RubyGems - logstash-filter-geoip - Versions diffs - 6.0.5-java → 7.0.0-java - Mend

logstash-filter-geoip 6.0.5-java → 7.0.0-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/logstash/filters/geoip.rb +40 -13
data/logstash-filter-geoip.gemspec +1 -1
data/spec/filters/geoip_offline_spec.rb +297 -0
data/spec/filters/geoip_online_spec.rb +65 -0
data/spec/filters/geoip_spec.rb +21 -277
data/spec/filters/test_helper.rb +22 -0
data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/6.0.0/logstash-filter-geoip-6.0.0.jar +0 -0
metadata +8 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4d4c10ca6dc7f0ad60456004a01b7ed4b5442b9168e0e17649e96cfd9e4f205a
-  data.tar.gz: 34c3f8130b1a4bb6a7b840531987b9a2a3830b945129894d6bb5a108cfdc9e41
+  metadata.gz: 1863a093cb2b2c2cf3acc200ce48ff5c2103e0a998b419165b5dc910ae9a8afb
+  data.tar.gz: 3b75fd3ce00d85a101b32f56e0a1a408be32d8c4e8381fa2df7b0abe3073e7d0
 SHA512:
-  metadata.gz: 3d1559444aca8ee5bdd22549ad08c663d9a40aa68735f77eba576c15a258dc7c6b7456e7ccd1bb1c11bb120ee60b97aff9f283af2ac821a4665278b151e6e5ad
-  data.tar.gz: '08b8b38338a0fa050804071c5806815a376fe454223d03ff4b9b9f17b52e123f4a566f2a87fdbf3b5205ddf7dea2e6bce67247802faaa34f09c4635290146e2a'
+  metadata.gz: fa881996b64bdbb97765c1e257c850f70bc552f087127fda76d659d94a3c34a9bd80ea07d9dc7a5339d759834a345492c60f3b5c6ad96fbc07910239ff8fc218
+  data.tar.gz: 86063b89d552fd7b07d8add64bf4dfd644dff79fd978074bc09eca979ec7d86275e0672479a1401d1153cc5fbef2958dd692ee244b63c26ca720aaabf06ac05f

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+## 7.0.0
+  - Changed the plugin to use EULA GeoIP2 Database with auto-update [#176](https://github.com/logstash-plugins/logstash-filter-geoip/pull/176)
+    Available in Logstash 7.13+ Elastic license
 ## 6.0.5
   - Fix database download task. Upgrade project to java 11 [#175](https://github.com/logstash-plugins/logstash-filter-geoip/pull/175)

data/lib/logstash/filters/geoip.rb CHANGED Viewed

@@ -1,9 +1,9 @@
 # encoding: utf-8
 require "logstash/filters/base"
 require "logstash/namespace"
 require "logstash-filter-geoip_jars"
 # The GeoIP filter adds information about the geographical location of IP addresses,
 # based on data from the Maxmind GeoLite2 database.
 #
@@ -90,18 +90,8 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
   public
   def register
-    if @database.nil?
-      @database = ::Dir.glob(::File.join(::File.expand_path("../../../vendor/", ::File.dirname(__FILE__)),"GeoLite2-#{@default_database_type}.mmdb")).first
-      if @database.nil? || !File.exists?(@database)
-        raise "You must specify 'database => ...' in your geoip filter (I looked for '#{@database}')"
-      end
-    end
-    @logger.info("Using geoip database", :path => @database)
-    @geoipfilter = org.logstash.filters.GeoIPFilter.new(@source, @target, @fields, @database, @cache_size)
-  end # def register
+    setup_filter(select_database_path)
+  end
   public
   def filter(event)
@@ -118,4 +108,41 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
     @tag_on_failure.each{|tag| event.tag(tag)}
   end
+  def setup_filter(database_path)
+    @database = database_path
+    @logger.info("Using geoip database", :path => @database)
+    @geoipfilter = org.logstash.filters.GeoIPFilter.new(@source, @target, @fields, @database, @cache_size)
+  end
+  def terminate_filter
+    @logger.info("geoip plugin is terminating")
+    pipeline_id = execution_context.pipeline_id
+    execution_context.agent.stop_pipeline(pipeline_id)
+  end
+  def close
+    @database_manager.close unless @database_manager.nil?
+  end
+  def select_database_path
+    vendor_path = ::File.expand_path("../../../vendor/", ::File.dirname(__FILE__))
+    if load_database_manager?
+      @database_manager = LogStash::Filters::Geoip::DatabaseManager.new(self, @database, @default_database_type, vendor_path)
+      @database_manager.database_path
+    else
+      @database.nil? ? ::File.join(vendor_path, "GeoLite2-#{@default_database_type}.mmdb") : @database
+    end
+  end
+  def load_database_manager?
+    begin
+      require_relative "#{LogStash::Environment::LOGSTASH_HOME}/x-pack/lib/filters/geoip/database_manager"
+      true
+    rescue LoadError => e
+      @logger.info("DatabaseManager is not in classpath", :version => LOGSTASH_VERSION, :exception => e)
+      false
+    end
+  end
 end # class LogStash::Filters::GeoIP

