logstash-input-http 3.10.0-java → 4.0.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5da80cab8cc393b3a17069505ee11f7e29446a8d5593f5b1a8727641b9b983dc
-  data.tar.gz: '068a700971f647791e2badbd5391538978f82e2abb9c8e2d939c086b0c683d32'
+  metadata.gz: c406f5e0d989c833db3c35529b4012053539955f830fde6ca9e44235f4a39d3b
+  data.tar.gz: 22916a6402a2c55edfbee1bf3af0a578b630d2fd756356733bfc0c7de3359fdf
 SHA512:
-  metadata.gz: a431fb3abc16f2bfca58de5fb91d8920999134fd2dd0a8fff94ce40ebdc36110ef7dcd0471f832deb4d9c36f437c5694c3ae7a1080bc9c782e8eabe183a3fde9
-  data.tar.gz: 61c3e32a3314438bcd4f1be32e691c7cf6c2936fbfeb7ea9ef4f4c4459e97d1ed895347d274f450e469d451c81cfdb834767d4922bb1ab53924db300478afe63
+  metadata.gz: 2c2616bcde330f2d0a2d0f4273f45e7bd2ad7e09e3a1322d0c759c146c38e13c92f202b45c4a1df6a19b0b9e1ae46eaaa0e3ec1fc81f5e8421a591479122ab3e
+  data.tar.gz: 1b4d208dc8e180ee5818270f1ceb36625870d4429b9570102f69beb96c253bc5a64fc3837c90d8960b2bca1391b9b93bff76fd648d67ed27cb8b9b366b238ca2

data/CHANGELOG.md

@@ -1,5 +1,15 @@
-## 3.10.0
- - add improved proactive rate-limiting, rejecting new requests when queue has been actively blocking for more than 10 seconds [#179](https://github.com/logstash-plugins/logstash-input-http/pull/179)
+## 4.0.0
+  - SSL settings that were marked deprecated in version `3.7.0` are now marked obsolete, and will prevent the plugin from starting.
+  - These settings are:
+    - `tls_min_version`, which should be replaced by `ssl_supported_protocols`
+    - `tls_max_version`, which should be replaced by `ssl_supported_protocols`
+    - `cipher_suites`, which should bre replaced by `ssl_cipher_suites`
+    - `ssl`, which should bre replaced by `ssl_enabled`
+    - `keystore`, which should bre replaced by `ssl_keystore_path`
+    - `keystore_password`, which should bre replaced by `ssl_keystore_password`
+    - `ssl_verify_mode`, which should bre replaced by `ssl_client_authentication`
+    - `verify_mode`, which should bre replaced by `ssl_client_authentication`
+    - [#182](https://github.com/logstash-plugins/logstash-input-http/pull/182)
 
 ## 3.9.2
  - Upgrade netty to 4.1.115 [#183](https://github.com/logstash-plugins/logstash-input-http/pull/183)

data/VERSION

@@ -1 +1 @@
-3.10.0
+4.0.0

data/docs/index.asciidoc

@@ -87,21 +87,21 @@ for the request's content-type is found in the `additional_codecs` setting.
 
 This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
 
+NOTE: As of version `4.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed.
+Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
+
+
 [cols="<,<,<",options="header",]
 |=======================================================================
 |Setting |Input type|Required
 | <<plugins-{type}s-{plugin}-additional_codecs>> |<<hash,hash>>|No
-| <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
 | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
-| <<plugins-{type}s-{plugin}-keystore>> |<<path,path>>|__Deprecated__
-| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-max_pending_requests>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-response_headers>> |<<hash,hash>>|No
 | <<plugins-{type}s-{plugin}-response_code>> |<<number,number>>, one of `[200, 201, 202, 204]`|No
-| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<array,array>>|No
@@ -117,12 +117,8 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-ssl_truststore_password>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-ssl_truststore_path>> |<<path,path>>|No
 | <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
-| <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
 | <<plugins-{type}s-{plugin}-threads>> |<<number,number>>|No
-| <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|__Deprecated__
-| <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-user>> |<<string,string>>|No
-| <<plugins-{type}s-{plugin}-verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
 |=======================================================================
 
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -140,13 +136,6 @@ Apply specific codecs for specific content types.
 The default codec will be applied only after this list is checked
 and no codec for the request's content-type is found
 
-[id="plugins-{type}s-{plugin}-cipher_suites"]
-===== `cipher_suites` 
-deprecated[3.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_cipher_suites>>]
-
-  * Value type is <<array,array>>
-
-The list of cipher suites to use, listed by priorities.
 
