fluent-plugin-opensearch 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. checksums.yaml +7 -0
  2. data/.coveralls.yml +1 -0
  3. data/.editorconfig +9 -0
  4. data/.github/ISSUE_TEMPLATE/bug_report.md +37 -0
  5. data/.github/ISSUE_TEMPLATE/feature_request.md +24 -0
  6. data/.github/workflows/coverage.yaml +22 -0
  7. data/.github/workflows/issue-auto-closer.yml +12 -0
  8. data/.github/workflows/linux.yml +26 -0
  9. data/.github/workflows/macos.yml +26 -0
  10. data/.github/workflows/windows.yml +26 -0
  11. data/.gitignore +18 -0
  12. data/CONTRIBUTING.md +24 -0
  13. data/Gemfile +10 -0
  14. data/History.md +6 -0
  15. data/ISSUE_TEMPLATE.md +26 -0
  16. data/LICENSE.txt +201 -0
  17. data/PULL_REQUEST_TEMPLATE.md +9 -0
  18. data/README.OpenSearchGenID.md +116 -0
  19. data/README.OpenSearchInput.md +291 -0
  20. data/README.Troubleshooting.md +482 -0
  21. data/README.md +1556 -0
  22. data/Rakefile +37 -0
  23. data/fluent-plugin-opensearch.gemspec +38 -0
  24. data/gemfiles/Gemfile.elasticsearch.v6 +12 -0
  25. data/lib/fluent/log-ext.rb +64 -0
  26. data/lib/fluent/plugin/filter_opensearch_genid.rb +103 -0
  27. data/lib/fluent/plugin/in_opensearch.rb +351 -0
  28. data/lib/fluent/plugin/oj_serializer.rb +48 -0
  29. data/lib/fluent/plugin/opensearch_constants.rb +39 -0
  30. data/lib/fluent/plugin/opensearch_error.rb +31 -0
  31. data/lib/fluent/plugin/opensearch_error_handler.rb +166 -0
  32. data/lib/fluent/plugin/opensearch_fallback_selector.rb +36 -0
  33. data/lib/fluent/plugin/opensearch_index_template.rb +155 -0
  34. data/lib/fluent/plugin/opensearch_simple_sniffer.rb +36 -0
  35. data/lib/fluent/plugin/opensearch_tls.rb +96 -0
  36. data/lib/fluent/plugin/out_opensearch.rb +1124 -0
  37. data/lib/fluent/plugin/out_opensearch_data_stream.rb +214 -0
  38. data/test/helper.rb +61 -0
  39. data/test/plugin/test_alias_template.json +9 -0
  40. data/test/plugin/test_filter_opensearch_genid.rb +241 -0
  41. data/test/plugin/test_in_opensearch.rb +493 -0
  42. data/test/plugin/test_index_alias_template.json +11 -0
  43. data/test/plugin/test_index_template.json +25 -0
  44. data/test/plugin/test_oj_serializer.rb +45 -0
  45. data/test/plugin/test_opensearch_error_handler.rb +689 -0
  46. data/test/plugin/test_opensearch_fallback_selector.rb +100 -0
  47. data/test/plugin/test_opensearch_tls.rb +171 -0
  48. data/test/plugin/test_out_opensearch.rb +3953 -0
  49. data/test/plugin/test_out_opensearch_data_stream.rb +474 -0
  50. data/test/plugin/test_template.json +23 -0
  51. data/test/test_log-ext.rb +61 -0
  52. metadata +262 -0
@@ -0,0 +1,31 @@
1
+ # SPDX-License-Identifier: Apache-2.0
2
+ #
3
+ # The fluent-plugin-opensearch Contributors require contributions made to
4
+ # this file be licensed under the Apache-2.0 license or a
5
+ # compatible open source license.
6
+ #
7
+ # Modifications Copyright fluent-plugin-opensearch Contributors. See
8
+ # GitHub history for details.
