for processing protobuf messages natively, you can find an example of Benthos plugins at https://github.com/benthosdev/benthos-plugin-example[https://github.com/benthosdev/benthos-plugin-example^] == Operators diff --git a/docs/modules/components/pages/processors/redis.adoc b/docs/modules/components/pages/processors/redis.adoc index 1be4134e70..be30cb7b73 100644 --- a/docs/modules/components/pages/processors/redis.adoc +++ b/docs/modules/components/pages/processors/redis.adoc @@ -223,8 +223,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -292,8 +291,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -324,9 +322,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/processors/redis_script.adoc b/docs/modules/components/pages/processors/redis_script.adoc index f25b2f6783..4d09b1407f 100644 --- a/docs/modules/components/pages/processors/redis_script.adoc +++ b/docs/modules/components/pages/processors/redis_script.adoc @@ -15,7 +15,7 @@ component_type_dropdown::[] -Performs actions against Redis using https://redis.io/docs/manual/programmability/eval-intro/[LUA scripts]. +Performs actions against Redis using https://redis.io/docs/manual/programmability/eval-intro/[LUA scripts^]. Introduced in version 4.11.0. @@ -200,8 +200,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -269,8 +268,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -301,9 +299,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/processors/schema_registry_decode.adoc b/docs/modules/components/pages/processors/schema_registry_decode.adoc index fa376a6222..4e5d20a0d1 100644 --- a/docs/modules/components/pages/processors/schema_registry_decode.adoc +++ b/docs/modules/components/pages/processors/schema_registry_decode.adoc @@ -69,13 +69,13 @@ schema_registry_decode: -- ====== -Decodes messages automatically from a schema stored within a https://docs.confluent.io/platform/current/schema-registry/index.html[Confluent Schema Registry service] by extracting a schema ID from the message and obtaining the associated schema from the registry. If a message fails to match against the schema then it will remain unchanged and the error can be caught using xref:configuration:error_handling.adoc[error handling methods]. +Decodes messages automatically from a schema stored within a https://docs.confluent.io/platform/current/schema-registry/index.html[Confluent Schema Registry service^] by extracting a schema ID from the message and obtaining the associated schema from the registry. If a message fails to match against the schema then it will remain unchanged and the error can be caught using xref:configuration:error_handling.adoc[error handling methods]. Avro, Protobuf and Json schemas are supported, all are capable of expanding from schema references as of v4.22.0. == Avro JSON format -This processor creates documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON] when decoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: +This processor creates documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^] when decoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: - if its type is `null`, then it is encoded as a JSON `null`; - otherwise it is encoded as a JSON object with one name/value pair whose name is the type's name and whose value is the recursively encoded value. For Avro's named types (record, fixed or enum) the user-specified name is used, for other types the type name is used. @@ -86,7 +86,7 @@ For example, the union schema `["null","string","Foo"]`, where `Foo` is a record - the string `"a"` as `\{"string": "a"}`; and - a `Foo` instance as `\{"Foo": {...}}`, where `{...}` indicates the JSON encoding of a `Foo` instance. -However, it is possible to instead create documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format] by setting the field <> to `true`. +However, it is possible to instead create documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format^] by setting the field <> to `true`. == Protobuf format @@ -97,7 +97,7 @@ This processor decodes protobuf messages to JSON documents, you can read more ab === `avro_raw_json` -Whether Avro messages should be decoded into normal JSON ("json that meets the expectations of regular internet json") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON]. If `true` the schema returned from the subject should be decoded as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro], the https://github.com/linkedin/goavro[underlining library used for avro serialization], that explains in more detail the difference between the standard json and avro json. +Whether Avro messages should be decoded into normal JSON ("json that meets the expectations of regular internet json") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^]. If `true` the schema returned from the subject should be decoded as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json^] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json^]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro^], the https://github.com/linkedin/goavro[underlining library used for avro serialization^], that explains in more detail the difference between the standard json and avro json. *Type*: `bool` @@ -142,8 +142,7 @@ A value used to identify the client to the service provider. === `oauth.consumer_secret` A secret used to establish ownership of the consumer key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -166,8 +165,7 @@ A value used to gain access to the protected resources on behalf of the user. === `oauth.access_token_secret` A secret provided in order to establish ownership of a given access token. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -208,8 +206,7 @@ A username to authenticate as. === `basic_auth.password` A password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -304,8 +301,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -373,8 +369,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -405,9 +400,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/processors/schema_registry_encode.adoc b/docs/modules/components/pages/processors/schema_registry_encode.adoc index 10ff2149f9..eaf98d483c 100644 --- a/docs/modules/components/pages/processors/schema_registry_encode.adoc +++ b/docs/modules/components/pages/processors/schema_registry_encode.adoc @@ -75,7 +75,7 @@ schema_registry_encode: -- ====== -Encodes messages automatically from schemas obtains from a https://docs.confluent.io/platform/current/schema-registry/index.html[Confluent Schema Registry service] by polling the service for the latest schema version for target subjects. +Encodes messages automatically from schemas obtains from a https://docs.confluent.io/platform/current/schema-registry/index.html[Confluent Schema Registry service^] by polling the service for the latest schema version for target subjects. If a message fails to encode under the schema then it will remain unchanged and the error can be caught using xref:configuration:error_handling.adoc[error handling methods]. @@ -83,7 +83,7 @@ Avro, Protobuf and Json schemas are supported, all are capable of expanding from == Avro JSON format -By default this processor expects documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON] when encoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: +By default this processor expects documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^] when encoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: - if its type is `null`, then it is encoded as a JSON `null`; - otherwise it is encoded as a JSON object with one name/value pair whose name is the type's name and whose value is the recursively encoded value. For Avro's named types (record, fixed or enum) the user-specified name is used, for other types the type name is used. @@ -94,11 +94,11 @@ For example, the union schema `["null","string","Foo"]`, where `Foo` is a record - the string `"a"` as `\{"string": "a"}`; and - a `Foo` instance as `\{"Foo": {...}}`, where `{...}` indicates the JSON encoding of a `Foo` instance. -However, it is possible to instead consume documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format] by setting the field <> to `true`. +However, it is possible to instead consume documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format^] by setting the field <> to `true`. === Known issues -Important! There is an outstanding issue in the https://github.com/linkedin/goavro[avro serializing library] that benthos uses which means it https://github.com/linkedin/goavro/issues/252[doesn't encode logical types correctly]. It's still possible to encode logical types that are in-line with the spec if `avro_raw_json` is set to true, though now of course non-logical types will not be in-line with the spec. +Important! There is an outstanding issue in the https://github.com/linkedin/goavro[avro serializing library^] that benthos uses which means it https://github.com/linkedin/goavro/issues/252[doesn't encode logical types correctly^]. It's still possible to encode logical types that are in-line with the spec if `avro_raw_json` is set to true, though now of course non-logical types will not be in-line with the spec. == Protobuf format @@ -108,7 +108,7 @@ This processor encodes protobuf messages either from any format parsed within Be When a target subject presents a protobuf schema that contains multiple messages it becomes ambiguous which message definition a given input data should be encoded against. In such scenarios Benthos will attempt to encode the data against each of them and select the first to successfully match against the data, this process currently *ignores all nested message definitions*. In order to speed up this exhaustive search the last known successful message will be attempted first for each subsequent input. -We will be considering alternative approaches in future so please https://redpanda.com/slack[get in touch] with thoughts and feedback. +We will be considering alternative approaches in future so please https://redpanda.com/slack[get in touch^] with thoughts and feedback. == Fields @@ -157,7 +157,7 @@ refresh_period: 1h === `avro_raw_json` -Whether messages encoded in Avro format should be parsed as normal JSON ("json that meets the expectations of regular internet json") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON]. If `true` the schema returned from the subject should be parsed as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro], the https://github.com/linkedin/goavro[underlining library used for avro serialization], that explains in more detail the difference between standard json and avro json. +Whether messages encoded in Avro format should be parsed as normal JSON ("json that meets the expectations of regular internet json") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^]. If `true` the schema returned from the subject should be parsed as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json^] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json^]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro^], the https://github.com/linkedin/goavro[underlining library used for avro serialization^], that explains in more detail the difference between standard json and avro json. *Type*: `bool` @@ -195,8 +195,7 @@ A value used to identify the client to the service provider. === `oauth.consumer_secret` A secret used to establish ownership of the consumer key. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -219,8 +218,7 @@ A value used to gain access to the protected resources on behalf of the user. === `oauth.access_token_secret` A secret provided in order to establish ownership of a given access token. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -261,8 +259,7 @@ A username to authenticate as. === `basic_auth.password` A password to authenticate with. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -357,8 +354,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -426,8 +422,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -458,9 +453,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/processors/sentry_capture.adoc b/docs/modules/components/pages/processors/sentry_capture.adoc index 26a3eb989e..35673b3235 100644 --- a/docs/modules/components/pages/processors/sentry_capture.adoc +++ b/docs/modules/components/pages/processors/sentry_capture.adoc @@ -14,7 +14,7 @@ component_type_dropdown::[] -Captures log events from messages and submits them to https://sentry.io/[Sentry]. +Captures log events from messages and submits them to https://sentry.io/[Sentry^]. Introduced in version 4.16.0. diff --git a/docs/modules/components/pages/processors/sql_insert.adoc b/docs/modules/components/pages/processors/sql_insert.adoc index 76d3b987b9..58f5cb0612 100644 --- a/docs/modules/components/pages/processors/sql_insert.adoc +++ b/docs/modules/components/pages/processors/sql_insert.adoc @@ -165,9 +165,9 @@ The following is a list of supported drivers, their placeholder style, and their Please note that the `postgres` driver enforces SSL by default, you can override this with the parameter `sslmode=disable` if required. -The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. +The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs^] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication^], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. -The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes] for details. +The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`^] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys^] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries^]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes^] for details. *Type*: `string` diff --git a/docs/modules/components/pages/processors/sql_raw.adoc b/docs/modules/components/pages/processors/sql_raw.adoc index 7a4248c1b7..4f7ff49e33 100644 --- a/docs/modules/components/pages/processors/sql_raw.adoc +++ b/docs/modules/components/pages/processors/sql_raw.adoc @@ -178,9 +178,9 @@ The following is a list of supported drivers, their placeholder style, and their Please note that the `postgres` driver enforces SSL by default, you can override this with the parameter `sslmode=disable` if required. -The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. +The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs^] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication^], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. -The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes] for details. +The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`^] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys^] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries^]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes^] for details. *Type*: `string` diff --git a/docs/modules/components/pages/processors/sql_select.adoc b/docs/modules/components/pages/processors/sql_select.adoc index e1a7f657a1..e2db1fd592 100644 --- a/docs/modules/components/pages/processors/sql_select.adoc +++ b/docs/modules/components/pages/processors/sql_select.adoc @@ -169,9 +169,9 @@ The following is a list of supported drivers, their placeholder style, and their Please note that the `postgres` driver enforces SSL by default, you can override this with the parameter `sslmode=disable` if required. -The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. +The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs^] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication^], the DSN has the following format: `@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded. -The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes] for details. +The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`^] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys^] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries^]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes^] for details. *Type*: `string` diff --git a/docs/modules/components/pages/processors/switch.adoc b/docs/modules/components/pages/processors/switch.adoc index 4a7e99ed63..f3b457d29b 100644 --- a/docs/modules/components/pages/processors/switch.adoc +++ b/docs/modules/components/pages/processors/switch.adoc @@ -66,14 +66,14 @@ Indicates whether, if this case passes for a message, the next case should also [tabs] ====== -I Hate George:: +Ignore George:: + -- -We have a system where we're counting a metric for all messages that pass through our system. However, occasionally we get messages from George where he's rambling about dumb stuff we don't care about. +We have a system where we're counting a metric for all messages that pass through our system. However, occasionally we get messages from George that we don't care about. -For Georges messages we want to instead emit a metric that gauges how angry he is about being ignored and then we drop it. +For George's messages we want to instead emit a metric that gauges how angry he is about being ignored and then we drop it. ```yaml pipeline: diff --git a/docs/modules/components/pages/processors/unarchive.adoc b/docs/modules/components/pages/processors/unarchive.adoc index db68f7dcb5..d88a85f3bf 100644 --- a/docs/modules/components/pages/processors/unarchive.adoc +++ b/docs/modules/components/pages/processors/unarchive.adoc @@ -45,7 +45,7 @@ The unarchiving format to apply. | Option | Summary | `binary` -| Extract messages from a https://github.com/benthosdev/benthos/blob/main/internal/message/message.go#L96[binary blob