 [id="plugins-{type}s-{plugin}-ecs_compatibility"]
 ===== `ecs_compatibility`
@@ -220,23 +209,6 @@ See <<plugins-{type}s-{plugin}-ecs_metadata>> for detailed information.
 
 The host or ip to bind
 
-[id="plugins-{type}s-{plugin}-keystore"]
-===== `keystore`
-deprecated[3.7.0, Use <<plugins-{type}s-{plugin}-ssl_keystore_path>> instead]
-
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-
-The JKS keystore to validate the client's certificates
-
-[id="plugins-{type}s-{plugin}-keystore_password"]
-===== `keystore_password`
-deprecated[3.7.0, Use <<plugins-{type}s-{plugin}-ssl_keystore_password>> instead]
-
-  * Value type is <<password,password>>
-  * There is no default value for this setting.
-
-Set the keystore password
 
 [id="plugins-{type}s-{plugin}-password"]
 ===== `password` 
@@ -314,16 +286,6 @@ specify a target field for the client host of the http request
 
 specify target field for the client host of the http request
 
-[id="plugins-{type}s-{plugin}-ssl"]
-===== `ssl` 
-deprecated[3.7.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
-
-  * Value type is <<boolean,boolean>>
-  * Default value is `false`
-
-Events are, by default, sent in plain text. You can
-enable encryption by setting `ssl` to true and configuring
-the `ssl_certificate` and `ssl_key` options.
 
 [id="plugins-{type}s-{plugin}-ssl_certificate"]
 ===== `ssl_certificate` 
@@ -473,22 +435,6 @@ NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_certificate
 
 The format of the truststore file. It must be either `jks` or `pkcs12`.
 
-[id="plugins-{type}s-{plugin}-ssl_verify_mode"]
-===== `ssl_verify_mode` 
-deprecated[3.7.0, Replaced by <<plugins-{type}s-{plugin}-ssl_client_authentication>>]
-
-  * Value can be any of: `none`, `peer`, `force_peer`
-  * Default value is `"none"`
-
-By default the server doesn't do any client verification.
-
-`peer` will make the server ask the client to provide a certificate. 
-If the client provides a certificate, it will be validated.
-
-`force_peer` will make the server ask the client to provide a certificate.
-If the client doesn't provide a certificate, the connection will be closed.
-
-This option needs to be used with <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> and a defined list of CAs.
 
 [id="plugins-{type}s-{plugin}-threads"]
 ===== `threads` 
@@ -498,23 +444,6 @@ This option needs to be used with <<plugins-{type}s-{plugin}-ssl_certificate_aut
 
 Number of threads to use for both accepting connections and handling requests
 
-[id="plugins-{type}s-{plugin}-tls_max_version"]
-===== `tls_max_version` 
-deprecated[3.6.0]
-
-  * Value type is <<number,number>>
-
-The maximum TLS version allowed for the encrypted connections.
-The value must be the one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3
-
-[id="plugins-{type}s-{plugin}-tls_min_version"]
-===== `tls_min_version` 
-deprecated[3.6.0]
-
-  * Value type is <<number,number>>
-
-The minimum TLS version allowed for the encrypted connections.
-The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3
 
 [id="plugins-{type}s-{plugin}-user"]
 ===== `user` 
@@ -524,15 +453,24 @@ The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 fo
 
 Username for basic authorization
 
-[id="plugins-{type}s-{plugin}-verify_mode"]
-===== `verify_mode`
-deprecated[3.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_verify_mode>>]
-
-  * Value can be any of: `none`, `peer`, `force_peer`
-  * Default value is `"none"`
+[id="plugins-{type}s-{plugin}-obsolete-options"]
+==== HTTP Input Obsolete Configuration Options
 
-Set the client certificate verification method. Valid methods: none, peer, force_peer
+WARNING: As of version `4.0.0` of this plugin, some configuration options have been replaced.
+The plugin will fail to start if it contains any of these obsolete options.
 
