RubyGems - logstash-input-http - Versions diffs - 3.10.2-java → 4.0.0-java - Mend

logstash-input-http 3.10.2-java → 4.0.0-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6b2e1f2ba0b8bf548831dd903c8b3f816eb0fa0291d66376be445856ec3a8b19
-  data.tar.gz: deda4622e693c0787deb81fbee1475c656315300958ec245b981c5b1cef8c5e9
+  metadata.gz: c406f5e0d989c833db3c35529b4012053539955f830fde6ca9e44235f4a39d3b
+  data.tar.gz: 22916a6402a2c55edfbee1bf3af0a578b630d2fd756356733bfc0c7de3359fdf
 SHA512:
-  metadata.gz: 44fb386dc2b9513be8a9de54a87090aa184c9bbf72b309f0401f4f04789354d98ef616ce951ce04cbdad90fba3d104a59a40c9ef5cbab1bf1a1c353c0292be05
-  data.tar.gz: a0933170b85404d5a2e55ce09f7706bbd761d5a5e64a8fdde95f55a36a61218cbdb3a6546fc1dfa4613f499fec857c7862081cb6b21a8852d53f9db5805fd765
+  metadata.gz: 2c2616bcde330f2d0a2d0f4273f45e7bd2ad7e09e3a1322d0c759c146c38e13c92f202b45c4a1df6a19b0b9e1ae46eaaa0e3ec1fc81f5e8421a591479122ab3e
+  data.tar.gz: 1b4d208dc8e180ee5818270f1ceb36625870d4429b9570102f69beb96c253bc5a64fc3837c90d8960b2bca1391b9b93bff76fd648d67ed27cb8b9b366b238ca2

data/CHANGELOG.md CHANGED Viewed

@@ -1,11 +1,15 @@
-## 3.10.2
-  - Upgrade netty to 4.1.118 [#194](https://github.com/logstash-plugins/logstash-input-http/pull/194)
-## 3.10.1
-  - Properly naming netty threads [#191](https://github.com/logstash-plugins/logstash-input-http/pull/191)
-## 3.10.0
- - add improved proactive rate-limiting, rejecting new requests when queue has been actively blocking for more than 10 seconds [#179](https://github.com/logstash-plugins/logstash-input-http/pull/179)
+## 4.0.0
+  - SSL settings that were marked deprecated in version `3.7.0` are now marked obsolete, and will prevent the plugin from starting.
+  - These settings are:
+    - `tls_min_version`, which should be replaced by `ssl_supported_protocols`
+    - `tls_max_version`, which should be replaced by `ssl_supported_protocols`
+    - `cipher_suites`, which should bre replaced by `ssl_cipher_suites`
+    - `ssl`, which should bre replaced by `ssl_enabled`
+    - `keystore`, which should bre replaced by `ssl_keystore_path`
+    - `keystore_password`, which should bre replaced by `ssl_keystore_password`
+    - `ssl_verify_mode`, which should bre replaced by `ssl_client_authentication`
+    - `verify_mode`, which should bre replaced by `ssl_client_authentication`
+    - [#182](https://github.com/logstash-plugins/logstash-input-http/pull/182)
 ## 3.9.2
  - Upgrade netty to 4.1.115 [#183](https://github.com/logstash-plugins/logstash-input-http/pull/183)

