logstash-input-beats 3.1.18-java → 3.1.19-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: dd37c14458a22eeca569f243f3cbd7feafa6a699
4
- data.tar.gz: 54f225c5d3ed127f402fb4d9d61e0e001e10e722
3
+ metadata.gz: 97c1ad83b25e92e16acb2dde75a8d7d0796c7cd8
4
+ data.tar.gz: d684f40a578b5ec09f260b5d9e6d55e97bbb1d30
5
5
  SHA512:
6
- metadata.gz: b2ec41b2bf657d9d6e048e4affc338ed8d6d5d5d8cf1db9c13bebbc4c7f84a0e3d61eb0aff419319f76f6984343a24458d8e6a11798ab2abc457d58371ed2eee
7
- data.tar.gz: cc924727ca27fb15b435c16ff4b862e47baa9b3b59e0f691f915d1e83ff46bdafd49b829e25bbbbc35b7497d7191bf9902a4303b9457e8e4cfba9df8c8f873bf
6
+ metadata.gz: 1d7f83a1fb266ee9b66cb219a09b5eef81c61a61fd87527e275c07a0e42dbed405183353f632c717822bbc8825f6ba4f248bf41b7bd03660e8b51068b98e9081
7
+ data.tar.gz: d26d3a488875ebaada9cbe5710926a0c682331a5c7cbb529e9034d2546a8a8fef0f3e9bb86207897b46ccd03d15899ee7a94fc924db23609d04a80667af20279
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 3.1.19
2
+ - Fix ability to set SSL protocols #228
3
+
1
4
  ## 3.1.18
2
5
  - Relax version of concurrent-ruby to `~> 1.0`
3
6
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.1.18
1
+ 3.1.19
@@ -9,4 +9,4 @@ require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.7.5')
9
9
  require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.7.5')
10
10
  require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.7.5')
11
11
  require_jar('log4j', 'log4j', '1.2.17')
12
- require_jar('org.logstash.beats', 'logstash-input-beats', '3.1.18')
12
+ require_jar('org.logstash.beats', 'logstash-input-beats', '3.1.19')
data/lib/tasks/test.rake CHANGED
@@ -2,10 +2,11 @@
2
2
  OS_PLATFORM = RbConfig::CONFIG["host_os"]
3
3
  VENDOR_PATH = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "vendor"))
4
4
 
5
+ #TODO: Figure out better means to keep this version in sync
5
6
  if OS_PLATFORM == "linux"
6
- FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.0.0-linux-x86_64.tar.gz"
7
+ FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.0.0-alpha2-linux-x86_64.tar.gz"
7
8
  elsif OS_PLATFORM == "darwin"
8
- FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.0.0-darwin-x86_64.tar.gz"
9
+ FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.0.0-alpha2-darwin-x86_64.tar.gz"
9
10
  end
10
11
 
11
12
  LSF_URL = "https://download.elastic.co/logstash-forwarder/binaries/logstash-forwarder_#{OS_PLATFORM}_amd64"
@@ -52,6 +52,7 @@ describe "Filebeat", :integration => true do
52
52
  before :each do
53
53
  FileUtils.rm_rf(File.join(File.dirname(__FILE__), "..", "..", "vendor", "filebeat", "data"))
54
54
  start_client
55
+ raise 'Filebeat did not start in alloted time' unless is_alive
55
56
  sleep(20) # give some time to FB to send something
56
57
  end
57
58
 
@@ -76,7 +77,7 @@ describe "Filebeat", :integration => true do
76
77
  end
77
78
 
78
79
  ############################################################
79
- # Actuals tests
80
+ # Actuals tests
80
81
  context "Plain TCP" do
81
82
  include_examples "send events"
82
83
  end
@@ -190,6 +191,9 @@ describe "Filebeat", :integration => true do
190
191
  context "CA root" do
191
192
  include_context "Root CA"
192
193
 
194
+ let_tmp_file(:certificate_key_file) { convert_to_pkcs8(certificate_data.last) }
195
+ let_tmp_file(:certificate_file) { certificate_data.first }
196
+
193
197
  context "directly signed client certificate" do
194
198
  let(:certificate_authorities) { [root_ca_certificate_file] }
195
199
  let(:certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", root_ca_certificate, root_ca_key) }
@@ -202,7 +206,7 @@ describe "Filebeat", :integration => true do
202
206
 
203
207
  let(:certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", intermediate_ca_certificate, intermediate_ca_key) }
204
208
  let(:certificate_authorities) { [certificate_authorities_chain] }
205
-
209
+
206
210
  include_examples "send events"
207
211
  end
208
212
  end
@@ -224,7 +228,7 @@ describe "Filebeat", :integration => true do
224
228
  end
225
229
 
