logstash-input-beats 6.0.8-java → 6.0.13-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d36df63759f956947694a03bdb957713d14cbe14c52858176392f385928d4ec6
4
- data.tar.gz: b3c002bbeb7213ee53ee1fb6a41c6655d4b8703f5fc655c9aade1904fe3faa03
3
+ metadata.gz: ef7779105775e36517acd284df5cbb37c939bd8b0efd65e4a3ffb666800e4c6a
4
+ data.tar.gz: f9d9e7d95f1bcae77c92bff84eb8c80b74abc8065e4ebcec602104aac08ce029
5
5
  SHA512:
6
- metadata.gz: 1078ff7c09d34c699208b470be1956bad26e36f608cfc48272a903fef44151043c3884cb8a1ce6a66244a5e4aa16fbc782e0e8c071f0e5137dc7cf9cf117d795
7
- data.tar.gz: 22a92f568a487fd041366e77f7abc8a7d2ca0fa47a1ae3ef6cc43511d4f98de837c92c6f3bb64a5551ccef0d145108012fa47fc758bb1dd7eb036b1879fd8acb
6
+ metadata.gz: 5d0894f99926e28eead2857c4f3290b6bc2e59595b305c7feb5c4fb331d54267030eb3791bbff0c6838103528161a64f02d41f4ce9345dd500e58b3a3723219b
7
+ data.tar.gz: ce4d2455d86c6f1d40d92d9e476ca942bd92ca156fdc764ecf8941716295c0038ec799004da6c7f7e7d626e2aabd5e96d5555a80c0de5386cf885d4cec930240
@@ -1,3 +1,23 @@
1
+ ## 6.0.13
2
+ - [DOC] Update links to use shared attributes
3
+
4
+ ## 6.0.12
5
+ - Fix: log error when SSL context building fails [#402](https://github.com/logstash-plugins/logstash-input-beats/pull/402).
6
+ We've also made sure to log messages on configuration errors as LS 7.8/7.9 only prints details when level set to debug.
7
+
8
+ ## 6.0.11
9
+ - Updated jackson databind and Netty dependencies. Additionally, this release removes the dependency on `tcnative` +
10
+ `boringssl`, using JVM supplied ciphers instead. This may result in fewer ciphers being available if the JCE
11
+ unlimited strength jurisdiction policy is not installed. (This policy is installed by default on versions of the
12
+ JDK from u161 onwards)[#393](https://github.com/logstash-plugins/logstash-input-beats/pull/393)
13
+
14
+ ## 6.0.10
15
+ - Added error handling to detect if ssl certificate or key files can't be read [#394](https://github.com/logstash-plugins/logstash-input-beats/pull/394)
16
+
17
+ ## 6.0.9
18
+ - Fixed issue where calling `java_import` on `org.logstash.netty.SslContextBuilder` was causing the TCP input to pick up the wrong SslContextBuilder class
19
+ potentially causing pipeline creation to fail [#388](https://github.com/logstash-plugins/logstash-input-beats/pull/388)
20
+
1
21
  ## 6.0.8
2
22
  - Fixed issue where an SslContext was unnecessarily being created for each connection [#383](https://github.com/logstash-plugins/logstash-input-beats/pull/383)
3
23
  - Fixed issue where `end` was not being called when an Inflater was closed [#383](https://github.com/logstash-plugins/logstash-input-beats/pull/383)
data/LICENSE CHANGED
@@ -1,14 +1,202 @@
1
- Copyright 2012-2018 Jordan Sissel, Elasticsearch and contributors.
2
1
 
3
- Licensed under the Apache License, Version 2.0 (the "License");
4
- you may not use this file except in compliance with the License.
5
- You may obtain a copy of the License at
2
+ Apache License
3
+ Version 2.0, January 2004
4
+ http://www.apache.org/licenses/
6
5
 
7
- http://www.apache.org/licenses/LICENSE-2.0
6
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
8
7
 
