logstash-input-beats 6.0.11-java → 6.0.12-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3964ad3d90cff475af37cb0f6dcf53182fd9b81ae33079fff3bf8789fef9ddf1
4
- data.tar.gz: 25bf12bef27170a2ab221d5003bc107492aae16e784995ebf44be9f0e51e479b
3
+ metadata.gz: fffd1d08907236b161c3b9df9bfd87ae1f90f0aa29450739410e7f2ec5d1a426
4
+ data.tar.gz: e48951c53cb2bc4ad6d4b48cb32dd7db0692b10d0182af7a21746cb703632f07
5
5
  SHA512:
6
- metadata.gz: 9554a53784dbc2d06eb56e8710f5ddd2c49e1c7571fee3c1c7530e6118c76d60a82688c09dedfd373417f72a00eec1c09a2ac2851191b05f8fde347afa4761e6
7
- data.tar.gz: 9b22eb9d8e5d60db6e6586eccb37bb518137b0458205d34f473dce178a088e3030095f1d6c0282ffa46574c26d2852feeea2b819788150f86a5ac30c38b27254
6
+ metadata.gz: f7f512920246aa50d6bd862844b133237f96fa75243a2fb13f255602881ab6ed9a7be1b3d7602db14ec7cfffbf795ef32fb3062425c0df5100159b2cee07acb9
7
+ data.tar.gz: 870eae665df61dc1aacc9ce0687e4042058e9c362301f93d255d318afc6045e92bda6f442f3fd7085db71fb532aa389052bf10f0a572761309bafe3229b596e2
@@ -1,3 +1,7 @@
1
+ ## 6.0.12
2
+ - Fix: log error when SSL context building fails [#402](https://github.com/logstash-plugins/logstash-input-beats/pull/402).
3
+ We've also made sure to log messages on configuration errors as LS 7.8/7.9 only prints details when level set to debug.
4
+
1
5
  ## 6.0.11
2
6
  - Updated jackson databind and Netty dependencies. Additionally, this release removes the dependency on `tcnative` +
3
7
  `boringssl`, using JVM supplied ciphers instead. This may result in fewer ciphers being available if the JCE
data/VERSION CHANGED
@@ -1 +1 @@
1
- 6.0.11
1
+ 6.0.12
@@ -8,4 +8,4 @@ require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
8
8
  require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.4')
9
9
  require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
10
10
  require_jar('org.apache.logging.log4j', 'log4j-api', '2.11.1')
11
- require_jar('org.logstash.beats', 'logstash-input-beats', '6.0.11')
11
+ require_jar('org.logstash.beats', 'logstash-input-beats', '6.0.12')
@@ -131,27 +131,32 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
131
131
  LogStash::Logger.setup_log4j(@logger)
132
132
  end
133
133
 
134
- if !@ssl
135
- @logger.warn("Beats input: SSL Certificate will not be used") unless @ssl_certificate.nil?
136
- @logger.warn("Beats input: SSL Key will not be used") unless @ssl_key.nil?
137
- elsif !ssl_configured?
138
- raise LogStash::ConfigurationError, "Certificate or Certificate Key not configured"
139
- end
134
+ if @ssl
135
+ if @ssl_key.nil? || @ssl_key.empty?
136
+ configuration_error "ssl_key => is a required setting when ssl => true is configured"
137
+ end
138
+ if @ssl_certificate.nil? || @ssl_certificate.empty?
139
+ configuration_error "ssl_certificate => is a required setting when ssl => true is configured"
140
+ end
140
141
 
141
- if @ssl && require_certificate_authorities? && !client_authentification?
142
- raise LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`"
143
- end
142
+ if require_certificate_authorities? && !client_authentification?
143
+ configuration_error "ssl_certificate_authorities => is a required setting when ssl_verify_mode => '#{@ssl_verify_mode}' is configured"
144
+ end
144
145
 
