Update default configuration for ssl to 'allow' (#15917)

* DBM-2773 Update ssl default configuration to 'allow' * Add changelog
DataDog · Sep 27, 2023 · e225a8b · e225a8b
1 parent 2203520
commit e225a8b
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 5 deletions.
diff --git a/postgres/CHANGELOG.md b/postgres/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+***Changed***:
+
+* Update `ssl` default configuration to 'allow' ([#15917](https://github.com/DataDog/integrations-core/pull/15917))
+
 ***Fixed***:
 
 * Prevent Postgres integration from collecting WAL metrics from Aurora instances that cannot be collected ([#15896](https://github.com/DataDog/integrations-core/pull/15896))

diff --git a/postgres/assets/configuration/spec.yaml b/postgres/assets/configuration/spec.yaml
@@ -86,7 +86,8 @@ files:
         For a detailed description of how these options work see https://www.postgresql.org/docs/current/libpq-ssl.html
       value:
         type: string
-        example: "disable"
+        example: 'allow'
+        default: 'allow'
     - name: ssl_root_cert
       description: |
         The path to the ssl root certificate.

diff --git a/postgres/datadog_checks/postgres/config.py b/postgres/datadog_checks/postgres/config.py
@@ -60,7 +60,7 @@ def __init__(self, instance):
         self.max_connections = instance.get('max_connections', 30)
         self.tags = self._build_tags(instance.get('tags', []))
 
-        ssl = instance.get('ssl', "disable")
+        ssl = instance.get('ssl', "allow")
         if ssl in SSL_MODES:
             self.ssl_mode = ssl
 

diff --git a/postgres/datadog_checks/postgres/config_models/defaults.py b/postgres/datadog_checks/postgres/config_models/defaults.py
@@ -113,7 +113,7 @@ def instance_query_timeout():
 
 
 def instance_ssl():
-    return 'disable'
+    return 'allow'
 
 
 def instance_table_count_limit():

diff --git a/postgres/datadog_checks/postgres/data/conf.yaml.example b/postgres/datadog_checks/postgres/data/conf.yaml.example
@@ -63,7 +63,7 @@ instances:
     #   - rdsadmin
     #   - azure_maintenance
 
-    ## @param ssl - string - optional - default: disable
+    ## @param ssl - string - optional - default: allow
     ## This option determines whether or not and with what priority a secure SSL TCP/IP connection
     ## is negotiated with the server. There are six modes:
     ## - `disable`: Only tries a non-SSL connection.
@@ -78,7 +78,7 @@ instances:
     ##
     ## For a detailed description of how these options work see https://www.postgresql.org/docs/current/libpq-ssl.html
     #
-    # ssl: disable
+    # ssl: allow
 
     ## @param ssl_root_cert - string - optional
     ## The path to the ssl root certificate.