data/logstash-filter-geoip.gemspec CHANGED Viewed

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-filter-geoip'
-  s.version         = '6.0.5'
+  s.version         = '7.0.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Adds geographical information about an IP address"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/filters/geoip_offline_spec.rb ADDED Viewed

@@ -0,0 +1,297 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"
+require "insist"
+require "logstash/filters/geoip"
+CITYDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoLite2-City.mmdb").first
+ASNDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoLite2-ASN.mmdb").first
+describe LogStash::Filters::GeoIP do
+  describe "defaults" do
+    config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+          database => "#{CITYDB}"
+        }
+      }
+    CONFIG
+    sample("ip" => "8.8.8.8") do
+      insist { subject }.include?("geoip")
+      expected_fields = %w(ip country_code2 country_code3 country_name
+                           continent_code latitude longitude location)
+      expected_fields.each do |f|
+        insist { subject.get("geoip") }.include?(f)
+      end
+    end
+    sample("ip" => "127.0.0.1") do
+      # assume geoip fails on localhost lookups
+      expect(subject.get("geoip")).to eq({})
+    end
+  end
+  describe "normal operations" do
+    config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+          database => "#{CITYDB}"
+          target => src_ip
+          add_tag => "done"
+        }
+      }
+    CONFIG
+    context "when specifying the target" do
+      sample("ip" => "8.8.8.8") do
+        expect(subject).to include("src_ip")
+        expected_fields = %w(ip country_code2 country_code3 country_name
+                             continent_code latitude longitude location)
+        expected_fields.each do |f|
+          expect(subject.get("src_ip")).to include(f)
+        end
+      end
+      sample("ip" => "127.0.0.1") do
+        # assume geoip fails on localhost lookups
+        expect(subject.get("src_ip")).to eq({})
+      end
+    end
+    context "when specifying add_tag" do
+      sample("ip" => "8.8.8.8") do
+        expect(subject.get("tags")).to include("done")
+      end
+    end
+  end
+  describe "source is derived from target" do
+    subject(:event) { LogStash::Event.new("target" => { "ip" => "173.9.34.107" } ) }
+    let(:plugin) {
+      LogStash::Filters::GeoIP.new(
+        "source" => "[target][ip]",
+        "target" => "target",
+        "fields" => [ "city_name", "region_name" ],
+        "add_tag" => "done", "database" => CITYDB
+      )
+    }
+    before do
+      plugin.register
+      plugin.filter(event)
+    end
+    context "when source field 'ip' is a subfield of 'target'" do
+      it "should preserve value in [target][ip]" do
+        expect(event.get("[target][ip]")).to eq("173.9.34.107")
+      end
+      it "should set other subfields of 'target' properly" do
+        expect(event.get("target").to_hash.keys.sort).to eq(["city_name", "ip", "region_name"])
+        expect(event.get("[target][city_name]")).to eq("Malden")
+        expect(event.get("[target][region_name]")).to eq("Massachusetts")
+      end
+    end
+  end
+  describe "correct encodings with default db" do
+    config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+          database => "#{CITYDB}"
+        }
+      }
+    CONFIG
+    expected_fields = %w(ip country_code2 country_code3 country_name
+                           continent_code region_name city_name postal_code
+                           dma_code timezone)
+    sample("ip" => "1.1.1.1") do
+      checked = 0
+      expected_fields.each do |f|
+        next unless subject.get("geoip")[f]
+        checked += 1
+        insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
+      end
+      insist { checked } > 0
+    end
+    sample("ip" => "189.2.0.0") do
+      checked = 0
+      expected_fields.each do |f|
+        next unless subject.get("geoip")[f]
+        checked += 1
+        insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
+      end
+      insist { checked } > 0
+    end
+  end
+  describe "location field" do
+    shared_examples_for "an event with a [geoip][location] field" do
+      subject(:event) { LogStash::Event.new("message" => "8.8.8.8") }
+      let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "fields" => fields, "database" => CITYDB) }
