logstash-input-tcp 3.0.0 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -1
- data/lib/logstash/inputs/tcp.rb +3 -3
- data/logstash-input-tcp.gemspec +9 -11
- data/spec/inputs/tcp_spec.rb +66 -24
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d560100efd4b27bcef8c8865626a628de300b871
|
4
|
+
data.tar.gz: 4f22528b91f54d136f838ae5ea7878c7df493462
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 28bd63a130f1fa48f9470800baea3bc2ea14c9541dd754886ed21428a184ffa2c060b2e12089172acf77297e3136ce471fb3337ce0664e276c7a41fdbf230192
|
7
|
+
data.tar.gz: e03a18054310108f46336a10375d68dddfdcaba824102de882335aaa824634a05e4ae78357798f469a861e2ca79b144e9dfb642b88264480ee34b6036c84c300
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,8 @@
|
|
1
|
+
## 3.0.1
|
2
|
+
- properly convert sslsubject to string before assigning to event field, added specs, see https://github.com/logstash-plugins/logstash-input-tcp/pull/38
|
3
|
+
|
1
4
|
## 3.0.0
|
2
|
-
- Deprecate ssl_cacert as it's confusing, does it job but when willing to add a chain of certificated the name and behaviour is a bit confusing.
|
5
|
+
- Deprecate ssl_cacert as it's confusing, does it job but when willing to add a chain of certificated the name and behaviour is a bit confusing.
|
3
6
|
- Add ssl_extra_chain_certs that allows you to specify a list of certificates path that will be added to the CAStore.
|
4
7
|
- Make ssl_verify=true as a default value, if using ssl and performing validation is not reasonable as security might be compromised.
|
5
8
|
- Add tests to verify behaviour under different SSL connection circumstances.
|
data/lib/logstash/inputs/tcp.rb
CHANGED
@@ -38,7 +38,7 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
38
38
|
config :ssl_verify, :validate => :boolean, :default => true
|
39
39
|
|
40
40
|
# The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.
|
41
|
-
config :ssl_cacert, :validate => :path, :deprecated => "This setting is deprecated in favor of
|
41
|
+
config :ssl_cacert, :validate => :path, :deprecated => "This setting is deprecated in favor of ssl_extra_chain_certs as it sets a more clear expectation to add more X509 certificates to the store"
|
42
42
|
|
43
43
|
# SSL certificate path
|
44
44
|
config :ssl_cert, :validate => :path
|
@@ -153,7 +153,7 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
153
153
|
codec.decode(read(socket)) do |event|
|
154
154
|
event["host"] ||= client_address
|
155
155
|
event["port"] ||= client_port
|
156
|
-
event["sslsubject"] ||= socket.peer_cert.subject if @ssl_enable && @ssl_verify
|
156
|
+
event["sslsubject"] ||= socket.peer_cert.subject.to_s if @ssl_enable && @ssl_verify
|
157
157
|
decorate(event)
|
158
158
|
output_queue << event
|
159
159
|
end
|
@@ -176,7 +176,7 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
176
176
|
codec.respond_to?(:flush) && codec.flush do |event|
|
177
177
|
event["host"] ||= client_address
|
178
178
|
event["port"] ||= client_port
|
179
|
-
event["sslsubject"] ||= socket.peer_cert.subject if @ssl_enable && @ssl_verify
|
179
|
+
event["sslsubject"] ||= socket.peer_cert.subject.to_s if @ssl_enable && @ssl_verify
|
180
180
|
decorate(event)
|
181
181
|
output_queue << event
|
182
182
|
end
|
data/logstash-input-tcp.gemspec
CHANGED
@@ -1,17 +1,16 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
|
-
|
3
|
-
s.
|
4
|
-
s.
|
5
|
-
s.
|
6
|
-
s.
|
7
|
-
s.
|
8
|
-
s.
|
9
|
-
s.
|
10
|
-
s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html"
|
2
|
+
s.name = 'logstash-input-tcp'
|
3
|
+
s.version = '3.0.1'
|
4
|
+
s.licenses = ['Apache License (2.0)']
|
5
|
+
s.summary = "Read events over a TCP socket."
