logstash-filter-geoip 6.0.5-java → 7.0.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4d4c10ca6dc7f0ad60456004a01b7ed4b5442b9168e0e17649e96cfd9e4f205a
-  data.tar.gz: 34c3f8130b1a4bb6a7b840531987b9a2a3830b945129894d6bb5a108cfdc9e41
+  metadata.gz: 1863a093cb2b2c2cf3acc200ce48ff5c2103e0a998b419165b5dc910ae9a8afb
+  data.tar.gz: 3b75fd3ce00d85a101b32f56e0a1a408be32d8c4e8381fa2df7b0abe3073e7d0
 SHA512:
-  metadata.gz: 3d1559444aca8ee5bdd22549ad08c663d9a40aa68735f77eba576c15a258dc7c6b7456e7ccd1bb1c11bb120ee60b97aff9f283af2ac821a4665278b151e6e5ad
-  data.tar.gz: '08b8b38338a0fa050804071c5806815a376fe454223d03ff4b9b9f17b52e123f4a566f2a87fdbf3b5205ddf7dea2e6bce67247802faaa34f09c4635290146e2a'
+  metadata.gz: fa881996b64bdbb97765c1e257c850f70bc552f087127fda76d659d94a3c34a9bd80ea07d9dc7a5339d759834a345492c60f3b5c6ad96fbc07910239ff8fc218
+  data.tar.gz: 86063b89d552fd7b07d8add64bf4dfd644dff79fd978074bc09eca979ec7d86275e0672479a1401d1153cc5fbef2958dd692ee244b63c26ca720aaabf06ac05f

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 7.0.0
+  - Changed the plugin to use EULA GeoIP2 Database with auto-update [#176](https://github.com/logstash-plugins/logstash-filter-geoip/pull/176)
+    Available in Logstash 7.13+ Elastic license
+
 ## 6.0.5
   - Fix database download task. Upgrade project to java 11 [#175](https://github.com/logstash-plugins/logstash-filter-geoip/pull/175)
 

data/lib/logstash/filters/geoip.rb

@@ -1,9 +1,9 @@
 # encoding: utf-8
 require "logstash/filters/base"
 require "logstash/namespace"
-
 require "logstash-filter-geoip_jars"
 
+
 # The GeoIP filter adds information about the geographical location of IP addresses,
 # based on data from the Maxmind GeoLite2 database.
 #
@@ -90,18 +90,8 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
 
   public
   def register
-    if @database.nil?
-      @database = ::Dir.glob(::File.join(::File.expand_path("../../../vendor/", ::File.dirname(__FILE__)),"GeoLite2-#{@default_database_type}.mmdb")).first
-
-      if @database.nil? || !File.exists?(@database)
-        raise "You must specify 'database => ...' in your geoip filter (I looked for '#{@database}')"
-      end
-    end
-
-    @logger.info("Using geoip database", :path => @database)
-    
-    @geoipfilter = org.logstash.filters.GeoIPFilter.new(@source, @target, @fields, @database, @cache_size)
-  end # def register
+    setup_filter(select_database_path)
+  end
 
   public
   def filter(event)
@@ -118,4 +108,41 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
     @tag_on_failure.each{|tag| event.tag(tag)}
   end
 