+      before do
+        plugin.register
+        plugin.filter(event)
+      end
+      it "should have a location field" do
+        expect(event.get("[geoip][location]")).not_to(be_nil)
+      end
+    end
+    context "when latitude field is excluded" do
+      let(:fields) { ["country_name", "location", "longitude"] }
+      it_behaves_like "an event with a [geoip][location] field"
+    end
+    context "when longitude field is excluded" do
+      let(:fields) { ["country_name", "location", "latitude"] }
+      it_behaves_like "an event with a [geoip][location] field"
+    end
+    context "when both latitude and longitude field are excluded" do
+      let(:fields) { ["country_name", "location"] }
+      it_behaves_like "an event with a [geoip][location] field"
+    end
+  end
+  describe "an invalid IP" do
+    config <<-CONFIG
+          filter {
+            geoip {
+              source => "ip"
+              database => "#{CITYDB}"
+            }
+          }
+        CONFIG
+    describe "should not raise an error" do
+      sample("ip" => "-") do
+        expect{ subject }.to_not raise_error
+      end
+      sample("ip" => "~") do
+        expect{ subject }.to_not raise_error
+      end
+      sample("ip" => "") do
+        expect{ subject }.to_not raise_error
+      end
+      sample("ip" => "      ") do
+        expect{ subject }.to_not raise_error
+      end
+    end
+    describe "filter method outcomes" do
+      let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "add_tag" => "done", "database" => CITYDB) }
+      let(:event) { LogStash::Event.new("message" => ipstring) }
+      before do
+        plugin.register
+        plugin.filter(event)
+      end
+      context "when the bad IP is N/A" do
+        # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/50
+        let(:ipstring) { "N/A" }
+        it "should set the target field to an empty hash" do
+          expect(event.get("geoip")).to eq({})
+        end
+        it "should add failure tags" do
+          expect(event.get("tags")).to include("_geoip_lookup_failure")
+        end
+      end
+      context "when the bad IP is two ip comma separated" do
+        # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/51
+        let(:ipstring) { "123.45.67.89,61.160.232.222" }
+        it "should set the target field to an empty hash" do
+          expect(event.get("geoip")).to eq({})
+        end
+      end
+      context "when a IP is not found in the DB" do
+        let(:ipstring) { "0.0.0.0" }
+        it "should set the target field to an empty hash" do
+          expect(event.get("geoip")).to eq({})
+          expect(event.get("tags")).to include("_geoip_lookup_failure")
+        end
+      end
+      context "when IP is IPv6 format for localhost" do
+        let(:ipstring) { "::1" }
+        it "should set the target field to an empty hash" do
+          expect(event.get("geoip")).to eq({})
+        end
+      end
+      context "when IP is valid IPv6 format" do
+        let(:ipstring) { "2607:f0d0:1002:51::4" }
+        it "should set the target fields properly" do
+          expect(event.get("geoip")).not_to be_empty
+          expect(event.get("geoip")["ip"]).to eq("2607:f0d0:1002:51:0:0:0:4")
+          expect(event.get("geoip").to_hash.keys.sort).to eq(
+              ["continent_code", "country_code2", "country_code3", "country_name", "ip", "latitude", "location", "longitude", "timezone"]
+                                                          )
+        end
+      end
+    end
+  end
+  describe "an invalid database" do
+    config <<-CONFIG
+          filter {
+            geoip {
+              source => "ip"
+              database => "./Gemfile"
+            }
+          }
+        CONFIG
+    context "should return the correct sourcefield in the logging message" do
+      sample("ip" => "8.8.8.8") do
+        expect { subject }.to raise_error(java.lang.IllegalArgumentException, "The database provided is invalid or corrupted.")
+      end
+    end
+  end
+  describe "GeoIP2-ASN database" do
+    config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+          database => "#{ASNDB}"
+          default_database_type => "ASN"
+        }
+      }
+    CONFIG
+    sample("ip" => "8.8.8.8") do
+      expect(subject.get("geoip")).not_to be_empty
+      expect(subject.get("geoip")["asn"]).to eq(15169)
+      expect(subject.get("geoip")["as_org"]).to eq("Google LLC")
+    end
+  end
+end

