elastic
diff --git a/‎docker/Makefile‎
Lines changed: 8 additions & 11 deletions b/‎docker/Makefile‎
Lines changed: 8 additions & 11 deletions
diff --git a/‎docker/data/logstash/env2yaml/Env2Yaml.java‎
Lines changed: 193 additions & 0 deletions b/‎docker/data/logstash/env2yaml/Env2Yaml.java‎
Lines changed: 193 additions & 0 deletions
diff --git a/‎docker/data/logstash/env2yaml/env2yaml‎
Lines changed: 8 additions & 0 deletions b/‎docker/data/logstash/env2yaml/env2yaml‎
Lines changed: 8 additions & 0 deletions
@@ -69,7 +69,7 @@ build-from-local-observability-sre-artifacts: dockerfile
 
 COPY_FILES := $(ARTIFACTS_DIR)/docker/config/pipelines.yml $(ARTIFACTS_DIR)/docker/config/logstash-oss.yml $(ARTIFACTS_DIR)/docker/config/logstash-full.yml
 COPY_FILES += $(ARTIFACTS_DIR)/docker/config/log4j2.file.properties $(ARTIFACTS_DIR)/docker/config/log4j2.properties
-COPY_FILES += $(ARTIFACTS_DIR)/docker/env2yaml/env2yaml.go $(ARTIFACTS_DIR)/docker/env2yaml/go.mod $(ARTIFACTS_DIR)/docker/env2yaml/go.sum
+COPY_FILES += $(ARTIFACTS_DIR)/docker/env2yaml/Env2Yaml.java $(ARTIFACTS_DIR)/docker/env2yaml/env2yaml
 COPY_FILES += $(ARTIFACTS_DIR)/docker/pipeline/default.conf $(ARTIFACTS_DIR)/docker/bin/docker-entrypoint
 
 $(ARTIFACTS_DIR)/docker/config/pipelines.yml: data/logstash/config/pipelines.yml
@@ -79,9 +79,8 @@ $(ARTIFACTS_DIR)/docker/config/log4j2.file.properties: data/logstash/config/log4
 $(ARTIFACTS_DIR)/docker/config/log4j2.properties: data/logstash/config/log4j2.properties
 $(ARTIFACTS_DIR)/docker/pipeline/default.conf: data/logstash/pipeline/default.conf
 $(ARTIFACTS_DIR)/docker/bin/docker-entrypoint: data/logstash/bin/docker-entrypoint
-$(ARTIFACTS_DIR)/docker/env2yaml/env2yaml.go: data/logstash/env2yaml/env2yaml.go
-$(ARTIFACTS_DIR)/docker/env2yaml/go.mod: data/logstash/env2yaml/go.mod
-$(ARTIFACTS_DIR)/docker/env2yaml/go.sum: data/logstash/env2yaml/go.sum
+$(ARTIFACTS_DIR)/docker/env2yaml/Env2Yaml.java: data/logstash/env2yaml/Env2Yaml.java
+$(ARTIFACTS_DIR)/docker/env2yaml/env2yaml: data/logstash/env2yaml/env2yaml
 
 $(ARTIFACTS_DIR)/docker/%:
 	cp -f $< $@
@@ -95,19 +94,17 @@ docker_paths:
 
 COPY_IRONBANK_FILES := $(ARTIFACTS_DIR)/ironbank/scripts/config/pipelines.yml $(ARTIFACTS_DIR)/ironbank/scripts/config/logstash.yml
 COPY_IRONBANK_FILES += $(ARTIFACTS_DIR)/ironbank/scripts/config/log4j2.file.properties $(ARTIFACTS_DIR)/ironbank/scripts/config/log4j2.properties
-COPY_IRONBANK_FILES += $(ARTIFACTS_DIR)/ironbank/scripts/pipeline/default.conf $(ARTIFACTS_DIR)/ironbank/scripts/bin/docker-entrypoint $(ARTIFACTS_DIR)/ironbank/scripts/go/src/env2yaml/env2yaml.go
-COPY_IRONBANK_FILES += $(ARTIFACTS_DIR)/ironbank/scripts/go/src/env2yaml/go.mod $(ARTIFACTS_DIR)/ironbank/scripts/go/src/env2yaml/go.sum $(ARTIFACTS_DIR)/ironbank/scripts/go/src/env2yaml/vendor/modules.txt $(ARTIFACTS_DIR)/ironbank/LICENSE $(ARTIFACTS_DIR)/ironbank/README.md
+COPY_IRONBANK_FILES += $(ARTIFACTS_DIR)/ironbank/scripts/pipeline/default.conf $(ARTIFACTS_DIR)/ironbank/scripts/bin/docker-entrypoint $(ARTIFACTS_DIR)/ironbank/scripts/java/Env2Yaml.java
+COPY_IRONBANK_FILES += $(ARTIFACTS_DIR)/ironbank/scripts/java/env2yaml $(ARTIFACTS_DIR)/ironbank/LICENSE $(ARTIFACTS_DIR)/ironbank/README.md
 