145
- if client_authentication_metadata? && !require_certificate_authorities?
146
- raise LogStash::ConfigurationError, "Enabling `peer_metadata` requires using `verify_mode` set to PEER or FORCE_PEER"
146
+ if client_authentication_metadata? && !require_certificate_authorities?
147
+ configuration_error "Configuring ssl_peer_metadata => true requires ssl_verify_mode => to be configured with 'peer' or 'force_peer'"
148
+ end
149
+ else
150
+ @logger.warn("configured ssl_certificate => #{@ssl_certificate.inspect} will not be used") if @ssl_certificate
151
+ @logger.warn("configured ssl_key => #{@ssl_key.inspect} will not be used") if @ssl_key
147
152
  end
148
153
 
149
154
  # Logstash 6.x breaking change (introduced with 4.0.0 of this gem)
150
155
  if @codec.kind_of? LogStash::Codecs::Multiline
151
- raise LogStash::ConfigurationError, "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html"
156
+ configuration_error "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html"
152
157
  end
153
158
 
154
- @logger.info("Beats inputs: Starting input listener", :address => "#{@host}:#{@port}")
159
+ @logger.info("Starting input listener", :address => "#{@host}:#{@port}")
155
160
 
156
161
  @server = create_server
157
162
  end # def register
@@ -159,37 +164,20 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
159
164
  def create_server
160
165
  server = org.logstash.beats.Server.new(@host, @port, @client_inactivity_timeout, @executor_threads)
161
166
  if @ssl
162
-
163
- begin
164
- ssl_context_builder = org.logstash.netty.SslContextBuilder.new(@ssl_certificate, @ssl_key, @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value)
165
- .setProtocols(convert_protocols)
166
- .setCipherSuites(normalized_ciphers)
167
- rescue java.lang.IllegalArgumentException => e
168
- raise LogStash::ConfigurationError, e
169
- end
170
-
171
-
167
+ ssl_context_builder = new_ssl_context_builder
172
168
  if client_authentification?
173
- if @ssl_verify_mode.upcase == "FORCE_PEER"
169
+ if @ssl_verify_mode == "force_peer"
174
170
  ssl_context_builder.setVerifyMode(org.logstash.netty.SslContextBuilder::SslClientVerifyMode::FORCE_PEER)
175
- elsif @ssl_verify_mode.upcase == "PEER"
171
+ elsif @ssl_verify_mode == "peer"
176
172
  ssl_context_builder.setVerifyMode(org.logstash.netty.SslContextBuilder::SslClientVerifyMode::VERIFY_PEER)
177
173
  end
178
174
  ssl_context_builder.setCertificateAuthorities(@ssl_certificate_authorities)
179
175
  end
180
- server.setSslHandlerProvider(org.logstash.netty.SslHandlerProvider.new(ssl_context_builder.build_context, @ssl_handshake_timeout))
176
+ server.setSslHandlerProvider(new_ssl_handshake_provider(ssl_context_builder))
181
177
  end
182
178
  server
183
179
  end
184
180
 
185
- def ssl_configured?
186
- !(@ssl_certificate.nil? || @ssl_key.nil?)
187
- end
188
-
189
- def target_codec_on_field?
190
- !@target_codec_on_field.empty?
191
- end
192
-
193
181
  def run(output_queue)
194
182
  message_listener = MessageListener.new(output_queue, self)
195
183
  @server.setMessageListener(message_listener)
@@ -200,6 +188,14 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
200
188
  @server.stop unless @server.nil?
201
189
  end
202
190
 
191
+ def ssl_configured?
192
+ !(@ssl_certificate.nil? || @ssl_key.nil?)
193
+ end
194
+
195
+ def target_codec_on_field?
196
+ !@target_codec_on_field.empty?
197
+ end
198
+
203
199
  def client_authentification?
204
200
  @ssl_certificate_authorities && @ssl_certificate_authorities.size > 0
205
201
  end
@@ -216,6 +212,32 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
216
212
  @ssl_verify_mode == "force_peer" || @ssl_verify_mode == "peer"
217
213
  end
218
214
 
