logstash-input-beats 6.9.0-java → 7.0.0-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (20) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +15 -0
  3. data/VERSION +1 -1
  4. data/docs/index.asciidoc +17 -73
  5. data/lib/logstash/inputs/beats.rb +20 -105
  6. data/lib/logstash-input-beats_jars.rb +7 -7
  7. data/lib/tasks/test.rake +8 -6
  8. data/logstash-input-beats.gemspec +0 -1
  9. data/spec/inputs/beats_spec.rb +38 -164
  10. data/spec/integration/filebeat_spec.rb +4 -6
  11. data/vendor/jar-dependencies/io/netty/netty-buffer/{4.1.109.Final/netty-buffer-4.1.109.Final.jar → 4.1.115.Final/netty-buffer-4.1.115.Final.jar} +0 -0
  12. data/vendor/jar-dependencies/io/netty/netty-codec/{4.1.109.Final/netty-codec-4.1.109.Final.jar → 4.1.115.Final/netty-codec-4.1.115.Final.jar} +0 -0
  13. data/vendor/jar-dependencies/io/netty/netty-common/{4.1.109.Final/netty-common-4.1.109.Final.jar → 4.1.115.Final/netty-common-4.1.115.Final.jar} +0 -0
  14. data/vendor/jar-dependencies/io/netty/netty-handler/{4.1.109.Final/netty-handler-4.1.109.Final.jar → 4.1.115.Final/netty-handler-4.1.115.Final.jar} +0 -0
  15. data/vendor/jar-dependencies/io/netty/netty-transport/{4.1.109.Final/netty-transport-4.1.109.Final.jar → 4.1.115.Final/netty-transport-4.1.115.Final.jar} +0 -0
  16. data/vendor/jar-dependencies/io/netty/netty-transport-native-unix-common/{4.1.109.Final/netty-transport-native-unix-common-4.1.109.Final.jar → 4.1.115.Final/netty-transport-native-unix-common-4.1.115.Final.jar} +0 -0
  17. data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/{6.9.0/logstash-input-beats-6.9.0.jar → 7.0.0/logstash-input-beats-7.0.0.jar} +0 -0
  18. metadata +26 -43
  19. data/lib/logstash/inputs/beats/tls.rb +0 -41
  20. data/spec/inputs/beats/tls_spec.rb +0 -39
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 01fefa4a08a49d5b8327676fb8e9699f4dac1a656c4af806bfd52ab8b4765525
4
- data.tar.gz: 5088c69b9ee6e5af1fd1eca90bafc1666834a6fa33759d7f5ec11e55d118b095
3
+ metadata.gz: 0f99bdf1800764220d652953474bd4b98195cca6dec131e73fdbfdfae37c7d86
4
+ data.tar.gz: 3bafe83e5f676a384f2c7ecc473a600b922d31e6a3f1f6c3e9b3c6b4008f73da
5
5
  SHA512:
6
- metadata.gz: 397e56a448f16eb3b0c149924b84474c494d680ebf9f5b51fbda46fc11d2cd3ab94896be435dde4e094b7b737fde9623d44feb2e922f74f50456420137d63948
7
- data.tar.gz: c68a662dbb9494535b3200c2a0866da4fb2703667be266868b4214755b32e169ec1fee640a2c54b12c4b2a999f8d3b58e7126726eadbfbf66888d1d1664bec24
6
+ metadata.gz: 4d7ad1989c834ef2b9230904b0cf4bf19e168de73db12a7e06ea1a90edc546c4823b32cb823f68ee815740760716d315537c682adb91b7d5ab8b18b3d251f3c0
7
+ data.tar.gz: 709f7c0e404c009390fc94468ebdaa55a9cba2b702e2cf38b294ac81f00e2c227fd4242838a70bdd3e3b33236a45d16dd0177c08756e8075a503864f95acd52b
data/CHANGELOG.md CHANGED
@@ -1,3 +1,18 @@
1
+ ## 7.0.0
2
+ - Remove deprecated SSL settings
3
+ - SSL settings that were marked deprecated in version `6.6.0` are now marked obsolete, and will prevent the plugin from starting.
4
+ - These settings are:
5
+ - `cipher_suites`, replaced by `ssl_cipher_suites`
6
+ - `ssl`, replaced by `ssl_enabled`
7
+ - `ssl_peer_metadata`, replaced by `enrich`
8
+ - `ssl_verify_mode`, replaced by `ssl_client_authentication`
9
+ - `tls_max_version`, replaced by `ssl_supported_protocols`
10
+ - `tls_min_version`, replaced by `ssl_supported_protocols`
11
+ - [#508](https://github.com/logstash-plugins/logstash-input-beats/pull/508)
12
+
13
+ ## 6.9.1
14
+ - Upgrade netty to 4.1.115 [#507](https://github.com/logstash-plugins/logstash-input-beats/pull/507)
15
+
1
16
  ## 6.9.0
2
17
  - Improvements on plugin's shutdown [#500](https://github.com/logstash-plugins/logstash-input-beats/pull/500)
3
18
  - Fix: avoid plugin crash when connection terminated but processing the message
data/VERSION CHANGED
@@ -1 +1 @@
1
- 6.9.0
1
+ 7.0.0
data/docs/index.asciidoc CHANGED
@@ -209,11 +209,13 @@ e|N/A
209
209
 
210
210
  This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
211
211
 
212
+ NOTE: As of version `7.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed.
213
+ Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
214
+
212
215
  [cols="<,<,<",options="header",]
213
216
  |=======================================================================
214
217
  |Setting |Input type|Required
215
218
  | <<plugins-{type}s-{plugin}-add_hostname>> |<<boolean,boolean>>|__Deprecated__
216
- | <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|__Deprecated__
217
219
  | <<plugins-{type}s-{plugin}-client_inactivity_timeout>> |<<number,number>>|No
218
220
  | <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
219
221
  | <<plugins-{type}s-{plugin}-enrich>> |<<string,string>>|No
@@ -222,7 +224,6 @@ This plugin supports the following configuration options plus the <<plugins-{typ
222
224
  | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
223
225
  | <<plugins-{type}s-{plugin}-include_codec_tag>> |<<boolean,boolean>>|__Deprecated__
224
226
  | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
225
- | <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|__Deprecated__
226
227
  | <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
227
228
  | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
228
229
  | <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<array,array>>|No
@@ -231,11 +232,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
231
232
  | <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
232
233
  | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
233
234
  | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
234
- | <<plugins-{type}s-{plugin}-ssl_peer_metadata>> |<<boolean,boolean>>|__Deprecated__
235
235
  | <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<array,array>>|No
236
- | <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
237
- | <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|__Deprecated__
238
- | <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|__Deprecated__
239
236
  |=======================================================================
240
237
 
241
238
  Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -253,14 +250,6 @@ input plugins.
253
250
 
254
251
  Flag to determine whether to add `host` field to event using the value supplied by the {plugin-singular} in the `hostname` field.
255
252
 
256
- [id="plugins-{type}s-{plugin}-cipher_suites"]
257
- ===== `cipher_suites`
258
- deprecated[6.4.0, Replaced by <<plugins-{type}s-{plugin}-ssl_cipher_suites>>]
259
-
260
- * Value type is <<array,array>>
261
-
262
- The list of cipher suites to use, listed by priorities.
263
-
264
253
  [id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
265
254
  ===== `client_inactivity_timeout`
266
255
 