9
- Unless required by applicable law or agreed to in writing, software
10
- distributed under the License is distributed on an "AS IS" BASIS,
11
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
- See the License for the specific language governing permissions and
13
- limitations under the License.
8
+ 1. Definitions.
14
9
 
10
+ "License" shall mean the terms and conditions for use, reproduction,
11
+ and distribution as defined by Sections 1 through 9 of this document.
12
+
13
+ "Licensor" shall mean the copyright owner or entity authorized by
14
+ the copyright owner that is granting the License.
15
+
16
+ "Legal Entity" shall mean the union of the acting entity and all
17
+ other entities that control, are controlled by, or are under common
18
+ control with that entity. For the purposes of this definition,
19
+ "control" means (i) the power, direct or indirect, to cause the
20
+ direction or management of such entity, whether by contract or
21
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
22
+ outstanding shares, or (iii) beneficial ownership of such entity.
23
+
24
+ "You" (or "Your") shall mean an individual or Legal Entity
25
+ exercising permissions granted by this License.
26
+
27
+ "Source" form shall mean the preferred form for making modifications,
28
+ including but not limited to software source code, documentation
29
+ source, and configuration files.
30
+
31
+ "Object" form shall mean any form resulting from mechanical
32
+ transformation or translation of a Source form, including but
33
+ not limited to compiled object code, generated documentation,
34
+ and conversions to other media types.
35
+
36
+ "Work" shall mean the work of authorship, whether in Source or
37
+ Object form, made available under the License, as indicated by a
38
+ copyright notice that is included in or attached to the work
39
+ (an example is provided in the Appendix below).
40
+
41
+ "Derivative Works" shall mean any work, whether in Source or Object
42
+ form, that is based on (or derived from) the Work and for which the
43
+ editorial revisions, annotations, elaborations, or other modifications
44
+ represent, as a whole, an original work of authorship. For the purposes
45
+ of this License, Derivative Works shall not include works that remain
46
+ separable from, or merely link (or bind by name) to the interfaces of,
47
+ the Work and Derivative Works thereof.
48
+
49
+ "Contribution" shall mean any work of authorship, including
50
+ the original version of the Work and any modifications or additions
51
+ to that Work or Derivative Works thereof, that is intentionally
52
+ submitted to Licensor for inclusion in the Work by the copyright owner
53
+ or by an individual or Legal Entity authorized to submit on behalf of
54
+ the copyright owner. For the purposes of this definition, "submitted"
55
+ means any form of electronic, verbal, or written communication sent
56
+ to the Licensor or its representatives, including but not limited to
57
+ communication on electronic mailing lists, source code control systems,
58
+ and issue tracking systems that are managed by, or on behalf of, the
59
+ Licensor for the purpose of discussing and improving the Work, but
60
+ excluding communication that is conspicuously marked or otherwise
61
+ designated in writing by the copyright owner as "Not a Contribution."
62
+
63
+ "Contributor" shall mean Licensor and any individual or Legal Entity
64
+ on behalf of whom a Contribution has been received by Licensor and
65
+ subsequently incorporated within the Work.
66
+
67
+ 2. Grant of Copyright License. Subject to the terms and conditions of
68
+ this License, each Contributor hereby grants to You a perpetual,
69
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70
+ copyright license to reproduce, prepare Derivative Works of,
71
+ publicly display, publicly perform, sublicense, and distribute the
72
+ Work and such Derivative Works in Source or Object form.
73
+
74
+ 3. Grant of Patent License. Subject to the terms and conditions of
75
+ this License, each Contributor hereby grants to You a perpetual,
76
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77
+ (except as stated in this section) patent license to make, have made,
78
+ use, offer to sell, sell, import, and otherwise transfer the Work,
79
+ where such license applies only to those patent claims licensable
80
+ by such Contributor that are necessarily infringed by their
81
+ Contribution(s) alone or by combination of their Contribution(s)
82
+ with the Work to which such Contribution(s) was submitted. If You
83
+ institute patent litigation against any entity (including a
84
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
85
+ or a Contribution incorporated within the Work constitutes direct
86
+ or contributory patent infringement, then any patent licenses
87
+ granted to You under this License for that Work shall terminate
88
+ as of the date such litigation is filed.
89
+
90
+ 4. Redistribution. You may reproduce and distribute copies of the
91
+ Work or Derivative Works thereof in any medium, with or without
92
+ modifications, and in Source or Object form, provided that You
93
+ meet the following conditions:
94
+
95
+ (a) You must give any other recipients of the Work or
96
+ Derivative Works a copy of this License; and
97
+
98
+ (b) You must cause any modified files to carry prominent notices
99
+ stating that You changed the files; and
100
+
101
+ (c) You must retain, in the Source form of any Derivative Works
102
+ that You distribute, all copyright, patent, trademark, and
103
+ attribution notices from the Source form of the Work,
104
+ excluding those notices that do not pertain to any part of
