logstash-input-beats 6.9.1-java → 7.0.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/VERSION +1 -1
- data/docs/index.asciidoc +17 -73
- data/lib/logstash/inputs/beats.rb +20 -105
- data/lib/logstash-input-beats_jars.rb +1 -1
- data/lib/tasks/test.rake +8 -6
- data/logstash-input-beats.gemspec +0 -1
- data/spec/inputs/beats_spec.rb +38 -164
- data/spec/integration/filebeat_spec.rb +4 -6
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/{6.9.1/logstash-input-beats-6.9.1.jar → 7.0.0/logstash-input-beats-7.0.0.jar} +0 -0
- metadata +3 -20
- data/lib/logstash/inputs/beats/tls.rb +0 -41
- data/spec/inputs/beats/tls_spec.rb +0 -39
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0f99bdf1800764220d652953474bd4b98195cca6dec131e73fdbfdfae37c7d86
|
4
|
+
data.tar.gz: 3bafe83e5f676a384f2c7ecc473a600b922d31e6a3f1f6c3e9b3c6b4008f73da
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4d7ad1989c834ef2b9230904b0cf4bf19e168de73db12a7e06ea1a90edc546c4823b32cb823f68ee815740760716d315537c682adb91b7d5ab8b18b3d251f3c0
|
7
|
+
data.tar.gz: 709f7c0e404c009390fc94468ebdaa55a9cba2b702e2cf38b294ac81f00e2c227fd4242838a70bdd3e3b33236a45d16dd0177c08756e8075a503864f95acd52b
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,15 @@
|
|
1
|
+
## 7.0.0
|
2
|
+
- Remove deprecated SSL settings
|
3
|
+
- SSL settings that were marked deprecated in version `6.6.0` are now marked obsolete, and will prevent the plugin from starting.
|
4
|
+
- These settings are:
|
5
|
+
- `cipher_suites`, replaced by `ssl_cipher_suites`
|
6
|
+
- `ssl`, replaced by `ssl_enabled`
|
7
|
+
- `ssl_peer_metadata`, replaced by `enrich`
|
8
|
+
- `ssl_verify_mode`, replaced by `ssl_client_authentication`
|
9
|
+
- `tls_max_version`, replaced by `ssl_supported_protocols`
|
10
|
+
- `tls_min_version`, replaced by `ssl_supported_protocols`
|
11
|
+
- [#508](https://github.com/logstash-plugins/logstash-input-beats/pull/508)
|
12
|
+
|
1
13
|
## 6.9.1
|
2
14
|
- Upgrade netty to 4.1.115 [#507](https://github.com/logstash-plugins/logstash-input-beats/pull/507)
|
3
15
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
7.0.0
|
data/docs/index.asciidoc
CHANGED
@@ -209,11 +209,13 @@ e|N/A
|
|
209
209
|
|
210
210
|
This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
|
211
211
|
|
212
|
+
NOTE: As of version `7.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed.
|
213
|
+
Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
|
214
|
+
|
212
215
|
[cols="<,<,<",options="header",]
|
213
216
|
|=======================================================================
|
214
217
|
|Setting |Input type|Required
|
215
218
|
| <<plugins-{type}s-{plugin}-add_hostname>> |<<boolean,boolean>>|__Deprecated__
|
216
|
-
| <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|__Deprecated__
|
217
219
|
| <<plugins-{type}s-{plugin}-client_inactivity_timeout>> |<<number,number>>|No
|
218
220
|
| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
|
219
221
|
| <<plugins-{type}s-{plugin}-enrich>> |<<string,string>>|No
|
@@ -222,7 +224,6 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
222
224
|
| <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
|
223
225
|
| <<plugins-{type}s-{plugin}-include_codec_tag>> |<<boolean,boolean>>|__Deprecated__
|
224
226
|
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
|
225
|
-
| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|__Deprecated__
|
226
227
|
| <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
|
227
228
|
| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
|
228
229
|
| <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<array,array>>|No
|
@@ -231,11 +232,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
231
232
|
| <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
|
232
233
|
| <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
|
233
234
|
| <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
|
234
|
-
| <<plugins-{type}s-{plugin}-ssl_peer_metadata>> |<<boolean,boolean>>|__Deprecated__
|
235
235
|
| <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<array,array>>|No
|
236
|
-
| <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
|
237
|
-
| <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|__Deprecated__
|
238
|
-
| <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|__Deprecated__
|
239
236
|
|=======================================================================
|
240
237
|
|
241
238
|
Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
|
@@ -253,14 +250,6 @@ input plugins.
|
|
253
250
|
|
254
251
|
Flag to determine whether to add `host` field to event using the value supplied by the {plugin-singular} in the `hostname` field.
|
255
252
|
|
256
|
-
[id="plugins-{type}s-{plugin}-cipher_suites"]
|
257
|
-
===== `cipher_suites`
|
258
|
-
deprecated[6.4.0, Replaced by <<plugins-{type}s-{plugin}-ssl_cipher_suites>>]
|
259
|
-
|
260
|
-
* Value type is <<array,array>>
|
261
|
-
|
262
|
-
The list of cipher suites to use, listed by priorities.
|
263
|
-
|
264
253
|
[id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
|
265
254
|
===== `client_inactivity_timeout`
|
266
255
|
|
@@ -399,17 +388,6 @@ deprecated[6.5.0, Replaced by <<plugins-{type}s-{plugin}-enrich>>]
|
|
399
388
|
|
400
389
|
The port to listen on.
|
401
390
|
|
402
|
-
[id="plugins-{type}s-{plugin}-ssl"]
|
403
|
-
===== `ssl`
|
404
|
-
deprecated[6.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
|
405
|
-
|
406
|
-
* Value type is <<boolean,boolean>>
|
407
|
-
* Default value is `false`
|
408
|
-
|
409
|
-
Events are by default sent in plain text. You can
|
410
|
-
enable encryption by setting `ssl` to true and configuring
|
411
|
-
the `ssl_certificate` and `ssl_key` options.
|
412
|
-
|
413
391
|
[id="plugins-{type}s-{plugin}-ssl_certificate"]
|
414
392
|
===== `ssl_certificate`
|
415
393
|
|
@@ -497,18 +475,6 @@ openssl pkcs8 -inform PEM -in path/to/logstash.key -topk8 -nocrypt -outform PEM
|
|
497
475
|
|
498
476
|
SSL key passphrase to use.
|
499
477
|
|
500
|
-
[id="plugins-{type}s-{plugin}-ssl_peer_metadata"]
|
501
|
-
===== `ssl_peer_metadata`
|
502
|
-
|
503
|
-
deprecated[6.5.0, Replaced by <<plugins-{type}s-{plugin}-enrich>>]
|
504
|
-
|
505
|
-
* Value type is <<boolean,boolean>>
|
506
|
-
* Default value is `false`
|
507
|
-
|
508
|
-
Enables storing client certificate information in event's metadata.
