RubyGems - logstash-filter-elastic_integration - Versions diffs - 0.0.1-java → 0.0.2-java - Mend

logstash-filter-elastic_integration 0.0.1-java → 0.0.2-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9c797a3d5774cab43738ee098605fcba0a8df86d104b5334d38b27f882e7b086
-  data.tar.gz: 43d2a785e22bf742e3e3fb9ba0ae93a7b2ede62ed6a25fae590fbd6c869eb729
+  metadata.gz: e763ac8238ed2ebca641f89dde3596d76b63f2e93f9214894c93add947c0fb14
+  data.tar.gz: acb232f4b3481f47684421ccfffdda198a4141ec5209b67f881f04ca28edd539
 SHA512:
-  metadata.gz: 2ed848a542bf89c151122bdf98d7ca7c85573ee3d81e5019632f2a1be2c61941d704e21342f28c1e52680956a862a823939e43c61d682e59a877bbedd198c0e6
-  data.tar.gz: 3d2231665a2277b8bed047b1fbf412e56d3e84926893769e69277d1e3d400781d41c2e0551b8d21e3b0ba9eaab1621c7514f497c87ea07f402b740d90b1e2fc4
+  metadata.gz: d563ccc980501c370b2b95eecbfbd8f43ca9cc30d792d3ab8122cc08bfd227c1a4bfa41dcea7041f502afb25d4a3f391981309157b5a5bddf8b92a37543167f3
+  data.tar.gz: 3e75a0255e24a4c67ef04f65e7bdeb137c233d9c731624b0436c26a3f1ffe0bf6274b52090a924b072f602678b6af7570c105f590b81e13edf61bfdff1df8936

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.0.1
1	+ 0.0.2

data/lib/logstash/filters/elastic_integration/jar_dependencies.rb CHANGED Viewed

@@ -8,4 +8,4 @@
 ########################################################################
 require 'jar_dependencies'
-require_jar('co.elastic.logstash.plugins.filter.elasticintegration', 'logstash-filter-elastic_integration', '0.0.1')
+require_jar('co.elastic.logstash.plugins.filter.elasticintegration', 'logstash-filter-elastic_integration', '0.0.2')