+  def setup_filter(database_path)
+    @database = database_path
+    @logger.info("Using geoip database", :path => @database)
+    @geoipfilter = org.logstash.filters.GeoIPFilter.new(@source, @target, @fields, @database, @cache_size)
+  end
+
+  def terminate_filter
+    @logger.info("geoip plugin is terminating")
+    pipeline_id = execution_context.pipeline_id
+    execution_context.agent.stop_pipeline(pipeline_id)
+  end
+
+  def close
+    @database_manager.close unless @database_manager.nil?
+  end
+
+  def select_database_path
+    vendor_path = ::File.expand_path("../../../vendor/", ::File.dirname(__FILE__))
+
+    if load_database_manager?
+      @database_manager = LogStash::Filters::Geoip::DatabaseManager.new(self, @database, @default_database_type, vendor_path)
+      @database_manager.database_path
+    else
+      @database.nil? ? ::File.join(vendor_path, "GeoLite2-#{@default_database_type}.mmdb") : @database
+    end
+  end
+
+  def load_database_manager?
+    begin
+      require_relative "#{LogStash::Environment::LOGSTASH_HOME}/x-pack/lib/filters/geoip/database_manager"
+      true
+    rescue LoadError => e
+      @logger.info("DatabaseManager is not in classpath", :version => LOGSTASH_VERSION, :exception => e)
+      false
+    end
+  end
+
 end # class LogStash::Filters::GeoIP

data/logstash-filter-geoip.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-geoip'
-  s.version         = '6.0.5'
+  s.version         = '7.0.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Adds geographical information about an IP address"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/filters/geoip_offline_spec.rb

