logstash-input-beats 6.0.11-java → 6.0.12-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/VERSION +1 -1
  4. data/lib/logstash-input-beats_jars.rb +1 -1
  5. data/lib/logstash/inputs/beats.rb +68 -34
  6. data/spec/inputs/beats_spec.rb +37 -12
  7. data/spec/support/logstash_test.rb +7 -0
  8. data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/{6.0.11/logstash-input-beats-6.0.11.jar → 6.0.12/logstash-input-beats-6.0.12.jar} +0 -0
  9. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3964ad3d90cff475af37cb0f6dcf53182fd9b81ae33079fff3bf8789fef9ddf1
4
- data.tar.gz: 25bf12bef27170a2ab221d5003bc107492aae16e784995ebf44be9f0e51e479b
3
+ metadata.gz: fffd1d08907236b161c3b9df9bfd87ae1f90f0aa29450739410e7f2ec5d1a426
4
+ data.tar.gz: e48951c53cb2bc4ad6d4b48cb32dd7db0692b10d0182af7a21746cb703632f07
5
5
  SHA512:
6
- metadata.gz: 9554a53784dbc2d06eb56e8710f5ddd2c49e1c7571fee3c1c7530e6118c76d60a82688c09dedfd373417f72a00eec1c09a2ac2851191b05f8fde347afa4761e6
7
- data.tar.gz: 9b22eb9d8e5d60db6e6586eccb37bb518137b0458205d34f473dce178a088e3030095f1d6c0282ffa46574c26d2852feeea2b819788150f86a5ac30c38b27254
6
+ metadata.gz: f7f512920246aa50d6bd862844b133237f96fa75243a2fb13f255602881ab6ed9a7be1b3d7602db14ec7cfffbf795ef32fb3062425c0df5100159b2cee07acb9
7
+ data.tar.gz: 870eae665df61dc1aacc9ce0687e4042058e9c362301f93d255d318afc6045e92bda6f442f3fd7085db71fb532aa389052bf10f0a572761309bafe3229b596e2
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## 6.0.12
2
+ - Fix: log error when SSL context building fails [#402](https://github.com/logstash-plugins/logstash-input-beats/pull/402).
3
+ We've also made sure to log messages on configuration errors as LS 7.8/7.9 only prints details when level set to debug.
4
+
1
5
  ## 6.0.11
2
6
  - Updated jackson databind and Netty dependencies. Additionally, this release removes the dependency on `tcnative` +
3
7
  `boringssl`, using JVM supplied ciphers instead. This may result in fewer ciphers being available if the JCE
data/VERSION CHANGED
@@ -1 +1 @@
1
- 6.0.11
1
+ 6.0.12
data/lib/logstash-input-beats_jars.rb CHANGED
@@ -8,4 +8,4 @@ require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
8
8
  require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.4')
9
9
  require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
10
10
  require_jar('org.apache.logging.log4j', 'log4j-api', '2.11.1')
11
- require_jar('org.logstash.beats', 'logstash-input-beats', '6.0.11')
11
+ require_jar('org.logstash.beats', 'logstash-input-beats', '6.0.12')
data/lib/logstash/inputs/beats.rb CHANGED
@@ -131,27 +131,32 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
131
131
  LogStash::Logger.setup_log4j(@logger)
132
132
  end
133
133
 
134
- if !@ssl
135
- @logger.warn("Beats input: SSL Certificate will not be used") unless @ssl_certificate.nil?
136
- @logger.warn("Beats input: SSL Key will not be used") unless @ssl_key.nil?
137
- elsif !ssl_configured?
138
- raise LogStash::ConfigurationError, "Certificate or Certificate Key not configured"
139
- end
134
+ if @ssl
135
+ if @ssl_key.nil? || @ssl_key.empty?
136
+ configuration_error "ssl_key => is a required setting when ssl => true is configured"
137
+ end
138
+ if @ssl_certificate.nil? || @ssl_certificate.empty?
139
+ configuration_error "ssl_certificate => is a required setting when ssl => true is configured"
140
+ end
140
141
 