|
509
|
-
|
510
|
-
This option is only valid when <<plugins-{type}s-{plugin}-ssl_client_authentication>> is set to `optional` or `required`.
|
511
|
-
|
512
478
|
[id="plugins-{type}s-{plugin}-ssl_supported_protocols"]
|
513
479
|
===== `ssl_supported_protocols`
|
514
480
|
|
@@ -526,45 +492,23 @@ NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as
|
|
526
492
|
the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
|
527
493
|
the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
|
528
494
|
|
529
|
-
[id="plugins-{type}s-{plugin}-
|
530
|
-
|
531
|
-
deprecated[6.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_client_authentication>>]
|
532
|
-
|
533
|
-
* Value can be any of: `none`, `peer`, `force_peer`
|
534
|
-
* Default value is `"none"`
|
535
|
-
|
536
|
-
By default, the server doesn't do any client verification. If the <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
|
537
|
-
is configured, and no value or `none` is provided for this option, it defaults to `force_peer` instead of `none`.
|
538
|
-
|
539
|
-
`peer` will make the server ask the client to provide a certificate.
|
540
|
-
If the client provides a certificate, it will be validated.
|
541
|
-
|
542
|
-
`force_peer` will make the server ask the client to provide a certificate.
|
543
|
-
If the client doesn't provide a certificate, the connection will be closed.
|
495
|
+
[id="plugins-{type}s-{plugin}-obsolete-options"]
|
496
|
+
==== Beats Input Obsolete Configuration Options
|
544
497
|
|
545
|
-
|
546
|
-
|
547
|
-
Please note that the server does not validate the client certificate CN (Common Name) or SAN (Subject Alternative Name).
|
548
|
-
|
549
|
-
NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> is set.
|
498
|
+
WARNING: As of version `7.0.0` of this plugin, some configuration options have been replaced.
|
499
|
+
The plugin will fail to start if it contains any of these obsolete options.
|
550
500
|
|
551
|
-
[id="plugins-{type}s-{plugin}-tls_max_version"]
|
552
|
-
===== `tls_max_version`
|
553
|
-
deprecated[6.4.0, Replaced by <<plugins-{type}s-{plugin}-ssl_supported_protocols>>]
|
554
501
|
|
555
|
-
|
556
|
-
|
557
|
-
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
|
562
|
-
|
563
|
-
|
564
|
-
|
565
|
-
|
566
|
-
The minimum TLS version allowed for the encrypted connections.
|
567
|
-
The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
|
502
|
+
[cols="<,<",options="header",]
|
503
|
+
|=======================================================================
|
504
|
+
|Setting|Replaced by
|
505
|
+
| cipher_suites |<<plugins-{type}s-{plugin}-ssl_cipher_suites>>
|
506
|
+
| ssl |<<plugins-{type}s-{plugin}-ssl_enabled>>
|
507
|
+
| ssl_peer_metadata |<<plugins-{type}s-{plugin}-enrich>>
|
508
|
+
| ssl_verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
|
509
|
+
| tls_max_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
|
510
|
+
| tls_min_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
|
511
|
+
|=======================================================================
|
568
512
|
|
569
513
|
|
570
514
|
[id="plugins-{type}s-{plugin}-common-options"]
|
@@ -7,7 +7,6 @@ require "logstash/util"
|
|
7
7
|
require "logstash-input-beats_jars"
|
8
8
|
require "logstash/plugin_mixins/ecs_compatibility_support"
|
9
9
|
require 'logstash/plugin_mixins/plugin_factory_support'
|
10
|
-
require "logstash/plugin_mixins/normalize_config_support"
|
11
10
|
require 'logstash/plugin_mixins/event_support/event_factory_adapter'
|
12
11
|
require_relative "beats/patch"
|
13
12
|
|
@@ -51,7 +50,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
51
50
|
require "logstash/inputs/beats/decoded_event_transform"
|
52
51
|
require "logstash/inputs/beats/raw_event_transform"
|
53
52
|
require "logstash/inputs/beats/message_listener"
|
54
|
-
require "logstash/inputs/beats/tls"
|
55
53
|
|
56
54
|
java_import 'org.logstash.netty.SslContextBuilder'
|
57
55
|
|
@@ -62,8 +60,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
62
60
|
|
63
61
|
include LogStash::PluginMixins::PluginFactorySupport
|
64
62
|
|
65
|
-
include LogStash::PluginMixins::NormalizeConfigSupport
|
66
|
-
|
67
63
|
config_name "beats"
|
68
64
|
|
69
65
|
default :codec, "plain"
|
@@ -74,11 +70,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
74
70
|
# The port to listen on.
|
75
71
|
config :port, :validate => :number, :required => true
|
76
72
|
|
77
|
-
# Events are by default sent in plain text. You can
|
78
|
-
# enable encryption by setting `ssl` to true and configuring
|
79
|
-
# the `ssl_certificate` and `ssl_key` options.
|
80
|
-
config :ssl, :validate => :boolean, :default => false, :deprecated => "Use 'ssl_enabled' instead."
|
81
|
-
|
82
73
|
# SSL certificate to use.
|
83
74
|
config :ssl_certificate, :validate => :path
|
84
75
|
|
@@ -97,8 +88,8 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
97
88
|
|
98
89
|
# Validate client certificates against these authorities.
|
99
90
|
# You can define multiple files or paths. All the certificates will
|
100
|
-
# be read and added to the trust store. You need to configure the `
|
101
|
-
# to `
|
91
|
+
# be read and added to the trust store. You need to configure the `ssl_client_authentication`
|
92
|
+
# to `optional` or `required` to enable the client verification.
|
102
93
|
#
|
103
94
|
config :ssl_certificate_authorities, :validate => :array, :default => []
|
104
95
|
|
@@ -110,21 +101,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
110
101
|
# This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
|
111
102
|
config :ssl_client_authentication, :validate => %w[none optional required], :default => 'none'
|
112
103
|
|
113
|
-
# By default the server doesn't do any client verification.
|
114
|
-
#
|
115
|
-
# `peer` will make the server ask the client to provide a certificate.
|
116
|
-
# If the client provides a certificate, it will be validated.
|
117
|
-
#
|
118
|
-
# `force_peer` will make the server ask the client to provide a certificate.
|
119
|
-
# If the client doesn't provide a certificate, the connection will be closed.
|
120
|
-
#
|
121
|
-
# This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
|
122
|
-
config :ssl_verify_mode, :validate => ["none", "peer", "force_peer"], :default => "none", :deprecated => "Set 'ssl_client_authentication' instead."
