logstash-input-elastic_serverless_forwarder 0.1.2-java → 0.1.3-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 14190aec17bc2282d956db77e43a6118fbbe8ed156e53ca295f9064b202706b1
4
- data.tar.gz: 2bcb76de61764a863882b3f40d9af35d2ff9867b0d8a00d31346e81a677c00f7
3
+ metadata.gz: '08bce725c7626a1e3cc794ab1679b2ca61de4f10fb58a4c6efb895af4a4c2a5f'
4
+ data.tar.gz: b997c8f5c4a7011f219ea2cf338d6813c2cd58350918e9f2fe1d58ece1c43e11
5
5
  SHA512:
6
- metadata.gz: db6ad54b41a91e677c45a4b73534499b892b34788abb1dcbba699d30df0fdf389b193f459727bac9af6c3010c82d2b4c30d6afb1eb663da5e61117a4f826feea
7
- data.tar.gz: 65f652cf3a00c6a17006c15567b26d5ded49674c31c75ccfa03e6663c9d3494cbcc009f941c3227a36d5af8897853b4ece9a3fc598ad444877c7558594cd0797
6
+ metadata.gz: 9f69616a38002781b3f896f67c09cf780f708419bceef0789ef3e7f93f88bafafdea34539468bbb4de793c1231434282912b15dc6dad69da0aabdd63d29d0fd8
7
+ data.tar.gz: 3b306b08747a7f86611f785ba3b3d477707172b15eb096e2a7854a2bbc6937e2c376a65eb23c8f3e7758a3b6aae81bbb79dc31d73986246ce9264ced232aa698
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## 0.1.3
2
+ - Deprecates the `ssl` option in favor of `ssl_enabled` [#6](https://github.com/logstash-plugins/logstash-input-elastic_serverless_forwarder/pull/6)
3
+ - Bumps `logstash-input-http` gem version to `>= 3.7.2` (SSL-normalized)
4
+
1
5
  ## 0.1.2
2
6
  - [DOC] Adds "Technical Preview" call-out to documentation [#4](https://github.com/logstash-plugins/logstash-input-elastic_serverless_forwarder/pull/4)
3
7
 
data/docs/index.asciidoc CHANGED
@@ -51,7 +51,7 @@ input {
51
51
  input {
52
52
  elastic_serverless_forwarder {
53
53
  port => 8080
54
- ssl => false
54
+ ssl_enabled => false
55
55
  }
56
56
  }
57
57
  ----
@@ -144,11 +144,12 @@ This plugin supports the following configuration options plus the <<plugins-{typ
144
144
  | <<plugins-{type}s-{plugin}-auth_basic_password>> |<<password,password>>|No
145
145
  | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
146
146
  | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
147
- | <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|No
147
+ | <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|__Deprecated__
148
148
  | <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
149
149
  | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
150
150
  | <<plugins-{type}s-{plugin}-ssl_client_authentication>> |<<string,string>>, one of `["none", "optional", "required"]`|No
151
151
  | <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<array,array>>|No
152
+ | <<plugins-{type}s-{plugin}-ssl_enabled>> |<<boolean,boolean>>|No
152
153
  | <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
153
154
  | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
154
155
  | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
@@ -197,6 +198,7 @@ The TCP port to bind to
197
198
 
198
199
  [id="plugins-{type}s-{plugin}-ssl"]
199
200
  ===== `ssl`
201
+ deprecated[0.1.3, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
200
202
 
201
203
  * Value type is <<boolean,boolean>>
202
204
  * Default value is `true`
@@ -255,6 +257,17 @@ By default the server doesn't do any client authentication.
255
257
  This means that connections from clients are _private_ when SSL is enabled, but that this input will allow SSL connections from _any_ client.
256
258
  If you wish to configure this plugin to reject connections from untrusted hosts, you will need to configure this plugin to authenticate clients, and may also need to configure it with a list of `ssl_certificate_authorities`.
257
259
 