@@ -399,17 +388,6 @@ deprecated[6.5.0, Replaced by <<plugins-{type}s-{plugin}-enrich>>]
399
388
 
400
389
  The port to listen on.
401
390
 
402
- [id="plugins-{type}s-{plugin}-ssl"]
403
- ===== `ssl`
404
- deprecated[6.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
405
-
406
- * Value type is <<boolean,boolean>>
407
- * Default value is `false`
408
-
409
- Events are by default sent in plain text. You can
410
- enable encryption by setting `ssl` to true and configuring
411
- the `ssl_certificate` and `ssl_key` options.
412
-
413
391
  [id="plugins-{type}s-{plugin}-ssl_certificate"]
414
392
  ===== `ssl_certificate`
415
393
 
@@ -497,18 +475,6 @@ openssl pkcs8 -inform PEM -in path/to/logstash.key -topk8 -nocrypt -outform PEM
497
475
 
498
476
  SSL key passphrase to use.
499
477
 
500
- [id="plugins-{type}s-{plugin}-ssl_peer_metadata"]
501
- ===== `ssl_peer_metadata`
502
-
503
- deprecated[6.5.0, Replaced by <<plugins-{type}s-{plugin}-enrich>>]
504
-
505
- * Value type is <<boolean,boolean>>
506
- * Default value is `false`
507
-
508
- Enables storing client certificate information in event's metadata.
509
-
510
- This option is only valid when <<plugins-{type}s-{plugin}-ssl_client_authentication>> is set to `optional` or `required`.
511
-
512
478
  [id="plugins-{type}s-{plugin}-ssl_supported_protocols"]
513
479
  ===== `ssl_supported_protocols`
514
480
 
@@ -526,45 +492,23 @@ NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as
526
492
  the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
527
493
  the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
528
494
 
529
- [id="plugins-{type}s-{plugin}-ssl_verify_mode"]
530
- ===== `ssl_verify_mode`
531
- deprecated[6.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_client_authentication>>]
532
-
533
- * Value can be any of: `none`, `peer`, `force_peer`
534
- * Default value is `"none"`
535
-
536
- By default, the server doesn't do any client verification. If the <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
537
- is configured, and no value or `none` is provided for this option, it defaults to `force_peer` instead of `none`.
538
-
539
- `peer` will make the server ask the client to provide a certificate.
540
- If the client provides a certificate, it will be validated.
541
-
542
- `force_peer` will make the server ask the client to provide a certificate.
543
- If the client doesn't provide a certificate, the connection will be closed.
495
+ [id="plugins-{type}s-{plugin}-obsolete-options"]
496
+ ==== Beats Input Obsolete Configuration Options
544
497
 
545
- When mutual TLS is enabled (`peer` or `force_peer`), the certificate presented by the client must be signed by trusted
546
- <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> (CAs).
547
- Please note that the server does not validate the client certificate CN (Common Name) or SAN (Subject Alternative Name).
548
-
549
- NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> is set.
498
+ WARNING: As of version `7.0.0` of this plugin, some configuration options have been replaced.
499
+ The plugin will fail to start if it contains any of these obsolete options.
550
500
 
551
- [id="plugins-{type}s-{plugin}-tls_max_version"]
552
- ===== `tls_max_version`
553
- deprecated[6.4.0, Replaced by <<plugins-{type}s-{plugin}-ssl_supported_protocols>>]
554
501
 
555
- * Value type is <<number,number>>
556
-
557
- The maximum TLS version allowed for the encrypted connections.
558
- The value must be the one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3
559
-
560
- [id="plugins-{type}s-{plugin}-tls_min_version"]
561
- ===== `tls_min_version`
562
- deprecated[6.4.0, Replaced by <<plugins-{type}s-{plugin}-ssl_supported_protocols>>]
563
-
564
- * Value type is <<number,number>>
565
-
566
- The minimum TLS version allowed for the encrypted connections.
567
- The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
502
+ [cols="<,<",options="header",]
503
+ |=======================================================================
504
+ |Setting|Replaced by
505
+ | cipher_suites |<<plugins-{type}s-{plugin}-ssl_cipher_suites>>
506
+ | ssl |<<plugins-{type}s-{plugin}-ssl_enabled>>
507
+ | ssl_peer_metadata |<<plugins-{type}s-{plugin}-enrich>>
508
+ | ssl_verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
509
+ | tls_max_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
510
+ | tls_min_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
511
+ |=======================================================================
568
512
 
569
513
 
570
514
  [id="plugins-{type}s-{plugin}-common-options"]
@@ -7,7 +7,6 @@ require "logstash/util"
7
7
  require "logstash-input-beats_jars"
8
8
  require "logstash/plugin_mixins/ecs_compatibility_support"
9
9
  require 'logstash/plugin_mixins/plugin_factory_support'
10
- require "logstash/plugin_mixins/normalize_config_support"
11
10
  require 'logstash/plugin_mixins/event_support/event_factory_adapter'
12
11
  require_relative "beats/patch"
13
12
 
@@ -51,7 +50,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
51
50
  require "logstash/inputs/beats/decoded_event_transform"
52
51
  require "logstash/inputs/beats/raw_event_transform"
53
52
  require "logstash/inputs/beats/message_listener"
54
- require "logstash/inputs/beats/tls"
55
53
 
56
54
  java_import 'org.logstash.netty.SslContextBuilder'
57
55
 
@@ -62,8 +60,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
62
60
 
63
61
  include LogStash::PluginMixins::PluginFactorySupport
64
62
 
65
- include LogStash::PluginMixins::NormalizeConfigSupport
66
-
67
63
  config_name "beats"
68
64
 
69
65
  default :codec, "plain"
@@ -74,11 +70,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
74
70
  # The port to listen on.
75
71
  config :port, :validate => :number, :required => true
76
72
 
77
- # Events are by default sent in plain text. You can
78
- # enable encryption by setting `ssl` to true and configuring
79
- # the `ssl_certificate` and `ssl_key` options.
80
- config :ssl, :validate => :boolean, :default => false, :deprecated => "Use 'ssl_enabled' instead."
81
-
82
73
  # SSL certificate to use.
83
74
  config :ssl_certificate, :validate => :path
84
75
 
@@ -97,8 +88,8 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
97
88
 
98
89
  # Validate client certificates against these authorities.
99
90
  # You can define multiple files or paths. All the certificates will
100
- # be read and added to the trust store. You need to configure the `ssl_verify_mode`
101
- # to `peer` or `force_peer` to enable the verification.
91
+ # be read and added to the trust store. You need to configure the `ssl_client_authentication`
92
+ # to `optional` or `required` to enable the client verification.
102
93
  #
103
94
  config :ssl_certificate_authorities, :validate => :array, :default => []
104
95
 
@@ -110,21 +101,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
110
101
  # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
111
102
  config :ssl_client_authentication, :validate => %w[none optional required], :default => 'none'
112
103
 
113
- # By default the server doesn't do any client verification.
114
- #
115
- # `peer` will make the server ask the client to provide a certificate.
116
- # If the client provides a certificate, it will be validated.
117
- #
118
- # `force_peer` will make the server ask the client to provide a certificate.
119
- # If the client doesn't provide a certificate, the connection will be closed.
120
- #
121
- # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
122
- config :ssl_verify_mode, :validate => ["none", "peer", "force_peer"], :default => "none", :deprecated => "Set 'ssl_client_authentication' instead."
123
-
124
- # Enables storing client certificate information in event's metadata. You need
125
- # to configure the `ssl_verify_mode` to `peer` or `force_peer` to enable this.
126
- config :ssl_peer_metadata, :validate => :boolean, :default => false, :deprecated => "use `enrich` option to configure which enrichments to perform"
127
-
128
104
  config :include_codec_tag, :validate => :boolean, :default => true, :deprecated => "use `enrich` option to configure which enrichments to perform"
129
105
 
