logstash-input-kafka 5.0.6 → 5.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/logstash/inputs/kafka.rb +67 -8
- data/logstash-input-kafka.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a9c0d93413c3ea01f0181364f4e2bb5eb93c8b56
|
4
|
+
data.tar.gz: 97e2e2659773e8c46381388d206823b694c431e0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 99fdcf04705b3d6376bea25aa8cbefbd303e8c7d4d6107b754ba99f3e4ad40010919f576bfa64154a0c64a03e438bc24bac40a1889a044d193b674a9a6f8715a
|
7
|
+
data.tar.gz: eadd2571707d7eeaacef2021d1b2698ba752a2e4bbc38471ef281279f3c9a07650d27291a34fe5791ac646f372658723e4a8d9a0f555cfe6e52c44807f494bca
|
data/CHANGELOG.md
CHANGED
@@ -145,15 +145,49 @@ class LogStash::Inputs::Kafka < LogStash::Inputs::Base
|
|
145
145
|
# Time kafka consumer will wait to receive new messages from topics
|
146
146
|
config :poll_timeout_ms, :validate => :number, :default => 100
|
147
147
|
# Enable SSL/TLS secured communication to Kafka broker.
|
148
|
-
config :ssl, :validate => :boolean, :default => false
|
148
|
+
config :ssl, :validate => :boolean, :default => false, :deprecated => "Use security_protocol => 'ssl'"
|
149
|
+
# The truststore type.
|
150
|
+
config :ssl_truststore_type, :validate => :string
|
149
151
|
# The JKS truststore path to validate the Kafka broker's certificate.
|
150
152
|
config :ssl_truststore_location, :validate => :path
|
151
153
|
# The truststore password
|
152
154
|
config :ssl_truststore_password, :validate => :password
|
155
|
+
# The keystore type.
|
156
|
+
config :ssl_keystore_type, :validate => :string
|
153
157
|
# If client authentication is required, this setting stores the keystore path.
|
154
158
|
config :ssl_keystore_location, :validate => :path
|
155
159
|
# If client authentication is required, this setting stores the keystore password
|
156
160
|
config :ssl_keystore_password, :validate => :password
|
161
|
+
# The password of the private key in the key store file.
|
162
|
+
config :ssl_key_password, :validate => :password
|
163
|
+
# Security protocol to use, which can be either of PLAINTEXT,SSL,SASL_PLAINTEXT,SASL_SSL
|
164
|
+
config :security_protocol, :validate => ["PLAINTEXT", "SSL", "SASL_PLAINTEXT", "SASL_SSL"], :default => "PLAINTEXT"
|
165
|
+
# http://kafka.apache.org/documentation.html#security_sasl[SASL mechanism] used for client connections.
|
166
|
+
# This may be any mechanism for which a security provider is available.
|
167
|
+
# GSSAPI is the default mechanism.
|
168
|
+
config :sasl_mechanism, :validate => :string, :default => "GSSAPI"
|
169
|
+
# The Kerberos principal name that Kafka broker runs as.
|
170
|
+
# This can be defined either in Kafka's JAAS config or in Kafka's config.
|
171
|
+
config :sasl_kerberos_service_name, :validate => :string
|
172
|
+
# The Java Authentication and Authorization Service (JAAS) API supplies user authentication and authorization
|
173
|
+
# services for Kafka. This setting provides the path to the JAAS file. Sample JAAS file for Kafka client:
|
174
|
+
# [source,java]
|
175
|
+
# ----------------------------------
|
176
|
+
# KafkaClient {
|
177
|
+
# com.sun.security.auth.module.Krb5LoginModule required
|
178
|
+
# useTicketCache=true
|
179
|
+
# renewTicket=true
|
180
|
+
# serviceName="kafka";
|
181
|
+
# };
|
182
|
+
# ----------------------------------
|
183
|
+
#
|
184
|
+
# Please note that specifying `jaas_path` and `kerberos_config` in the config file will add these
|
185
|
+
# to the global JVM system properties. This means if you have multiple Kafka inputs, all of them would be sharing the same
