logstash-input-beats 6.9.10-java → 7.0.0-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +11 -26
  3. data/VERSION +1 -1
  4. data/docs/index.asciidoc +17 -73
  5. data/lib/logstash/inputs/beats.rb +21 -106
  6. data/lib/logstash-input-beats_jars.rb +7 -8
  7. data/lib/tasks/test.rake +2 -2
  8. data/logstash-input-beats.gemspec +1 -1
  9. data/spec/inputs/beats_spec.rb +41 -167
  10. data/spec/integration/filebeat_spec.rb +4 -6
  11. data/vendor/jar-dependencies/io/netty/netty-buffer/{4.1.135.Final/netty-buffer-4.1.135.Final.jar → 4.1.115.Final/netty-buffer-4.1.115.Final.jar} +0 -0
  12. data/vendor/jar-dependencies/io/netty/netty-codec/{4.1.135.Final/netty-codec-4.1.135.Final.jar → 4.1.115.Final/netty-codec-4.1.115.Final.jar} +0 -0
  13. data/vendor/jar-dependencies/io/netty/netty-common/{4.1.135.Final/netty-common-4.1.135.Final.jar → 4.1.115.Final/netty-common-4.1.115.Final.jar} +0 -0
  14. data/vendor/jar-dependencies/io/netty/netty-handler/4.1.115.Final/netty-handler-4.1.115.Final.jar +0 -0
  15. data/vendor/jar-dependencies/io/netty/netty-transport/{4.1.135.Final/netty-transport-4.1.135.Final.jar → 4.1.115.Final/netty-transport-4.1.115.Final.jar} +0 -0
  16. data/vendor/jar-dependencies/io/netty/netty-transport-native-unix-common/{4.1.135.Final/netty-transport-native-unix-common-4.1.135.Final.jar → 4.1.115.Final/netty-transport-native-unix-common-4.1.115.Final.jar} +0 -0
  17. data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/7.0.0/logstash-input-beats-7.0.0.jar +0 -0
  18. metadata +40 -35
  19. data/lib/logstash/inputs/beats/tls.rb +0 -41
  20. data/spec/inputs/beats/tls_spec.rb +0 -39
  21. data/vendor/jar-dependencies/io/netty/netty-handler/4.1.135.Final/netty-handler-4.1.135.Final.jar +0 -0
  22. data/vendor/jar-dependencies/io/netty/netty-resolver/4.1.135.Final/netty-resolver-4.1.135.Final.jar +0 -0
  23. data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.9.10/logstash-input-beats-6.9.10.jar +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: aea8fa87304c3fae25d0ff75082d56efad83f0c8cdfa573f8a25b8c8858b72c3
4
- data.tar.gz: f052df7f29fa91fef3f77243a18998d67595949898f5f9ec927d2f9a933d2f89
3
+ metadata.gz: 0f99bdf1800764220d652953474bd4b98195cca6dec131e73fdbfdfae37c7d86
4
+ data.tar.gz: 3bafe83e5f676a384f2c7ecc473a600b922d31e6a3f1f6c3e9b3c6b4008f73da
5
5
  SHA512:
6
- metadata.gz: 2acf11ef02750723d7a44b9a55fd78553947125eb7a4feb419198bdd0ba57866c5c37ef43b98aaa23f3943ba377bb78570eb8cd25b0760aa4edf34ea59c83dca
7
- data.tar.gz: 42eb08a03c47429a6304af8604e2027a2b27123eb472f68cb909d68fd3554cde5a1ede412e5800a344a2d3f748c72b7d14c1503fcf1e2ec58dc89d989020f0c0
6
+ metadata.gz: 4d7ad1989c834ef2b9230904b0cf4bf19e168de73db12a7e06ea1a90edc546c4823b32cb823f68ee815740760716d315537c682adb91b7d5ab8b18b3d251f3c0
7
+ data.tar.gz: 709f7c0e404c009390fc94468ebdaa55a9cba2b702e2cf38b294ac81f00e2c227fd4242838a70bdd3e3b33236a45d16dd0177c08756e8075a503864f95acd52b
data/CHANGELOG.md CHANGED
@@ -1,29 +1,14 @@
1
- ## 6.9.10
2
- - Update Netty dependency to 4.1.135.Final [#566](https://github.com/logstash-plugins/logstash-input-beats/pull/566)
3
-
4
- ## 6.9.9
5
- - Update Netty dependency to 4.1.134.Final [#540](https://github.com/logstash-plugins/logstash-input-beats/pull/540)
6
-
7
- ## 6.9.8
8
- - Update Netty dependency to 4.1.132.Final [#534](https://github.com/logstash-plugins/logstash-input-beats/pull/534)
9
-
10
- ## 6.9.7
11
- - Upgrade netty to 4.1.131 [#532](https://github.com/logstash-plugins/logstash-input-beats/pull/532)
12
-
13
- ## 6.9.6
14
- - Re-packaging the plugin [#529](https://github.com/logstash-plugins/logstash-input-beats/pull/529)
15
-
16
- ## 6.9.5
17
- - Upgrade netty to 4.1.129 [#526](https://github.com/logstash-plugins/logstash-input-beats/pull/526)
18
-
19
- ## 6.9.4
20
- - Upgrade netty to 4.1.126 [#518](https://github.com/logstash-plugins/logstash-input-beats/pull/518)
21
-
22
- ## 6.9.3
23
- - Upgrade netty to 4.1.118 [#514](https://github.com/logstash-plugins/logstash-input-beats/pull/514)
24
-
25
- ## 6.9.2
26
- - Name netty threads according to their purpose and the plugin id [#511](https://github.com/logstash-plugins/logstash-input-beats/pull/511)
1
+ ## 7.0.0
2
+ - Remove deprecated SSL settings
3
+ - SSL settings that were marked deprecated in version `6.6.0` are now marked obsolete, and will prevent the plugin from starting.
4
+ - These settings are:
5
+ - `cipher_suites`, replaced by `ssl_cipher_suites`
6
+ - `ssl`, replaced by `ssl_enabled`
7
+ - `ssl_peer_metadata`, replaced by `enrich`
8
+ - `ssl_verify_mode`, replaced by `ssl_client_authentication`
9
+ - `tls_max_version`, replaced by `ssl_supported_protocols`
10
+ - `tls_min_version`, replaced by `ssl_supported_protocols`
11
+ - [#508](https://github.com/logstash-plugins/logstash-input-beats/pull/508)
27
12
 