format]. +| Extract messages from a https://github.com/{project-github}/blob/main/internal/message/message.go#L96[binary blob format^]. | `csv` | Attempt to parse the message as a csv file (header required) and for each row in the file expands its contents into a json object in a new message. | `csv:x` diff --git a/docs/modules/components/pages/processors/wasm.adoc b/docs/modules/components/pages/processors/wasm.adoc index 7265634f71..22b071de7f 100644 --- a/docs/modules/components/pages/processors/wasm.adoc +++ b/docs/modules/components/pages/processors/wasm.adoc @@ -27,9 +27,9 @@ wasm: function: process ``` -This processor uses https://github.com/tetratelabs/wazero[Wazero] to execute a WASM module (with support for WASI), calling a specific function for each message being processed. From within the WASM module it is possible to query and mutate the message being processed via a suite of functions exported to the module. +This processor uses https://github.com/tetratelabs/wazero[Wazero^] to execute a WASM module (with support for WASI), calling a specific function for each message being processed. From within the WASM module it is possible to query and mutate the message being processed via a suite of functions exported to the module. -This ecosystem is delicate as WASM doesn't have a single clearly defined way to pass strings back and forth between the host and the module. In order to remedy this we're gradually working on introducing libraries and examples for multiple languages which can be found in https://github.com/benthosdev/benthos/tree/main/public/wasm/README.md[the codebase]. +This ecosystem is delicate as WASM doesn't have a single clearly defined way to pass strings back and forth between the host and the module. In order to remedy this we're gradually working on introducing libraries and examples for multiple languages which can be found in https://github.com/{project-github}/tree/main/public/wasm/README.md[the codebase^]. These examples, as well as the processor itself, is a work in progress. diff --git a/docs/modules/components/pages/processors/workflow.adoc b/docs/modules/components/pages/processors/workflow.adoc index af6f597255..0cd02e85a9 100644 --- a/docs/modules/components/pages/processors/workflow.adoc +++ b/docs/modules/components/pages/processors/workflow.adoc @@ -63,7 +63,7 @@ When a processing pipeline contains multiple network processors that aren't depe === Simplifying processor topology -A workflow is often expressed as a https://en.wikipedia.org/wiki/Directed_acyclic_graph[DAG] of processing stages, where each stage can result in N possible next stages, until finally the flow ends at an exit node. +A workflow is often expressed as a https://en.wikipedia.org/wiki/Directed_acyclic_graph[DAG^] of processing stages, where each stage can result in N possible next stages, until finally the flow ends at an exit node. For example, if we had processing stages A, B, C and D, where stage A could result in either stage B or C being next, always followed by D, it might look something like this: diff --git a/docs/modules/components/pages/rate_limits/redis.adoc b/docs/modules/components/pages/rate_limits/redis.adoc index 3a218155d4..ad6929df46 100644 --- a/docs/modules/components/pages/rate_limits/redis.adoc +++ b/docs/modules/components/pages/rate_limits/redis.adoc @@ -161,8 +161,7 @@ Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -230,8 +229,7 @@ A plain text certificate to use. === `tls.client_certs[].key` A plain text certificate key to use. -[WARNING] -.Secret +[CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== @@ -262,9 +260,11 @@ The path of a certificate key to use. === `tls.client_certs[].password` -A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. + +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. + [WARNING] -.Secret ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== diff --git a/docs/modules/components/pages/scanners/avro.adoc b/docs/modules/components/pages/scanners/avro.adoc index f0c2a5732b..28366b2848 100644 --- a/docs/modules/components/pages/scanners/avro.adoc +++ b/docs/modules/components/pages/scanners/avro.adoc @@ -44,7 +44,7 @@ avro: == Avro JSON format -This scanner yields documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON] when decoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: +This scanner yields documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^] when decoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: - if its type is `null`, then it is encoded as a JSON `null`; - otherwise it is encoded as a JSON object with one name/value pair whose name is the type's name and whose value is the recursively encoded value. For Avro's named types (record, fixed or enum) the user-specified name is used, for other types the type name is used. @@ -55,14 +55,14 @@ For example, the union schema `["null","string","Foo"]`, where `Foo` is a record - the string `"a"` as `{"string": "a"}`; and - a `Foo` instance as `{"Foo": {...}}`, where `{...}` indicates the JSON encoding of a `Foo` instance. -However, it is possible to instead create documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format] by setting the field <> to `true`. +However, it is possible to instead create documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format^] by setting the field <> to `true`. == Fields === `raw_json` -Whether messages should be decoded into normal JSON ("json that meets the expectations of regular internet json") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON]. If `true` the schema returned from the subject should be decoded as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro], the https://github.com/linkedin/goavro[underlining library used for avro serialization], that explains in more detail the difference between the standard json and avro json. +Whether messages should be decoded into normal JSON ("json that meets the expectations of regular internet json") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^]. If `true` the schema returned from the subject should be decoded as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json^] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json^]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro^], the https://github.com/linkedin/goavro[underlining library used for avro serialization^], that explains in more detail the difference between the standard json and avro json. *Type*: `bool` diff --git a/docs/modules/components/pages/tracers/gcp_cloudtrace.adoc b/docs/modules/components/pages/tracers/gcp_cloudtrace.adoc index 12957d01fc..4d2c17d416 100644 --- a/docs/modules/components/pages/tracers/gcp_cloudtrace.adoc +++ b/docs/modules/components/pages/tracers/gcp_cloudtrace.adoc @@ -14,7 +14,7 @@ component_type_dropdown::[] -Send tracing events to a https://cloud.google.com/trace[Google Cloud Trace]. +Send tracing events to a https://cloud.google.com/trace[Google Cloud Trace^]. Introduced in version 4.2.0. diff --git a/docs/modules/components/pages/tracers/jaeger.adoc b/docs/modules/components/pages/tracers/jaeger.adoc index 8e237c88d4..2ff9a82e09 100644 --- a/docs/modules/components/pages/tracers/jaeger.adoc +++ b/docs/modules/components/pages/tracers/jaeger.adoc @@ -14,7 +14,7 @@ component_type_dropdown::[] -Send tracing events to a https://www.jaegertracing.io/[Jaeger] agent or collector. +Send tracing events to a https://www.jaegertracing.io/[Jaeger^] agent or collector. [tabs] diff --git a/docs/modules/components/pages/tracers/open_telemetry_collector.adoc b/docs/modules/components/pages/tracers/open_telemetry_collector.adoc index cf6736edcc..74fe4b2039 100644 --- a/docs/modules/components/pages/tracers/open_telemetry_collector.adoc +++ b/docs/modules/components/pages/tracers/open_telemetry_collector.adoc @@ -14,7 +14,7 @@ component_type_dropdown::[] -Send tracing events to an https://opentelemetry.io/docs/collector/[Open Telemetry collector]. +Send tracing events to an https://opentelemetry.io/docs/collector/[Open Telemetry collector^]. [tabs] diff --git a/docs/modules/configuration/pages/templating.adoc b/docs/modules/configuration/pages/templating.adoc index 34b3dabfba..0b1646c025 100644 --- a/docs/modules/configuration/pages/templating.adoc +++ b/docs/modules/configuration/pages/templating.adoc @@ -9,8 +9,7 @@ internal/template/docs.adoc //// -[WARNING] -.Experimental +[CAUTION] ==== Templates are an experimental feature and therefore subject to change outside of major version releases. ==== diff --git a/docs/modules/guides/pages/bloblang/functions.adoc b/docs/modules/guides/pages/bloblang/functions.adoc index d2cb9878a0..c79624459d 100644 --- a/docs/modules/guides/pages/bloblang/functions.adoc +++ b/docs/modules/guides/pages/bloblang/functions.adoc @@ -31,7 +31,6 @@ root.values_two = range(0, this.max, 2) === `counter` [CAUTION] -.Experimental ==== This function is experimental and therefore breaking changes could be made to it outside of major version releases. ==== @@ -278,7 +277,6 @@ root.doc.contents = (this.body.content | this.thing.body) === `ulid` [CAUTION] -.Experimental ==== This function is experimental and therefore breaking changes could be made to it outside of major version releases. ==== @@ -432,7 +430,6 @@ root.all_metadata = metadata() === `tracing_id` [CAUTION] -.Experimental ==== This function is experimental and therefore breaking changes could be made to it outside of major version releases. ==== @@ -448,7 +445,6 @@ meta trace_id = tracing_id() === `tracing_span` [CAUTION] -.Experimental ==== This function is experimental and therefore breaking changes could be made to it outside of major version releases. ==== @@ -622,12 +618,11 @@ root.received_at = timestamp_unix_nano() === `fake` -[NOTE] -.Beta +[CAUTION] ==== This function is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== -Takes in a string that maps to a https://github.com/go-faker/faker[faker] function and returns the result from that faker function. Returns an error if the given string doesn't match a supported faker function. Supported functions: `latitude`, `longitude`, `unix_time`, `date`, `time_string`, `month_name`, `year_string`, `day_of_week`, `day_of_month`, `timestamp`, `century`, `timezone`, `time_period`, `email`, `mac_address`, `domain_name`, `url`, `username`, `ipv4`, `ipv6`, `password`, `jwt`, `word`, `sentence`, `paragraph`, `cc_type`, `cc_number`, `currency`, `amount_with_currency`, `title_male`, `title_female`, `first_name`, `first_name_male`, `first_name_female`, `last_name`, `name`, `gender`, `chinese_first_name`, `chinese_last_name`, `chinese_name`, `phone_number`, `toll_free_phone_number`, `e164_phone_number`, `uuid_hyphenated`, `uuid_digit`. Refer to the https://github.com/go-faker/faker[faker] docs for details on these functions. +Takes in a string that maps to a https://github.com/go-faker/faker[faker^] function and returns the result from that faker function. Returns an error if the given string doesn't match a supported faker function. Supported functions: `latitude`, `longitude`, `unix_time`, `date`, `time_string`, `month_name`, `year_string`, `day_of_week`, `day_of_month`, `timestamp`, `century`, `timezone`, `time_period`, `email`, `mac_address`, `domain_name`, `url`, `username`, `ipv4`, `ipv6`, `password`, `jwt`, `word`, `sentence`, `paragraph`, `cc_type`, `cc_number`, `currency`, `amount_with_currency`, `title_male`, `title_female`, `first_name`, `first_name_male`, `first_name_female`, `last_name`, `name`, `gender`, `chinese_first_name`, `chinese_last_name`, `chinese_name`, `phone_number`, `toll_free_phone_number`, `e164_phone_number`, `uuid_hyphenated`, `uuid_digit`. Refer to the https://github.com/go-faker/faker[faker^] docs for details on these functions. ==== Parameters diff --git a/docs/modules/guides/pages/bloblang/methods.adoc b/docs/modules/guides/pages/bloblang/methods.adoc index 008217c034..3d37255ef9 100644 --- a/docs/modules/guides/pages/bloblang/methods.adoc +++ b/docs/modules/guides/pages/bloblang/methods.adoc @@ -321,7 +321,7 @@ root.path_sep = this.path.filepath_split() === `format` -Use a value string as a format specifier in order to produce a new string, using any number of provided arguments. Please refer to the Go https://pkg.go.dev/fmt[`fmt` package documentation] for the list of valid format verbs. +Use a value string as a format specifier in order to produce a new string, using any number of provided arguments. Please refer to the Go https://pkg.go.dev/fmt[`fmt` package documentation^] for the list of valid format verbs. ==== Examples @@ -534,11 +534,10 @@ root.the_rest = this.value.slice(0, -4) === `slug` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== -Creates a "slug" from a given string. Wraps the github.com/gosimple/slug package. See its https://pkg.go.dev/github.com/gosimple/slug[docs] for more information. +Creates a "slug" from a given string. Wraps the github.com/gosimple/slug package. See its https://pkg.go.dev/github.com/gosimple/slug[docs^] for more information. Introduced in version 4.2.0. @@ -900,7 +899,7 @@ root.new_value = this.value.ceil() Converts a numerical type into a 32-bit floating point number, this is for advanced use cases where a specific data type is needed for a given component (such as the ClickHouse SQL driver). -If the value is a string then an attempt will be made to parse it as a 32-bit floating point number. Please refer to the https://pkg.go.dev/strconv#ParseFloat[`strconv.ParseFloat` documentation] for details regarding the supported formats. +If the value is a string then an attempt will be made to parse it as a 32-bit floating point number. Please refer to the https://pkg.go.dev/strconv#ParseFloat[`strconv.ParseFloat` documentation^] for details regarding the supported formats. ==== Examples @@ -919,7 +918,7 @@ root.out = this.in.float32() Converts a numerical type into a 64-bit floating point number, this is for advanced use cases where a specific data type is needed for a given component (such as the ClickHouse SQL driver). -If the value is a string then an attempt will be made to parse it as a 64-bit floating point number. Please refer to the https://pkg.go.dev/strconv#ParseFloat[`strconv.ParseFloat` documentation] for details regarding the supported formats. +If the value is a string then an attempt will be made to parse it as a 64-bit floating point number. Please refer to the https://pkg.go.dev/strconv#ParseFloat[`strconv.ParseFloat` documentation^] for details regarding the supported formats. ==== Examples @@ -952,7 +951,7 @@ root.new_value = this.value.floor() Converts a numerical type into a 16-bit signed integer, this is for advanced use cases where a specific data type is needed for a given component (such as the ClickHouse SQL driver). -If the value is a string then an attempt will be made to parse it as a 16-bit signed integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation] for details regarding the supported formats. +If the value is a string then an attempt will be made to parse it as a 16-bit signed integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation^] for details regarding the supported formats. ==== Examples @@ -983,7 +982,7 @@ root = this.int16() Converts a numerical type into a 32-bit signed integer, this is for advanced use cases where a specific data type is needed for a given component (such as the ClickHouse SQL driver). -If the value is a string then an attempt will be made to parse it as a 32-bit signed integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation] for details regarding the supported formats. +If the value is a string then an attempt will be made to parse it as a 32-bit signed integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation^] for details regarding the supported formats. ==== Examples @@ -1014,7 +1013,7 @@ root = this.int32() Converts a numerical type into a 64-bit signed integer, this is for advanced use cases where a specific data type is needed for a given component (such as the ClickHouse SQL driver). -If the value is a string then an attempt will be made to parse it as a 64-bit signed integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation] for details regarding the supported formats. +If the value is a string then an attempt will be made to parse it as a 64-bit signed integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation^] for details regarding the supported formats. ==== Examples @@ -1045,7 +1044,7 @@ root = this.int64() Converts a numerical type into a 8-bit signed integer, this is for advanced use cases where a specific data type is needed for a given component (such as the ClickHouse SQL driver). -If the value is a string then an attempt will be made to parse it as a 8-bit signed integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation] for details regarding the supported formats. +If the value is a string then an attempt will be made to parse it as a 8-bit signed integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation^] for details regarding the supported formats. ==== Examples @@ -1175,7 +1174,7 @@ root.new_value = this.value.round() Converts a numerical type into a 16-bit unsigned integer, this is for advanced use cases where a specific data type is needed for a given component (such as the ClickHouse SQL driver). -If the value is a string then an attempt will be made to parse it as a 16-bit unsigned integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation] for