226
230
  let(:input_config) do
227
- super.merge({
231
+ super.merge({
228
232
  "ssl" => true,
229
233
  "ssl_certificate_authorities" => certificate_authorities,
230
234
  "ssl_certificate" => server_certificate_file,
@@ -249,6 +253,8 @@ describe "Filebeat", :integration => true do
249
253
 
250
254
  let_tmp_file(:server_certificate_file) { server_certificate_data.first }
251
255
  let_tmp_file(:server_certificate_key_file) { convert_to_pkcs8(server_certificate_data.last) }
256
+ let_tmp_file(:certificate_file) { certificate_data.first }
257
+ let_tmp_file(:certificate_key_file) { convert_to_pkcs8(certificate_data.last) }
252
258
 
253
259
  context "directly signed client certificate" do
254
260
  let(:certificate_authorities) { [root_ca_certificate_file] }
@@ -262,7 +268,7 @@ describe "Filebeat", :integration => true do
262
268
  include_context "Intermediate CA"
263
269
 
264
270
  let(:certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", intermediate_ca_certificate, intermediate_ca_key) }
265
- let(:server_certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", intermediate_ca_certificate, intermediate_ca_key) }
271
+ let(:server_certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", intermediate_ca_certificate, intermediate_ca_key) }
266
272
  let(:certificate_authorities) { [intermediate_ca_certificate_file] }
267
273
 
268
274
  include_examples "send events"
@@ -298,7 +304,7 @@ describe "Filebeat", :integration => true do
298
304
 
299
305
  let(:server_certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", root_ca_certificate, root_ca_key) }
300
306
 
301
- context "client from primary CA" do
307
+ context "client from primary CA" do
302
308
  include_examples "send events"
303
309
  end
304
310
 
@@ -1,7 +1,7 @@
1
1
  # encoding: utf-8
2
2
  require "childprocess"
3
3
  module ClientProcessHelpers
4
- def start_client(timeout = 1)
4
+ def start_client(timeout = 5)
5
5
  @client_out = Stud::Temporary.file
6
6
  @client_out.sync
7
7
 
@@ -11,13 +11,26 @@ module ClientProcessHelpers
11
11
  ChildProcess.posix_spawn = true
12
12
  @process.start
13
13
 
14
- sleep(0.1)
14
+ sleep_interval = 0.1
15
+ max_iterations = (timeout / sleep_interval).to_i
16
+ max_iterations.times do
17
+ sleep(sleep_interval)
18
+ if @process.alive?
19
+ break
20
+ end
21
+ end
22
+ #Note - can not raise error here if process failed to start, since some tests expects for the process to not start due to invalid configuration
23
+
15
24
  @client_out.rewind
16
25
 
17
26
  # can be used to helper debugging when a test fails
18
27
  @execution_output = @client_out.read
19
28
  end
20
29
 
30
+ def is_alive
31
+ return @process.alive?
32
+ end
33
+
21
34
  def stop_client
22
35
  begin
23
36
  @process.poll_for_exit(5)
@@ -1,49 +1,68 @@
1
1
  # encoding: utf-8
2
2
  require "flores/pki"
3
3
  require "flores/random"
4
+ require "socket"
4
5
 
