Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[O11y][Redis] Add AUTH (username) and SSL/TLS support #9777

Merged
merged 5 commits into from
May 6, 2024
Merged

[O11y][Redis] Add AUTH (username) and SSL/TLS support #9777

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2c97dc9
Support authentication with username and ssl
harnish-elastic May 3, 2024
4277404
update changelog.yml
harnish-elastic May 3, 2024
eaff5af
Update packages/redis/changelog.yml
harnish-elastic May 6, 2024
4b4deca
address review comments
harnish-elastic May 6, 2024
3a98b3f
Merge branch 'redis-support-username-and-ssl' of https://github.com/h…
harnish-elastic May 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/redis/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.15.0"
changes:
- description: Add AUTH (username) and SSL/TLS support.
type: enhancement
link: https://github.com/elastic/integrations/pull/9777
- version: "1.14.0"
changes:
- description: Enable 'secret' for the sensitive fields.
Expand Down
6 changes: 6 additions & 0 deletions packages/redis/data_stream/info/agent/stream/stream.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,13 @@ maxconn: {{maxconn}}
{{#if network}}
network: {{network}}
{{/if}}
{{#if username}}
username: {{username}}
{{/if}}
{{#if password}}
password: {{password}}
{{/if}}
{{#if ssl}}
{{ssl}}
{{/if}}
period: {{period}}
6 changes: 6 additions & 0 deletions packages/redis/data_stream/key/agent/stream/stream.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,13 @@ maxconn: {{maxconn}}
{{#if network}}
network: {{network}}
{{/if}}
{{#if username}}
username: {{username}}
{{/if}}
{{#if password}}
password: {{password}}
{{/if}}
{{#if ssl}}
{{ssl}}
{{/if}}
period: {{period}}
6 changes: 6 additions & 0 deletions packages/redis/data_stream/keyspace/agent/stream/stream.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,13 @@ maxconn: {{maxconn}}
{{#if network}}
network: {{network}}
{{/if}}
{{#if username}}
username: {{username}}
{{/if}}
{{#if password}}
password: {{password}}
{{/if}}
{{#if ssl}}
{{ssl}}
{{/if}}
period: {{period}}
43 changes: 42 additions & 1 deletion packages/redis/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: "3.0.2"
name: redis
title: Redis
version: "1.14.0"
version: "1.15.0"
description: Collect logs and metrics from Redis servers with Elastic Agent.
type: integration
categories:
Expand Down Expand Up @@ -72,6 +72,14 @@ policy_templates:
required: false
show_user: false
default: tcp
- name: username
type: text
title: Username
secret: false
multi: false
required: false
show_user: false
default: ""
- name: password
type: password
title: Password
Expand All @@ -80,6 +88,39 @@ policy_templates:
required: false
show_user: false
default: ""
- name: ssl
type: yaml
title: SSL Configuration
default: |
# ssl.certificate_authorities: |
# -----BEGIN CERTIFICATE-----
# MIID+jCCAuKgAwIBAgIGAJJMzlxLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYT
# AlVTMQwwCgYDVQQKEwNJQk0xFjAUBgNVBAsTDURlZmF1bHROb2RlMDExFjAUBgNV
# BAsTDURlZmF1bHRDZWxsMDExGTAXBgNVBAsTEFJvb3QgQ2VydGlmaWNhdGUxEjAQ
# BgNVBAMTCWxvY2FsaG9zdDAeFw0yMTEyMTQyMjA3MTZaFw0yMjEyMTQyMjA3MTZa
# MF8xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xFjAUBgNVBAsTDURlZmF1bHRO
# b2RlMDExFjAUBgNVBAsTDURlZmF1bHRDZWxsMDExEjAQBgNVBAMTCWxvY2FsaG9z
# dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMv5HCsJZIpI5zCy+jXV
# z6lmzNc9UcVSEEHn86h6zT6pxuY90TYeAhlZ9hZ+SCKn4OQ4GoDRZhLPTkYDt+wW
# CV3NTIy9uCGUSJ6xjCKoxClJmgSQdg5m4HzwfY4ofoEZ5iZQ0Zmt62jGRWc0zuxj
# hegnM+eO2reBJYu6Ypa9RPJdYJsmn1RNnC74IDY8Y95qn+WZj//UALCpYfX41hko
# i7TWD9GKQO8SBmAxhjCDifOxVBokoxYrNdzESl0LXvnzEadeZTd9BfUtTaBHhx6t
# njqqCPrbTY+3jAbZFd4RiERPnhLVKMytw5ot506BhPrUtpr2lusbN5svNXjuLeea
# MMUCAwEAAaOBoDCBnTATBgNVHSMEDDAKgAhOatpLwvJFqjAdBgNVHSUEFjAUBggr
# BgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0RBE0wS4E+UHJvZmlsZVVVSUQ6QXBwU3J2
# MDEtQkFTRS05MDkzMzJjMC1iNmFiLTQ2OTMtYWI5NC01Mjc1ZDI1MmFmNDiCCWxv
# Y2FsaG9zdDARBgNVHQ4ECgQITzqhA5sO8O4wDQYJKoZIhvcNAQELBQADggEBAKR0
# gY/BM69S6BDyWp5dxcpmZ9FS783FBbdUXjVtTkQno+oYURDrhCdsfTLYtqUlP4J4
# CHoskP+MwJjRIoKhPVQMv14Q4VC2J9coYXnePhFjE+6MaZbTjq9WaekGrpKkMaQA
# iQt5b67jo7y63CZKIo9yBvs7sxODQzDn3wZwyux2vPegXSaTHR/rop/s/mPk3YTS
# hQprs/IVtPoWU4/TsDN3gIlrAYGbcs29CAt5q9MfzkMmKsuDkTZD0ry42VjxjAmk
# xw23l/k8RoD1wRWaDVbgpjwSzt+kl+vJE/ip2w3h69eEZ9wbo6scRO5lCO2JM4Pr
# 7RhLQyWn2u00L7/9Omw=
# -----END CERTIFICATE-----
description: i.e. certificate_authorities, supported_protocols, verification_mode etc.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we improve the description?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks weird. How does it show up on Kibana? Can you please see?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will show up on kibana as below, Please let me know your thoughts on what should we show up to improve the description. FYI, all the packages currently having the same SSL descriptions!

image

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's change it to something like this:

https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#:~:text=Common%20SSL%20configuration%20options%20can%20be%20used%20in%20both%20client%20and%20server%20configurations.%20You%20can%20specify%20the%20following%20options%20in%20the%20ssl%20section%20of%20each%20subsystem%20that%20supports%20SSL.

From ^^, we can probably do this?

This section allows for the configuration of SSL settings to enable secure communication between the client and server. Both common and specific SSL options can be customized to ensure a secure and reliable connection. Example: certificate_authorities, supported-protocols, verification-mode, key, certificate, etc.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the certificate_authorities, links looks broken to me! Can you have a look and update?

image

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this link that you are suggesting to be there for certificate_authorities?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here: https://www.elastic.co/guide/en/beats/metricbeat/current/configuration-ssl.html#client-certificate-authorities

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this link that you are suggesting to be there for certificate_authorities?

Yep!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here is the screenshot of how it will show up in kibana.

image

multi: false
required: false
show_user: false
title: Collect Redis metrics
description: Collecting info, key and keyspace metrics from Redis instances
owner:
Expand Down