105
+ the Derivative Works; and
106
+
107
+ (d) If the Work includes a "NOTICE" text file as part of its
108
+ distribution, then any Derivative Works that You distribute must
109
+ include a readable copy of the attribution notices contained
110
+ within such NOTICE file, excluding those notices that do not
111
+ pertain to any part of the Derivative Works, in at least one
112
+ of the following places: within a NOTICE text file distributed
113
+ as part of the Derivative Works; within the Source form or
114
+ documentation, if provided along with the Derivative Works; or,
115
+ within a display generated by the Derivative Works, if and
116
+ wherever such third-party notices normally appear. The contents
117
+ of the NOTICE file are for informational purposes only and
118
+ do not modify the License. You may add Your own attribution
119
+ notices within Derivative Works that You distribute, alongside
120
+ or as an addendum to the NOTICE text from the Work, provided
121
+ that such additional attribution notices cannot be construed
122
+ as modifying the License.
123
+
124
+ You may add Your own copyright statement to Your modifications and
125
+ may provide additional or different license terms and conditions
126
+ for use, reproduction, or distribution of Your modifications, or
127
+ for any such Derivative Works as a whole, provided Your use,
128
+ reproduction, and distribution of the Work otherwise complies with
129
+ the conditions stated in this License.
130
+
131
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
132
+ any Contribution intentionally submitted for inclusion in the Work
133
+ by You to the Licensor shall be under the terms and conditions of
134
+ this License, without any additional terms or conditions.
135
+ Notwithstanding the above, nothing herein shall supersede or modify
136
+ the terms of any separate license agreement you may have executed
137
+ with Licensor regarding such Contributions.
138
+
139
+ 6. Trademarks. This License does not grant permission to use the trade
140
+ names, trademarks, service marks, or product names of the Licensor,
141
+ except as required for reasonable and customary use in describing the
142
+ origin of the Work and reproducing the content of the NOTICE file.
143
+
144
+ 7. Disclaimer of Warranty. Unless required by applicable law or
145
+ agreed to in writing, Licensor provides the Work (and each
146
+ Contributor provides its Contributions) on an "AS IS" BASIS,
147
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148
+ implied, including, without limitation, any warranties or conditions
149
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150
+ PARTICULAR PURPOSE. You are solely responsible for determining the
151
+ appropriateness of using or redistributing the Work and assume any
152
+ risks associated with Your exercise of permissions under this License.
153
+
154
+ 8. Limitation of Liability. In no event and under no legal theory,
155
+ whether in tort (including negligence), contract, or otherwise,
156
+ unless required by applicable law (such as deliberate and grossly
157
+ negligent acts) or agreed to in writing, shall any Contributor be
158
+ liable to You for damages, including any direct, indirect, special,
159
+ incidental, or consequential damages of any character arising as a
160
+ result of this License or out of the use or inability to use the
161
+ Work (including but not limited to damages for loss of goodwill,
162
+ work stoppage, computer failure or malfunction, or any and all
163
+ other commercial damages or losses), even if such Contributor
164
+ has been advised of the possibility of such damages.
165
+
166
+ 9. Accepting Warranty or Additional Liability. While redistributing
167
+ the Work or Derivative Works thereof, You may choose to offer,
168
+ and charge a fee for, acceptance of support, warranty, indemnity,
169
+ or other liability obligations and/or rights consistent with this
170
+ License. However, in accepting such obligations, You may act only
171
+ on Your own behalf and on Your sole responsibility, not on behalf
172
+ of any other Contributor, and only if You agree to indemnify,
173
+ defend, and hold each Contributor harmless for any liability
174
+ incurred by, or claims asserted against, such Contributor by reason
175
+ of your accepting any such warranty or additional liability.
176
+
177
+ END OF TERMS AND CONDITIONS
178
+
179
+ APPENDIX: How to apply the Apache License to your work.
180
+
181
+ To apply the Apache License to your work, attach the following
182
+ boilerplate notice, with the fields enclosed by brackets "[]"
183
+ replaced with your own identifying information. (Don't include
184
+ the brackets!) The text should be enclosed in the appropriate
185
+ comment syntax for the file format. We also recommend that a
186
+ file or class name and description of purpose be included on the
187
+ same "printed page" as the copyright notice for easier
188
+ identification within third-party archives.
189
+
190
+ Copyright 2020 Elastic and contributors
191
+
192
+ Licensed under the Apache License, Version 2.0 (the "License");
193
+ you may not use this file except in compliance with the License.
194
+ You may obtain a copy of the License at
195
+
196
+ http://www.apache.org/licenses/LICENSE-2.0
197
+
198
+ Unless required by applicable law or agreed to in writing, software
199
+ distributed under the License is distributed on an "AS IS" BASIS,
200
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201
+ See the License for the specific language governing permissions and
202
+ limitations under the License.
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Logstash Plugin
2
2
 