|
6
|
+
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
7
|
+
s.authors = ["Elastic"]
|
8
|
+
s.email = 'info@elastic.co'
|
9
|
+
s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html"
|
11
10
|
s.require_paths = ["lib"]
|
12
11
|
|
13
12
|
# Files
|
14
|
-
s.files = Dir['lib/**/*','spec/**/*','
|
13
|
+
s.files = Dir['lib/**/*', 'spec/**/*', '*.gemspec', '*.md', 'CONTRIBUTORS', 'Gemfile', 'LICENSE', 'NOTICE.TXT', 'CHANGELOG.md', 'README.md']
|
15
14
|
|
16
15
|
# Tests
|
17
16
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
@@ -31,4 +30,3 @@ Gem::Specification.new do |s|
|
|
31
30
|
s.add_development_dependency 'flores', '~> 0.0.6'
|
32
31
|
s.add_development_dependency 'stud', '~> 0.0.22'
|
33
32
|
end
|
34
|
-
|
data/spec/inputs/tcp_spec.rb
CHANGED
@@ -33,7 +33,7 @@ describe LogStash::Inputs::Tcp do
|
|
33
33
|
|
34
34
|
it "should read plain with unicode" do
|
35
35
|
event_count = 10
|
36
|
-
port =
|
36
|
+
port = rand(1024..65535)
|
37
37
|
conf = <<-CONFIG
|
38
38
|
input {
|
39
39
|
tcp {
|
@@ -61,7 +61,7 @@ describe LogStash::Inputs::Tcp do
|
|
61
61
|
end
|
62
62
|
|
63
63
|
it "should read events with plain codec and ISO-8859-1 charset" do
|
64
|
-
port =
|
64
|
+
port = rand(1024..65535)
|
65
65
|
charset = "ISO-8859-1"
|
66
66
|
conf = <<-CONFIG
|
67
67
|
input {
|
@@ -89,7 +89,7 @@ describe LogStash::Inputs::Tcp do
|
|
89
89
|
end
|
90
90
|
|
91
91
|
it "should read events with json codec" do
|
92
|
-
port =
|
92
|
+
port = rand(1024..65535)
|
93
93
|
conf = <<-CONFIG
|
94
94
|
input {
|
95
95
|
tcp {
|
@@ -124,7 +124,7 @@ describe LogStash::Inputs::Tcp do
|
|
124
124
|
end
|
125
125
|
|
126
126
|
it "should read events with json codec (testing 'host' handling)" do
|
127
|
-
port =
|
127
|
+
port = rand(1024..65535)
|
128
128
|
conf = <<-CONFIG
|
129
129
|
input {
|
130
130
|
tcp {
|
@@ -151,7 +151,7 @@ describe LogStash::Inputs::Tcp do
|
|
151
151
|
end
|
152
152
|
|
153
153
|
it "should read events with json_lines codec" do
|
154
|
-
port =
|
154
|
+
port = rand(1024..65535)
|
155
155
|
conf = <<-CONFIG
|
156
156
|
input {
|
157
157
|
tcp {
|
@@ -167,16 +167,17 @@ describe LogStash::Inputs::Tcp do
|
|
167
167
|
"baz" => { "1" => "2" },
|
168
168
|
"idx" => 0
|
169
169
|
}
|
170
|
+
event_count = 5
|
170
171
|
|
171
172
|
events = input(conf) do |pipeline, queue|
|
172
173
|
socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
|
173
|
-
(1..
|
174
|
+
(1..event_count).each do |idx|
|
174
175
|
data["idx"] = idx
|
175
176
|
socket.puts(LogStash::Json.dump(data) + "\n")
|
176
177
|
end
|
177
178
|
socket.close
|
178
179
|
|
179
|
-
(1..