|
186
|
+
# `jaas_path` and `kerberos_config`. If this is not desirable, you would have to run separate instances of Logstash on
|
187
|
+
# different JVM instances.
|
188
|
+
config :jaas_path, :validate => :path
|
189
|
+
# Optional path to kerberos config file. This is krb5.conf style as detailed in https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
|
190
|
+
config :kerberos_config, :validate => :path
|
157
191
|
# Option to add Kafka metadata like topic, message size to the event.
|
158
192
|
# This will add a field named `kafka` to the logstash event containing the following attributes:
|
159
193
|
# `topic`: The topic this message is associated with
|
@@ -252,14 +286,15 @@ class LogStash::Inputs::Kafka < LogStash::Inputs::Base
|
|
252
286
|
props.put(kafka::SESSION_TIMEOUT_MS_CONFIG, session_timeout_ms) unless session_timeout_ms.nil?
|
253
287
|
props.put(kafka::VALUE_DESERIALIZER_CLASS_CONFIG, value_deserializer_class)
|
254
288
|
|
255
|
-
|
256
|
-
props.put("security.protocol", "SSL")
|
257
|
-
props.put("ssl.truststore.location", ssl_truststore_location)
|
258
|
-
props.put("ssl.truststore.password", ssl_truststore_password.value) unless ssl_truststore_password.nil?
|
289
|
+
props.put("security.protocol", security_protocol) unless security_protocol.nil?
|
259
290
|
|
260
|
-
|
261
|
-
props
|
262
|
-
|
291
|
+
if security_protocol == "SSL"
|
292
|
+
set_trustore_keystore_config(props)
|
293
|
+
elsif security_protocol == "SASL_PLAINTEXT"
|
294
|
+
set_sasl_config(props)
|
295
|
+
elsif security_protocol == "SASL_SSL"
|
296
|
+
set_trustore_keystore_config
|
297
|
+
set_sasl_config
|
263
298
|
end
|
264
299
|
|
265
300
|
org.apache.kafka.clients.consumer.KafkaConsumer.new(props)
|
@@ -268,4 +303,28 @@ class LogStash::Inputs::Kafka < LogStash::Inputs::Base
|
|
268
303
|
throw e
|
269
304
|
end
|
270
305
|
end
|
306
|
+
|
307
|
+
def set_trustore_keystore_config(props)
|
308
|
+
props.put("ssl.truststore.type", ssl_truststore_type) unless ssl_truststore_type.nil?
|
309
|
+
props.put("ssl.truststore.location", ssl_truststore_location)
|
310
|
+
props.put("ssl.truststore.password", ssl_truststore_password.value) unless ssl_truststore_password.nil?
|
311
|
+
|
312
|
+
# Client auth stuff
|
313
|
+
props.put("ssl.keystore.type", ssl_keystore_type) unless ssl_keystore_type.nil?
|
314
|
+
props.put("ssl.key.password", ssl_key_password.value) unless ssl_key_password.nil?
|
315
|
+
props.put("ssl.keystore.location", ssl_keystore_location) unless ssl_keystore_location.nil?
|
316
|
+
props.put("ssl.keystore.password", ssl_keystore_password.value) unless ssl_keystore_password.nil?
|
317
|
+
end
|
318
|
+
|
319
|
+
def set_sasl_config(props)
|
320
|
+
java.lang.System.setProperty("java.security.auth.login.config",jaas_path) unless jaas_path.nil?
|
321
|
+
java.lang.System.setProperty("java.security.krb5.conf",kerberos_config) unless kerberos_config.nil?
|
322
|
+
|
323
|
+
props.put("sasl.mechanism",sasl_mechanism)
|
324
|
+
if sasl_mechanism == "GSSAPI" && sasl_kerberos_service_name.nil?
|
325
|
+
raise LogStash::ConfigurationError, "sasl_kerberos_service_name must be specified when SASL mechanism is GSSAPI"
|
326
|
+
end
|
327
|
+
|
328
|
+
props.put("sasl.kerberos.service.name",sasl_kerberos_service_name)
|
329
|
+
end
|
271
330
|
end #class LogStash::Inputs::Kafka
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'logstash-input-kafka'
|
3
|
-
s.version = '5.0
|
3
|
+
s.version = '5.1.0'
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
5
5
|
s.summary = 'This input will read events from a Kafka topic. It uses the high level consumer API provided by Kafka to read messages from the broker'
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-kafka
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.0
|
4
|
+
version: 5.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elasticsearch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-11-
|
11
|
+
date: 2016-11-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|