|
123
|
-
|
124
|
-
# Enables storing client certificate information in event's metadata. You need
|
125
|
-
# to configure the `ssl_verify_mode` to `peer` or `force_peer` to enable this.
|
126
|
-
config :ssl_peer_metadata, :validate => :boolean, :default => false, :deprecated => "use `enrich` option to configure which enrichments to perform"
|
127
|
-
|
128
104
|
config :include_codec_tag, :validate => :boolean, :default => true, :deprecated => "use `enrich` option to configure which enrichments to perform"
|
129
105
|
|
130
106
|
# Time in milliseconds for an incomplete ssl handshake to timeout
|
@@ -148,21 +124,18 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
148
124
|
# Flag to determine whether to add host information (provided by the beat in the 'hostname' field) to the event
|
149
125
|
config :add_hostname, :validate => :boolean, :default => false, :deprecated => 'This option will be removed in the future as beats determine the event schema'
|
150
126
|
|
151
|
-
#
|
152
|
-
config :
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
config :tls_min_version,
|
157
|
-
|
158
|
-
# The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
|
159
|
-
# 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
|
160
|
-
config :tls_max_version, :validate => :number, :default => TLS.max.version, :deprecated => "Set 'ssl_supported_protocols' instead."
|
127
|
+
# removed options
|
128
|
+
config :ssl, :obsolete => "Use 'ssl_enabled' instead."
|
129
|
+
config :ssl_peer_metadata, :obsolete => "Use 'enrich' instead."
|
130
|
+
config :ssl_verify_mode, :obsolete => "Use 'ssl_client_authentication' instead."
|
131
|
+
config :cipher_suites, :obsolete => "Use 'ssl_cipher_suites' instead."
|
132
|
+
config :tls_min_version, :obsolete => "Use 'ssl_supported_protocols' instead."
|
133
|
+
config :tls_max_version, :obsolete => "Use 'ssl_supported_protocols' instead."
|
161
134
|
|
162
135
|
ENRICH_DEFAULTS = {
|
163
136
|
'source_metadata' => true,
|
164
137
|
'codec_metadata' => true,
|
165
|
-
'ssl_peer_metadata' => false,
|
138
|
+
'ssl_peer_metadata' => false, # adds client certificate information in event's metadata
|
166
139
|
}.freeze
|
167
140
|
|
168
141
|
ENRICH_ALL = ENRICH_DEFAULTS.keys.freeze
|
@@ -174,29 +147,16 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
174
147
|
|
175
148
|
attr_reader :field_hostname, :field_hostip
|
176
149
|
attr_reader :field_tls_protocol_version, :field_tls_peer_subject, :field_tls_cipher
|
150
|
+
attr_reader :include_ssl_peer_metadata
|
177
151
|
attr_reader :include_source_metadata
|
178
152
|
|
179
|
-
NON_PREFIXED_SSL_CONFIGS = Set[
|
180
|
-
'tls_min_version',
|
181
|
-
'tls_max_version',
|
182
|
-
'cipher_suites',
|
183
|
-
].freeze
|
184
|
-
|
185
153
|
SSL_CLIENT_AUTH_NONE = 'none'.freeze
|
186
154
|
SSL_CLIENT_AUTH_OPTIONAL = 'optional'.freeze
|
187
155
|
SSL_CLIENT_AUTH_REQUIRED = 'required'.freeze
|
188
156
|
|
189
|
-
SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP = {
|
190
|
-
'none' => SSL_CLIENT_AUTH_NONE,
|
191
|
-
'peer' => SSL_CLIENT_AUTH_OPTIONAL,
|
192
|
-
'force_peer' => SSL_CLIENT_AUTH_REQUIRED
|
193
|
-
}.freeze
|
194
|
-
|
195
157
|
private_constant :SSL_CLIENT_AUTH_NONE
|
196
158
|
private_constant :SSL_CLIENT_AUTH_OPTIONAL
|
197
159
|
private_constant :SSL_CLIENT_AUTH_REQUIRED
|
198
|
-
private_constant :NON_PREFIXED_SSL_CONFIGS
|
199
|
-
private_constant :SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP
|
200
160
|
|
201
161
|
def register
|
202
162
|
# For Logstash 2.4 we need to make sure that the logger is correctly set for the
|
@@ -208,15 +168,13 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
208
168
|
LogStash::Logger.setup_log4j(@logger)
|
209
169
|
end
|
210
170
|
|
211
|
-
setup_ssl_params!
|
212
|
-
|
213
171
|
validate_ssl_config!
|
214
172
|
|
215
173
|
active_enrichments = resolve_enriches
|
216
174
|
|
217
175
|
@include_source_metadata = active_enrichments.include?('source_metadata')
|
176
|
+
@include_ssl_peer_metadata = active_enrichments.include?('ssl_peer_metadata')
|
218
177
|
@include_codec_tag = original_params.include?('include_codec_tag') ? params['include_codec_tag'] : active_enrichments.include?('codec_metadata')
|
219
|
-
@ssl_peer_metadata = original_params.include?('ssl_peer_metadata') ? params['ssl_peer_metadata'] : active_enrichments.include?('ssl_peer_metadata')
|
220
178
|
|
221
179
|
# intentionally ask users to provide codec when they want to use the codec metadata
|
222
180
|
# second layer enrich is also a controller, provide enrich => ['codec_metadata' or/with 'source_metadata'] with codec if you override event original
|
@@ -275,9 +233,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
275
233
|
return client_authentication_optional? || client_authentication_required?
|
276
234
|
end
|
277
235
|
|
278
|
-
#
|
279
|
-
# When it's explicitly set (or both settings are absent), it should use the ssl_certificate_authorities
|
280
|
-
# to enable/disable the client authentication. (even if ssl_verify_mode => none)
|
236
|
+
# also uses the ssl_certificate_authorities to enable/disable the client authentication
|
281
237
|
certificate_authorities_configured?
|
282
238
|
end
|
283
239
|
|
@@ -286,7 +242,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
286
242
|
end
|
287
243
|
|
288
244
|
def client_authentication_metadata?
|
289
|
-
@ssl_enabled && @
|
245
|
+
@ssl_enabled && @include_ssl_peer_metadata && ssl_configured? && client_authentication_enabled?
|
290
246
|
end
|
291
247
|
|
292
248
|
def client_authentication_required?
|
@@ -312,10 +268,10 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
312
268
|
private
|
313
269
|
|
314
270
|
def validate_ssl_config!