+[cols="<,<",options="header",]
+|=======================================================================
+|Setting|Replaced by
+| cipher_suites |<<plugins-{type}s-{plugin}-ssl_cipher_suites>>
+| keystore |<<plugins-{type}s-{plugin}-ssl_keystore_path>>
+| keystore_password |<<plugins-{type}s-{plugin}-ssl_keystore_password>>
+| ssl |<<plugins-{type}s-{plugin}-ssl_enabled>>
+| ssl_verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
+| tls_max_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
+| tls_min_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
+| verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
+|=======================================================================
 
 [id="plugins-{type}s-{plugin}-common-options"]
 include::{include_path}/{type}.asciidoc[]

data/lib/logstash/inputs/http.rb

@@ -55,11 +55,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   # Password for basic authorization
   config :password, :validate => :password, :required => false
 
-  # Events are by default sent in plain text. You can
-  # enable encryption by setting `ssl` to true and configuring
-  # the `ssl_certificate` and `ssl_key` options.
-  config :ssl, :validate => :boolean, :default => false, :deprecated => "Set 'ssl_enabled' instead."
-
   # Events are by default sent in plain text. You can
   # enable encryption by setting `ssl` to true and configuring
   # the `ssl_certificate` and `ssl_key` options.
@@ -108,17 +103,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
   config :ssl_client_authentication, :validate => %w[none optional required], :default => 'none'
 
-  # By default the server doesn't do any client verification.
-  #
-  # `peer` will make the server ask the client to provide a certificate.
-  # If the client provides a certificate, it will be validated.
-  #
-  # `force_peer` will make the server ask the client to provide a certificate.
-  # If the client doesn't provide a certificate, the connection will be closed.
-  #
-  # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
-  config :ssl_verify_mode, :validate => ["none", "peer", "force_peer"], :default => "none", :deprecated => "Set 'ssl_client_authentication' instead."
-
   # Time in milliseconds for an incomplete ssl handshake to timeout
   config :ssl_handshake_timeout, :validate => :number, :default => 10000
 
@@ -150,25 +134,15 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
 
   config :response_code, :validate => [200, 201, 202, 204], :default => 200
 
-  # Deprecated options
-
-  # The JKS keystore to validate the client's certificates
-  config :keystore, :validate => :path, :deprecated => "Set 'ssl_keystore_path' instead."
-
-  # The JKS keystore password
-  config :keystore_password, :validate => :password, :deprecated => "Set 'ssl_keystore_password' instead."
-
-  config :verify_mode, :validate => ['none', 'peer', 'force_peer'], :default => 'none', :deprecated => "Set 'ssl_client_authentication' instead."
-
-  config :cipher_suites, :validate => :array, :default => [], :deprecated => "Set 'ssl_cipher_suites' instead."
-
-  # The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
-  # 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
-  config :tls_min_version, :validate => :number, :default => TLS.min.version, :deprecated => "Set 'ssl_supported_protocols' instead."
-
-  # The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
-  # 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
-  config :tls_max_version, :validate => :number, :default => TLS.max.version, :deprecated => "Set 'ssl_supported_protocols' instead."
+  # Obsolete Settings
+  config :ssl, :obsolete => "Set 'ssl_enabled' instead."
+  config :keystore, :obsolete => "Set 'ssl_keystore_path' instead."
+  config :keystore_password, :validate => :password, :obsolete => "Set 'ssl_keystore_password' instead."
+  config :verify_mode, :obsolete => "Set 'ssl_client_authentication' instead."
+  config :cipher_suites, :obsolete => "Set 'ssl_cipher_suites' instead."
+  config :tls_min_version, :obsolete => "Set 'ssl_supported_protocols' instead."
+  config :tls_max_version, :obsolete => "Set 'ssl_supported_protocols' instead."
+  config :ssl_verify_mode, :obsolete => "Set 'ssl_client_authentication' instead."
 
   attr_reader :codecs
 
@@ -200,8 +174,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   public
   def register
 
-    setup_ssl_params!
-
     validate_ssl_settings!
 
