logstash-input-beats 6.2.6-java → 6.3.0-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/VERSION +1 -1
  4. data/docs/index.asciidoc +5 -5
  5. data/lib/logstash/inputs/beats/tls.rb +2 -1
  6. data/lib/logstash-input-beats_jars.rb +1 -1
  7. data/lib/tasks/test.rake +2 -2
  8. data/spec/inputs/beats/tls_spec.rb +2 -2
  9. data/spec/integration/filebeat_spec.rb +29 -1
  10. data/spec/support/file_helpers.rb +1 -1
  11. data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.3.0/logstash-input-beats-6.3.0.jar +0 -0
  12. metadata +3 -3
  13. data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.2.6/logstash-input-beats-6.2.6.jar +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d37545b0bccc0905fa37d874a04058d85b49e5cbec4a7a466612fdb5ffc0432a
4
- data.tar.gz: 79a86135a8c619d9bb09ac7ca2cadb0dd6a73a029769dcc27d20f47eb8a32dab
3
+ metadata.gz: e50f7332c2cc7d230b49310fd987ff4ed575b0d8eb4e62526899af20bfabe0d5
4
+ data.tar.gz: dfeb260b1a5c7866b624c769abc2c780efa194dbadd5c18d1f2cb282ff58537b
5
5
  SHA512:
6
- metadata.gz: 7f5b024e80a9948a64d8de39b3036df0638af338e6fca29286c21b580114717b24dd655afc13ae9ced1160c8d52a1819bd7fce7ba273253d0d0a0b5013417450
7
- data.tar.gz: 25f56be14791b4a93d7e48b71ba7b17428cd16110428c51a1c0f19f3e0240cc3bf1cbfc124f8b725de152827c9709e62989c49d862a38cc17c75067538c5376d
6
+ metadata.gz: e4be1cf87358e1e02479c7692d8317382ffe96e497f9ea658ce2774f6583253ce9a05fb7ab322722eea0c59ca06cad09718f95ffce6b7b5a53dcfa9b8b4c24d7
7
+ data.tar.gz: dcb8dae4e25448aec7105bea439c7c04bfcdc49752c99624fc26722d2f056024cb8942f7af926b486f1c9eb00fb6b0b80ae636bdf3fb164084125b4636681b28
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 6.3.0
2
+ - Added support for TLSv1.3. [#447](https://github.com/logstash-plugins/logstash-input-beats/pull/447)
3
+
1
4
  ## 6.2.6
2
5
  - Update guidance regarding the private key format and encoding [#445](https://github.com/logstash-plugins/logstash-input-beats/pull/445)
3
6
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 6.2.6
1
+ 6.3.0
data/docs/index.asciidoc CHANGED
@@ -199,9 +199,10 @@ Flag to determine whether to add `host` field to event using the value supplied
199
199
  ===== `cipher_suites`
200
200
 
201
201
  * Value type is <<array,array>>
202
- * Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
202
+ * Default value is `java.lang.String[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
203
203
 
204
204
  The list of ciphers suite to use, listed by priorities.
205
+ The default values applies for OpenJDK 11.0.14 and higher, for older versions the list does not include suites not supported by the JDK, such as the ChaCha20 family of ciphers.
205
206
 
206
207
  [id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
207
208
  ===== `client_inactivity_timeout`
@@ -360,10 +361,10 @@ This option is only valid when `ssl_verify_mode` is set to `peer` or `force_peer
360
361
  ===== `tls_max_version`
361
362
 
362
363
  * Value type is <<number,number>>
363
- * Default value is `1.2`
364
+ * Default value is `1.3`
364
365
 
365
366
  The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
366
- 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
367
+ 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
367
368
 
368
369
  [id="plugins-{type}s-{plugin}-tls_min_version"]
369
370
  ===== `tls_min_version`
@@ -372,7 +373,7 @@ The maximum TLS version allowed for the encrypted connections. The value must be
372
373
  * Default value is `1`
373
374
 
374
375
  The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
375
- 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
376
+ 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
376
377
 
377
378
 
378
379
 
@@ -380,4 +381,3 @@ The minimum TLS version allowed for the encrypted connections. The value must be
380
381
  include::{include_path}/{type}.asciidoc[]
381
382
 
382
383
  :default_codec!:
383
-
data/lib/logstash/inputs/beats/tls.rb CHANGED
@@ -18,7 +18,8 @@ module LogStash module Inputs class Beats
18
18
  TLS_PROTOCOL_OPTIONS = [
19
19
  TLSOption.new("TLSv1", 1),
20
20
  TLSOption.new("TLSv1.1", 1.1),
21
- TLSOption.new("TLSv1.2", 1.2)
21
+ TLSOption.new("TLSv1.2", 1.2),
22
+ TLSOption.new("TLSv1.3", 1.3)
22
23
  ]
23
24
 