3
- [![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-input-beats.svg)](https://travis-ci.org/logstash-plugins/logstash-input-beats)
3
+ [![Travis Build Status](https://travis-ci.com/logstash-plugins/logstash-input-beats.svg)](https://travis-ci.com/logstash-plugins/logstash-input-beats)
4
4
 
5
5
  This is a plugin for [Logstash](https://github.com/elastic/logstash).
6
6
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 6.0.8
1
+ 6.0.13
@@ -56,11 +56,12 @@ NOTE: If ILM is not being used, set `index` to
56
56
  Logstash creates an index per day, based on the `@timestamp` value of the events
57
57
  coming from Beats.
58
58
 
59
- IMPORTANT: If you are shipping events that span multiple lines, you need to
60
- use the https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html[configuration options available in Filebeat] to handle multiline events
61
- before sending the event data to Logstash. You cannot use the
62
- {logstash-ref}/plugins-codecs-multiline.html[Multiline codec plugin] to handle multiline events. Doing so will
63
- result in the failure to start Logstash.
59
+ IMPORTANT: If you are shipping events that span multiple lines, you need to use
60
+ the {filebeat-ref}/multiline-examples.html[configuration options available in
61
+ Filebeat] to handle multiline events before sending the event data to Logstash.
62
+ You cannot use the {logstash-ref}/plugins-codecs-multiline.html[Multiline codec
63
+ plugin] to handle multiline events. Doing so will result in the failure to start
64
+ Logstash.
64
65
 
65
66
  [id="plugins-{type}s-{plugin}-versioned-indexes"]
66
67
  ==== Versioned Beats Indices
@@ -1,12 +1,11 @@
1
1
  # AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.
2
2
 