 $(ARTIFACTS_DIR)/ironbank/scripts/config/pipelines.yml: data/logstash/config/pipelines.yml
 $(ARTIFACTS_DIR)/ironbank/scripts/config/logstash.yml: data/logstash/config/logstash-full.yml
 $(ARTIFACTS_DIR)/ironbank/scripts/config/log4j2.file.properties: data/logstash/config/log4j2.file.properties
 $(ARTIFACTS_DIR)/ironbank/scripts/config/log4j2.properties: data/logstash/config/log4j2.properties
 $(ARTIFACTS_DIR)/ironbank/scripts/pipeline/default.conf: data/logstash/pipeline/default.conf
 $(ARTIFACTS_DIR)/ironbank/scripts/bin/docker-entrypoint: data/logstash/bin/docker-entrypoint
-$(ARTIFACTS_DIR)/ironbank/scripts/go/src/env2yaml/env2yaml.go: data/logstash/env2yaml/env2yaml.go
-$(ARTIFACTS_DIR)/ironbank/scripts/go/src/env2yaml/go.mod: ironbank/go/src/env2yaml/go.mod
-$(ARTIFACTS_DIR)/ironbank/scripts/go/src/env2yaml/go.sum: ironbank/go/src/env2yaml/go.sum
-$(ARTIFACTS_DIR)/ironbank/scripts/go/src/env2yaml/vendor/modules.txt: ironbank/go/src/env2yaml/vendor/modules.txt
+$(ARTIFACTS_DIR)/ironbank/scripts/java/Env2Yaml.java: data/logstash/env2yaml/Env2Yaml.java
+$(ARTIFACTS_DIR)/ironbank/scripts/java/env2yaml: data/logstash/env2yaml/env2yaml
 $(ARTIFACTS_DIR)/ironbank/LICENSE: ironbank/LICENSE
 $(ARTIFACTS_DIR)/ironbank/README.md: ironbank/README.md
 
@@ -119,7 +116,7 @@ ironbank_docker_paths:
 	mkdir -p $(ARTIFACTS_DIR)/ironbank/scripts
 	mkdir -p $(ARTIFACTS_DIR)/ironbank/scripts/bin
 	mkdir -p $(ARTIFACTS_DIR)/ironbank/scripts/config
-	mkdir -p $(ARTIFACTS_DIR)/ironbank/scripts/go/src/env2yaml/vendor
+	mkdir -p $(ARTIFACTS_DIR)/ironbank/scripts/java
 	mkdir -p $(ARTIFACTS_DIR)/ironbank/scripts/pipeline
 
 public-dockerfiles: public-dockerfiles_oss public-dockerfiles_full public-dockerfiles_wolfi public-dockerfiles_observability-sre public-dockerfiles_ironbank
 