|
315
|
-
ssl_config_name =
|
271
|
+
ssl_config_name = 'ssl_enabled'
|
316
272
|
|
317
273
|
unless @ssl_enabled
|
318
|
-
ignored_ssl_settings = original_params.select { |k| k != 'ssl_enabled' && k.start_with?('ssl_')
|
274
|
+
ignored_ssl_settings = original_params.select { |k| k != 'ssl_enabled' && k.start_with?('ssl_') }
|
319
275
|
@logger.warn("Configured SSL settings are not used when `#{ssl_config_name}` is set to `false`: #{ignored_ssl_settings.keys}") if ignored_ssl_settings.any?
|
320
276
|
return
|
321
277
|
end
|
@@ -329,13 +285,11 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
329
285
|
end
|
330
286
|
|
331
287
|
if require_certificate_authorities? && !certificate_authorities_configured?
|
332
|
-
|
333
|
-
configuration_error "ssl_certificate_authorities => is a required setting when #{config_name} => '#{config_value}' is configured"
|
288
|
+
configuration_error "ssl_certificate_authorities => is a required setting when `ssl_client_authentication => '#{@ssl_client_authentication}'` is configured"
|
334
289
|
end
|
335
290
|
|
336
291
|
if client_authentication_metadata? && !require_certificate_authorities?
|
337
|
-
|
338
|
-
configuration_error "Configuring ssl_peer_metadata => true requires #{config_name} => to be configured with '#{optional}' or '#{required}'"
|
292
|
+
configuration_error "Configuring `enrich => [ssl_peer_metadata]` requires `ssl_client_authentication` to be configured with '#{SSL_CLIENT_AUTH_OPTIONAL}' or '#{SSL_CLIENT_AUTH_REQUIRED}'"
|
339
293
|
end
|
340
294
|
|
341
295
|
if original_params.include?('ssl_client_authentication') && certificate_authorities_configured? && !require_certificate_authorities?
|
@@ -343,43 +297,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
343
297
|
end
|
344
298
|
end
|
345
299
|
|
346
|
-
def provided_client_authentication_config(values = [@ssl_client_authentication])
|
347
|
-
if original_params.include?('ssl_verify_mode')
|
348
|
-
['ssl_verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
|
349
|
-
else
|
350
|
-
['ssl_client_authentication', *values]
|
351
|
-
end
|
352
|
-
end
|
353
|
-
|
354
|
-
def setup_ssl_params!
|
355
|
-
@ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
|
356
|
-
normalizer.with_deprecated_alias(:ssl)
|
357
|
-
end
|
358
|
-
|
359
|
-
@ssl_cipher_suites = normalize_config(:ssl_cipher_suites) do |normalizer|
|
360
|
-
normalizer.with_deprecated_alias(:cipher_suites)
|
361
|
-
end
|
362
|
-
|
363
|
-
@ssl_supported_protocols = normalize_config(:ssl_supported_protocols) do |normalizer|
|
364
|
-
normalizer.with_deprecated_mapping(:tls_min_version, :tls_max_version) do |tls_min_version, tls_max_version|
|
365
|
-
TLS.get_supported(tls_min_version..tls_max_version).map(&:name)
|
366
|
-
end
|
367
|
-
end
|
368
|
-
|
369
|
-
@ssl_client_authentication = normalize_config(:ssl_client_authentication) do |normalizer|
|
370
|
-
normalizer.with_deprecated_mapping(:ssl_verify_mode) do |ssl_verify_mode|
|
371
|
-
normalized_value = SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP[ssl_verify_mode.downcase]
|
372
|
-
fail(LogStash::ConfigurationError, "Unsupported value #{ssl_verify_mode} for deprecated option `ssl_verify_mode`") unless normalized_value
|
373
|
-
normalized_value
|
374
|
-
end
|
375
|
-
end
|
376
|
-
|
377
|
-
params['ssl_enabled'] = @ssl_enabled unless @ssl_enabled.nil?
|
378
|
-
params['ssl_cipher_suites'] = @ssl_cipher_suites unless @ssl_cipher_suites.nil?
|
379
|
-
params['ssl_supported_protocols'] = @ssl_supported_protocols unless @ssl_supported_protocols.nil?
|
380
|
-
params['ssl_client_authentication'] = @ssl_client_authentication unless @ssl_client_authentication.nil?
|
381
|
-
end
|
382
|
-
|
383
300
|
def new_ssl_handshake_provider(ssl_context_builder)
|
384
301
|
begin
|
385
302
|
org.logstash.netty.SslHandlerProvider.new(ssl_context_builder.build_context, @ssl_handshake_timeout)
|
@@ -414,7 +331,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
414
331
|
return SslContextBuilder::SslClientVerifyMode::OPTIONAL if client_authentication_optional?
|
415
332
|
return SslContextBuilder::SslClientVerifyMode::REQUIRED if client_authentication_required?
|
416
333
|
|
417
|
-
# Backward compatibility with the deprecated `ssl_verify_mode` and the current `none` overrides
|
418
334
|
if !original_params.include?('ssl_client_authentication') && certificate_authorities_configured?
