logstash-filter-elasticsearch 4.4.0 → 4.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/docs/index.asciidoc +5 -2
- data/lib/logstash/filters/elasticsearch/client.rb +23 -1
- data/lib/logstash/filters/elasticsearch.rb +2 -1
- data/logstash-filter-elasticsearch.gemspec +1 -1
- data/spec/filters/elasticsearch_spec.rb +25 -0
- data/version +1 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 460b1e72f53335af42fd95c998fb8fe158a705beeaf60e53d199aa8b9c64ab6f
|
|
4
|
+
data.tar.gz: 1d031b1b9783a30d7d849c320dc0ca7fec747192ee6e6a818b5873eb7a678875
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 24c037f834fadb3d4c5f988d197f2bc3de60c657bc00be9d04ee97e979adcd18c8e99deefda37e836ab49976402b659e0cb6d71c4b2f1a0e01e0d7fc9703f0e3
|
|
7
|
+
data.tar.gz: 8bcf2cf0303eb4339b1ebdffeb01a2588c5826ec8178fdffd8d0fc755008f3fffbfa8edf31abc80c0e4078536f2c18d36e14919902ced4046d562f5ba9946b2d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
## 4.4.1
|
|
2
|
+
- Support Elastic Cloud API keys in the `api_key` option, which now accepts an `id:api_key` pair, its base64-encoded form, or an `essu_` Cloud API key, and rejects an unrecognized format at startup [#215](https://github.com/logstash-plugins/logstash-filter-elasticsearch/pull/215)
|
|
3
|
+
|
|
1
4
|
## 4.4.0
|
|
2
5
|
- Drop a support for Logstash 7.x by requiring `elasticsearch` gem >= 8. Logstash 8+ continues to work as before. [#213](https://github.com/logstash-plugins/logstash-filter-elasticsearch/pull/213)
|
|
3
6
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -307,8 +307,11 @@ Example:
|
|
|
307
307
|
Authenticate using Elasticsearch API key. Note that this option also requires
|
|
308
308
|
enabling the <<plugins-{type}s-{plugin}-ssl_enabled>> option.
|
|
309
309
|
|
|
310
|
-
|
|
311
|
-
Elasticsearch {ref}/security-api-create-api-key.html[Create API key API].
|
|
310
|
+
The format is `id:api_key`, where `id` and `api_key` are as returned by the
|
|
311
|
+
Elasticsearch {ref}/security-api-create-api-key.html[Create API key API]. The
|
|
312
|
+
base64-encoded form of that pair is also accepted, as is an
|
|
313
|
+
https://www.elastic.co/docs/deploy-manage/api-keys/elastic-cloud-api-keys[Elastic Cloud API key]
|
|
314
|
+
(prefixed with `essu_`), which is used as-is.
|
|
312
315
|
|
|
313
316
|
[id="plugins-{type}s-{plugin}-ca_trusted_fingerprint"]
|
|
314
317
|
===== `ca_trusted_fingerprint`
|
|
@@ -102,10 +102,32 @@ module LogStash
|
|
|
102
102
|
def setup_api_key(api_key)
|
|
103
103
|
return {} unless (api_key&.value)
|
|
104
104
|
|
|
105
|
-
token =
|
|
105
|
+
token = resolve_api_key(api_key.value)
|
|
106
106
|
{ 'Authorization' => "ApiKey #{token}" }
|
|
107
107
|
end
|
|
108
108
|
|
|
109
|
+
# Resolves the `api_key` value into the credential used in the
|
|
110
|
+
# `Authorization: ApiKey` header. An already base64-encoded key and an
|
|
111
|
+
# Elastic Cloud API key are used as-is; a raw `id:api_key` pair is
|
|
112
|
+
# base64-encoded. An unrecognized value is rejected so a malformed key
|
|
113
|
+
# surfaces at startup rather than as a later authentication failure.
|
|
114
|
+
def resolve_api_key(key_value)
|
|
115
|
+
if base64?(key_value) || cloud_api_key?(key_value)
|
|
116
|
+
key_value
|
|
117
|
+
elsif key_value.match?(/\A[^:]+:[^:]+\z/)
|
|
118
|
+
Base64.strict_encode64(key_value)
|
|
119
|
+
else
|
|
120
|
+
raise LogStash::ConfigurationError, "Invalid api_key format. Expected a base64-encoded key, an 'id:api_key' pair, or a Cloud API key (essu_ prefix)."