data/spec/filters/geoip_online_spec.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"
+require "insist"
+require "logstash/filters/geoip"
+require_relative 'test_helper'
+describe LogStash::Filters::GeoIP do
+  before(:each) do
+    ::File.delete(METADATA_PATH) if ::File.exist?(METADATA_PATH)
+  end
+  describe "config without database path in LS >= 7.13", :aggregate_failures do
+    before(:each) do
+      dir_path = Stud::Temporary.directory
+      File.open(dir_path + '/uuid', 'w') { |f| f.write(SecureRandom.uuid) }
+      allow(LogStash::SETTINGS).to receive(:get).and_call_original
+      allow(LogStash::SETTINGS).to receive(:get).with("path.data").and_return(dir_path)
+    end
+    let(:plugin) { LogStash::Filters::GeoIP.new("source" => "[target][ip]") }
+    context "restart the plugin" do
+      let(:event) { LogStash::Event.new("target" => { "ip" => "173.9.34.107" }) }
+      let(:event2) { LogStash::Event.new("target" => { "ip" => "55.159.212.43" }) }
+      it "should use the same database" do
+        unless plugin.load_database_manager?
+          logstash_path = ENV['LOGSTASH_PATH'] || '/usr/share/logstash' # docker logstash home
+          stub_const('LogStash::Environment::LOGSTASH_HOME', logstash_path)
+        end
+        plugin.register
+        plugin.filter(event)
+        plugin.close
+        first_database_name = get_metadata_database_name
+        plugin.register
+        plugin.filter(event2)
+        plugin.close
+        second_database_name = get_metadata_database_name
+        expect(first_database_name).not_to be_nil
+        expect(first_database_name).to eq(second_database_name)
+        expect(::File.exist?(get_file_path(first_database_name))).to be_truthy
+      end
+    end
+  end if MAJOR >= 8 || (MAJOR == 7 && MINOR >= 13)
+  describe "config without database path in LS < 7.13" do
+    context "should run in offline mode" do
+      config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+        }
+      }
+      CONFIG
+      sample("ip" => "173.9.34.107") do
+        insist { subject.get("geoip") }.include?("ip")
+        expect(::File.exist?(METADATA_PATH)).to be_falsey
+      end
+    end
+  end if MAJOR < 7 || (MAJOR == 7 && MINOR <= 12)
+end