3
3
  require 'jar_dependencies'
4
- require_jar('io.netty', 'netty-all', '4.1.30.Final')
5
- require_jar('io.netty', 'netty-tcnative-boringssl-static', '2.0.12.Final')
4
+ require_jar('io.netty', 'netty-all', '4.1.49.Final')
6
5
  require_jar('org.javassist', 'javassist', '3.24.0-GA')
7
6
  require_jar('com.fasterxml.jackson.core', 'jackson-core', '2.9.10')
8
7
  require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
9
- require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.1')
8
+ require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.4')
10
9
  require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
11
10
  require_jar('org.apache.logging.log4j', 'log4j-api', '2.11.1')
12
- require_jar('org.logstash.beats', 'logstash-input-beats', '6.0.8')
11
+ require_jar('org.logstash.beats', 'logstash-input-beats', '6.0.13')
@@ -114,8 +114,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
114
114
  config :tls_max_version, :validate => :number, :default => TLS.max.version
115
115
 
116
116
  # The list of ciphers suite to use, listed by priorities.
117
- config :cipher_suites, :validate => :array, :default => org.logstash.netty.SslContextBuilder::DEFAULT_CIPHERS
118
-
117
+ config :cipher_suites, :validate => :array, :default => org.logstash.netty.SslContextBuilder.getDefaultCiphers
119
118
  # Close Idle clients after X seconds of inactivity.
120
119
  config :client_inactivity_timeout, :validate => :number, :default => 60
121
120
 
@@ -132,32 +131,32 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
132
131
  LogStash::Logger.setup_log4j(@logger)
133
132
  end
134
133
 
135
- java_import "org.logstash.beats.Server"
136
- java_import "org.logstash.netty.SslContextBuilder"
137
- java_import "org.logstash.netty.SslHandlerProvider"
138
- java_import "java.io.FileInputStream"
139
-
140
- if !@ssl
141
- @logger.warn("Beats input: SSL Certificate will not be used") unless @ssl_certificate.nil?
142
- @logger.warn("Beats input: SSL Key will not be used") unless @ssl_key.nil?
143
- elsif !ssl_configured?
144
- raise LogStash::ConfigurationError, "Certificate or Certificate Key not configured"
145
- end
134
+ if @ssl
135
+ if @ssl_key.nil? || @ssl_key.empty?
136
+ configuration_error "ssl_key => is a required setting when ssl => true is configured"
137
+ end
138
+ if @ssl_certificate.nil? || @ssl_certificate.empty?
139
+ configuration_error "ssl_certificate => is a required setting when ssl => true is configured"
140
+ end
146
141
 
147
- if @ssl && require_certificate_authorities? && !client_authentification?
148
- raise LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`"
149
- end
142
+ if require_certificate_authorities? && !client_authentification?
143
+ configuration_error "ssl_certificate_authorities => is a required setting when ssl_verify_mode => '#{@ssl_verify_mode}' is configured"
144
+ end
150
145
 
151
- if client_authentication_metadata? && !require_certificate_authorities?
152
- raise LogStash::ConfigurationError, "Enabling `peer_metadata` requires using `verify_mode` set to PEER or FORCE_PEER"
146
+ if client_authentication_metadata? && !require_certificate_authorities?
147
+ configuration_error "Configuring ssl_peer_metadata => true requires ssl_verify_mode => to be configured with 'peer' or 'force_peer'"
148
+ end
149
+ else
150
+ @logger.warn("configured ssl_certificate => #{@ssl_certificate.inspect} will not be used") if @ssl_certificate
151
+ @logger.warn("configured ssl_key => #{@ssl_key.inspect} will not be used") if @ssl_key
153
152
  end
154
153
 
155
154
  # Logstash 6.x breaking change (introduced with 4.0.0 of this gem)
156
155
  if @codec.kind_of? LogStash::Codecs::Multiline
157
- raise LogStash::ConfigurationError, "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html"
156
+ configuration_error "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html"
158
157
  end
159
158
 
160
- @logger.info("Beats inputs: Starting input listener", :address => "#{@host}:#{@port}")
159
+ @logger.info("Starting input listener", :address => "#{@host}:#{@port}")
161
160
 
