logstash-input-elastic_serverless_forwarder 0.1.2-java → 0.1.4-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 14190aec17bc2282d956db77e43a6118fbbe8ed156e53ca295f9064b202706b1
-  data.tar.gz: 2bcb76de61764a863882b3f40d9af35d2ff9867b0d8a00d31346e81a677c00f7
+  metadata.gz: de05ac4680e3274f57b3a934e616127d9efe8702f16c63bdf2e9f5afd08bdab4
+  data.tar.gz: 13e09a76c888dcb3db065cb50e678738a5561c339eecfc79318119c321e7437a
 SHA512:
-  metadata.gz: db6ad54b41a91e677c45a4b73534499b892b34788abb1dcbba699d30df0fdf389b193f459727bac9af6c3010c82d2b4c30d6afb1eb663da5e61117a4f826feea
-  data.tar.gz: 65f652cf3a00c6a17006c15567b26d5ded49674c31c75ccfa03e6663c9d3494cbcc009f941c3227a36d5af8897853b4ece9a3fc598ad444877c7558594cd0797
+  metadata.gz: 1580d128d385d1523dce54fc23dcd8161536ddb2339eaac43f187cf44cc318e3e17e8ab1a3d2532221798c1b13da324cd7d8121487a9b36f7fb4b7d9fb84a507
+  data.tar.gz: 88bb2ebf1aed3c24ad21e4af63320bc7809e85686bbe1b34cfdeb3c6f076c6798284e3eda83d6e87d2b6e2c47ec783023605c099d1be0fba9552e22abf211398

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.1.4
+  - [DOC] Adds tips for using the logstash-input-elastic_serverless_forwarder plugin with the Elasticsearch output plugin [#7](https://github.com/logstash-plugins/logstash-input-elastic_serverless_forwarder/pull/7)
+
+## 0.1.3
+  - Deprecates the `ssl` option in favor of `ssl_enabled` [#6](https://github.com/logstash-plugins/logstash-input-elastic_serverless_forwarder/pull/6)
+  - Bumps `logstash-input-http` gem version to `>= 3.7.2` (SSL-normalized)
+
 ## 0.1.2
   - [DOC] Adds "Technical Preview" call-out to documentation [#4](https://github.com/logstash-plugins/logstash-input-elastic_serverless_forwarder/pull/4)
 

data/docs/index.asciidoc

@@ -51,7 +51,7 @@ input {
 input {
   elastic_serverless_forwarder {
     port => 8080
-    ssl => false
+    ssl_enabled => false
   }
 }
 ----
@@ -132,6 +132,36 @@ You can configure this plugin to authenticate requests using HTTP Basic authenti
 NOTE: Basic Authentication is not a substitute for SSL, as it provides neither secrecy nor security on its own.
       When used with SSL disabled, HTTP Basic credentials are transmitted in effectively clear-text and can be easily recovered by an adversary.
 
+[id="plugins-{type}s-{plugin}-es-output-notes"]
+==== Using {esf-name} with the Elasticsearch output
+Here are some tips for configuring the {esf} input to work with the elasticsearch output:
+
+* Set the `document_id` in the output configuration when you use the {esf}  input with an {logstash-ref}/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch[Elasticsearch output plugin].
++
+[source,ruby]
+----
+output {
+  elasticsearch {
+      ...
+      document_id => "%{[@metadata][_id]}"
+      ...
+  }
+}
+----
+* Starting from version 1.10.0 of {esf-name}, configuring `document_id` as shown in the example above is sufficient (the `_id` field is no longer available, and instead, Logstash now receives the `@metadata._id` field).
+
+* For {esf-name} v1.9.0 and earlier, rename the field `_id` to `@metadata._id` with a filter:
++
+[source,ruby]
+----
+filter {
+    # support ESF < 1.10
+    if [_id] and ![@metadata][_id] {
+      mutate { rename => { "_id" => "[@metadata][_id]" } }
+    }
+}
+----
+
 [id="plugins-{type}s-{plugin}-options"]
 ==== {esf-name} Input Configuration Options
 
@@ -144,11 +174,12 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-auth_basic_password>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
-| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-ssl_client_authentication>> |<<string,string>>, one of `["none", "optional", "required"]`|No
 | <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<array,array>>|No
+| <<plugins-{type}s-{plugin}-ssl_enabled>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
@@ -197,6 +228,7 @@ The TCP port to bind to
 
 [id="plugins-{type}s-{plugin}-ssl"]
 ===== `ssl`
+deprecated[0.1.3, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
 
 * Value type is <<boolean,boolean>>
 * Default value is `true`
@@ -255,6 +287,17 @@ By default the server doesn't do any client authentication.
 This means that connections from clients are _private_ when SSL is enabled, but that this input will allow SSL connections from _any_ client.
 If you wish to configure this plugin to reject connections from untrusted hosts, you will need to configure this plugin to authenticate clients, and may also need to configure it with a list of `ssl_certificate_authorities`.
 