24
25
  def self.min
data/lib/logstash-input-beats_jars.rb CHANGED
@@ -7,4 +7,4 @@ require_jar('com.fasterxml.jackson.core', 'jackson-core', '2.9.10')
7
7
  require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
8
8
  require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.8')
9
9
  require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
10
- require_jar('org.logstash.beats', 'logstash-input-beats', '6.2.6')
10
+ require_jar('org.logstash.beats', 'logstash-input-beats', '6.3.0')
data/lib/tasks/test.rake CHANGED
@@ -4,9 +4,9 @@ VENDOR_PATH = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "ve
4
4
 
5
5
  #TODO: Figure out better means to keep this version in sync
6
6
  if OS_PLATFORM == "linux"
7
- FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.4-linux-x86_64.tar.gz"
7
+ FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.0-linux-x86_64.tar.gz"
8
8
  elsif OS_PLATFORM == "darwin"
9
- FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.4-darwin-x86_64.tar.gz"
9
+ FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.0-darwin-x86_64.tar.gz"
10
10
  end
11
11
 
12
12
  LSF_URL = "https://download.elastic.co/logstash-forwarder/binaries/logstash-forwarder_#{OS_PLATFORM}_amd64"
data/spec/inputs/beats/tls_spec.rb CHANGED
@@ -10,8 +10,8 @@ describe LogStash::Inputs::Beats::TLS do
10
10
  end
11
11
 
12
12
  it "returns the maximum supported tls" do
13
- expect(subject.max.version).to eq(1.2)
14
- expect(subject.max.name).to eq("TLSv1.2")
13
+ expect(subject.max.version).to eq(1.3)
14
+ expect(subject.max.name).to eq("TLSv1.3")
15
15
  end
16
16
 
17
17
  describe ".get_supported" do
data/spec/integration/filebeat_spec.rb CHANGED
@@ -37,7 +37,7 @@ describe "Filebeat", :integration => true do
37
37
  let(:filebeat_config) do
38
38
  {
39
39
  "filebeat" => {
40
- "prospectors" => [{ "paths" => [log_file], "type" => "log" }],
40
+ "inputs" => [{ "paths" => [log_file], "type" => "log" }],
41
41
  "scan_frequency" => "1s"
42
42
  },
43
43
  "output" => {
@@ -174,6 +174,34 @@ describe "Filebeat", :integration => true do
174
174
  end
175
175
  end
176
176
 
177
+ context "with TLSv1.3 client" do
178
+ let(:filebeat_config) do
179
+ super().merge({
180
+ "output" => {
181
+ "logstash" => {
182
+ "hosts" => ["#{host}:#{port}"],
183
+ "ssl" => {
184
+ "certificate_authorities" => certificate_authorities,
185
+ "versions" => ["TLSv1.3"],
186
+ }
187
+ }
188
+ },
189
+ "logging" => { "level" => "debug" }
190
+ })
191
+ end
192
+ include_examples "send events"
193
+
194
+ context "when TLSv1.3 enforced in plugin" do
195
+ let(:input_config) {
196
+ super().merge({
197
+ "tls_min_version" => "1.3"
198
+ })
199
+ }
200
+
201
+ include_examples "send events"
202
+ end
203
+ end
204
+
177
205
  # Refactor this to use Flores's PKI instead of openssl command line
178
206
  # see: https://github.com/jordansissel/ruby-flores/issues/7
179
207
  context "with a passphrase" do
data/spec/support/file_helpers.rb CHANGED
@@ -19,7 +19,7 @@ module FileHelpers
19
19
  end
20
20
 
21
21
  def write_to_tmp_file(content)
22
- file = Stud::Temporary.file
22
+ file = Stud::Temporary.file("test-logstash-input-beats", "w+", 0600)
23
23
  file.write(content.to_s)
24
24
  file.close
25
25
  file.path
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-beats
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.2.6
4
+ version: 6.3.0
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-28 00:00:00.000000000 Z
11
+ date: 2022-03-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -298,7 +298,7 @@ files:
298
298
  - vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10/jackson-module-afterburner-2.9.10.jar
299
299
  - vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final/netty-all-4.1.65.Final.jar
300
300
  - vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
301
- - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.2.6/logstash-input-beats-6.2.6.jar
301
+ - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.3.0/logstash-input-beats-6.3.0.jar
302
302
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
303
303
  licenses:
304
304
  - Apache License (2.0)