162
161
  @server = create_server
163
162
  end # def register
@@ -165,37 +164,20 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
165
164
  def create_server
166
165
  server = org.logstash.beats.Server.new(@host, @port, @client_inactivity_timeout, @executor_threads)
167
166
  if @ssl
168
-
169
- begin
170
- ssl_context_builder = org.logstash.netty.SslContextBuilder.new(@ssl_certificate, @ssl_key, @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value)
171
- .setProtocols(convert_protocols)
172
- .setCipherSuites(normalized_ciphers)
173
- rescue java.lang.IllegalArgumentException => e
174
- raise LogStash::ConfigurationError, e
175
- end
176
-
177
-
167
+ ssl_context_builder = new_ssl_context_builder
178
168
  if client_authentification?
179
- if @ssl_verify_mode.upcase == "FORCE_PEER"
169
+ if @ssl_verify_mode == "force_peer"
180
170
  ssl_context_builder.setVerifyMode(org.logstash.netty.SslContextBuilder::SslClientVerifyMode::FORCE_PEER)
181
- elsif @ssl_verify_mode.upcase == "PEER"
171
+ elsif @ssl_verify_mode == "peer"
182
172
  ssl_context_builder.setVerifyMode(org.logstash.netty.SslContextBuilder::SslClientVerifyMode::VERIFY_PEER)
183
173
  end
184
174
  ssl_context_builder.setCertificateAuthorities(@ssl_certificate_authorities)
185
175
  end
186
- server.setSslHandlerProvider(org.logstash.netty.SslHandlerProvider.new(ssl_context_builder.build_context, @ssl_handshake_timeout))
176
+ server.setSslHandlerProvider(new_ssl_handshake_provider(ssl_context_builder))
187
177
  end
188
178
  server
189
179
  end
190
180
 
191
- def ssl_configured?
192
- !(@ssl_certificate.nil? || @ssl_key.nil?)
193
- end
194
-
195
- def target_codec_on_field?
196
- !@target_codec_on_field.empty?
197
- end
198
-
199
181
  def run(output_queue)
200
182
  message_listener = MessageListener.new(output_queue, self)
201
183
  @server.setMessageListener(message_listener)
@@ -206,6 +188,14 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
206
188
  @server.stop unless @server.nil?
207
189
  end
208
190
 
191
+ def ssl_configured?
192
+ !(@ssl_certificate.nil? || @ssl_key.nil?)
193
+ end
194
+
195
+ def target_codec_on_field?
196
+ !@target_codec_on_field.empty?
197
+ end
198
+
209
199
  def client_authentification?
210
200
  @ssl_certificate_authorities && @ssl_certificate_authorities.size > 0
211
201
  end
@@ -222,6 +212,32 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
222
212
  @ssl_verify_mode == "force_peer" || @ssl_verify_mode == "peer"
223
213
  end
224
214
 
215
+ private
216
+
217
+ def new_ssl_handshake_provider(ssl_context_builder)
218
+ begin
219
+ org.logstash.netty.SslHandlerProvider.new(ssl_context_builder.build_context, @ssl_handshake_timeout)
220
+ rescue java.lang.IllegalArgumentException => e
221
+ @logger.error("SSL configuration invalid", error_details(e))
222
+ raise LogStash::ConfigurationError, e
223
+ rescue java.security.GeneralSecurityException => e
224
+ @logger.error("SSL configuration failed", error_details(e, true))
225
+ raise e
226
+ end
227
+ end
228
+
229
+ def new_ssl_context_builder
230
+ passphrase = @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value
231
+ begin
232
+ org.logstash.netty.SslContextBuilder.new(@ssl_certificate, @ssl_key, passphrase)
233
+ .setProtocols(convert_protocols)
234
+ .setCipherSuites(normalized_ciphers)
235
+ rescue java.lang.IllegalArgumentException => e
236
+ @logger.error("SSL configuration invalid", error_details(e))
237
+ raise LogStash::ConfigurationError, e
238
+ end
239
+ end
240
+
225
241
  def normalized_ciphers
226
242
  @cipher_suites.map(&:upcase)
227
243
  end
@@ -229,4 +245,16 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
229
245
  def convert_protocols
230
246
  TLS.get_supported(@tls_min_version..@tls_max_version).map(&:name)
231
247
  end
248
+
249
+ def configuration_error(message)
250
+ @logger.error message
251
+ raise LogStash::ConfigurationError, message
252
+ end
253
+
254
+ def error_details(e, trace = false)
255
+ error_details = { :exception => e.class, :message => e.message }
256
+ error_details[:backtrace] = e.backtrace if trace || @logger.debug?
257
+ error_details
258
+ end
259
+
232
260
  end
@@ -1,5 +1,6 @@
1
1
  # encoding: utf-8
2
2
  require_relative "../spec_helper"
3
+ require "logstash/devutils/rspec/shared_examples"
3
4
  require "stud/temporary"
4
5
  require "logstash/inputs/beats"
5
6
  require "logstash/codecs/plain"
@@ -12,11 +13,19 @@ describe LogStash::Inputs::Beats do
12
13
  let(:certificate) { BeatsInputTest.certificate }
13
14
  let(:port) { BeatsInputTest.random_port }
14
15
  let(:queue) { Queue.new }
15
- let(:config) { { "port" => 0, "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "beats"} }
16
+ let(:config) do
17
+ {
18
+ "port" => 0,
19
+ "ssl_certificate" => certificate.ssl_cert,
20
+ "ssl_key" => certificate.ssl_key,
21
+ "type" => "example",
22
+ "tags" => "beats"
23
+ }
24
+ end
16
25
 
