logstash-input-elasticsearch 4.21.0 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -2
- data/docs/index.asciidoc +18 -45
- data/lib/logstash/inputs/elasticsearch.rb +9 -45
- data/logstash-input-elasticsearch.gemspec +1 -1
- data/spec/inputs/elasticsearch_spec.rb +13 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b34b6c6d814152e88f320525ea0bb80bbf1e63ff962e022aaac0a2385dd087b6
|
|
4
|
+
data.tar.gz: d142df9148ad69bf838d62badeec71382118741938db61e6aad0676bdb918a37
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 19b2b1325ded83b5b93966365f855f104ba1881f2c991ffdbe92216e08d12d18a7b3ddd4a14d755f6d55c85c98e00d12ca566188c63706d6db1f0aa5b085048b
|
|
7
|
+
data.tar.gz: ff5de17e75281d8ddd0be70167f2c4dee0a90eef328c7e486b704e79fe10db7b7108b733f77438386a7abb18d504efbef5aaf7b0f34a6c8edd62791640514b7b
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,10 @@
|
|
|
1
|
-
##
|
|
2
|
-
-
|
|
1
|
+
## 5.0.0
|
|
2
|
+
- SSL settings that were marked deprecated in version `4.17.0` are now marked obsolete, and will prevent the plugin from starting.
|
|
3
|
+
- These settings are:
|
|
4
|
+
- `ssl`, which should bre replaced by `ssl_enabled`
|
|
5
|
+
- `ca_file`, which should bre replaced by `ssl_certificate_authorities`
|
|
6
|
+
- `ssl_certificate_verification`, which should bre replaced by `ssl_verification_mode`
|
|
7
|
+
- [#213](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/213)
|
|
3
8
|
|
|
4
9
|
## 4.20.5
|
|
5
10
|
- Add `x-elastic-product-origin` header to Elasticsearch requests [#211](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/211)
|
data/docs/index.asciidoc
CHANGED
|
@@ -96,7 +96,13 @@ TIP: Set the `target` option to avoid potential schema conflicts.
|
|
|
96
96
|
[id="plugins-{type}s-{plugin}-options"]
|
|
97
97
|
==== Elasticsearch Input configuration options
|
|
98
98
|
|
|
99
|
-
This plugin supports
|
|
99
|
+
This plugin supports these configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
|
|
100
|
+
|
|
101
|
+
NOTE: As of version `5.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed.
|
|
102
|
+
Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
|
|
103
|
+
|
|
104
|
+
NOTE: As of version `5.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed.
|
|
105
|
+
Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
|
|
100
106
|
|
|
101
107
|
[cols="<,<,<",options="header",]
|
|
102
108
|
|=======================================================================
|
|
@@ -489,6 +495,8 @@ Enable SSL/TLS secured communication to Elasticsearch cluster.
|
|
|
489
495
|
Leaving this unspecified will use whatever scheme is specified in the URLs listed in <<plugins-{type}s-{plugin}-hosts>> or extracted from the <<plugins-{type}s-{plugin}-cloud_id>>.
|
|
490
496
|
If no explicit protocol is specified plain HTTP will be used.
|
|
491
497
|
|
|
498
|
+
When not explicitly set, SSL will be automatically enabled if any of the specified hosts use HTTPS.
|
|
499
|
+
|
|
492
500
|
[id="plugins-{type}s-{plugin}-ssl_key"]
|
|
493
501
|
===== `ssl_key`
|
|
494
502
|
* Value type is <<path,path>>
|
|
@@ -619,56 +627,21 @@ option when authenticating to the Elasticsearch server. If set to an
|
|
|
619
627
|
empty string authentication will be disabled.
|
|
620
628
|
|
|
621
629
|
|
|
622
|
-
[id="plugins-{type}s-{plugin}-
|
|
623
|
-
==== Elasticsearch Input
|
|
630
|
+
[id="plugins-{type}s-{plugin}-obsolete-options"]
|
|
631
|
+
==== Elasticsearch Input Obsolete Configuration Options
|
|
624
632
|
|
|
625
|
-
|
|
633
|
+
WARNING: As of version `5.0.0` of this plugin, some configuration options have been replaced.
|
|
634
|
+
The plugin will fail to start if it contains any of these obsolete options.
|
|
626
635
|
|
|
627
|
-
WARNING: Deprecated options are subject to removal in future releases.
|
|
628
636
|
|
|
629
|
-
[cols="
|
|
637
|
+
[cols="<,<",options="header",]
|
|
630
638
|
|=======================================================================
|
|
631
|
-
|Setting|
|
|
632
|
-
|
|
|
633
|
-
|
|
|
634
|
-
|
|
|
639
|
+
|Setting|Replaced by
|
|
640
|
+
| ca_file | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
|
|
641
|
+
| ssl | <<plugins-{type}s-{plugin}-ssl_enabled>>
|
|
642
|
+
| ssl_certificate_verification | <<plugins-{type}s-{plugin}-ssl_verification_mode>>
|
|
635
643
|
|=======================================================================
|
|
636
644
|
|
|
637
|
-
[id="plugins-{type}s-{plugin}-ca_file"]
|
|
638
|
-
===== `ca_file`
|
|
639
|
-
deprecated[4.17.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>]
|
|
640
|
-
|
|
641
|
-
* Value type is <<path,path>>
|
|
642
|
-
* There is no default value for this setting.