|
419
335
|
return SslContextBuilder::SslClientVerifyMode::REQUIRED
|
420
336
|
end
|
@@ -444,9 +360,8 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
444
360
|
end
|
445
361
|
|
446
362
|
def resolve_enriches
|
447
|
-
|
448
|
-
|
449
|
-
raise LogStash::ConfigurationError, "both `enrich` and (deprecated) #{deprecated_flags_provided.join(',')} were provided; use only `enrich`"
|
363
|
+
if original_params.include?('include_codec_tag') && original_params.include?('enrich')
|
364
|
+
raise LogStash::ConfigurationError, "both `enrich` and (deprecated) `include_codec_tag` were provided; use only `enrich`"
|
450
365
|
end
|
451
366
|
|
452
367
|
aliases_provided = ENRICH_ALIASES & (@enrich || [])
|
@@ -8,4 +8,4 @@ require_jar('io.netty', 'netty-transport', '4.1.115.Final')
|
|
8
8
|
require_jar('io.netty', 'netty-handler', '4.1.115.Final')
|
9
9
|
require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.115.Final')
|
10
10
|
require_jar('org.javassist', 'javassist', '3.24.0-GA')
|
11
|
-
require_jar('org.logstash.beats', 'logstash-input-beats', '
|
11
|
+
require_jar('org.logstash.beats', 'logstash-input-beats', '7.0.0')
|
data/lib/tasks/test.rake
CHANGED
@@ -40,17 +40,19 @@ namespace :test do
|
|
40
40
|
puts "Filebeat: downloading from #{FILEBEAT_URL} to #{download_destination}"
|
41
41
|
download(FILEBEAT_URL, download_destination)
|
42
42
|
|
43
|
-
untar_all(download_destination,
|
43
|
+
untar_all(download_destination, VENDOR_PATH) { |e| e }
|
44
44
|
end
|
45
45
|
end
|
46
46
|
end
|
47
47
|
end
|
48
48
|
|
49
|
-
|
50
|
-
|
49
|
+
require 'zlib'
|
50
|
+
require 'minitar'
|
51
|
+
|
51
52
|
def untar_all(file, destination)
|
52
|
-
|
53
|
-
|
54
|
-
File.join(destination, out)
|
53
|
+
Zlib::GzipReader.open(file) do |reader|
|
54
|
+
Minitar.unpack(reader, destination)
|
55
55
|
end
|
56
|
+
filebeat_full_name = Dir.glob(destination + "/filebeat-*").first
|
57
|
+
File.rename(filebeat_full_name, destination + "/filebeat")
|
56
58
|
end
|
@@ -30,7 +30,6 @@ Gem::Specification.new do |s|
|
|
30
30
|
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.3'
|
31
31
|
s.add_runtime_dependency 'logstash-mixin-event_support', '~>1.0'
|
32
32
|
s.add_runtime_dependency 'logstash-mixin-plugin_factory_support', '~>1.0'
|
33
|
-
s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
|
34
33
|
|
35
34
|
s.add_development_dependency "flores", "~>0.0.6"
|
36
35
|
s.add_development_dependency "rspec"
|
data/spec/inputs/beats_spec.rb
CHANGED
@@ -83,92 +83,14 @@ describe LogStash::Inputs::Beats do
|
|
83
83
|
end
|
84
84
|
|
85
85
|
context "with invalid ciphers" do
|
86
|
-
let(:config) { super().merge("
|
86
|
+
let(:config) { super().merge("ssl_cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
|
87
87
|
|
88
88
|
it "should raise a configuration error" do
|
89
|
-
|
90
|
-
expect( plugin.logger ).to receive(:error) do |msg, opts|
|
91
|
-
expect( msg ).to match /.*?configuration invalid/
|
92
|
-
expect( opts[:message] ).to match /TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38.*? not available/
|
93
|
-
end
|
94
|
-
expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
|
95
|
-
end
|
96
|
-
end
|
97
|
-
|
98
|
-
context "deprecated ssl_verify_mode set to 'none'" do
|
99
|
-
let(:config) { super().merge("ssl_verify_mode" => "none") }
|
100
|
-
|
101
|
-
context "and ssl_certificate_authorities is set" do
|
102
|
-
let(:config) { super().merge("ssl_certificate_authorities" => [certificate.ssl_cert]) }
|
103
|
-
it "should ignore the ssl_verify_mode and use force_peer" do
|
104
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
105
|
-
plugin.register
|
106
|
-
context_builder = plugin.send(:new_ssl_context_builder)
|
107
|
-
expect(context_builder.isClientAuthenticationRequired()).to be_truthy
|
108
|
-
end
|
89
|
+
expect { LogStash::Inputs::Beats.new(config) }.to raise_error(LogStash::ConfigurationError, a_string_including("Something is wrong with your configuration."))
|
109
90
|
end
|
110
91
|
end
|
111
92
|
|
112
93
|
context "ssl_client_authentication" do
|
113
|
-
context "normalized from ssl_verify_mode 'none'" do
|
114
|
-
let(:config) { super().merge("ssl_verify_mode" => "none") }
|
115
|
-
|
116
|
-
it "should transform the value to 'none'" do
|
117
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
118
|
-
plugin.register
|
119
|
-
|
120
|
-
expect(plugin.params).to match hash_including("ssl_client_authentication" => "none")
|
121
|
-
expect(plugin.instance_variable_get(:@ssl_client_authentication)).to eql("none")
|
122
|
-
end
|
123
|
-
|
124
|
-
context "and ssl_certificate_authorities is set" do
|
125
|
-
let(:config) { super().merge("ssl_certificate_authorities" => [certificate.ssl_cert]) }
|
126
|
-
it "should not raise an error" do
|
127
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
128
|
-
expect { plugin.register }.to_not raise_error
|
129
|
-
end
|
130
|
-
end
|
131
|
-
end
|
132
|
-
|
133
|
-
context "normalized from ssl_verify_mode 'peer'" do
|
134
|
-
let(:config) { super().merge("ssl_verify_mode" => "peer", "ssl_certificate_authorities" => [certificate.ssl_cert]) }
|
135
|
-
|
136
|
-
it 'should transform the value to OPTIONAL' do
|
137
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
138
|
-
plugin.register
|
139
|
-
|
140
|
-
expect(plugin.params).to match hash_including("ssl_client_authentication" => "optional")
|
141
|
-
expect(plugin.instance_variable_get(:@ssl_client_authentication)).to eql("optional")
|
142
|
-
end
|
143
|
-
|
144
|
-
context "with no ssl_certificate_authorities set " do
|
145
|
-
let(:config) { super().reject { |key| "ssl_certificate_authorities".eql?(key) } }
|
146
|
-
it "raise a configuration error" do
|
147
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
148
|
-
expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_verify_mode => 'peer' is configured")
|
149
|
-
end
|
150
|
-
end
|
151
|
-
end
|
152
|
-
|
153
|
-
context "normalized from ssl_verify_mode 'force_peer'" do
|
154
|
-
let(:config) { super().merge("ssl_verify_mode" => "force_peer", "ssl_certificate_authorities" => [certificate.ssl_cert]) }
|
155
|
-
|
156
|
-
it "should transform the value to 'required'" do