17
26
  context "#register" do
18
27
  context "host related configuration" do
19
- let(:config) { super.merge!({ "host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads }) }
28
+ let(:config) { super.merge("host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads) }
20
29
  let(:host) { "192.168.1.20" }
21
30
  let(:port) { 9000 }
22
31
  let(:client_inactivity_timeout) { 400 }
@@ -37,38 +46,55 @@ describe LogStash::Inputs::Beats do
37
46
 
38
47
  context "with ssl enabled" do
39
48
  context "without certificate configuration" do
40
- let(:config) {{ "port" => 0, "ssl" => true, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "beats" }}
49
+ let(:config) { { "port" => 0, "ssl" => true, "ssl_key" => certificate.ssl_key, "type" => "example" } }
41
50
 
42
51
  it "should fail to register the plugin with ConfigurationError" do
43
52
  plugin = LogStash::Inputs::Beats.new(config)
44
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError)
53
+ expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
45
54
  end
46
55
  end
47
56
 
48
57
  context "without key configuration" do
49
- let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats"} }
58
+ let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "type" => "example" } }
50
59
  it "should fail to register the plugin with ConfigurationError" do
51
60
  plugin = LogStash::Inputs::Beats.new(config)
52
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError)
61
+ expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
62
+ end
63
+ end
64
+
65
+ context "with invalid key configuration" do
66
+ let(:p12_key) { certificate.p12_key }
67
+ let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "ssl_key" => p12_key } }
68
+ it "should fail to register the plugin" do
69
+ plugin = LogStash::Inputs::Beats.new(config)
70
+ expect( plugin.logger ).to receive(:error) do |msg, opts|
71
+ expect( msg ).to match /.*?configuration invalid/
72
+ expect( opts[:message] ).to match /does not contain valid private key/
73
+ end
74
+ expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
53
75
  end
54
76
  end
55
77
 
56
78
  context "with invalid ciphers" do
57
- let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats", "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38"} }
79
+ let(:config) { super.merge("ssl" => true, "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
58
80
 
59
81
  it "should raise a configuration error" do
60
82
  plugin = LogStash::Inputs::Beats.new(config)
83
+ expect( plugin.logger ).to receive(:error) do |msg, opts|
84
+ expect( msg ).to match /.*?configuration invalid/
85
+ expect( opts[:message] ).to match /TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38.*? not available/
86
+ end
61
87
  expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
62
88
  end
63
89
  end
64
90
 