+
+[id="plugins-{type}s-{plugin}-ssl_enabled"]
+===== `ssl_enabled`
+
+* Value type is <<boolean,boolean>>
+* Default value is `true`
+
+Events are, by default, sent over SSL, which requires configuring this plugin to present an identity certificate using <<plugins-{type}s-{plugin}-ssl_certificate>> and key using <<plugins-{type}s-{plugin}-ssl_key>>.
+
+You can disable SSL with `+ssl_enabled => false+`.
+
 [id="plugins-{type}s-{plugin}-ssl_handshake_timeout"]
 ===== `ssl_handshake_timeout`
 

data/lib/logstash/inputs/elastic_serverless_forwarder.rb

@@ -3,12 +3,14 @@ require "logstash/inputs/base"
 require "logstash/namespace"
 
 require "logstash/plugin_mixins/plugin_factory_support"
+require "logstash/plugin_mixins/normalize_config_support"
 
 require 'logstash/inputs/http'
 require 'logstash/codecs/json_lines'
 
 class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
   include LogStash::PluginMixins::PluginFactorySupport
+  include LogStash::PluginMixins::NormalizeConfigSupport
 
   config_name "elastic_serverless_forwarder"
 
@@ -21,7 +23,8 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
   config :auth_basic_password,         :validate => :password
 
   # ssl-config
-  config :ssl,                         :validate => :boolean, :default => true
+  config :ssl,                         :validate => :boolean, :default => true, :deprecated => "Use 'ssl_enabled' instead."
+  config :ssl_enabled,                 :validate => :boolean, :default => true
 
   # ssl-identity
   config :ssl_certificate,             :validate => :path
@@ -38,20 +41,11 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
   config :ssl_supported_protocols,     :validate => :string,  :list => true
   config :ssl_handshake_timeout,       :validate => :number,  :default => 10_000
 
-  # we present the ES-like ssl_certificate_authorities, but our
-  # internal http input plugin uses ssl_verify_mode to describe
-  # the same behaviour.
-  SSL_CLIENT_AUTHENTICATION_TO_VERIFY_MODE_MAP = {
-    'none'     => 'none',
-    'optional' => 'peer',
-    'required' => 'force_peer',
-  }.each_value(&:freeze).freeze # deep freeze
-  private_constant :SSL_CLIENT_AUTHENTICATION_TO_VERIFY_MODE_MAP
-
-
   def initialize(*a)
     super
 
+    normalize_ssl_configs!
+
     if original_params.include?('codec')
       fail LogStash::ConfigurationError, 'The `elastic_serverless_forwarder` input does not have an externally-configurable `codec`'
     end
@@ -109,14 +103,14 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
       if @auth_basic_username
         http_options['user'] = @auth_basic_username
         http_options['password'] = @auth_basic_password || fail(LogStash::ConfigurationError, '`auth_basic_password` is REQUIRED when `auth_basic_username` is provided')
-        logger.warn("HTTP Basic Auth over non-secured connection") if @ssl == false
+        logger.warn("HTTP Basic Auth over non-secured connection") if @ssl_enabled == false
       end
 
-      if @ssl == false
+      if @ssl_enabled == false
         ignored_ssl_settings = @original_params.keys.grep('ssl_')
-        logger.warn("Explicit SSL-related settings are ignored because `ssl => false`: #{ignored_ssl_settings.keys}") if ignored_ssl_settings.any?
+        logger.warn("Explicit SSL-related settings are ignored because `ssl_enabled => false`: #{ignored_ssl_settings.keys}") if ignored_ssl_settings.any?
       else
-        http_options['ssl'] = true
+        http_options['ssl_enabled'] = true
 
         http_options['ssl_cipher_suites'] = @ssl_cipher_suites if @original_params.include?('ssl_cipher_suites')
         http_options['ssl_supported_protocols'] = @ssl_supported_protocols if @original_params.include?('ssl_supported_protocols')
@@ -131,9 +125,10 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
   end
 
   def ssl_identity_options
+    ssl_enabled_config = @original_params.include?('ssl') ? 'ssl' : 'ssl_enabled'
     identity_options = {
-      'ssl_certificate' => @ssl_certificate || fail(LogStash::ConfigurationError, '`ssl_certificate` is REQUIRED when `ssl => true`'),
-      'ssl_key'         => @ssl_key         || fail(LogStash::ConfigurationError, '`ssl_key` is REQUIRED when `ssl => true`')
+      'ssl_certificate' => @ssl_certificate || fail(LogStash::ConfigurationError, "`ssl_certificate` is REQUIRED when `#{ssl_enabled_config} => true`"),
+      'ssl_key'         => @ssl_key         || fail(LogStash::ConfigurationError, "`ssl_key` is REQUIRED when `#{ssl_enabled_config} => true`")
     }
     identity_options['ssl_key_passphrase'] = @ssl_key_passphrase if @original_params.include?('ssl_key_passphrase')
 