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 3.10.2
1	+ 4.0.0

data/docs/index.asciidoc CHANGED Viewed

@@ -87,21 +87,21 @@ for the request's content-type is found in the `additional_codecs` setting.
 This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
+NOTE: As of version `4.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed.
+Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
 [cols="<,<,<",options="header",]
 |=======================================================================
 |Setting |Input type|Required
 | <<plugins-{type}s-{plugin}-additional_codecs>> |<<hash,hash>>|No
-| <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
 | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
-| <<plugins-{type}s-{plugin}-keystore>> |<<path,path>>|__Deprecated__
-| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-max_pending_requests>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-response_headers>> |<<hash,hash>>|No
 | <<plugins-{type}s-{plugin}-response_code>> |<<number,number>>, one of `[200, 201, 202, 204]`|No
-| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<array,array>>|No
@@ -117,12 +117,8 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-ssl_truststore_password>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-ssl_truststore_path>> |<<path,path>>|No
 | <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
-| <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
 | <<plugins-{type}s-{plugin}-threads>> |<<number,number>>|No
-| <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|__Deprecated__
-| <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-user>> |<<string,string>>|No
-| <<plugins-{type}s-{plugin}-verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
 |=======================================================================
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -140,13 +136,6 @@ Apply specific codecs for specific content types.
 The default codec will be applied only after this list is checked
 and no codec for the request's content-type is found
-[id="plugins-{type}s-{plugin}-cipher_suites"]
-===== `cipher_suites`
-deprecated[3.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_cipher_suites>>]
-  * Value type is <<array,array>>
-The list of cipher suites to use, listed by priorities.
 [id="plugins-{type}s-{plugin}-ecs_compatibility"]
 ===== `ecs_compatibility`
@@ -220,23 +209,6 @@ See <<plugins-{type}s-{plugin}-ecs_metadata>> for detailed information.
 The host or ip to bind
-[id="plugins-{type}s-{plugin}-keystore"]
-===== `keystore`
-deprecated[3.7.0, Use <<plugins-{type}s-{plugin}-ssl_keystore_path>> instead]
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-The JKS keystore to validate the client's certificates
-[id="plugins-{type}s-{plugin}-keystore_password"]
-===== `keystore_password`
-deprecated[3.7.0, Use <<plugins-{type}s-{plugin}-ssl_keystore_password>> instead]
-  * Value type is <<password,password>>
-  * There is no default value for this setting.
-Set the keystore password
 [id="plugins-{type}s-{plugin}-password"]
 ===== `password`
@@ -314,16 +286,6 @@ specify a target field for the client host of the http request
 specify target field for the client host of the http request
-[id="plugins-{type}s-{plugin}-ssl"]
-===== `ssl`
-deprecated[3.7.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
-  * Value type is <<boolean,boolean>>
-  * Default value is `false`
-Events are, by default, sent in plain text. You can
-enable encryption by setting `ssl` to true and configuring
-the `ssl_certificate` and `ssl_key` options.
 [id="plugins-{type}s-{plugin}-ssl_certificate"]
 ===== `ssl_certificate`
@@ -473,22 +435,6 @@ NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_certificate
 The format of the truststore file. It must be either `jks` or `pkcs12`.
-[id="plugins-{type}s-{plugin}-ssl_verify_mode"]
-===== `ssl_verify_mode`
-deprecated[3.7.0, Replaced by <<plugins-{type}s-{plugin}-ssl_client_authentication>>]
-  * Value can be any of: `none`, `peer`, `force_peer`
-  * Default value is `"none"`
-By default the server doesn't do any client verification.
-`peer` will make the server ask the client to provide a certificate.
-If the client provides a certificate, it will be validated.
-`force_peer` will make the server ask the client to provide a certificate.
-If the client doesn't provide a certificate, the connection will be closed.
-This option needs to be used with <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> and a defined list of CAs.
 [id="plugins-{type}s-{plugin}-threads"]
 ===== `threads`
@@ -498,23 +444,6 @@ This option needs to be used with <<plugins-{type}s-{plugin}-ssl_certificate_aut
 Number of threads to use for both accepting connections and handling requests
-[id="plugins-{type}s-{plugin}-tls_max_version"]
-===== `tls_max_version`
-deprecated[3.6.0]
-  * Value type is <<number,number>>
-The maximum TLS version allowed for the encrypted connections.
-The value must be the one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3
-[id="plugins-{type}s-{plugin}-tls_min_version"]
-===== `tls_min_version`
-deprecated[3.6.0]
-  * Value type is <<number,number>>
-The minimum TLS version allowed for the encrypted connections.
-The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3
 [id="plugins-{type}s-{plugin}-user"]
 ===== `user`
@@ -524,15 +453,24 @@ The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 fo
 Username for basic authorization
-[id="plugins-{type}s-{plugin}-verify_mode"]
-===== `verify_mode`
-deprecated[3.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_verify_mode>>]
-  * Value can be any of: `none`, `peer`, `force_peer`
-  * Default value is `"none"`
+[id="plugins-{type}s-{plugin}-obsolete-options"]
+==== HTTP Input Obsolete Configuration Options
-Set the client certificate verification method. Valid methods: none, peer, force_peer
+WARNING: As of version `4.0.0` of this plugin, some configuration options have been replaced.
+The plugin will fail to start if it contains any of these obsolete options.
+[cols="<,<",options="header",]
+|=======================================================================
+|Setting|Replaced by
+| cipher_suites |<<plugins-{type}s-{plugin}-ssl_cipher_suites>>
+| keystore |<<plugins-{type}s-{plugin}-ssl_keystore_path>>
+| keystore_password |<<plugins-{type}s-{plugin}-ssl_keystore_password>>
+| ssl |<<plugins-{type}s-{plugin}-ssl_enabled>>
+| ssl_verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
+| tls_max_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
+| tls_min_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
+| verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
+|=======================================================================
 [id="plugins-{type}s-{plugin}-common-options"]
 include::{include_path}/{type}.asciidoc[]