|
157
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
158
|
-
plugin.register
|
159
|
-
|
160
|
-
expect(plugin.params).to match hash_including("ssl_client_authentication" => "required")
|
161
|
-
expect(plugin.instance_variable_get(:@ssl_client_authentication)).to eql("required")
|
162
|
-
end
|
163
|
-
|
164
|
-
context "with no ssl_certificate_authorities set " do
|
165
|
-
let(:config) { super().reject { |key| "ssl_certificate_authorities".eql?(key) } }
|
166
|
-
it "raise a configuration error" do
|
167
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
168
|
-
expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_verify_mode => 'force_peer' is configured")
|
169
|
-
end
|
170
|
-
end
|
171
|
-
end
|
172
94
|
|
173
95
|
context "configured to 'none'" do
|
174
96
|
let(:config) { super().merge("ssl_client_authentication" => "none") }
|
@@ -193,7 +115,7 @@ describe LogStash::Inputs::Beats do
|
|
193
115
|
|
194
116
|
it "raise a ConfigurationError when certificate_authorities is not set" do
|
195
117
|
plugin = LogStash::Inputs::Beats.new(config)
|
196
|
-
expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_client_authentication => 'required' is configured")
|
118
|
+
expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when `ssl_client_authentication => 'required'` is configured")
|
197
119
|
end
|
198
120
|
|
199
121
|
context "with certificate_authorities set" do
|
@@ -211,7 +133,7 @@ describe LogStash::Inputs::Beats do
|
|
211
133
|
|
212
134
|
it "raise a ConfigurationError when certificate_authorities is not set" do
|
213
135
|
plugin = LogStash::Inputs::Beats.new(config)
|
214
|
-
expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_client_authentication => 'optional' is configured")
|
136
|
+
expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when `ssl_client_authentication => 'optional'` is configured")
|
215
137
|
end
|
216
138
|
|
217
139
|
context "with certificate_authorities set" do
|
@@ -224,59 +146,10 @@ describe LogStash::Inputs::Beats do
|
|
224
146
|
end
|
225
147
|
end
|
226
148
|
|
227
|
-
context "with ssl_cipher_suites and cipher_suites set" do
|
228
|
-
let(:config) do
|
229
|
-
super().merge('ssl_cipher_suites' => ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'],
|
230
|
-
'cipher_suites' => ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'])
|
231
|
-
end
|
232
|
-
|
233
|
-
it "should raise a configuration error" do
|
234
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
235
|
-
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_cipher_suites.?/i
|
236
|
-
end
|
237
|
-
end
|
238
|
-
|
239
|
-
context "with ssl_supported_protocols and tls_min_version set" do
|
240
|
-
let(:config) do
|
241
|
-
super().merge('ssl_supported_protocols' => ['TLSv1.2'], 'tls_min_version' => 1.2)
|
242
|
-
end
|
243
|
-
|
244
|
-
it "should raise a configuration error" do
|
245
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
246
|
-
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_supported_protocols.?/i
|
247
|
-
end
|
248
|
-
end
|
249
|
-
|
250
|
-
context "with ssl_supported_protocols and tls_max_version set" do
|
251
|
-
let(:config) do
|
252
|
-
super().merge('ssl_supported_protocols' => ['TLSv1.2'], 'tls_max_version' => 1.2)
|
253
|
-
end
|
254
|
-
|
255
|
-
it "should raise a configuration error" do
|
256
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
257
|
-
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_supported_protocols.?/i
|
258
|
-
end
|
259
|
-
end
|
260
|
-
|
261
|
-
context "with ssl_client_authentication and ssl_verify_mode set" do
|
262
|
-
let(:config) { super().merge("ssl_verify_mode" => "none", "ssl_client_authentication" => "none") }
|
263
|
-
it "raise a configuration error" do
|
264
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
265
|
-
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_client_authentication.?/i
|
266
|
-
end
|
267
|
-
end
|
268
|
-
end
|
269
|
-
|
270
|
-
context "with ssl and ssl_enabled set" do
|
271
|
-
let(:config) { super().merge("ssl" => true) }
|
272
|
-
it "raise a configuration error" do
|
273
|
-
plugin = LogStash::Inputs::Beats.new(config)
|
274
|
-
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_enabled.?/i
|
275
|
-
end
|
276
149
|
end
|
277
150
|
end
|
278
151
|
|
279
|
-
context "with
|
152
|
+
context "with SSL disabled" do
|
280
153
|
context "and certificate configuration" do
|
281
154
|
let(:config) { { "port" => 0, "ssl_enabled" => false, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats" } }
|
282
155
|
|
@@ -305,11 +178,11 @@ describe LogStash::Inputs::Beats do
|
|
305
178
|
end
|
306
179
|
|
307
180
|
context "and `ssl_` settings provided" do
|
308
|
-
let(:config) { { "port" => 0, "ssl_enabled" => false, "ssl_certificate" => certificate.ssl_cert, "ssl_client_authentication" => "none", "
|
181
|
+
let(:config) { { "port" => 0, "ssl_enabled" => false, "ssl_certificate" => certificate.ssl_cert, "ssl_client_authentication" => "none", "ssl_cipher_suites" => ["TLS_RSA_WITH_AES_128_CBC_SHA256"] } }
|
309
182
|
|
310
183
|
it "should warn about not using the configs" do
|
311
184
|
plugin = LogStash::Inputs::Beats.new(config)
|
312
|
-
expect( plugin.logger ).to receive(:warn).with('Configured SSL settings are not used when `ssl_enabled` is set to `false`: ["ssl_certificate", "ssl_client_authentication", "
|
185
|
+
expect( plugin.logger ).to receive(:warn).with('Configured SSL settings are not used when `ssl_enabled` is set to `false`: ["ssl_certificate", "ssl_client_authentication", "ssl_cipher_suites"]')
|
313
186
|
|
314
187
|
plugin.register
|
315
188
|
|
@@ -397,28 +270,22 @@ describe LogStash::Inputs::Beats do
|
|
397
270
|
end
|
398
271
|
|
399
272
|
shared_examples "ssl_peer_metadata enabled" do
|
400
|
-
it "is configured to
|
401
|
-
expect(registered_plugin.
|
273
|
+
it "is configured to include the SSL peer tag" do
|
274
|
+
expect(registered_plugin.include_ssl_peer_metadata).to be true
|
402
275
|
end
|
403
276
|
end
|
404
277
|
|
405
278
|
shared_examples "ssl_peer_metadata disabled" do
|
406
|
-
it "is configured to NOT
|
407
|
-
expect(registered_plugin.