130
106
  # Time in milliseconds for an incomplete ssl handshake to timeout
@@ -148,21 +124,18 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
148
124
  # Flag to determine whether to add host information (provided by the beat in the 'hostname' field) to the event
149
125
  config :add_hostname, :validate => :boolean, :default => false, :deprecated => 'This option will be removed in the future as beats determine the event schema'
150
126
 
151
- # The list of ciphers suite to use, listed by priorities.
152
- config :cipher_suites, :validate => :array, :default => [], :deprecated => "Set 'ssl_cipher_suites' instead."
153
-
154
- # The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
155
- # 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
156
- config :tls_min_version, :validate => :number, :default => TLS.min.version, :deprecated => "Set 'ssl_supported_protocols' instead."
157
-
158
- # The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
159
- # 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
160
- config :tls_max_version, :validate => :number, :default => TLS.max.version, :deprecated => "Set 'ssl_supported_protocols' instead."
127
+ # removed options
128
+ config :ssl, :obsolete => "Use 'ssl_enabled' instead."
129
+ config :ssl_peer_metadata, :obsolete => "Use 'enrich' instead."
130
+ config :ssl_verify_mode, :obsolete => "Use 'ssl_client_authentication' instead."
131
+ config :cipher_suites, :obsolete => "Use 'ssl_cipher_suites' instead."
132
+ config :tls_min_version, :obsolete => "Use 'ssl_supported_protocols' instead."
133
+ config :tls_max_version, :obsolete => "Use 'ssl_supported_protocols' instead."
161
134
 
162
135
  ENRICH_DEFAULTS = {
163
136
  'source_metadata' => true,
164
137
  'codec_metadata' => true,
165
- 'ssl_peer_metadata' => false,
138
+ 'ssl_peer_metadata' => false, # adds client certificate information in event's metadata
166
139
  }.freeze
167
140
 
168
141
  ENRICH_ALL = ENRICH_DEFAULTS.keys.freeze
@@ -174,29 +147,16 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
174
147
 
175
148
  attr_reader :field_hostname, :field_hostip
176
149
  attr_reader :field_tls_protocol_version, :field_tls_peer_subject, :field_tls_cipher
150
+ attr_reader :include_ssl_peer_metadata
177
151
  attr_reader :include_source_metadata
178
152
 
179
- NON_PREFIXED_SSL_CONFIGS = Set[
180
- 'tls_min_version',
181
- 'tls_max_version',
182
- 'cipher_suites',
183
- ].freeze
184
-
185
153
  SSL_CLIENT_AUTH_NONE = 'none'.freeze
186
154
  SSL_CLIENT_AUTH_OPTIONAL = 'optional'.freeze
187
155
  SSL_CLIENT_AUTH_REQUIRED = 'required'.freeze
188
156
 
189
- SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP = {
190
- 'none' => SSL_CLIENT_AUTH_NONE,
191
- 'peer' => SSL_CLIENT_AUTH_OPTIONAL,
192
- 'force_peer' => SSL_CLIENT_AUTH_REQUIRED
193
- }.freeze
194
-
195
157
  private_constant :SSL_CLIENT_AUTH_NONE
196
158
  private_constant :SSL_CLIENT_AUTH_OPTIONAL
197
159
  private_constant :SSL_CLIENT_AUTH_REQUIRED
198
- private_constant :NON_PREFIXED_SSL_CONFIGS
199
- private_constant :SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP
200
160
 
201
161
  def register
202
162
  # For Logstash 2.4 we need to make sure that the logger is correctly set for the
@@ -208,15 +168,13 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
208
168
  LogStash::Logger.setup_log4j(@logger)
209
169
  end
210
170
 
211
- setup_ssl_params!
212
-
213
171
  validate_ssl_config!
214
172
 
215
173
  active_enrichments = resolve_enriches
216
174
 
217
175
  @include_source_metadata = active_enrichments.include?('source_metadata')
176
+ @include_ssl_peer_metadata = active_enrichments.include?('ssl_peer_metadata')
218
177
  @include_codec_tag = original_params.include?('include_codec_tag') ? params['include_codec_tag'] : active_enrichments.include?('codec_metadata')
219
- @ssl_peer_metadata = original_params.include?('ssl_peer_metadata') ? params['ssl_peer_metadata'] : active_enrichments.include?('ssl_peer_metadata')
220
178
 
221
179
  # intentionally ask users to provide codec when they want to use the codec metadata
222
180
  # second layer enrich is also a controller, provide enrich => ['codec_metadata' or/with 'source_metadata'] with codec if you override event original
@@ -275,9 +233,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
275
233
  return client_authentication_optional? || client_authentication_required?
276
234
  end
277
235
 
278
- # Keep backward compatibility with the deprecated `ssl_verify_mode` until it's not removed.
279
- # When it's explicitly set (or both settings are absent), it should use the ssl_certificate_authorities
280
- # to enable/disable the client authentication. (even if ssl_verify_mode => none)
236
+ # also uses the ssl_certificate_authorities to enable/disable the client authentication
281
237
  certificate_authorities_configured?
282
238
  end
283
239
 
@@ -286,7 +242,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
286
242
  end
287
243
 
288
244
  def client_authentication_metadata?
289
- @ssl_enabled && @ssl_peer_metadata && ssl_configured? && client_authentication_enabled?
245
+ @ssl_enabled && @include_ssl_peer_metadata && ssl_configured? && client_authentication_enabled?
290
246
  end
291
247
 
292
248
  def client_authentication_required?
@@ -312,10 +268,10 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
312
268
  private
313
269
 
314
270
  def validate_ssl_config!
315
- ssl_config_name = original_params.include?('ssl') ? 'ssl' : 'ssl_enabled'
271
+ ssl_config_name = 'ssl_enabled'
316
272
 
317
273
  unless @ssl_enabled
318
- ignored_ssl_settings = original_params.select { |k| k != 'ssl_enabled' && k.start_with?('ssl_') || NON_PREFIXED_SSL_CONFIGS.include?(k) }
274
+ ignored_ssl_settings = original_params.select { |k| k != 'ssl_enabled' && k.start_with?('ssl_') }
319
275
  @logger.warn("Configured SSL settings are not used when `#{ssl_config_name}` is set to `false`: #{ignored_ssl_settings.keys}") if ignored_ssl_settings.any?
320
276
  return
321
277
  end
@@ -329,13 +285,11 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
329
285
  end
330
286
 
331
287
  if require_certificate_authorities? && !certificate_authorities_configured?
332
- config_name, config_value = provided_client_authentication_config
333
- configuration_error "ssl_certificate_authorities => is a required setting when #{config_name} => '#{config_value}' is configured"
288
+ configuration_error "ssl_certificate_authorities => is a required setting when `ssl_client_authentication => '#{@ssl_client_authentication}'` is configured"
334
289
  end
335
290
 