     if @user && @password
@@ -342,34 +314,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   end
 
   def setup_ssl_params!
-    @ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
-      normalizer.with_deprecated_alias(:ssl)
-    end
-
-    @ssl_cipher_suites = normalize_config(:ssl_cipher_suites) do |normalizer|
-      normalizer.with_deprecated_alias(:cipher_suites)
-    end
-
-    @ssl_supported_protocols = normalize_config(:ssl_supported_protocols) do |normalizer|
-      normalizer.with_deprecated_mapping(:tls_min_version, :tls_max_version) do |tls_min_version, tls_max_version|
-        TLS.get_supported(tls_min_version..tls_max_version).map(&:name)
-      end
-    end
-
-    @ssl_client_authentication = normalize_config(:ssl_client_authentication) do |normalizer|
-      normalizer.with_deprecated_mapping(:verify_mode, :ssl_verify_mode) do |verify_mode, ssl_verify_mode|
-        normalize_ssl_client_authentication_value!(verify_mode, ssl_verify_mode)
-      end
-    end
-
-    @ssl_keystore_path = normalize_config(:ssl_keystore_path) do |normalizer|
-      normalizer.with_deprecated_alias(:keystore)
-    end
-
-    @ssl_keystore_password = normalize_config(:ssl_keystore_password) do |normalizer|
-      normalizer.with_deprecated_alias(:keystore_password)
-    end
-
     params['ssl_enabled'] = @ssl_enabled unless @ssl_enabled.nil?
     params['ssl_cipher_suites'] = @ssl_cipher_suites unless @ssl_cipher_suites.nil?
     params['ssl_supported_protocols'] = @ssl_supported_protocols unless @ssl_supported_protocols.nil?
@@ -378,17 +322,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
     params['ssl_keystore_password'] = @ssl_keystore_password unless @ssl_keystore_password.nil?
   end
 
-  def normalize_ssl_client_authentication_value!(verify_mode, ssl_verify_mode)
-    verify_mode_explicitly_set = original_params.key?("verify_mode")
-
-    if verify_mode_explicitly_set && original_params.key?("ssl_verify_mode")
-      raise LogStash::ConfigurationError, "Both (deprecated) `ssl_verify_mode` and `verify_mode` were set. Use only `ssl_verify_mode`"
-    end
-
-    deprecated_value = (verify_mode_explicitly_set ? verify_mode : ssl_verify_mode).downcase
-    SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP[deprecated_value]
-  end
-
   def create_http_server(message_handler)
     org.logstash.plugins.inputs.http.NettyHttpServer.new(
       @host, @port, message_handler, build_ssl_params, @threads, @max_pending_requests, @max_content_length, @response_code)
@@ -467,13 +400,7 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   end
 
   def provided_ssl_client_authentication_config(values = [@ssl_client_authentication])
-    if original_params.include?('ssl_verify_mode')
-      ['ssl_verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
-    elsif original_params.include?('verify_mode')
-      ['verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
-    else
       ['ssl_client_authentication', *values]
-    end
   end
 
   private

data/lib/logstash-input-http_jars.rb

@@ -8,4 +8,4 @@ require_jar('io.netty', 'netty-common', '4.1.115.Final')
 require_jar('io.netty', 'netty-transport', '4.1.115.Final')
 require_jar('io.netty', 'netty-handler', '4.1.115.Final')
 require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.115.Final')
-require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '3.10.0')
+require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '4.0.0')

data/spec/inputs/helpers.rb

@@ -3,8 +3,4 @@ CERTS_DIR = File.expand_path('../fixtures/certs/generated', File.dirname(__FILE_
 
 def certificate_path(filename)
   File.join(CERTS_DIR, filename)
-end
-
-RSpec.configure do |config|
-  config.formatter = :documentation
-end
+end

data/spec/inputs/http_spec.rb

@@ -57,7 +57,7 @@ describe LogStash::Inputs::Http do
       let(:config) { { "port" => port, "threads" => threads, "max_pending_requests" => max_pending_requests } }
 
       context "when sending more requests than queue slots" do
-        it "rejects additional incoming requests with HTTP 429" do
+        it "should block when the queue is full" do
           # these will queue and return 200
           logstash_queue_size.times.each do |i|
             response = client.post("http://127.0.0.1:#{port}", :body => '{}').call
@@ -65,77 +65,15 @@ describe LogStash::Inputs::Http do
           end
 