details regarding the supported formats. +If the value is a string then an attempt will be made to parse it as a 16-bit unsigned integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation^] for details regarding the supported formats. ==== Examples @@ -1206,7 +1205,7 @@ root = this.uint16() Converts a numerical type into a 32-bit unsigned integer, this is for advanced use cases where a specific data type is needed for a given component (such as the ClickHouse SQL driver). -If the value is a string then an attempt will be made to parse it as a 32-bit unsigned integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation] for details regarding the supported formats. +If the value is a string then an attempt will be made to parse it as a 32-bit unsigned integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation^] for details regarding the supported formats. ==== Examples @@ -1237,7 +1236,7 @@ root = this.uint32() Converts a numerical type into a 64-bit unsigned integer, this is for advanced use cases where a specific data type is needed for a given component (such as the ClickHouse SQL driver). -If the value is a string then an attempt will be made to parse it as a 64-bit unsigned integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation] for details regarding the supported formats. +If the value is a string then an attempt will be made to parse it as a 64-bit unsigned integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation^] for details regarding the supported formats. ==== Examples @@ -1268,7 +1267,7 @@ root = this.uint64() Converts a numerical type into a 8-bit unsigned integer, this is for advanced use cases where a specific data type is needed for a given component (such as the ClickHouse SQL driver). -If the value is a string then an attempt will be made to parse it as a 8-bit unsigned integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation] for details regarding the supported formats. +If the value is a string then an attempt will be made to parse it as a 8-bit unsigned integer. If the target value exceeds the capacity of an integer or contains decimal values then this method will throw an error. In order to convert a floating point number containing decimals first use <> on the value. Please refer to the https://pkg.go.dev/strconv#ParseInt[`strconv.ParseInt` documentation^] for details regarding the supported formats. ==== Examples @@ -1320,7 +1319,6 @@ root.delay_for_s = this.delay_for.parse_duration() / 1000000000 === `parse_duration_iso8601` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1359,7 +1357,6 @@ root.delay_for_s = this.delay_for.parse_duration_iso8601() / 1000000000 === `ts_add_iso8601` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1372,7 +1369,6 @@ Parse parameter string as ISO 8601 period and add it to value with high precisio === `ts_format` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1425,7 +1421,6 @@ root.something_at = this.created_at.ts_format("2006-Jan-02 15:04:05.999999", "UT === `ts_parse` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1450,7 +1445,6 @@ root.doc.timestamp = this.doc.timestamp.ts_parse("2006-Jan-02") === `ts_round` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1478,7 +1472,6 @@ root.created_at_hour = this.created_at.ts_round("1h".parse_duration()) === `ts_strftime` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1492,7 +1485,7 @@ Attempts to format a timestamp value as a string according to a specified strfti ==== Examples -The format consists of zero or more conversion specifiers and ordinary characters (except `%`). All ordinary characters are copied to the output string without modification. Each conversion specification begins with `%` character followed by the character that determines the behavior of the specifier. Please refer to https://linux.die.net/man/3/strftime[man 3 strftime] for the list of format specifiers. +The format consists of zero or more conversion specifiers and ordinary characters (except `%`). All ordinary characters are copied to the output string without modification. Each conversion specification begins with `%` character followed by the character that determines the behavior of the specifier. Please refer to https://linux.die.net/man/3/strftime[man 3 strftime^] for the list of format specifiers. ```coffeescript root.something_at = (this.created_at + 300).ts_strftime("%Y-%b-%d %H:%M:%S") @@ -1510,7 +1503,7 @@ root.something_at = this.created_at.ts_strftime("%Y-%b-%d %H:%M:%S", "UTC") # Out: {"something_at":"2020-Aug-14 11:50:26"} ``` -As an extension provided by the underlying formatting library, https://github.com/itchyny/timefmt-go[itchyny/timefmt-go], the `%f` directive is supported for zero-padded microseconds, which originates from Python. Note that E and O modifier characters are not supported. +As an extension provided by the underlying formatting library, https://github.com/itchyny/timefmt-go[itchyny/timefmt-go^], the `%f` directive is supported for zero-padded microseconds, which originates from Python. Note that E and O modifier characters are not supported. ```coffeescript root.something_at = this.created_at.ts_strftime("%Y-%b-%d %H:%M:%S.%f", "UTC") @@ -1525,7 +1518,6 @@ root.something_at = this.created_at.ts_strftime("%Y-%b-%d %H:%M:%S.%f", "UTC") === `ts_strptime` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1538,7 +1530,7 @@ Attempts to parse a string as a timestamp following a specified strptime-compati ==== Examples -The format consists of zero or more conversion specifiers and ordinary characters (except `%`). All ordinary characters are copied to the output string without modification. Each conversion specification begins with a `%` character followed by the character that determines the behavior of the specifier. Please refer to https://linux.die.net/man/3/strptime[man 3 strptime] for the list of format specifiers. +The format consists of zero or more conversion specifiers and ordinary characters (except `%`). All ordinary characters are copied to the output string without modification. Each conversion specification begins with a `%` character followed by the character that determines the behavior of the specifier. Please refer to https://linux.die.net/man/3/strptime[man 3 strptime^] for the list of format specifiers. ```coffeescript root.doc.timestamp = this.doc.timestamp.ts_strptime("%Y-%b-%d") @@ -1547,7 +1539,7 @@ root.doc.timestamp = this.doc.timestamp.ts_strptime("%Y-%b-%d") # Out: {"doc":{"timestamp":"2020-08-14T00:00:00Z"}} ``` -As an extension provided by the underlying formatting library, https://github.com/itchyny/timefmt-go[itchyny/timefmt-go], the `%f` directive is supported for zero-padded microseconds, which originates from Python. Note that E and O modifier characters are not supported. +As an extension provided by the underlying formatting library, https://github.com/itchyny/timefmt-go[itchyny/timefmt-go^], the `%f` directive is supported for zero-padded microseconds, which originates from Python. Note that E and O modifier characters are not supported. ```coffeescript root.doc.timestamp = this.doc.timestamp.ts_strptime("%Y-%b-%d %H:%M:%S.%f") @@ -1559,7 +1551,6 @@ root.doc.timestamp = this.doc.timestamp.ts_strptime("%Y-%b-%d %H:%M:%S.%f") === `ts_sub` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1587,7 +1578,6 @@ root.between = this.started_at.ts_sub("2020-08-14T05:54:23Z").abs() === `ts_sub_iso8601` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1600,7 +1590,6 @@ Parse parameter string as ISO 8601 period and subtract it from value with high p === `ts_tz` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1626,7 +1615,6 @@ root.created_at_utc = this.created_at.ts_tz("UTC") === `ts_unix` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1645,7 +1633,6 @@ root.created_at_unix = this.created_at.ts_unix() === `ts_unix_micro` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1664,7 +1651,6 @@ root.created_at_unix = this.created_at.ts_unix_micro() === `ts_unix_milli` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -1683,7 +1669,6 @@ root.created_at_unix = this.created_at.ts_unix_milli() === `ts_unix_nano` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -2016,11 +2001,10 @@ root.has_bar = this.thing.contains(20) === `diff` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== -Create a diff by comparing the current value with the given one. Wraps the github.com/r3labs/diff/v3 package. See its https://pkg.go.dev/github.com/r3labs/diff/v3[docs] for more information. +Create a diff by comparing the current value with the given one. Wraps the github.com/r3labs/diff/v3 package. See its https://pkg.go.dev/github.com/r3labs/diff/v3[docs^] for more information. Introduced in version 4.25.0. @@ -2108,7 +2092,6 @@ root.new_dict = this.dict.filter(item -> item.value.contains("foo")) === `find` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -2138,7 +2121,6 @@ root.index = this.things.find(this.goal) === `find_all` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -2168,7 +2150,6 @@ root.indexes = this.things.find_all(this.goal) === `find_all_by` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -2191,7 +2172,6 @@ root.index = this.find_all_by(v -> v != "bar") === `find_by` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -2332,7 +2312,6 @@ root.joined_numbers = this.numbers.map_each(this.string()).join(",") === `json_path` [CAUTION] -.Experimental ==== This method is experimental and therefore breaking changes could be made to it outside of major version releases. ==== @@ -2365,11 +2344,10 @@ root.text_objects = this.json_path("$.body[?(@.type=='text')]") === `json_schema` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== -Checks a https://json-schema.org/[JSON schema] against a value and returns the value if it matches or throws and error if it does not. +Checks a https://json-schema.org/[JSON schema^] against a value and returns the value if it matches or throws and error if it does not. ==== Parameters @@ -2529,11 +2507,10 @@ root = this.foo.merge(this.bar) === `patch` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== -Create a diff by comparing the current value with the given one. Wraps the github.com/r3labs/diff/v3 package. See its https://pkg.go.dev/github.com/r3labs/diff/v3[docs] for more information. +Create a diff by comparing the current value with the given one. Wraps the github.com/r3labs/diff/v3 package. See its https://pkg.go.dev/github.com/r3labs/diff/v3[docs^] for more information. Introduced in version 4.25.0. @@ -2728,7 +2705,6 @@ root.foo = this.foo.zip(this.bar, this.baz) === `bloblang` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -2754,7 +2730,6 @@ root.body = this.body.bloblang(this.mapping) === `format_json` [CAUTION] -.Beta ==== This method is mostly stable but breaking changes could still be made outside of major version releases if a fundamental problem with it is found. ==== @@ -2810,7 +2785,7 @@ root = this.doc.format_json(no_indent: true) === `format_msgpack` -Formats data as a https://msgpack.org/[MessagePack] message in bytes format. +Formats data as a https://msgpack.org/[MessagePack^] message in bytes format. ==== Examples @@ -3000,7 +2975,7 @@ root.doc = this.doc.parse_json(use_number: true) === `parse_msgpack` -Parses a https://msgpack.org/[MessagePack] message into a structured document. +Parses a https://msgpack.org/[MessagePack^] message into a structured document. ==== Examples @@ -3021,7 +2996,7 @@ root = this.encoded.decode("base64").parse_msgpack() === `parse_parquet` -Decodes a https://parquet.apache.org/docs/[Parquet file] into an array of objects, one for each row within the file. +Decodes a https://parquet.apache.org/docs/[Parquet file^] into an array of objects, one for each row within the file. ==== Parameters @@ -3147,7 +3122,7 @@ root.compressed = content().compress("lz4").encode("base64") Decodes an encoded string target according to a chosen scheme and returns the result as a byte array. When mapping the result to a JSON field the value should be cast to a string using the method `string`, or encoded using the method `encode`, otherwise it will be base64 encoded by default. -Available schemes are: `base64`, `base64url` https://rfc-editor.org/rfc/rfc4648.html[(RFC 4648 with padding characters)], `base64rawurl` https://rfc-editor.org/rfc/rfc4648.html[(RFC 4648 without padding characters)], `hex`, `ascii85`. +Available schemes are: `base64`, `base64url` https://rfc-editor.org/rfc/rfc4648.html[(RFC 4648 with padding characters)^], `base64rawurl` https://rfc-editor.org/rfc/rfc4648.html[(RFC 4648 without padding characters)^], `hex`, `ascii85`. ==== Parameters @@ -3221,7 +3196,7 @@ root.decrypted = this.value.decode("hex").decrypt_aes("ctr", $key, $vector).stri === `encode` -Encodes a string or byte array target according to a chosen scheme and returns a string result. Available schemes are: `base64`, `base64url` https://rfc-editor.org/rfc/rfc4648.html[(RFC 4648 with padding characters)], `base64rawurl` https://rfc-editor.org/rfc/rfc4648.html[(RFC 4648 without padding characters)], `hex`, `ascii85`. +Encodes a string or byte array target according to a chosen scheme and returns a string result. Available schemes are: `base64`, `base64url` https://rfc-editor.org/rfc/rfc4648.html[(RFC 4648 with padding characters)^], `base64rawurl` https://rfc-editor.org/rfc/rfc4648.html[(RFC 4648 without padding characters)^], `hex`, `ascii85`. ==== Parameters @@ -3734,11 +3709,10 @@ root.signed = this.claims.sign_jwt_rs512("""-----BEGIN RSA PRIVATE KEY----- === `geoip_anonymous_ip` [CAUTION] -.Experimental ==== This method is experimental and therefore breaking changes could be made to it outside of major version releases. ==== -Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file] and, if found, returns an object describing the anonymous IP associated with it. +Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file^] and, if found, returns an object describing the anonymous IP associated with it. ==== Parameters @@ -3747,11 +3721,10 @@ Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind databas === `geoip_asn` [CAUTION] -.Experimental ==== This method is experimental and therefore breaking changes could be made to it outside of major version releases. ==== -Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file] and, if found, returns an object describing the ASN associated with it. +Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file^] and, if found, returns an object describing the ASN associated with it. ==== Parameters @@ -3760,11 +3733,10 @@ Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind databas === `geoip_city` [CAUTION] -.Experimental ==== This method is experimental and therefore breaking changes could be made to it outside of major version releases. ==== -Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file] and, if found, returns an object describing the city associated with it. +Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file^] and, if found, returns an object describing the city associated with it. ==== Parameters @@ -3773,11 +3745,10 @@ Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind databas === `geoip_connection_type` [CAUTION] -.Experimental ==== This method is experimental and therefore breaking changes could be made to it outside of major version releases. ==== -Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file] and, if found, returns an object describing the connection type associated with it. +Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file^] and, if found, returns an object describing the connection type associated with it. ==== Parameters @@ -3786,11 +3757,10 @@ Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind databas === `geoip_country` [CAUTION] -.Experimental ==== This method is experimental and therefore breaking changes could be made to it outside of major version releases. ==== -Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file] and, if found, returns an object describing the country associated with it. +Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file^] and, if found, returns an object describing the country associated with it. ==== Parameters @@ -3799,11 +3769,10 @@ Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind databas === `geoip_domain` [CAUTION] -.Experimental ==== This method is experimental and therefore breaking changes could be made to it outside of major version releases. ==== -Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file] and, if found, returns an object describing the domain associated with it. +Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file^] and, if found, returns an object describing the domain associated with it. ==== Parameters @@ -3812,11 +3781,10 @@ Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind databas === `geoip_enterprise` [CAUTION] -.Experimental ==== This method is experimental and therefore breaking changes could be made to it outside of major version releases. ==== -Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file] and, if found, returns an object describing the enterprise associated with it. +Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file^] and, if found, returns an object describing the enterprise associated with it. ==== Parameters @@ -3825,11 +3793,10 @@ Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind databas === `geoip_isp` [CAUTION] -.Experimental ==== This method is experimental and therefore breaking changes could be made to it outside of major version releases. ==== -Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file] and, if found, returns an object describing the ISP associated with it. +Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file^] and, if found, returns an object describing the ISP associated with it. ==== Parameters diff --git a/internal/impl/avro/scanner.go b/internal/impl/avro/scanner.go index 4200dc7fbe..5462433a3b 100644 --- a/internal/impl/avro/scanner.go +++ b/internal/impl/avro/scanner.go @@ -21,7 +21,7 @@ func avroScannerSpec() *service.ConfigSpec { Description(` == Avro JSON format -This scanner yields documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON] when decoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: +This scanner yields documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^] when decoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: - if its type is ` + "`null`, then it is encoded as a JSON `null`" + `; - otherwise it is encoded as a JSON object with one name/value pair whose name is the type's name and whose value is the recursively encoded value. For Avro's named types (record, fixed or enum) the user-specified name is used, for other types the type name is used. @@ -32,11 +32,11 @@ For example, the union schema ` + "`[\"null\",\"string\",\"Foo\"]`, where `Foo`" - the string ` + "`\"a\"` as `{\"string\": \"a\"}`" + `; and - a ` + "`Foo` instance as `{\"Foo\": {...