Update IRIS and GELF alerter and tests

CHANGELOG.md

@@ -13,6 +13,7 @@
 - [Docs] Extend FAQ / troubleshooting section with information on Elasticsearch RBAC - [#1324](https://github.com/jertel/elastalert2/pull/1324) - @chr-b
 - Upgrade to Python 3.12 - [#1327](https://github.com/jertel/elastalert2/pull/1327) - @jertel
 - Support hourly index patterns - [#1328](https://github.com/jertel/elastalert2/pull/1328) - @jmacdone
+- Correction in IRIS and GELF alerter [#1331](https://github.com/jertel/elastalert2/pull/1331) - @malinkinsa
 
 # 2.15.0
 

docs/source/ruletypes.rst

@@ -2576,9 +2576,9 @@ Optional:
 
 ``gelf_http_headers``: Additional headers. (Only used if gelf_type=http)
 
-``gelf_ca_cert``: Path to custom CA certificate.
+``gelf_ca_cert``: Set this option to True or a path to a CA cert bundle or directory (eg: /etc/ssl/certs/ca-certificates.crt) to validate the SSL certificate.The default value is: False.
 
-``gelf_http_ignore_ssl_errors``: Ignore ssl error. (Only used if gelf_type=http)
+``gelf_http_ignore_ssl_errors``: Ignore ssl error. (Only used if gelf_type=http).The default value is: False.
 
 ``gelf_timeout``: Custom timeout.
 
@@ -2727,7 +2727,7 @@ The alerter requires the following option:
 
 Optional:
 
-``iris_ca_cert``: Path to custom CA certificate.
+``iris_ca_cert``: Set this option to True or a path to a CA cert bundle or directory (eg: /etc/ssl/certs/ca-certificates.crt) to validate the SSL certificate.The default value is: False.
 
 ``iris_ignore_ssl_errors``: Ignore ssl error. The default value is: ``False``.
 

elastalert/alerters/gelf.py

@@ -31,7 +31,7 @@ def __init__(self, rule):
         self.gelf_version = self.rule.get('gelf_version', '1.1')
         self.gelf_log_level = self.rule.get('gelf_log_level', 5)
         self.additional_headers = self.rule.get('gelf_http_headers')
-        self.ca_cert = self.rule.get('gelf_ca_cert', False)
+        self.ca_cert = self.rule.get('gelf_ca_cert')
         self.http_ignore_ssl_errors = self.rule.get('gelf_http_ignore_ssl_errors', False)
         self.timeout = self.rule.get('gelf_timeout', 30)
 
@@ -43,7 +43,7 @@ def send_http(self, gelf_msg):
         if self.ca_cert:
             verify = self.ca_cert
         else:
-            verify = False
+            verify = not self.http_ignore_ssl_errors
 
         if self.http_ignore_ssl_errors:
             requests.packages.urllib3.disable_warnings()

elastalert/alerters/iris.py

@@ -16,7 +16,7 @@ def __init__(self, rule):
         self.url = f"https://{self.rule.get('iris_host')}"
         self.api_token = self.rule.get('iris_api_token')
         self.customer_id = self.rule.get('iris_customer_id')
-        self.ca_cert = self.rule.get('iris_ca_cert', False)
+        self.ca_cert = self.rule.get('iris_ca_cert')
         self.ignore_ssl_errors = self.rule.get('iris_ignore_ssl_errors', False)
         self.description = self.rule.get('iris_description', None)
         self.overwrite_timestamp = self.rule.get('iris_overwrite_timestamp', False)
@@ -113,7 +113,7 @@ def alert(self, matches):
         if self.ca_cert:
             verify = self.ca_cert
         else:
-            verify = False
+            verify = not self.ignore_ssl_errors
 
         if self.ignore_ssl_errors:
             requests.packages.urllib3.disable_warnings()

elastalert/schema.yaml

@@ -511,7 +511,7 @@ properties:
             required: [ field ]
             properties:
               field: { type: string, minLength: 1 }
-  gelf_ca_cert: {type: string}
+  gelf_ca_cert: {type: [boolean, string]}
   gelf_http_ignore_ssl_errors: {type: boolean}
   gelf_timeout: {type: integer}
 
@@ -544,7 +544,7 @@ properties:
   iris_type: {type: string, enum: ['alert', 'case']}
   iris_customer_id: {type: integer}
   iris_ignore_ssl_errors: {type: boolean}
-  iris_ca_cert: {type: string}
+  iris_ca_cert: {type: [boolean, string]}
   iris_overwrite_timestamp: {type: boolean}
   iris_case_template_id: {type: integer}
   iris_description: {type: string}

tests/alerters/gelf_test.py

@@ -41,7 +41,7 @@ def test_gelf_sent_http(caplog):
         url=rule['gelf_endpoint'],
         headers={'Content-Type': 'application/json'},
         json=mock.ANY,
-        verify=False,
+        verify=True,
         timeout=30,
     )
 

tests/alerters/iris_test.py

@@ -406,7 +406,7 @@ def test_iris_alert_alert(caplog):
             'Authorization': f'Bearer {rule["iris_api_token"]}'
         },
         json=mock.ANY,
-        verify=False,
+        verify=True,
     )
 
     assert expected_data == mock_post_request.call_args_list[0][1]['json']