141
- if @ssl && require_certificate_authorities? && !client_authentification?
142
- raise LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`"
143
- end
142
+ if require_certificate_authorities? && !client_authentification?
143
+ configuration_error "ssl_certificate_authorities => is a required setting when ssl_verify_mode => '#{@ssl_verify_mode}' is configured"
144
+ end
144
145
 
145
- if client_authentication_metadata? && !require_certificate_authorities?
146
- raise LogStash::ConfigurationError, "Enabling `peer_metadata` requires using `verify_mode` set to PEER or FORCE_PEER"
146
+ if client_authentication_metadata? && !require_certificate_authorities?
147
+ configuration_error "Configuring ssl_peer_metadata => true requires ssl_verify_mode => to be configured with 'peer' or 'force_peer'"
148
+ end
149
+ else
150
+ @logger.warn("configured ssl_certificate => #{@ssl_certificate.inspect} will not be used") if @ssl_certificate
151
+ @logger.warn("configured ssl_key => #{@ssl_key.inspect} will not be used") if @ssl_key
147
152
  end
148
153
 
149
154
  # Logstash 6.x breaking change (introduced with 4.0.0 of this gem)
150
155
  if @codec.kind_of? LogStash::Codecs::Multiline
151
- raise LogStash::ConfigurationError, "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html"
156
+ configuration_error "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html"
152
157
  end
153
158
 
154
- @logger.info("Beats inputs: Starting input listener", :address => "#{@host}:#{@port}")
159
+ @logger.info("Starting input listener", :address => "#{@host}:#{@port}")
155
160
 
156
161
  @server = create_server
157
162
  end # def register
@@ -159,37 +164,20 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
159
164
  def create_server
160
165
  server = org.logstash.beats.Server.new(@host, @port, @client_inactivity_timeout, @executor_threads)
161
166
  if @ssl
162
-
163
- begin
164
- ssl_context_builder = org.logstash.netty.SslContextBuilder.new(@ssl_certificate, @ssl_key, @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value)
165
- .setProtocols(convert_protocols)
166
- .setCipherSuites(normalized_ciphers)
167
- rescue java.lang.IllegalArgumentException => e
168
- raise LogStash::ConfigurationError, e
169
- end
170
-
171
-
167
+ ssl_context_builder = new_ssl_context_builder
172
168
  if client_authentification?
173
- if @ssl_verify_mode.upcase == "FORCE_PEER"
169
+ if @ssl_verify_mode == "force_peer"
174
170
  ssl_context_builder.setVerifyMode(org.logstash.netty.SslContextBuilder::SslClientVerifyMode::FORCE_PEER)
175
- elsif @ssl_verify_mode.upcase == "PEER"
171
+ elsif @ssl_verify_mode == "peer"
176
172
  ssl_context_builder.setVerifyMode(org.logstash.netty.SslContextBuilder::SslClientVerifyMode::VERIFY_PEER)
177
173
  end
178
174
  ssl_context_builder.setCertificateAuthorities(@ssl_certificate_authorities)
179
175
  end
180
- server.setSslHandlerProvider(org.logstash.netty.SslHandlerProvider.new(ssl_context_builder.build_context, @ssl_handshake_timeout))
176
+ server.setSslHandlerProvider(new_ssl_handshake_provider(ssl_context_builder))
181
177
  end
182
178
  server
183
179
  end
184
180
 
185
- def ssl_configured?
186
- !(@ssl_certificate.nil? || @ssl_key.nil?)
187
- end
188
-
189
- def target_codec_on_field?
190
- !@target_codec_on_field.empty?
191
- end
192
-
193
181
  def run(output_queue)
194
182
  message_listener = MessageListener.new(output_queue, self)
195
183
  @server.setMessageListener(message_listener)
@@ -200,6 +188,14 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
200
188
  @server.stop unless @server.nil?
201
189
  end
202
190
 
191
+ def ssl_configured?
192
+ !(@ssl_certificate.nil? || @ssl_key.nil?)
193
+ end
194
+
195
+ def target_codec_on_field?
196
+ !@target_codec_on_field.empty?
197
+ end
198
+
203
199
  def client_authentification?
204
200
  @ssl_certificate_authorities && @ssl_certificate_authorities.size > 0
205
201
  end
@@ -216,6 +212,32 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
216
212
  @ssl_verify_mode == "force_peer" || @ssl_verify_mode == "peer"
217
213
  end
218
214
 