@@ -0,0 +1,297 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"
+require "insist"
+require "logstash/filters/geoip"
+
+CITYDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoLite2-City.mmdb").first
+ASNDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoLite2-ASN.mmdb").first
+
+describe LogStash::Filters::GeoIP do
+  describe "defaults" do
+    config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+          database => "#{CITYDB}"
+        }
+      }
+    CONFIG
+
+    sample("ip" => "8.8.8.8") do
+      insist { subject }.include?("geoip")
+
+      expected_fields = %w(ip country_code2 country_code3 country_name
+                           continent_code latitude longitude location)
+      expected_fields.each do |f|
+        insist { subject.get("geoip") }.include?(f)
+      end
+    end
+
+    sample("ip" => "127.0.0.1") do
+      # assume geoip fails on localhost lookups
+      expect(subject.get("geoip")).to eq({})
+    end
+  end
+
+  describe "normal operations" do
+    config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+          database => "#{CITYDB}"
+          target => src_ip
+          add_tag => "done"
+        }
+      }
+    CONFIG
+
+    context "when specifying the target" do
+
+      sample("ip" => "8.8.8.8") do
+        expect(subject).to include("src_ip")
+
+        expected_fields = %w(ip country_code2 country_code3 country_name
+                             continent_code latitude longitude location)
+        expected_fields.each do |f|
+          expect(subject.get("src_ip")).to include(f)
+        end
+      end
+
+      sample("ip" => "127.0.0.1") do
+        # assume geoip fails on localhost lookups
+        expect(subject.get("src_ip")).to eq({})
+      end
+    end
+
+    context "when specifying add_tag" do
+      sample("ip" => "8.8.8.8") do
+        expect(subject.get("tags")).to include("done")
+      end
+    end
+  end
+
+  describe "source is derived from target" do
+    subject(:event) { LogStash::Event.new("target" => { "ip" => "173.9.34.107" } ) }
+    let(:plugin) {
+      LogStash::Filters::GeoIP.new(
+        "source" => "[target][ip]",
+        "target" => "target",
+        "fields" => [ "city_name", "region_name" ],
+        "add_tag" => "done", "database" => CITYDB
+      )
+    }
+
+    before do
+      plugin.register
+      plugin.filter(event)
+    end
+
+    context "when source field 'ip' is a subfield of 'target'" do
+
+      it "should preserve value in [target][ip]" do
+        expect(event.get("[target][ip]")).to eq("173.9.34.107")
+      end
+
+      it "should set other subfields of 'target' properly" do
+        expect(event.get("target").to_hash.keys.sort).to eq(["city_name", "ip", "region_name"])
+        expect(event.get("[target][city_name]")).to eq("Malden")
+        expect(event.get("[target][region_name]")).to eq("Massachusetts")
+      end
+
+    end
+
+  end
+
+  describe "correct encodings with default db" do
+    config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+          database => "#{CITYDB}"
+        }
+      }
+    CONFIG
+    expected_fields = %w(ip country_code2 country_code3 country_name
+                           continent_code region_name city_name postal_code
+                           dma_code timezone)
+
+    sample("ip" => "1.1.1.1") do
+      checked = 0
+      expected_fields.each do |f|
+        next unless subject.get("geoip")[f]
+        checked += 1
+        insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
+      end
+      insist { checked } > 0
+    end
+
+    sample("ip" => "189.2.0.0") do
+      checked = 0
+      expected_fields.each do |f|
+        next unless subject.get("geoip")[f]
+        checked += 1
+        insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
+      end
+      insist { checked } > 0
+    end
+
+  end
+
+  describe "location field" do
+    shared_examples_for "an event with a [geoip][location] field" do
+      subject(:event) { LogStash::Event.new("message" => "8.8.8.8") }
+      let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "fields" => fields, "database" => CITYDB) }
+
+      before do
+        plugin.register
+        plugin.filter(event)
+      end
+
+      it "should have a location field" do
+        expect(event.get("[geoip][location]")).not_to(be_nil)
+      end
+    end
+
+    context "when latitude field is excluded" do
+      let(:fields) { ["country_name", "location", "longitude"] }
+      it_behaves_like "an event with a [geoip][location] field"
+    end
+
+    context "when longitude field is excluded" do
+      let(:fields) { ["country_name", "location", "latitude"] }
+      it_behaves_like "an event with a [geoip][location] field"
+    end
+
+    context "when both latitude and longitude field are excluded" do
+      let(:fields) { ["country_name", "location"] }
+      it_behaves_like "an event with a [geoip][location] field"
+    end
+  end
+
+  describe "an invalid IP" do
+    config <<-CONFIG
+          filter {
+            geoip {
+              source => "ip"
+              database => "#{CITYDB}"
+            }
+          }
+        CONFIG
+    describe "should not raise an error" do
+      sample("ip" => "-") do
+        expect{ subject }.to_not raise_error
+      end
+
+      sample("ip" => "~") do
+        expect{ subject }.to_not raise_error
+      end
+
+      sample("ip" => "") do
+        expect{ subject }.to_not raise_error
+      end
+
+      sample("ip" => "      ") do
+        expect{ subject }.to_not raise_error
+      end
+    end
+
+    describe "filter method outcomes" do
+      let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "add_tag" => "done", "database" => CITYDB) }
+      let(:event) { LogStash::Event.new("message" => ipstring) }
+
+      before do
+        plugin.register
+        plugin.filter(event)
+      end
+
+      context "when the bad IP is N/A" do
+        # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/50
+        let(:ipstring) { "N/A" }
+
+        it "should set the target field to an empty hash" do
+          expect(event.get("geoip")).to eq({})
+        end
+
+        it "should add failure tags" do
+          expect(event.get("tags")).to include("_geoip_lookup_failure")
+        end
+      end
+
+      context "when the bad IP is two ip comma separated" do
+        # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/51
+        let(:ipstring) { "123.45.67.89,61.160.232.222" }
+
+        it "should set the target field to an empty hash" do
+          expect(event.get("geoip")).to eq({})
+        end
+      end
+
+      context "when a IP is not found in the DB" do
+        let(:ipstring) { "0.0.0.0" }
+
+        it "should set the target field to an empty hash" do
+          expect(event.get("geoip")).to eq({})
+          expect(event.get("tags")).to include("_geoip_lookup_failure")
+        end
+      end
+
+      context "when IP is IPv6 format for localhost" do
+        let(:ipstring) { "::1" }
+
+        it "should set the target field to an empty hash" do
+          expect(event.get("geoip")).to eq({})
+        end
+      end
+
+      context "when IP is valid IPv6 format" do
+        let(:ipstring) { "2607:f0d0:1002:51::4" }
+
+        it "should set the target fields properly" do
+          expect(event.get("geoip")).not_to be_empty
+          expect(event.get("geoip")["ip"]).to eq("2607:f0d0:1002:51:0:0:0:4")
+          expect(event.get("geoip").to_hash.keys.sort).to eq(
+              ["continent_code", "country_code2", "country_code3", "country_name", "ip", "latitude", "location", "longitude", "timezone"]
+                                                          )
+        end
+      end
+
+    end
+
+  end
+
+  describe "an invalid database" do
+    config <<-CONFIG
+          filter {
+            geoip {
+              source => "ip"
+              database => "./Gemfile"
+            }
+          }
+        CONFIG
+
+    context "should return the correct sourcefield in the logging message" do
+      sample("ip" => "8.8.8.8") do
+        expect { subject }.to raise_error(java.lang.IllegalArgumentException, "The database provided is invalid or corrupted.")
+      end
+    end
+  end
+
+  describe "GeoIP2-ASN database" do
+    config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+          database => "#{ASNDB}"
+          default_database_type => "ASN"
+        }
+      }
+    CONFIG
+
+    sample("ip" => "8.8.8.8") do
+      expect(subject.get("geoip")).not_to be_empty
+      expect(subject.get("geoip")["asn"]).to eq(15169)
+      expect(subject.get("geoip")["as_org"]).to eq("Google LLC")
+    end
+  end
+
+end