           # these will block
-          blocked_calls = (threads + max_pending_requests).times.map do
-            Thread.new do
-              begin
-                {:result => client.post("http://127.0.0.1:#{port}", :body => '{}').call}
-              rescue Manticore::SocketException, Manticore::SocketTimeout => e
-                {:exception => e}
-              end
-            end
+          (threads + max_pending_requests).times.each do |i|
+            expect {
+              client.post("http://127.0.0.1:#{port}", :body => '{}').call
+            }.to raise_error(Manticore::SocketTimeout)
           end
 
-          sleep 1 # let those requests go, but not so long that our block-detector starts emitting 429's
-
-          # by now we should be rejecting with 429 since the backlog is full
+          # by now we should be rejecting with 429
           response = client.post("http://127.0.0.1:#{port}", :body => '{}').call
           expect(response.code).to eq(429)
-
-          # ensure that our blocked connections did block
-          aggregate_failures do
-            blocked_calls.map(&:value).each do |blocked|
-              expect(blocked[:result]).to be_nil
-              expect(blocked[:exception]).to be_a_kind_of Manticore::SocketTimeout
-            end
-          end
-        end
-      end
-    end
-
-    describe "observing queue back-pressure" do
-      let(:logstash_queue_size) { rand(10) + 1 }
-      let(:max_pending_requests) { rand(5) + 1 }
-      let(:threads) { rand(4) + 1 }
-      let(:logstash_queue) { SizedQueue.new(logstash_queue_size) }
-      let(:client_options) { {
-        "request_timeout" => 0.1,
-        "connect_timeout" => 3,
-        "socket_timeout" => 0.1
-      } }
-
-      let(:config) { { "port" => port, "threads" => threads, "max_pending_requests" => max_pending_requests } }
-
-      context "when sending request to an input that has blocked connections" do
-        it "rejects incoming requests with HTTP 429" do
-          # these will queue and return 200
-          logstash_queue_size.times.each do |i|
-            response = client.post("http://127.0.0.1:#{port}", :body => '{}').call
-            expect(response.code).to eq(200)
-          end
-
-          # these will block
-          blocked_call = Thread.new do
-              begin
-                {:result => client.post("http://127.0.0.1:#{port}", :body => '{}').call}
-              rescue Manticore::SocketException, Manticore::SocketTimeout => e
-                {:exception => e}
-              end
-            end
-
-          sleep 12 # let that requests go, and ensure it is blocking long enough to be problematic
-
-          # by now we should be rejecting with 429 since at least one existing request is blocked
-          # for more than 10s.
-          response = client.post("http://127.0.0.1:#{port}", :body => '{}').call
-          expect(response.code).to eq(429)
-
-          # ensure that our blocked connections did block
-          aggregate_failures do
-            blocked_call.value.tap do |blocked|
-              expect(blocked[:result]).to be_nil
-              expect(blocked[:exception]).to be_a_kind_of Manticore::SocketTimeout
-            end
-          end
         end
       end
     end
@@ -288,22 +226,7 @@ describe LogStash::Inputs::Http do
               event = logstash_queue.pop
               expect(event.get("message")).to eq("Hello")
             end
-
           end
-
-          context 'enforced TLSv1.3 (deprecated options)' do
-
-            let(:config) { super().merge 'tls_min_version' => 1.3,
-                                         'cipher_suites' => [ 'TLS_AES_128_GCM_SHA256' ] }
-
-            it "should parse the json body" do
-              expect(response.code).to eq(200)
-              event = logstash_queue.pop
-              expect(event.get("message")).to eq("Hello")
-            end
-
-          end
-
         end if TLS13_ENABLED_BY_DEFAULT
 