data/spec/filters/geoip_spec.rb CHANGED Viewed

@@ -1,298 +1,42 @@
 # encoding: utf-8
 require "logstash/devutils/rspec/spec_helper"
-require "insist"
 require "logstash/filters/geoip"
-CITYDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoLite2-City.mmdb").first
+require_relative 'test_helper'
 describe LogStash::Filters::GeoIP do
-  describe "defaults" do
-    config <<-CONFIG
-      filter {
-        geoip {
-          source => "ip"
-          #database => "#{CITYDB}"
-        }
-      }
-    CONFIG
-    sample("ip" => "8.8.8.8") do
-      insist { subject }.include?("geoip")
-      expected_fields = %w(ip country_code2 country_code3 country_name
-                           continent_code latitude longitude location)
-      expected_fields.each do |f|
-        insist { subject.get("geoip") }.include?(f)
-      end
-    end
-    sample("ip" => "127.0.0.1") do
-      # assume geoip fails on localhost lookups
-      expect(subject.get("geoip")).to eq({})
-    end
-  end
-  describe "normal operations" do
-    config <<-CONFIG
-      filter {
-        geoip {
-          source => "ip"
-          # database => "#{CITYDB}"
-          target => src_ip
-          add_tag => "done"
-        }
-      }
-    CONFIG
-    context "when specifying the target" do
-      sample("ip" => "8.8.8.8") do
-        expect(subject).to include("src_ip")
-        expected_fields = %w(ip country_code2 country_code3 country_name
-                             continent_code latitude longitude location)
-        expected_fields.each do |f|
-          expect(subject.get("src_ip")).to include(f)
-        end
-      end
-      sample("ip" => "127.0.0.1") do
-        # assume geoip fails on localhost lookups
-        expect(subject.get("src_ip")).to eq({})
-      end
-    end
-    context "when specifying add_tag" do
-      sample("ip" => "8.8.8.8") do
-        expect(subject.get("tags")).to include("done")
-      end
-    end
-  end
-  describe "source is derived from target" do
-    subject(:event) { LogStash::Event.new("target" => { "ip" => "173.9.34.107" } ) }
-    let(:plugin) {
-      LogStash::Filters::GeoIP.new(
-        "source" => "[target][ip]",
-        "target" => "target",
-        "fields" => [ "city_name", "region_name" ],
-        "add_tag" => "done", "database" => CITYDB
-      )
-    }
-    before do
-      plugin.register
-      plugin.filter(event)
-    end
-    context "when source field 'ip' is a subfield of 'target'" do
-      it "should preserve value in [target][ip]" do
-        expect(event.get("[target][ip]")).to eq("173.9.34.107")
-      end
-      it "should set other subfields of 'target' properly" do
-        expect(event.get("target").to_hash.keys.sort).to eq(["city_name", "ip", "region_name"])
-        expect(event.get("[target][city_name]")).to eq("Malden")
-        expect(event.get("[target][region_name]")).to eq("Massachusetts")
-      end
+  describe "database path", :aggregate_failures do
+    let(:plugin) { LogStash::Filters::GeoIP.new("source" => "[target][ip]", "database" => DEFAULT_ASN_DB_PATH) }
+    before :each do
+      logstash_path = ENV['LOGSTASH_PATH'] || '/usr/share/logstash' # docker logstash home
+      stub_const('LogStash::Environment::LOGSTASH_HOME', logstash_path)
     end
-  end
-  describe "correct encodings with default db" do
-    config <<-CONFIG
-      filter {
-        geoip {
-          source => "ip"
-        }
-      }
-    CONFIG
-    expected_fields = %w(ip country_code2 country_code3 country_name
-                           continent_code region_name city_name postal_code
-                           dma_code timezone)
-    sample("ip" => "1.1.1.1") do
-      checked = 0
-      expected_fields.each do |f|
-        next unless subject.get("geoip")[f]
-        checked += 1
-        insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
+    context "select_database_path with static path" do
+      it "should be the assigned path" do
+        expect(plugin.select_database_path).to eql(DEFAULT_ASN_DB_PATH)
       end
-      insist { checked } > 0
     end
-    sample("ip" => "189.2.0.0") do
-      checked = 0
-      expected_fields.each do |f|
-        next unless subject.get("geoip")[f]
-        checked += 1
-        insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
+    describe "> 7.13" do
+      it "load_database_manager? should be true" do
+        expect(plugin.load_database_manager?).to be_truthy
       end
-      insist { checked } > 0
-    end
-  end
+    end if MAJOR >= 8 || (MAJOR == 7 && MINOR >= 13)
-  describe "location field" do
-    shared_examples_for "an event with a [geoip][location] field" do
-      subject(:event) { LogStash::Event.new("message" => "8.8.8.8") }
-      let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "fields" => ["country_name", "location", "longitude"]) }
-      before do
-        plugin.register