28
13
  ## 6.9.1
29
14
  - Upgrade netty to 4.1.115 [#507](https://github.com/logstash-plugins/logstash-input-beats/pull/507)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 6.9.10
1
+ 7.0.0
data/docs/index.asciidoc CHANGED
@@ -209,11 +209,13 @@ e|N/A
209
209
 
210
210
  This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
211
211
 
212
+ NOTE: As of version `7.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed.
213
+ Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
214
+
212
215
  [cols="<,<,<",options="header",]
213
216
  |=======================================================================
214
217
  |Setting |Input type|Required
215
218
  | <<plugins-{type}s-{plugin}-add_hostname>> |<<boolean,boolean>>|__Deprecated__
216
- | <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|__Deprecated__
217
219
  | <<plugins-{type}s-{plugin}-client_inactivity_timeout>> |<<number,number>>|No
218
220
  | <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
219
221
  | <<plugins-{type}s-{plugin}-enrich>> |<<string,string>>|No
@@ -222,7 +224,6 @@ This plugin supports the following configuration options plus the <<plugins-{typ
222
224
  | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
223
225
  | <<plugins-{type}s-{plugin}-include_codec_tag>> |<<boolean,boolean>>|__Deprecated__
224
226
  | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
225
- | <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|__Deprecated__
226
227
  | <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
227
228
  | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
228
229
  | <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<array,array>>|No
@@ -231,11 +232,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
231
232
  | <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
232
233
  | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
233
234
  | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
234
- | <<plugins-{type}s-{plugin}-ssl_peer_metadata>> |<<boolean,boolean>>|__Deprecated__
235
235
  | <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<array,array>>|No
236
- | <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
237
- | <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|__Deprecated__
238
- | <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|__Deprecated__
239
236
  |=======================================================================
240
237
 