|
|
643
|
-
|
|
644
|
-
SSL Certificate Authority file in PEM encoded format, must also include any chain certificates as necessary.
|
|
645
|
-
|
|
646
|
-
[id="plugins-{type}s-{plugin}-ssl"]
|
|
647
|
-
===== `ssl`
|
|
648
|
-
deprecated[4.17.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
|
|
649
|
-
|
|
650
|
-
* Value type is <<boolean,boolean>>
|
|
651
|
-
* Default value is `false`
|
|
652
|
-
|
|
653
|
-
If enabled, SSL will be used when communicating with the Elasticsearch
|
|
654
|
-
server (i.e. HTTPS will be used instead of plain HTTP).
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
[id="plugins-{type}s-{plugin}-ssl_certificate_verification"]
|
|
658
|
-
===== `ssl_certificate_verification`
|
|
659
|
-
deprecated[4.17.0, Replaced by <<plugins-{type}s-{plugin}-ssl_verification_mode>>]
|
|
660
|
-
|
|
661
|
-
* Value type is <<boolean,boolean>>
|
|
662
|
-
* Default value is `true`
|
|
663
|
-
|
|
664
|
-
Option to validate the server's certificate. Disabling this severely compromises security.
|
|
665
|
-
When certificate validation is disabled, this plugin implicitly trusts the machine
|
|
666
|
-
resolved at the given address without validating its proof-of-identity.
|
|
667
|
-
In this scenario, the plugin can transmit credentials to or process data from an untrustworthy
|
|
668
|
-
man-in-the-middle or other compromised infrastructure.
|
|
669
|
-
More information on the importance of certificate verification:
|
|
670
|
-
**https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf**.
|
|
671
|
-
|
|
672
645
|
[id="plugins-{type}s-{plugin}-common-options"]
|
|
673
646
|
include::{include_path}/{type}.asciidoc[]
|
|
674
647
|
|
|
@@ -201,23 +201,12 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
|
201
201
|
# Set the address of a forward HTTP proxy.
|
|
202
202
|
config :proxy, :validate => :uri_or_empty
|
|
203
203
|
|
|
204
|
-
# SSL
|
|
205
|
-
config :ssl, :validate => :boolean, :default => false, :deprecated => "Set 'ssl_enabled' instead."
|
|
206
|
-
|
|
207
|
-
# SSL Certificate Authority file in PEM encoded format, must also include any chain certificates as necessary
|
|
208
|
-
config :ca_file, :validate => :path, :deprecated => "Set 'ssl_certificate_authorities' instead."
|
|
209
|
-
|
|
210
204
|
# OpenSSL-style X.509 certificate certificate to authenticate the client
|
|
211
205
|
config :ssl_certificate, :validate => :path
|
|
212
206
|
|
|
213
207
|
# SSL Certificate Authority files in PEM encoded format, must also include any chain certificates as necessary
|
|
214
208
|
config :ssl_certificate_authorities, :validate => :path, :list => true
|
|
215
209
|
|
|
216
|
-
# Option to validate the server's certificate. Disabling this severely compromises security.
|
|
217
|
-
# For more information on the importance of certificate verification please read
|
|
218
|
-
# https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
|
|
219
|
-
config :ssl_certificate_verification, :validate => :boolean, :default => true, :deprecated => "Set 'ssl_verification_mode' instead."
|
|
220
|
-
|
|
221
210
|
# The list of cipher suites to use, listed by priorities.
|
|
222
211
|
# Supported cipher suites vary depending on which version of Java is used.
|
|
223
212
|
config :ssl_cipher_suites, :validate => :string, :list => true
|
|
@@ -245,7 +234,6 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
|
245
234
|
config :ssl_truststore_password, :validate => :password
|
|
246
235
|
|
|
247
236
|
# The JKS truststore to validate the server's certificate.
|
|
248
|
-
# Use either `:ssl_truststore_path` or `:ssl_certificate_authorities`
|
|
249
237
|
config :ssl_truststore_path, :validate => :path
|
|
250
238
|
|
|
251
239
|
# The format of the truststore file. It must be either jks or pkcs12
|
|
@@ -267,6 +255,11 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
|
267
255
|
# If set, the _source of each hit will be added nested under the target instead of at the top-level
|
|
268
256
|
config :target, :validate => :field_reference
|
|
269
257
|
|
|
258
|
+
# Obsolete Settings
|
|
259
|
+
config :ssl, :obsolete => "Set 'ssl_enabled' instead."