65
91
  context "verify_mode" do
66
92
  context "verify_mode configured to PEER" do
67
- let(:config) { { "port" => 0, "ssl" => true, "ssl_verify_mode" => "peer", "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "Beats"} }
93
+ let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "peer") }
68
94
 
69
95
  it "raise a ConfigurationError when certificate_authorities is not set" do
70
96
  plugin = LogStash::Inputs::Beats.new(config)
71
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`")
97
+ expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_verify_mode => 'peer' is configured")
72
98
  end
73
99
 
74
100
  it "doesn't raise a configuration error when certificate_authorities is set" do
@@ -79,11 +105,11 @@ describe LogStash::Inputs::Beats do
79
105
  end
80
106
 
81
107
  context "verify_mode configured to FORCE_PEER" do
82
- let(:config) { { "port" => 0, "ssl" => true, "ssl_verify_mode" => "force_peer", "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "Beats"} }
108
+ let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "force_peer") }
83
109
 
84
110
  it "raise a ConfigurationError when certificate_authorities is not set" do
85
111
  plugin = LogStash::Inputs::Beats.new(config)
86
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`")
112
+ expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_verify_mode => 'force_peer' is configured")
87
113
  end
88
114
 
89
115
  it "doesn't raise a configuration error when certificate_authorities is set" do
@@ -97,7 +123,7 @@ describe LogStash::Inputs::Beats do
97
123
 
98
124
  context "with ssl disabled" do
99
125
  context "and certificate configuration" do
100
- let(:config) { { "port" => 0, "ssl" => false, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats" } }
126
+ let(:config) { { "port" => 0, "ssl" => false, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats" } }
101
127
 
102
128
  it "should not fail" do
103
129
  plugin = LogStash::Inputs::Beats.new(config)
@@ -166,8 +166,8 @@ describe "Filebeat", :integration => true do
166
166
  end
167
167
 
168
168
  context "when the cipher is not supported" do
169
- let(:beats_cipher) { "ECDHE-RSA-AES-128-GCM-SHA256" }
170
- let(:logstash_cipher) { "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}
169
+ let(:beats_cipher) { "ECDHE-RSA-AES-256-GCM-SHA384" }
170
+ let(:logstash_cipher) { "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}
171
171
 
172
172
  include_examples "doesn't send events"
173
173
  end
@@ -13,6 +13,13 @@ module BeatsInputTest
13
13
 
14
14
  system("openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout #{ssl_key} -out #{ssl_cert} -subj /CN=localhost > /dev/null 2>&1")
15
15
  end
16
+
17
+ def p12_key
18
+ p12_key = Stud::Temporary.pathname("p12_key")
19
+ system "openssl pkcs12 -export -passout pass:123 -inkey #{ssl_key} -in #{ssl_cert} -out #{p12_key}"
20
+ p12_key
21
+ end
22
+
16
23
  end
17
24
 
18
25
  class << self
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-beats
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.8
4
+ version: 6.0.13
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-02-04 00:00:00.000000000 Z
11
+ date: 2021-01-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -266,13 +266,12 @@ files:
266
266
  - spec/support/shared_examples.rb
267
267
  - vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.9.10/jackson-annotations-2.9.10.jar
268
268
  - vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.9.10/jackson-core-2.9.10.jar
269
- - vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar
269
+ - vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.4/jackson-databind-2.9.10.4.jar
270
270
  - vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10/jackson-module-afterburner-2.9.10.jar
271
- - vendor/jar-dependencies/io/netty/netty-all/4.1.30.Final/netty-all-4.1.30.Final.jar
272
- - vendor/jar-dependencies/io/netty/netty-tcnative-boringssl-static/2.0.12.Final/netty-tcnative-boringssl-static-2.0.12.Final.jar
271
+ - vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final/netty-all-4.1.49.Final.jar
273
272
  - vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
274
273
  - vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
275
- - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.0.8/logstash-input-beats-6.0.8.jar
274
+ - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.0.13/logstash-input-beats-6.0.13.jar
276
275
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
277
276
  licenses:
278
277
  - Apache License (2.0)