       end
@@ -623,16 +546,6 @@ describe LogStash::Inputs::Http do
         subject.run(nil)
       end
     end
-
-    context "and `ssl_` settings provided" do
-      let(:ssc) { SelfSignedCertificate.new }
-      let(:config) { { "port" => 0, "ssl_enabled" => false, "ssl_certificate" => ssc.certificate.path, "ssl_client_authentication" => "none", "cipher_suites" => ["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"] } }
-
-      it "should warn about not using the configs" do
-        expect(subject.logger).to receive(:warn).with(/^Configured SSL settings are not used when `ssl_enabled` is set to `false`: \[("ssl_certificate"(,\s)?|"ssl_client_authentication"(,\s)?|"cipher_suites"(,\s)?)*\]$/)
-        subject.register
-      end
-    end
   end
 
   context "with :ssl_enabled => true" do
@@ -690,31 +603,7 @@ describe LogStash::Inputs::Http do
           expect { subject.register }.to_not raise_exception
         end
       end
-      ["ssl_verify_mode", "verify_mode"].each do |config_name|
-        ["peer", "force_peer"].each do |verify_mode|
-          context "with deprecated #{config_name} = #{verify_mode}" do
-            subject { LogStash::Inputs::Http.new("port" => port,
-                                                 "ssl_enabled" => true,
-                                                 "ssl_certificate" => ssl_certificate.path,
-                                                 "ssl_certificate_authorities" => ssl_certificate.path,
-                                                 "ssl_key" => ssl_key.path,
-                                                  config_name => verify_mode
-                                                ) }
-            it "should not raise exception" do
-              expect { subject.register }.to_not raise_exception
-            end
-          end
-        end
-      end
-      ["ssl_verify_mode", "verify_mode"].each do |config_name|
-        context "with deprecated #{config_name} = none" do
-          subject { LogStash::Inputs::Http.new(config.merge(config_name => "none")) }
 
-          it "should not raise exception" do
-            expect { subject.register }.to_not raise_exception
-          end
-        end
-      end
       context "with invalid ssl certificate" do
         before do
           cert = File.readlines path = config["ssl_certificate"]
@@ -762,76 +651,6 @@ describe LogStash::Inputs::Http do
         end
       end
 
-      context "with both verify_mode and ssl_verify_mode options set" do
-        let(:config) do
-          super().merge('verify_mode' => 'none', 'ssl_verify_mode' => 'none')
-        end
-
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_verify_mode`.?/i
-        end
-      end
-
-      context "with both ssl_client_authentication and ssl_verify_mode options set" do
-        let(:config) do
-          super().merge('ssl_client_authentication' => 'optional', 'ssl_verify_mode' => 'none')
-        end
-
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_client_authentication.?/i
-        end
-      end
-
-      context "with both ssl_client_authentication and verify_mode options set" do
-        let(:config) do
-          super().merge('ssl_client_authentication' => 'optional', 'verify_mode' => 'none')
-        end
-
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_client_authentication.?/i
-        end
-      end
-
-      context "with ssl_cipher_suites and cipher_suites set" do
-        let(:config) do
-          super().merge('ssl_cipher_suites' => ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'],
-                        'cipher_suites' => ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'])
-        end
-
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_cipher_suites.?/i
-        end
-      end
-
-      context "with ssl_supported_protocols and tls_min_version set" do
-        let(:config) do
-          super().merge('ssl_supported_protocols' => ['TLSv1.2'], 'tls_min_version' => 1.0)
-        end
-
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_supported_protocols.?/i
-        end
-      end
-
-      context "with ssl_supported_protocols and tls_max_version set" do
-        let(:config) do
-          super().merge('ssl_supported_protocols' => ['TLSv1.2'], 'tls_max_version' => 1.2)
-        end
-
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_supported_protocols.?/i
-        end
-      end
-
-      context "with both ssl and ssl_enabled set" do
-        let(:config) do
-          super().merge('ssl' => true, 'ssl_enabled' => true )
-        end
-
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_enabled.?/i
-        end
-      end
 
       context "and with :ssl_keystore_path" do
         let(:config) do
@@ -844,41 +663,6 @@ describe LogStash::Inputs::Http do
       end
 