215
+ private
216
+
217
+ def new_ssl_handshake_provider(ssl_context_builder)
218
+ begin
219
+ org.logstash.netty.SslHandlerProvider.new(ssl_context_builder.build_context, @ssl_handshake_timeout)
220
+ rescue java.lang.IllegalArgumentException => e
221
+ @logger.error("SSL configuration invalid", error_details(e))
222
+ raise LogStash::ConfigurationError, e
223
+ rescue java.security.GeneralSecurityException => e
224
+ @logger.error("SSL configuration failed", error_details(e, true))
225
+ raise e
226
+ end
227
+ end
228
+
229
+ def new_ssl_context_builder
230
+ passphrase = @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value
231
+ begin
232
+ org.logstash.netty.SslContextBuilder.new(@ssl_certificate, @ssl_key, passphrase)
233
+ .setProtocols(convert_protocols)
234
+ .setCipherSuites(normalized_ciphers)
235
+ rescue java.lang.IllegalArgumentException => e
236
+ @logger.error("SSL configuration invalid", error_details(e))
237
+ raise LogStash::ConfigurationError, e
238
+ end
239
+ end
240
+
219
241
  def normalized_ciphers
220
242
  @cipher_suites.map(&:upcase)
221
243
  end
@@ -223,4 +245,16 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
223
245
  def convert_protocols
224
246
  TLS.get_supported(@tls_min_version..@tls_max_version).map(&:name)
225
247
  end
248
+
249
+ def configuration_error(message)
250
+ @logger.error message
251
+ raise LogStash::ConfigurationError, message
252
+ end
253
+
254
+ def error_details(e, trace = false)
255
+ error_details = { :exception => e.class, :message => e.message }
256
+ error_details[:backtrace] = e.backtrace if trace || @logger.debug?
257
+ error_details
258
+ end
259
+
226
260
  end
data/spec/inputs/beats_spec.rb CHANGED
@@ -13,11 +13,19 @@ describe LogStash::Inputs::Beats do
13
13
  let(:certificate) { BeatsInputTest.certificate }
14
14
  let(:port) { BeatsInputTest.random_port }
15
15
  let(:queue) { Queue.new }
16
- let(:config) { { "port" => 0, "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "beats"} }
16
+ let(:config) do
17
+ {
18
+ "port" => 0,
19
+ "ssl_certificate" => certificate.ssl_cert,
20
+ "ssl_key" => certificate.ssl_key,
21
+ "type" => "example",
22
+ "tags" => "beats"
23
+ }
24
+ end
17
25
 
18
26
  context "#register" do
19
27
  context "host related configuration" do
20
- let(:config) { super.merge!({ "host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads }) }
28
+ let(:config) { super.merge("host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads) }
21
29
  let(:host) { "192.168.1.20" }
22
30
  let(:port) { 9000 }
23
31
  let(:client_inactivity_timeout) { 400 }
@@ -38,38 +46,55 @@ describe LogStash::Inputs::Beats do
38
46
 
39
47
  context "with ssl enabled" do
40
48
  context "without certificate configuration" do
41
- let(:config) {{ "port" => 0, "ssl" => true, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "beats" }}
49
+ let(:config) { { "port" => 0, "ssl" => true, "ssl_key" => certificate.ssl_key, "type" => "example" } }
42
50
 
43
51
  it "should fail to register the plugin with ConfigurationError" do
44
52
  plugin = LogStash::Inputs::Beats.new(config)
45
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError)
53
+ expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
46
54
  end
47
55
  end
48
56
 