|
180
|
+
(1..event_count).map{queue.pop}
|
180
181
|
end
|
181
182
|
|
182
183
|
events.each_with_index do |event, idx|
|
@@ -189,7 +190,7 @@ describe LogStash::Inputs::Tcp do
|
|
189
190
|
|
190
191
|
it "should one message per connection" do
|
191
192
|
event_count = 10
|
192
|
-
port =
|
193
|
+
port = rand(1024..65535)
|
193
194
|
conf = <<-CONFIG
|
194
195
|
input {
|
195
196
|
tcp {
|
@@ -285,12 +286,17 @@ describe LogStash::Inputs::Tcp do
|
|
285
286
|
subject(:input) { LogStash::Plugin.lookup("input", "tcp").new(config) }
|
286
287
|
|
287
288
|
let(:config) do
|
288
|
-
{
|
289
|
-
"
|
289
|
+
{
|
290
|
+
"host" => "0.0.0.0",
|
291
|
+
"port" => port,
|
292
|
+
"ssl_verify" => false,
|
293
|
+
"ssl_enable" => true,
|
294
|
+
"ssl_cert" => certificate[0].path,
|
295
|
+
"ssl_key" => certificate[1].path
|
296
|
+
}
|
290
297
|
end
|
291
298
|
|
292
299
|
let(:events) do
|
293
|
-
|
294
300
|
socket = Stud::try(5.times) do
|
295
301
|
ssl_context = OpenSSL::SSL::SSLContext.new
|
296
302
|
socket = TCPSocket.new("127.0.0.1", port)
|
@@ -313,6 +319,12 @@ describe LogStash::Inputs::Tcp do
|
|
313
319
|
expect(events.size).to be(nevents)
|
314
320
|
end
|
315
321
|
|
322
|
+
it "should not contain sslsubject" do
|
323
|
+
events.each do |event|
|
324
|
+
expect(event["sslsubject"]).to be_nil
|
325
|
+
end
|
326
|
+
end
|
327
|
+
|
316
328
|
describe "when ssl_verify is on" do
|
317
329
|
|
318
330
|
let(:chain_of_certificates) { helper.chain_of_certificates }
|
@@ -327,9 +339,14 @@ describe LogStash::Inputs::Tcp do
|
|
327
339
|
context "and the verification fails" do
|
328
340
|
|
329
341
|
let(:config) do
|
330
|
-
{
|
331
|
-
"
|
332
|
-
"
|
342
|
+
{
|
343
|
+
"host" => "0.0.0.0",
|
344
|
+
"port" => port,
|
345
|
+
"ssl_enable" => true,
|
346
|
+
"ssl_verify" => true,
|
347
|
+
"ssl_cert" => chain_of_certificates[:a_cert].path,
|
348
|
+
"ssl_key" => chain_of_certificates[:a_key].path
|
349
|
+
}
|
333
350
|
end
|
334
351
|
|
335
352
|
let(:client_certificate) { File.read(chain_of_certificates[:b_cert].path) }
|
@@ -347,13 +364,19 @@ describe LogStash::Inputs::Tcp do
|
|
347
364
|
end
|
348
365
|
end
|
349
366
|
end
|
367
|
+
|
350
368
|
context "and using the root CA" do
|
351
369
|
|
352
370
|
let(:config) do
|
353
|
-
{
|
354
|
-
"
|
355
|
-
"
|
356
|
-
"
|
371
|
+
{
|
372
|
+
"host" => "0.0.0.0",
|
373
|
+
"port" => port,
|
374
|
+
"ssl_enable" => true,
|
375
|
+
"ssl_verify" => true,
|
376
|
+
"ssl_cert" => chain_of_certificates[:a_cert].path,
|
377
|
+
"ssl_key" => chain_of_certificates[:a_key].path,
|
378
|
+
"ssl_cacert" => chain_of_certificates[:root_ca].path
|
379
|
+
}
|
357
380
|
end
|
358
381
|
|
359
382
|
let(:client_certificate) { File.read(chain_of_certificates[:aa_cert].path) }
|
@@ -364,6 +387,7 @@ describe LogStash::Inputs::Tcp do
|
|
364
387
|
socket = TCPSocket.new("127.0.0.1", port)
|
365
388
|
OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
|
366
389
|
end
|
390
|
+
|
367
391
|
result = helper.pipelineless_input(subject, nevents) do
|
368
392
|