data/lib/logstash/inputs/http.rb CHANGED Viewed

@@ -55,11 +55,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   # Password for basic authorization
   config :password, :validate => :password, :required => false
-  # Events are by default sent in plain text. You can
-  # enable encryption by setting `ssl` to true and configuring
-  # the `ssl_certificate` and `ssl_key` options.
-  config :ssl, :validate => :boolean, :default => false, :deprecated => "Set 'ssl_enabled' instead."
   # Events are by default sent in plain text. You can
   # enable encryption by setting `ssl` to true and configuring
   # the `ssl_certificate` and `ssl_key` options.
@@ -108,17 +103,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
   config :ssl_client_authentication, :validate => %w[none optional required], :default => 'none'
-  # By default the server doesn't do any client verification.
-  #
-  # `peer` will make the server ask the client to provide a certificate.
-  # If the client provides a certificate, it will be validated.
-  #
-  # `force_peer` will make the server ask the client to provide a certificate.
-  # If the client doesn't provide a certificate, the connection will be closed.
-  #
-  # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
-  config :ssl_verify_mode, :validate => ["none", "peer", "force_peer"], :default => "none", :deprecated => "Set 'ssl_client_authentication' instead."
   # Time in milliseconds for an incomplete ssl handshake to timeout
   config :ssl_handshake_timeout, :validate => :number, :default => 10000
@@ -150,25 +134,15 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   config :response_code, :validate => [200, 201, 202, 204], :default => 200
-  # Deprecated options
-  # The JKS keystore to validate the client's certificates
-  config :keystore, :validate => :path, :deprecated => "Set 'ssl_keystore_path' instead."
-  # The JKS keystore password
-  config :keystore_password, :validate => :password, :deprecated => "Set 'ssl_keystore_password' instead."
-  config :verify_mode, :validate => ['none', 'peer', 'force_peer'], :default => 'none', :deprecated => "Set 'ssl_client_authentication' instead."
-  config :cipher_suites, :validate => :array, :default => [], :deprecated => "Set 'ssl_cipher_suites' instead."
-  # The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
-  # 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
-  config :tls_min_version, :validate => :number, :default => TLS.min.version, :deprecated => "Set 'ssl_supported_protocols' instead."
-  # The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
-  # 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
-  config :tls_max_version, :validate => :number, :default => TLS.max.version, :deprecated => "Set 'ssl_supported_protocols' instead."
+  # Obsolete Settings
+  config :ssl, :obsolete => "Set 'ssl_enabled' instead."
+  config :keystore, :obsolete => "Set 'ssl_keystore_path' instead."
+  config :keystore_password, :validate => :password, :obsolete => "Set 'ssl_keystore_password' instead."
+  config :verify_mode, :obsolete => "Set 'ssl_client_authentication' instead."
+  config :cipher_suites, :obsolete => "Set 'ssl_cipher_suites' instead."
+  config :tls_min_version, :obsolete => "Set 'ssl_supported_protocols' instead."
+  config :tls_max_version, :obsolete => "Set 'ssl_supported_protocols' instead."
+  config :ssl_verify_mode, :obsolete => "Set 'ssl_client_authentication' instead."
   attr_reader :codecs
@@ -200,8 +174,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   public
   def register
-    setup_ssl_params!
     validate_ssl_settings!
     if @user && @password
@@ -342,34 +314,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   end
   def setup_ssl_params!
-    @ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
-      normalizer.with_deprecated_alias(:ssl)
-    end
-    @ssl_cipher_suites = normalize_config(:ssl_cipher_suites) do |normalizer|
-      normalizer.with_deprecated_alias(:cipher_suites)
-    end
-    @ssl_supported_protocols = normalize_config(:ssl_supported_protocols) do |normalizer|
-      normalizer.with_deprecated_mapping(:tls_min_version, :tls_max_version) do |tls_min_version, tls_max_version|
-        TLS.get_supported(tls_min_version..tls_max_version).map(&:name)
-      end
-    end
-    @ssl_client_authentication = normalize_config(:ssl_client_authentication) do |normalizer|
-      normalizer.with_deprecated_mapping(:verify_mode, :ssl_verify_mode) do |verify_mode, ssl_verify_mode|
-        normalize_ssl_client_authentication_value!(verify_mode, ssl_verify_mode)
-      end
-    end
-    @ssl_keystore_path = normalize_config(:ssl_keystore_path) do |normalizer|
-      normalizer.with_deprecated_alias(:keystore)
-    end
-    @ssl_keystore_password = normalize_config(:ssl_keystore_password) do |normalizer|
-      normalizer.with_deprecated_alias(:keystore_password)
-    end
     params['ssl_enabled'] = @ssl_enabled unless @ssl_enabled.nil?
     params['ssl_cipher_suites'] = @ssl_cipher_suites unless @ssl_cipher_suites.nil?
     params['ssl_supported_protocols'] = @ssl_supported_protocols unless @ssl_supported_protocols.nil?
@@ -378,21 +322,9 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
     params['ssl_keystore_password'] = @ssl_keystore_password unless @ssl_keystore_password.nil?
   end
-  def normalize_ssl_client_authentication_value!(verify_mode, ssl_verify_mode)
-    verify_mode_explicitly_set = original_params.key?("verify_mode")
-    if verify_mode_explicitly_set && original_params.key?("ssl_verify_mode")
-      raise LogStash::ConfigurationError, "Both (deprecated) `ssl_verify_mode` and `verify_mode` were set. Use only `ssl_verify_mode`"
-    end
-    deprecated_value = (verify_mode_explicitly_set ? verify_mode : ssl_verify_mode).downcase
-    SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP[deprecated_value]
-  end
   def create_http_server(message_handler)
     org.logstash.plugins.inputs.http.NettyHttpServer.new(
-      @id, @host, @port, message_handler, build_ssl_params, @threads,
-      @max_pending_requests, @max_content_length, @response_code)
+      @host, @port, message_handler, build_ssl_params, @threads, @max_pending_requests, @max_content_length, @response_code)
   end
   def build_ssl_params
@@ -468,13 +400,7 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   end
   def provided_ssl_client_authentication_config(values = [@ssl_client_authentication])
-    if original_params.include?('ssl_verify_mode')
-      ['ssl_verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
-    elsif original_params.include?('verify_mode')
-      ['verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
-    else
       ['ssl_client_authentication', *values]
-    end
   end
   private