241
238
  Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -253,14 +250,6 @@ input plugins.
253
250
 
254
251
  Flag to determine whether to add `host` field to event using the value supplied by the {plugin-singular} in the `hostname` field.
255
252
 
256
- [id="plugins-{type}s-{plugin}-cipher_suites"]
257
- ===== `cipher_suites`
258
- deprecated[6.4.0, Replaced by <<plugins-{type}s-{plugin}-ssl_cipher_suites>>]
259
-
260
- * Value type is <<array,array>>
261
-
262
- The list of cipher suites to use, listed by priorities.
263
-
264
253
  [id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
265
254
  ===== `client_inactivity_timeout`
266
255
 
@@ -399,17 +388,6 @@ deprecated[6.5.0, Replaced by <<plugins-{type}s-{plugin}-enrich>>]
399
388
 
400
389
  The port to listen on.
401
390
 
402
- [id="plugins-{type}s-{plugin}-ssl"]
403
- ===== `ssl`
404
- deprecated[6.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
405
-
406
- * Value type is <<boolean,boolean>>
407
- * Default value is `false`
408
-
409
- Events are by default sent in plain text. You can
410
- enable encryption by setting `ssl` to true and configuring
411
- the `ssl_certificate` and `ssl_key` options.
412
-
413
391
  [id="plugins-{type}s-{plugin}-ssl_certificate"]
414
392
  ===== `ssl_certificate`
415
393
 
@@ -497,18 +475,6 @@ openssl pkcs8 -inform PEM -in path/to/logstash.key -topk8 -nocrypt -outform PEM
497
475
 
498
476
  SSL key passphrase to use.
499
477
 
500
- [id="plugins-{type}s-{plugin}-ssl_peer_metadata"]
501
- ===== `ssl_peer_metadata`
502
-
503
- deprecated[6.5.0, Replaced by <<plugins-{type}s-{plugin}-enrich>>]
504
-
505
- * Value type is <<boolean,boolean>>
506
- * Default value is `false`
507
-
508
- Enables storing client certificate information in event's metadata.
509
-
510
- This option is only valid when <<plugins-{type}s-{plugin}-ssl_client_authentication>> is set to `optional` or `required`.
511
-
512
478
  [id="plugins-{type}s-{plugin}-ssl_supported_protocols"]
513
479
  ===== `ssl_supported_protocols`
514
480
 
@@ -526,45 +492,23 @@ NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as
526
492
  the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
527
493
  the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
528
494
 
529
- [id="plugins-{type}s-{plugin}-ssl_verify_mode"]
530
- ===== `ssl_verify_mode`
531
- deprecated[6.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_client_authentication>>]
532
-
533
- * Value can be any of: `none`, `peer`, `force_peer`
534
- * Default value is `"none"`
535
-
536
- By default, the server doesn't do any client verification. If the <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
537
- is configured, and no value or `none` is provided for this option, it defaults to `force_peer` instead of `none`.
538
-
539
- `peer` will make the server ask the client to provide a certificate.
540
- If the client provides a certificate, it will be validated.
541
-
542
- `force_peer` will make the server ask the client to provide a certificate.
543
- If the client doesn't provide a certificate, the connection will be closed.
495
+ [id="plugins-{type}s-{plugin}-obsolete-options"]
496
+ ==== Beats Input Obsolete Configuration Options
544
497
 
