Improve the key validation in secret identifier. #17351
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This pull request does not have a backport label. Could you fix it @mashhurs? 🙏
|
mashhurs
added
backport-active-9
This sounds like a breaking change.
|
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
Yeah, didn't think of the case if keystore had invalid keys already included.
|
yaauie
reviewed
Apr 8, 2025
There was a problem hiding this comment.
Mechanically, this works, and safely guards against adding keys that cannot be referenced in the pipelines without breaking users whose keystores include offending keys.
I've left suggestions about DRY-ing it up a bit, and improving the admitedly-difficult description of the effective key pattern requirement.
logstash-core/src/main/java/org/logstash/secret/SecretIdentifier.java
Outdated
Show resolved
Hide resolved
logstash-core/src/main/java/org/logstash/secret/SecretIdentifier.java
Outdated
Show resolved
Hide resolved
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
1 similar comment
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
mashhurs
force-pushed
the
secret-identifier-key-validator
branch
from
9139460 to
6ac79ce
Compare
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
…ey names to the keystore through keystore CLI. Keysotre now warns on invalid keys if they were already added.
[doc] better explanation of accepting key format. Co-authored-by: Rye Biesemeyer <[email protected]>
…ription. Co-authored-by: Rye Biesemeyer <[email protected]>
mashhurs
force-pushed
the
secret-identifier-key-validator
branch
from
6ac79ce to
bfea29d
Compare
|
Rebased against main as we were having CI issues, fixed by #17531 |
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
yaauie
reviewed
Apr 10, 2025
logstash-core/src/main/java/org/logstash/secret/cli/SecretStoreCli.java
Outdated
Show resolved
Hide resolved
logstash-core/src/test/java/org/logstash/secret/cli/SecretStoreCliTest.java
Outdated
Show resolved
Hide resolved
logstash-core/src/main/java/org/logstash/secret/SecretIdentifier.java
Outdated
Show resolved
Hide resolved
mashhurs
commented
Apr 11, 2025
logstash-core/src/main/java/org/logstash/secret/SecretIdentifier.java
Outdated
Show resolved
Hide resolved
Warning and error messages well formatted. Co-authored-by: Rye Biesemeyer <[email protected]>
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
|
📃 DOCS PREVIEW ✨ https://logstash_bk_17351.docs-preview.app.elstc.co/diff |
yaauie
approved these changes
Apr 23, 2025
logstash-core/src/main/java/org/logstash/secret/SecretIdentifier.java
Outdated
Show resolved
Hide resolved
|
💚 Build Succeeded
History
cc @mashhurs |
|
@Mergifyio backport 8.17 8.18 8.19 9.0 |
✅ Backports have been created
|
mergify bot
pushed a commit
that referenced
this pull request
Apr 24, 2025
* Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <[email protected]> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md
3 tasks
mergify bot
pushed a commit
that referenced
this pull request
Apr 24, 2025
* Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <[email protected]> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md
mergify bot
pushed a commit
that referenced
this pull request
Apr 24, 2025
* Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <[email protected]> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md
This was referenced Apr 24, 2025
mergify bot
pushed a commit
that referenced
this pull request
Apr 24, 2025
* Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <[email protected]> (cherry picked from commit d24675a)
3 tasks
mashhurs
added a commit
that referenced
this pull request
Apr 24, 2025
* Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <[email protected]> (cherry picked from commit d24675a) Co-authored-by: Mashhur <[email protected]>
mashhurs
added a commit
that referenced
this pull request
Apr 24, 2025
…ier. (#17585) * Improve the key validation in secret identifier. (#17351) * Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <[email protected]> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md * Adjust the doc against 8.x --------- Co-authored-by: Mashhur <[email protected]> Co-authored-by: Mashhur <[email protected]>
mashhurs
added a commit
that referenced
this pull request
Apr 24, 2025
…ier. (#17586) * Improve the key validation in secret identifier. (#17351) * Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <[email protected]> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md * Adjust docs against 8.x --------- Co-authored-by: Mashhur <[email protected]> Co-authored-by: Mashhur <[email protected]>
mashhurs
added a commit
that referenced
this pull request
Apr 24, 2025
…ier. (#17587) * Improve the key validation in secret identifier. (#17351) * Improve the key validation in secret identifier. * Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added. * Key pattern is moved to a central config expander class with its description. Co-authored-by: Rye Biesemeyer <[email protected]> (cherry picked from commit d24675a) # Conflicts: # docs/reference/keystore.md * Adjust docs against 8.x --------- Co-authored-by: Mashhur <[email protected]> Co-authored-by: Mashhur <[email protected]>
colleenmcginnis
added a commit
to colleenmcginnis/logstash
that referenced
this pull request
Jul 28, 2025
colleenmcginnis
added a commit
that referenced
this pull request
Aug 14, 2025
* add applies_to badge to changes introduced in #17351 * add applies_to badge to changes introduced in #17759 * reorder list items * use 9.0.1 not 9.1.0 * Update docs/reference/keystore.md Co-authored-by: Karen Metts <[email protected]> --------- Co-authored-by: Karen Metts <[email protected]>
mergify bot
pushed a commit
that referenced
this pull request
Aug 14, 2025
* add applies_to badge to changes introduced in #17351 * add applies_to badge to changes introduced in #17759 * reorder list items * use 9.0.1 not 9.1.0 * Update docs/reference/keystore.md Co-authored-by: Karen Metts <[email protected]> --------- Co-authored-by: Karen Metts <[email protected]> (cherry picked from commit aed28eb)
colleenmcginnis
added a commit
that referenced
this pull request
Aug 14, 2025
* add applies_to badge to changes introduced in #17351 * add applies_to badge to changes introduced in #17759 * reorder list items * use 9.0.1 not 9.1.0 * Update docs/reference/keystore.md --------- (cherry picked from commit aed28eb) Co-authored-by: Colleen McGinnis <[email protected]> Co-authored-by: Karen Metts <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release notes
${...}).What does this PR do?
Before this change, key-value can be added to keystore but it might impossible to reference the key because
ConfigVariableExpanderignores if key name doesn't align withSUBSTITUTION_PLACEHOLDER_REGEXImproves user experience with the secret store CLI that when providing key name, LS validates to accept a value which can be used in pipeline (aligns with
ConfigVariableExpander#SUBSTITUTION_PLACEHOLDER_REGEX).If already invalid key(s) were added, it warns to remove/replace the keys.
Why is it important/What is the impact to the user?
No user impact. Keystore CLI restricts adding meaningless keys to keystore.
Checklist
[] I have made corresponding changes to the documentation[] I have made corresponding change to the default configuration files (and/or docker env variables)Author's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Logs