fix(config): Avoid parsing configuration files without interpolating secrets #20985
Conversation
Which caused #20974 Reverts: #17759 Signed-off-by: Jesse Szwedko <[email protected]>
…serialization Signed-off-by: Jesse Szwedko <[email protected]>
Signed-off-by: Jesse Szwedko <[email protected]>
github-actions
bot
added
the
domain: sources
Datadog ReportBranch report: ✅ 0 Failed, 25 Passed, 0 Skipped, 25.53s Total Time |
bruceg
changed the title
| let host_key = self | ||
| .host_key | ||
| .clone() | ||
| .unwrap_or(log_schema().host_key().cloned().into()) |
There was a problem hiding this comment.
This code sequence being repeated 8(?) times makes me think there should be a helper function for it.
Signed-off-by: Jesse Szwedko <[email protected]>
github-actions
bot
added
the
domain: external docs
| @@ -45,7 +45,7 @@ base: components: sources: docker_logs: configuration: { | |||
| [global_host_key]: https://vector.dev/docs/reference/configuration/global-options/#log_schema.host_key | |||
| """ | |||
| required: false | |||
| type: string: default: "host" | |||
| type: string: {} | |||
There was a problem hiding this comment.
Is there no default value anymore?
There was a problem hiding this comment.
It'll default to log_schema.host_key as mentioned in the option description. The field itself just doesn't have an explicit default.
There was a problem hiding this comment.
(or rather it defaults to "null" which will cause it to fallback to the value of log_schema.host_key)
Regression Detector ResultsRun ID: 7a90d66a-eb2d-4c9f-bc4c-eb0175c79f0f Metrics dashboard Baseline: 270bdc5 Performance changes are noted in the perf column of each table:
Significant changes in experiment optimization goalsConfidence level: 90.00%
|
| perf | experiment | goal | Δ mean % | Δ mean % CI | links |
|---|---|---|---|---|---|
| ❌ | file_to_blackhole | egress throughput | -20.86 | [-26.97, -14.75] |
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI | links |
|---|---|---|---|---|---|
| ✅ | syslog_log2metric_humio_metrics | ingress throughput | +6.16 | [+5.99, +6.34] | |
| ➖ | otlp_http_to_blackhole | ingress throughput | +3.77 | [+3.64, +3.90] | |
| ➖ | datadog_agent_remap_blackhole_acks | ingress throughput | +2.94 | [+2.81, +3.08] | |
| ➖ | otlp_grpc_to_blackhole | ingress throughput | +1.70 | [+1.59, +1.82] | |
| ➖ | http_elasticsearch | ingress throughput | +1.64 | [+1.48, +1.81] | |
| ➖ | syslog_humio_logs | ingress throughput | +1.34 | [+1.19, +1.48] | |
| ➖ | datadog_agent_remap_datadog_logs | ingress throughput | +1.11 | [+0.89, +1.34] | |
| ➖ | socket_to_socket_blackhole | ingress throughput | +1.07 | [+0.97, +1.16] | |
| ➖ | datadog_agent_remap_blackhole | ingress throughput | +0.71 | [+0.61, +0.81] | |
| ➖ | http_to_http_acks | ingress throughput | +0.71 | [-0.61, +2.03] | |
| ➖ | syslog_splunk_hec_logs | ingress throughput | +0.70 | [+0.61, +0.78] | |
| ➖ | http_to_s3 | ingress throughput | +0.59 | [+0.32, +0.86] | |
| ➖ | fluent_elasticsearch | ingress throughput | +0.56 | [+0.06, +1.05] | |
| ➖ | http_to_http_noack | ingress throughput | +0.09 | [+0.02, +0.15] | |
| ➖ | http_to_http_json | ingress throughput | +0.04 | [-0.01, +0.09] | |
| ➖ | splunk_hec_indexer_ack_blackhole | ingress throughput | +0.01 | [-0.07, +0.09] | |
| ➖ | splunk_hec_to_splunk_hec_logs_acks | ingress throughput | +0.00 | [-0.10, +0.11] | |
| ➖ | splunk_hec_to_splunk_hec_logs_noack | ingress throughput | -0.00 | [-0.10, +0.10] | |
| ➖ | syslog_loki | ingress throughput | -0.13 | [-0.21, -0.05] | |
| ➖ | datadog_agent_remap_datadog_logs_acks | ingress throughput | -0.20 | [-0.40, +0.01] | |
| ➖ | syslog_log2metric_tag_cardinality_limit_blackhole | ingress throughput | -0.37 | [-0.50, -0.24] | |
| ➖ | syslog_regex_logs2metric_ddmetrics | ingress throughput | -1.34 | [-1.52, -1.16] | |
| ➖ | splunk_hec_route_s3 | ingress throughput | -1.43 | [-1.73, -1.12] | |
| ➖ | syslog_log2metric_splunk_hec_metrics | ingress throughput | -2.09 | [-2.22, -1.97] | |
| ➖ | http_text_to_http_json | ingress throughput | -4.71 | [-4.90, -4.52] | |
| ❌ | file_to_blackhole | egress throughput | -20.86 | [-26.97, -14.75] |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
…secrets (vectordotdev#20985) * fix(config): Avoid parsing configuration files without secrets Which caused vectordotdev#20974 Reverts: vectordotdev#17759 Signed-off-by: Jesse Szwedko <[email protected]> * Update configuration structs to default to log_schema fields after deserialization Signed-off-by: Jesse Szwedko <[email protected]> * Add changelog entry Signed-off-by: Jesse Szwedko <[email protected]> * Regenerate docs Signed-off-by: Jesse Szwedko <[email protected]> --------- Signed-off-by: Jesse Szwedko <[email protected]>
…secrets (vectordotdev#20985) * fix(config): Avoid parsing configuration files without secrets Which caused vectordotdev#20974 Reverts: vectordotdev#17759 Signed-off-by: Jesse Szwedko <[email protected]> * Update configuration structs to default to log_schema fields after deserialization Signed-off-by: Jesse Szwedko <[email protected]> * Add changelog entry Signed-off-by: Jesse Szwedko <[email protected]> * Regenerate docs Signed-off-by: Jesse Szwedko <[email protected]> --------- Signed-off-by: Jesse Szwedko <[email protected]>
Closes: #20974
Reverts #17759 and solves the issue fixed by that PR by, instead of deserializing configuration twice, to set the global
log_schema, defer fetching values from thelog_schemauntil after deserialization (previously some config structs would attempt to fetch during deserialization, but thelog_schemamay not have been deserialized by that point).Attempting to pull from
log_schemaduring deserialization is an easy bug to reintroduce, but I don't see an easy way to prohibit it.I think it is easiest to review the first two commits independently.