       context "with ssl_client_authentication" do
-        context "normalized from ssl_verify_mode 'none'" do
-          let(:config) { super().merge("ssl_verify_mode" => "none") }
-
-          it "should transform the value to 'none'" do
-            subject.register
-            expect(subject.params).to match hash_including("ssl_client_authentication" => "none")
-            expect(subject.instance_variable_get(:@ssl_client_authentication)).to eql("none")
-          end
-
-          context "and ssl_certificate_authorities is set" do
-            let(:config) { super().merge("ssl_certificate_authorities" => [certificate_path( 'root.crt')]) }
-            it "raise a configuration error" do
-              expect { subject.register }.to raise_error(LogStash::ConfigurationError, "The configuration of `ssl_certificate_authorities` requires setting `ssl_verify_mode` to `peer` or 'force_peer'")
-            end
-          end
-        end
-
-        [%w[peer optional], %w[force_peer required]].each do |ssl_verify_mode, ssl_client_authentication|
-          context "normalized from ssl_verify_mode '#{ssl_verify_mode}'" do
-            let(:config) { super().merge("ssl_verify_mode" => ssl_verify_mode, "ssl_certificate_authorities" => [certificate_path( 'root.crt')]) }
-
-            it "should transform the value to '#{ssl_client_authentication}'" do
-              subject.register
-              expect(subject.params).to match hash_including("ssl_client_authentication" => ssl_client_authentication)
-              expect(subject.instance_variable_get(:@ssl_client_authentication)).to eql(ssl_client_authentication)
-            end
-
-            context "with no ssl_certificate_authorities set " do
-              let(:config) { super().reject { |key| "ssl_certificate_authorities".eql?(key) } }
-              it "raise a configuration error" do
-                expect {subject.register}.to raise_error(LogStash::ConfigurationError, "Using `ssl_verify_mode` set to `peer` or `force_peer`, requires the configuration of `ssl_certificate_authorities` or `ssl_truststore_path`")
-              end
-            end
-          end
-        end
 
         context "configured to 'none'" do
           let(:config) { super().merge("ssl_client_authentication" => "none") }
@@ -1015,7 +799,26 @@ describe LogStash::Inputs::Http do
         end
       end
     end
+  end
 
+  describe 'handling obsolete settings' do
+    [{:name => 'tls_min_version', :replacement => 'ssl_supported_protocols', :sample_value => 1.3},
+     {:name => 'tls_max_version', :replacement => 'ssl_supported_protocols', :sample_value => 1.3},
+     {:name => 'cipher_suites', :replacement => 'ssl_cipher_suites', :sample_value => ['TLS_AES_128_GCM_SHA256']},
+     {:name => 'ssl', :replacement => 'ssl_enabled', :sample_value => true},
+     {:name => 'keystore', :replacement => 'ssl_keystore_path', :sample_value => certificate_path( 'server_from_root.p12')},
+     {:name => 'keystore_password', :replacement => 'ssl_keystore_password', :sample_value => 'none'},
+     {:name => 'ssl_verify_mode', :replacement => 'ssl_client_authentication', :sample_value => 'peer'},
+     {:name => 'verify_mode', :replacement => 'ssl_client_authentication', :sample_value => 'peer'}].each do | obsolete_setting|
+      context "with obsolete #{obsolete_setting[:name]}" do
+        let (:deprecated_config) do
+            config.merge({obsolete_setting[:name] => obsolete_setting[:sample_value]})
+          end
+        it "should raise a config error with the appropriate message" do
+          expect { LogStash::Inputs::Http.new(deprecated_config).register }.to raise_error LogStash::ConfigurationError, /The setting `#{obsolete_setting[:name]}` in plugin `http` is obsolete and is no longer available. Set '#{obsolete_setting[:replacement]}' instead/i
+        end
+      end
+    end
   end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-http
 version: !ruby/object:Gem::Version
-  version: 3.10.0
+  version: 4.0.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-19 00:00:00.000000000 Z
+date: 2024-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -176,7 +176,7 @@ files:
 - vendor/jar-dependencies/io/netty/netty-handler/4.1.115.Final/netty-handler-4.1.115.Final.jar
 - vendor/jar-dependencies/io/netty/netty-transport-native-unix-common/4.1.115.Final/netty-transport-native-unix-common-4.1.115.Final.jar
 - vendor/jar-dependencies/io/netty/netty-transport/4.1.115.Final/netty-transport-4.1.115.Final.jar
-- vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.10.0/logstash-input-http-3.10.0.jar
+- vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/4.0.0/logstash-input-http-4.0.0.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)