logstash-integration-aws 7.1.2-java → 7.1.3-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f4f6e46b00a5cb0487616ed1720d776ae6d589d89e5be4a6d55a9b53c7e51cb0
-  data.tar.gz: 7f964cd0dc2e9ea1677fa7fefd3b0cc211739a1548b2359eb7586c6cde1a98c8
+  metadata.gz: f4cbe08b7343729fa42923adec2223fef762443a605affa60a7cee5dd4f6bd6c
+  data.tar.gz: 01b5095d1534b0527573fae1c29c7eba3be667754d7162f5122a1cc21d3e8f70
 SHA512:
-  metadata.gz: cb8df373a0e770f985cb1510a6ff90c2dfca243f131c40dd8ca56a4423fa03a06d89fd380b66ba9125f5b89fc8d49f5a9c55764d8285fb820e0ea36aefac6b49
-  data.tar.gz: 4e4d5e964240f264ad1d8c15e3c09b3c8ea68a2fdb04616223d13f40970763af75597d8e3164ef623104ae5fbb0acfce9fd4d24d1c542c7cb12fd1c357b399bf
+  metadata.gz: 30b3e667cdbaf3ecd4fdf6768c8ea3740ac9935b2761b42370e459162c7cc38075d41c6501bc4499d25b377a70911f9733ed51a636e019075db3e8bd512e35aa
+  data.tar.gz: 7eefe2ea51c7b2b84a20148b7fcf55316818fd0b84ec2cd94e54a055abd542ff58c1143a78e1c7685ac3ca07993e2d2f8f44d4902495387749b12985175d8e7d

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+## 7.1.3
+  - Added an option `use_aws_bundled_ca` to use bundled ca certs that ships with AWS SDK to verify SSL peer certificates [#32](https://github.com/logstash-plugins/logstash-integration-aws/pull/32)
+
 ## 7.1.2
   - Fix: adaptations to run with JRuby 9.4 [#29](https://github.com/logstash-plugins/logstash-integration-aws/pull/29)
 

data/VERSION

@@ -1 +1 @@
-7.1.2
+7.1.3

data/docs/input-cloudwatch.asciidoc

@@ -125,6 +125,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-secret_access_key>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-session_token>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-statistics>> |<<array,array>>|No
+| <<plugins-{type}s-{plugin}-use_aws_bundled_ca>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-use_ssl>> |<<boolean,boolean>>|No
 |=======================================================================
 
@@ -301,6 +302,16 @@ The AWS Session token for temporary credential
 
 Specify the statistics to fetch for each namespace
 
+[id="plugins-{type}s-{plugin}-use_aws_bundled_ca"]
+===== `use_aws_bundled_ca`
+
+* Value type is <<boolean,boolean>>
+* Default value is `false`
+
+Use bundled CA certificates that ship with AWS SDK to verify SSL peer certificates.
+For cases where the default certificates are unavailable, e.g. Windows,
+you can set this to `true`.
+
 [id="plugins-{type}s-{plugin}-use_ssl"]
 ===== `use_ssl` 
 
@@ -313,7 +324,6 @@ Should we require (true) or disable (false) using SSL for communicating with the
 The AWS SDK for Ruby defaults to SSL so we preserve that
 
 
-
 [id="plugins-{type}s-{plugin}-common-options"]
 include::{include_path}/{type}.asciidoc[]
 

data/docs/input-s3.asciidoc

@@ -78,6 +78,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-session_token>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-sincedb_path>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-temporary_directory>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-use_aws_bundled_ca>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-watch_for_new_files>> |<<boolean,boolean>>|No
 |=======================================================================
 
@@ -331,6 +332,16 @@ If specified, this setting must be a filename path and not just a directory.
 
 Set the directory where logstash will store the tmp files before processing them.
 
+[id="plugins-{type}s-{plugin}-use_aws_bundled_ca"]
+===== `use_aws_bundled_ca`
+
+* Value type is <<boolean,boolean>>
+* Default value is `false`
+
+Use bundled CA certificates that ship with AWS SDK to verify SSL peer certificates.
+For cases where the default certificates are unavailable, e.g. Windows,
+you can set this to `true`.
+
 [id="plugins-{type}s-{plugin}-watch_for_new_files"]
 ===== `watch_for_new_files`
 

data/docs/input-sqs.asciidoc

@@ -102,6 +102,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-sent_timestamp_field>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-session_token>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-threads>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-use_aws_bundled_ca>> |<<boolean,boolean>>|No
 |=======================================================================
 
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -278,7 +279,15 @@ The AWS Session token for temporary credential
   * Default value is `1`
 
 
+[id="plugins-{type}s-{plugin}-use_aws_bundled_ca"]
+===== `use_aws_bundled_ca`
 
+* Value type is <<boolean,boolean>>
+* Default value is `false`
+
+Use bundled CA certificates that ship with AWS SDK to verify SSL peer certificates.
+For cases where the default certificates are unavailable, e.g. Windows,
+you can set this to `true`.
 