260
+
261
+ [id="plugins-{type}s-{plugin}-ssl_enabled"]
262
+ ===== `ssl_enabled`
263
+
264
+ * Value type is <<boolean,boolean>>
265
+ * Default value is `true`
266
+
267
+ Events are, by default, sent over SSL, which requires configuring this plugin to present an identity certificate using <<plugins-{type}s-{plugin}-ssl_certificate>> and key using <<plugins-{type}s-{plugin}-ssl_key>>.
268
+
269
+ You can disable SSL with `+ssl_enabled => false+`.
270
+
258
271
  [id="plugins-{type}s-{plugin}-ssl_handshake_timeout"]
259
272
  ===== `ssl_handshake_timeout`
260
273
 
@@ -3,12 +3,14 @@ require "logstash/inputs/base"
3
3
  require "logstash/namespace"
4
4
 
5
5
  require "logstash/plugin_mixins/plugin_factory_support"
6
+ require "logstash/plugin_mixins/normalize_config_support"
6
7
 
7
8
  require 'logstash/inputs/http'
8
9
  require 'logstash/codecs/json_lines'
9
10
 
10
11
  class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
11
12
  include LogStash::PluginMixins::PluginFactorySupport
13
+ include LogStash::PluginMixins::NormalizeConfigSupport
12
14
 
13
15
  config_name "elastic_serverless_forwarder"
14
16
 
@@ -21,7 +23,8 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
21
23
  config :auth_basic_password, :validate => :password
22
24
 
23
25
  # ssl-config
24
- config :ssl, :validate => :boolean, :default => true
26
+ config :ssl, :validate => :boolean, :default => true, :deprecated => "Use 'ssl_enabled' instead."
27
+ config :ssl_enabled, :validate => :boolean, :default => true
25
28
 
26
29
  # ssl-identity
27
30
  config :ssl_certificate, :validate => :path
@@ -38,20 +41,11 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
38
41
  config :ssl_supported_protocols, :validate => :string, :list => true
39
42
  config :ssl_handshake_timeout, :validate => :number, :default => 10_000
40
43
 
41
- # we present the ES-like ssl_certificate_authorities, but our
42
- # internal http input plugin uses ssl_verify_mode to describe
43
- # the same behaviour.
44
- SSL_CLIENT_AUTHENTICATION_TO_VERIFY_MODE_MAP = {
45
- 'none' => 'none',
46
- 'optional' => 'peer',
47
- 'required' => 'force_peer',
48
- }.each_value(&:freeze).freeze # deep freeze
49
- private_constant :SSL_CLIENT_AUTHENTICATION_TO_VERIFY_MODE_MAP
50
-
51
-
52
44
  def initialize(*a)
53
45
  super
54
46
 
47
+ normalize_ssl_configs!
48
+
55
49
  if original_params.include?('codec')
56
50
  fail LogStash::ConfigurationError, 'The `elastic_serverless_forwarder` input does not have an externally-configurable `codec`'
57
51
  end
@@ -109,14 +103,14 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
109
103
  if @auth_basic_username
110
104
  http_options['user'] = @auth_basic_username
111
105
  http_options['password'] = @auth_basic_password || fail(LogStash::ConfigurationError, '`auth_basic_password` is REQUIRED when `auth_basic_username` is provided')
112
- logger.warn("HTTP Basic Auth over non-secured connection") if @ssl == false
106
+ logger.warn("HTTP Basic Auth over non-secured connection") if @ssl_enabled == false
113
107
  end
114
108
 
115
- if @ssl == false
109
+ if @ssl_enabled == false
116
110
  ignored_ssl_settings = @original_params.keys.grep('ssl_')
117
- logger.warn("Explicit SSL-related settings are ignored because `ssl => false`: #{ignored_ssl_settings.keys}") if ignored_ssl_settings.any?
111
+ logger.warn("Explicit SSL-related settings are ignored because `ssl_enabled => false`: #{ignored_ssl_settings.keys}") if ignored_ssl_settings.any?
118
112
  else
119
- http_options['ssl'] = true
113
+ http_options['ssl_enabled'] = true
120
114
 
