logstash-filter-elasticsearch 3.11.1 → 3.12.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7ecfb3d5b15acecc9b301e27f77f5170ead83708c2722db56324807e3663cc08
|
4
|
+
data.tar.gz: bd8798a9f82792afb79b1be85936bdf51967dd74c91d6b45bb24b7cadec16e1b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b76de8e2722b3b1c5cf11efd0a29cc827042e48d584215e14fb9272349bc5cb50aa04b763a52ff26800ad36f64f2c1870cab27a38dbf94776fde5a25f75a7e08
|
7
|
+
data.tar.gz: 9304e6e00443b13fe5888ae62d0f9c0610cb6917cf148b21373afae460602548172a61efa4fed287e085421c7e9ef26bcebaf7a8ec1aee70a12449942b226a3e
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
## 3.12.0
|
2
|
+
- Added support for `ca_trusted_fingerprint` when run on Logstash 8.3+ [#158](https://github.com/logstash-plugins/logstash-filter-elasticsearch/pull/158)
|
3
|
+
|
1
4
|
## 3.11.1
|
2
5
|
- Fix: hosts => "es_host:port" regression [#156](https://github.com/logstash-plugins/logstash-filter-elasticsearch/pull/156)
|
3
6
|
|
data/docs/index.asciidoc
CHANGED
@@ -128,6 +128,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
128
128
|
| <<plugins-{type}s-{plugin}-aggregation_fields>> |<<hash,hash>>|No
|
129
129
|
| <<plugins-{type}s-{plugin}-api_key>> |<<password,password>>|No
|
130
130
|
| <<plugins-{type}s-{plugin}-ca_file>> |a valid filesystem path|No
|
131
|
+
| <<plugins-{type}s-{plugin}-ca_trusted_fingerprint>> |<<string,string>>|No
|
131
132
|
| <<plugins-{type}s-{plugin}-cloud_auth>> |<<password,password>>|No
|
132
133
|
| <<plugins-{type}s-{plugin}-cloud_id>> |<<string,string>>|No
|
133
134
|
| <<plugins-{type}s-{plugin}-docinfo_fields>> |<<hash,hash>>|No
|
@@ -189,6 +190,15 @@ Elasticsearch {ref}/security-api-create-api-key.html[Create API key API].
|
|
189
190
|
|
190
191
|
SSL Certificate Authority file
|
191
192
|
|
193
|
+
[id="plugins-{type}s-{plugin}-ca_trusted_fingerprint"]
|
194
|
+
===== `ca_trusted_fingerprint`
|
195
|
+
|
196
|
+
* Value type is <<string,string>>, and must contain exactly 64 hexadecimal characters.
|
197
|
+
* There is no default value for this setting.
|
198
|
+
* Use of this option _requires_ Logstash 8.3+
|
199
|
+
|
200
|
+
The SHA-256 fingerprint of an SSL Certificate Authority to trust, such as the autogenerated self-signed CA for an Elasticsearch cluster.
|
201
|
+
|
192
202
|
[id="plugins-{type}s-{plugin}-cloud_auth"]
|
193
203
|
===== `cloud_auth`
|
194
204
|
|
@@ -27,9 +27,11 @@ module LogStash
|
|
27
27
|
transport_options[:proxy] = proxy.to_s if proxy && !proxy.eql?('')
|
28
28
|
|
29
29
|
hosts = setup_hosts(hosts, ssl)
|
30
|
+
|
31
|
+
ssl_options = {}
|
30
32
|
# set ca_file even if ssl isn't on, since the host can be an https url
|
31
|
-
ssl_options
|
32
|
-
ssl_options
|
33
|
+
ssl_options.update(ssl: true, ca_file: options[:ca_file]) if options[:ca_file]
|
34
|
+
ssl_options.update(ssl: true, trust_strategy: options[:ssl_trust_strategy]) if options[:ssl_trust_strategy]
|
33
35
|
|
34
36
|
logger.info("New ElasticSearch filter client", :hosts => hosts)
|
35
37
|
@client = ::Elasticsearch::Client.new(hosts: hosts, transport_options: transport_options, transport_class: ::Elasticsearch::Transport::Transport::HTTP::Manticore, :ssl => ssl_options)
|
@@ -2,6 +2,8 @@
|
|
2
2
|
require "logstash/filters/base"
|
3
3
|
require "logstash/namespace"
|
4
4
|
require "logstash/json"
|
5
|
+
require 'logstash/plugin_mixins/ca_trusted_fingerprint_support'
|
6
|
+
|
5
7
|
require_relative "elasticsearch/client"
|
6
8
|
require_relative "elasticsearch/patches/_elasticsearch_transport_http_manticore"