545
- When mutual TLS is enabled (`peer` or `force_peer`), the certificate presented by the client must be signed by trusted
546
- <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> (CAs).
547
- Please note that the server does not validate the client certificate CN (Common Name) or SAN (Subject Alternative Name).
548
-
549
- NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> is set.
498
+ WARNING: As of version `7.0.0` of this plugin, some configuration options have been replaced.
499
+ The plugin will fail to start if it contains any of these obsolete options.
550
500
 
551
- [id="plugins-{type}s-{plugin}-tls_max_version"]
552
- ===== `tls_max_version`
553
- deprecated[6.4.0, Replaced by <<plugins-{type}s-{plugin}-ssl_supported_protocols>>]
554
501
 
555
- * Value type is <<number,number>>
556
-
557
- The maximum TLS version allowed for the encrypted connections.
558
- The value must be the one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3
559
-
560
- [id="plugins-{type}s-{plugin}-tls_min_version"]
561
- ===== `tls_min_version`
562
- deprecated[6.4.0, Replaced by <<plugins-{type}s-{plugin}-ssl_supported_protocols>>]
563
-
564
- * Value type is <<number,number>>
565
-
566
- The minimum TLS version allowed for the encrypted connections.
567
- The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
502
+ [cols="<,<",options="header",]
503
+ |=======================================================================
504
+ |Setting|Replaced by
505
+ | cipher_suites |<<plugins-{type}s-{plugin}-ssl_cipher_suites>>
506
+ | ssl |<<plugins-{type}s-{plugin}-ssl_enabled>>
507
+ | ssl_peer_metadata |<<plugins-{type}s-{plugin}-enrich>>
508
+ | ssl_verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
509
+ | tls_max_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
510
+ | tls_min_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
511
+ |=======================================================================
568
512
 
569
513
 
570
514
  [id="plugins-{type}s-{plugin}-common-options"]
@@ -7,7 +7,6 @@ require "logstash/util"
7
7
  require "logstash-input-beats_jars"
8
8
  require "logstash/plugin_mixins/ecs_compatibility_support"
9
9
  require 'logstash/plugin_mixins/plugin_factory_support'
10
- require "logstash/plugin_mixins/normalize_config_support"
11
10
  require 'logstash/plugin_mixins/event_support/event_factory_adapter'
12
11
  require_relative "beats/patch"
13
12
 
@@ -51,7 +50,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
51
50
  require "logstash/inputs/beats/decoded_event_transform"
52
51
  require "logstash/inputs/beats/raw_event_transform"
53
52
  require "logstash/inputs/beats/message_listener"
54
- require "logstash/inputs/beats/tls"
55
53
 
56
54
  java_import 'org.logstash.netty.SslContextBuilder'
57
55
 
@@ -62,8 +60,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
62
60
 
63
61
  include LogStash::PluginMixins::PluginFactorySupport
64
62
 
65
- include LogStash::PluginMixins::NormalizeConfigSupport
66
-
67
63
  config_name "beats"
68
64
 
69
65
  default :codec, "plain"
@@ -74,11 +70,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
74
70
  # The port to listen on.
75
71
  config :port, :validate => :number, :required => true
76
72
 
77
- # Events are by default sent in plain text. You can
78
- # enable encryption by setting `ssl` to true and configuring
79
- # the `ssl_certificate` and `ssl_key` options.
80
- config :ssl, :validate => :boolean, :default => false, :deprecated => "Use 'ssl_enabled' instead."
81
-
82
73
  # SSL certificate to use.
83
74
  config :ssl_certificate, :validate => :path
84
75
 
@@ -97,8 +88,8 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
97
88
 
98
89
  # Validate client certificates against these authorities.
99
90
  # You can define multiple files or paths. All the certificates will
100
- # be read and added to the trust store. You need to configure the `ssl_verify_mode`
101
- # to `peer` or `force_peer` to enable the verification.
91
+ # be read and added to the trust store. You need to configure the `ssl_client_authentication`
92
+ # to `optional` or `required` to enable the client verification.
102
93
  #
103
94
  config :ssl_certificate_authorities, :validate => :array, :default => []
104
95
 