}}`, where `{...}` indicates the JSON encoding of a `Foo`" + ` instance. -However, it is possible to instead create documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format] by setting the field ` + "<> to `true`" + `. +However, it is possible to instead create documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format^] by setting the field ` + "<> to `true`" + `. `). Fields( service.NewBoolField(sFieldRawJSON). - Description("Whether messages should be decoded into normal JSON (\"json that meets the expectations of regular internet json\") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON]. If `true` the schema returned from the subject should be decoded as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro], the https://github.com/linkedin/goavro[underlining library used for avro serialization], that explains in more detail the difference between the standard json and avro json."). + Description("Whether messages should be decoded into normal JSON (\"json that meets the expectations of regular internet json\") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^]. If `true` the schema returned from the subject should be decoded as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json^] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json^]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro^], the https://github.com/linkedin/goavro[underlining library used for avro serialization^], that explains in more detail the difference between the standard json and avro json."). Advanced(). Default(false), ) diff --git a/internal/impl/awk/processor.go b/internal/impl/awk/processor.go index 8850a979e7..9372e6979b 100644 --- a/internal/impl/awk/processor.go +++ b/internal/impl/awk/processor.go @@ -32,7 +32,7 @@ Comes with a wide range of <> for accessing mess Check out the <> in order to see how this processor can be used. -This processor uses https://github.com/benhoyt/goawk[GoAWK], in order to understand the differences in how the program works you can read more about it in https://github.com/benhoyt/goawk#differences-from-awk[goawk.differences].`). +This processor uses https://github.com/benhoyt/goawk[GoAWK^], in order to understand the differences in how the program works you can read more about it in https://github.com/benhoyt/goawk#differences-from-awk[goawk.differences^].`). Footnotes(` == Codecs diff --git a/internal/impl/aws/config/config.go b/internal/impl/aws/config/config.go index c07c1ad48f..f0cdf3f598 100644 --- a/internal/impl/aws/config/config.go +++ b/internal/impl/aws/config/config.go @@ -29,7 +29,7 @@ func SessionFields() []*service.ConfigField { Description("The token for the credentials being used, required when using short term credentials."). Default("").Advanced(), service.NewBoolField("from_ec2_role"). - Description("Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance]."). + Description("Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]."). Default(false).Version("4.2.0"), service.NewStringField("role"). Description("A role ARN to assume."). diff --git a/internal/impl/azure/cosmosdb/docs.go b/internal/impl/azure/cosmosdb/docs.go index 1444bb85fd..da437d9727 100644 --- a/internal/impl/azure/cosmosdb/docs.go +++ b/internal/impl/azure/cosmosdb/docs.go @@ -79,7 +79,7 @@ var CredentialsDocs = ` You can use one of the following authentication mechanisms: - Set the ` + "`endpoint`" + ` field and the ` + "`account_key`" + ` field -- Set only the ` + "`endpoint`" + ` field to use https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential] +- Set only the ` + "`endpoint`" + ` field to use https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential^] - Set the ` + "`connection_string`" + ` field ` @@ -102,7 +102,7 @@ var BatchingDocs = ` == Batching -CosmosDB limits the maximum batch size to 100 messages and the payload must not exceed 2MB (https://learn.microsoft.com/en-us/azure/cosmos-db/concepts-limits#per-request-limits[details here]). +CosmosDB limits the maximum batch size to 100 messages and the payload must not exceed 2MB (https://learn.microsoft.com/en-us/azure/cosmos-db/concepts-limits#per-request-limits[details here^]). ` // EmulatorDocs emulator docs @@ -110,7 +110,7 @@ var EmulatorDocs = ` == CosmosDB emulator -If you wish to run the CosmosDB emulator that is referenced in the documentation https://learn.microsoft.com/en-us/azure/cosmos-db/linux-emulator[here], the following Docker command should do the trick: +If you wish to run the CosmosDB emulator that is referenced in the documentation https://learn.microsoft.com/en-us/azure/cosmos-db/linux-emulator[here^], the following Docker command should do the trick: ` + "```bash" + ` > docker run --rm -it -p 8081:8081 --name=cosmosdb -e AZURE_COSMOS_EMULATOR_PARTITION_COUNT=10 -e AZURE_COSMOS_EMULATOR_ENABLE_DATA_PERSISTENCE=false mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator @@ -118,7 +118,7 @@ If you wish to run the CosmosDB emulator that is referenced in the documentation Note: ` + "`AZURE_COSMOS_EMULATOR_PARTITION_COUNT`" + ` controls the number of partitions that will be supported by the emulator. The bigger the value, the longer it takes for the container to start up. -Additionally, instead of installing the container self-signed certificate which is exposed via ` + "`https://localhost:8081/_explorer/emulator.pem`" + `, you can run https://mitmproxy.org/[mitmproxy] like so: +Additionally, instead of installing the container self-signed certificate which is exposed via ` + "`https://localhost:8081/_explorer/emulator.pem`" + `, you can run https://mitmproxy.org/[mitmproxy^] like so: ` + "```bash" + ` > mitmproxy -k --mode "reverse:https://localhost:8081" diff --git a/internal/impl/azure/input_blob_storage.go b/internal/impl/azure/input_blob_storage.go index 5b0f28be20..cfbb8ea378 100644 --- a/internal/impl/azure/input_blob_storage.go +++ b/internal/impl/azure/input_blob_storage.go @@ -75,7 +75,7 @@ Supports multiple authentication methods but only one of the following is requir - `+"`storage_connection_string`"+` - `+"`storage_account` and `storage_access_key`"+` - `+"`storage_account` and `storage_sas_token`"+` -- `+"`storage_account` to access via https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential]"+` +- `+"`storage_account` to access via https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential^]"+` If multiple are set then the `+"`storage_connection_string`"+` is given priority. @@ -88,7 +88,7 @@ When downloading large files it's often necessary to process it in streamed part == Stream new files -By default this input will consume all files found within the target container and will then gracefully terminate. This is referred to as a "batch" mode of operation. However, it's possible to instead configure a container as https://learn.microsoft.com/en-gb/azure/event-grid/event-schema-blob-storage[an Event Grid source] and then use this as a `+"<>"+`, in which case new files are consumed as they're uploaded and Benthos will continue listening for and downloading files as they arrive. This is referred to as a "streamed" mode of operation. +By default this input will consume all files found within the target container and will then gracefully terminate. This is referred to as a "batch" mode of operation. However, it's possible to instead configure a container as https://learn.microsoft.com/en-gb/azure/event-grid/event-schema-blob-storage[an Event Grid source^] and then use this as a `+"<>"+`, in which case new files are consumed as they're uploaded and Benthos will continue listening for and downloading files as they arrive. This is referred to as a "streamed" mode of operation. == Metadata diff --git a/internal/impl/azure/input_cosmosdb.go b/internal/impl/azure/input_cosmosdb.go index a645764d11..773fd1312d 100644 --- a/internal/impl/azure/input_cosmosdb.go +++ b/internal/impl/azure/input_cosmosdb.go @@ -27,11 +27,11 @@ func cosmosDBInputSpec() *service.ConfigSpec { // Beta(). Categories("Azure"). Version("v4.25.0"). - Summary(`Executes a SQL query against https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB] and creates a batch of messages from each page of items.`). + Summary(`Executes a SQL query against https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB^] and creates a batch of messages from each page of items.`). Description(` == Cross-partition queries -Cross-partition queries are currently not supported by the underlying driver. For every query, the PartitionKey values must be known in advance and specified in the config. https://github.com/Azure/azure-sdk-for-go/issues/18578#issuecomment-1222510989[See details]. +Cross-partition queries are currently not supported by the underlying driver. For every query, the PartitionKey values must be known in advance and specified in the config. https://github.com/Azure/azure-sdk-for-go/issues/18578#issuecomment-1222510989[See details^]. `+cosmosdb.CredentialsDocs+cosmosdb.MetadataDocs). Footnotes(cosmosdb.EmulatorDocs). Fields(cosmosdb.ContainerClientConfigFields()...). diff --git a/internal/impl/azure/output_blob_storage.go b/internal/impl/azure/output_blob_storage.go index abece7ee06..04f89d7c04 100644 --- a/internal/impl/azure/output_blob_storage.go +++ b/internal/impl/azure/output_blob_storage.go @@ -72,7 +72,7 @@ Supports multiple authentication methods but only one of the following is requir - `+"`storage_connection_string`"+` - `+"`storage_account` and `storage_access_key`"+` - `+"`storage_account` and `storage_sas_token`"+` -- `+"`storage_account` to access via https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential]"+` +- `+"`storage_account` to access via https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential[DefaultAzureCredential^]"+` If multiple are set then the `+"`storage_connection_string`"+` is given priority. diff --git a/internal/impl/azure/output_cosmosdb.go b/internal/impl/azure/output_cosmosdb.go index 57b1cba78c..c53824ca8e 100644 --- a/internal/impl/azure/output_cosmosdb.go +++ b/internal/impl/azure/output_cosmosdb.go @@ -21,9 +21,9 @@ func cosmosDBOutputConfig() *service.ConfigSpec { // Stable(). TODO Categories("Azure"). Version("v4.25.0"). - Summary("Creates or updates messages as JSON documents in https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB]."). + Summary("Creates or updates messages as JSON documents in https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB^]."). Description(` -When creating documents, each message must have the `+"`id`"+` property (case-sensitive) set (or use `+"`auto_id: true`"+`). It is the unique name that identifies the document, that is, no two documents share the same `+"`id`"+` within a logical partition. The `+"`id`"+` field must not exceed 255 characters. https://learn.microsoft.com/en-us/rest/api/cosmos-db/documents[See details]. +When creating documents, each message must have the `+"`id`"+` property (case-sensitive) set (or use `+"`auto_id: true`"+`). It is the unique name that identifies the document, that is, no two documents share the same `+"`id`"+` within a logical partition. The `+"`id`"+` field must not exceed 255 characters. https://learn.microsoft.com/en-us/rest/api/cosmos-db/documents[See details^]. The `+"`partition_keys`"+` field must resolve to the same value(s) across the entire message batch. `+cosmosdb.CredentialsDocs+cosmosdb.BatchingDocs+service.OutputPerformanceDocs(true, true)). diff --git a/internal/impl/azure/processor_cosmosdb.go b/internal/impl/azure/processor_cosmosdb.go index 2f83dadbc0..e1a0d25a6e 100644 --- a/internal/impl/azure/processor_cosmosdb.go +++ b/internal/impl/azure/processor_cosmosdb.go @@ -20,9 +20,9 @@ func cosmosDBProcessorConfig() *service.ConfigSpec { // Stable(). TODO Categories("Azure"). Version("v4.25.0"). - Summary("Creates or updates messages as JSON documents in https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB]."). + Summary("Creates or updates messages as JSON documents in https://learn.microsoft.com/en-us/azure/cosmos-db/introduction[Azure CosmosDB^]."). Description(` -When creating documents, each message must have the `+"`id`"+` property (case-sensitive) set (or use `+"`auto_id: true`"+`). It is the unique name that identifies the document, that is, no two documents share the same `+"`id`"+` within a logical partition. The `+"`id`"+` field must not exceed 255 characters. https://learn.microsoft.com/en-us/rest/api/cosmos-db/documents[See details]. +When creating documents, each message must have the `+"`id`"+` property (case-sensitive) set (or use `+"`auto_id: true`"+`). It is the unique name that identifies the document, that is, no two documents share the same `+"`id`"+` within a logical partition. The `+"`id`"+` field must not exceed 255 characters. https://learn.microsoft.com/en-us/rest/api/cosmos-db/documents[See details^]. The `+"`partition_keys`"+` field must resolve to the same value(s) across the entire message batch. `+cosmosdb.CredentialsDocs+cosmosdb.MetadataDocs+cosmosdb.BatchingDocs). diff --git a/internal/impl/changelog/bloblang.go b/internal/impl/changelog/bloblang.go index ac45e03c75..23277b293c 100644 --- a/internal/impl/changelog/bloblang.go +++ b/internal/impl/changelog/bloblang.go @@ -12,7 +12,7 @@ func init() { diffSpec := bloblang.NewPluginSpec(). Beta(). Category("Object & Array Manipulation"). - Description(`Create a diff by comparing the current value with the given one. Wraps the github.com/r3labs/diff/v3 package. See its https://pkg.go.dev/github.com/r3labs/diff/v3[docs] for more information.`). + Description(`Create a diff by comparing the current value with the given one. Wraps the github.com/r3labs/diff/v3 package. See its https://pkg.go.dev/github.com/r3labs/diff/v3[docs^] for more information.`). Version("4.25.0"). Param(bloblang.NewAnyParam("other").Description("The value to compare against.")) @@ -45,7 +45,7 @@ func init() { patchSpec := bloblang.NewPluginSpec(). Beta(). Category("Object & Array Manipulation"). - Description(`Create a diff by comparing the current value with the given one. Wraps the github.com/r3labs/diff/v3 package. See its https://pkg.go.dev/github.com/r3labs/diff/v3[docs] for more information.`). + Description(`Create a diff by comparing the current value with the given one. Wraps the github.com/r3labs/diff/v3 package. See its https://pkg.go.dev/github.com/r3labs/diff/v3[docs^] for more information.`). Version("4.25.0"). Param(bloblang.NewAnyParam("changelog").Description("The changelog to apply.")) diff --git a/internal/impl/cockroachdb/input_changefeed.go b/internal/impl/cockroachdb/input_changefeed.go index dfa609ea0a..4b8b9d4ca5 100644 --- a/internal/impl/cockroachdb/input_changefeed.go +++ b/internal/impl/cockroachdb/input_changefeed.go @@ -30,8 +30,8 @@ var sampleString = `{ func crdbChangefeedInputConfig() *service.ConfigSpec { return service.NewConfigSpec(). Categories("Integration"). - Summary(fmt.Sprintf("Listens to a https://www.cockroachlabs.com/docs/stable/changefeed-examples[CockroachDB Core Changefeed] and creates a message for each row received. Each message is a json object looking like: \n```json\n%s\n```", sampleString)). - Description("This input will continue to listen to the changefeed until shutdown. A backfill of the full current state of the table will be delivered upon each run unless a cache is configured for storing cursor timestamps, as this is how Benthos keeps track as to which changes have been successfully delivered.\n\nNote: You must have `SET CLUSTER SETTING kv.rangefeed.enabled = true;` on your CRDB cluster, for more information refer to https://www.cockroachlabs.com/docs/stable/changefeed-examples?filters=core[the official CockroachDB documentation]."). + Summary(fmt.Sprintf("Listens to a https://www.cockroachlabs.com/docs/stable/changefeed-examples[CockroachDB Core Changefeed^] and creates a message for each row received. Each message is a json object looking like: \n```json\n%s\n```", sampleString)). + Description("This input will continue to listen to the changefeed until shutdown. A backfill of the full current state of the table will be delivered upon each run unless a cache is configured for storing cursor timestamps, as this is how Benthos keeps track as to which changes have been successfully delivered.