 
 [id="plugins-{type}s-{plugin}-common-options"]

data/docs/output-cloudwatch.asciidoc

@@ -106,6 +106,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-session_token>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-timeframe>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-unit>> |<<string,string>>, one of `["Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None"]`|No
+| <<plugins-{type}s-{plugin}-use_aws_bundled_ca>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-value>> |<<string,string>>|No
 |=======================================================================
 
@@ -302,6 +303,16 @@ See the Rufus Scheduler docs for an https://github.com/jmettraux/rufus-scheduler
 The default unit to use for events which do not have a `CW_unit` field
 If you set this option you should probably set the "value" option along with it
 
+[id="plugins-{type}s-{plugin}-use_aws_bundled_ca"]
+===== `use_aws_bundled_ca`
+
+* Value type is <<boolean,boolean>>
+* Default value is `false`
+
+Use bundled CA certificates that ship with AWS SDK to verify SSL peer certificates.
+For cases where the default certificates are unavailable, e.g. Windows,
+you can set this to `true`.
+
 [id="plugins-{type}s-{plugin}-value"]
 ===== `value` 
 

data/docs/output-s3.asciidoc

@@ -113,6 +113,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-upload_multipart_threshold>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-upload_queue_size>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-upload_workers_count>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-use_aws_bundled_ca>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-validate_credentials_on_root_bucket>> |<<boolean,boolean>>|No
 |=======================================================================
 
@@ -425,6 +426,16 @@ Number of items we can keep in the local queue before uploading them
 
 Specify how many workers to use to upload the files to S3
 
+[id="plugins-{type}s-{plugin}-use_aws_bundled_ca"]
+===== `use_aws_bundled_ca`
+
+* Value type is <<boolean,boolean>>
+* Default value is `false`
+
+Use bundled CA certificates that ship with AWS SDK to verify SSL peer certificates.
+For cases where the default certificates are unavailable, e.g. Windows,
+you can set this to `true`.
+
 [id="plugins-{type}s-{plugin}-validate_credentials_on_root_bucket"]
 ===== `validate_credentials_on_root_bucket` 
 

data/docs/output-sns.asciidoc

@@ -65,6 +65,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-region>> |<<string,string>>, one of `["us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-central-1", "eu-west-1", "eu-west-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", "sa-east-1", "us-gov-west-1", "cn-north-1", "ap-south-1", "ca-central-1"]`|No
 | <<plugins-{type}s-{plugin}-secret_access_key>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-session_token>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-use_aws_bundled_ca>> |<<boolean,boolean>>|No
 |=======================================================================
 
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -158,6 +159,15 @@ The AWS Secret Access Key
 
 The AWS Session token for temporary credential
 
+[id="plugins-{type}s-{plugin}-use_aws_bundled_ca"]
+===== `use_aws_bundled_ca`
+
+* Value type is <<boolean,boolean>>
+* Default value is `false`
+
+Use bundled CA certificates that ship with AWS SDK to verify SSL peer certificates.
+For cases where the default certificates are unavailable, e.g. Windows,
+you can set this to `true`.
 
 
 [id="plugins-{type}s-{plugin}-common-options"]

data/docs/output-sqs.asciidoc

@@ -97,6 +97,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-role_session_name>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-secret_access_key>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-session_token>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-use_aws_bundled_ca>> |<<boolean,boolean>>|No
 |=======================================================================
 
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -234,7 +235,15 @@ The AWS Secret Access Key
 
 The AWS Session token for temporary credential
 
+[id="plugins-{type}s-{plugin}-use_aws_bundled_ca"]
+===== `use_aws_bundled_ca`
 
+* Value type is <<boolean,boolean>>
+* Default value is `false`
+
+Use bundled CA certificates that ship with AWS SDK to verify SSL peer certificates.
+For cases where the default certificates are unavailable, e.g. Windows,
+you can set this to `true`.
 