@@ -0,0 +1,193 @@
+import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.DumperOptions;
+import java.io.*;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.*;
+import java.nio.file.attribute.*;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.*;
+
+/**
+ * Environment variable to YAML configuration merger
+ *
+ * Takes environment variables and merges them into logstash.yml
+ * Example: docker run -e pipeline.workers=6
+ * or: docker run -e PIPELINE_WORKERS=6
+ * Result: pipeline.workers: 6 in logstash.yml
+ */
+public class Env2Yaml {
+    private static final DateTimeFormatter TIMESTAMP_FORMAT = DateTimeFormatter.ofPattern("yyyy/MM/dd HH:mm:ss");
+    private static class SettingValidator {
+        private final Map<String, String> normalizedToCanonical;
+
+        public SettingValidator() {
+            this.normalizedToCanonical = buildSettingMap();
+        }
+
+        private Map<String, String> buildSettingMap() {
+            Map<String, String> map = new HashMap<>();
+            String[] allowedConfigs = {
+                "api.enabled", "api.http.host", "api.http.port", "api.environment",
+                "node.name", "path.data", "pipeline.id", "pipeline.workers",
+                "pipeline.output.workers", "pipeline.batch.size", "pipeline.batch.delay",
+                "pipeline.unsafe_shutdown", "pipeline.ecs_compatibility", "pipeline.ordered",
+                "pipeline.plugin_classloaders", "pipeline.separate_logs", "path.config",
+                "config.string", "config.test_and_exit", "config.reload.automatic",
+                "config.reload.interval", "config.debug", "config.support_escapes",
+                "config.field_reference.escape_style", "queue.type", "path.queue",
+                "queue.page_capacity", "queue.max_events", "queue.max_bytes",
+                "queue.checkpoint.acks", "queue.checkpoint.writes", "queue.checkpoint.interval",
+                "queue.compression", "queue.drain", "dead_letter_queue.enable",
+                "dead_letter_queue.max_bytes", "dead_letter_queue.flush_interval",
+                "dead_letter_queue.storage_policy", "dead_letter_queue.retain.age",
+                "path.dead_letter_queue", "log.level", "log.format",
+                "log.format.json.fix_duplicate_message_fields", "metric.collect",
+                "path.logs", "path.plugins", "api.auth.type", "api.auth.basic.username",
+                "api.auth.basic.password", "api.auth.basic.password_policy.mode",
+                "api.auth.basic.password_policy.length.minimum", "api.auth.basic.password_policy.include.upper",
+                "api.auth.basic.password_policy.include.lower", "api.auth.basic.password_policy.include.digit",
+                "api.auth.basic.password_policy.include.symbol", "allow_superuser",
+                "monitoring.cluster_uuid", "xpack.monitoring.allow_legacy_collection",
+                "xpack.monitoring.enabled", "xpack.monitoring.collection.interval",
+                "xpack.monitoring.elasticsearch.hosts", "xpack.monitoring.elasticsearch.username",
+                "xpack.monitoring.elasticsearch.password", "xpack.monitoring.elasticsearch.proxy",
+                "xpack.monitoring.elasticsearch.api_key", "xpack.monitoring.elasticsearch.cloud_auth",
+                "xpack.monitoring.elasticsearch.cloud_id", "xpack.monitoring.elasticsearch.sniffing",
+                "xpack.monitoring.elasticsearch.ssl.certificate_authority", "xpack.monitoring.elasticsearch.ssl.ca_trusted_fingerprint",
+                "xpack.monitoring.elasticsearch.ssl.verification_mode", "xpack.monitoring.elasticsearch.ssl.truststore.path",
+                "xpack.monitoring.elasticsearch.ssl.truststore.password", "xpack.monitoring.elasticsearch.ssl.keystore.path",
+                "xpack.monitoring.elasticsearch.ssl.keystore.password", "xpack.monitoring.elasticsearch.ssl.certificate",
+                "xpack.monitoring.elasticsearch.ssl.key", "xpack.monitoring.elasticsearch.ssl.cipher_suites",
+                "xpack.management.enabled", "xpack.management.logstash.poll_interval",
+                "xpack.management.pipeline.id", "xpack.management.elasticsearch.hosts",
+                "xpack.management.elasticsearch.username", "xpack.management.elasticsearch.password",
+                "xpack.management.elasticsearch.proxy", "xpack.management.elasticsearch.api_key",
+                "xpack.management.elasticsearch.cloud_auth", "xpack.management.elasticsearch.cloud_id",
+                "xpack.management.elasticsearch.sniffing", "xpack.management.elasticsearch.ssl.certificate_authority",
+                "xpack.management.elasticsearch.ssl.ca_trusted_fingerprint", "xpack.management.elasticsearch.ssl.verification_mode",
+                "xpack.management.elasticsearch.ssl.truststore.path", "xpack.management.elasticsearch.ssl.truststore.password",
+                "xpack.management.elasticsearch.ssl.keystore.path", "xpack.management.elasticsearch.ssl.keystore.password",
