Merge remote-tracking branch 'origin/master' into OPW-20-allow-empty-…

…builder

docs/DEPRECATIONS.md

@@ -7,4 +7,3 @@ See [DEPRECATION.md](docs/DEPRECATION.md#process) for the process for updating t
 ## To be removed
 
 * datadog_v1_metrics v0.35.0 Support for `v1` series endpoint in the `datadog_metrics` sink should be removed.
-* legacy_openssl_provider v0.34.0 OpenSSL legacy provider flag should be removed

regression/cases/file_to_blackhole/experiment.yaml

@@ -1,2 +1 @@
 optimization_goal: egress_throughput
-erratic: true

regression/cases/otlp_http_to_blackhole/experiment.yaml

@@ -1,2 +1 @@
 optimization_goal: ingress_throughput
-erratic: true

regression/cases/syslog_regex_logs2metric_ddmetrics/experiment.yaml

@@ -1,2 +1 @@
 optimization_goal: ingress_throughput
-erratic: true

scripts/environment/prepare.sh

@@ -5,8 +5,8 @@ git config --global --add safe.directory /git/vectordotdev/vector
 
 rustup show # causes installation of version from rust-toolchain.toml
 rustup default "$(rustup show active-toolchain | awk '{print $1;}')"
-if [[ "$(cargo-deb --version)" != "1.41.3" ]] ; then
-  rustup run stable cargo install cargo-deb --version 1.41.3 --force --locked
+if [[ "$(cargo-deb --version)" != "2.0.0" ]] ; then
+  rustup run stable cargo install cargo-deb --version 2.0.0 --force --locked
 fi
 if [[ "$(cross --version | grep cross)" != "cross 0.2.5" ]] ; then
   rustup run stable cargo install cross --version 0.2.5 --force --locked

src/app.rs

@@ -6,7 +6,6 @@ use futures::StreamExt;
 #[cfg(feature = "enterprise")]
 use futures_util::future::BoxFuture;
 use once_cell::race::OnceNonZeroUsize;
-use openssl::provider::Provider;
 use tokio::runtime::{self, Runtime};
 use tokio_stream::wrappers::UnboundedReceiverStream;
 
@@ -58,7 +57,6 @@ pub struct Application {
     pub root_opts: RootOpts,
     pub config: ApplicationConfig,
     pub signals: SignalPair,
-    pub openssl_providers: Option<Vec<Provider>>,
 }
 
 impl ApplicationConfig {
@@ -197,12 +195,6 @@ impl Application {
             debug!(message = "Disabled probing and configuration of root certificate locations on the system for OpenSSL.");
         }
 
-        let openssl_providers = opts
-            .root
-            .openssl_legacy_provider
-            .then(load_openssl_legacy_providers)
-            .transpose()?;
-
         let runtime = build_runtime(opts.root.threads, "vector-worker")?;
 
         // Signal handler for OS and provider messages.
@@ -223,7 +215,6 @@ impl Application {
                 root_opts: opts.root,
                 config,
                 signals,
-                openssl_providers,
             },
         ))
     }
@@ -240,7 +231,6 @@ impl Application {
             root_opts,
             config,
             signals,
-            openssl_providers,
         } = self;
 
         let topology_controller = SharedTopologyController::new(TopologyController {
@@ -259,7 +249,6 @@ impl Application {
             graceful_crash_receiver: config.graceful_crash_receiver,
             signals,
             topology_controller,
-            openssl_providers,
             allow_empty_config: root_opts.allow_empty_config,
         })
     }
@@ -271,7 +260,6 @@ pub struct StartedApplication {
     pub graceful_crash_receiver: ShutdownErrorReceiver,
     pub signals: SignalPair,
     pub topology_controller: SharedTopologyController,
-    pub openssl_providers: Option<Vec<Provider>>,
     pub allow_empty_config: bool,
 }
 
@@ -286,7 +274,6 @@ impl StartedApplication {
             graceful_crash_receiver,
             signals,
             topology_controller,
-            openssl_providers,
             internal_topologies,
             allow_empty_config,
         } = self;
@@ -322,7 +309,6 @@ impl StartedApplication {
             signal,
             signal_rx,
             topology_controller,
-            openssl_providers,
             internal_topologies,
         }
     }
@@ -380,7 +366,6 @@ pub struct FinishedApplication {
     pub signal: SignalTo,
     pub signal_rx: SignalRx,
     pub topology_controller: SharedTopologyController,
-    pub openssl_providers: Option<Vec<Provider>>,
     pub internal_topologies: Vec<RunningTopology>,
 }
 
@@ -390,7 +375,6 @@ impl FinishedApplication {
             signal,
             signal_rx,
             topology_controller,
-            openssl_providers,
             internal_topologies,
         } = self;
 
@@ -411,7 +395,6 @@ impl FinishedApplication {
             topology.stop().await;
         }
 