@@ -110,21 +101,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
110
101
  # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
111
102
  config :ssl_client_authentication, :validate => %w[none optional required], :default => 'none'
112
103
 
113
- # By default the server doesn't do any client verification.
114
- #
115
- # `peer` will make the server ask the client to provide a certificate.
116
- # If the client provides a certificate, it will be validated.
117
- #
118
- # `force_peer` will make the server ask the client to provide a certificate.
119
- # If the client doesn't provide a certificate, the connection will be closed.
120
- #
121
- # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
122
- config :ssl_verify_mode, :validate => ["none", "peer", "force_peer"], :default => "none", :deprecated => "Set 'ssl_client_authentication' instead."
123
-
124
- # Enables storing client certificate information in event's metadata. You need
125
- # to configure the `ssl_verify_mode` to `peer` or `force_peer` to enable this.
126
- config :ssl_peer_metadata, :validate => :boolean, :default => false, :deprecated => "use `enrich` option to configure which enrichments to perform"
127
-
128
104
  config :include_codec_tag, :validate => :boolean, :default => true, :deprecated => "use `enrich` option to configure which enrichments to perform"
129
105
 
130
106
  # Time in milliseconds for an incomplete ssl handshake to timeout
@@ -148,21 +124,18 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
148
124
  # Flag to determine whether to add host information (provided by the beat in the 'hostname' field) to the event
149
125
  config :add_hostname, :validate => :boolean, :default => false, :deprecated => 'This option will be removed in the future as beats determine the event schema'
150
126
 
151
- # The list of ciphers suite to use, listed by priorities.
152
- config :cipher_suites, :validate => :array, :default => [], :deprecated => "Set 'ssl_cipher_suites' instead."
153
-
154
- # The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
155
- # 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
156
- config :tls_min_version, :validate => :number, :default => TLS.min.version, :deprecated => "Set 'ssl_supported_protocols' instead."
157
-
158
- # The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
159
- # 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
160
- config :tls_max_version, :validate => :number, :default => TLS.max.version, :deprecated => "Set 'ssl_supported_protocols' instead."
127
+ # removed options
128
+ config :ssl, :obsolete => "Use 'ssl_enabled' instead."
129
+ config :ssl_peer_metadata, :obsolete => "Use 'enrich' instead."
130
+ config :ssl_verify_mode, :obsolete => "Use 'ssl_client_authentication' instead."
131
+ config :cipher_suites, :obsolete => "Use 'ssl_cipher_suites' instead."
132
+ config :tls_min_version, :obsolete => "Use 'ssl_supported_protocols' instead."
133
+ config :tls_max_version, :obsolete => "Use 'ssl_supported_protocols' instead."
161
134
 
162
135
  ENRICH_DEFAULTS = {
163
136
  'source_metadata' => true,
164
137
  'codec_metadata' => true,
165
- 'ssl_peer_metadata' => false,
138
+ 'ssl_peer_metadata' => false, # adds client certificate information in event's metadata
166
139
  }.freeze
167
140
 
168
141
  ENRICH_ALL = ENRICH_DEFAULTS.keys.freeze
@@ -174,29 +147,16 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
174
147
 
175
148
  attr_reader :field_hostname, :field_hostip
176
149
  attr_reader :field_tls_protocol_version, :field_tls_peer_subject, :field_tls_cipher
150
+ attr_reader :include_ssl_peer_metadata
177
151
  attr_reader :include_source_metadata
178
152
 
179
- NON_PREFIXED_SSL_CONFIGS = Set[
180
- 'tls_min_version',
181
- 'tls_max_version',
182
- 'cipher_suites',
183
- ].freeze
184
-
185
153
  SSL_CLIENT_AUTH_NONE = 'none'.freeze
186
154
  SSL_CLIENT_AUTH_OPTIONAL = 'optional'.freeze
187
155
  SSL_CLIENT_AUTH_REQUIRED = 'required'.freeze
188
156
 