data/lib/logstash-input-http_jars.rb CHANGED Viewed

@@ -1,11 +1,11 @@
 # AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.
 require 'jar_dependencies'
-require_jar('io.netty', 'netty-buffer', '4.1.118.Final')
-require_jar('io.netty', 'netty-codec', '4.1.118.Final')
-require_jar('io.netty', 'netty-codec-http', '4.1.118.Final')
-require_jar('io.netty', 'netty-common', '4.1.118.Final')
-require_jar('io.netty', 'netty-transport', '4.1.118.Final')
-require_jar('io.netty', 'netty-handler', '4.1.118.Final')
-require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.118.Final')
-require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '3.10.2')
+require_jar('io.netty', 'netty-buffer', '4.1.115.Final')
+require_jar('io.netty', 'netty-codec', '4.1.115.Final')
+require_jar('io.netty', 'netty-codec-http', '4.1.115.Final')
+require_jar('io.netty', 'netty-common', '4.1.115.Final')
+require_jar('io.netty', 'netty-transport', '4.1.115.Final')
+require_jar('io.netty', 'netty-handler', '4.1.115.Final')
+require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.115.Final')
+require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '4.0.0')

data/spec/inputs/helpers.rb CHANGED Viewed

@@ -3,8 +3,4 @@ CERTS_DIR = File.expand_path('../fixtures/certs/generated', File.dirname(__FILE_
 def certificate_path(filename)
   File.join(CERTS_DIR, filename)
-end
-RSpec.configure do |config|
-  config.formatter = :documentation
-end
+end