data/spec/filters/geoip_online_spec.rb

@@ -0,0 +1,65 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"
+require "insist"
+require "logstash/filters/geoip"
+require_relative 'test_helper'
+
+describe LogStash::Filters::GeoIP do
+
+  before(:each) do
+    ::File.delete(METADATA_PATH) if ::File.exist?(METADATA_PATH)
+  end
+
+  describe "config without database path in LS >= 7.13", :aggregate_failures do
+    before(:each) do
+      dir_path = Stud::Temporary.directory
+      File.open(dir_path + '/uuid', 'w') { |f| f.write(SecureRandom.uuid) }
+      allow(LogStash::SETTINGS).to receive(:get).and_call_original
+      allow(LogStash::SETTINGS).to receive(:get).with("path.data").and_return(dir_path)
+    end
+
+    let(:plugin) { LogStash::Filters::GeoIP.new("source" => "[target][ip]") }
+
+    context "restart the plugin" do
+      let(:event) { LogStash::Event.new("target" => { "ip" => "173.9.34.107" }) }
+      let(:event2) { LogStash::Event.new("target" => { "ip" => "55.159.212.43" }) }
+
+      it "should use the same database" do
+        unless plugin.load_database_manager?
+          logstash_path = ENV['LOGSTASH_PATH'] || '/usr/share/logstash' # docker logstash home
+          stub_const('LogStash::Environment::LOGSTASH_HOME', logstash_path)
+        end
+
+        plugin.register
+        plugin.filter(event)
+        plugin.close
+        first_database_name = get_metadata_database_name
+        plugin.register
+        plugin.filter(event2)
+        plugin.close
+        second_database_name = get_metadata_database_name
+
+        expect(first_database_name).not_to be_nil
+        expect(first_database_name).to eq(second_database_name)
+        expect(::File.exist?(get_file_path(first_database_name))).to be_truthy
+      end
+    end
+  end if MAJOR >= 8 || (MAJOR == 7 && MINOR >= 13)
+
+  describe "config without database path in LS < 7.13" do
+    context "should run in offline mode" do
+      config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+        }
+      }
+      CONFIG
+
+      sample("ip" => "173.9.34.107") do
+        insist { subject.get("geoip") }.include?("ip")
+        expect(::File.exist?(METADATA_PATH)).to be_falsey
+      end
+    end
+  end if MAJOR < 7 || (MAJOR == 7 && MINOR <= 12)
+end

data/spec/filters/geoip_spec.rb

@@ -1,298 +1,42 @@
 # encoding: utf-8
 require "logstash/devutils/rspec/spec_helper"
-require "insist"
 require "logstash/filters/geoip"
-
-CITYDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoLite2-City.mmdb").first
+require_relative 'test_helper'
 
