logstash-integration-elastic_enterprise_search 2.2.1 → 3.0.1

data/spec/integration/outputs/elastic_workplace_search_spec.rb

@@ -1,126 +1,193 @@
 # encoding: utf-8
-require "logstash/devutils/rspec/spec_helper"
-require "logstash/outputs/elastic_workplace_search"
-require "logstash/codecs/plain"
-require "logstash/event"
-require "json"
-require "base64"
+require 'logstash/devutils/rspec/spec_helper'
+require 'logstash/codecs/plain'
+require 'logstash/event'
+require 'json'
+require 'base64'
 
-describe "indexing against running Workplace Search", :integration => true do
+describe 'indexing against running Workplace Search', :integration => true do
 
-  def is_version7?
-    ENV['ELASTIC_STACK_VERSION'].strip.start_with?("7")
-  end
+  require 'logstash/outputs/elastic_workplace_search'
 
+  let(:is_version7) { ENV['ELASTIC_STACK_VERSION'].strip.start_with?('7') }
   let(:url) { ENV['ENTERPRISE_SEARCH_URL'] }
-  let(:auth) { Base64.strict_encode64("#{ENV['ENTERPRISE_SEARCH_USERNAME']}:#{ENV['ENTERPRISE_SEARCH_PASSWORD']}")}
-  let(:source) do
-    if is_version7?
-      response = Faraday.get(
-        "#{url}/api/ws/v1/whoami",
-        {"get_token" => true},
-        {"Content-Type" => "application/json",
-        "Accept" => "application/json",
-        "Authorization" => "Basic #{auth}"}
-      )
-      JSON.load(response.body)
-    else
-      # Workplace Search v8.0+ provides the api_tokens API to create or retrieve
-      # the key to be use as access_token
-      conn = Faraday.new(url: url)
-      conn.basic_auth(ENV['ENTERPRISE_SEARCH_USERNAME'], ENV['ENTERPRISE_SEARCH_PASSWORD'])
-      response = conn.post('/ws/org/api_tokens',
-                            '{"name":"ls-integration-test-key"}',
-                            {"Content-Type" => "application/json", "Accept" => "application/json"})
-      create_response_json = JSON.load(response.body)
-      if create_response_json.has_key?("errors") && create_response_json["errors"].include?("Name is already taken")
-        # when a key with the name already exists, retrieve it
-        response = conn.get('/ws/org/api_tokens', nil,  {"Content-Type" => "application/json", "Accept" => "application/json"})
-        retrieve_token_response_json = JSON.load(response.body)
-        response_json = retrieve_token_response_json["results"].find {|res| res["id"] == "ls-integration-test-key"}
-      else
-        response_json = create_response_json
-      end
-
-      conn.close
-      response_json
-    end
-  end
-  let(:access_token) do
-    if is_version7?
-      source.fetch("access_token")
-    else
-      source.fetch("key")
-    end
-  end
-  let(:source_id) do
-    response = Faraday.post(
-          "#{url}/api/ws/v1/sources",
-           JSON.dump("service_type" => "custom", "name" => "whatever"),
-          {"Content-Type" => "application/json",
-          "Accept" => "application/json",
-          "Authorization" => "Bearer #{access_token}"}
-        )
-    source_response_json = JSON.load(response.body)
-    source_response_json.fetch("id")
-  end
-
+  let(:username) { ENV['ENTERPRISE_SEARCH_USERNAME'] }
+  let(:password) { ENV['ENTERPRISE_SEARCH_PASSWORD'] }
+  let(:basic_auth_header) { Base64.strict_encode64("#{username}:#{password}") }
+  let(:access_token) { fetch_access_token }
+  let(:source_id) { fetch_source_id }
   let(:config) do
     {
-      "url" => url,
-      "source" => source_id,
-      "access_token" => access_token
+      'url' => url,
+      'source' => source_id,
+      'access_token' => access_token
     }
   end
 
   subject(:workplace_search_output) { LogStash::Outputs::ElasticWorkplaceSearch.new(config) }
 
-  before(:each) { workplace_search_output.register }
+  describe 'indexing' do
+    let(:config) { super().merge('ssl_verification_mode' => 'none') }
+    let(:total_property_keys) { %w[meta page total_pages] }
+    let(:register) { true }
 
-  describe "single event" do
-    let(:event) { LogStash::Event.new("message" => "an event to index") }
+    before(:each) { workplace_search_output.register if register }
+
+    describe 'single event' do
+      let(:event_message) { 'an event to index' }
+      let(:event) { LogStash::Event.new('message' => event_message) }
+
+      it 'should be indexed' do
+        workplace_search_output.multi_receive([event])
+        expect_indexed(1, total_property_keys, event_message)
+      end
 
-    it "should be indexed" do
-      workplace_search_output.multi_receive([event])
+      context 'using sprintf-ed source' do
+        let(:config) { super().merge('source' => '%{source_field}') }
+        let(:event) { LogStash::Event.new('message' => 'an sprintf-ed event', 'source_field' => source_id) }
 
-      results = Stud.try(20.times, RSpec::Expectations::ExpectationNotMetError) do
-        attempt_response = execute_search_call
-        expect(attempt_response.status).to eq(200)
-        parsed_resp = JSON.parse(attempt_response.body)
-        expect(parsed_resp.dig("meta", "page", "total_pages")).to eq(1)
-        parsed_resp["results"]
+        it 'should be indexed' do
+          workplace_search_output.multi_receive([event])
+          expect_indexed(1, total_property_keys, 'an sprintf-ed event')
+        end
       end
-      expect(results.first.fetch("message")).to eq "an event to index"
     end
-  end
 