49
57
  context "without key configuration" do
50
- let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats"} }
58
+ let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "type" => "example" } }
51
59
  it "should fail to register the plugin with ConfigurationError" do
52
60
  plugin = LogStash::Inputs::Beats.new(config)
53
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError)
61
+ expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
62
+ end
63
+ end
64
+
65
+ context "with invalid key configuration" do
66
+ let(:p12_key) { certificate.p12_key }
67
+ let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "ssl_key" => p12_key } }
68
+ it "should fail to register the plugin" do
69
+ plugin = LogStash::Inputs::Beats.new(config)
70
+ expect( plugin.logger ).to receive(:error) do |msg, opts|
71
+ expect( msg ).to match /.*?configuration invalid/
72
+ expect( opts[:message] ).to match /does not contain valid private key/
73
+ end
74
+ expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
54
75
  end
55
76
  end
56
77
 
57
78
  context "with invalid ciphers" do
58
- let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats", "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38"} }
79
+ let(:config) { super.merge("ssl" => true, "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
59
80
 
60
81
  it "should raise a configuration error" do
61
82
  plugin = LogStash::Inputs::Beats.new(config)
83
+ expect( plugin.logger ).to receive(:error) do |msg, opts|
84
+ expect( msg ).to match /.*?configuration invalid/
85
+ expect( opts[:message] ).to match /TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38.*? not available/
86
+ end
62
87
  expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
63
88
  end
64
89
  end
65
90
 
66
91
  context "verify_mode" do
67
92
  context "verify_mode configured to PEER" do
68
- let(:config) { { "port" => 0, "ssl" => true, "ssl_verify_mode" => "peer", "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "Beats"} }
93
+ let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "peer") }
69
94
 
70
95
  it "raise a ConfigurationError when certificate_authorities is not set" do
71
96
  plugin = LogStash::Inputs::Beats.new(config)
72
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`")
97
+ expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_verify_mode => 'peer' is configured")
73
98
  end
74
99
 
75
100
  it "doesn't raise a configuration error when certificate_authorities is set" do
@@ -80,11 +105,11 @@ describe LogStash::Inputs::Beats do
80
105
  end
81
106
 
82
107
  context "verify_mode configured to FORCE_PEER" do
83
- let(:config) { { "port" => 0, "ssl" => true, "ssl_verify_mode" => "force_peer", "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "Beats"} }
108
+ let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "force_peer") }
84
109
 
85
110
  it "raise a ConfigurationError when certificate_authorities is not set" do
86
111
  plugin = LogStash::Inputs::Beats.new(config)
87
- expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`")
112
+ expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "ssl_certificate_authorities => is a required setting when ssl_verify_mode => 'force_peer' is configured")
88
113
  end
89
114
 
90
115
  it "doesn't raise a configuration error when certificate_authorities is set" do
@@ -98,7 +123,7 @@ describe LogStash::Inputs::Beats do
98
123
 
99
124
  context "with ssl disabled" do
100
125
  context "and certificate configuration" do
101
- let(:config) { { "port" => 0, "ssl" => false, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats" } }
126
+ let(:config) { { "port" => 0, "ssl" => false, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats" } }
102
127
 
103
128
  it "should not fail" do
104
129
  plugin = LogStash::Inputs::Beats.new(config)
data/spec/support/logstash_test.rb CHANGED
@@ -13,6 +13,13 @@ module BeatsInputTest
13
13
 
14
14
  system("openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout #{ssl_key} -out #{ssl_cert} -subj /CN=localhost > /dev/null 2>&1")
15
15
  end
16
+
17
+ def p12_key
18
+ p12_key = Stud::Temporary.pathname("p12_key")
19
+ system "openssl pkcs12 -export -passout pass:123 -inkey #{ssl_key} -in #{ssl_cert} -out #{p12_key}"
20
+ p12_key
21
+ end
22
+
16
23
  end
17
24
 
18
25
  class << self
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-beats
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.11
4
+ version: 6.0.12
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-03 00:00:00.000000000 Z
11
+ date: 2020-12-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -271,7 +271,7 @@ files:
271
271
  - vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final/netty-all-4.1.49.Final.jar
272
272
  - vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
273
273
  - vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
274
- - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.0.11/logstash-input-beats-6.0.11.jar
274
+ - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.0.12/logstash-input-beats-6.0.12.jar
275
275
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
276
276
  licenses:
277
277
  - Apache License (2.0)