Anil db/v0.39

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "vector"
-version = "0.39.0-databricks-v1"
+version = "0.39.0-databricks-v2"
 authors = ["Vector Contributors <[email protected]>"]
 edition = "2021"
 description = "A lightweight and ultra-fast tool for building observability pipelines"

README.databricks.md

@@ -1,12 +1,13 @@
 This lists custom changes merged in Databricks fork of Vector.
 1. Fix premature ack when data file is full. https://github.com/databricks/vector/pull/1
 2. Retry s3 request even when observing ConstructionFailure to avoid data loss. https://github.com/databricks/vector/pull/2
 3. Updating/adding INFO logs for when vector sends to cloud storage. https://github.com/databricks/vector/pull/5
 4. Allow retries on all sink exceptions https://github.com/databricks/vector/pull/7
 5. Also allowing retries on AccessDenied exceptions in AWS https://github.com/databricks/vector/pull/12
 6. Updating version to also carry a Databricks version https://github.com/databricks/vector/pull/13
 7. Add a new event for successful upload to cloud storage (+ rework old send) https://github.com/databricks/vector/pull/14
 8. Add new Vector events for topology events (new source/sink creation, vector start/stop) https://github.com/databricks/vector/pull/17
 9. Provide an option to override the Content-Encoding header for files uploaded by Google Cloud Storage sink https://github.com/databricks/vector/pull/30
 10. Add functionality to derive topic from file upload path https://github.com/databricks/vector/pull/33
 11. Update event logs to support emitting granular upload events https://github.com/databricks/vector/pull/35
+12. Add support for SNI. A PR for upstream is also been created. https://github.com/databricks/vector/pull/39 upstream PR: https://github.com/vectordotdev/vector/pull/21365

lib/vector-core/src/tls/mod.rs

@@ -183,13 +183,13 @@ pub fn tls_connector_builder(settings: &MaybeTlsSettings) -> Result<SslConnector
 }
 
 fn tls_connector(settings: &MaybeTlsSettings) -> Result<ConnectConfiguration> {
-    let verify_hostname = settings
-        .tls()
-        .map_or(true, |settings| settings.verify_hostname);
-    let configure = tls_connector_builder(settings)?
+    let mut configure = tls_connector_builder(settings)?
         .build()
         .configure()
-        .context(TlsBuildConnectorSnafu)?
-        .verify_hostname(verify_hostname);
+        .context(TlsBuildConnectorSnafu)?;
+    let tls_setting = settings.tls().cloned();
+    if let Some(tls_setting) = &tls_setting {
+        tls_setting.apply_connect_configuration(&mut configure)
+    }
     Ok(configure)
 }

lib/vector-core/src/tls/settings.rs

@@ -148,6 +148,14 @@ pub struct TlsConfig {
     #[configurable(metadata(docs::examples = "PassWord1"))]
     #[configurable(metadata(docs::human_name = "Key File Password"))]
     pub key_pass: Option<String>,
+
+    /// Server name to use when using Server Name Indication (SNI).
+    ///
+    /// Only relevant for outgoing connections.
+    #[serde(alias = "server_name")]
+    #[configurable(metadata(docs::examples = "www.example.com"))]
+    #[configurable(metadata(docs::human_name = "Server Name"))]
+    pub server_name: Option<String>,
 }
 
 impl TlsConfig {
@@ -169,6 +177,7 @@ pub struct TlsSettings {
     authorities: Vec<X509>,
     pub(super) identity: Option<IdentityStore>, // openssl::pkcs12::ParsedPkcs12 doesn't impl Clone yet
     alpn_protocols: Option<Vec<u8>>,
+    server_name: Option<String>,
 }
 
 #[derive(Clone)]
@@ -203,6 +212,7 @@ impl TlsSettings {
             authorities: options.load_authorities()?,
             identity: options.load_identity()?,
             alpn_protocols: options.parse_alpn_protocols()?,
+            server_name: options.server_name.clone(),
         })
     }
 
@@ -335,6 +345,14 @@ impl TlsSettings {
 
     pub fn apply_connect_configuration(&self, connection: &mut ConnectConfiguration) {
         connection.set_verify_hostname(self.verify_hostname);
+        if let Some(server_name) = &self.server_name {
+            // Prevent native TLS lib from inferring default SNI using domain name from url.
+            connection.set_use_server_name_indication(false);
+            match connection.set_hostname(server_name) {
+                Ok(_) => (),
+                Err(e) => error!("Failed to set server name indication: {}", e),
+            }
+        }
     }
 }