|
|
260
|
+
config :ca_file, :obsolete => "Set 'ssl_certificate_authorities' instead."
|
|
261
|
+
config :ssl_certificate_verification, :obsolete => "Set 'ssl_verification_mode' instead."
|
|
262
|
+
|
|
270
263
|
# config :ca_trusted_fingerprint, :validate => :sha_256_hex
|
|
271
264
|
include LogStash::PluginMixins::CATrustedFingerprintSupport
|
|
272
265
|
|
|
@@ -412,8 +405,6 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
|
412
405
|
ssl_options[:ssl] = true if @ssl_enabled
|
|
413
406
|
|
|
414
407
|
unless @ssl_enabled
|
|
415
|
-
# Keep it backward compatible with the deprecated `ssl` option
|
|
416
|
-
ssl_options[:trust_strategy] = trust_strategy_for_ca_trusted_fingerprint if original_params.include?('ssl')
|
|
417
408
|
return ssl_options
|
|
418
409
|
end
|
|
419
410
|
|
|
@@ -477,38 +468,11 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
|
477
468
|
end
|
|
478
469
|
|
|
479
470
|
def setup_ssl_params!
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
# Infer the value if neither the deprecate `ssl` and `ssl_enabled` were set
|
|
485
|
-
infer_ssl_enabled_from_hosts
|
|
486
|
-
|
|
487
|
-
@ssl_certificate_authorities = normalize_config(:ssl_certificate_authorities) do |normalize|
|
|
488
|
-
normalize.with_deprecated_mapping(:ca_file) do |ca_file|
|
|
489
|
-
[ca_file]
|
|
490
|
-
end
|
|
471
|
+
# Only infer ssl_enabled if it wasn't explicitly set
|
|
472
|
+
unless original_params.include?('ssl_enabled')
|
|
473
|
+
@ssl_enabled = effectively_ssl?
|
|
474
|
+
params['ssl_enabled'] = @ssl_enabled
|
|
491
475
|
end
|
|
492
|
-
|
|
493
|
-
@ssl_verification_mode = normalize_config(:ssl_verification_mode) do |normalize|
|
|
494
|
-
normalize.with_deprecated_mapping(:ssl_certificate_verification) do |ssl_certificate_verification|
|
|
495
|
-
if ssl_certificate_verification == true
|
|
496
|
-
"full"
|
|
497
|
-
else
|
|
498
|
-
"none"
|
|
499
|
-
end
|
|
500
|
-
end
|
|
501
|
-
end
|
|
502
|
-
|
|
503
|
-
params['ssl_enabled'] = @ssl_enabled
|
|
504
|
-
params['ssl_certificate_authorities'] = @ssl_certificate_authorities unless @ssl_certificate_authorities.nil?
|
|
505
|
-
params['ssl_verification_mode'] = @ssl_verification_mode unless @ssl_verification_mode.nil?
|
|
506
|
-
end
|
|
507
|
-
|
|
508
|
-
def infer_ssl_enabled_from_hosts
|
|
509
|
-
return if original_params.include?('ssl') || original_params.include?('ssl_enabled')
|
|
510
|
-
|
|
511
|
-
@ssl_enabled = params['ssl_enabled'] = effectively_ssl?
|
|
512
476
|
end
|
|
513
477
|
|
|
514
478
|
def setup_hosts
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-input-elasticsearch'
|
|
4
|
-
s.version = '
|
|
4
|
+
s.version = '5.0.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Reads query results from an Elasticsearch cluster"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -58,6 +58,19 @@ describe LogStash::Inputs::Elasticsearch, :ecs_compatibility_support do
|
|
|
58
58
|
end
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
+
describe 'handling obsolete settings' do
|
|
62
|
+
[{:name => 'ssl', :replacement => 'ssl_enabled', :sample_value => true},
|
|
63
|
+
{:name => 'ca_file', :replacement => 'ssl_certificate_authorities', :sample_value => 'spec/fixtures/test_certs/ca.crt'},
|
|
64
|
+
{:name => 'ssl_certificate_verification', :replacement => 'ssl_verification_mode', :sample_value => false }].each do | obsolete_setting|
|
|
65
|
+
context "with obsolete #{obsolete_setting[:name]}" do
|
|
66
|
+
let (:config) { {obsolete_setting[:name] => obsolete_setting[:sample_value]} }
|
|
67
|
+
it "should raise a config error with the appropriate message" do
|
|
68
|
+
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /The setting `#{obsolete_setting[:name]}` in plugin `elasticsearch` is obsolete and is no longer available. Set '#{obsolete_setting[:replacement]}' instead/i
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
61
74
|
context "against not authentic Elasticsearch" do
|
|
62
75
|
before(:each) do
|
|
63
76
|
Elasticsearch::Client.send(:define_method, :ping) { raise Elasticsearch::UnsupportedProductError.new("Fake error") } # define error ping method
|