\n\nNote: You must have `SET CLUSTER SETTING kv.rangefeed.enabled = true;` on your CRDB cluster, for more information refer to https://www.cockroachlabs.com/docs/stable/changefeed-examples?filters=core[the official CockroachDB documentation^]."). Fields( service.NewStringField("dsn"). Description(`A Data Source Name to identify the target database.`). @@ -41,10 +41,10 @@ func crdbChangefeedInputConfig() *service.ConfigSpec { Description("CSV of tables to be included in the changefeed"). Example([]string{"table1", "table2"}), service.NewStringField("cursor_cache"). - Description("A https://www.docs.redpanda.com/redpanda-connect/components/caches/about[cache resource] to use for storing the current latest cursor that has been successfully delivered, this allows Benthos to continue from that cursor upon restart, rather than consume the entire state of the table."). + Description("A https://www.docs.redpanda.com/redpanda-connect/components/caches/about[cache resource^] to use for storing the current latest cursor that has been successfully delivered, this allows Benthos to continue from that cursor upon restart, rather than consume the entire state of the table."). Optional(), service.NewStringListField("options"). - Description("A list of options to be included in the changefeed (WITH X, Y...).\n**NOTE: Both the CURSOR option and UPDATED will be ignored from these options when a `cursor_cache` is specified, as they are set explicitly by Benthos in this case.**"). + Description("A list of options to be included in the changefeed (WITH X, Y...).\n\nNOTE: Both the CURSOR option and UPDATED will be ignored from these options when a `cursor_cache` is specified, as they are set explicitly by Benthos in this case."). Example([]string{`virtual_columns="omitted"`}). Advanced(). Optional(), diff --git a/internal/impl/confluent/processor_schema_registry_decode.go b/internal/impl/confluent/processor_schema_registry_decode.go index 5987aad617..38dd0ede01 100644 --- a/internal/impl/confluent/processor_schema_registry_decode.go +++ b/internal/impl/confluent/processor_schema_registry_decode.go @@ -23,13 +23,13 @@ func schemaRegistryDecoderConfig() *service.ConfigSpec { Categories("Parsing", "Integration"). Summary("Automatically decodes and validates messages with schemas from a Confluent Schema Registry service."). Description(` -Decodes messages automatically from a schema stored within a https://docs.confluent.io/platform/current/schema-registry/index.html[Confluent Schema Registry service] by extracting a schema ID from the message and obtaining the associated schema from the registry. If a message fails to match against the schema then it will remain unchanged and the error can be caught using xref:configuration:error_handling.adoc[error handling methods]. +Decodes messages automatically from a schema stored within a https://docs.confluent.io/platform/current/schema-registry/index.html[Confluent Schema Registry service^] by extracting a schema ID from the message and obtaining the associated schema from the registry. If a message fails to match against the schema then it will remain unchanged and the error can be caught using xref:configuration:error_handling.adoc[error handling methods]. Avro, Protobuf and Json schemas are supported, all are capable of expanding from schema references as of v4.22.0. == Avro JSON format -This processor creates documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON] when decoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: +This processor creates documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^] when decoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: - if its type is ` + "`null`, then it is encoded as a JSON `null`" + `; - otherwise it is encoded as a JSON object with one name/value pair whose name is the type's name and whose value is the recursively encoded value. For Avro's named types (record, fixed or enum) the user-specified name is used, for other types the type name is used. @@ -40,14 +40,14 @@ For example, the union schema ` + "`[\"null\",\"string\",\"Foo\"]`, where `Foo`" - the string ` + "`\"a\"` as `\\{\"string\": \"a\"}`" + `; and - a ` + "`Foo` instance as `\\{\"Foo\": {...}}`, where `{...}` indicates the JSON encoding of a `Foo`" + ` instance. -However, it is possible to instead create documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format] by setting the field ` + "<> to `true`" + `. +However, it is possible to instead create documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format^] by setting the field ` + "<> to `true`" + `. == Protobuf format This processor decodes protobuf messages to JSON documents, you can read more about JSON mapping of protobuf messages here: https://developers.google.com/protocol-buffers/docs/proto3#json `). Field(service.NewBoolField("avro_raw_json"). - Description("Whether Avro messages should be decoded into normal JSON (\"json that meets the expectations of regular internet json\") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON]. If `true` the schema returned from the subject should be decoded as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro], the https://github.com/linkedin/goavro[underlining library used for avro serialization], that explains in more detail the difference between the standard json and avro json."). + Description("Whether Avro messages should be decoded into normal JSON (\"json that meets the expectations of regular internet json\") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^]. If `true` the schema returned from the subject should be decoded as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json^] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json^]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro^], the https://github.com/linkedin/goavro[underlining library used for avro serialization^], that explains in more detail the difference between the standard json and avro json."). Advanced().Default(false)). Field(service.NewURLField("url").Description("The base URL of the schema registry service.")) diff --git a/internal/impl/confluent/processor_schema_registry_encode.go b/internal/impl/confluent/processor_schema_registry_encode.go index 46fe3f3e0b..6a8f42ea54 100644 --- a/internal/impl/confluent/processor_schema_registry_encode.go +++ b/internal/impl/confluent/processor_schema_registry_encode.go @@ -24,7 +24,7 @@ func schemaRegistryEncoderConfig() *service.ConfigSpec { Categories("Parsing", "Integration"). Summary("Automatically encodes and validates messages with schemas from a Confluent Schema Registry service."). Description(` -Encodes messages automatically from schemas obtains from a https://docs.confluent.io/platform/current/schema-registry/index.html[Confluent Schema Registry service] by polling the service for the latest schema version for target subjects. +Encodes messages automatically from schemas obtains from a https://docs.confluent.io/platform/current/schema-registry/index.html[Confluent Schema Registry service^] by polling the service for the latest schema version for target subjects. If a message fails to encode under the schema then it will remain unchanged and the error can be caught using xref:configuration:error_handling.adoc[error handling methods]. @@ -32,7 +32,7 @@ Avro, Protobuf and Json schemas are supported, all are capable of expanding from == Avro JSON format -By default this processor expects documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON] when encoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: +By default this processor expects documents formatted as https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^] when encoding with Avro schemas. In this format the value of a union is encoded in JSON as follows: - if its type is ` + "`null`, then it is encoded as a JSON `null`" + `; - otherwise it is encoded as a JSON object with one name/value pair whose name is the type's name and whose value is the recursively encoded value. For Avro's named types (record, fixed or enum) the user-specified name is used, for other types the type name is used. @@ -43,11 +43,11 @@ For example, the union schema ` + "`[\"null\",\"string\",\"Foo\"]`, where `Foo`" - the string ` + "`\"a\"` as `\\{\"string\": \"a\"}`" + `; and - a ` + "`Foo` instance as `\\{\"Foo\": {...}}`, where `{...}` indicates the JSON encoding of a `Foo`" + ` instance. -However, it is possible to instead consume documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format] by setting the field ` + "<> to `true`" + `. +However, it is possible to instead consume documents in https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard/raw JSON format^] by setting the field ` + "<> to `true`" + `. === Known issues -Important! There is an outstanding issue in the https://github.com/linkedin/goavro[avro serializing library] that benthos uses which means it https://github.com/linkedin/goavro/issues/252[doesn't encode logical types correctly]. It's still possible to encode logical types that are in-line with the spec if ` + "`avro_raw_json` is set to true" + `, though now of course non-logical types will not be in-line with the spec. +Important! There is an outstanding issue in the https://github.com/linkedin/goavro[avro serializing library^] that benthos uses which means it https://github.com/linkedin/goavro/issues/252[doesn't encode logical types correctly^]. It's still possible to encode logical types that are in-line with the spec if ` + "`avro_raw_json` is set to true" + `, though now of course non-logical types will not be in-line with the spec. == Protobuf format @@ -57,7 +57,7 @@ This processor encodes protobuf messages either from any format parsed within Be When a target subject presents a protobuf schema that contains multiple messages it becomes ambiguous which message definition a given input data should be encoded against. In such scenarios Benthos will attempt to encode the data against each of them and select the first to successfully match against the data, this process currently *ignores all nested message definitions*. In order to speed up this exhaustive search the last known successful message will be attempted first for each subsequent input. -We will be considering alternative approaches in future so please https://redpanda.com/slack[get in touch] with thoughts and feedback. +We will be considering alternative approaches in future so please https://redpanda.com/slack[get in touch^] with thoughts and feedback. `). Field(service.NewURLField("url").Description("The base URL of the schema registry service.")). Field(service.NewInterpolatedStringField("subject").Description("The schema subject to derive schemas from."). @@ -69,7 +69,7 @@ We will be considering alternative approaches in future so please https://redpan Example("60s"). Example("1h")). Field(service.NewBoolField("avro_raw_json"). - Description("Whether messages encoded in Avro format should be parsed as normal JSON (\"json that meets the expectations of regular internet json\") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON]. If `true` the schema returned from the subject should be parsed as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro], the https://github.com/linkedin/goavro[underlining library used for avro serialization], that explains in more detail the difference between standard json and avro json."). + Description("Whether messages encoded in Avro format should be parsed as normal JSON (\"json that meets the expectations of regular internet json\") rather than https://avro.apache.org/docs/current/specification/_print/#json-encoding[Avro JSON^]. If `true` the schema returned from the subject should be parsed as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodecForStandardJSONFull[standard json^] instead of as https://pkg.go.dev/github.com/linkedin/goavro/v2#NewCodec[avro json^]. There is a https://github.com/linkedin/goavro/blob/5ec5a5ee7ec82e16e6e2b438d610e1cab2588393/union.go#L224-L249[comment in goavro^], the https://github.com/linkedin/goavro[underlining library used for avro serialization^], that explains in more detail the difference between standard json and avro json."). Advanced().Default(false).Version("3.59.0")) for _, f := range service.NewHTTPRequestAuthSignerFields() { diff --git a/internal/impl/dgraph/cache_ristretto.go b/internal/impl/dgraph/cache_ristretto.go index 36388f1c20..8e874f3c5c 100644 --- a/internal/impl/dgraph/cache_ristretto.go +++ b/internal/impl/dgraph/cache_ristretto.go @@ -20,7 +20,7 @@ func ristrettoCacheConfig() *service.ConfigSpec { spec := service.NewConfigSpec(). Stable(). - Summary(`Stores key/value pairs in a map held in the memory-bound https://github.com/dgraph-io/ristretto[Ristretto cache].`). + Summary(`Stores key/value pairs in a map held in the memory-bound https://github.com/dgraph-io/ristretto[Ristretto cache^].`). Description(`This cache is more efficient and appropriate for high-volume use cases than the standard memory cache. However, the add command is non-atomic, and therefore this cache is not suitable for deduplication.`). Field(service.NewDurationField("default_ttl"). Description("A default TTL to set for items, calculated from the moment the item is cached. Set to an empty string or zero duration to disable TTLs."). diff --git a/internal/impl/discord/output.go b/internal/impl/discord/output.go index 43085b053f..a5a4fe19ec 100644 --- a/internal/impl/discord/output.go +++ b/internal/impl/discord/output.go @@ -17,7 +17,7 @@ func outputConfig() *service.ConfigSpec { Description(` This output POSTs messages to the `+"`/channels/\\{channel_id}/messages`"+` Discord API endpoint authenticated as a bot using token based authentication. -If the format of a message is a JSON object matching the https://discord.com/developers/docs/resources/channel#message-object[Discord API message type] then it is sent directly, otherwise an object matching the API type is created with the content of the message added as a string. +If the format of a message is a JSON object matching the https://discord.com/developers/docs/resources/channel#message-object[Discord API message type^] then it is sent directly, otherwise an object matching the API type is created with the content of the message added as a string. `). Fields( service.NewStringField("channel_id"). diff --git a/internal/impl/gcp/input_pubsub.go b/internal/impl/gcp/input_pubsub.go index 8b901fb2af..5d25194f79 100644 --- a/internal/impl/gcp/input_pubsub.go +++ b/internal/impl/gcp/input_pubsub.go @@ -73,7 +73,7 @@ func pbiSpec() *service.ConfigSpec { Categories("Services", "GCP"). Summary(`Consumes messages from a GCP Cloud Pub/Sub subscription.`). Description(` -For information on how to set up credentials see https://cloud.google.com/docs/authentication/production[this guide]. +For information on how to set up credentials see https://cloud.google.com/docs/authentication/production[this guide^]. == Metadata @@ -93,7 +93,7 @@ You can access these metadata fields using xref:configuration:interpolation.adoc service.NewStringField(pbiFieldSubscriptionID). Description("The target subscription ID."), service.NewStringField(pbiFieldEndpoint). - Description("An optional endpoint to override the default of `pubsub.googleapis.com:443`. This can be used to connect to a region specific pubsub endpoint. For a list of valid values, see https://cloud.google.com/pubsub/docs/reference/service_apis_overview#list_of_regional_endpoints[this document]."). + Description("An optional endpoint to override the default of `pubsub.googleapis.com:443`. This can be used to connect to a region specific pubsub endpoint. For a list of valid values, see https://cloud.google.com/pubsub/docs/reference/service_apis_overview#list_of_regional_endpoints[this document^]."). Example("us-central1-pubsub.googleapis.com:443"). Example("us-west3-pubsub.googleapis.com:443"). Default(""), diff --git a/internal/impl/gcp/output_bigquery.go b/internal/impl/gcp/output_bigquery.go index dc64b01415..7be9bdd168 100644 --- a/internal/impl/gcp/output_bigquery.go +++ b/internal/impl/gcp/output_bigquery.go @@ -126,8 +126,8 @@ By default Benthos will use a shared credentials file when connecting to GCP ser == Format This output currently supports only CSV and NEWLINE_DELIMITED_JSON formats. Learn more about how to use GCP BigQuery with them here: -- ` + "https://cloud.google.com/bigquery/docs/loading-data-cloud-storage-json[`NEWLINE_DELIMITED_JSON`]" + ` -- ` + "https://cloud.google.com/bigquery/docs/loading-data-cloud-storage-csv[`CSV`]" + ` +- ` + "https://cloud.google.com/bigquery/docs/loading-data-cloud-storage-json[`NEWLINE_DELIMITED_JSON`^]" + ` +- ` + "https://cloud.google.com/bigquery/docs/loading-data-cloud-storage-csv[`CSV`^]" + ` Each message may contain multiple elements separated by newlines. For example a single message containing: diff --git a/internal/impl/gcp/output_pubsub.go b/internal/impl/gcp/output_pubsub.go index 409a8a73fd..0403c8e75d 100644 --- a/internal/impl/gcp/output_pubsub.go +++ b/internal/impl/gcp/output_pubsub.go @@ -20,7 +20,7 @@ func newPubSubOutputConfig() *service.ConfigSpec { Categories("Services", "GCP"). Summary("Sends messages to a GCP Cloud Pub/Sub topic. xref:configuration:metadata.adoc[Metadata] from messages are sent as attributes."). Description(` -For information on how to set up credentials, see https://cloud.google.com/docs/authentication/production[this guide]. +For information on how to set up credentials, see https://cloud.google.com/docs/authentication/production[this guide^]. == Troubleshooting @@ -49,7 +49,7 @@ pipeline: Default(""). Example("us-central1-pubsub.googleapis.com:443"). Example("us-west3-pubsub.googleapis.com:443"). - Description("An optional endpoint to override the default of `pubsub.googleapis.com:443`. This can be used to connect to a region specific pubsub endpoint. For a list of valid values, see https://cloud.google.com/pubsub/docs/reference/service_apis_overview#list_of_regional_endpoints[this document]."), + Description("An optional endpoint to override the default of `pubsub.googleapis.com:443`. This can be used to connect to a region specific pubsub endpoint. For a list of valid values, see https://cloud.google.com/pubsub/docs/reference/service_apis_overview#list_of_regional_endpoints[this document^]."), service.NewInterpolatedStringField("ordering_key"). Optional(). Description("The ordering key to use for publishing messages."). diff --git a/internal/impl/gcp/tracer_cloudtrace.go b/internal/impl/gcp/tracer_cloudtrace.go index ff3d35ad99..baccf99931 100644 --- a/internal/impl/gcp/tracer_cloudtrace.go +++ b/internal/impl/gcp/tracer_cloudtrace.go @@ -24,7 +24,7 @@ const ( func cloudTraceSpec() *service.ConfigSpec { return service.NewConfigSpec(). Version("4.2.0"). - Summary(`Send tracing events to a https://cloud.google.com/trace[Google Cloud Trace].