data/spec/inputs/http_spec.rb CHANGED Viewed

@@ -57,7 +57,7 @@ describe LogStash::Inputs::Http do
       let(:config) { { "port" => port, "threads" => threads, "max_pending_requests" => max_pending_requests } }
       context "when sending more requests than queue slots" do
-        it "rejects additional incoming requests with HTTP 429" do
+        it "should block when the queue is full" do
           # these will queue and return 200
           logstash_queue_size.times.each do |i|
             response = client.post("http://127.0.0.1:#{port}", :body => '{}').call
@@ -65,77 +65,15 @@ describe LogStash::Inputs::Http do
           end
           # these will block
-          blocked_calls = (threads + max_pending_requests).times.map do
-            Thread.new do
-              begin
-                {:result => client.post("http://127.0.0.1:#{port}", :body => '{}').call}
-              rescue Manticore::SocketException, Manticore::SocketTimeout => e
-                {:exception => e}
-              end
-            end
+          (threads + max_pending_requests).times.each do |i|
+            expect {
+              client.post("http://127.0.0.1:#{port}", :body => '{}').call
+            }.to raise_error(Manticore::SocketTimeout)
           end
-          sleep 1 # let those requests go, but not so long that our block-detector starts emitting 429's
-          # by now we should be rejecting with 429 since the backlog is full
+          # by now we should be rejecting with 429
           response = client.post("http://127.0.0.1:#{port}", :body => '{}').call
           expect(response.code).to eq(429)
-          # ensure that our blocked connections did block
-          aggregate_failures do
-            blocked_calls.map(&:value).each do |blocked|
-              expect(blocked[:result]).to be_nil
-              expect(blocked[:exception]).to be_a_kind_of Manticore::SocketTimeout
-            end
-          end
-        end
-      end
-    end
-    describe "observing queue back-pressure" do
-      let(:logstash_queue_size) { rand(10) + 1 }
-      let(:max_pending_requests) { rand(5) + 1 }
-      let(:threads) { rand(4) + 1 }
-      let(:logstash_queue) { SizedQueue.new(logstash_queue_size) }
-      let(:client_options) { {
-        "request_timeout" => 0.1,
-        "connect_timeout" => 3,
-        "socket_timeout" => 0.1
-      } }
-      let(:config) { { "port" => port, "threads" => threads, "max_pending_requests" => max_pending_requests } }
-      context "when sending request to an input that has blocked connections" do
-        it "rejects incoming requests with HTTP 429" do
-          # these will queue and return 200
-          logstash_queue_size.times.each do |i|
-            response = client.post("http://127.0.0.1:#{port}", :body => '{}').call
-            expect(response.code).to eq(200)
-          end
-          # these will block
-          blocked_call = Thread.new do
-              begin
-                {:result => client.post("http://127.0.0.1:#{port}", :body => '{}').call}
-              rescue Manticore::SocketException, Manticore::SocketTimeout => e
-                {:exception => e}
-              end
-            end
-          sleep 12 # let that requests go, and ensure it is blocking long enough to be problematic
-          # by now we should be rejecting with 429 since at least one existing request is blocked
-          # for more than 10s.
-          response = client.post("http://127.0.0.1:#{port}", :body => '{}').call
-          expect(response.code).to eq(429)
-          # ensure that our blocked connections did block
-          aggregate_failures do
-            blocked_call.value.tap do |blocked|
-              expect(blocked[:result]).to be_nil
-              expect(blocked[:exception]).to be_a_kind_of Manticore::SocketTimeout
-            end
-          end
         end
       end
     end
@@ -288,22 +226,7 @@ describe LogStash::Inputs::Http do
               event = logstash_queue.pop
               expect(event.get("message")).to eq("Hello")
             end
           end
-          context 'enforced TLSv1.3 (deprecated options)' do
-            let(:config) { super().merge 'tls_min_version' => 1.3,
-                                         'cipher_suites' => [ 'TLS_AES_128_GCM_SHA256' ] }
-            it "should parse the json body" do
-              expect(response.code).to eq(200)
-              event = logstash_queue.pop