|
279
|
+
it "is configured to NOT include the SSL peer tag" do
|
280
|
+
expect(registered_plugin.include_ssl_peer_metadata).to be false
|
408
281
|
end
|
409
282
|
end
|
410
283
|
|
411
|
-
shared_examples "reject deprecated enrichment
|
412
|
-
context "with deprecated `ssl_peer_metadata`" do
|
413
|
-
let(:config) { super().merge("ssl_peer_metadata" => true) }
|
414
|
-
it 'rejects the configuration with a helpful error message' do
|
415
|
-
expect { plugin.register }.to raise_exception(LogStash::ConfigurationError, "both `enrich` and (deprecated) ssl_peer_metadata were provided; use only `enrich`")
|
416
|
-
end
|
417
|
-
end
|
284
|
+
shared_examples "reject deprecated enrichment flag" do
|
418
285
|
context "with deprecated `include_codec_tag`" do
|
419
286
|
let(:config) { super().merge("include_codec_tag" => false) }
|
420
287
|
it 'rejects the configuration with a helpful error message' do
|
421
|
-
expect { plugin.register }.to raise_exception(LogStash::ConfigurationError, "both `enrich` and (deprecated) include_codec_tag were provided; use only `enrich`")
|
288
|
+
expect { plugin.register }.to raise_exception(LogStash::ConfigurationError, "both `enrich` and (deprecated) `include_codec_tag` were provided; use only `enrich`")
|
422
289
|
end
|
423
290
|
end
|
424
291
|
end
|
@@ -429,18 +296,6 @@ describe LogStash::Inputs::Beats do
|
|
429
296
|
include_examples "source_metadata enabled"
|
430
297
|
include_examples "ssl_peer_metadata disabled"
|
431
298
|
|
432
|
-
# validate interaction with deprecated settings
|
433
|
-
context "with deprecated `ssl_peer_metadata => true`" do
|
434
|
-
let(:config) { super().merge("ssl_peer_metadata" => true) }
|
435
|
-
|
436
|
-
# intended delta
|
437
|
-
include_examples "ssl_peer_metadata enabled"
|
438
|
-
|
439
|
-
# ensure no side-effects
|
440
|
-
include_examples "codec_metadata enabled"
|
441
|
-
include_examples "source_metadata enabled"
|
442
|
-
end
|
443
|
-
|
444
299
|
context "with deprecated `include_codec_tag => false`" do
|
445
300
|
let(:config) { super().merge("include_codec_tag" => false) }
|
446
301
|
|
@@ -463,7 +318,7 @@ describe LogStash::Inputs::Beats do
|
|
463
318
|
include_examples "source_metadata enabled"
|
464
319
|
include_examples "ssl_peer_metadata enabled"
|
465
320
|
|
466
|
-
include_examples "reject deprecated enrichment
|
321
|
+
include_examples "reject deprecated enrichment flag"
|
467
322
|
end
|
468
323
|
|
469
324
|
context "with alias `enrich => none`" do
|
@@ -473,7 +328,7 @@ describe LogStash::Inputs::Beats do
|
|
473
328
|
include_examples "source_metadata disabled"
|
474
329
|
include_examples "ssl_peer_metadata disabled"
|
475
330
|
|
476
|
-
include_examples "reject deprecated enrichment
|
331
|
+
include_examples "reject deprecated enrichment flag"
|
477
332
|
end
|
478
333
|
end
|
479
334
|
|
@@ -491,7 +346,7 @@ describe LogStash::Inputs::Beats do
|
|
491
346
|
include_examples "#{enrichment} #{activated.include?(enrichment) ? 'enabled' : 'disabled'}"
|
492
347
|
end
|
493
348
|
|
494
|
-
include_examples "reject deprecated enrichment
|
349
|
+
include_examples "reject deprecated enrichment flag"
|
495
350
|
end
|
496
351
|
end
|
497
352
|
|
@@ -516,8 +371,8 @@ describe LogStash::Inputs::Beats do
|
|
516
371
|
super().merge(
|
517
372
|
"host" => host,
|
518
373
|
"ssl_enabled" => true,
|
519
|
-
"
|
520
|
-
"
|
374
|
+
"enrich" => ["ssl_peer_metadata"],
|
375
|
+
"ssl_client_authentication" => "required",
|
521
376
|
"ssl_certificate_authorities" => [ certificate.ssl_cert ],
|
522
377
|
"ecs_compatibility" => 'disabled'
|
523
378
|
)
|
@@ -595,7 +450,7 @@ describe LogStash::Inputs::Beats do
|
|
595
450
|
context 'with ssl disabled' do
|
596
451
|
let(:config) { super().merge("ssl_enabled" => false) }
|
597
452
|
|
598
|
-
it '
|
453
|
+
it 'does not set tls fields' do
|
599
454
|
@message_listener.onNewMessage(ctx, message)
|
600
455
|
|
601
456
|
expect( queue.size ).to be 1
|
@@ -609,4 +464,23 @@ describe LogStash::Inputs::Beats do
|
|
609
464
|
context "when interrupting the plugin" do
|
610
465
|
it_behaves_like "an interruptible input plugin"
|
611
466
|
end
|
467
|
+
|
468
|
+
describe "obsolete settings" do
|
469
|
+
let(:config) { { "port" => 1234 } }
|
470
|
+
[{:name => 'ssl', :canonical_name => 'ssl_enabled'},
|
471
|
+
{:name => 'ssl_peer_metadata', :canonical_name => 'enrich'},
|
472
|
+
{:name => 'ssl_verify_mode', :canonical_name => 'ssl_client_authentication'},
|
473
|
+
{:name => 'cipher_suites', :canonical_name => 'ssl_cipher_suites'},
|
474
|
+
{:name => 'tls_min_version', :canonical_name => 'ssl_supported_protocols'},
|
475
|
+
{:name => 'tls_max_version', :canonical_name => 'ssl_supported_protocols'}
|
476
|
+
].each do |settings|
|
477
|
+
context "with option #{settings[:name]}" do
|
478
|
+
let(:obsolete_config) { config.merge(settings[:name] => 'test_value') }
|
479
|
+
it "emits an error about the setting `#{settings[:name]}` now being obsolete and provides guidance to use `#{settings[:canonical_name]}`" do
|
480
|
+
error_text = "The setting `#{settings[:name]}` in plugin `beats` is obsolete and is no longer available. Use '#{settings[:canonical_name]}' instead."