|
7
9
|
|
@@ -73,6 +75,9 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
|
|
73
75
|
# Tags the event on failure to look up geo information. This can be used in later analysis.
|
74
76
|
config :tag_on_failure, :validate => :array, :default => ["_elasticsearch_lookup_failure"]
|
75
77
|
|
78
|
+
# config :ca_trusted_fingerprint, :validate => :sha_256_hex
|
79
|
+
include LogStash::PluginMixins::CATrustedFingerprintSupport
|
80
|
+
|
76
81
|
attr_reader :clients_pool
|
77
82
|
|
78
83
|
##
|
@@ -199,6 +204,7 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
|
|
199
204
|
:proxy => @proxy,
|
200
205
|
:ssl => @ssl,
|
201
206
|
:ca_file => @ca_file,
|
207
|
+
:ssl_trust_strategy => trust_strategy_for_ca_trusted_fingerprint
|
202
208
|
}
|
203
209
|
end
|
204
210
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-elasticsearch'
|
4
|
-
s.version = '3.
|
4
|
+
s.version = '3.12.0'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Copies fields from previous log events in Elasticsearch to current events "
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -23,6 +23,7 @@ Gem::Specification.new do |s|
|
|
23
23
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
24
24
|
s.add_runtime_dependency 'elasticsearch', ">= 7.14.0" # LS >= 6.7 and < 7.14 all used version 5.0.5
|
25
25
|
s.add_runtime_dependency 'manticore', ">= 0.7.1"
|
26
|
+
s.add_runtime_dependency 'logstash-mixin-ca_trusted_fingerprint_support', '~> 1.0'
|
26
27
|
s.add_development_dependency 'cabin', ['~> 0.6']
|
27
28
|
s.add_development_dependency 'webrick'
|
28
29
|
|
@@ -561,6 +561,38 @@ describe LogStash::Filters::Elasticsearch do
|
|
561
561
|
end
|
562
562
|
end
|
563
563
|
|
564
|
+
describe "ca_trusted_fingerprint" do
|
565
|
+
let(:ca_trusted_fingerprint) { SecureRandom.hex(32) }
|
566
|
+
let(:config) { {"ca_trusted_fingerprint" => ca_trusted_fingerprint}}
|
567
|
+
|
568
|
+
subject(:plugin) { described_class.new(config) }
|
569
|
+
|
570
|
+
if Gem::Version.create(LOGSTASH_VERSION) >= Gem::Version.create("8.3.0")
|
571
|
+
context 'the generated trust_strategy' do
|
572
|
+
before(:each) { allow(plugin).to receive(:test_connection!) }
|
573
|
+
|
574
|
+
it 'is passed to the Manticore client' do
|
575
|
+
expect(Manticore::Client).to receive(:new)
|
576
|
+
.with(
|
577
|
+
a_hash_including(
|
578
|
+
ssl: a_hash_including(
|
579
|
+
trust_strategy: plugin.trust_strategy_for_ca_trusted_fingerprint
|
580
|
+
)
|
581
|
+
)
|
582
|
+
).and_call_original
|
583
|
+
plugin.register
|
584
|
+
|
585
|
+
# the client is built lazily, so we need to get it explicitly
|
586
|
+
plugin.send(:get_client).client
|
587
|
+
end
|
588
|
+
end
|
589
|
+
else
|
590
|
+
it 'raises a configuration error' do
|
591
|
+
expect { plugin }.to raise_exception(LogStash::ConfigurationError, a_string_including("ca_trusted_fingerprint"))
|
592
|
+
end
|
593
|
+
end
|
594
|
+
end
|
595
|
+
|
564
596
|
describe "defaults" do
|
565
597
|
|
566
598
|
let(:config) { Hash.new }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-elasticsearch
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-05-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -58,6 +58,20 @@ dependencies:
|
|
58
58
|
- - ">="
|
59
59
|
- !ruby/object:Gem::Version
|
60
60
|
version: 0.7.1
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
requirement: !ruby/object:Gem::Requirement
|
63
|
+
requirements:
|
64
|
+
- - "~>"
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: '1.0'
|
67
|
+
name: logstash-mixin-ca_trusted_fingerprint_support
|
68
|
+
prerelease: false
|
69
|
+
type: :runtime
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - "~>"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '1.0'
|
61
75
|
- !ruby/object:Gem::Dependency
|
62
76
|
requirement: !ruby/object:Gem::Requirement
|
63
77
|
requirements:
|