121
115
  http_options['ssl_cipher_suites'] = @ssl_cipher_suites if @original_params.include?('ssl_cipher_suites')
122
116
  http_options['ssl_supported_protocols'] = @ssl_supported_protocols if @original_params.include?('ssl_supported_protocols')
@@ -131,9 +125,10 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
131
125
  end
132
126
 
133
127
  def ssl_identity_options
128
+ ssl_enabled_config = @original_params.include?('ssl') ? 'ssl' : 'ssl_enabled'
134
129
  identity_options = {
135
- 'ssl_certificate' => @ssl_certificate || fail(LogStash::ConfigurationError, '`ssl_certificate` is REQUIRED when `ssl => true`'),
136
- 'ssl_key' => @ssl_key || fail(LogStash::ConfigurationError, '`ssl_key` is REQUIRED when `ssl => true`')
130
+ 'ssl_certificate' => @ssl_certificate || fail(LogStash::ConfigurationError, "`ssl_certificate` is REQUIRED when `#{ssl_enabled_config} => true`"),
131
+ 'ssl_key' => @ssl_key || fail(LogStash::ConfigurationError, "`ssl_key` is REQUIRED when `#{ssl_enabled_config} => true`")
137
132
  }
138
133
  identity_options['ssl_key_passphrase'] = @ssl_key_passphrase if @original_params.include?('ssl_key_passphrase')
139
134
 
@@ -142,7 +137,7 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
142
137
 
143
138
  def ssl_trust_options
144
139
  trust_options = {
145
- 'ssl_verify_mode' => SSL_CLIENT_AUTHENTICATION_TO_VERIFY_MODE_MAP.fetch(@ssl_client_authentication)
140
+ 'ssl_client_authentication' => @ssl_client_authentication
146
141
  }
147
142
  if @ssl_client_authentication == 'none'
148
143
  logger.warn("Explicit `ssl_certificate_authorities` is ignored because `ssl_client_authentication => #{@ssl_client_authentication}`")
@@ -160,6 +155,12 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
160
155
  }
161
156
  end
162
157
 
158
+ def normalize_ssl_configs!
159
+ @ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
160
+ normalizer.with_deprecated_alias(:ssl)
161
+ end
162
+ end
163
+
163
164
  class QueueWrapper
164
165
  def initialize(wrapped_queue)
165
166
  @wrapped_queue = wrapped_queue
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'logstash-input-elastic_serverless_forwarder'
5
- s.version = '0.1.2'
5
+ s.version = '0.1.3'
6
6
  s.licenses = ['Apache License (2.0)']
7
7
  s.summary = "Receives events from Elastic Serverless Forwarder over HTTP or HTTPS"
8
8
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -23,8 +23,9 @@ Gem::Specification.new do |s|
23
23
  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
24
24
  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
25
25
  s.add_runtime_dependency 'logstash-mixin-plugin_factory_support'
26
- s.add_runtime_dependency 'logstash-input-http'
26
+ s.add_runtime_dependency 'logstash-input-http', '>= 3.7.2'
27
27
  s.add_runtime_dependency 'logstash-codec-json_lines'
28
+ s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
28
29
 
29
30
  s.add_development_dependency 'logstash-devutils'
30
31
 
@@ -28,7 +28,7 @@ describe LogStash::Inputs::ElasticServerlessForwarder do
28
28
  let!(:queue) { Queue.new }
29
29
 
30
30
  context 'baseline' do
31
- let(:config) { super().merge('ssl' => false) }
31
+ let(:config) { super().merge('ssl_enabled' => false) }
32
32
  let(:scheme) { 'http' }
33
33
 