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
# Elastic Cloud API keys (such as the unified Serverless keys) are opaque
|
|
125
|
+
# tokens prefixed with `essu_` that Elasticsearch accepts verbatim in the
|
|
126
|
+
# `Authorization: ApiKey` header, with no base64 encoding.
|
|
127
|
+
def cloud_api_key?(string)
|
|
128
|
+
string.match?(/\Aessu_.+/)
|
|
129
|
+
end
|
|
130
|
+
|
|
109
131
|
def base64?(string)
|
|
110
132
|
string == Base64.strict_encode64(Base64.strict_decode64(string))
|
|
111
133
|
rescue ArgumentError
|
|
@@ -72,7 +72,8 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
|
|
|
72
72
|
config :cloud_auth, :validate => :password
|
|
73
73
|
|
|
74
74
|
# Authenticate using Elasticsearch API key.
|
|
75
|
-
#
|
|
75
|
+
# Format is either the `id:api_key` pair (as returned by https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html[Create API key]),
|
|
76
|
+
# its base64-encoded form, or an https://www.elastic.co/docs/deploy-manage/api-keys/elastic-cloud-api-keys[Elastic Cloud API key] (prefixed with `essu_`) can be used.
|
|
76
77
|
config :api_key, :validate => :password
|
|
77
78
|
|
|
78
79
|
# Set the address of a forward HTTP proxy.
|
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
|
|
|
11
11
|
s.require_paths = ["lib"]
|
|
12
12
|
|
|
13
13
|
# Files
|
|
14
|
-
s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
|
|
14
|
+
s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "version", "docs/**/*"]
|
|
15
15
|
|
|
16
16
|
# Tests
|
|
17
17
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
|
@@ -325,6 +325,31 @@ describe LogStash::Filters::Elasticsearch do
|
|
|
325
325
|
it_behaves_like "a plugin that sets the ApiKey authorization header"
|
|
326
326
|
end
|
|
327
327
|
|
|
328
|
+
context "with an Elastic Cloud API key (essu_ prefix)" do
|
|
329
|
+
# The suffix is intentionally not canonical base64: a Cloud key is opaque
|
|
330
|
+
# and must be forwarded verbatim regardless of its payload encoding.
|
|
331
|
+
let(:api_key_value) { "essu_VFZGblZreFhTekJ4ZDB4M2NHUnZRMEU2YzNWd1pYSnpaV055WlhRPQ==AAAAAAAA" }
|
|
332
|
+
|
|
333
|
+
it "sets the Authorization header verbatim without re-encoding" do
|
|
334
|
+
plugin.register
|
|
335
|
+
client = plugin.send(:get_client).client
|
|
336
|
+
auth_header = extract_transport(client).options[:transport_options][:headers]['Authorization']
|
|
337
|
+
|
|
338
|
+
expect(auth_header).to eql("ApiKey #{api_key_value}")
|
|
339
|
+
end
|
|
340
|
+
end
|
|
341
|
+
|
|
342
|
+
context "with an unrecognized api_key format" do
|
|
343
|
+
let(:api_key_value) { "not-a-valid-key" }
|
|
344
|
+
|
|
345
|
+
# `test_connection!` and `setup_serverless` are stubbed here, so the
|
|
346
|
+
# client is built explicitly, as in the other api_key examples.
|
|
347
|
+
it "fails to build a client with a configuration error" do
|
|
348
|
+
plugin.register
|
|
349
|
+
expect { plugin.send(:get_client) }.to raise_error(LogStash::ConfigurationError, /Invalid api_key format/)
|
|
350
|
+
end
|
|
351
|
+
end
|
|
352
|
+
|
|
328
353
|
context 'user also set' do
|
|
329
354
|
let(:config) { super().merge({ 'api_key' => 'foo:bar', 'user' => 'another' }) }
|
|
330
355
|
|
data/version
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
4.4.1
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-elasticsearch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.4.
|
|
4
|
+
version: 4.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date:
|
|
10
|
+
date: 2026-07-06 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: logstash-core-plugin-api
|
|
@@ -196,6 +196,7 @@ files:
|
|
|
196
196
|
- spec/filters/fixtures/test_certs/ls.key
|
|
197
197
|
- spec/filters/integration/elasticsearch_esql_spec.rb
|
|
198
198
|
- spec/filters/integration/elasticsearch_spec.rb
|
|
199
|
+
- version
|
|
199
200
|
homepage: https://elastic.co/logstash
|
|
200
201
|
licenses:
|
|
201
202
|
- Apache License (2.0)
|
|
@@ -216,7 +217,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
216
217
|
- !ruby/object:Gem::Version
|
|
217
218
|
version: '0'
|
|
218
219
|
requirements: []
|
|
219
|
-
rubygems_version: 3.
|
|
220
|
+
rubygems_version: 3.6.3
|
|
220
221
|
specification_version: 4
|
|
221
222
|
summary: Copies fields from previous log events in Elasticsearch to current events
|
|
222
223
|
test_files:
|