5
6
  module Flores
6
7
  module Random
7
8
  DEFAULT_PORT_RANGE = 1024..65535
8
- DEFAULT_PORT_CHECK_TIMEOUT = 1
9
- DEFAULT_MAXIMUM_PORT_FIND_TRY = 15
10
-
11
9
  class << self
12
10
  def port(range = DEFAULT_PORT_RANGE)
13
- try = 0
14
- while try < DEFAULT_MAXIMUM_PORT_FIND_TRY
15
- candidate = integer(range)
16
-
17
- if port_available?(candidate)
18
- break
19
- else
20
- try += 1
21
- end
11
+ integer(range)
12
+ end
13
+ end
14
+ end
15
+
16
+ module PKI
17
+
18
+ # Monkey patched the fix for https://github.com/jordansissel/ruby-flores/issues/9
19
+ # TODO: remove this once Flores is released with fix.
20
+ CertificateSigningRequest.class_eval do
21
+ def create
22
+ validate!
23
+ extensions = OpenSSL::X509::ExtensionFactory.new
24
+ extensions.subject_certificate = certificate
25
+ extensions.issuer_certificate = self_signed? ? certificate : signing_certificate
26
+
27
+ certificate.issuer = extensions.issuer_certificate.subject
28
+ certificate.add_extension(extensions.create_extension("subjectKeyIdentifier", "hash", false))
29
+
30
+ if want_signature_ability?
31
+ # Create a CA.
32
+ certificate.add_extension(extensions.create_extension("basicConstraints", "CA:TRUE", true))
33
+ # Rough googling seems to indicate at least keyCertSign is required for CA and intermediate certs.
34
+ certificate.add_extension(extensions.create_extension("keyUsage", "keyCertSign, cRLSign, digitalSignature", true))
35
+ else
36
+ # Create a client+server certificate
37
+ #
38
+ # It feels weird to create a certificate that's valid as both server and client, but a brief inspection of major
39
+ # web properties (apple.com, google.com, yahoo.com, github.com, fastly.com, mozilla.com, amazon.com) reveals that
40
+ # major web properties have certificates with both clientAuth and serverAuth extended key usages. Further,
41
+ # these major server certificates all have digitalSignature and keyEncipherment for key usage.
42
+ #
43
+ # Here's the command I used to check this:
44
+ # echo mozilla.com apple.com github.com google.com yahoo.com fastly.com elastic.co amazon.com \
45
+ # | xargs -n1 sh -c 'openssl s_client -connect $1:443 \
46
+ # | sed -ne "/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p" \
47
+ # | openssl x509 -text -noout | sed -ne "/X509v3 extensions/,/Signature Algorithm/p" | sed -e "s/^/$1 /"' - \
48
+ # | grep -A2 'Key Usage'
49
+ certificate.add_extension(extensions.create_extension("keyUsage", "digitalSignature, keyEncipherment", true))
50
+ certificate.add_extension(extensions.create_extension("extendedKeyUsage", "clientAuth, serverAuth", false))
22
51
  end
23
-
24
- raise "Flores.random_port: Cannot find an available port, tried #{DEFAULT_MAXIMUM_PORT_FIND_TRY} times, range was: #{range}" if try == DEFAULT_MAXIMUM_PORT_FIND_TRY
25
52
 
26
- candidate
27
- end
28
-
29
- def port_available?(port)
30
- begin
31
- server = TCPServer.new(port)
32
- available = true
33
- rescue # Assume that any errors can do this
34
- available = false
35
- ensure
36
- server.close if server
53
+ if @subject_alternates
54
+ certificate.add_extension(extensions.create_extension("subjectAltName", @subject_alternates.join(",")))
37
55
  end
38
56
 
39
- return available
57
+ certificate.serial = OpenSSL::BN.new(serial)
58
+ certificate.sign(signing_key, digest_method)
59
+ certificate
40
60
  end
41
61
  end
42
- end
43
62
 
44
- module PKI
63
+
45
64
  DEFAULT_CERTIFICATE_OPTIONS = {
46
- :duration => Flores::Random.number(100..2000),
65
+ :duration => 86400, #one day
47
66
  :key_size => GENERATE_DEFAULT_KEY_SIZE,
48
67
  :exponent => GENERATE_DEFAULT_EXPONENT,
49
68
  :want_signature_ability => false
@@ -78,5 +97,9 @@ module Flores
78
97
 
79
98
  [csr.create, client_key]
80
99
  end
100
+
101
+
102
+
81
103
  end
82
104
  end
105
+
@@ -3,7 +3,7 @@ require "flores/random"
3
3
 
4
4
  shared_examples "send events" do
5
5
  it "successfully send the events" do
6
- try(50) { expect(queue.size).to eq(number_of_events), "Expected: #{number_of_events} got: #{queue.size}, execution output:\n #{@execution_output}" }
6
+ try(25) { expect(queue.size).to eq(number_of_events), "Expected: #{number_of_events} got: #{queue.size}, execution output:\n #{@execution_output}" }
7
7
  expect(queue.collect { |e| e.get("message") }).to eq(events)
8
8
  end
9
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-beats
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.18
4
+ version: 3.1.19
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-06-07 00:00:00.000000000 Z
11
+ date: 2017-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -264,7 +264,7 @@ files:
264
264
  - vendor/jar-dependencies/io/netty/netty-tcnative-boringssl-static/1.1.33.Fork23/netty-tcnative-boringssl-static-1.1.33.Fork23.jar
265
265
  - vendor/jar-dependencies/log4j/log4j/1.2.17/log4j-1.2.17.jar
266
266
  - vendor/jar-dependencies/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
267
- - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/3.1.18/logstash-input-beats-3.1.18.jar
267
+ - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/3.1.19/logstash-input-beats-3.1.19.jar
268
268
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
269
269
  licenses:
270
270
  - Apache License (2.0)