34
34
  it_behaves_like "an interruptible input plugin" do
@@ -45,7 +45,7 @@ describe LogStash::Inputs::ElasticServerlessForwarder do
45
45
  end
46
46
 
47
47
  context 'no user-defined codec' do
48
- let(:config) { super().merge('ssl' => false) } # minimal config
48
+ let(:config) { super().merge('ssl_enabled' => false) } # minimal config
49
49
 
50
50
  ##
51
51
  # @codec ivar is required PENDING https://github.com/elastic/logstash/issues/14828
@@ -185,7 +185,7 @@ describe LogStash::Inputs::ElasticServerlessForwarder do
185
185
  end
186
186
 
187
187
  describe 'unsecured HTTP' do
188
- let(:config) { super().merge('ssl' => false) }
188
+ let(:config) { super().merge('ssl_enabled' => false) }
189
189
  let(:scheme) { 'http' }
190
190
 
191
191
  include_examples 'successful request handling'
@@ -321,4 +321,23 @@ describe LogStash::Inputs::ElasticServerlessForwarder do
321
321
  end
322
322
  end
323
323
  end
324
+
325
+ describe 'deprecated SSL options' do
326
+ let(:config) do
327
+ super().merge({
328
+ 'ssl_certificate' => generated_certs_directory.join('server_from_root.crt').to_path,
329
+ 'ssl_key' => generated_certs_directory.join('server_from_root.key.pkcs8').to_path,
330
+ })
331
+ end
332
+
333
+ [true, false].each do |enabled|
334
+ context "when `ssl => #{enabled}`" do
335
+ let(:config) { super().merge('ssl' => enabled) }
336
+
337
+ it "sets @ssl_enabled to `#{enabled}`" do
338
+ expect(esf_input.instance_variable_get(:@ssl_enabled)).to be enabled
339
+ end
340
+ end
341
+ end
342
+ end
324
343
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-elastic_serverless_forwarder
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-02-10 00:00:00.000000000 Z
11
+ date: 2023-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -63,7 +63,7 @@ dependencies:
63
63
  requirements:
64
64
  - - ">="
65
65
  - !ruby/object:Gem::Version
66
- version: '0'
66
+ version: 3.7.2
67
67
  name: logstash-input-http
68
68
  prerelease: false
69
69
  type: :runtime
@@ -71,7 +71,7 @@ dependencies:
71
71
  requirements:
72
72
  - - ">="
73
73
  - !ruby/object:Gem::Version
74
- version: '0'
74
+ version: 3.7.2
75
75
  - !ruby/object:Gem::Dependency
76
76
  requirement: !ruby/object:Gem::Requirement
77
77
  requirements:
@@ -86,6 +86,20 @@ dependencies:
86
86
  - - ">="
87
87
  - !ruby/object:Gem::Version
88
88
  version: '0'
89
+ - !ruby/object:Gem::Dependency
90
+ requirement: !ruby/object:Gem::Requirement
91
+ requirements:
92
+ - - "~>"
93
+ - !ruby/object:Gem::Version
94
+ version: '1.0'
95
+ name: logstash-mixin-normalize_config_support
96
+ prerelease: false
97
+ type: :runtime
98
+ version_requirements: !ruby/object:Gem::Requirement
99
+ requirements:
100
+ - - "~>"
101
+ - !ruby/object:Gem::Version
102
+ version: '1.0'
89
103
  - !ruby/object:Gem::Dependency
90
104
  requirement: !ruby/object:Gem::Requirement
91
105
  requirements:
@@ -160,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
160
174
  - !ruby/object:Gem::Version
161
175
  version: '0'
162
176
  requirements: []
163
- rubygems_version: 3.1.6
177
+ rubygems_version: 3.2.33
164
178
  signing_key:
165
179
  specification_version: 4
166
180
  summary: Receives events from Elastic Serverless Forwarder over HTTP or HTTPS