-        plugin.filter(event)
-      end
-      it "should have a location field" do
-        expect(event.get("[geoip][location]")).not_to(be_nil)
+    describe "<= 7.12" do
+      it "load_database_manager? should be false" do
+        expect(plugin.load_database_manager?).to be_falsey
       end
-    end
-    context "when latitude field is excluded" do
-      let(:fields) { ["country_name", "location", "longitude"] }
-      it_behaves_like "an event with a [geoip][location] field"
-    end
+      describe "select_database_path without path setting" do
+        let(:plugin) { LogStash::Filters::GeoIP.new("source" => "[target][ip]") }
-    context "when longitude field is excluded" do
-      let(:fields) { ["country_name", "location", "latitude"] }
-      it_behaves_like "an event with a [geoip][location] field"
-    end
-    context "when both latitude and longitude field are excluded" do
-      let(:fields) { ["country_name", "location"] }
-      it_behaves_like "an event with a [geoip][location] field"
-    end
-  end
-  describe "an invalid IP" do
-    config <<-CONFIG
-          filter {
-            geoip {
-              source => "ip"
-              database => "#{CITYDB}"
-            }
-          }
-        CONFIG
-    describe "should not raise an error" do
-      sample("ip" => "-") do
-        expect{ subject }.to_not raise_error
-      end
-      sample("ip" => "~") do
-        expect{ subject }.to_not raise_error
-      end
-      sample("ip" => "") do
-        expect{ subject }.to_not raise_error
-      end
-      sample("ip" => "      ") do
-        expect{ subject }.to_not raise_error
-      end
-    end
-    describe "filter method outcomes" do
-      let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "add_tag" => "done", "database" => CITYDB) }
-      let(:event) { LogStash::Event.new("message" => ipstring) }
-      before do
-        plugin.register
-        plugin.filter(event)
-      end
-      context "when the bad IP is N/A" do
-        # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/50
-        let(:ipstring) { "N/A" }
-        it "should set the target field to an empty hash" do
-          expect(event.get("geoip")).to eq({})
-        end
-        it "should add failure tags" do
-          expect(event.get("tags")).to include("_geoip_lookup_failure")
-        end
-      end
-      context "when the bad IP is two ip comma separated" do
-        # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/51
-        let(:ipstring) { "123.45.67.89,61.160.232.222" }
-        it "should set the target field to an empty hash" do
-          expect(event.get("geoip")).to eq({})
+        it "should be default" do
+          expect(plugin.select_database_path).to eql(DEFAULT_CITY_DB_PATH)
         end
       end
-      context "when a IP is not found in the DB" do
-        let(:ipstring) { "0.0.0.0" }
-        it "should set the target field to an empty hash" do
-          expect(event.get("geoip")).to eq({})
-          expect(event.get("tags")).to include("_geoip_lookup_failure")
-        end
-      end
-      context "when IP is IPv6 format for localhost" do
-        let(:ipstring) { "::1" }
-        it "should set the target field to an empty hash" do
-          expect(event.get("geoip")).to eq({})
-        end
-      end
-      context "when IP is valid IPv6 format" do
-        let(:ipstring) { "2607:f0d0:1002:51::4" }
-        it "should set the target fields properly" do
-          expect(event.get("geoip")).not_to be_empty
-          expect(event.get("geoip")["ip"]).to eq("2607:f0d0:1002:51:0:0:0:4")
-          expect(event.get("geoip").to_hash.keys.sort).to eq(
-              ["continent_code", "country_code2", "country_code3", "country_name", "ip", "latitude", "location", "longitude", "timezone"]
-                                                          )
-        end
-      end
-    end
-  end
-  describe "an invalid database" do
-    config <<-CONFIG
-          filter {
-            geoip {
-              source => "ip"
-              database => "./Gemfile"
-            }
-          }
-        CONFIG
-    context "should return the correct sourcefield in the logging message" do
-      sample("ip" => "8.8.8.8") do
-        expect { subject }.to raise_error(java.lang.IllegalArgumentException, "The database provided is invalid or corrupted.")
-      end
-    end
+    end if MAJOR < 7 || (MAJOR == 7 && MINOR <= 12)
   end
-  describe "GeoIP2-ASN database" do
-    config <<-CONFIG
-      filter {
-        geoip {
-          source => "ip"
-          # database => "" # use the bundled ASN
-          default_database_type => "ASN"
-        }
-      }
-    CONFIG
-    sample("ip" => "8.8.8.8") do
-      expect(subject.get("geoip")).not_to be_empty
-      expect(subject.get("geoip")["asn"]).to eq(15169)
-      expect(subject.get("geoip")["as_org"]).to eq("Google LLC")
-    end
-  end
 end