|
481
|
+
expect { LogStash::Inputs::Beats.new(obsolete_config) }.to raise_error LogStash::ConfigurationError, a_string_including(error_text)
|
482
|
+
end
|
483
|
+
end
|
484
|
+
end
|
485
|
+
end
|
612
486
|
end
|
@@ -51,7 +51,7 @@ describe "Filebeat", :integration => true do
|
|
51
51
|
before :each do
|
52
52
|
FileUtils.rm_rf(File.join(File.dirname(__FILE__), "..", "..", "vendor", "filebeat", "data"))
|
53
53
|
start_client
|
54
|
-
raise 'Filebeat did not start in
|
54
|
+
raise 'Filebeat did not start in allocated time' unless is_alive
|
55
55
|
sleep(20) # give some time to FB to send something
|
56
56
|
end
|
57
57
|
|
@@ -76,7 +76,7 @@ describe "Filebeat", :integration => true do
|
|
76
76
|
end
|
77
77
|
|
78
78
|
############################################################
|
79
|
-
#
|
79
|
+
# Actual tests
|
80
80
|
context "Plain TCP" do
|
81
81
|
include_examples "send events"
|
82
82
|
|
@@ -147,7 +147,7 @@ describe "Filebeat", :integration => true do
|
|
147
147
|
let(:input_config) {
|
148
148
|
super().merge({
|
149
149
|
"ssl_cipher_suites" => [logstash_cipher],
|
150
|
-
"
|
150
|
+
"ssl_supported_protocols" => ["TLSv1.2"]
|
151
151
|
})
|
152
152
|
}
|
153
153
|
|
@@ -193,9 +193,7 @@ describe "Filebeat", :integration => true do
|
|
193
193
|
|
194
194
|
context "when TLSv1.3 enforced in plugin" do
|
195
195
|
let(:input_config) {
|
196
|
-
super().merge({
|
197
|
-
"tls_min_version" => "1.3"
|
198
|
-
})
|
196
|
+
super().merge({ "ssl_supported_protocols" => ["TLSv1.3"] })
|
199
197
|
}
|
200
198
|
|
201
199
|
include_examples "send events"
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-beats
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 7.0.0
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-12-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -148,20 +148,6 @@ dependencies:
|
|
148
148
|
- - "~>"
|
149
149
|
- !ruby/object:Gem::Version
|
150
150
|
version: '1.0'
|
151
|
-
- !ruby/object:Gem::Dependency
|
152
|
-
requirement: !ruby/object:Gem::Requirement
|
153
|
-
requirements:
|
154
|
-
- - "~>"
|
155
|
-
- !ruby/object:Gem::Version
|
156
|
-
version: '1.0'
|
157
|
-
name: logstash-mixin-normalize_config_support
|
158
|
-
type: :runtime
|
159
|
-
prerelease: false
|
160
|
-
version_requirements: !ruby/object:Gem::Requirement
|
161
|
-
requirements:
|
162
|
-
- - "~>"
|
163
|
-
- !ruby/object:Gem::Version
|
164
|
-
version: '1.0'
|
165
151
|
- !ruby/object:Gem::Dependency
|
166
152
|
requirement: !ruby/object:Gem::Requirement
|
167
153
|
requirements:
|
@@ -299,7 +285,6 @@ files:
|
|
299
285
|
- lib/logstash/inputs/beats/message_listener.rb
|
300
286
|
- lib/logstash/inputs/beats/patch.rb
|
301
287
|
- lib/logstash/inputs/beats/raw_event_transform.rb
|
302
|
-
- lib/logstash/inputs/beats/tls.rb
|
303
288
|
- lib/tasks/build.rake
|
304
289
|
- lib/tasks/test.rake
|
305
290
|
- logstash-input-beats.gemspec
|
@@ -308,7 +293,6 @@ files:
|
|
308
293
|
- spec/inputs/beats/event_transform_common_spec.rb
|
309
294
|
- spec/inputs/beats/message_listener_spec.rb
|
310
295
|
- spec/inputs/beats/raw_event_transform_spec.rb
|
311
|
-
- spec/inputs/beats/tls_spec.rb
|
312
296
|
- spec/inputs/beats_spec.rb
|
313
297
|
- spec/integration/filebeat_spec.rb
|
314
298
|
- spec/spec_helper.rb
|
@@ -326,7 +310,7 @@ files:
|
|
326
310
|
- vendor/jar-dependencies/io/netty/netty-transport-native-unix-common/4.1.115.Final/netty-transport-native-unix-common-4.1.115.Final.jar
|
327
311
|
- vendor/jar-dependencies/io/netty/netty-transport/4.1.115.Final/netty-transport-4.1.115.Final.jar
|
328
312
|
- vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
|
329
|
-
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/
|
313
|
+
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/7.0.0/logstash-input-beats-7.0.0.jar
|
330
314
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
331
315
|
licenses:
|
332
316
|
- Apache License (2.0)
|
@@ -359,7 +343,6 @@ test_files:
|
|
359
343
|
- spec/inputs/beats/event_transform_common_spec.rb
|
360
344
|
- spec/inputs/beats/message_listener_spec.rb
|
361
345
|
- spec/inputs/beats/raw_event_transform_spec.rb
|
362
|
-
- spec/inputs/beats/tls_spec.rb
|
363
346
|
- spec/inputs/beats_spec.rb
|
364
347
|
- spec/integration/filebeat_spec.rb
|
365
348
|
- spec/spec_helper.rb
|
@@ -1,41 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
module LogStash module Inputs class Beats
|
3
|
-
class TLS
|
4
|
-
class TLSOption
|
5
|
-
include Comparable
|
6
|
-
|
7
|
-
attr_reader :name, :version
|
8
|
-
def initialize(name, version)
|
9
|
-
@name = name
|
10
|
-
@version = version
|
11
|
-
end
|
12
|
-
|
13
|
-
def <=>(other)
|
14
|
-
version <=> other.version
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
TLS_PROTOCOL_OPTIONS = [
|
19
|
-
TLSOption.new("TLSv1", 1),
|
20
|
-
TLSOption.new("TLSv1.1", 1.1),
|
21
|
-
TLSOption.new("TLSv1.2", 1.2),
|
22
|
-
TLSOption.new("TLSv1.3", 1.3)
|
23
|
-
]
|
24
|
-
|
25
|
-
def self.min
|
26
|
-
TLS_PROTOCOL_OPTIONS.min
|
27
|
-
end
|
28
|
-
|
29
|
-
def self.max
|
30
|
-
TLS_PROTOCOL_OPTIONS.max
|
31
|
-
end
|
32
|
-
|
33
|
-
def self.get_supported(versions)
|
34
|
-
if versions.is_a?(Range)
|
35
|
-
TLS_PROTOCOL_OPTIONS.select { |tls| versions.cover?(tls.version) }
|
36
|
-
else
|
37
|
-
TLS_PROTOCOL_OPTIONS.select { |tls| versions == tls.version }
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end; end; end
|
@@ -1,39 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
require "logstash/inputs/beats/tls"
|
3
|
-
|
4
|
-
describe LogStash::Inputs::Beats::TLS do
|
5
|
-
subject { described_class }
|
6
|
-
|
7
|
-
it "returns the minimum supported tls" do
|
8
|
-
expect(subject.min.version).to eq(1)
|
9
|
-
expect(subject.min.name).to eq("TLSv1")
|
10
|
-
end
|
11
|
-
|
12
|
-
it "returns the maximum supported tls" do
|
13
|
-
expect(subject.max.version).to eq(1.3)
|
14
|
-
expect(subject.max.name).to eq("TLSv1.3")
|
15
|
-
end
|
16
|
-
|
17
|
-
describe ".get_supported" do
|
18
|
-
context "when a range is given" do
|
19
|
-
it "returns the list of compatible TLS from a range" do
|
20
|
-
expect(subject.get_supported((1.1)..(1.2)).map(&:version)).to match([1.1, 1.2])
|
21
|
-
end
|
22
|
-
|
23
|
-
it "it return an empty array when nothing match" do
|
24
|
-
expect(subject.get_supported((3.1)..(8.2))).to be_empty
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
context "when a scalar is given" do
|
29
|
-
it "when a scalar is given we return the compatible value" do
|
30
|
-
expect(subject.get_supported(1.1).map(&:version)).to match([1.1])
|
31
|
-
end
|
32
|
-
|
33
|
-
|
34
|
-
it "it return an empty array when nothing match" do
|
35
|
-
expect(subject.get_supported(9)).to be_empty
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|