336
291
  if client_authentication_metadata? && !require_certificate_authorities?
337
- config_name, optional, required = provided_client_authentication_config([SSL_CLIENT_AUTH_OPTIONAL, SSL_CLIENT_AUTH_REQUIRED])
338
- configuration_error "Configuring ssl_peer_metadata => true requires #{config_name} => to be configured with '#{optional}' or '#{required}'"
292
+ configuration_error "Configuring `enrich => [ssl_peer_metadata]` requires `ssl_client_authentication` to be configured with '#{SSL_CLIENT_AUTH_OPTIONAL}' or '#{SSL_CLIENT_AUTH_REQUIRED}'"
339
293
  end
340
294
 
341
295
  if original_params.include?('ssl_client_authentication') && certificate_authorities_configured? && !require_certificate_authorities?
@@ -343,43 +297,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
343
297
  end
344
298
  end
345
299
 
346
- def provided_client_authentication_config(values = [@ssl_client_authentication])
347
- if original_params.include?('ssl_verify_mode')
348
- ['ssl_verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
349
- else
350
- ['ssl_client_authentication', *values]
351
- end
352
- end
353
-
354
- def setup_ssl_params!
355
- @ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
356
- normalizer.with_deprecated_alias(:ssl)
357
- end
358
-
359
- @ssl_cipher_suites = normalize_config(:ssl_cipher_suites) do |normalizer|
360
- normalizer.with_deprecated_alias(:cipher_suites)
361
- end
362
-
363
- @ssl_supported_protocols = normalize_config(:ssl_supported_protocols) do |normalizer|
364
- normalizer.with_deprecated_mapping(:tls_min_version, :tls_max_version) do |tls_min_version, tls_max_version|
365
- TLS.get_supported(tls_min_version..tls_max_version).map(&:name)
366
- end
367
- end
368
-
369
- @ssl_client_authentication = normalize_config(:ssl_client_authentication) do |normalizer|
370
- normalizer.with_deprecated_mapping(:ssl_verify_mode) do |ssl_verify_mode|
371
- normalized_value = SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP[ssl_verify_mode.downcase]
372
- fail(LogStash::ConfigurationError, "Unsupported value #{ssl_verify_mode} for deprecated option `ssl_verify_mode`") unless normalized_value
373
- normalized_value
374
- end
375
- end
376
-
377
- params['ssl_enabled'] = @ssl_enabled unless @ssl_enabled.nil?
378
- params['ssl_cipher_suites'] = @ssl_cipher_suites unless @ssl_cipher_suites.nil?
379
- params['ssl_supported_protocols'] = @ssl_supported_protocols unless @ssl_supported_protocols.nil?
380
- params['ssl_client_authentication'] = @ssl_client_authentication unless @ssl_client_authentication.nil?
381
- end
382
-
383
300
  def new_ssl_handshake_provider(ssl_context_builder)
384
301
  begin
385
302
  org.logstash.netty.SslHandlerProvider.new(ssl_context_builder.build_context, @ssl_handshake_timeout)
@@ -414,7 +331,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
414
331
  return SslContextBuilder::SslClientVerifyMode::OPTIONAL if client_authentication_optional?
415
332
  return SslContextBuilder::SslClientVerifyMode::REQUIRED if client_authentication_required?
416
333
 
417
- # Backward compatibility with the deprecated `ssl_verify_mode` and the current `none` overrides
418
334
  if !original_params.include?('ssl_client_authentication') && certificate_authorities_configured?
419
335
  return SslContextBuilder::SslClientVerifyMode::REQUIRED
420
336
  end
@@ -444,9 +360,8 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
444
360
  end
445
361
 
446
362
  def resolve_enriches
447
- deprecated_flags_provided = %w(ssl_peer_metadata include_codec_tag) & original_params.keys
448
- if deprecated_flags_provided.any? && original_params.include?('enrich')
449
- raise LogStash::ConfigurationError, "both `enrich` and (deprecated) #{deprecated_flags_provided.join(',')} were provided; use only `enrich`"
363
+ if original_params.include?('include_codec_tag') && original_params.include?('enrich')
364
+ raise LogStash::ConfigurationError, "both `enrich` and (deprecated) `include_codec_tag` were provided; use only `enrich`"
450
365
  end
451
366
 
452
367
  aliases_provided = ENRICH_ALIASES & (@enrich || [])
@@ -1,11 +1,11 @@
1
1
  # AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.
2
2
 
3
3
  require 'jar_dependencies'
4
- require_jar('io.netty', 'netty-buffer', '4.1.109.Final')
5
- require_jar('io.netty', 'netty-codec', '4.1.109.Final')
6
- require_jar('io.netty', 'netty-common', '4.1.109.Final')
7
- require_jar('io.netty', 'netty-transport', '4.1.109.Final')
8
- require_jar('io.netty', 'netty-handler', '4.1.109.Final')
9
- require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.109.Final')
4
+ require_jar('io.netty', 'netty-buffer', '4.1.115.Final')
5
+ require_jar('io.netty', 'netty-codec', '4.1.115.Final')
6
+ require_jar('io.netty', 'netty-common', '4.1.115.Final')
7
+ require_jar('io.netty', 'netty-transport', '4.1.115.Final')
8
+ require_jar('io.netty', 'netty-handler', '4.1.115.Final')
9
+ require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.115.Final')
10
10
  require_jar('org.javassist', 'javassist', '3.24.0-GA')
11
- require_jar('org.logstash.beats', 'logstash-input-beats', '6.9.0')
11
+ require_jar('org.logstash.beats', 'logstash-input-beats', '7.0.0')
data/lib/tasks/test.rake CHANGED
@@ -40,17 +40,19 @@ namespace :test do
40
40
  puts "Filebeat: downloading from #{FILEBEAT_URL} to #{download_destination}"
41
41
  download(FILEBEAT_URL, download_destination)
42
42
 
43
- untar_all(download_destination, File.join(VENDOR_PATH, "filebeat")) { |e| e }
43
+ untar_all(download_destination, VENDOR_PATH) { |e| e }
44
44
  end
45
45
  end
46
46
  end
47
47
  end
48
48
 
49
- # Uncompress all the file from the archive this only work with
50
- # one level directory structure and filebeat packaging.
49
+ require 'zlib'
50
+ require 'minitar'
51
+
51
52
  def untar_all(file, destination)
52
- untar(file) do |entry|
53
- out = entry.full_name.split("/").last
54
- File.join(destination, out)
53
+ Zlib::GzipReader.open(file) do |reader|
54
+ Minitar.unpack(reader, destination)
55
55
  end
56
+ filebeat_full_name = Dir.glob(destination + "/filebeat-*").first
57
+ File.rename(filebeat_full_name, destination + "/filebeat")
56
58
  end
@@ -30,7 +30,6 @@ Gem::Specification.new do |s|
30
30
  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.3'
31
31
  s.add_runtime_dependency 'logstash-mixin-event_support', '~>1.0'
32
32
  s.add_runtime_dependency 'logstash-mixin-plugin_factory_support', '~>1.0'
33
- s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
34
33
 
35
34
  s.add_development_dependency "flores", "~>0.0.6"
36
35
  s.add_development_dependency "rspec"
@@ -83,92 +83,14 @@ describe LogStash::Inputs::Beats do
83
83
  end
84
84
 
85
85
  context "with invalid ciphers" do
86
- let(:config) { super().merge("cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
86
+ let(:config) { super().merge("ssl_cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
87
87
 
