From e225a8b750081c62abf6e5c0d9ad4a764d22126c Mon Sep 17 00:00:00 2001 From: Alexandre Normand Date: Wed, 27 Sep 2023 10:01:20 -0700 Subject: [PATCH] Update default configuration for ssl to 'allow' (#15917) * DBM-2773 Update ssl default configuration to 'allow' * Add changelog --- postgres/CHANGELOG.md | 4 ++++ postgres/assets/configuration/spec.yaml | 3 ++- postgres/datadog_checks/postgres/config.py | 2 +- postgres/datadog_checks/postgres/config_models/defaults.py | 2 +- postgres/datadog_checks/postgres/data/conf.yaml.example | 4 ++-- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/postgres/CHANGELOG.md b/postgres/CHANGELOG.md index 83c489c318599..252977eab3f3a 100644 --- a/postgres/CHANGELOG.md +++ b/postgres/CHANGELOG.md @@ -2,6 +2,10 @@ ## Unreleased +***Changed***: + +* Update `ssl` default configuration to 'allow' ([#15917](https://github.com/DataDog/integrations-core/pull/15917)) + ***Fixed***: * Prevent Postgres integration from collecting WAL metrics from Aurora instances that cannot be collected ([#15896](https://github.com/DataDog/integrations-core/pull/15896)) diff --git a/postgres/assets/configuration/spec.yaml b/postgres/assets/configuration/spec.yaml index d76a22a355168..7fd3cf7bf50e1 100644 --- a/postgres/assets/configuration/spec.yaml +++ b/postgres/assets/configuration/spec.yaml @@ -86,7 +86,8 @@ files: For a detailed description of how these options work see https://www.postgresql.org/docs/current/libpq-ssl.html value: type: string - example: "disable" + example: 'allow' + default: 'allow' - name: ssl_root_cert description: | The path to the ssl root certificate. diff --git a/postgres/datadog_checks/postgres/config.py b/postgres/datadog_checks/postgres/config.py index 577093659f2d0..050b7fc3f24ee 100644 --- a/postgres/datadog_checks/postgres/config.py +++ b/postgres/datadog_checks/postgres/config.py @@ -60,7 +60,7 @@ def __init__(self, instance): self.max_connections = instance.get('max_connections', 30) self.tags = self._build_tags(instance.get('tags', [])) - ssl = instance.get('ssl', "disable") + ssl = instance.get('ssl', "allow") if ssl in SSL_MODES: self.ssl_mode = ssl diff --git a/postgres/datadog_checks/postgres/config_models/defaults.py b/postgres/datadog_checks/postgres/config_models/defaults.py index abffb7ef8feee..efa8bcd5c2234 100644 --- a/postgres/datadog_checks/postgres/config_models/defaults.py +++ b/postgres/datadog_checks/postgres/config_models/defaults.py @@ -113,7 +113,7 @@ def instance_query_timeout(): def instance_ssl(): - return 'disable' + return 'allow' def instance_table_count_limit(): diff --git a/postgres/datadog_checks/postgres/data/conf.yaml.example b/postgres/datadog_checks/postgres/data/conf.yaml.example index 487805d27ee6f..c2d684e26fb35 100644 --- a/postgres/datadog_checks/postgres/data/conf.yaml.example +++ b/postgres/datadog_checks/postgres/data/conf.yaml.example @@ -63,7 +63,7 @@ instances: # - rdsadmin # - azure_maintenance - ## @param ssl - string - optional - default: disable + ## @param ssl - string - optional - default: allow ## This option determines whether or not and with what priority a secure SSL TCP/IP connection ## is negotiated with the server. There are six modes: ## - `disable`: Only tries a non-SSL connection. @@ -78,7 +78,7 @@ instances: ## ## For a detailed description of how these options work see https://www.postgresql.org/docs/current/libpq-ssl.html # - # ssl: disable + # ssl: allow ## @param ssl_root_cert - string - optional ## The path to the ssl root certificate.