socket.connect
|
369
393
|
nevents.times do |i|
|
@@ -371,6 +395,7 @@ describe LogStash::Inputs::Tcp do
|
|
371
395
|
socket.flush
|
372
396
|
end
|
373
397
|
end
|
398
|
+
|
374
399
|
socket.close rescue nil
|
375
400
|
|
376
401
|
result
|
@@ -380,15 +405,25 @@ describe LogStash::Inputs::Tcp do
|
|
380
405
|
expect(events.size).to be(nevents)
|
381
406
|
end
|
382
407
|
|
408
|
+
it "should contain sslsubject" do
|
409
|
+
events.each do |event|
|
410
|
+
expect(event["sslsubject"]).to eq("/DC=org/DC=ruby-lang/CN=RubyAA_Cert")
|
411
|
+
end
|
412
|
+
end
|
383
413
|
end
|
384
414
|
|
385
415
|
context "using an extra chain of certificates" do
|
386
416
|
|
387
417
|
let(:config) do
|
388
|
-
{
|
389
|
-
"
|
390
|
-
"
|
391
|
-
"
|
418
|
+
{
|
419
|
+
"host" => "0.0.0.0",
|
420
|
+
"port" => port,
|
421
|
+
"ssl_enable" => true,
|
422
|
+
"ssl_verify" => true,
|
423
|
+
"ssl_cert" => chain_of_certificates[:b_cert].path,
|
424
|
+
"ssl_key" => chain_of_certificates[:b_key].path,
|
425
|
+
"ssl_extra_chain_certs" => [ chain_of_certificates[:root_ca].path, chain_of_certificates[:a_cert].path, chain_of_certificates[:b_cert].path ]
|
426
|
+
}
|
392
427
|
end
|
393
428
|
|
394
429
|
let(:client_certificate) { File.read(chain_of_certificates[:c_cert].path) }
|
@@ -399,6 +434,7 @@ describe LogStash::Inputs::Tcp do
|
|
399
434
|
socket = TCPSocket.new("127.0.0.1", port)
|
400
435
|
OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
|
401
436
|
end
|
437
|
+
|
402
438
|
result = helper.pipelineless_input(subject, nevents) do
|
403
439
|
socket.connect
|
404
440
|
nevents.times do |i|
|
@@ -406,6 +442,7 @@ describe LogStash::Inputs::Tcp do
|
|
406
442
|
socket.flush
|
407
443
|
end
|
408
444
|
end
|
445
|
+
|
409
446
|
socket.close rescue nil
|
410
447
|
|
411
448
|
result
|
@@ -414,14 +451,19 @@ describe LogStash::Inputs::Tcp do
|
|
414
451
|
it "should receive events" do
|
415
452
|
expect(events.size).to be(nevents)
|
416
453
|
end
|
454
|
+
|
455
|
+
it "should contain sslsubject" do
|
456
|
+
events.each do |event|
|
457
|
+
expect(event["sslsubject"]).to eq("/DC=org/DC=ruby-lang/CN=RubyC_Cert")
|
458
|
+
end
|
459
|
+
end
|
417
460
|
end
|
418
461
|
end
|
419
|
-
|
420
462
|
end
|
421
463
|
end
|
464
|
+
|
422
465
|
it_behaves_like "an interruptible input plugin" do
|
423
466
|
let(:config) { { "port" => port } }
|
424
467
|
end
|
425
468
|
end
|
426
|
-
|
427
469
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-tcp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-01-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: logstash-core
|
@@ -166,11 +166,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
166
166
|
version: '0'
|
167
167
|
requirements: []
|
168
168
|
rubyforge_project:
|
169
|
-
rubygems_version: 2.4.
|
169
|
+
rubygems_version: 2.4.8
|
170
170
|
signing_key:
|
171
171
|
specification_version: 4
|
172
172
|
summary: Read events over a TCP socket.
|
173
173
|
test_files:
|
174
174
|
- spec/inputs/tcp_spec.rb
|
175
175
|
- spec/spec_helper.rb
|
176
|
-
has_rdoc:
|