88
88
  it "should raise a configuration error" do
89
- plugin = LogStash::Inputs::Beats.new(config)
90
- expect( plugin.logger ).to receive(:error) do |msg, opts|
91
- expect( msg ).to match /.*?configuration invalid/
92
- expect( opts[:message] ).to match /TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38.*? not available/
93
- end
94
- expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
95
- end
96
- end
97
-
98
- context "deprecated ssl_verify_mode set to 'none'" do
99
- let(:config) { super().merge("ssl_verify_mode" => "none") }
100
-
101
- context "and ssl_certificate_authorities is set" do
102
- let(:config) { super().merge("ssl_certificate_authorities" => [certificate.ssl_cert]) }
103
- it "should ignore the ssl_verify_mode and use force_peer" do
104
- plugin = LogStash::Inputs::Beats.new(config)
105
- plugin.register
106
- context_builder = plugin.send(:new_ssl_context_builder)
107
- expect(context_builder.isClientAuthenticationRequired()).to be_truthy
108
- end
89
+ expect { LogStash::Inputs::Beats.new(config) }.to raise_error(LogStash::ConfigurationError, a_string_including("Something is wrong with your configuration."))
109
90
  end
110
91
  end
111
92
 
112
93
  context "ssl_client_authentication" do
113
- context "normalized from ssl_verify_mode 'none'" do
114
- let(:config) { super().merge("ssl_verify_mode" => "none") }
115
-
116
- it "should transform the value to 'none'" do
117
- plugin = LogStash::Inputs::Beats.new(config)
118
- plugin.register
119
-
120
- expect(plugin.params).to match hash_including("ssl_client_authentication" => "none")
121
- expect(plugin.instance_variable_get(:@ssl_client_authentication)).to eql("none")
122
- end
123
-
124
- context "and ssl_certificate_authorities is set" do
125
- let(:config) { super().merge("ssl_certificate_authorities" => [certificate.ssl_cert]) }
126
- it "should not raise an error" do
127
- plugin = LogStash::Inputs::Beats.new(config)
128
- expect { plugin.register }.to_not raise_error
129
- end
130
- end
131
- end
132
-
133
- context "normalized from ssl_verify_mode 'peer'" do
134
- let(:config) { super().merge("ssl_verify_mode" => "peer", "ssl_certificate_authorities" => [certificate.ssl_cert]) }
135
-
136
- it 'should transform the value to OPTIONAL' do
137
- plugin = LogStash::Inputs::Beats.new(config)
138
- plugin.register
139
-
140
- expect(plugin.params).to match hash_including("ssl_client_authentication" => "optional")
141
- expect(plugin.instance_variable_get(:@ssl_client_authentication)).to eql("optional")
142
- end
143
-
144
- context "with no ssl_certificate_authorities set " do
145
- let(:config) { super().reject { |key| "ssl_certificate_authorities".eql?(key) } }
146
- it "raise a configuration error" do
147
- plugin = LogStash::Inputs::Beats.new(config)
148
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_verify_mode => 'peer' is configured")
149
- end
150
- end
151
- end
152
-
153
- context "normalized from ssl_verify_mode 'force_peer'" do
154
- let(:config) { super().merge("ssl_verify_mode" => "force_peer", "ssl_certificate_authorities" => [certificate.ssl_cert]) }
155
-
156
- it "should transform the value to 'required'" do
157
- plugin = LogStash::Inputs::Beats.new(config)
158
- plugin.register
159
-
160
- expect(plugin.params).to match hash_including("ssl_client_authentication" => "required")
161
- expect(plugin.instance_variable_get(:@ssl_client_authentication)).to eql("required")
162
- end
163
-
164
- context "with no ssl_certificate_authorities set " do
165
- let(:config) { super().reject { |key| "ssl_certificate_authorities".eql?(key) } }
166
- it "raise a configuration error" do
167
- plugin = LogStash::Inputs::Beats.new(config)
168
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_verify_mode => 'force_peer' is configured")
169
- end
170
- end
171
- end
172
94
 
173
95
  context "configured to 'none'" do
174
96
  let(:config) { super().merge("ssl_client_authentication" => "none") }
@@ -193,7 +115,7 @@ describe LogStash::Inputs::Beats do
193
115
 
194
116
  it "raise a ConfigurationError when certificate_authorities is not set" do
195
117
  plugin = LogStash::Inputs::Beats.new(config)
196
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_client_authentication => 'required' is configured")
118
+ expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when `ssl_client_authentication => 'required'` is configured")
197
119
  end
198
120
 
199
121
  context "with certificate_authorities set" do
@@ -211,7 +133,7 @@ describe LogStash::Inputs::Beats do
211
133
 
212
134
  it "raise a ConfigurationError when certificate_authorities is not set" do
213
135
  plugin = LogStash::Inputs::Beats.new(config)
214
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_client_authentication => 'optional' is configured")
136
+ expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when `ssl_client_authentication => 'optional'` is configured")
215
137
  end
216
138
 
217
139
  context "with certificate_authorities set" do
@@ -224,59 +146,10 @@ describe LogStash::Inputs::Beats do
224
146
  end
225
147
  end
226
148
 
227
- context "with ssl_cipher_suites and cipher_suites set" do
228
- let(:config) do
229
- super().merge('ssl_cipher_suites' => ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'],
230
- 'cipher_suites' => ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'])
231
- end
232
-
233
- it "should raise a configuration error" do
234
- plugin = LogStash::Inputs::Beats.new(config)
235
- expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_cipher_suites.?/i
236
- end
237
- end
238
-
239
- context "with ssl_supported_protocols and tls_min_version set" do
240
- let(:config) do
241
- super().merge('ssl_supported_protocols' => ['TLSv1.2'], 'tls_min_version' => 1.2)
242
- end
243
-
244
- it "should raise a configuration error" do
245
- plugin = LogStash::Inputs::Beats.new(config)
246
- expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_supported_protocols.?/i
247
- end
248
- end
249
-
250
- context "with ssl_supported_protocols and tls_max_version set" do
251
- let(:config) do
252
- super().merge('ssl_supported_protocols' => ['TLSv1.2'], 'tls_max_version' => 1.2)
253
- end
254
-
255
- it "should raise a configuration error" do
256
- plugin = LogStash::Inputs::Beats.new(config)
257
- expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_supported_protocols.?/i
258
- end
259
- end
260
-
261
- context "with ssl_client_authentication and ssl_verify_mode set" do
262
- let(:config) { super().merge("ssl_verify_mode" => "none", "ssl_client_authentication" => "none") }
263
- it "raise a configuration error" do
264
- plugin = LogStash::Inputs::Beats.new(config)
265
- expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_client_authentication.?/i
266
- end
267
- end
268
- end
269
-
270
- context "with ssl and ssl_enabled set" do
271
- let(:config) { super().merge("ssl" => true) }
272
- it "raise a configuration error" do
273
- plugin = LogStash::Inputs::Beats.new(config)
274
- expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_enabled.?/i
275
- end
276
149
  end
277
150
  end
278
151
 
279
- context "with ssl disabled" do
152
+ context "with SSL disabled" do
280
153
  context "and certificate configuration" do
281
154
  let(:config) { { "port" => 0, "ssl_enabled" => false, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats" } }
282
155
 
@@ -305,11 +178,11 @@ describe LogStash::Inputs::Beats do
305
178
  end
306
179
 
307
180
  context "and `ssl_` settings provided" do
308
- let(:config) { { "port" => 0, "ssl_enabled" => false, "ssl_certificate" => certificate.ssl_cert, "ssl_client_authentication" => "none", "cipher_suites" => ["FOO"] } }
181
+ let(:config) { { "port" => 0, "ssl_enabled" => false, "ssl_certificate" => certificate.ssl_cert, "ssl_client_authentication" => "none", "ssl_cipher_suites" => ["TLS_RSA_WITH_AES_128_CBC_SHA256"] } }
309
182
 