-              expect(event.get("message")).to eq("Hello")
-            end
-          end
         end if TLS13_ENABLED_BY_DEFAULT
       end
@@ -623,16 +546,6 @@ describe LogStash::Inputs::Http do
         subject.run(nil)
       end
     end
-    context "and `ssl_` settings provided" do
-      let(:ssc) { SelfSignedCertificate.new }
-      let(:config) { { "port" => 0, "ssl_enabled" => false, "ssl_certificate" => ssc.certificate.path, "ssl_client_authentication" => "none", "cipher_suites" => ["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"] } }
-      it "should warn about not using the configs" do
-        expect(subject.logger).to receive(:warn).with(/^Configured SSL settings are not used when `ssl_enabled` is set to `false`: \[("ssl_certificate"(,\s)?|"ssl_client_authentication"(,\s)?|"cipher_suites"(,\s)?)*\]$/)
-        subject.register
-      end
-    end
   end
   context "with :ssl_enabled => true" do
@@ -690,31 +603,7 @@ describe LogStash::Inputs::Http do
           expect { subject.register }.to_not raise_exception
         end
       end
-      ["ssl_verify_mode", "verify_mode"].each do |config_name|
-        ["peer", "force_peer"].each do |verify_mode|
-          context "with deprecated #{config_name} = #{verify_mode}" do
-            subject { LogStash::Inputs::Http.new("port" => port,
-                                                 "ssl_enabled" => true,
-                                                 "ssl_certificate" => ssl_certificate.path,
-                                                 "ssl_certificate_authorities" => ssl_certificate.path,
-                                                 "ssl_key" => ssl_key.path,
-                                                  config_name => verify_mode
-                                                ) }
-            it "should not raise exception" do
-              expect { subject.register }.to_not raise_exception
-            end
-          end
-        end
-      end
-      ["ssl_verify_mode", "verify_mode"].each do |config_name|
-        context "with deprecated #{config_name} = none" do
-          subject { LogStash::Inputs::Http.new(config.merge(config_name => "none")) }
-          it "should not raise exception" do
-            expect { subject.register }.to_not raise_exception
-          end
-        end
-      end
       context "with invalid ssl certificate" do
         before do
           cert = File.readlines path = config["ssl_certificate"]
@@ -762,76 +651,6 @@ describe LogStash::Inputs::Http do
         end
       end
-      context "with both verify_mode and ssl_verify_mode options set" do
-        let(:config) do
-          super().merge('verify_mode' => 'none', 'ssl_verify_mode' => 'none')
-        end
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_verify_mode`.?/i
-        end
-      end
-      context "with both ssl_client_authentication and ssl_verify_mode options set" do
-        let(:config) do
-          super().merge('ssl_client_authentication' => 'optional', 'ssl_verify_mode' => 'none')
-        end
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_client_authentication.?/i
-        end
-      end
-      context "with both ssl_client_authentication and verify_mode options set" do
-        let(:config) do
-          super().merge('ssl_client_authentication' => 'optional', 'verify_mode' => 'none')
-        end
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_client_authentication.?/i
-        end
-      end
-      context "with ssl_cipher_suites and cipher_suites set" do
-        let(:config) do
-          super().merge('ssl_cipher_suites' => ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'],
-                        'cipher_suites' => ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'])
-        end
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_cipher_suites.?/i
-        end
-      end
-      context "with ssl_supported_protocols and tls_min_version set" do
-        let(:config) do
-          super().merge('ssl_supported_protocols' => ['TLSv1.2'], 'tls_min_version' => 1.0)
-        end
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_supported_protocols.?/i
-        end
-      end
-      context "with ssl_supported_protocols and tls_max_version set" do
-        let(:config) do
-          super().merge('ssl_supported_protocols' => ['TLSv1.2'], 'tls_max_version' => 1.2)
-        end