9
+ #
10
+ # Licensed to Uken Inc. under one or more contributor
11
+ # license agreements. See the NOTICE file distributed with
12
+ # this work for additional information regarding copyright
13
+ # ownership. Uken Inc. licenses this file to you under
14
+ # the Apache License, Version 2.0 (the "License"); you may
15
+ # not use this file except in compliance with the License.
16
+ # You may obtain a copy of the License at
17
+ #
18
+ # http://www.apache.org/licenses/LICENSE-2.0
19
+ #
20
+ # Unless required by applicable law or agreed to in writing,
21
+ # software distributed under the License is distributed on an
22
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
23
+ # KIND, either express or implied. See the License for the
24
+ # specific language governing permissions and limitations
25
+ # under the License.
26
+
27
+ require 'fluent/error'
28
+
29
+ class Fluent::Plugin::OpenSearchError
30
+ class RetryableOperationExhaustedFailure < Fluent::UnrecoverableError; end
31
+ end
@@ -0,0 +1,166 @@
1
+ # SPDX-License-Identifier: Apache-2.0
2
+ #
3
+ # The fluent-plugin-opensearch Contributors require contributions made to
4
+ # this file be licensed under the Apache-2.0 license or a
5
+ # compatible open source license.
6
+ #
7
+ # Modifications Copyright fluent-plugin-opensearch Contributors. See
8
+ # GitHub history for details.
9
+ #
10
+ # Licensed to Uken Inc. under one or more contributor
11
+ # license agreements. See the NOTICE file distributed with
12
+ # this work for additional information regarding copyright
13
+ # ownership. Uken Inc. licenses this file to you under
14
+ # the Apache License, Version 2.0 (the "License"); you may
15
+ # not use this file except in compliance with the License.
16
+ # You may obtain a copy of the License at
17
+ #
18
+ # http://www.apache.org/licenses/LICENSE-2.0
19
+ #
20
+ # Unless required by applicable law or agreed to in writing,
21
+ # software distributed under the License is distributed on an
22
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
23
+ # KIND, either express or implied. See the License for the
24
+ # specific language governing permissions and limitations
25
+ # under the License.
26
+
27
+ require 'fluent/event'
28
+ require 'fluent/error'
29
+ require_relative 'opensearch_constants'
30
+
31
+ class Fluent::Plugin::OpenSearchErrorHandler
32
+ include Fluent::Plugin::OpenSearchConstants
33
+
34
+ attr_accessor :bulk_message_count
35
+ class OpenSearchVersionMismatch < Fluent::UnrecoverableError; end
36
+ class OpenSearchSubmitMismatch < Fluent::UnrecoverableError; end
37
+ class OpenSearchRequestAbortError < Fluent::UnrecoverableError; end
38
+ class OpenSearchError < StandardError; end
39
+
40
+ def initialize(plugin)
41
+ @plugin = plugin
42
+ end
43
+
44
+ def unrecoverable_error_types
45
+ @plugin.unrecoverable_error_types
46
+ end
47
+
48
+ def unrecoverable_error?(type)
49
+ unrecoverable_error_types.include?(type)
50
+ end
51
+
52
+ def unrecoverable_record_error?(type)
53
+ ['json_parse_exception'].include?(type)
54
+ end
55
+
56
+ def log_os_400_reason(&block)
57
+ if @plugin.log_os_400_reason
58
+ block.call
59
+ else
60
+ @plugin.log.on_debug(&block)
61
+ end
62
+ end
63
+
64
+ def handle_error(response, tag, chunk, bulk_message_count, extracted_values)
65
+ items = response['items']
66
+ if items.nil? || !items.is_a?(Array)
67
+ raise OpenSearchVersionMismatch, "The response format was unrecognized: #{response}"
68
+ end
69
+ if bulk_message_count != items.length
70
+ raise OpenSearchSubmitMismatch, "The number of records submitted #{bulk_message_count} do not match the number returned #{items.length}. Unable to process bulk response."