189
- SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP = {
190
- 'none' => SSL_CLIENT_AUTH_NONE,
191
- 'peer' => SSL_CLIENT_AUTH_OPTIONAL,
192
- 'force_peer' => SSL_CLIENT_AUTH_REQUIRED
193
- }.freeze
194
-
195
157
  private_constant :SSL_CLIENT_AUTH_NONE
196
158
  private_constant :SSL_CLIENT_AUTH_OPTIONAL
197
159
  private_constant :SSL_CLIENT_AUTH_REQUIRED
198
- private_constant :NON_PREFIXED_SSL_CONFIGS
199
- private_constant :SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP
200
160
 
201
161
  def register
202
162
  # For Logstash 2.4 we need to make sure that the logger is correctly set for the
@@ -208,15 +168,13 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
208
168
  LogStash::Logger.setup_log4j(@logger)
209
169
  end
210
170
 
211
- setup_ssl_params!
212
-
213
171
  validate_ssl_config!
214
172
 
215
173
  active_enrichments = resolve_enriches
216
174
 
217
175
  @include_source_metadata = active_enrichments.include?('source_metadata')
176
+ @include_ssl_peer_metadata = active_enrichments.include?('ssl_peer_metadata')
218
177
  @include_codec_tag = original_params.include?('include_codec_tag') ? params['include_codec_tag'] : active_enrichments.include?('codec_metadata')
219
- @ssl_peer_metadata = original_params.include?('ssl_peer_metadata') ? params['ssl_peer_metadata'] : active_enrichments.include?('ssl_peer_metadata')
220
178
 
221
179
  # intentionally ask users to provide codec when they want to use the codec metadata
222
180
  # second layer enrich is also a controller, provide enrich => ['codec_metadata' or/with 'source_metadata'] with codec if you override event original
@@ -247,7 +205,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
247
205
  end # def register
248
206
 
249
207
  def create_server
250
- server = org.logstash.beats.Server.new(@id, @host, @port, @client_inactivity_timeout, @event_loop_threads, @executor_threads)
208
+ server = org.logstash.beats.Server.new(@host, @port, @client_inactivity_timeout, @event_loop_threads, @executor_threads)
251
209
  server.setSslHandlerProvider(new_ssl_handshake_provider(new_ssl_context_builder)) if @ssl_enabled
252
210
  server
253
211
  end
@@ -275,9 +233,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
275
233
  return client_authentication_optional? || client_authentication_required?
276
234
  end
277
235
 
278
- # Keep backward compatibility with the deprecated `ssl_verify_mode` until it's not removed.
279
- # When it's explicitly set (or both settings are absent), it should use the ssl_certificate_authorities
280
- # to enable/disable the client authentication. (even if ssl_verify_mode => none)
236
+ # also uses the ssl_certificate_authorities to enable/disable the client authentication
281
237
  certificate_authorities_configured?
282
238
  end
283
239
 
@@ -286,7 +242,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
286
242
  end
287
243
 
288
244
  def client_authentication_metadata?
289
- @ssl_enabled && @ssl_peer_metadata && ssl_configured? && client_authentication_enabled?
245
+ @ssl_enabled && @include_ssl_peer_metadata && ssl_configured? && client_authentication_enabled?
290
246
  end
291
247
 
292
248
  def client_authentication_required?
@@ -312,10 +268,10 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
312
268
  private
313
269
 
314
270
  def validate_ssl_config!
315
- ssl_config_name = original_params.include?('ssl') ? 'ssl' : 'ssl_enabled'
271
+ ssl_config_name = 'ssl_enabled'
316
272
 
317
273
  unless @ssl_enabled
318
- ignored_ssl_settings = original_params.select { |k| k != 'ssl_enabled' && k.start_with?('ssl_') || NON_PREFIXED_SSL_CONFIGS.include?(k) }
274
+ ignored_ssl_settings = original_params.select { |k| k != 'ssl_enabled' && k.start_with?('ssl_') }
319
275
  @logger.warn("Configured SSL settings are not used when `#{ssl_config_name}` is set to `false`: #{ignored_ssl_settings.keys}") if ignored_ssl_settings.any?
320
276
  return
321
277
  end
@@ -329,13 +285,11 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
329
285
  end
330
286
 