 describe LogStash::Filters::GeoIP do
 
-  describe "defaults" do
-    config <<-CONFIG
-      filter {
-        geoip {
-          source => "ip"
-          #database => "#{CITYDB}"
-        }
-      }
-    CONFIG
-
-    sample("ip" => "8.8.8.8") do
-      insist { subject }.include?("geoip")
-
-      expected_fields = %w(ip country_code2 country_code3 country_name
-                           continent_code latitude longitude location)
-      expected_fields.each do |f|
-        insist { subject.get("geoip") }.include?(f)
-      end
-    end
-
-    sample("ip" => "127.0.0.1") do
-      # assume geoip fails on localhost lookups
-      expect(subject.get("geoip")).to eq({})
-    end
-  end
-
-  describe "normal operations" do
-    config <<-CONFIG
-      filter {
-        geoip {
-          source => "ip"
-          # database => "#{CITYDB}"
-          target => src_ip
-          add_tag => "done"
-        }
-      }
-    CONFIG
-
-    context "when specifying the target" do
-
-      sample("ip" => "8.8.8.8") do
-        expect(subject).to include("src_ip")
-
-        expected_fields = %w(ip country_code2 country_code3 country_name
-                             continent_code latitude longitude location)
-        expected_fields.each do |f|
-          expect(subject.get("src_ip")).to include(f)
-        end
-      end
-
-      sample("ip" => "127.0.0.1") do
-        # assume geoip fails on localhost lookups
-        expect(subject.get("src_ip")).to eq({})
-      end
-    end
-
-    context "when specifying add_tag" do
-      sample("ip" => "8.8.8.8") do
-        expect(subject.get("tags")).to include("done")
-      end
-    end
-  end
-
-  describe "source is derived from target" do
-    subject(:event) { LogStash::Event.new("target" => { "ip" => "173.9.34.107" } ) }
-    let(:plugin) {
-      LogStash::Filters::GeoIP.new(
-        "source" => "[target][ip]",
-        "target" => "target",
-        "fields" => [ "city_name", "region_name" ],
-        "add_tag" => "done", "database" => CITYDB
-      )
-    }
-
-    before do
-      plugin.register
-      plugin.filter(event)
-    end
-
-    context "when source field 'ip' is a subfield of 'target'" do
-
-      it "should preserve value in [target][ip]" do
-        expect(event.get("[target][ip]")).to eq("173.9.34.107")
-      end
-
-      it "should set other subfields of 'target' properly" do
-        expect(event.get("target").to_hash.keys.sort).to eq(["city_name", "ip", "region_name"])
-        expect(event.get("[target][city_name]")).to eq("Malden")
-        expect(event.get("[target][region_name]")).to eq("Massachusetts")
-      end
+  describe "database path", :aggregate_failures do
+    let(:plugin) { LogStash::Filters::GeoIP.new("source" => "[target][ip]", "database" => DEFAULT_ASN_DB_PATH) }
 
+    before :each do
+      logstash_path = ENV['LOGSTASH_PATH'] || '/usr/share/logstash' # docker logstash home
+      stub_const('LogStash::Environment::LOGSTASH_HOME', logstash_path)
     end
 
-  end
-
-  describe "correct encodings with default db" do
-    config <<-CONFIG
-      filter {
-        geoip {
-          source => "ip"
-        }
-      }
-    CONFIG
-    expected_fields = %w(ip country_code2 country_code3 country_name
-                           continent_code region_name city_name postal_code
-                           dma_code timezone)
-
-    sample("ip" => "1.1.1.1") do
-      checked = 0
-      expected_fields.each do |f|
-        next unless subject.get("geoip")[f]
-        checked += 1
-        insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
+    context "select_database_path with static path" do
+      it "should be the assigned path" do
+        expect(plugin.select_database_path).to eql(DEFAULT_ASN_DB_PATH)
       end
-      insist { checked } > 0
     end
 