-        drop(openssl_providers);
         status
     }
 
@@ -597,22 +580,3 @@ pub fn init_logging(color: bool, format: LogFormat, log_level: &str, rate: u64)
     );
     info!(message = "Log level is enabled.", level = ?level);
 }
-
-/// Load the legacy OpenSSL provider.
-///
-/// The returned [Provider] must stay in scope for the entire lifetime of the application, as it
-/// will be unloaded when it is dropped.
-pub fn load_openssl_legacy_providers() -> Result<Vec<Provider>, ExitCode> {
-    warn!(message = "DEPRECATED The openssl legacy provider provides algorithms and key sizes no longer recommended for use. Set `--openssl-legacy-provider=false` or `VECTOR_OPENSSL_LEGACY_PROVIDER=false` to disable. See https://vector.dev/highlights/2023-08-15-0-32-0-upgrade-guide/#legacy-openssl for details.");
-    ["legacy", "default"].into_iter().map(|provider_name| {
-        Provider::try_load(None, provider_name, true)
-            .map(|provider| {
-                info!(message = "Loaded openssl provider.", provider = provider_name);
-                provider
-            })
-            .map_err(|error| {
-                error!(message = "Failed to load openssl provider.", provider = provider_name, %error);
-                exitcode::UNAVAILABLE
-            })
-    }).collect()
-}

src/cli.rs

@@ -197,18 +197,6 @@ pub struct RootOpts {
     )]
     pub allocation_tracing_reporting_interval_ms: u64,
 
-    /// Load the OpenSSL legacy provider.
-    #[arg(
-        long,
-        env = "VECTOR_OPENSSL_LEGACY_PROVIDER",
-        default_value = "false",
-        default_missing_value = "false",
-        num_args = 0..=1,
-        require_equals = true,
-        action = ArgAction::Set
-    )]
-    pub openssl_legacy_provider: bool,
-
     /// Disable probing and configuration of root certificate locations on the system for OpenSSL.
     ///
     /// The probe functionality manipulates the `SSL_CERT_FILE` and `SSL_CERT_DIR` environment variables

website/content/en/highlights/2023-11-07-0-34-0-upgrade-guide.md

@@ -16,6 +16,7 @@ Vector's 0.34.0 release includes **breaking changes**:
 1. [Removal of Deprecated Metrics Replaced by `component_errors_total`](#deprecated-component-errors-total-metrics)
 1. [Removal of `peer_addr` Metric Tag](#remove-peer-addr)
 1. [Blackhole sink no longer reports by default](#blackhole-sink-reporting)
+1. [Remove direct OpenSSL legacy provider support](#openssl-legacy-provider)
 
 
 We cover them below to help you upgrade quickly:
@@ -91,3 +92,12 @@ The `peer_addr` tag has been removed from the `component_received_bytes_total` i
 The `blackhole` sink no longer reports events processed every second by default. Instead this
 behavior can be opted into by setting `print_interval_secs` to `1` (or any other integer). This
 change was made due to users being surprised that this sink generates output by default.
+
+#### Remove direct OpenSSL legacy provider support {#openssl-legacy-provider}
+
+In this release, we drop support for enabling the OpenSSL legacy provider via
+`--openssl-legacy-provider` (and its environment variable: `VECTOR_OPENSSL_LEGACY_PROVIDER`). This
+flag was deprecated in v0.33.0.
+
+The legacy OpenSSL provider (and other providers than the default provider) can still be enabled if
+desired through [options in OpenSSL's configuration](/docs/reference/configuration/tls)

website/cue/reference/cli.cue

@@ -113,10 +113,6 @@ cli: {
 			description: env_vars.VECTOR_NO_GRACEFUL_SHUTDOWN_LIMIT.description
 			env_var:     "VECTOR_NO_GRACEFUL_SHUTDOWN_LIMIT"
 		}
-		"openssl-legacy-provider": {
-			description: env_vars.VECTOR_OPENSSL_LEGACY_PROVIDER.description
-			env_var:     "VECTOR_OPENSSL_LEGACY_PROVIDER"
-		}
 		"openssl-no-probe": {
 			description: env_vars.VECTOR_OPENSSL_NO_PROBE.description
 			env_var:     "VECTOR_OPENSSL_NO_PROBE"
@@ -636,10 +632,6 @@ cli: {
 			description: "Never time out while waiting for graceful shutdown after SIGINT or SIGTERM received. This is useful when you would like for Vector to attempt to send data until terminated by a SIGKILL. Overrides/cannot be set with `--graceful-shutdown-limit-secs`."
 			type: bool: default: false
 		}
-		VECTOR_OPENSSL_LEGACY_PROVIDER: {
-			description: "Load the OpenSSL legacy provider."
-			type: bool: default: false
-		}
 		VECTOR_OPENSSL_NO_PROBE: {
 			description: """
 				Disable probing and configuration of root certificate locations on the system for OpenSSL.

website/cue/reference/releases/0.33.1.cue

@@ -41,9 +41,9 @@ releases: "0.33.1": {
 		},
 		{
 			type: "fix"
-			scopes: ["kafka source"]
+			scopes: ["kafka sink"]
 			description: """
-				A performance regression in the `kafka` source was corrected.
+				A performance regression in the `kafka` sink was corrected.
 				"""
 			pr_numbers: [18770]
 		},