331
287
  if require_certificate_authorities? && !certificate_authorities_configured?
332
- config_name, config_value = provided_client_authentication_config
333
- configuration_error "ssl_certificate_authorities => is a required setting when #{config_name} => '#{config_value}' is configured"
288
+ configuration_error "ssl_certificate_authorities => is a required setting when `ssl_client_authentication => '#{@ssl_client_authentication}'` is configured"
334
289
  end
335
290
 
336
291
  if client_authentication_metadata? && !require_certificate_authorities?
337
- config_name, optional, required = provided_client_authentication_config([SSL_CLIENT_AUTH_OPTIONAL, SSL_CLIENT_AUTH_REQUIRED])
338
- configuration_error "Configuring ssl_peer_metadata => true requires #{config_name} => to be configured with '#{optional}' or '#{required}'"
292
+ configuration_error "Configuring `enrich => [ssl_peer_metadata]` requires `ssl_client_authentication` to be configured with '#{SSL_CLIENT_AUTH_OPTIONAL}' or '#{SSL_CLIENT_AUTH_REQUIRED}'"
339
293
  end
340
294
 
341
295
  if original_params.include?('ssl_client_authentication') && certificate_authorities_configured? && !require_certificate_authorities?
@@ -343,43 +297,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
343
297
  end
344
298
  end
345
299
 
346
- def provided_client_authentication_config(values = [@ssl_client_authentication])
347
- if original_params.include?('ssl_verify_mode')
348
- ['ssl_verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
349
- else
350
- ['ssl_client_authentication', *values]
351
- end
352
- end
353
-
354
- def setup_ssl_params!
355
- @ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
356
- normalizer.with_deprecated_alias(:ssl)
357
- end
358
-
359
- @ssl_cipher_suites = normalize_config(:ssl_cipher_suites) do |normalizer|
360
- normalizer.with_deprecated_alias(:cipher_suites)
361
- end
362
-
363
- @ssl_supported_protocols = normalize_config(:ssl_supported_protocols) do |normalizer|
364
- normalizer.with_deprecated_mapping(:tls_min_version, :tls_max_version) do |tls_min_version, tls_max_version|
365
- TLS.get_supported(tls_min_version..tls_max_version).map(&:name)
366
- end
367
- end
368
-
369
- @ssl_client_authentication = normalize_config(:ssl_client_authentication) do |normalizer|
370
- normalizer.with_deprecated_mapping(:ssl_verify_mode) do |ssl_verify_mode|
371
- normalized_value = SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP[ssl_verify_mode.downcase]
372
- fail(LogStash::ConfigurationError, "Unsupported value #{ssl_verify_mode} for deprecated option `ssl_verify_mode`") unless normalized_value
373
- normalized_value
374
- end
375
- end
376
-
377
- params['ssl_enabled'] = @ssl_enabled unless @ssl_enabled.nil?
378
- params['ssl_cipher_suites'] = @ssl_cipher_suites unless @ssl_cipher_suites.nil?
379
- params['ssl_supported_protocols'] = @ssl_supported_protocols unless @ssl_supported_protocols.nil?
380
- params['ssl_client_authentication'] = @ssl_client_authentication unless @ssl_client_authentication.nil?
381
- end
382
-
383
300
  def new_ssl_handshake_provider(ssl_context_builder)
384
301
  begin
385
302
  org.logstash.netty.SslHandlerProvider.new(ssl_context_builder.build_context, @ssl_handshake_timeout)
@@ -414,7 +331,6 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
414
331
  return SslContextBuilder::SslClientVerifyMode::OPTIONAL if client_authentication_optional?
415
332
  return SslContextBuilder::SslClientVerifyMode::REQUIRED if client_authentication_required?
416
333
 