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_supported_protocols.?/i
-        end
-      end
-      context "with both ssl and ssl_enabled set" do
-        let(:config) do
-          super().merge('ssl' => true, 'ssl_enabled' => true )
-        end
-        it "should raise a configuration error" do
-          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use only .?ssl_enabled.?/i
-        end
-      end
       context "and with :ssl_keystore_path" do
         let(:config) do
@@ -844,41 +663,6 @@ describe LogStash::Inputs::Http do
       end
       context "with ssl_client_authentication" do
-        context "normalized from ssl_verify_mode 'none'" do
-          let(:config) { super().merge("ssl_verify_mode" => "none") }
-          it "should transform the value to 'none'" do
-            subject.register
-            expect(subject.params).to match hash_including("ssl_client_authentication" => "none")
-            expect(subject.instance_variable_get(:@ssl_client_authentication)).to eql("none")
-          end
-          context "and ssl_certificate_authorities is set" do
-            let(:config) { super().merge("ssl_certificate_authorities" => [certificate_path( 'root.crt')]) }
-            it "raise a configuration error" do
-              expect { subject.register }.to raise_error(LogStash::ConfigurationError, "The configuration of `ssl_certificate_authorities` requires setting `ssl_verify_mode` to `peer` or 'force_peer'")
-            end
-          end
-        end
-        [%w[peer optional], %w[force_peer required]].each do |ssl_verify_mode, ssl_client_authentication|
-          context "normalized from ssl_verify_mode '#{ssl_verify_mode}'" do
-            let(:config) { super().merge("ssl_verify_mode" => ssl_verify_mode, "ssl_certificate_authorities" => [certificate_path( 'root.crt')]) }
-            it "should transform the value to '#{ssl_client_authentication}'" do
-              subject.register
-              expect(subject.params).to match hash_including("ssl_client_authentication" => ssl_client_authentication)
-              expect(subject.instance_variable_get(:@ssl_client_authentication)).to eql(ssl_client_authentication)
-            end
-            context "with no ssl_certificate_authorities set " do
-              let(:config) { super().reject { |key| "ssl_certificate_authorities".eql?(key) } }
-              it "raise a configuration error" do
-                expect {subject.register}.to raise_error(LogStash::ConfigurationError, "Using `ssl_verify_mode` set to `peer` or `force_peer`, requires the configuration of `ssl_certificate_authorities` or `ssl_truststore_path`")
-              end
-            end
-          end
-        end
         context "configured to 'none'" do
           let(:config) { super().merge("ssl_client_authentication" => "none") }
@@ -1015,7 +799,26 @@ describe LogStash::Inputs::Http do
         end
       end
     end
+  end
+  describe 'handling obsolete settings' do
+    [{:name => 'tls_min_version', :replacement => 'ssl_supported_protocols', :sample_value => 1.3},
+     {:name => 'tls_max_version', :replacement => 'ssl_supported_protocols', :sample_value => 1.3},
+     {:name => 'cipher_suites', :replacement => 'ssl_cipher_suites', :sample_value => ['TLS_AES_128_GCM_SHA256']},
+     {:name => 'ssl', :replacement => 'ssl_enabled', :sample_value => true},
+     {:name => 'keystore', :replacement => 'ssl_keystore_path', :sample_value => certificate_path( 'server_from_root.p12')},
+     {:name => 'keystore_password', :replacement => 'ssl_keystore_password', :sample_value => 'none'},
+     {:name => 'ssl_verify_mode', :replacement => 'ssl_client_authentication', :sample_value => 'peer'},
+     {:name => 'verify_mode', :replacement => 'ssl_client_authentication', :sample_value => 'peer'}].each do | obsolete_setting|
+      context "with obsolete #{obsolete_setting[:name]}" do
+        let (:deprecated_config) do
+            config.merge({obsolete_setting[:name] => obsolete_setting[:sample_value]})
+          end
+        it "should raise a config error with the appropriate message" do
+          expect { LogStash::Inputs::Http.new(deprecated_config).register }.to raise_error LogStash::ConfigurationError, /The setting `#{obsolete_setting[:name]}` in plugin `http` is obsolete and is no longer available. Set '#{obsolete_setting[:replacement]}' instead/i
+        end
+      end
+    end
   end
 end