71
+ end
72
+ retry_stream = Fluent::MultiEventStream.new
73
+ stats = Hash.new(0)
74
+ meta = {}
75
+ header = {}
76
+ affinity_target_indices = @plugin.get_affinity_target_indices(chunk)
77
+ chunk.msgpack_each do |time, rawrecord|
78
+ bulk_message = ''
79
+ next unless rawrecord.is_a? Hash
80
+ begin
81
+ # we need a deep copy for process_message to alter
82
+ processrecord = Marshal.load(Marshal.dump(rawrecord))
83
+ meta, header, record = @plugin.process_message(tag, meta, header, time, processrecord, affinity_target_indices, extracted_values)
84
+ next unless @plugin.append_record_to_messages(@plugin.write_operation, meta, header, record, bulk_message)
85
+ rescue => e
86
+ @plugin.log.debug("Exception in error handler during deep copy: #{e}")
87
+ stats[:bad_chunk_record] += 1
88
+ next
89
+ end
90
+ item = items.shift
91
+ if item.is_a?(Hash) && item.has_key?(@plugin.write_operation)
92
+ write_operation = @plugin.write_operation
93
+ elsif INDEX_OP == @plugin.write_operation && item.is_a?(Hash) && item.has_key?(CREATE_OP)
94
+ write_operation = CREATE_OP
95
+ elsif UPSERT_OP == @plugin.write_operation && item.is_a?(Hash) && item.has_key?(UPDATE_OP)
96
+ write_operation = UPDATE_OP
97
+ elsif item.nil?
98
+ stats[:errors_nil_resp] += 1
99
+ next
100
+ else
101
+ # When we don't have an expected ops field, something changed in the API
102
+ # expected return values.
103
+ stats[:errors_bad_resp] += 1
104
+ next
105
+ end
106
+ if item[write_operation].has_key?('status')
107
+ status = item[write_operation]['status']
108
+ else
109
+ # When we don't have a status field, something changed in the API
110
+ # expected return values.
111
+ stats[:errors_bad_resp] += 1
112
+ next
113
+ end
114
+ case
115
+ when [200, 201].include?(status)
116
+ stats[:successes] += 1
117
+ when CREATE_OP == write_operation && 409 == status
118
+ stats[:duplicates] += 1
119
+ when 400 == status
120
+ stats[:bad_argument] += 1
121
+ reason = ""
122
+ log_os_400_reason do
123
+ if item[write_operation].has_key?('error') && item[write_operation]['error'].has_key?('type')
124
+ reason = " [error type]: #{item[write_operation]['error']['type']}"
125
+ end
126
+ if item[write_operation].has_key?('error') && item[write_operation]['error'].has_key?('reason')
127
+ reason += " [reason]: \'#{item[write_operation]['error']['reason']}\'"
128
+ end
129
+ end
130
+ @plugin.router.emit_error_event(tag, time, rawrecord, OpenSearchError.new("400 - Rejected by OpenSearch#{reason}"))
131
+ else
132
+ if item[write_operation]['error'].is_a?(String)
133
+ reason = item[write_operation]['error']
134
+ stats[:errors_block_resp] += 1
135
+ @plugin.router.emit_error_event(tag, time, rawrecord, OpenSearchError.new("#{status} - #{reason}"))
136
+ next
137
+ elsif item[write_operation].has_key?('error') && item[write_operation]['error'].has_key?('type')
138
+ type = item[write_operation]['error']['type']
139
+ stats[type] += 1
140
+ if unrecoverable_error?(type)
141
+ raise OpenSearchRequestAbortError, "Rejected OpenSearch due to #{type}"
142
+ end
143
+ if unrecoverable_record_error?(type)
144
+ @plugin.router.emit_error_event(tag, time, rawrecord, OpenSearchError.new("#{status} - #{type}: #{reason}"))
145
+ next
146
+ else
147
+ retry_stream.add(time, rawrecord) unless unrecoverable_record_error?(type)
148
+ end
149
+ else
150
+ # When we don't have a type field, something changed in the API
151
+ # expected return values.