data/spec/filters/test_helper.rb ADDED Viewed

@@ -0,0 +1,22 @@
+require "logstash-core/logstash-core"
+require "digest"
+def get_vendor_path
+  ::File.expand_path("../../vendor/", ::File.dirname(__FILE__))
+end
+def get_file_path(filename)
+  ::File.join(get_vendor_path, filename)
+end
+def get_metadata_database_name
+  ::File.exist?(METADATA_PATH) ? ::File.read(METADATA_PATH).split(",").last[0..-2] : nil
+end
+METADATA_PATH = get_file_path("metadata.csv")
+DEFAULT_CITY_DB_PATH = get_file_path("GeoLite2-City.mmdb")
+DEFAULT_ASN_DB_PATH = get_file_path("GeoLite2-ASN.mmdb")
+major, minor = LOGSTASH_VERSION.split(".")
+MAJOR = major.to_i
+MINOR = minor.to_i

data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/6.0.0/logstash-filter-geoip-6.0.0.jar CHANGED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-geoip
 version: !ruby/object:Gem::Version
-  version: 6.0.5
+  version: 7.0.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-16 00:00:00.000000000 Z
+date: 2021-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -92,7 +92,10 @@ files:
 - lib/logstash/filters/geoip/patch.rb
 - logstash-filter-geoip.gemspec
 - maxmind-db-NOTICE.txt
+- spec/filters/geoip_offline_spec.rb
+- spec/filters/geoip_online_spec.rb
 - spec/filters/geoip_spec.rb
+- spec/filters/test_helper.rb
 - vendor/GeoLite2-ASN.mmdb
 - vendor/GeoLite2-City.mmdb
 - vendor/jar-dependencies/com/maxmind/db/maxmind-db/1.2.2/maxmind-db-1.2.2.jar
@@ -126,4 +129,7 @@ signing_key:
 specification_version: 4
 summary: Adds geographical information about an IP address
 test_files:
+- spec/filters/geoip_offline_spec.rb
+- spec/filters/geoip_online_spec.rb
 - spec/filters/geoip_spec.rb
+- spec/filters/test_helper.rb