+                "xpack.management.elasticsearch.ssl.certificate", "xpack.management.elasticsearch.ssl.key",
+                "xpack.management.elasticsearch.ssl.cipher_suites", "xpack.geoip.download.endpoint",
+                "xpack.geoip.downloader.enabled"
+            };
+
+            for (String configName : allowedConfigs) {
+                String normalizedKey = normalizeKey(configName);
+                map.put(normalizedKey, configName);
+            }
+            return map;
+        }
+
+        public String findCanonicalSetting(String envVarName) {
+            String normalized = normalizeKey(envVarName);
+            return normalizedToCanonical.get(normalized);
+        }
+    }
+
+    private static String normalizeKey(String key) {
+        return key.toLowerCase()
+                 .replace(".", "")
+                 .replace("_", "");
+    }
+
+    public static void main(String[] args) {
+        if (args.length != 1) {
+            System.err.println("usage: env2yaml FILENAME");
+            System.exit(1);
+        }
+
+        try {
+            new Env2Yaml().processConfigFile(args[0]);
+        } catch (Exception e) {
+            System.err.println("error: " + e.getMessage());
+            System.exit(1);
+        }
+    }
+
+    private void processConfigFile(String configPath) throws Exception {
+        Path fileLocation = Paths.get(configPath);
+        Yaml yamlProcessor = new Yaml();
+
+        Map<String, Object> configData = loadExistingConfig(fileLocation, yamlProcessor);
+
+        SettingValidator validator = new SettingValidator();
+        boolean addedNewConfigs = incorporateEnvironmentVars(configData, validator);
+
+        if (addedNewConfigs) {
+            saveUpdatedConfig(fileLocation, yamlProcessor, configData);
+        }
+    }
+
+    @SuppressWarnings("unchecked")
+    private Map<String, Object> loadExistingConfig(Path fileLocation, Yaml yamlProcessor) throws Exception {
+        if (!Files.exists(fileLocation)) {
+            return new HashMap<>();
+        }
+
+        try (InputStream fileInput = Files.newInputStream(fileLocation)) {
+            Object parsedData = yamlProcessor.load(fileInput);
+            return parsedData instanceof Map ? (Map<String, Object>) parsedData : new HashMap<>();
+        }
+    }
+
+    private boolean incorporateEnvironmentVars(Map<String, Object> configData, SettingValidator validator) {
+        boolean addedNewConfigs = false;
+
+        for (Map.Entry<String, String> envEntry : System.getenv().entrySet()) {
+            String envVarName = envEntry.getKey();
+            String envValue = envEntry.getValue();
+            // Skip empty values like Go version does
+            if (envValue == null || envValue.trim().isEmpty()) {
+                continue;
+            }
+            String canonicalSetting = validator.findCanonicalSetting(envVarName);
+
+            if (canonicalSetting != null) {
+                addedNewConfigs = true;
+                System.err.println(LocalDateTime.now().format(TIMESTAMP_FORMAT) + " Setting '" + canonicalSetting + "' from environment.");
+                configData.put(canonicalSetting, "${" + envVarName + "}");
+            }
+        }
+
+        return addedNewConfigs;
+    }
+
+    private void saveUpdatedConfig(Path fileLocation, Yaml yamlProcessor, Map<String, Object> configData) throws Exception {
+        // Configure YAML output to match Go version formatting (block style)
+        DumperOptions options = new DumperOptions();
+        options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
+        options.setPrettyFlow(true);
+        options.setIndent(2);
+
+        Yaml blockYaml = new Yaml(options);
+        String yamlOutput = blockYaml.dump(configData);
+
+        Set<PosixFilePermission> existingPermissions = getFilePermissions(fileLocation);
+
+        Files.write(fileLocation, yamlOutput.getBytes(StandardCharsets.UTF_8), StandardOpenOption.WRITE, StandardOpenOption.TRUNCATE_EXISTING);
+
+        applyFilePermissions(fileLocation, existingPermissions);
+    }
+
+    private Set<PosixFilePermission> getFilePermissions(Path fileLocation) {
+        try {
+            return Files.getPosixFilePermissions(fileLocation);
+        } catch (UnsupportedOperationException e) {
+            return null;
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    private void applyFilePermissions(Path fileLocation, Set<PosixFilePermission> existingPermissions) {
+        if (existingPermissions != null) {
+            try {
+                Files.setPosixFilePermissions(fileLocation, existingPermissions);
+            } catch (Exception e) {
+                // Ignore failures
+            }
+        }
+    }
+}
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Execute Java env2yaml using Logstash's bundled JDK and SnakeYAML
+# The .class file is compiled during Docker build and placed in /usr/local/bin
+
+exec /usr/share/logstash/jdk/bin/java \
+    -cp "/usr/share/logstash/logstash-core/lib/jars/*:/usr/local/bin" \
+    Env2Yaml "$@"