@@ -142,7 +137,7 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
 
   def ssl_trust_options
     trust_options = {
-      'ssl_verify_mode' => SSL_CLIENT_AUTHENTICATION_TO_VERIFY_MODE_MAP.fetch(@ssl_client_authentication)
+      'ssl_client_authentication' => @ssl_client_authentication
     }
     if @ssl_client_authentication == 'none'
       logger.warn("Explicit `ssl_certificate_authorities` is ignored because `ssl_client_authentication => #{@ssl_client_authentication}`")
@@ -160,6 +155,12 @@ class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
     }
   end
 
+  def normalize_ssl_configs!
+    @ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
+      normalizer.with_deprecated_alias(:ssl)
+    end
+  end
+
   class QueueWrapper
     def initialize(wrapped_queue)
       @wrapped_queue = wrapped_queue

data/logstash-input-elastic_serverless_forwarder.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = 'logstash-input-elastic_serverless_forwarder'
-  s.version = '0.1.2'
+  s.version = '0.1.4'
   s.licenses = ['Apache License (2.0)']
   s.summary = "Receives events from Elastic Serverless Forwarder over HTTP or HTTPS"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -23,8 +23,9 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
   s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
   s.add_runtime_dependency 'logstash-mixin-plugin_factory_support'
-  s.add_runtime_dependency 'logstash-input-http'
+  s.add_runtime_dependency 'logstash-input-http', '>= 3.7.2'
   s.add_runtime_dependency 'logstash-codec-json_lines'
+  s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
 
   s.add_development_dependency 'logstash-devutils'
 

data/spec/inputs/elastic_serverless_forwarder_spec.rb

@@ -28,7 +28,7 @@ describe LogStash::Inputs::ElasticServerlessForwarder do
   let!(:queue) { Queue.new }
 
   context 'baseline' do
-    let(:config) { super().merge('ssl' => false) }
+    let(:config) { super().merge('ssl_enabled' => false) }
     let(:scheme) { 'http' }
 
     it_behaves_like "an interruptible input plugin" do
@@ -45,7 +45,7 @@ describe LogStash::Inputs::ElasticServerlessForwarder do
   end
 
   context 'no user-defined codec' do
-    let(:config) { super().merge('ssl' => false) } # minimal config
+    let(:config) { super().merge('ssl_enabled' => false) } # minimal config
 
     ##
     # @codec ivar is required PENDING https://github.com/elastic/logstash/issues/14828
@@ -185,7 +185,7 @@ describe LogStash::Inputs::ElasticServerlessForwarder do
   end
 
   describe 'unsecured HTTP' do
-    let(:config) { super().merge('ssl' => false) }
+    let(:config) { super().merge('ssl_enabled' => false) }
     let(:scheme) { 'http' }
 
     include_examples 'successful request handling'
@@ -321,4 +321,23 @@ describe LogStash::Inputs::ElasticServerlessForwarder do
       end
     end
   end
+
+  describe 'deprecated SSL options' do
+    let(:config) do
+      super().merge({
+        'ssl_certificate' => generated_certs_directory.join('server_from_root.crt').to_path,
+        'ssl_key'         => generated_certs_directory.join('server_from_root.key.pkcs8').to_path,
+      })
+    end
+
+    [true, false].each do |enabled|
+      context "when `ssl => #{enabled}`" do
+        let(:config) { super().merge('ssl' => enabled) }
+
+        it "sets @ssl_enabled to `#{enabled}`" do
+          expect(esf_input.instance_variable_get(:@ssl_enabled)).to be enabled
+        end
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-elastic_serverless_forwarder
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.4
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-10 00:00:00.000000000 Z
+date: 2023-11-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -63,7 +63,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.7.2
   name: logstash-input-http
   prerelease: false
   type: :runtime
@@ -71,7 +71,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.7.2
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -86,6 +86,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  name: logstash-mixin-normalize_config_support
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -160,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.2.33
 signing_key:
 specification_version: 4
 summary: Receives events from Elastic Serverless Forwarder over HTTP or HTTPS