152
+ stats[:errors_bad_resp] += 1
153
+ @plugin.router.emit_error_event(tag, time, rawrecord, OpenSearchError.new("#{status} - No error type provided in the response"))
154
+ next
155
+ end
156
+ stats[type] += 1
157
+ end
158
+ end
159
+ @plugin.log.on_debug do
160
+ msg = ["Indexed (op = #{@plugin.write_operation})"]
161
+ stats.each_pair { |key, value| msg << "#{value} #{key}" }
162
+ @plugin.log.debug msg.join(', ')
163
+ end
164
+ raise Fluent::Plugin::OpenSearchOutput::RetryStreamError.new(retry_stream) unless retry_stream.empty?
165
+ end
166
+ end
@@ -0,0 +1,36 @@
1
+ # SPDX-License-Identifier: Apache-2.0
2
+ #
3
+ # The fluent-plugin-opensearch Contributors require contributions made to
4
+ # this file be licensed under the Apache-2.0 license or a
5
+ # compatible open source license.
6
+ #
7
+ # Modifications Copyright fluent-plugin-opensearch Contributors. See
8
+ # GitHub history for details.
9
+ #
10
+ # Licensed to Uken Inc. under one or more contributor
11
+ # license agreements. See the NOTICE file distributed with
12
+ # this work for additional information regarding copyright
13
+ # ownership. Uken Inc. licenses this file to you under
14
+ # the Apache License, Version 2.0 (the "License"); you may
15
+ # not use this file except in compliance with the License.
16
+ # You may obtain a copy of the License at
17
+ #
18
+ # http://www.apache.org/licenses/LICENSE-2.0
19
+ #
20
+ # Unless required by applicable law or agreed to in writing,
21
+ # software distributed under the License is distributed on an
22
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
23
+ # KIND, either express or implied. See the License for the
24
+ # specific language governing permissions and limitations
25
+ # under the License.
26
+
27
+
28
+ require 'opensearch/transport/transport/connections/selector'
29
+
30
+ class Fluent::Plugin::OpenSearchFallbackSelector
31
+ include OpenSearch::Transport::Transport::Connections::Selector::Base
32
+
33
+ def select(options={})
34
+ connections.first
35
+ end
36
+ end
@@ -0,0 +1,155 @@
1
+ # SPDX-License-Identifier: Apache-2.0
2
+ #
3
+ # The fluent-plugin-opensearch Contributors require contributions made to
4
+ # this file be licensed under the Apache-2.0 license or a
5
+ # compatible open source license.
6
+ #
7
+ # Modifications Copyright fluent-plugin-opensearch Contributors. See
8
+ # GitHub history for details.
9
+ #
10
+ # Licensed to Uken Inc. under one or more contributor
11
+ # license agreements. See the NOTICE file distributed with
12
+ # this work for additional information regarding copyright
13
+ # ownership. Uken Inc. licenses this file to you under
14
+ # the Apache License, Version 2.0 (the "License"); you may
15
+ # not use this file except in compliance with the License.
16
+ # You may obtain a copy of the License at
17
+ #
18
+ # http://www.apache.org/licenses/LICENSE-2.0
19
+ #
20
+ # Unless required by applicable law or agreed to in writing,
21
+ # software distributed under the License is distributed on an
22
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
23
+ # KIND, either express or implied. See the License for the
24
+ # specific language governing permissions and limitations
25
+ # under the License.
26
+
27
+ require 'fluent/error'
28
+ require_relative './opensearch_error'
29
+
30
+ module Fluent::OpenSearchIndexTemplate
31
+ def get_template(template_file)
32
+ if !File.exists?(template_file)
33
+ raise "If you specify a template_name you must specify a valid template file (checked '#{template_file}')!"