310
183
  it "should warn about not using the configs" do
311
184
  plugin = LogStash::Inputs::Beats.new(config)
312
- expect( plugin.logger ).to receive(:warn).with('Configured SSL settings are not used when `ssl_enabled` is set to `false`: ["ssl_certificate", "ssl_client_authentication", "cipher_suites"]')
185
+ expect( plugin.logger ).to receive(:warn).with('Configured SSL settings are not used when `ssl_enabled` is set to `false`: ["ssl_certificate", "ssl_client_authentication", "ssl_cipher_suites"]')
313
186
 
314
187
  plugin.register
315
188
 
@@ -397,28 +270,22 @@ describe LogStash::Inputs::Beats do
397
270
  end
398
271
 
399
272
  shared_examples "ssl_peer_metadata enabled" do
400
- it "is configured to enrich ssl_peer_metadata" do
401
- expect(registered_plugin.ssl_peer_metadata).to be_truthy
273
+ it "is configured to include the SSL peer tag" do
274
+ expect(registered_plugin.include_ssl_peer_metadata).to be true
402
275
  end
403
276
  end
404
277
 
405
278
  shared_examples "ssl_peer_metadata disabled" do
406
- it "is configured to NOT enrich ssl_peer_metadata" do
407
- expect(registered_plugin.ssl_peer_metadata).to be_falsey
279
+ it "is configured to NOT include the SSL peer tag" do
280
+ expect(registered_plugin.include_ssl_peer_metadata).to be false
408
281
  end
409
282
  end
410
283
 
411
- shared_examples "reject deprecated enrichment flags" do
412
- context "with deprecated `ssl_peer_metadata`" do
413
- let(:config) { super().merge("ssl_peer_metadata" => true) }
414
- it 'rejects the configuration with a helpful error message' do
415
- expect { plugin.register }.to raise_exception(LogStash::ConfigurationError, "both `enrich` and (deprecated) ssl_peer_metadata were provided; use only `enrich`")
416
- end
417
- end
284
+ shared_examples "reject deprecated enrichment flag" do
418
285
  context "with deprecated `include_codec_tag`" do
419
286
  let(:config) { super().merge("include_codec_tag" => false) }
420
287
  it 'rejects the configuration with a helpful error message' do
421
- expect { plugin.register }.to raise_exception(LogStash::ConfigurationError, "both `enrich` and (deprecated) include_codec_tag were provided; use only `enrich`")
288
+ expect { plugin.register }.to raise_exception(LogStash::ConfigurationError, "both `enrich` and (deprecated) `include_codec_tag` were provided; use only `enrich`")
422
289
  end
423
290
  end
424
291
  end
@@ -429,18 +296,6 @@ describe LogStash::Inputs::Beats do
429
296
  include_examples "source_metadata enabled"
430
297
  include_examples "ssl_peer_metadata disabled"
431
298
 
432
- # validate interaction with deprecated settings
433
- context "with deprecated `ssl_peer_metadata => true`" do
434
- let(:config) { super().merge("ssl_peer_metadata" => true) }
435
-
436
- # intended delta
437
- include_examples "ssl_peer_metadata enabled"
438
-
439
- # ensure no side-effects
440
- include_examples "codec_metadata enabled"
441
- include_examples "source_metadata enabled"
442
- end
443
-
444
299
  context "with deprecated `include_codec_tag => false`" do
445
300
  let(:config) { super().merge("include_codec_tag" => false) }
446
301
 
@@ -463,7 +318,7 @@ describe LogStash::Inputs::Beats do
463
318
  include_examples "source_metadata enabled"
464
319
  include_examples "ssl_peer_metadata enabled"
465
320
 
466
- include_examples "reject deprecated enrichment flags"
321
+ include_examples "reject deprecated enrichment flag"
467
322
  end
468
323
 
469
324
  context "with alias `enrich => none`" do
@@ -473,7 +328,7 @@ describe LogStash::Inputs::Beats do
473
328
  include_examples "source_metadata disabled"
474
329
  include_examples "ssl_peer_metadata disabled"
475
330
 
476
- include_examples "reject deprecated enrichment flags"
331
+ include_examples "reject deprecated enrichment flag"
477
332
  end
478
333
  end
479
334
 
@@ -491,7 +346,7 @@ describe LogStash::Inputs::Beats do
491
346
  include_examples "#{enrichment} #{activated.include?(enrichment) ? 'enabled' : 'disabled'}"
492
347
  end
493
348
 
494
- include_examples "reject deprecated enrichment flags"
349
+ include_examples "reject deprecated enrichment flag"
495
350
  end
496
351
  end
497
352
 
@@ -516,8 +371,8 @@ describe LogStash::Inputs::Beats do
516
371
  super().merge(
517
372
  "host" => host,
518
373
  "ssl_enabled" => true,
519
- "ssl_verify_mode" => 'force_peer',
520
- "ssl_peer_metadata" => true,
374
+ "enrich" => ["ssl_peer_metadata"],
375
+ "ssl_client_authentication" => "required",
521
376
  "ssl_certificate_authorities" => [ certificate.ssl_cert ],
522
377
  "ecs_compatibility" => 'disabled'
523
378
  )
@@ -595,7 +450,7 @@ describe LogStash::Inputs::Beats do
595
450
  context 'with ssl disabled' do
596
451
  let(:config) { super().merge("ssl_enabled" => false) }
597
452
 
598
- it 'do not set tls fields' do
453
+ it 'does not set tls fields' do
599
454
  @message_listener.onNewMessage(ctx, message)
600
455
 
601
456
  expect( queue.size ).to be 1
@@ -609,4 +464,23 @@ describe LogStash::Inputs::Beats do
609
464
  context "when interrupting the plugin" do
610
465
  it_behaves_like "an interruptible input plugin"
611
466
  end
467
+
468
+ describe "obsolete settings" do
469
+ let(:config) { { "port" => 1234 } }
470
+ [{:name => 'ssl', :canonical_name => 'ssl_enabled'},
471
+ {:name => 'ssl_peer_metadata', :canonical_name => 'enrich'},
472
+ {:name => 'ssl_verify_mode', :canonical_name => 'ssl_client_authentication'},
473
+ {:name => 'cipher_suites', :canonical_name => 'ssl_cipher_suites'},
474
+ {:name => 'tls_min_version', :canonical_name => 'ssl_supported_protocols'},
475
+ {:name => 'tls_max_version', :canonical_name => 'ssl_supported_protocols'}
476
+ ].each do |settings|
477
+ context "with option #{settings[:name]}" do
478
+ let(:obsolete_config) { config.merge(settings[:name] => 'test_value') }
479
+ it "emits an error about the setting `#{settings[:name]}` now being obsolete and provides guidance to use `#{settings[:canonical_name]}`" do
480
+ error_text = "The setting `#{settings[:name]}` in plugin `beats` is obsolete and is no longer available. Use '#{settings[:canonical_name]}' instead."
481
+ expect { LogStash::Inputs::Beats.new(obsolete_config) }.to raise_error LogStash::ConfigurationError, a_string_including(error_text)
482
+ end
483
+ end
484
+ end
485
+ end
612
486
  end
@@ -51,7 +51,7 @@ describe "Filebeat", :integration => true do
51
51
  before :each do
52
52
  FileUtils.rm_rf(File.join(File.dirname(__FILE__), "..", "..", "vendor", "filebeat", "data"))
53
53
  start_client
54
- raise 'Filebeat did not start in alloted time' unless is_alive
54
+ raise 'Filebeat did not start in allocated time' unless is_alive
55
55
  sleep(20) # give some time to FB to send something
56
56
  end
57
57
 