data/lib/logstash/filters/elastic_integration.rb CHANGED Viewed

@@ -10,21 +10,10 @@
 require "logstash/filters/base"
 require "logstash/namespace"
-require_relative "elastic_integration/jar_dependencies"
 class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
-  require_relative "elastic_integration/event_api_bridge"
-  include EventApiBridge
   config_name "elastic_integration"
-  java_import('co.elastic.logstash.filters.elasticintegration.PluginConfiguration')
-  java_import('co.elastic.logstash.filters.elasticintegration.EventProcessor')
-  java_import('co.elastic.logstash.filters.elasticintegration.EventProcessorBuilder')
-  java_import('co.elastic.logstash.filters.elasticintegration.ElasticsearchRestClientBuilder')
-  java_import('co.elastic.logstash.filters.elasticintegration.PreflightCheck')
   ELASTICSEARCH_DEFAULT_PORT = 9200.freeze
   ELASTICSEARCH_DEFAULT_PATH = '/'.freeze
   HTTP_PROTOCOL = "http".freeze
@@ -86,10 +75,10 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
   config :ssl_keystore_password, :validate => :password
   # Username for basic authentication
-  config :auth_basic_username, :validate => :string
+  config :username, :validate => :string
   # Password for basic authentication
-  config :auth_basic_password, :validate => :password
+  config :password, :validate => :password
   # Cloud authentication string ("<username>:<password>" format) to connect to Elastic cloud.
   #
@@ -99,23 +88,30 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
   # A key to authenticate when connecting to Elasticsearch
   config :api_key, :validate => :password
-  # A directory containing one or more Maxmind Datbase files in *.mmdb format
+  # A directory containing one or more Maxmind Database files in *.mmdb format
   config :geoip_database_directory, :validate => :path
+  # a sprintf template for resolving the pipeline name; when this template does
+  # not fully-resolve no pipeline will be run.
+  config :pipeline_name, :validate => :string
+  ##
+  # Validates that this plugin can be initialized BEFORE loading dependencies
+  # and delegating to super, so that when this plugin CANNOT be run the process
+  # is not encumbered by those dependencies.
   def initialize(*a, &b)
-    # This Elastic-licensed plugin needs to run in a _complete_ distro of Logstash that
-    # has non-OSS features active. Runtime detection mechanism relies on LogStash::OSS,
-    # which is set in the prelude to LogStash::Runner, and is bypassed when LogStash::OSS
-    # is not defined (such as when running specs from source)
-    if defined?(LogStash::OSS) && LogStash::OSS
-      raise_config_error! <<~ERR
-        The Elastic Integration filter for Logstash is an Elastic-licensed plugin
-        that REQUIRES the complete Logstash distribution, including non-OSS features.
-      ERR
-    end
+    ensure_complete_logstash!
+    ensure_java_major_version!(17)
+    require_relative "elastic_integration/jar_dependencies"
+    require_relative "elastic_integration/event_api_bridge"
+    extend EventApiBridge
     super
+    java_import('co.elastic.logstash.filters.elasticintegration.util.PluginContext')
+    @plugin_context = PluginContext.new(execution_context&.pipeline_id || "UNDEF", id)
   end
   def register
@@ -207,16 +203,16 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
   def validate_auth_settings!
     @cloud_auth           = @cloud_auth&.freeze
     @api_key              = @api_key&.freeze
-    @auth_basic_username  = @auth_basic_username&.freeze
-    @auth_basic_password  = @auth_basic_password&.freeze
+    @username             = @username&.freeze
+    @password             = @password&.freeze
-    raise_config_error! "`auth_basic_username` requires `auth_basic_password`" if @auth_basic_username && !@auth_basic_password
-    raise_config_error! "`auth_basic_password` is not allowed unless `auth_basic_username` is specified" if !@auth_basic_username && @auth_basic_password
-    if @auth_basic_username && @auth_basic_password
-      raise_config_error! "Empty `auth_basic_username` or `auth_basic_password` is not allowed" if @auth_basic_username.empty? || @auth_basic_password.value.empty?
+    raise_config_error! "`username` requires `password`" if @username && !@password
+    raise_config_error! "`password` is not allowed unless `username` is specified" if !@username && @password
+    if @username && @password
+      raise_config_error! "Empty `username` or `password` is not allowed" if @username.empty? || @password.value.empty?
     end
-    possible_auth_options = original_params.keys & %w(auth_basic_password cloud_auth api_key)