-    sample("ip" => "189.2.0.0") do
-      checked = 0
-      expected_fields.each do |f|
-        next unless subject.get("geoip")[f]
-        checked += 1
-        insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
+    describe "> 7.13" do
+      it "load_database_manager? should be true" do
+        expect(plugin.load_database_manager?).to be_truthy
       end
-      insist { checked } > 0
-    end
-
-  end
+    end if MAJOR >= 8 || (MAJOR == 7 && MINOR >= 13)
 
-  describe "location field" do
-    shared_examples_for "an event with a [geoip][location] field" do
-      subject(:event) { LogStash::Event.new("message" => "8.8.8.8") }
-      let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "fields" => ["country_name", "location", "longitude"]) }
-
-      before do
-        plugin.register
-        plugin.filter(event)
-      end
-
-      it "should have a location field" do
-        expect(event.get("[geoip][location]")).not_to(be_nil)
+    describe "<= 7.12" do
+      it "load_database_manager? should be false" do
+        expect(plugin.load_database_manager?).to be_falsey
       end
-    end
 
-    context "when latitude field is excluded" do
-      let(:fields) { ["country_name", "location", "longitude"] }
-      it_behaves_like "an event with a [geoip][location] field"
-    end
+      describe "select_database_path without path setting" do
+        let(:plugin) { LogStash::Filters::GeoIP.new("source" => "[target][ip]") }
 
-    context "when longitude field is excluded" do
-      let(:fields) { ["country_name", "location", "latitude"] }
-      it_behaves_like "an event with a [geoip][location] field"
-    end
-
-    context "when both latitude and longitude field are excluded" do
-      let(:fields) { ["country_name", "location"] }
-      it_behaves_like "an event with a [geoip][location] field"
-    end
-  end
-
-  describe "an invalid IP" do
-    config <<-CONFIG
-          filter {
-            geoip {
-              source => "ip"
-              database => "#{CITYDB}"
-            }
-          }
-        CONFIG
-    describe "should not raise an error" do
-      sample("ip" => "-") do
-        expect{ subject }.to_not raise_error
-      end
-
-      sample("ip" => "~") do
-        expect{ subject }.to_not raise_error
-      end
-
-      sample("ip" => "") do
-        expect{ subject }.to_not raise_error
-      end
-
-      sample("ip" => "      ") do
-        expect{ subject }.to_not raise_error
-      end
-    end
-
-    describe "filter method outcomes" do
-      let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "add_tag" => "done", "database" => CITYDB) }
-      let(:event) { LogStash::Event.new("message" => ipstring) }
-
-      before do
-        plugin.register
-        plugin.filter(event)
-      end
-
-      context "when the bad IP is N/A" do
-        # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/50
-        let(:ipstring) { "N/A" }
-
-        it "should set the target field to an empty hash" do
-          expect(event.get("geoip")).to eq({})
-        end
-
-        it "should add failure tags" do
-          expect(event.get("tags")).to include("_geoip_lookup_failure")
-        end
-      end
-
-      context "when the bad IP is two ip comma separated" do
-        # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/51
-        let(:ipstring) { "123.45.67.89,61.160.232.222" }
-
-        it "should set the target field to an empty hash" do
-          expect(event.get("geoip")).to eq({})
+        it "should be default" do
+          expect(plugin.select_database_path).to eql(DEFAULT_CITY_DB_PATH)
         end
       end
-
-      context "when a IP is not found in the DB" do
-        let(:ipstring) { "0.0.0.0" }
-
-        it "should set the target field to an empty hash" do
-          expect(event.get("geoip")).to eq({})
-          expect(event.get("tags")).to include("_geoip_lookup_failure")
-        end
-      end
-
-      context "when IP is IPv6 format for localhost" do
-        let(:ipstring) { "::1" }
-
-        it "should set the target field to an empty hash" do
-          expect(event.get("geoip")).to eq({})
-        end
-      end
-
-      context "when IP is valid IPv6 format" do
-        let(:ipstring) { "2607:f0d0:1002:51::4" }
-
-        it "should set the target fields properly" do
-          expect(event.get("geoip")).not_to be_empty
-          expect(event.get("geoip")["ip"]).to eq("2607:f0d0:1002:51:0:0:0:4")
-          expect(event.get("geoip").to_hash.keys.sort).to eq(
-              ["continent_code", "country_code2", "country_code3", "country_name", "ip", "latitude", "location", "longitude", "timezone"]
-                                                          )
-        end
-      end
-
-    end
-
-  end
-
-  describe "an invalid database" do
-    config <<-CONFIG
-          filter {
-            geoip {
-              source => "ip"
-              database => "./Gemfile"
-            }
-          }
-        CONFIG
-
-    context "should return the correct sourcefield in the logging message" do
-      sample("ip" => "8.8.8.8") do
-        expect { subject }.to raise_error(java.lang.IllegalArgumentException, "The database provided is invalid or corrupted.")
-      end
-    end
+    end if MAJOR < 7 || (MAJOR == 7 && MINOR <= 12)
   end
-
-  describe "GeoIP2-ASN database" do
-    config <<-CONFIG
-      filter {
-        geoip {
-          source => "ip"
-          # database => "" # use the bundled ASN
-          default_database_type => "ASN"
-        }
-      }
-    CONFIG
-
-    sample("ip" => "8.8.8.8") do
-      expect(subject.get("geoip")).not_to be_empty
-      expect(subject.get("geoip")["asn"]).to eq(15169)
-      expect(subject.get("geoip")["as_org"]).to eq("Google LLC")
-    end
-
-
-  end
-
 end