215
+ private
216
+
217
+ def new_ssl_handshake_provider(ssl_context_builder)
218
+ begin
219
+ org.logstash.netty.SslHandlerProvider.new(ssl_context_builder.build_context, @ssl_handshake_timeout)
220
+ rescue java.lang.IllegalArgumentException => e
221
+ @logger.error("SSL configuration invalid", error_details(e))
222
+ raise LogStash::ConfigurationError, e
223
+ rescue java.security.GeneralSecurityException => e
224
+ @logger.error("SSL configuration failed", error_details(e, true))
225
+ raise e
226
+ end
227
+ end
228
+
229
+ def new_ssl_context_builder
230
+ passphrase = @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value
231
+ begin
232
+ org.logstash.netty.SslContextBuilder.new(@ssl_certificate, @ssl_key, passphrase)
233
+ .setProtocols(convert_protocols)
234
+ .setCipherSuites(normalized_ciphers)
235
+ rescue java.lang.IllegalArgumentException => e
236
+ @logger.error("SSL configuration invalid", error_details(e))
237
+ raise LogStash::ConfigurationError, e
238
+ end
239
+ end
240
+
219
241
  def normalized_ciphers
220
242
  @cipher_suites.map(&:upcase)
221
243
  end
@@ -223,4 +245,16 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
223
245
  def convert_protocols
224
246
  TLS.get_supported(@tls_min_version..@tls_max_version).map(&:name)
225
247
  end
248
+
249
+ def configuration_error(message)
250
+ @logger.error message
251
+ raise LogStash::ConfigurationError, message
252
+ end
253
+
254
+ def error_details(e, trace = false)
255
+ error_details = { :exception => e.class, :message => e.message }
256
+ error_details[:backtrace] = e.backtrace if trace || @logger.debug?
257
+ error_details
258
+ end
259
+
226
260
  end
@@ -13,11 +13,19 @@ describe LogStash::Inputs::Beats do
13
13
  let(:certificate) { BeatsInputTest.certificate }
14
14
  let(:port) { BeatsInputTest.random_port }
15
15
  let(:queue) { Queue.new }
16
- let(:config) { { "port" => 0, "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "beats"} }
16
+ let(:config) do
17
+ {
18
+ "port" => 0,
19
+ "ssl_certificate" => certificate.ssl_cert,
20
+ "ssl_key" => certificate.ssl_key,
21
+ "type" => "example",
22
+ "tags" => "beats"
23
+ }
24
+ end
17
25
 
18
26
  context "#register" do
19
27
  context "host related configuration" do
20
- let(:config) { super.merge!({ "host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads }) }
28
+ let(:config) { super.merge("host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads) }
21
29
  let(:host) { "192.168.1.20" }
22
30
  let(:port) { 9000 }
23
31
  let(:client_inactivity_timeout) { 400 }
@@ -38,38 +46,55 @@ describe LogStash::Inputs::Beats do
38
46
 
39
47
  context "with ssl enabled" do
40
48
  context "without certificate configuration" do
41
- let(:config) {{ "port" => 0, "ssl" => true, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "beats" }}
49
+ let(:config) { { "port" => 0, "ssl" => true, "ssl_key" => certificate.ssl_key, "type" => "example" } }
42
50
 
43
51
  it "should fail to register the plugin with ConfigurationError" do
44
52
  plugin = LogStash::Inputs::Beats.new(config)
45
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError)
53
+ expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
46
54
  end
47
55
  end
48
56
 