`). + Summary(`Send tracing events to a https://cloud.google.com/trace[Google Cloud Trace^].`). Fields( service.NewStringField(ctFieldProject). Description("The google project with Cloud Trace API enabled. If this is omitted then the Google Cloud SDK will attempt auto-detect it from the environment."), diff --git a/internal/impl/jaeger/tracer_jaeger.go b/internal/impl/jaeger/tracer_jaeger.go index 01dd3a79d3..3b9601ccf0 100644 --- a/internal/impl/jaeger/tracer_jaeger.go +++ b/internal/impl/jaeger/tracer_jaeger.go @@ -39,7 +39,7 @@ type jaegerConfig struct { func jaegerConfigSpec() *service.ConfigSpec { return service.NewConfigSpec(). Stable(). - Summary("Send tracing events to a https://www.jaegertracing.io/[Jaeger] agent or collector."). + Summary("Send tracing events to a https://www.jaegertracing.io/[Jaeger^] agent or collector."). Fields( service.NewStringField(jtFieldAgentAddress). Description("The address of a Jaeger agent to send tracing events to."). diff --git a/internal/impl/javascript/processor.go b/internal/impl/javascript/processor.go index c7c9778ce1..67ad0c2312 100644 --- a/internal/impl/javascript/processor.go +++ b/internal/impl/javascript/processor.go @@ -44,11 +44,11 @@ func javascriptProcessorConfig() *service.ConfigSpec { Version("4.14.0"). Summary("Executes a provided JavaScript code block or file for each message."). Description(` -The https://github.com/dop251/goja[execution engine] behind this processor provides full ECMAScript 5.1 support (including regex and strict mode). Most of the ECMAScript 6 spec is implemented but this is a work in progress. +The https://github.com/dop251/goja[execution engine^] behind this processor provides full ECMAScript 5.1 support (including regex and strict mode). Most of the ECMAScript 6 spec is implemented but this is a work in progress. -Imports via `+"`require`"+` should work similarly to NodeJS, and access to the console is supported which will print via the Benthos logger. More caveats can be found on https://github.com/dop251/goja#known-incompatibilities-and-caveats[GitHub]. +Imports via `+"`require`"+` should work similarly to NodeJS, and access to the console is supported which will print via the Benthos logger. More caveats can be found on https://github.com/dop251/goja#known-incompatibilities-and-caveats[GitHub^]. -This processor is implemented using the https://github.com/dop251/goja[github.com/dop251/goja] library.`). +This processor is implemented using the https://github.com/dop251/goja[github.com/dop251/goja^] library.`). Footnotes(` == Runtime diff --git a/internal/impl/kafka/input_kafka_franz.go b/internal/impl/kafka/input_kafka_franz.go index 902bf22903..d555c63533 100644 --- a/internal/impl/kafka/input_kafka_franz.go +++ b/internal/impl/kafka/input_kafka_franz.go @@ -24,7 +24,7 @@ func franzKafkaInputConfig() *service.ConfigSpec { Beta(). Categories("Services"). Version("3.61.0"). - Summary(`A Kafka input using the https://github.com/twmb/franz-go[Franz Kafka client library].`). + Summary(`A Kafka input using the https://github.com/twmb/franz-go[Franz Kafka client library^].`). Description(` When a consumer group is specified this input consumes one or more topics where partitions will automatically balance across any other connected clients with the same consumer group. When a consumer group is not specified topics can either be consumed in their entirety or with explicit partitions. diff --git a/internal/impl/kafka/output_kafka_franz.go b/internal/impl/kafka/output_kafka_franz.go index da168f6eaa..3649a5fdae 100644 --- a/internal/impl/kafka/output_kafka_franz.go +++ b/internal/impl/kafka/output_kafka_franz.go @@ -21,7 +21,7 @@ func franzKafkaOutputConfig() *service.ConfigSpec { Beta(). Categories("Services"). Version("3.61.0"). - Summary("A Kafka output using the https://github.com/twmb/franz-go[Franz Kafka client library]."). + Summary("A Kafka output using the https://github.com/twmb/franz-go[Franz Kafka client library^]."). Description(` Writes a batch of messages to Kafka brokers and waits for acknowledgement before propagating it back to the input. diff --git a/internal/impl/lang/bloblang.go b/internal/impl/lang/bloblang.go index ac959de5f1..75eddd0b92 100644 --- a/internal/impl/lang/bloblang.go +++ b/internal/impl/lang/bloblang.go @@ -24,7 +24,7 @@ func init() { slugSpec := bloblang.NewPluginSpec(). Beta(). Category("String Manipulation"). - Description(`Creates a "slug" from a given string. Wraps the github.com/gosimple/slug package. See its https://pkg.go.dev/github.com/gosimple/slug[docs] for more information.`). + Description(`Creates a "slug" from a given string. Wraps the github.com/gosimple/slug package. See its https://pkg.go.dev/github.com/gosimple/slug[docs^] for more information.`). Version("4.2.0"). Example("Creates a slug from an English string", `root.slug = this.value.slug()`, @@ -57,13 +57,13 @@ func init() { fakerSpec := bloblang.NewPluginSpec(). Beta(). Category("Fake Data Generation"). - Description("Takes in a string that maps to a https://github.com/go-faker/faker[faker] function and returns the result from that faker function. "+ + Description("Takes in a string that maps to a https://github.com/go-faker/faker[faker^] function and returns the result from that faker function. "+ "Returns an error if the given string doesn't match a supported faker function. Supported functions: `latitude`, `longitude`, `unix_time`, "+ "`date`, `time_string`, `month_name`, `year_string`, `day_of_week`, `day_of_month`, `timestamp`, `century`, `timezone`, `time_period`, "+ "`email`, `mac_address`, `domain_name`, `url`, `username`, `ipv4`, `ipv6`, `password`, `jwt`, `word`, `sentence`, `paragraph`, "+ "`cc_type`, `cc_number`, `currency`, `amount_with_currency`, `title_male`, `title_female`, `first_name`, `first_name_male`, "+ "`first_name_female`, `last_name`, `name`, `gender`, `chinese_first_name`, `chinese_last_name`, `chinese_name`, `phone_number`, "+ - "`toll_free_phone_number`, `e164_phone_number`, `uuid_hyphenated`, `uuid_digit`. Refer to the https://github.com/go-faker/faker[faker] docs "+ + "`toll_free_phone_number`, `e164_phone_number`, `uuid_hyphenated`, `uuid_digit`. Refer to the https://github.com/go-faker/faker[faker^] docs "+ "for details on these functions."). Param(bloblang.NewStringParam("function").Description("The name of the function to use to generate the value.").Default("")). Example("Use `time_string` to generate a time in the format `00:00:00`:", diff --git a/internal/impl/maxmind/bloblang_geoip.go b/internal/impl/maxmind/bloblang_geoip.go index 673471afa8..e515998613 100644 --- a/internal/impl/maxmind/bloblang_geoip.go +++ b/internal/impl/maxmind/bloblang_geoip.go @@ -16,7 +16,7 @@ func registerMaxmindMethodSpec(name, entity string, fn func(*geoip2.Reader, net. bloblang.NewPluginSpec(). Experimental(). Category("GeoIP"). - Description(fmt.Sprintf("Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file] and, if found, returns an object describing the %v associated with it.", entity)). + Description(fmt.Sprintf("Looks up an IP address against a https://www.maxmind.com/en/home[MaxMind database file^] and, if found, returns an object describing the %v associated with it.", entity)). Param(bloblang.NewStringParam("path").Description("A path to an mmdb (maxmind) file.")), func(args *bloblang.ParsedParams) (bloblang.Method, error) { path, err := args.GetString("path") diff --git a/internal/impl/mongodb/common.go b/internal/impl/mongodb/common.go index 69c614404f..f78e87a7c2 100644 --- a/internal/impl/mongodb/common.go +++ b/internal/impl/mongodb/common.go @@ -296,18 +296,18 @@ const ( func writeMapsFields() []*service.ConfigField { return []*service.ConfigField{ service.NewBloblangField(commonFieldDocumentMap). - Description("A bloblang map representing a document to store within MongoDB, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form]. The document map is required for the operations " + + Description("A bloblang map representing a document to store within MongoDB, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form^]. The document map is required for the operations " + "insert-one, replace-one and update-one."). Examples(mapExamples()...). Default(""), service.NewBloblangField(commonFieldFilterMap). - Description("A bloblang map representing a filter for a MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form]. The filter map is required for all operations except " + + Description("A bloblang map representing a filter for a MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form^]. The filter map is required for all operations except " + "insert-one. It is used to find the document(s) for the operation. For example in a delete-one case, the filter map should " + "have the fields required to locate the document to delete."). Examples(mapExamples()...). Default(""), service.NewBloblangField(commonFieldHintMap). - Description("A bloblang map representing the hint for the MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form]. This map is optional and is used with all operations " + + Description("A bloblang map representing the hint for the MongoDB command, expressed as https://www.mongodb.com/docs/manual/reference/mongodb-extended-json/[extended JSON in canonical form^]. This map is optional and is used with all operations " + "except insert-one. It is used to improve performance of finding the documents in the mongodb."). Examples(mapExamples()...). Default(""), diff --git a/internal/impl/msgpack/bloblang.go b/internal/impl/msgpack/bloblang.go index 55891f1262..156ae5ef61 100644 --- a/internal/impl/msgpack/bloblang.go +++ b/internal/impl/msgpack/bloblang.go @@ -12,7 +12,7 @@ func init() { msgpackParseSpec := bloblang.NewPluginSpec(). Category("Parsing"). - Description("Parses a https://msgpack.org/[MessagePack] message into a structured document."). + Description("Parses a https://msgpack.org/[MessagePack^] message into a structured document."). Example("", `root = content().decode("hex").parse_msgpack()`, [2]string{ @@ -47,7 +47,7 @@ func init() { msgpackFormatSpec := bloblang.NewPluginSpec(). Category("Parsing"). - Description("Formats data as a https://msgpack.org/[MessagePack] message in bytes format."). + Description("Formats data as a https://msgpack.org/[MessagePack^] message in bytes format."). Example("", `root = this.format_msgpack().encode("hex")`, [2]string{ diff --git a/internal/impl/msgpack/processor.go b/internal/impl/msgpack/processor.go index 52ed350d9a..24a4425eb3 100644 --- a/internal/impl/msgpack/processor.go +++ b/internal/impl/msgpack/processor.go @@ -13,7 +13,7 @@ func processorConfig() *service.ConfigSpec { return service.NewConfigSpec(). Beta(). Categories("Parsing"). - Summary("Converts messages to or from the https://msgpack.org/[MessagePack] format."). + Summary("Converts messages to or from the https://msgpack.org/[MessagePack^] format."). Field(service.NewStringAnnotatedEnumField("operator", map[string]string{ "to_json": "Convert MessagePack messages to JSON format", "from_json": "Convert JSON messages to MessagePack format", diff --git a/internal/impl/nats/auth.go b/internal/impl/nats/auth.go index af87233e06..58d58a8c06 100644 --- a/internal/impl/nats/auth.go +++ b/internal/impl/nats/auth.go @@ -21,10 +21,10 @@ func authDescription() string { == Authentication There are several components within Benthos which uses NATS services. You will find that each of these components -support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys] -and https://docs.nats.io/developing-with-nats/security/creds[User Credentials]. +support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^] +and https://docs.nats.io/using-nats/developer/connecting/creds[User Credentials^]. -See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial]. +See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^]. === NKey file @@ -32,21 +32,21 @@ The NATS server can use these NKeys in several ways for authentication. The simp with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey configured in the ` + "`nkey_file`" + ` field. -https://docs.nats.io/developing-with-nats/security/nkey[More details]. +https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/nkey_auth[More details^]. === User credentials -NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT] -and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server +NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^] +and a corresponding https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/nkey_auth[NKey secret^] when connecting to a server which is configured to use this authentication scheme. The ` + "`user_credentials_file`" + ` field should point to a file containing both the private key and the JWT and can be -generated with the https://docs.nats.io/nats-tools/nsc[nsc tool]. +generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^]. Alternatively, the ` + "`user_jwt`" + ` field can contain a plain text JWT and the ` + "`user_nkey_seed`" + `can contain the plain text NKey Seed. -https://docs.nats.io/developing-with-nats/security/creds[More details].` +https://docs.nats.io/using-nats/developer/connecting/creds[More details^].` } func authFieldSpec() *service.ConfigField { diff --git a/internal/impl/nats/input_stream.go b/internal/impl/nats/input_stream.go index 7dcc626066..c5a82983ea 100644 --- a/internal/impl/nats/input_stream.go +++ b/internal/impl/nats/input_stream.go @@ -85,7 +85,7 @@ func siSpec() *service.ConfigSpec { [CAUTION] .Deprecation notice ==== -The NATS Streaming Server is being deprecated. Critical bug fixes and security fixes will be applied until June of 2023. NATS-enabled applications requiring persistence should use https://docs.nats.io/nats-concepts/jetstream[JetStream]. +The NATS Streaming Server is being deprecated. Critical bug fixes and security fixes will be applied until June of 2023. NATS-enabled applications requiring persistence should use https://docs.nats.io/nats-concepts/jetstream[JetStream^]. ==== Tracking and persisting offsets through a durable name is also optional and works with or without a queue. If a durable name is not provided then subjects are consumed from the most recently published message. diff --git a/internal/impl/nats/output_stream.go b/internal/impl/nats/output_stream.go index f11237c641..8e7a1345cc 100644 --- a/internal/impl/nats/output_stream.go +++ b/internal/impl/nats/output_stream.go @@ -56,7 +56,7 @@ func soSpec() *service.ConfigSpec { [CAUTION] .Deprecation notice ==== -The NATS Streaming Server is being deprecated. Critical bug fixes and security fixes will be applied until June of 2023. NATS-enabled applications requiring persistence should use https://docs.nats.io/nats-concepts/jetstream[JetStream]. +The NATS Streaming Server is being deprecated. Critical bug fixes and security fixes will be applied until June of 2023. NATS-enabled applications requiring persistence should use https://docs.nats.io/nats-concepts/jetstream[JetStream^]. ==== `+authDescription()+service.OutputPerformanceDocs(true, false)). diff --git a/internal/impl/nats/processor_kv.go b/internal/impl/nats/processor_kv.go index af8ac3f901..4b000a3e92 100644 --- a/internal/impl/nats/processor_kv.go +++ b/internal/impl/nats/processor_kv.go @@ -91,7 +91,7 @@ This processor adds the following metadata fields to each message, depending on service.NewStringAnnotatedEnumField(kvpFieldOperation, kvpOperations). Description("The operation to perform on the KV bucket."), service.NewInterpolatedStringField(kvpFieldKey). - Description("The key for each message. Supports https://docs.nats.io/nats-concepts/subjects#wildcards[wildcards] for the `history` and `keys` operations."). + Description("The key for each message. Supports https://docs.nats.io/nats-concepts/subjects#wildcards[wildcards^] for the `history` and `keys` operations."). Example("foo"). Example("foo.bar.baz"). Example("foo.