Fix InstanceConfig loading error for ssl config (#15611)

* Fix InstanceConfig loading error * remove unnecessary ssl defaults * Set log to be default value for ssl mode * update changelog
DataDog · Aug 18, 2023 · 12d2caf · 12d2caf
1 parent d205671
commit 12d2caf
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 44 deletions.
diff --git a/postgres/CHANGELOG.md b/postgres/CHANGELOG.md
@@ -14,6 +14,10 @@
 * Update datadog-checks-base dependency version to 32.6.0 ([#15604](https://github.com/DataDog/integrations-core/pull/15604))
 * Prevent `command already in progress` errors in the Postgres integration ([#15489](https://github.com/DataDog/integrations-core/pull/15489))
 
+***Fixed***:
+
+* Fix InstanceConfig loading error for `ssl` config ([#15611](https://github.com/DataDog/integrations-core/pull/15611))
+
 ## 14.1.0 / 2023-08-10
 
 ***Added***:

diff --git a/postgres/assets/configuration/spec.yaml b/postgres/assets/configuration/spec.yaml
@@ -84,39 +84,30 @@ files:
                          trusted CA and that the requested server host name matches the one in the certificate.
 
         For a detailed description of how these options work see https://www.postgresql.org/docs/current/libpq-ssl.html
-
-        Note: `true` is an alias for `require`, and `false` is an alias for `disable`.
       value:
         type: string
-        display_default: "false"
-        example: "false"
+        example: "disable"
     - name: ssl_root_cert
       description: |
         The path to the ssl root certificate.
 
         For a detailed description of how this option works see https://www.postgresql.org/docs/current/libpq-ssl.html
       value:
         type: string
-        display_default: "false"
-        example: "/home/datadog/server-ca.pem"
     - name: ssl_cert
       description: |
         The path to the ssl certificate.
 
         For a detailed description of how this option works see https://www.postgresql.org/docs/current/libpq-ssl.html
       value:
         type: string
-        display_default: "false"
-        example: "/home/datadog/client-cert.pem"
     - name: ssl_key
       description: |
         The path to the ssl client key.
 
         For a detailed description of how this option works see https://www.postgresql.org/docs/current/libpq-ssl.html
       value:
         type: string
-        display_default: "false"
-        example: "/home/datadog/client-key.pem"
     - name: ssl_password
       description: |
         The password for the secret key specified in ssl_key, allowing client certificate private keys to be stored
@@ -125,8 +116,6 @@ files:
         For a detailed description of how this option works see https://www.postgresql.org/docs/current/libpq-ssl.html
       value:
         type: string
-        display_default: "false"
-        example: "ssl_key_password"
     - name: query_timeout
       description: |
         Adds a statement_timeout https://www.postgresql.org/docs/current/runtime-config-client.html#GUC-STATEMENT-TIMEOUT

diff --git a/postgres/datadog_checks/postgres/config.py b/postgres/datadog_checks/postgres/config.py
@@ -60,11 +60,9 @@ def __init__(self, instance):
         self.max_connections = instance.get('max_connections', 30)
         self.tags = self._build_tags(instance.get('tags', []))
 
-        ssl = instance.get('ssl', "false")
+        ssl = instance.get('ssl', "disable")
         if ssl in SSL_MODES:
             self.ssl_mode = ssl
-        else:
-            self.ssl_mode = 'require' if ssl == "true" else 'disable'
 
         self.ssl_cert = instance.get('ssl_cert', None)
         self.ssl_root_cert = instance.get('ssl_root_cert', None)

diff --git a/postgres/datadog_checks/postgres/config_models/defaults.py b/postgres/datadog_checks/postgres/config_models/defaults.py
@@ -113,23 +113,7 @@ def instance_query_timeout():
 
 
 def instance_ssl():
-    return 'false'
-
-
-def instance_ssl_cert():
-    return 'false'
-
-
-def instance_ssl_key():
-    return 'false'
-
-
-def instance_ssl_password():
-    return 'false'
-
-
-def instance_ssl_root_cert():
-    return 'false'
+    return 'disable'
 
 
 def instance_table_count_limit():

diff --git a/postgres/datadog_checks/postgres/data/conf.yaml.example b/postgres/datadog_checks/postgres/data/conf.yaml.example
@@ -63,7 +63,7 @@ instances:
     #   - rdsadmin
     #   - azure_maintenance
 
-    ## @param ssl - string - optional - default: false
+    ## @param ssl - string - optional - default: disable
     ## This option determines whether or not and with what priority a secure SSL TCP/IP connection
     ## is negotiated with the server. There are six modes:
     ## - `disable`: Only tries a non-SSL connection.
@@ -77,39 +77,37 @@ instances:
     ##                  trusted CA and that the requested server host name matches the one in the certificate.
     ##
     ## For a detailed description of how these options work see https://www.postgresql.org/docs/current/libpq-ssl.html
-    ##
-    ## Note: `true` is an alias for `require`, and `false` is an alias for `disable`.
     #
-    # ssl: 'false'
+    # ssl: disable
 
-    ## @param ssl_root_cert - string - optional - default: false
+    ## @param ssl_root_cert - string - optional
     ## The path to the ssl root certificate.
     ##
     ## For a detailed description of how this option works see https://www.postgresql.org/docs/current/libpq-ssl.html
     #
-    # ssl_root_cert: /home/datadog/server-ca.pem
+    # ssl_root_cert: <SSL_ROOT_CERT>
 
-    ## @param ssl_cert - string - optional - default: false
+    ## @param ssl_cert - string - optional
     ## The path to the ssl certificate.
     ##
     ## For a detailed description of how this option works see https://www.postgresql.org/docs/current/libpq-ssl.html
     #
-    # ssl_cert: /home/datadog/client-cert.pem
+    # ssl_cert: <SSL_CERT>
 
-    ## @param ssl_key - string - optional - default: false
+    ## @param ssl_key - string - optional
     ## The path to the ssl client key.
     ##
     ## For a detailed description of how this option works see https://www.postgresql.org/docs/current/libpq-ssl.html
     #
-    # ssl_key: /home/datadog/client-key.pem
+    # ssl_key: <SSL_KEY>
 
-    ## @param ssl_password - string - optional - default: false
+    ## @param ssl_password - string - optional
     ## The password for the secret key specified in ssl_key, allowing client certificate private keys to be stored
     ## in encrypted form on disk.
     ##
     ## For a detailed description of how this option works see https://www.postgresql.org/docs/current/libpq-ssl.html
     #
-    # ssl_password: ssl_key_password
+    # ssl_password: <SSL_PASSWORD>
 
     ## @param query_timeout - integer - optional - default: 5000
     ## Adds a statement_timeout https://www.postgresql.org/docs/current/runtime-config-client.html#GUC-STATEMENT-TIMEOUT