34
+ end
35
+ file_contents = IO.read(template_file).gsub(/\n/,'')
36
+ JSON.parse(file_contents)
37
+ end
38
+
39
+ def get_custom_template(template_file, customize_template)
40
+ if !File.exists?(template_file)
41
+ raise "If you specify a template_name you must specify a valid template file (checked '#{template_file}')!"
42
+ end
43
+ file_contents = IO.read(template_file).gsub(/\n/,'')
44
+ customize_template.each do |key, value|
45
+ file_contents = file_contents.gsub(key,value.downcase)
46
+ end
47
+ JSON.parse(file_contents)
48
+ end
49
+
50
+ def template_exists?(name, host = nil)
51
+ if @use_legacy_template
52
+ client(host).indices.get_template(:name => name)
53
+ else
54
+ client(host).indices.get_index_template(:name => name)
55
+ end
56
+ return true
57
+ rescue OpenSearch::Transport::Transport::Errors::NotFound
58
+ return false
59
+ end
60
+
61
+ def host_unreachable_exceptions
62
+ client.transport.transport.host_unreachable_exceptions
63
+ end
64
+
65
+ def retry_operate(max_retries, fail_on_retry_exceed = true, catch_trasport_exceptions = true)
66
+ return unless block_given?
67
+ retries = 0
68
+ transport_errors = OpenSearch::Transport::Transport::Errors.constants.map{ |c| OpenSearch::Transport::Transport::Errors.const_get c } if catch_trasport_exceptions
69
+ begin
70
+ yield
71
+ rescue *host_unreachable_exceptions, *transport_errors, Timeout::Error => e
72
+ @_es = nil
73
+ @_es_info = nil
74
+ if retries < max_retries
75
+ retries += 1
76
+ wait_seconds = 2**retries
77
+ sleep wait_seconds
78
+ log.warn "Could not communicate to OpenSearch, resetting connection and trying again. #{e.message}"
79
+ log.warn "Remaining retry: #{max_retries - retries}. Retry to communicate after #{wait_seconds} second(s)."
80
+ retry
81
+ end
82
+ message = "Could not communicate to OpenSearch after #{retries} retries. #{e.message}"
83
+ log.warn message
84
+ raise Fluent::Plugin::OpenSearchError::RetryableOperationExhaustedFailure,
85
+ message if fail_on_retry_exceed
86
+ end
87
+ end
88
+
89
+ def template_put(name, template, host = nil)
90
+ if @use_legacy_template
91
+ client(host).indices.put_template(:name => name, :body => template)
92
+ else
93
+ client(host).indices.put_index_template(:name => name, :body => template)
94
+ end
95
+ end
96
+
97
+ def indexcreation(index_name, host = nil)
98
+ client(host).indices.create(:index => index_name)
99
+ rescue OpenSearch::Transport::Transport::Error => e
100
+ if e.message =~ /"already exists"/ || e.message =~ /resource_already_exists_exception/
101
+ log.debug("Index #{index_name} already exists")
102
+ else
103
+ log.error("Error while index creation - #{index_name}", error: e)
104
+ end
105
+ end
106
+
107
+ def template_install(name, template_file, overwrite, host = nil, target_index = nil, index_separator = '-')
108
+ if overwrite
109
+ template_put(name,
110
+ get_template(template_file), host)
111
+
112
+ log.debug("Template '#{name}' overwritten with #{template_file}.")
113
+ return
114
+ end
115
+ if !template_exists?(name, host)
116
+ template_put(name,
117
+ get_template(template_file), host)
118
+ log.info("Template configured, but no template installed. Installed '#{name}' from #{template_file}.")
119
+ else
120
+ log.debug("Template '#{name}' configured and already installed.")