data/spec/filters/test_helper.rb

@@ -0,0 +1,22 @@
+require "logstash-core/logstash-core"
+require "digest"
+
+def get_vendor_path
+  ::File.expand_path("../../vendor/", ::File.dirname(__FILE__))
+end
+
+def get_file_path(filename)
+  ::File.join(get_vendor_path, filename)
+end
+
+def get_metadata_database_name
+  ::File.exist?(METADATA_PATH) ? ::File.read(METADATA_PATH).split(",").last[0..-2] : nil
+end
+
+METADATA_PATH = get_file_path("metadata.csv")
+DEFAULT_CITY_DB_PATH = get_file_path("GeoLite2-City.mmdb")
+DEFAULT_ASN_DB_PATH = get_file_path("GeoLite2-ASN.mmdb")
+
+major, minor = LOGSTASH_VERSION.split(".")
+MAJOR = major.to_i
+MINOR = minor.to_i

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-geoip
 version: !ruby/object:Gem::Version
-  version: 6.0.5
+  version: 7.0.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-16 00:00:00.000000000 Z
+date: 2021-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -92,7 +92,10 @@ files:
 - lib/logstash/filters/geoip/patch.rb
 - logstash-filter-geoip.gemspec
 - maxmind-db-NOTICE.txt
+- spec/filters/geoip_offline_spec.rb
+- spec/filters/geoip_online_spec.rb
 - spec/filters/geoip_spec.rb
+- spec/filters/test_helper.rb
 - vendor/GeoLite2-ASN.mmdb
 - vendor/GeoLite2-City.mmdb
 - vendor/jar-dependencies/com/maxmind/db/maxmind-db/1.2.2/maxmind-db-1.2.2.jar
@@ -126,4 +129,7 @@ signing_key:
 specification_version: 4
 summary: Adds geographical information about an IP address
 test_files:
+- spec/filters/geoip_offline_spec.rb
+- spec/filters/geoip_online_spec.rb
 - spec/filters/geoip_spec.rb
+- spec/filters/test_helper.rb