data/vendor/jar-dependencies/io/netty/netty-buffer/{4.1.118.Final/netty-buffer-4.1.118.Final.jar → 4.1.115.Final/netty-buffer-4.1.115.Final.jar} RENAMED Viewed

Binary file

data/vendor/jar-dependencies/io/netty/netty-codec/{4.1.118.Final/netty-codec-4.1.118.Final.jar → 4.1.115.Final/netty-codec-4.1.115.Final.jar} RENAMED Viewed

Binary file

data/vendor/jar-dependencies/io/netty/netty-codec-http/{4.1.118.Final/netty-codec-http-4.1.118.Final.jar → 4.1.115.Final/netty-codec-http-4.1.115.Final.jar} RENAMED Viewed

Binary file

data/vendor/jar-dependencies/io/netty/netty-common/{4.1.118.Final/netty-common-4.1.118.Final.jar → 4.1.115.Final/netty-common-4.1.115.Final.jar} RENAMED Viewed

Binary file

data/vendor/jar-dependencies/io/netty/netty-handler/{4.1.118.Final/netty-handler-4.1.118.Final.jar → 4.1.115.Final/netty-handler-4.1.115.Final.jar} RENAMED Viewed

Binary file

data/vendor/jar-dependencies/io/netty/netty-transport/{4.1.118.Final/netty-transport-4.1.118.Final.jar → 4.1.115.Final/netty-transport-4.1.115.Final.jar} RENAMED Viewed

Binary file

data/vendor/jar-dependencies/io/netty/netty-transport-native-unix-common/{4.1.118.Final/netty-transport-native-unix-common-4.1.118.Final.jar → 4.1.115.Final/netty-transport-native-unix-common-4.1.115.Final.jar} RENAMED Viewed

Binary file

data/vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/4.0.0/logstash-input-http-4.0.0.jar ADDED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-http
 version: !ruby/object:Gem::Version
-  version: 3.10.2
+  version: 4.0.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-12 00:00:00.000000000 Z
+date: 2024-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -169,14 +169,14 @@ files:
 - spec/fixtures/certs/openssl.cnf
 - spec/inputs/helpers.rb
 - spec/inputs/http_spec.rb
-- vendor/jar-dependencies/io/netty/netty-buffer/4.1.118.Final/netty-buffer-4.1.118.Final.jar
-- vendor/jar-dependencies/io/netty/netty-codec-http/4.1.118.Final/netty-codec-http-4.1.118.Final.jar
-- vendor/jar-dependencies/io/netty/netty-codec/4.1.118.Final/netty-codec-4.1.118.Final.jar
-- vendor/jar-dependencies/io/netty/netty-common/4.1.118.Final/netty-common-4.1.118.Final.jar
-- vendor/jar-dependencies/io/netty/netty-handler/4.1.118.Final/netty-handler-4.1.118.Final.jar
-- vendor/jar-dependencies/io/netty/netty-transport-native-unix-common/4.1.118.Final/netty-transport-native-unix-common-4.1.118.Final.jar
-- vendor/jar-dependencies/io/netty/netty-transport/4.1.118.Final/netty-transport-4.1.118.Final.jar
-- vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.10.2/logstash-input-http-3.10.2.jar
+- vendor/jar-dependencies/io/netty/netty-buffer/4.1.115.Final/netty-buffer-4.1.115.Final.jar
+- vendor/jar-dependencies/io/netty/netty-codec-http/4.1.115.Final/netty-codec-http-4.1.115.Final.jar
+- vendor/jar-dependencies/io/netty/netty-codec/4.1.115.Final/netty-codec-4.1.115.Final.jar
+- vendor/jar-dependencies/io/netty/netty-common/4.1.115.Final/netty-common-4.1.115.Final.jar
+- vendor/jar-dependencies/io/netty/netty-handler/4.1.115.Final/netty-handler-4.1.115.Final.jar
+- vendor/jar-dependencies/io/netty/netty-transport-native-unix-common/4.1.115.Final/netty-transport-native-unix-common-4.1.115.Final.jar
+- vendor/jar-dependencies/io/netty/netty-transport/4.1.115.Final/netty-transport-4.1.115.Final.jar
+- vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/4.0.0/logstash-input-http-4.0.0.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)

data/vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.10.2/logstash-input-http-3.10.2.jar DELETED Viewed

Binary file