121
+ end
122
+ end
123
+
124
+ def template_custom_install(template_name, template_file, overwrite, customize_template, host, target_index, index_separator)
125
+ custom_template = get_custom_template(template_file, customize_template)
126
+
127
+ if overwrite
128
+ template_put(template_name, custom_template, host)
129
+ log.info("Template '#{template_name}' overwritten with #{template_file}.")
130
+ else
131
+ if !template_exists?(template_name, host)
132
+ template_put(template_name, custom_template, host)
133
+ log.info("Template configured, but no template installed. Installed '#{template_name}' from #{template_file}.")
134
+ else
135
+ log.debug("Template '#{template_name}' configured and already installed.")
136
+ end
137
+ end
138
+ end
139
+
140
+ def templates_hash_install(templates, overwrite)
141
+ templates.each do |key, value|
142
+ template_install(key, value, overwrite)
143
+ end
144
+ end
145
+
146
+ def rollover_alias_payload(rollover_alias)
147
+ {
148
+ 'aliases' => {
149
+ rollover_alias => {
150
+ 'is_write_index' => true
151
+ }
152
+ }
153
+ }
154
+ end
155
+ end
@@ -0,0 +1,36 @@
1
+ # SPDX-License-Identifier: Apache-2.0
2
+ #
3
+ # The fluent-plugin-opensearch Contributors require contributions made to
4
+ # this file be licensed under the Apache-2.0 license or a
5
+ # compatible open source license.
6
+ #
7
+ # Modifications Copyright fluent-plugin-opensearch Contributors. See
8
+ # GitHub history for details.
9
+ #
10
+ # Licensed to Uken Inc. under one or more contributor
11
+ # license agreements. See the NOTICE file distributed with
12
+ # this work for additional information regarding copyright
13
+ # ownership. Uken Inc. licenses this file to you under
14
+ # the Apache License, Version 2.0 (the "License"); you may
15
+ # not use this file except in compliance with the License.
16
+ # You may obtain a copy of the License at
17
+ #
18
+ # http://www.apache.org/licenses/LICENSE-2.0
19
+ #
20
+ # Unless required by applicable law or agreed to in writing,
21
+ # software distributed under the License is distributed on an
22
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
23
+ # KIND, either express or implied. See the License for the
24
+ # specific language governing permissions and limitations
25
+ # under the License.
26
+
27
+ require 'opensearch'
28
+
29
+ class Fluent::Plugin::OpenSearchSimpleSniffer < OpenSearch::Transport::Transport::Sniffer
30
+
31
+ def hosts
32
+ @transport.logger.debug "In Fluent::Plugin::OpenSearchSimpleSniffer hosts #{@transport.hosts}" if @transport.logger
33
+ @transport.hosts
34
+ end
35
+
36
+ end
@@ -0,0 +1,96 @@
1
+ # SPDX-License-Identifier: Apache-2.0
2
+ #
3
+ # The fluent-plugin-opensearch Contributors require contributions made to
4
+ # this file be licensed under the Apache-2.0 license or a
5
+ # compatible open source license.
6
+ #
7
+ # Modifications Copyright fluent-plugin-opensearch Contributors. See
8
+ # GitHub history for details.
9
+ #
10
+ # Licensed to Uken Inc. under one or more contributor
11
+ # license agreements. See the NOTICE file distributed with
12
+ # this work for additional information regarding copyright
13
+ # ownership. Uken Inc. licenses this file to you under
14
+ # the Apache License, Version 2.0 (the "License"); you may
15
+ # not use this file except in compliance with the License.
16
+ # You may obtain a copy of the License at
17
+ #
18
+ # http://www.apache.org/licenses/LICENSE-2.0
19
+ #
20
+ # Unless required by applicable law or agreed to in writing,
21
+ # software distributed under the License is distributed on an
22
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
23
+ # KIND, either express or implied. See the License for the
24
+ # specific language governing permissions and limitations
25
+ # under the License.