@@ -76,7 +76,7 @@ describe "Filebeat", :integration => true do
76
76
  end
77
77
 
78
78
  ############################################################
79
- # Actuals tests
79
+ # Actual tests
80
80
  context "Plain TCP" do
81
81
  include_examples "send events"
82
82
 
@@ -147,7 +147,7 @@ describe "Filebeat", :integration => true do
147
147
  let(:input_config) {
148
148
  super().merge({
149
149
  "ssl_cipher_suites" => [logstash_cipher],
150
- "tls_min_version" => "1.2"
150
+ "ssl_supported_protocols" => ["TLSv1.2"]
151
151
  })
152
152
  }
153
153
 
@@ -193,9 +193,7 @@ describe "Filebeat", :integration => true do
193
193
 
194
194
  context "when TLSv1.3 enforced in plugin" do
195
195
  let(:input_config) {
196
- super().merge({
197
- "tls_min_version" => "1.3"
198
- })
196
+ super().merge({ "ssl_supported_protocols" => ["TLSv1.3"] })
199
197
  }
200
198
 
201
199
  include_examples "send events"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-beats
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.9.0
4
+ version: 7.0.0
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-28 00:00:00.000000000 Z
11
+ date: 2024-12-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -20,8 +20,8 @@ dependencies:
20
20
  - !ruby/object:Gem::Version
21
21
  version: '2.99'
22
22
  name: logstash-core-plugin-api
23
- prerelease: false
24
23
  type: :runtime
24
+ prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
26
26
  requirements:
27
27
  - - ">="
@@ -37,8 +37,8 @@ dependencies:
37
37
  - !ruby/object:Gem::Version
38
38
  version: '0'
39
39
  name: logstash-codec-plain
40
- prerelease: false
41
40
  type: :runtime
41
+ prerelease: false
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  requirements:
44
44
  - - ">="
@@ -51,8 +51,8 @@ dependencies:
51
51
  - !ruby/object:Gem::Version
52
52
  version: '1.0'
53
53
  name: concurrent-ruby
54
- prerelease: false
55
54
  type: :runtime
55
+ prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
58
  - - "~>"
@@ -65,8 +65,8 @@ dependencies:
65
65
  - !ruby/object:Gem::Version
66
66
  version: 0.3.5
67
67
  name: thread_safe
68
- prerelease: false
69
68
  type: :runtime
69
+ prerelease: false
70
70
  version_requirements: !ruby/object:Gem::Requirement
71
71
  requirements:
72
72
  - - "~>"
@@ -79,8 +79,8 @@ dependencies:
79
79
  - !ruby/object:Gem::Version
80
80
  version: 2.0.5
81
81
  name: logstash-codec-multiline
82
- prerelease: false
83
82
  type: :runtime
83
+ prerelease: false
84
84
  version_requirements: !ruby/object:Gem::Requirement
85
85
  requirements:
86
86
  - - ">="
@@ -96,8 +96,8 @@ dependencies:
96
96
  - !ruby/object:Gem::Version
97
97
  version: 0.3.4
98
98
  name: jar-dependencies
99
- prerelease: false
100
99
  type: :runtime
100
+ prerelease: false
101
101
  version_requirements: !ruby/object:Gem::Requirement
102
102
  requirements:
103
103
  - - "~>"
@@ -113,8 +113,8 @@ dependencies:
113
113
  - !ruby/object:Gem::Version
114
114
  version: '1.3'
115
115
  name: logstash-mixin-ecs_compatibility_support
116
- prerelease: false
117
116
  type: :runtime
117
+ prerelease: false
118
118
  version_requirements: !ruby/object:Gem::Requirement
119
119
  requirements:
120
120
  - - "~>"
@@ -127,8 +127,8 @@ dependencies:
127
127
  - !ruby/object:Gem::Version
128
128
  version: '1.0'
129
129
  name: logstash-mixin-event_support
130
- prerelease: false
131
130
  type: :runtime
131
+ prerelease: false
132
132
  version_requirements: !ruby/object:Gem::Requirement
133
133
  requirements:
134
134
  - - "~>"
@@ -141,22 +141,8 @@ dependencies:
141
141
  - !ruby/object:Gem::Version
142
142
  version: '1.0'
143
143
  name: logstash-mixin-plugin_factory_support
144
- prerelease: false
145
144
  type: :runtime
146
- version_requirements: !ruby/object:Gem::Requirement
147
- requirements:
148
- - - "~>"
149
- - !ruby/object:Gem::Version
150
- version: '1.0'
151
- - !ruby/object:Gem::Dependency
152
- requirement: !ruby/object:Gem::Requirement
153
- requirements:
154
- - - "~>"
155
- - !ruby/object:Gem::Version
156
- version: '1.0'
157
- name: logstash-mixin-normalize_config_support
158
145
  prerelease: false
159
- type: :runtime
160
146
  version_requirements: !ruby/object:Gem::Requirement
161
147
  requirements:
162
148
  - - "~>"
@@ -169,8 +155,8 @@ dependencies:
169
155
  - !ruby/object:Gem::Version
170
156
  version: 0.0.6
171
157
  name: flores
172
- prerelease: false
173
158
  type: :development
159
+ prerelease: false
174
160
  version_requirements: !ruby/object:Gem::Requirement
175
161
  requirements:
176
162
  - - "~>"
@@ -183,8 +169,8 @@ dependencies:
183
169
  - !ruby/object:Gem::Version
184
170
  version: '0'
185
171
  name: rspec
186
- prerelease: false
187
172
  type: :development
173
+ prerelease: false
188
174
  version_requirements: !ruby/object:Gem::Requirement
189
175
  requirements:
190
176
  - - ">="
@@ -197,8 +183,8 @@ dependencies:
197
183
  - !ruby/object:Gem::Version
198
184
  version: '0'
199
185
  name: stud
200
- prerelease: false
201
186
  type: :development
187
+ prerelease: false
202
188
  version_requirements: !ruby/object:Gem::Requirement
203
189
  requirements:
204
190
  - - ">="
@@ -211,8 +197,8 @@ dependencies:
211
197
  - !ruby/object:Gem::Version
212
198
  version: '0'
213
199
  name: pry
214
- prerelease: false
215
200
  type: :development
201
+ prerelease: false
216
202
  version_requirements: !ruby/object:Gem::Requirement
217
203
  requirements:
218
204
  - - ">="
@@ -225,8 +211,8 @@ dependencies:
225
211
  - !ruby/object:Gem::Version
226
212
  version: '0'
227
213
  name: rspec-wait
228
- prerelease: false
229
214
  type: :development
215
+ prerelease: false
230
216
  version_requirements: !ruby/object:Gem::Requirement
231
217
  requirements:
232
218
  - - ">="
@@ -239,8 +225,8 @@ dependencies:
239
225
  - !ruby/object:Gem::Version
240
226
  version: '0'
241
227
  name: logstash-devutils
242
- prerelease: false
243
228
  type: :development
229
+ prerelease: false
244
230
  version_requirements: !ruby/object:Gem::Requirement
