integrations-core icon indicating copy to clipboard operation
integrations-core copied to clipboard
verified publisher icon DataDog

Incorrect documentation: "message": "'PostgresConfig' object has no attribute 'ssl_mode'"

Open EugenKon opened this issue 1 year ago • 2 comments

This page describes ssl option: https://github.com/DataDog/integrations-core/blob/master/postgres/datadog_checks/postgres/data/conf.yaml.example#L74

But it does not work if I use it: Steps to reproduce the issue:

  1. Configure dd-agent as next:
ad_identifiers:
  - dd-rds-postgres-trigger
  - ssl

init_config:

instances:
  - host: "%%env_POSTGRES_HOST%%"
    port: "%%env_POSTGRES_PORT%%"
    ssl: require
    username: "%%env_POSTGRES_USERNAME%%"
    password: "%%env_POSTGRES_PASSWORD%%"
    dbname: "%%env_POSTGRES_DBNAME%%"
    tags:
      - postgres
      - "role:db"
      - "dbinstanceidentifier:prd-postgres-ssl"

Describe the results you received:

2024-02-13 17:28:23 UTC | CORE | ERROR | (pkg/collector/worker/check_logger.go:70 in Error) | check:postgres | Error running check: [{"message": "'PostgresConfig' object has no attribute 'ssl_mode'", "traceback": "Traceback (most recent call last):\n  File \"/opt/datadog-agent/embedded/lib/python3.9/site-packages/datadog_checks/base/checks/base.py\", line 1210, in run\n    initialization()\n  File \"/opt/datadog-agent/embedded/lib/python3.9/site-packages/datadog_checks/postgres/postgres.py\", line 740, in _connect\n    with self.db():\n  File \"/opt/datadog-agent/embedded/lib/python3.9/contextlib.py\", line 119, in __enter__\n    return next(self.gen)\n  File \"/opt/datadog-agent/embedded/lib/python3.9/site-packages/datadog_checks/postgres/postgres.py\", line 200, in db\n    self._db = self._new_connection(self._config.dbname)\n  File \"/opt/datadog-agent/embedded/lib/python3.9/site-packages/datadog_checks/postgres/postgres.py\", line 714, in _new_connection\n    'sslmode': self._config.ssl_mode,\nAttributeError: 'PostgresConfig' object has no attribute 'ssl_mode'\n"}]

Describe the results you expected: I expect that ssl_mode should be documented. And if I use ssl_mode option then dd-agent works fine. Though when I use the next configuration it also works fine (it does not complain about ssl_mode option):

ad_identifiers:
  - dd-rds-postgres-trigger
  - ssl

init_config:

instances:
  - host: "%%env_POSTGRES_HOST%%"
    port: "%%env_POSTGRES_PORT%%"
    ssl: verify-full
    ssl_root_cert: system
    username: "%%env_POSTGRES_USERNAME%%"
    password: "%%env_POSTGRES_PASSWORD%%"
    dbname: "%%env_POSTGRES_DBNAME%%"
    tags:
      - postgres
      - "role:db"
      - "dbinstanceidentifier:prd-postgres-ssl"

Additional information you deem important (e.g. issue happens only occasionally):

Probably this issue is related: https://github.com/DataDog/integrations-core/issues/16764

  1. A different documentation issue: https://github.com/DataDog/integrations-core/blob/master/postgres/datadog_checks/postgres/data/conf.yaml.example#L74-L77

If a root CA file is present, verifies the certificate in the same way as if verify-ca was specified.

require option should not do any verification. It just should create an SSL connection.

EugenKon avatar Feb 13 '24 17:02 EugenKon

As for now I am using not documented ssl_mode in my configuration:

instances:
  - host: "%%env_POSTGRES_HOST%%"
    port: "%%env_POSTGRES_PORT%%"
    ssl_mode: require
    username: "%%env_POSTGRES_USERNAME%%"
    password: "%%env_POSTGRES_PASSWORD%%"
    dbname: "%%env_POSTGRES_DBNAME%%"
    tags:
      - postgres
      - "role:db"
      - "%%env_MONITORING_TAG%%"

EugenKon avatar Feb 16 '24 17:02 EugenKon

The upcoming agent version 7.57 should provide a more helpful error message when ssl is set incorrectly. Please give it a try when it's released.

Regarding the CA validation, this is built-in functionality of libpq. Do you have a specific use case where there is a root CA present but you don't want it validated?

sethsamuel avatar Jul 16 '24 13:07 sethsamuel