49
57
  context "without key configuration" do
50
- let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats"} }
58
+ let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "type" => "example" } }
51
59
  it "should fail to register the plugin with ConfigurationError" do
52
60
  plugin = LogStash::Inputs::Beats.new(config)
53
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError)
61
+ expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
62
+ end
63
+ end
64
+
65
+ context "with invalid key configuration" do
66
+ let(:p12_key) { certificate.p12_key }
67
+ let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "ssl_key" => p12_key } }
68
+ it "should fail to register the plugin" do
69
+ plugin = LogStash::Inputs::Beats.new(config)
70
+ expect( plugin.logger ).to receive(:error) do |msg, opts|
71
+ expect( msg ).to match /.*?configuration invalid/
72
+ expect( opts[:message] ).to match /does not contain valid private key/
73
+ end
74
+ expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
54
75
  end
55
76
  end
56
77
 
57
78
  context "with invalid ciphers" do
58
- let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats", "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38"} }
79
+ let(:config) { super.merge("ssl" => true, "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
59
80
 
60
81
  it "should raise a configuration error" do
61
82
  plugin = LogStash::Inputs::Beats.new(config)
83
+ expect( plugin.logger ).to receive(:error) do |msg, opts|
84
+ expect( msg ).to match /.*?configuration invalid/
85
+ expect( opts[:message] ).to match /TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38.*? not available/
86
+ end
62
87
  expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
63
88
  end
64
89
  end
65
90
 
66
91
  context "verify_mode" do
67
92
  context "verify_mode configured to PEER" do
68
- let(:config) { { "port" => 0, "ssl" => true, "ssl_verify_mode" => "peer", "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "Beats"} }
93
+ let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "peer") }
69
94
 
70
95
  it "raise a ConfigurationError when certificate_authorities is not set" do
71
96
  plugin = LogStash::Inputs::Beats.new(config)
72
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`")
97
+ expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_verify_mode => 'peer' is configured")
73
98
  end
74
99
 
75
100
  it "doesn't raise a configuration error when certificate_authorities is set" do
@@ -80,11 +105,11 @@ describe LogStash::Inputs::Beats do
80
105
  end
81
106
 
82
107
  context "verify_mode configured to FORCE_PEER" do
83
- let(:config) { { "port" => 0, "ssl" => true, "ssl_verify_mode" => "force_peer", "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "Beats"} }
108
+ let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "force_peer") }
84
109
 
85
110
  it "raise a ConfigurationError when certificate_authorities is not set" do
86
111
  plugin = LogStash::Inputs::Beats.new(config)
87
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`")
112
+ expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_verify_mode => 'force_peer' is configured")
88
113
  end
89
114
 
90
115
  it "doesn't raise a configuration error when certificate_authorities is set" do
@@ -98,7 +123,7 @@ describe LogStash::Inputs::Beats do
98
123
 
99
124
  context "with ssl disabled" do
100
125
  context "and certificate configuration" do
101
- let(:config) { { "port" => 0, "ssl" => false, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats" } }
126
+ let(:config) { { "port" => 0, "ssl" => false, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats" } }
102
127
 
103
128
  it "should not fail" do
104
129
  plugin = LogStash::Inputs::Beats.new(config)
@@ -13,6 +13,13 @@ module BeatsInputTest
13
13
 
14
14
  system("openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout #{ssl_key} -out #{ssl_cert} -subj /CN=localhost > /dev/null 2>&1")
15
15
  end
16
+
17
+ def p12_key
18
+ p12_key = Stud::Temporary.pathname("p12_key")
19
+ system "openssl pkcs12 -export -passout pass:123 -inkey #{ssl_key} -in #{ssl_cert} -out #{p12_key}"
20
+ p12_key
21
+ end
22
+
16
23
  end
17
24
 
18
25
  class << self
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-beats
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.11
4
+ version: 6.0.12
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-03 00:00:00.000000000 Z
11
+ date: 2020-12-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -271,7 +271,7 @@ files:
271
271
  - vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final/netty-all-4.1.49.Final.jar
272
272
  - vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
273
273
  - vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
274
- - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.0.11/logstash-input-beats-6.0.11.jar
274
+ - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.0.12/logstash-input-beats-6.0.12.jar
275
275
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
276
276
  licenses:
277
277
  - Apache License (2.0)