feat(new sink): initial websocket_server sink
#22213
Conversation
This adds a new sink, similar to `websocket` which acts like a client, while this one acts as a server. It currently broadcasts messages to all currently connected clients.
github-actions
bot
added
domain: topology
|
I have added customizable auth handler in this PR, but I can take it out into a separate PR if needed. This is also missing some tests and some metrics. I will probably also work on an optional event buffer to enable replays for some clients. That one might be more complex, so I wanted to put it off for now, to keep the initial PR simple. |
github-actions
bot
added
the
domain: external docs
esensar
changed the title
websocket_listener sinkwebsocket_listener sink
If it's not too much effort, please do. It should make reviewing faster. It's just me reviewing PRs for this month 😅 |
Oh 😄 |
|
Oh and sorry, I just saw the other part of the comment. Yeah, it causes duplication, my idea was to reuse it across these components, but didn't want to make too many changes in this PR. I guess if I move it to a separate PR, then changing these out should be okay. |
This adds `custom` auth strategy for components with HTTP server (`http_server`, `datadog_agent`, `opentelemetry`, `prometheus`) besides the default basic auth. This is a breaking change because `strategy` is now required for auth - for existing configurations `strategy: "basic"` needs to be added. Related: vectordotdev#22213
github-actions
bot
removed
the
domain: topology
|
Would it make more sense to name this |
👍 |
esensar
changed the title
websocket_listener sinkwebsocket_server sink
| When enabled for a sink, any source connected to that sink, where the source supports | ||
| end-to-end acknowledgements as well, waits for events to be acknowledged by **all | ||
| connected** sinks before acknowledging them at the source. |
There was a problem hiding this comment.
| When enabled for a sink, any source connected to that sink, where the source supports | |
| end-to-end acknowledgements as well, waits for events to be acknowledged by **all | |
| connected** sinks before acknowledging them at the source. | |
| When enabled for a sink, any source that supports end-to-end | |
| acknowledgements that is connected to that sink waits for events | |
| to be acknowledged by **all connected sinks** before acknowledging | |
| them at the source. |
website/cue/reference/components/sinks/base/websocket_server.cue
Outdated
Show resolved
Hide resolved
| } | ||
| device_version: { | ||
| description: """ | ||
| Identifies the version of the problem. In combination with device product and vendor, it composes the unique id of the device that sends messages. |
There was a problem hiding this comment.
| Identifies the version of the problem. In combination with device product and vendor, it composes the unique id of the device that sends messages. | |
| Identifies the version of the problem. The combination of the device produc, vendor, and this value make up the unique id of the device that sends messages. |
| name: { | ||
| description: """ | ||
| This is a path that points to the human-readable description of a log event. | ||
| The value length must be less than or equal to 512. |
There was a problem hiding this comment.
Juts checking - 512 and not 511?
| Reflects importance of the event. | ||
|
|
||
| It must point to a number from 0 to 10. | ||
| 0 = Lowest, 10 = Highest. |
There was a problem hiding this comment.
| 0 = Lowest, 10 = Highest. | |
| 0 = lowest importance, 10 = highest importance. |
| non_numeric: """ | ||
| Puts quotes around all fields that are non-numeric. | ||
| Namely, when writing a field that does not parse as a valid float or integer, | ||
| then quotes are used even if they aren't strictly necessary. |
There was a problem hiding this comment.
| then quotes are used even if they aren't strictly necessary. | |
| quotes are used even if they aren't strictly necessary. |
| description: """ | ||
| Controls how metric tag values are encoded. | ||
|
|
||
| When set to `single`, only the last non-bare value of tags are displayed with the |
There was a problem hiding this comment.
| When set to `single`, only the last non-bare value of tags are displayed with the | |
| When set to `single`, only the last non-bare value of tags is displayed with the |
| description: """ | ||
| Sets the list of supported ALPN protocols. | ||
|
|
||
| Declare the supported ALPN protocols, which are used during negotiation with peer. They are prioritized in the order |
There was a problem hiding this comment.
| Declare the supported ALPN protocols, which are used during negotiation with peer. They are prioritized in the order | |
| Declare the supported ALPN protocols, which are used during negotiation with a peer. They are prioritized in the order |
| The certificate must be in DER, PEM (X.509), or PKCS#12 format. Additionally, the certificate can be provided as | ||
| an inline string in PEM format. | ||
|
|
||
| If this is set, and is not a PKCS#12 archive, `key_file` must also be set. |
There was a problem hiding this comment.
| If this is set, and is not a PKCS#12 archive, `key_file` must also be set. | |
| If this is set _and_ is not a PKCS#12 archive, `key_file` must also be set. |
| If enabled, certificates must not be expired and must be issued by a trusted | ||
| issuer. This verification operates in a hierarchical manner, checking that the leaf certificate (the | ||
| certificate presented by the client/server) is not only valid, but that the issuer of that certificate is also valid, and | ||
| so on until the verification process reaches a root certificate. |
There was a problem hiding this comment.
| so on until the verification process reaches a root certificate. | |
| so on, until the verification process reaches a root certificate. |
Co-authored-by: Sandra (neko) <[email protected]>
|
@neko-dd sorry for the late reply. I have applied one of the suggestions, which was directly related to things added in this PR. The rest of it has been generated automatically from other things that I have used (which are standard for all sinks) and you can see that documentation already live on almost all of the sinks. Maybe these should be fixed in a separate PR? Because if I fixed the here, I would generate too many changes that are not really related to this (it would change docs for all sinks). |
Good idea 👍 Also, please take a look at this 'guide', we will need some more doc files: |
Does this look better now? I have based this on |
Updates wording in common sinks component docs (as suggested by @neko-dd) Related: vectordotdev#22213 (comment)
Summary
This adds a new sink, similar to
websocketwhich acts like a client, while this one acts as a server. It currently broadcasts messages to all currently connected clients.It might make sense to add some kind of buffer and allow clients to catch up to missed messages, or something like that, but I wanted to leave such complications for further PRs.
This also adds customizable authentication using VRL, which would allow us to use custom VRL scripts to check auth, meaning we no longer use hardcoded basic auth and can use enrichment tables to look for credentials.
Change Type
Is this a breaking change?
How did you test this PR?
Started up vector with the following configuration:
Connected to the server with websocat and observed that events are sent to the client. I have also tested auth in this way, by defining auth header using
websocat.Does this PR include user facing changes?
Checklist
make check-allis a good command to run locally. This check isdefined here. Some of these
checks might not be relevant to your PR. For Rust changes, at the very least you should run:
cargo fmt --allcargo clippy --workspace --all-targets -- -D warningscargo nextest run --workspace(alternatively, you can runcargo test --all)Cargo.lock), pleaserun
dd-rust-license-tool writeto regenerate the license inventory and commit the changes (if any). More details here.