*"). diff --git a/internal/impl/nsq/integration_test.go b/internal/impl/nsq/integration_test.go index 5ef149a1e4..8456fa120e 100644 --- a/internal/impl/nsq/integration_test.go +++ b/internal/impl/nsq/integration_test.go @@ -31,7 +31,7 @@ output: input: nsq: nsqd_tcp_addresses: [ localhost:4150 ] - lookupd_http_addresses: [ localhost:4160 ] + lookupd_http_addresses: [ localhost:4160 ^] topic: topic-$ID channel: channel-$ID # user_agent: "" diff --git a/internal/impl/opensearch/output.go b/internal/impl/opensearch/output.go index c3be2e68ed..bbd7353a01 100644 --- a/internal/impl/opensearch/output.go +++ b/internal/impl/opensearch/output.go @@ -177,7 +177,7 @@ Both the `+"`id` and `index`"+` fields can be dynamically set using function int service.NewBatchPolicyField(esoFieldBatching), AWSField(), ). - Example("Updating Documents", "When https://opensearch.org/docs/latest/api-reference/document-apis/update-document/[updating documents] the request body should contain a combination of a `doc`, `upsert`, and/or `script` fields at the top level, this should be done via mapping processors.", ` + Example("Updating Documents", "When https://opensearch.org/docs/latest/api-reference/document-apis/update-document/[updating documents^] the request body should contain a combination of a `doc`, `upsert`, and/or `script` fields at the top level, this should be done via mapping processors.", ` output: processors: - mapping: | diff --git a/internal/impl/otlp/tracer_otlp.go b/internal/impl/otlp/tracer_otlp.go index 85dab447e0..9c7aade1a1 100644 --- a/internal/impl/otlp/tracer_otlp.go +++ b/internal/impl/otlp/tracer_otlp.go @@ -20,7 +20,7 @@ import ( func oltpSpec() *service.ConfigSpec { return service.NewConfigSpec(). - Summary("Send tracing events to an https://opentelemetry.io/docs/collector/[Open Telemetry collector]."). + Summary("Send tracing events to an https://opentelemetry.io/docs/collector/[Open Telemetry collector^]."). Field(service.NewObjectListField("http", service.NewStringField("address"). Description("The endpoint of a collector to send tracing events to."). diff --git a/internal/impl/parquet/bloblang.go b/internal/impl/parquet/bloblang.go index e8889573e0..aa9d2ecb07 100644 --- a/internal/impl/parquet/bloblang.go +++ b/internal/impl/parquet/bloblang.go @@ -14,7 +14,7 @@ func init() { parquetParseSpec := bloblang.NewPluginSpec(). Category("Parsing"). - Description("Decodes a https://parquet.apache.org/docs/[Parquet file] into an array of objects, one for each row within the file."). + Description("Decodes a https://parquet.apache.org/docs/[Parquet file^] into an array of objects, one for each row within the file."). Param(bloblang.NewBoolParam("byte_array_as_string"). Description("Deprecated: This parameter is no longer used.").Default(false)). Example("", `root = content().parse_parquet()`) diff --git a/internal/impl/parquet/input_parquet.go b/internal/impl/parquet/input_parquet.go index 1fbc44c67e..f3e9118474 100644 --- a/internal/impl/parquet/input_parquet.go +++ b/internal/impl/parquet/input_parquet.go @@ -18,7 +18,7 @@ func parquetInputConfig() *service.ConfigSpec { return service.NewConfigSpec(). // Stable(). TODO Categories("Local"). - Summary("Reads and decodes https://parquet.apache.org/docs/[Parquet files] into a stream of structured messages."). + Summary("Reads and decodes https://parquet.apache.org/docs/[Parquet files^] into a stream of structured messages."). Field(service.NewStringListField("paths"). Description("A list of file paths to read from. Each file will be read sequentially until the list is exhausted, at which point the input will close. Glob patterns are supported, including super globs (double star)."). Example("/tmp/foo.parquet"). @@ -30,7 +30,7 @@ func parquetInputConfig() *service.ConfigSpec { Advanced()). Field(service.NewAutoRetryNacksToggleField()). Description(` -This input uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases. +This input uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go^], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases. By default any BYTE_ARRAY or FIXED_LEN_BYTE_ARRAY value will be extracted as a byte slice (` + "`[]byte`" + `) unless the logical type is UTF8, in which case they are extracted as a string (` + "`string`" + `). diff --git a/internal/impl/parquet/processor.go b/internal/impl/parquet/processor.go index b8fc5ac810..eab6616490 100644 --- a/internal/impl/parquet/processor.go +++ b/internal/impl/parquet/processor.go @@ -18,7 +18,7 @@ func parquetProcessorConfig() *service.ConfigSpec { return service.NewConfigSpec(). Deprecated(). Categories("Parsing"). - Summary("Converts batches of documents to or from https://parquet.apache.org/docs/[Parquet files]."). + Summary("Converts batches of documents to or from https://parquet.apache.org/docs/[Parquet files^]."). Description(` == Alternatives diff --git a/internal/impl/parquet/processor_decode.go b/internal/impl/parquet/processor_decode.go index 9ad92344af..ae25901ee4 100644 --- a/internal/impl/parquet/processor_decode.go +++ b/internal/impl/parquet/processor_decode.go @@ -16,12 +16,12 @@ func parquetDecodeProcessorConfig() *service.ConfigSpec { return service.NewConfigSpec(). // Stable(). TODO Categories("Parsing"). - Summary("Decodes https://parquet.apache.org/docs/[Parquet files] into a batch of structured messages."). + Summary("Decodes https://parquet.apache.org/docs/[Parquet files^] into a batch of structured messages."). Field(service.NewBoolField("byte_array_as_string"). Description("Whether to extract BYTE_ARRAY and FIXED_LEN_BYTE_ARRAY values as strings rather than byte slices in all cases. Values with a logical type of UTF8 will automatically be extracted as strings irrespective of this field. Enabling this field makes serializing the data as JSON more intuitive as `[]byte` values are serialized as base64 encoded strings by default."). Default(false).Deprecated()). Description(` -This processor uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases.`). +This processor uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go^], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases.`). Version("4.4.0"). Example("Reading Parquet Files from AWS S3", "In this example we consume files from AWS S3 as they're written by listening onto an SQS queue for upload events. We make sure to use the `to_the_end` scanner which means files are read into memory in full, which then allows us to use a `parquet_decode` processor to expand each file into a batch of messages. Finally, we write the data out to local files as newline delimited JSON.", diff --git a/internal/impl/parquet/processor_encode.go b/internal/impl/parquet/processor_encode.go index c126e30dcd..35f6590378 100644 --- a/internal/impl/parquet/processor_encode.go +++ b/internal/impl/parquet/processor_encode.go @@ -15,7 +15,7 @@ func parquetEncodeProcessorConfig() *service.ConfigSpec { return service.NewConfigSpec(). // Stable(). TODO Categories("Parsing"). - Summary("Encodes https://parquet.apache.org/docs/[Parquet files] from a batch of structured messages."). + Summary("Encodes https://parquet.apache.org/docs/[Parquet files^] from a batch of structured messages."). Field(parquetSchemaConfig()). Field(service.NewStringEnumField("default_compression", "uncompressed", "snappy", "gzip", "brotli", "zstd", "lz4raw", @@ -30,7 +30,7 @@ func parquetEncodeProcessorConfig() *service.ConfigSpec { Advanced(). Version("4.11.0")). Description(` -This processor uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases. +This processor uses https://github.com/parquet-go/parquet-go[https://github.com/parquet-go/parquet-go^], which is itself experimental. Therefore changes could be made into how this processor functions outside of major version releases. `). Version("4.4.0"). // TODO: Add an example that demonstrates error handling diff --git a/internal/impl/prometheus/metrics_prometheus.go b/internal/impl/prometheus/metrics_prometheus.go index 8d2fc15b3a..160e62f21f 100644 --- a/internal/impl/prometheus/metrics_prometheus.go +++ b/internal/impl/prometheus/metrics_prometheus.go @@ -41,7 +41,7 @@ func ConfigSpec() *service.ConfigSpec { Footnotes(` == Push gateway -The field `+"`push_url`"+` is optional and when set will trigger a push of metrics to a https://prometheus.io/docs/instrumenting/pushing/[Prometheus Push Gateway] once Benthos shuts down. It is also possible to specify a `+"`push_interval`"+` which results in periodic pushes. +The field `+"`push_url`"+` is optional and when set will trigger a push of metrics to a https://prometheus.io/docs/instrumenting/pushing/[Prometheus Push Gateway^] once Benthos shuts down. It is also possible to specify a `+"`push_interval`"+` which results in periodic pushes. The Push Gateway is useful for when Benthos instances are short lived. Do not include the "/metrics/jobs/..." path in the push URL. diff --git a/internal/impl/protobuf/processor_protobuf.go b/internal/impl/protobuf/processor_protobuf.go index ff74734b5e..2df8bfb69e 100644 --- a/internal/impl/protobuf/processor_protobuf.go +++ b/internal/impl/protobuf/processor_protobuf.go @@ -32,9 +32,9 @@ func protobufProcessorSpec() *service.ConfigSpec { Summary(` Performs conversions to or from a protobuf message. This processor uses reflection, meaning conversions can be made directly from the target .proto files. `).Description(` -The main functionality of this processor is to map to and from JSON documents, you can read more about JSON mapping of protobuf messages here: https://developers.google.com/protocol-buffers/docs/proto3#json[https://developers.google.com/protocol-buffers/docs/proto3#json] +The main functionality of this processor is to map to and from JSON documents, you can read more about JSON mapping of protobuf messages here: https://developers.google.com/protocol-buffers/docs/proto3#json[https://developers.google.com/protocol-buffers/docs/proto3#json^] -Using reflection for processing protobuf messages in this way is less performant than generating and using native code. Therefore when performance is critical it is recommended that you use Benthos plugins instead for processing protobuf messages natively, you can find an example of Benthos plugins at https://github.com/benthosdev/benthos-plugin-example[https://github.com/benthosdev/benthos-plugin-example] +Using reflection for processing protobuf messages in this way is less performant than generating and using native code. Therefore when performance is critical it is recommended that you use Benthos plugins instead for processing protobuf messages natively, you can find an example of Benthos plugins at https://github.com/benthosdev/benthos-plugin-example[https://github.com/benthosdev/benthos-plugin-example^] == Operators diff --git a/internal/impl/pulsar/input.go b/internal/impl/pulsar/input.go index 7bf72086da..0d2c2f931c 100644 --- a/internal/impl/pulsar/input.go +++ b/internal/impl/pulsar/input.go @@ -68,7 +68,7 @@ xref:configuration:interpolation.adoc#bloblang-queries[function interpolation]. Field(service.NewStringField("subscription_name"). Description("Specify the subscription name for this consumer.")). Field(service.NewStringEnumField("subscription_type", "shared", "key_shared", "failover", "exclusive"). - Description("Specify the subscription type for this consumer.\n\n> NOTE: Using a `key_shared` subscription type will __allow out-of-order delivery__ since nack-ing messages sets non-zero nack delivery delay - this can potentially cause consumers to stall. See https://pulsar.apache.org/docs/en/2.8.1/concepts-messaging/#negative-acknowledgement[Pulsar documentation] and https://github.com/apache/pulsar/issues/12208[this Github issue] for more details."). + Description("Specify the subscription type for this consumer.\n\n> NOTE: Using a `key_shared` subscription type will __allow out-of-order delivery__ since nack-ing messages sets non-zero nack delivery delay - this can potentially cause consumers to stall. See https://pulsar.apache.org/docs/en/2.8.1/concepts-messaging/#negative-acknowledgement[Pulsar documentation^] and https://github.com/apache/pulsar/issues/12208[this Github issue^] for more details."). Default(defaultSubscriptionType)). Field(service.NewObjectField("tls", service.NewStringField("root_cas_file"). diff --git a/internal/impl/redis/script_processor.go b/internal/impl/redis/script_processor.go index 19d8b33cf9..8b283f7271 100644 --- a/internal/impl/redis/script_processor.go +++ b/internal/impl/redis/script_processor.go @@ -15,7 +15,7 @@ func redisScriptProcConfig() *service.ConfigSpec { spec := service.NewConfigSpec(). Beta(). Version("4.11.0"). - Summary(`Performs actions against Redis using https://redis.io/docs/manual/programmability/eval-intro/[LUA scripts].`). + Summary(`Performs actions against Redis using https://redis.io/docs/manual/programmability/eval-intro/[LUA scripts^].`). Description(`Actions are performed for each message and the message contents are replaced with the result. In order to merge the result into the original message compose this processor within a ` + "xref:components:processors/branch.adoc[`branch` processor]" + `.`). diff --git a/internal/impl/sentry/processor_capture.go b/internal/impl/sentry/processor_capture.go index bb02adc364..3eff5886fb 100644 --- a/internal/impl/sentry/processor_capture.go +++ b/internal/impl/sentry/processor_capture.go @@ -20,7 +20,7 @@ const ( func newCaptureProcessorConfig() *service.ConfigSpec { return service.NewConfigSpec(). Version("4.16.0"). - Summary("Captures log events from messages and submits them to https://sentry.io/[Sentry]."). + Summary("Captures log events from messages and submits them to https://sentry.io/[Sentry^]."). Fields( service.NewStringField("dsn"). Default(""). diff --git a/internal/impl/snowflake/output_snowflake_put.go b/internal/impl/snowflake/output_snowflake_put.go index 29c7b363e8..4f4675db63 100644 --- a/internal/impl/snowflake/output_snowflake_put.go +++ b/internal/impl/snowflake/output_snowflake_put.go @@ -77,10 +77,10 @@ Snowpipe. === Key pair authentication This authentication mechanism allows Snowpipe functionality, but it does require configuring an SSH Private Key -beforehand. Please consult the https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[documentation] +beforehand. Please consult the https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[documentation^] for details on how to set it up and assign the Public Key to your user. -Note that the Snowflake documentation https://twitter.com/felipehoffa/status/1560811785606684672[used to suggest] +Note that the Snowflake documentation https://twitter.com/felipehoffa/status/1560811785606684672[used to suggest^] using this command: `+"```bash"+` @@ -102,7 +102,7 @@ If you have an existing key encrypted with PKCS#5 v1.5, you can re-encrypt it wi openssl pkcs8 -in rsa_key_original.p8 -topk8 -v2 des3 -out rsa_key.p8 `+"```"+` -Please consult the https://linux.die.net/man/1/pkcs8[pkcs8 command documentation] for details on PKCS#5 algorithms. +Please consult the https://linux.die.net/man/1/pkcs8[pkcs8 command documentation^] for details on PKCS#5 algorithms. == Batching @@ -111,7 +111,7 @@ messages at the output level and join the batch of messages with an `+"xref:components:processors/archive.adoc[`archive`]"+` and/or `+"xref:components:processors/compress.adoc[`compress`]"+` processor. -For the optimal batch size, please consult the Snowflake https://docs.snowflake.com/en/user-guide/data-load-considerations-prepare.html[documentation]. +For the optimal batch size, please consult the Snowflake https://docs.snowflake.com/en/user-guide/data-load-considerations-prepare.html[documentation^]. == Snowpipe @@ -131,7 +131,7 @@ you can configure Benthos to use the implicit table stage `+"`@%BENTHOS_TBL`"+` `+"`BENTHOS_PIPE`"+` as the `+"`snowpipe`"+`. In this case, you must set `+"`compression`"+` to `+"`AUTO`"+` and, if using message batching, you'll need to configure an xref:components:processors/archive.adoc[`+"`archive`"+`] processor with the `+"`concatenate`"+` format. Since the `+"`compression`"+` is set to `+"`AUTO`"+`, the -https://github.com/snowflakedb/gosnowflake[gosnowflake] client library will compress the messages automatically so you +https://github.com/snowflakedb/gosnowflake[gosnowflake^] client library will compress the messages automatically so you don't need to add a `+"xref:components:processors/compress.adoc[`compress`]"+` processor for message batches. If you add `+"`STRIP_OUTER_ARRAY = TRUE`"+` in your Snowpipe `+"`FILE_FORMAT`"+` @@ -141,17 +141,17 @@ NOTE: Only Snowpipes with `+"`FILE_FORMAT`"+` `+"`TYPE`"+` `+"`JSON`"+` are curr == Snowpipe troubleshooting -Snowpipe https://docs.snowflake.com/en/user-guide/data-load-snowpipe-rest-apis.html[provides] the `+"`insertReport`"+` +Snowpipe https://docs.snowflake.com/en/user-guide/data-load-snowpipe-rest-apis.html[provides^] the `+"`insertReport`"+` and `+"`loadHistoryScan`"+` REST API endpoints which can be used to get information about recent Snowpipe calls. In order to query them, you'll first need to generate a valid JWT token for your Snowflake account. There are two methods for doing so: -- Using the `+"`snowsql`"+` https://docs.snowflake.com/en/user-guide/snowsql.html[utility]: +- Using the `+"`snowsql`"+` https://docs.snowflake.com/en/user-guide/snowsql.html[utility^]: `+"```bash"+` snowsql --private-key-path rsa_key.p8 --generate-jwt -a -u `+"```"+` -- Using the Python `+"`sql-api-generate-jwt`"+` https://docs.snowflake.com/en/developer-guide/sql-api/authenticating.html#generating-a-jwt-in-python[utility]: +- Using the Python `+"`sql-api-generate-jwt`"+` https://docs.snowflake.com/en/developer-guide/sql-api/authenticating.html#generating-a-jwt-in-python[utility^]: `+"```bash"+` python3 sql-api-generate-jwt.py --private_key_file_path=rsa_key.p8 --account= --user= @@ -172,27 +172,27 @@ then configure `+"`request_id: ${ @request_id }`"+` ). Alternatively, you can xr == General troubleshooting -The underlying https://github.com/snowflakedb/gosnowflake[`+"`gosnowflake`"+` driver] requires write access to -the default directory to use for temporary files. Please consult the https://pkg.go.dev/os#TempDir[`+"`os.TempDir`"+`] +The underlying https://github.com/snowflakedb/gosnowflake[`+"`gosnowflake`"+` driver^] requires write access to +the default directory to use for temporary files. Please consult the https://pkg.go.dev/os#TempDir[`+"`os.TempDir`"+`^] docs for details on how to change this directory via environment variables. -A silent failure can occur due to https://github.com/snowflakedb/gosnowflake/issues/701[this issue], where the -underlying https://github.com/snowflakedb/gosnowflake[`+"`gosnowflake`"+` driver] doesn't return an error and doesn't +A silent failure can occur due to https://github.com/snowflakedb/gosnowflake/issues/701[this issue^], where the +underlying https://github.com/snowflakedb/gosnowflake[`+"`gosnowflake`"+` driver^] doesn't return an error and doesn't log a failure if it can't figure out the current username. One way to trigger this behavior is by running Benthos in a Docker container with a non-existent user ID (such as `+"`--user 1000:1000`"+`). `+service.OutputPerformanceDocs(true, true)). - Field(service.NewStringField("account").Description(`Account name, which is the same as the https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#where-are-account-identifiers-used[Account Identifier]. -However, when using an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator], + Field(service.NewStringField("account").Description(`Account name, which is the same as the https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#where-are-account-identifiers-used[Account Identifier^]. +However, when using an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator^], the Account Identifier is formatted as `+"`..`"+` and this field needs to be populated using the `+"``"+` part. `)). Field(service.NewStringField("region").Description(`Optional region field which needs to be populated when using -an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator] +an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator^] and it must be set to the `+"``"+` part of the Account Identifier (`+"`..`"+`). `).Example("us-west-2").Optional()). Field(service.NewStringField("cloud").Description(`Optional cloud platform field which needs to be populated -when using an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator] +when using an https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#using-an-account-locator-as-an-identifier[Account Locator^] and it must be set to the `+"``"+` part of the Account Identifier (`+"`..`"+`). `).Example("aws").Example("gcp").Example("azure").Optional()). @@ -205,7 +205,7 @@ and it must be set to the `+"``"+` part of the Account Identifier Field(service.NewStringField("warehouse").Description("Warehouse.")). Field(service.NewStringField("schema").Description("Schema.")). Field(service.NewInterpolatedStringField("stage").Description(`Stage name. Use either one of the - https://docs.snowflake.com/en/user-guide/data-load-local-file-system-create-stage.html[supported] stage types.`)). + https://docs.snowflake.com/en/user-guide/data-load-local-file-system-create-stage.html[supported^] stage types.`)). Field(service.NewInterpolatedStringField("path").Description("Stage path.").Default("")). Field(service.NewInterpolatedStringField("file_name").Description("Stage file name. Will be equal to the Request ID if not set or empty.").Optional().Default("").Version("v4.12.0")). Field(service.NewInterpolatedStringField("file_extension").Description("Stage file extension. Will be derived from the configured `compression` if not set or empty.").Optional().Default("").Example("csv").Example("parquet").Version("v4.12.0")). @@ -227,7 +227,7 @@ and it must be set to the `+"``"+` part of the Account Identifier this.exists("password") && this.password != "" && this.exists("private_key_file") && this.private_key_file != "" => [ "both `+"`password`"+` and `+"`private_key_file`"+` can't be set simultaneously" ], this.exists("snowpipe") && this.snowpipe != "" && (!this.exists("private_key_file") || this.private_key_file == "") => [ "`+"`private_key_file`"+` is required when setting `+"`snowpipe`"+`" ], }`). - Example("Kafka / realtime brokers", "Upload message batches from realtime brokers such as Kafka persisting the batch partition and offsets in the stage path and filename similarly to the https://docs.snowflake.com/en/user-guide/kafka-connector-ts.html#step-1-view-the-copy-history-for-the-table[Kafka Connector scheme] and call Snowpipe to load them into a table. When batching is configured at the input level, it is done per-partition.", ` + Example("Kafka / realtime brokers", "Upload message batches from realtime brokers such as Kafka persisting the batch partition and offsets in the stage path and filename similarly to the https://docs.snowflake.com/en/user-guide/kafka-connector-ts.html#step-1-view-the-copy-history-for-the-table[Kafka Connector scheme^] and call Snowpipe to load them into a table. When batching is configured at the input level, it is done per-partition.", ` input: kafka: addresses: diff --git a/internal/impl/splunk/template_output.yaml b/internal/impl/splunk/template_output.yaml index 9be37781df..d8ffe310d7 100644 --- a/internal/impl/splunk/template_output.yaml +++ b/internal/impl/splunk/template_output.yaml @@ -4,7 +4,7 @@ status: experimental categories: [ Services ] summary: Writes messages to a Splunk HTTP Endpoint Collector. description: | - This output POSTs messages to a Splunk HTTP Endpoint Collector (HEC) using token based authentication. The format of the message must be a [valid event JSON](https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/FormateventsforHTTPEventCollector). Raw is not supported. + This output POSTs messages to a Splunk HTTP Endpoint Collector (HEC) using token based authentication. The format of the message must be a https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/FormateventsforHTTPEventCollector[valid event JSON^]. Raw is not supported. fields: - name: url description: Full HTTP Endpoint Collector (HEC) URL, ie. https://foobar.splunkcloud.com/services/collector/event diff --git a/internal/impl/sql/conn_fields.go b/internal/impl/sql/conn_fields.go index a24b1c0a3d..79eccdcf01 100644 --- a/internal/impl/sql/conn_fields.go +++ b/internal/impl/sql/conn_fields.go @@ -26,7 +26,7 @@ The following is a list of supported drivers, their placeholder style, and their | Driver | Data Source Name Format ` + "| `clickhouse` " + ` -` + "| https://github.com/ClickHouse/clickhouse-go#dsn[`clickhouse://[username[:password]@][netloc][:port]/dbname[?param1=value1&...¶mN=valueN]`] " + ` +` + "| https://github.com/ClickHouse/clickhouse-go#dsn[`clickhouse://[username[:password\\]@\\][netloc\\][:port\\]/dbname[?param1=value1&...¶mN=valueN\\]`^] " + ` ` + "| `mysql` " + ` ` + "| `[username[:password]@][protocol[(address)]]/dbname[?param1=value1&...¶mN=valueN]` " + ` @@ -47,17 +47,17 @@ The following is a list of supported drivers, their placeholder style, and their ` + "| `username[:password]@account_identifier/dbname/schemaname[?param1=value&...¶mN=valueN]` " + ` ` + "| `trino` " + ` -` + "| https://github.com/trinodb/trino-go-client#dsn-data-source-name[`http[s]://user[:pass]@host[:port][?parameters]`] " + ` +` + "| https://github.com/trinodb/trino-go-client#dsn-data-source-name[`http[s\\]://user[:pass\\]@host[:port\\][?parameters\\]`^] " + ` ` + "| `gocosmos` " + ` -` + "| https://pkg.go.dev/github.com/microsoft/gocosmos#readme-example-usage[`AccountEndpoint=;AccountKey=[;TimeoutMs=][;Version=][;DefaultDb/Db=][;AutoId=][;InsecureSkipVerify=]`] " + ` +` + "| https://pkg.go.dev/github.com/microsoft/gocosmos#readme-example-usage[`AccountEndpoint=;AccountKey=[;TimeoutMs=\\][;Version=\\][;DefaultDb/Db=\\][;AutoId=\\][;InsecureSkipVerify=\\]`^] " + ` |=== Please note that the ` + "`postgres`" + ` driver enforces SSL by default, you can override this with the parameter ` + "`sslmode=disable`" + ` if required. -The ` + "`snowflake`" + ` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication], the DSN has the following format: ` + "`@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`" + `, where the value for the ` + "`privateKey`" + ` parameter can be constructed from an unencrypted RSA private key file ` + "`rsa_key.p8`" + ` using ` + "`openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0`" + ` (you can use ` + "`gbasenc`" + ` insted of ` + "`basenc`" + ` on OSX if you install ` + "`coreutils`" + ` via Homebrew). If you have a password-encrypted private key, you can decrypt it using ` + "`openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`" + `. Also, make sure fields such as the username are URL-encoded. +The ` + "`snowflake`" + ` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs^] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication^], the DSN has the following format: ` + "`@//?warehouse=&role=&authenticator=snowflake_jwt&privateKey=`" + `, where the value for the ` + "`privateKey`" + ` parameter can be constructed from an unencrypted RSA private key file ` + "`rsa_key.p8`" + ` using ` + "`openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0`" + ` (you can use ` + "`gbasenc`" + ` insted of ` + "`basenc`" + ` on OSX if you install ` + "`coreutils`" + ` via Homebrew). If you have a password-encrypted private key, you can decrypt it using ` + "`openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`" + `. Also, make sure fields such as the username are URL-encoded. -The ` + "https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`]" + ` driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes] for details.`). +The ` + "https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`^]" + ` driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys^] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries^]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes^] for details.`). Example("clickhouse://username:password@host1:9000,host2:9000/database?dial_timeout=200ms&max_execution_time=60"). Example("foouser:foopassword@tcp(localhost:3306)/foodb"). Example("postgres://foouser:foopass@localhost:5432/foodb?sslmode=disable"). diff --git a/internal/impl/statsd/metrics_statsd.go b/internal/impl/statsd/metrics_statsd.go index 61ec7e7a21..ac7fd8eefd 100644 --- a/internal/impl/statsd/metrics_statsd.go +++ b/internal/impl/statsd/metrics_statsd.go @@ -20,7 +20,7 @@ const ( func statsdSpec() *service.ConfigSpec { return service.NewConfigSpec(). Stable(). - Summary("Pushes metrics using the https://github.com/statsd/statsd[StatsD protocol]. Supported tagging formats are 'none', 'datadog' and 'influxdb'."). + Summary("Pushes metrics using the https://github.com/statsd/statsd[StatsD protocol^]. Supported tagging formats are 'none', 'datadog' and 'influxdb'."). Fields( service.NewStringField(smFieldAddress). Description("The address to send metrics to."), diff --git a/internal/impl/twitter/template_search_input.yaml b/internal/impl/twitter/template_search_input.yaml index 1f9b80ee8f..f7154b2f57 100644 --- a/internal/impl/twitter/template_search_input.yaml +++ b/internal/impl/twitter/template_search_input.yaml @@ -4,13 +4,13 @@ status: experimental categories: [ Services, Social ] summary: Consumes tweets matching a given search using the Twitter recent search V2 API. description: | - Continuously polls the [Twitter recent search V2 API](https://developer.twitter.com/en/docs/twitter-api/tweets/search/api-reference/get-tweets-search-recent) for tweets that match a given search query. + Continuously polls the https://developer.twitter.com/en/docs/twitter-api/tweets/search/api-reference/get-tweets-search-recent[Twitter recent search V2 API^] for tweets that match a given search query. - Each tweet received is emitted as a JSON object message, with a field `id` and `text` by default. Extra fields [can be obtained from the search API](https://developer.twitter.com/en/docs/twitter-api/fields) when listed with the `tweet_fields` field. + Each tweet received is emitted as a JSON object message, with a field `id` and `text` by default. Extra fields https://developer.twitter.com/en/docs/twitter-api/fields[can be obtained from the search API^] when listed with the `tweet_fields` field. - In order to paginate requests that are made the ID of the latest received tweet is stored in a [cache resource](/docs/components/caches/about), which is then used by subsequent requests to ensure only tweets after it are consumed. It is recommended that the cache you use is persistent so that Benthos can resume searches at the correct place on a restart. + In order to paginate requests that are made the ID of the latest received tweet is stored in a xref:components:caches/about.adoc[cache resource], which is then used by subsequent requests to ensure only tweets after it are consumed. It is recommended that the cache you use is persistent so that Benthos can resume searches at the correct place on a restart. - Authentication is done using OAuth 2.0 credentials which can be generated within the [Twitter developer portal](https://developer.twitter.com). + Authentication is done using OAuth 2.0 credentials which can be generated within the https://developer.twitter.com[Twitter developer portal^]. fields: - name: query @@ -18,7 +18,7 @@ fields: type: string - name: tweet_fields - description: An optional list of additional fields to obtain for each tweet, by default only the fields `id` and `text` are returned. For more info refer to the [twitter API docs.](https://developer.twitter.com/en/docs/twitter-api/fields) + description: An optional list of additional fields to obtain for each tweet, by default only the fields `id` and `text` are returned. For more info refer to the https://developer.twitter.com/en/docs/twitter-api/fields[twitter API docs^]. type: string kind: list default: [] @@ -50,11 +50,11 @@ fields: advanced: true - name: api_key - description: An API key for OAuth 2.0 authentication. It is recommended that you populate this field using [environment variables](/docs/configuration/interpolation). + description: An API key for OAuth 2.0 authentication. It is recommended that you populate this field using xref:configuration:interpolation.adoc[environment variables]. type: string - name: api_secret - description: An API secret for OAuth 2.0 authentication. It is recommended that you populate this field using [environment variables](/docs/configuration/interpolation). + description: An API secret for OAuth 2.0 authentication. It is recommended that you populate this field using xref:configuration:interpolation.adoc[environment variables]. type: string mapping: | diff --git a/internal/impl/wasm/processor_wazero.go b/internal/impl/wasm/processor_wazero.go index 0d88010854..a17fa99ae2 100644 --- a/internal/impl/wasm/processor_wazero.go +++ b/internal/impl/wasm/processor_wazero.go @@ -20,9 +20,9 @@ func wazeroAllocProcessorConfig() *service.ConfigSpec { Categories("Utility"). Summary("Executes a function exported by a WASM module for each message."). Description(` -This processor uses https://github.com/tetratelabs/wazero[Wazero] to execute a WASM module (with support for WASI), calling a specific function for each message being processed. From within the WASM module it is possible to query and mutate the message being processed via a suite of functions exported to the module. +This processor uses https://github.com/tetratelabs/wazero[Wazero^] to execute a WASM module (with support for WASI), calling a specific function for each message being processed. From within the WASM module it is possible to query and mutate the message being processed via a suite of functions exported to the module. -This ecosystem is delicate as WASM doesn't have a single clearly defined way to pass strings back and forth between the host and the module. In order to remedy this we're gradually working on introducing libraries and examples for multiple languages which can be found in https://github.com/benthosdev/benthos/tree/main/public/wasm/README.md[the codebase]. +This ecosystem is delicate as WASM doesn't have a single clearly defined way to pass strings back and forth between the host and the module. In order to remedy this we're gradually working on introducing libraries and examples for multiple languages which can be found in https://github.com/{project-github}/tree/main/public/wasm/README.md[the codebase^]. These examples, as well as the processor itself, is a work in progress.