+    possible_auth_options = original_params.keys & %w(password cloud_auth api_key)
     raise_config_error!("Multiple authentication #{possible_auth_options} options cannot be used together. Please provide ONLY one.") if possible_auth_options.size > 1
     raise_config_error! "Empty `cloud_auth` is not allowed" if @cloud_auth && @cloud_auth.value.empty?
@@ -303,38 +299,43 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
   ##
   # Builds a `PluginConfiguration` from the previously-validated config
   def extract_immutable_config
-    builder = PluginConfiguration::Builder.new
+    java_import('co.elastic.logstash.filters.elasticintegration.PluginConfiguration')
+    @immutable_config ||= PluginConfiguration::Builder.new.tap do |builder|
+      builder.setId @id
-    builder.setId @id
+      builder.setHosts @hosts&.map(&:to_s)
+      builder.setCloudId @cloud_id
-    builder.setHosts @hosts&.map(&:to_s)
-    builder.setCloudId @cloud_id
+      builder.setSslEnabled @ssl_enabled
-    builder.setSslEnabled @ssl_enabled
+      # ssl trust
+      builder.setSslVerificationMode @ssl_verification_mode
+      builder.setSslTruststorePath @ssl_truststore_path
+      builder.setSslTruststorePassword @ssl_truststore_password
+      builder.setSslCertificateAuthorities @ssl_certificate_authorities
-    # ssl trust
-    builder.setSslVerificationMode @ssl_verification_mode
-    builder.setSslTruststorePath @ssl_truststore_path
-    builder.setSslTruststorePassword @ssl_truststore_password
-    builder.setSslCertificateAuthorities @ssl_certificate_authorities
+      # ssl identity
+      builder.setSslKeystorePath @keystore
+      builder.setSslKeystorePassword @ssl_keystore_password
+      builder.setSslCertificate @ssl_certificate
+      builder.setSslKey @ssl_key
+      builder.setSslKeyPassphrase @ssl_key_passphrase
-    # ssl identity
-    builder.setSslKeystorePath @keystore
-    builder.setSslKeystorePassword @ssl_keystore_password
-    builder.setSslCertificate @ssl_certificate
-    builder.setSslKey @ssl_key
-    builder.setSslKeyPassphrase @ssl_key_passphrase
+      # request auth
+      builder.setAuthBasicUsername @username
+      builder.setAuthBasicPassword @password
+      builder.setCloudAuth @cloud_auth
+      builder.setApiKey @api_key
-    # request auth
-    builder.setAuthBasicUsername @auth_basic_username
-    builder.setAuthBasicPassword @auth_basic_password
-    builder.setCloudAuth @cloud_auth
-    builder.setApiKey @api_key
+      # pipeline resolving
+      builder.setPipelineNameTemplate @pipeline_name
-    builder.build
+    end.build
   end
   def initialize_elasticsearch_rest_client!
+    java_import('co.elastic.logstash.filters.elasticintegration.ElasticsearchRestClientBuilder')
     @elasticsearch_rest_client = ElasticsearchRestClientBuilder.fromPluginConfiguration(extract_immutable_config)
                                                                .map(&:build)
                                                                .orElseThrow() # todo: ruby/java bridge better exception
@@ -344,17 +345,16 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
     java_import('co.elastic.logstash.filters.elasticintegration.EventProcessorBuilder')
     java_import('co.elastic.logstash.filters.elasticintegration.geoip.GeoIpProcessorFactory')
-    @event_processor = EventProcessorBuilder.fromElasticsearch(@elasticsearch_rest_client)
+    @event_processor = EventProcessorBuilder.fromElasticsearch(@elasticsearch_rest_client, extract_immutable_config)
                                             .setFilterMatchListener(method(:filter_matched_java).to_proc)
                                             .addProcessor("geoip") { GeoIpProcessorFactory.new(@geoip_database_provider) }
-                                            .build("logstash.filter.elastic_integration.#{id}.#{__id__}")
+                                            .build(@plugin_context)
   rescue => exception
     raise_config_error!("configuration did not produce an EventProcessor: #{exception}")
   end
   def initialize_geoip_database_provider!
     java_import('co.elastic.logstash.filters.elasticintegration.geoip.GeoIpDatabaseProvider')
-    java_import('co.elastic.logstash.filters.elasticintegration.geoip.StaticGeoIpDatabase')
     @geoip_database_provider ||= GeoIpDatabaseProvider::Builder.new.tap do |builder|
       builder.setDatabases(java.io.File.new(@geoip_database_directory)) if @geoip_database_directory
@@ -362,8 +362,77 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
   end
   def perform_preflight_check!
-    PreflightCheck.new(@elasticsearch_rest_client).check