 [id="plugins-{type}s-{plugin}-common-options"]
 include::{include_path}/{type}.asciidoc[]

data/lib/logstash/inputs/cloudwatch.rb

@@ -130,6 +130,8 @@ class LogStash::Inputs::CloudWatch < LogStash::Inputs::Base
     raise 'Interval must be divisible by period' unless @interval % @period == 0
     raise "Filters must be defined for when using #{@namespace} namespace" if @filters.nil? && filters_required?(@namespace)
 
+    setup_aws_client_config
+
     @last_check = Time.now
   end # def register
 

data/lib/logstash/inputs/s3.rb

@@ -100,6 +100,7 @@ class LogStash::Inputs::S3 < LogStash::Inputs::Base
 
     @logger.info("Registering", :bucket => @bucket, :region => @region)
 
+    setup_aws_client_config
     s3 = get_s3object
 
     @s3bucket = s3.bucket(@bucket)

data/lib/logstash/inputs/sqs.rb

@@ -99,6 +99,7 @@ class LogStash::Inputs::SQS < LogStash::Inputs::Threadable
     require "aws-sdk-sqs"
     @logger.info("Registering SQS input", :queue => @queue, :queue_owner_aws_account_id => @queue_owner_aws_account_id)
 
+    setup_aws_client_config
     setup_queue
   end
 

data/lib/logstash/outputs/cloudwatch.rb

@@ -163,6 +163,7 @@ class LogStash::Outputs::CloudWatch < LogStash::Outputs::Base
     require "thread"
     require "aws-sdk-cloudwatch"
 
+    setup_aws_client_config
     @cw = Aws::CloudWatch::Client.new(aws_options_hash)
 
     @event_queue = SizedQueue.new(@queue_size)

data/lib/logstash/outputs/s3.rb

@@ -209,6 +209,8 @@ class LogStash::Outputs::S3 < LogStash::Outputs::Base
       raise LogStash::ConfigurationError, "Logstash must have the permissions to write to the temporary directory: #{@temporary_directory}"
     end
 
+    setup_aws_client_config
+
     if @validate_credentials_on_root_bucket && !WriteBucketPermissionValidator.new(@logger).valid?(bucket_resource, upload_options)
       raise LogStash::ConfigurationError, "Logstash must have the privileges to write to root bucket `#{@bucket}`, check your credentials or your permissions."
     end

data/lib/logstash/outputs/sns.rb

@@ -58,6 +58,7 @@ class LogStash::Outputs::Sns < LogStash::Outputs::Base
   def register
     require "aws-sdk-sns"
 
+    setup_aws_client_config
     @sns = Aws::SNS::Client.new(aws_options_hash)
 
     publish_boot_message_arn()

data/lib/logstash/outputs/sqs.rb

@@ -86,6 +86,7 @@ class LogStash::Outputs::SQS < LogStash::Outputs::Base
 
   public
   def register
+    setup_aws_client_config
     @sqs = Aws::SQS::Client.new(aws_options_hash)
 
     if @batch_events > 10

data/lib/logstash/plugin_mixins/aws_config/generic.rb

@@ -50,5 +50,12 @@ module LogStash::PluginMixins::AwsConfig::Generic
     # ----------------------------------
     #
     config :aws_credentials_file, :validate => :string
+
+    # By default, this plugin uses cert available to OpenSSL provided by OS
+    # when verifying SSL peer certificates.
+    # For cases where the default cert is unavailable, e.g. Windows,
+    # you can use the bundled ca certificate provided by AWS SDK
+    # by setting `use_aws_bundled_ca` to true
+    config :use_aws_bundled_ca, :validate => :boolean, :default => false
   end
 end

data/lib/logstash/plugin_mixins/aws_config/v2.rb

@@ -38,6 +38,10 @@ module LogStash::PluginMixins::AwsConfig::V2
     return opts
   end
 
+  def setup_aws_client_config
+    Aws.use_bundled_cert! if @use_aws_bundled_ca
+  end
+
   private
 
   def aws_credentials

data/lib/logstash-integration-aws_jars.rb

@@ -1,4 +1,4 @@
 # AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.
 
 require 'jar_dependencies'
-require_jar('org.logstash.plugins.integration.aws', 'logstash-integration-aws', '7.1.2')
+require_jar('org.logstash.plugins.integration.aws', 'logstash-integration-aws', '7.1.3')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-integration-aws
 version: !ruby/object:Gem::Version
-  version: 7.1.2
+  version: 7.1.3
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-08 00:00:00.000000000 Z
+date: 2023-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -408,7 +408,7 @@ files:
 - spec/spec_helper.rb
 - spec/support/helpers.rb
 - spec/unit/outputs/sqs_spec.rb
-- vendor/jar-dependencies/org/logstash/plugins/integration/aws/logstash-integration-aws/7.1.2/logstash-integration-aws-7.1.2.jar
+- vendor/jar-dependencies/org/logstash/plugins/integration/aws/logstash-integration-aws/7.1.3/logstash-integration-aws-7.1.3.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache-2.0