diff --git a/charts/logging-operator/crds/logging.banzaicloud.io_syslogngclusteroutputs.yaml b/charts/logging-operator/crds/logging.banzaicloud.io_syslogngclusteroutputs.yaml index a768599fe..ffd60ee91 100644 --- a/charts/logging-operator/crds/logging.banzaicloud.io_syslogngclusteroutputs.yaml +++ b/charts/logging-operator/crds/logging.banzaicloud.io_syslogngclusteroutputs.yaml @@ -280,6 +280,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -572,6 +581,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -774,6 +792,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1083,6 +1110,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1717,6 +1753,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1977,6 +2022,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -2186,6 +2240,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -2378,6 +2441,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object diff --git a/charts/logging-operator/crds/logging.banzaicloud.io_syslogngoutputs.yaml b/charts/logging-operator/crds/logging.banzaicloud.io_syslogngoutputs.yaml index e8f027093..5a7f46328 100644 --- a/charts/logging-operator/crds/logging.banzaicloud.io_syslogngoutputs.yaml +++ b/charts/logging-operator/crds/logging.banzaicloud.io_syslogngoutputs.yaml @@ -280,6 +280,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -568,6 +577,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -770,6 +788,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1079,6 +1106,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1713,6 +1749,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1973,6 +2018,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -2182,6 +2236,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -2374,6 +2437,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object diff --git a/config/crd/bases/logging.banzaicloud.io_syslogngclusteroutputs.yaml b/config/crd/bases/logging.banzaicloud.io_syslogngclusteroutputs.yaml index a768599fe..ffd60ee91 100644 --- a/config/crd/bases/logging.banzaicloud.io_syslogngclusteroutputs.yaml +++ b/config/crd/bases/logging.banzaicloud.io_syslogngclusteroutputs.yaml @@ -280,6 +280,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -572,6 +581,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -774,6 +792,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1083,6 +1110,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1717,6 +1753,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1977,6 +2022,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -2186,6 +2240,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -2378,6 +2441,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object diff --git a/config/crd/bases/logging.banzaicloud.io_syslogngoutputs.yaml b/config/crd/bases/logging.banzaicloud.io_syslogngoutputs.yaml index e8f027093..5a7f46328 100644 --- a/config/crd/bases/logging.banzaicloud.io_syslogngoutputs.yaml +++ b/config/crd/bases/logging.banzaicloud.io_syslogngoutputs.yaml @@ -280,6 +280,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -568,6 +577,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -770,6 +788,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1079,6 +1106,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1713,6 +1749,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -1973,6 +2018,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -2182,6 +2236,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object @@ -2374,6 +2437,15 @@ spec: type: object peer_verify: type: boolean + ssl_version: + enum: + - sslv3 + - tlsv1 + - tlsv1_0 + - tlsv1_1 + - tlsv1_2 + - tlsv1_3 + type: string use-system-cert-store: type: boolean type: object diff --git a/docs/configuration/plugins/syslogng-outputs/tls.md b/docs/configuration/plugins/syslogng-outputs/tls.md index 0822037eb..2d6acb036 100644 --- a/docs/configuration/plugins/syslogng-outputs/tls.md +++ b/docs/configuration/plugins/syslogng-outputs/tls.md @@ -53,4 +53,10 @@ Description: Specifies the cipher, hash, and key-exchange algorithms used for th Default: - +### ssl_version (string, optional) {#tls-ssl_version} + +Configure required TLS version. Accepted values: [sslv3, tlsv1, tlsv1_0, tlsv1_1, tlsv1_2, tlsv1_3] + +Default: - + diff --git a/pkg/sdk/logging/model/syslogng/config/output_tests/http_test.go b/pkg/sdk/logging/model/syslogng/config/output_tests/http_test.go index 05ca64470..21be902a9 100644 --- a/pkg/sdk/logging/model/syslogng/config/output_tests/http_test.go +++ b/pkg/sdk/logging/model/syslogng/config/output_tests/http_test.go @@ -103,6 +103,32 @@ func TestHTTPOutputTable(t *testing.T) { config: `destination "output_default_test-http-out" { http(url("test.local") headers("a:b" "c:d") batch-lines(2000) workers(3) persist_name("output_default_test-http-out")); }; +`, + }, + { + name: "test_tls_version", + output: v1beta1.SyslogNGOutput{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "default", + Name: "test-http-out", + }, + Spec: v1beta1.SyslogNGOutputSpec{ + HTTP: &output.HTTPOutput{ + URL: "test.local", + Headers: []string{"a:b", "c:d"}, + Batch: output.Batch{ + BatchLines: 2000, + }, + Workers: 3, + TLS: &output.TLS{ + SslVersion: "tlsv1_3", + }, + }, + }, + }, + config: `destination "output_default_test-http-out" { + http(url("test.local") headers("a:b" "c:d") tls(ssl_version("tlsv1_3")) batch-lines(2000) workers(3) persist_name("output_default_test-http-out")); +}; `, }, { diff --git a/pkg/sdk/logging/model/syslogng/output/tls.go b/pkg/sdk/logging/model/syslogng/output/tls.go index 4ae722ec8..06875b483 100644 --- a/pkg/sdk/logging/model/syslogng/output/tls.go +++ b/pkg/sdk/logging/model/syslogng/output/tls.go @@ -46,4 +46,7 @@ type TLS struct { UseSystemCertStore *bool `json:"use-system-cert-store,omitempty"` // Description: Specifies the cipher, hash, and key-exchange algorithms used for the encryption, for example, ECDHE-ECDSA-AES256-SHA384. The list of available algorithms depends on the version of OpenSSL used to compile syslog-ng OSE CipherSuite string `json:"cipher-suite,omitempty"` + // Configure required TLS version. Accepted values: [sslv3, tlsv1, tlsv1_0, tlsv1_1, tlsv1_2, tlsv1_3] + // +kubebuilder:validation:Enum=sslv3;tlsv1;tlsv1_0;tlsv1_1;tlsv1_2;tlsv1_3 + SslVersion string `json:"ssl_version,omitempty"` }