+    java_import('co.elastic.logstash.filters.elasticintegration.PreflightCheck')
+    check_user_privileges!
+    check_es_cluster_license!
+  end
+  def check_user_privileges!
+    PreflightCheck.new(@elasticsearch_rest_client).checkUserPrivileges
+  rescue => e
+    security_error_message = "no handler found for uri [/_security/user/_has_privileges]"
+    if e.message.include?(security_error_message)
+      if @password || @cloud_auth || @api_key
+        cred_desc = case
+                    when @password   then "`username` and `password`"
+                    when @cloud_auth then "`cloud_auth`"
+                    when @api_key    then "`api_key`"
+                    end
+        recommend_message = "The Elasticsearch cluster does not have security features enabled but request credentials were provided. Either enable security in Elasticsearch (recommended!) or remove the #{cred_desc} request credentials. "
+        raise_config_error! recommend_message.concat(e.message)
+      else
+        # Elasticsearch cluster security disabled, auth also isn't provided, running plugin unsecurily
+        @logger.warn("`elastic_integration` plugin is unable to verify user privileges. It has started with unsafe mode which may cause unexpected failure. Enabling security in Elasticsearch and using user authentication is recommended.")
+      end
+    else
+      raise_config_error!(e.message)
+    end
+  end
+  def check_es_cluster_license!
+    PreflightCheck.new(@elasticsearch_rest_client).checkLicense
   rescue => e
     raise_config_error!(e.message)
   end
+  ##
+  # single-use helper to ensure the running Logstash is a _complete_ distro that has
+  # non-OSS features active. Runtime detection mechanism relies on LogStash::OSS,
+  # which is set in the prelude to LogStash::Runner, and is bypassed when LogStash::OSS
+  # is not defined (such as when running specs from source)
+  def ensure_complete_logstash!
+    if defined?(LogStash::OSS) && LogStash::OSS
+      raise_config_error! <<~ERR.gsub(/\s+/, ' ')
+        The Elastic Integration filter for Logstash is an Elastic-licensed plugin
+        that REQUIRES the complete Logstash distribution, including non-OSS features.
+      ERR
+    end
+  end
+  ##
+  # single-use helper for ensuring the running JVM meets the minimum
+  # Java version requirement necessary for loading the included jars
+  # @raise [LogStash::EnvironmentError]
+  def ensure_java_major_version!(minimum_major_version)
+    java_version_string = java.lang.System.getProperty("java.specification.version")
+    # MAJOR <= 8 ? 1.MAJOR.MINOR : MAJOR.MINOR
+    # https://rubular.com/r/lLW5iUWN9N9N6Z
+    java_major_version_pattern = /(?:(?:(?<=^1\.)[0-8])|^(?:9|[1-9][0-9]+))(?=\.|$)/
+    java_major_version = java_version_string&.slice(java_major_version_pattern)&.to_i
+    if (java_major_version.nil?)
+      fail("Failed to retrieve running JVM's major version")
+    elsif (java_major_version < minimum_major_version)
+      fail(LogStash::EnvironmentError, <<~ERR.gsub(/\s+/, ' '))
+        the #{self.class.config_name} #{self.class.plugin_type} plugin requires
+        Java #{minimum_major_version} or later and cannot be instantiated on the
+        current JVM version `#{java_version_string}`.
+        You can either remove the plugin from your pipeline definition or run
+        Logstash with a supported JVM.
+      ERR
+    end
+  end
 end

data/vendor/jar-dependencies/co/elastic/logstash/plugins/filter/elasticintegration/logstash-filter-elastic_integration/{0.0.1/logstash-filter-elastic_integration-0.0.1.jar → 0.0.2/logstash-filter-elastic_integration-0.0.2.jar} RENAMED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-elastic_integration
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-14 00:00:00.000000000 Z
+date: 2023-05-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -73,7 +73,7 @@ files:
 - lib/logstash/filters/elastic_integration/event_api_bridge.rb
 - lib/logstash/filters/elastic_integration/jar_dependencies.rb
 - logstash-filter-elastic_integration.gemspec
-- vendor/jar-dependencies/co/elastic/logstash/plugins/filter/elasticintegration/logstash-filter-elastic_integration/0.0.1/logstash-filter-elastic_integration-0.0.1.jar
+- vendor/jar-dependencies/co/elastic/logstash/plugins/filter/elasticintegration/logstash-filter-elastic_integration/0.0.2/logstash-filter-elastic_integration-0.0.2.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - ELv2
@@ -100,7 +100,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
+rubygems_version: 3.2.29
 signing_key:
 specification_version: 4
 summary: Processes Elastic Integrations