417
- # Backward compatibility with the deprecated `ssl_verify_mode` and the current `none` overrides
418
334
  if !original_params.include?('ssl_client_authentication') && certificate_authorities_configured?
419
335
  return SslContextBuilder::SslClientVerifyMode::REQUIRED
420
336
  end
@@ -444,9 +360,8 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
444
360
  end
445
361
 
446
362
  def resolve_enriches
447
- deprecated_flags_provided = %w(ssl_peer_metadata include_codec_tag) & original_params.keys
448
- if deprecated_flags_provided.any? && original_params.include?('enrich')
449
- raise LogStash::ConfigurationError, "both `enrich` and (deprecated) #{deprecated_flags_provided.join(',')} were provided; use only `enrich`"
363
+ if original_params.include?('include_codec_tag') && original_params.include?('enrich')
364
+ raise LogStash::ConfigurationError, "both `enrich` and (deprecated) `include_codec_tag` were provided; use only `enrich`"
450
365
  end
451
366
 
452
367
  aliases_provided = ENRICH_ALIASES & (@enrich || [])
@@ -1,12 +1,11 @@
1
1
  # AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.
2
2
 
3
3
  require 'jar_dependencies'
4
- require_jar('io.netty', 'netty-handler', '4.1.135.Final')
4
+ require_jar('io.netty', 'netty-buffer', '4.1.115.Final')
5
+ require_jar('io.netty', 'netty-codec', '4.1.115.Final')
6
+ require_jar('io.netty', 'netty-common', '4.1.115.Final')
7
+ require_jar('io.netty', 'netty-transport', '4.1.115.Final')
8
+ require_jar('io.netty', 'netty-handler', '4.1.115.Final')
9
+ require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.115.Final')
5
10
  require_jar('org.javassist', 'javassist', '3.24.0-GA')
6
- require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.135.Final')
7
- require_jar('io.netty', 'netty-codec', '4.1.135.Final')
8
- require_jar('io.netty', 'netty-transport', '4.1.135.Final')
9
- require_jar('io.netty', 'netty-resolver', '4.1.135.Final')
10
- require_jar('io.netty', 'netty-buffer', '4.1.135.Final')
11
- require_jar('io.netty', 'netty-common', '4.1.135.Final')
12
- require_jar('org.logstash.beats', 'logstash-input-beats', '6.9.10')
11
+ require_jar('org.logstash.beats', 'logstash-input-beats', '7.0.0')
data/lib/tasks/test.rake CHANGED
@@ -4,9 +4,9 @@ VENDOR_PATH = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "ve
4
4
 
5
5
  #TODO: Figure out better means to keep this version in sync
6
6
  if OS_PLATFORM == "linux"
7
- FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.19.2-linux-x86_64.tar.gz"
7
+ FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.0-linux-x86_64.tar.gz"
8
8
  elsif OS_PLATFORM == "darwin"
9
- FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.19.2-linux-arm64.tar.gz"
9
+ FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.0-darwin-x86_64.tar.gz"
10
10
  end
11
11
 
12
12
  require "fileutils"
@@ -26,10 +26,10 @@ Gem::Specification.new do |s|
26
26
  s.add_runtime_dependency "concurrent-ruby", "~> 1.0"
27
27
  s.add_runtime_dependency "thread_safe", "~> 0.3.5"
28
28
  s.add_runtime_dependency "logstash-codec-multiline", ">= 2.0.5"
29
+ s.add_runtime_dependency 'jar-dependencies', '~> 0.3', '>= 0.3.4'
29
30
  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.3'
30
31
  s.add_runtime_dependency 'logstash-mixin-event_support', '~>1.0'
31
32
  s.add_runtime_dependency 'logstash-mixin-plugin_factory_support', '~>1.0'
32
- s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
33
33
 
34
34
  s.add_development_dependency "flores", "~>0.0.6"
35
35
  s.add_development_dependency "rspec"