26
+
27
+ require 'openssl'
28
+ require 'fluent/configurable'
29
+ require 'fluent/config/error'
30
+
31
+ module Fluent::Plugin
32
+ module OpenSearchTLS
33
+ SUPPORTED_TLS_VERSIONS = if defined?(OpenSSL::SSL::TLS1_3_VERSION)
34
+ [:TLSv1, :TLSv1_1, :TLSv1_2, :TLSv1_3].freeze
35
+ else
36
+ [:SSLv23, :TLSv1, :TLSv1_1, :TLSv1_2].freeze
37
+ end
38
+
39
+ DEFAULT_VERSION = :TLSv1_2
40
+ METHODS_MAP = begin
41
+ # When openssl supports OpenSSL::SSL::TLSXXX constants representations, we use them.
42
+ map = {
43
+ TLSv1: OpenSSL::SSL::TLS1_VERSION,
44
+ TLSv1_1: OpenSSL::SSL::TLS1_1_VERSION,
45
+ TLSv1_2: OpenSSL::SSL::TLS1_2_VERSION
46
+ }
47
+ map[:TLSv1_3] = OpenSSL::SSL::TLS1_3_VERSION if defined?(OpenSSL::SSL::TLS1_3_VERSION)
48
+ USE_TLS_MINMAX_VERSION = true
49
+ map.freeze
50
+ rescue NameError
51
+ map = {
52
+ SSLv23: :SSLv23,
53
+ TLSv1: :TLSv1,
54
+ TLSv1_1: :TLSv1_1,
55
+ TLSv1_2: :TLSv1_2,
56
+ }
57
+ USE_TLS_MINMAX_VERSION = false
58
+ end
59
+ private_constant :METHODS_MAP
60
+
61
+ module OpenSearchTLSParams
62
+ include Fluent::Configurable
63
+
64
+ config_param :ssl_version, :enum, list: Fluent::Plugin::OpenSearchTLS::SUPPORTED_TLS_VERSIONS, default: Fluent::Plugin::OpenSearchTLS::DEFAULT_VERSION
65
+ config_param :ssl_min_version, :enum, list: Fluent::Plugin::OpenSearchTLS::SUPPORTED_TLS_VERSIONS, default: nil
66
+ config_param :ssl_max_version, :enum, list: Fluent::Plugin::OpenSearchTLS::SUPPORTED_TLS_VERSIONS, default: nil
67
+ end
68
+
69
+ def self.included(mod)
70
+ mod.include OpenSearchTLSParams
71
+ end
72
+
73
+ def set_tls_minmax_version_config(ssl_version, ssl_max_version, ssl_min_version)
74
+ if USE_TLS_MINMAX_VERSION
75
+ case
76
+ when ssl_min_version.nil? && ssl_max_version.nil?
77
+ ssl_min_version = METHODS_MAP[:TLSv1_2]
78
+ ssl_max_version = METHODS_MAP[:TLSv1_3]
79
+ when ssl_min_version && ssl_max_version.nil?
80
+ raise Fluent::ConfigError, "When you set 'ssl_min_version', must set 'ssl_max_version' together."
81
+ when ssl_min_version.nil? && ssl_max_version
82
+ raise Fluent::ConfigError, "When you set 'ssl_max_version', must set 'ssl_min_version' together."
83
+ else
84
+ ssl_min_version = METHODS_MAP[ssl_min_version]
85
+ ssl_max_version = METHODS_MAP[ssl_max_version]
86
+ end
87
+
88
+ {max_version: ssl_max_version, min_version: ssl_min_version}
89
+ else
90
+ log.warn "'ssl_min_version' does not have any effect in this environment. Use 'ssl_version' instead." unless ssl_min_version.nil?
91
+ log.warn "'ssl_max_version' does not have any effect in this environment. Use 'ssl_version' instead." unless ssl_max_version.nil?
92
+ {version: ssl_version}
93
+ end
94
+ end
95
+ end
96
+ end