245
231
  requirements:
246
232
  - - ">="
@@ -253,8 +239,8 @@ dependencies:
253
239
  - !ruby/object:Gem::Version
254
240
  version: '0'
255
241
  name: logstash-codec-json
256
- prerelease: false
257
242
  type: :development
243
+ prerelease: false
258
244
  version_requirements: !ruby/object:Gem::Requirement
259
245
  requirements:
260
246
  - - ">="
@@ -267,8 +253,8 @@ dependencies:
267
253
  - !ruby/object:Gem::Version
268
254
  version: '0'
269
255
  name: childprocess
270
- prerelease: false
271
256
  type: :development
257
+ prerelease: false
272
258
  version_requirements: !ruby/object:Gem::Requirement
273
259
  requirements:
274
260
  - - ">="
@@ -299,7 +285,6 @@ files:
299
285
  - lib/logstash/inputs/beats/message_listener.rb
300
286
  - lib/logstash/inputs/beats/patch.rb
301
287
  - lib/logstash/inputs/beats/raw_event_transform.rb
302
- - lib/logstash/inputs/beats/tls.rb
303
288
  - lib/tasks/build.rake
304
289
  - lib/tasks/test.rake
305
290
  - logstash-input-beats.gemspec
@@ -308,7 +293,6 @@ files:
308
293
  - spec/inputs/beats/event_transform_common_spec.rb
309
294
  - spec/inputs/beats/message_listener_spec.rb
310
295
  - spec/inputs/beats/raw_event_transform_spec.rb
311
- - spec/inputs/beats/tls_spec.rb
312
296
  - spec/inputs/beats_spec.rb
313
297
  - spec/integration/filebeat_spec.rb
314
298
  - spec/spec_helper.rb
@@ -319,14 +303,14 @@ files:
319
303
  - spec/support/integration_shared_context.rb
320
304
  - spec/support/logstash_test.rb
321
305
  - spec/support/shared_examples.rb
322
- - vendor/jar-dependencies/io/netty/netty-buffer/4.1.109.Final/netty-buffer-4.1.109.Final.jar
323
- - vendor/jar-dependencies/io/netty/netty-codec/4.1.109.Final/netty-codec-4.1.109.Final.jar
324
- - vendor/jar-dependencies/io/netty/netty-common/4.1.109.Final/netty-common-4.1.109.Final.jar
325
- - vendor/jar-dependencies/io/netty/netty-handler/4.1.109.Final/netty-handler-4.1.109.Final.jar
326
- - vendor/jar-dependencies/io/netty/netty-transport-native-unix-common/4.1.109.Final/netty-transport-native-unix-common-4.1.109.Final.jar
327
- - vendor/jar-dependencies/io/netty/netty-transport/4.1.109.Final/netty-transport-4.1.109.Final.jar
306
+ - vendor/jar-dependencies/io/netty/netty-buffer/4.1.115.Final/netty-buffer-4.1.115.Final.jar
307
+ - vendor/jar-dependencies/io/netty/netty-codec/4.1.115.Final/netty-codec-4.1.115.Final.jar
308
+ - vendor/jar-dependencies/io/netty/netty-common/4.1.115.Final/netty-common-4.1.115.Final.jar
309
+ - vendor/jar-dependencies/io/netty/netty-handler/4.1.115.Final/netty-handler-4.1.115.Final.jar
310
+ - vendor/jar-dependencies/io/netty/netty-transport-native-unix-common/4.1.115.Final/netty-transport-native-unix-common-4.1.115.Final.jar
311
+ - vendor/jar-dependencies/io/netty/netty-transport/4.1.115.Final/netty-transport-4.1.115.Final.jar
328
312
  - vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
329
- - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.9.0/logstash-input-beats-6.9.0.jar
313
+ - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/7.0.0/logstash-input-beats-7.0.0.jar
330
314
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
331
315
  licenses:
332
316
  - Apache License (2.0)
@@ -349,7 +333,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
349
333
  - !ruby/object:Gem::Version
350
334
  version: '0'
351
335
  requirements: []
352
- rubygems_version: 3.2.33
336
+ rubygems_version: 3.3.26
353
337
  signing_key:
354
338
  specification_version: 4
355
339
  summary: Receives events from the Elastic Beats framework
@@ -359,7 +343,6 @@ test_files:
359
343
  - spec/inputs/beats/event_transform_common_spec.rb
360
344
  - spec/inputs/beats/message_listener_spec.rb
361
345
  - spec/inputs/beats/raw_event_transform_spec.rb
362
- - spec/inputs/beats/tls_spec.rb
363
346
  - spec/inputs/beats_spec.rb
364
347
  - spec/integration/filebeat_spec.rb
365
348
  - spec/spec_helper.rb
@@ -1,41 +0,0 @@
1
- # encoding: utf-8
2
- module LogStash module Inputs class Beats
3
- class TLS
4
- class TLSOption
5
- include Comparable
6
-
7
- attr_reader :name, :version
8
- def initialize(name, version)
9
- @name = name
10
- @version = version
11
- end
12
-
13
- def <=>(other)
14
- version <=> other.version
15
- end
16
- end
17
-
18
- TLS_PROTOCOL_OPTIONS = [
19
- TLSOption.new("TLSv1", 1),
20
- TLSOption.new("TLSv1.1", 1.1),
21
- TLSOption.new("TLSv1.2", 1.2),
22
- TLSOption.new("TLSv1.3", 1.3)
23
- ]
24
-
25
- def self.min
26
- TLS_PROTOCOL_OPTIONS.min
27
- end
28
-
29
- def self.max
30
- TLS_PROTOCOL_OPTIONS.max
31
- end
32
-
33
- def self.get_supported(versions)
34
- if versions.is_a?(Range)
35
- TLS_PROTOCOL_OPTIONS.select { |tls| versions.cover?(tls.version) }
36
- else
37
- TLS_PROTOCOL_OPTIONS.select { |tls| versions == tls.version }
38
- end
39
- end
40
- end
41
- end; end; end
@@ -1,39 +0,0 @@
1
- # encoding: utf-8
2
- require "logstash/inputs/beats/tls"
3
-
4
- describe LogStash::Inputs::Beats::TLS do
5
- subject { described_class }
6
-
7
- it "returns the minimum supported tls" do
8
- expect(subject.min.version).to eq(1)
9
- expect(subject.min.name).to eq("TLSv1")
10
- end
11
-
12
- it "returns the maximum supported tls" do
13
- expect(subject.max.version).to eq(1.3)
14
- expect(subject.max.name).to eq("TLSv1.3")
15
- end
16
-
17
- describe ".get_supported" do
18
- context "when a range is given" do
19
- it "returns the list of compatible TLS from a range" do
20
- expect(subject.get_supported((1.1)..(1.2)).map(&:version)).to match([1.1, 1.2])
21
- end
22
-
23
- it "it return an empty array when nothing match" do
24
- expect(subject.get_supported((3.1)..(8.2))).to be_empty
25
- end
26
- end
27
-
28
- context "when a scalar is given" do
29
- it "when a scalar is given we return the compatible value" do
30
- expect(subject.get_supported(1.1).map(&:version)).to match([1.1])
31
- end
32
-
33
-
34
- it "it return an empty array when nothing match" do
35
- expect(subject.get_supported(9)).to be_empty
36
- end
37
- end
38
- end
39
- end