-  describe "multiple events" do
-    let(:events) { generate_events(200) } #2 times the slice size used to batch
-
-    it "all should be indexed" do
-      workplace_search_output.multi_receive(events)
-      results = Stud.try(20.times, RSpec::Expectations::ExpectationNotMetError) do
-        attempt_response = execute_search_call
-        expect(attempt_response.status).to eq(200)
-        parsed_resp = JSON.parse(attempt_response.body)
-        expect(parsed_resp.dig("meta", "page", "total_results")).to eq(200)
-        parsed_resp["results"]
+    describe 'multiple events' do
+      let(:events) { generate_events(200, 'multiple events to index') } # 2 times the slice size used to batch
+
+      it 'all should be indexed' do
+        workplace_search_output.multi_receive(events)
+        expect_indexed(200, %w[meta page total_results], 'multiple events to index')
+      end
+    end
+
+    describe 'with ssl enabled using a self-signed certificate', :secure_integration => true do
+      let(:ca_cert) { 'spec/fixtures/certificates/root_ca.crt' }
+      let(:event_message) { 'an event to index with ssl enabled' }
+      let(:event) { LogStash::Event.new('message' => event_message) }
+
+      context 'and ssl_verification_mode set to `full`' do
+        let(:config) { super().merge('ssl_verification_mode' => 'full') }
+        let(:register) { false }
+
+        it 'should raise an error' do
+          allow(workplace_search_output).to receive(:check_connection!).and_return(nil)
+          workplace_search_output.register
+          workplace_search_output.instance_variable_set(:@retry_disabled, true)
+
+          expect { workplace_search_output.multi_receive([event]) }.to raise_error(/PKIX path/)
+        end
+      end
+
+      context 'and ssl_certificate_authorities set to a valid CA' do
+        let(:config) { super().merge('ssl_certificate_authorities' => ca_cert) }
+        it 'should be indexed' do
+          workplace_search_output.multi_receive([event])
+          expect_indexed( 1, total_property_keys, event_message)
+        end
+      end
+
+      context 'and ssl_truststore_path set to a valid CA' do
+        let(:config) do
+          super().merge(
+            'ssl_truststore_path' => 'spec/fixtures/certificates/root_keystore.jks',
+            'ssl_truststore_password' => 'changeme'
+          )
+        end
+
+        it 'should be indexed' do
+          workplace_search_output.multi_receive([event])
+          expect_indexed(1, total_property_keys, event_message)
+        end
+      end
+
+      context 'and ssl_supported_protocols configured' do
+        let(:config) { super().merge('ssl_certificate_authorities' => ca_cert, 'ssl_supported_protocols' => 'TLSv1.3') }
+
+        it 'should be indexed' do
+          workplace_search_output.multi_receive([event])
+          expect_indexed(1, total_property_keys, event_message)
+        end
+      end
+
+      context 'and ssl_cipher_suites configured' do
+        let(:config) { super().merge('ssl_certificate_authorities' => ca_cert, 'ssl_cipher_suites' => 'TLS_AES_256_GCM_SHA384') }
+
+        it 'should be indexed' do
+          workplace_search_output.multi_receive([event])
+          expect_indexed(1, total_property_keys, event_message)
+        end
       end
-      expect(results.first.fetch("message")).to start_with("an event to index")
     end
   end
 
   private
+
   def execute_search_call
-    Faraday.post(
+    faraday_client.post(
       "#{url}/ws/org/sources/#{source_id}/documents",
       nil,
-      "Accept" => "application/json",
-      "Authorization" => "Basic #{auth}"
+      'Accept' => 'application/json',
+      'Authorization' => "Basic #{basic_auth_header}"
     )
   end
 
-  def generate_events(num_events)
-    (1..num_events).map { |i| LogStash::Event.new("message" => "an event to index #{i}")}
+  def generate_events(num_events, message_prefix = 'an event to index')
+    (1..num_events).map { |i| LogStash::Event.new('message' => "#{message_prefix} #{i}") }
+  end
+
+  def faraday_client
+    Faraday.new(url, ssl: { verify: false })
+  end
+
+  def fetch_access_token
+    if is_version7
+      response = faraday_client.get("#{url}/api/ws/v1/whoami",
+                                    { 'get_token' => true },
+                                    { 'Content-Type' => 'application/json',
+                                      'Accept' => 'application/json',
+                                      'Authorization' => "Basic #{basic_auth_header}" })
+
+      return JSON.load(response.body).fetch('access_token')
+    end
+
+    client = faraday_client
+    client.headers['Authorization'] = "Basic #{basic_auth_header}"
+    response = client.post('/ws/org/api_tokens',
+                           '{"name":"ls-integration-test-key"}',
+                           { 'Content-Type' => 'application/json', 'Accept' => 'application/json' })
+
+    response_json = JSON.load(response.body)
+    # when a key with the name already exists, retrieve it
+    if response_json.key?('errors') && response_json['errors'].include?('Name is already taken')
+      response = client.get('/ws/org/api_tokens', nil, { 'Content-Type' => 'application/json', 'Accept' => 'application/json' })
+      response_json = JSON.load(response.body)['results'].find { |res| res['id'] == 'ls-integration-test-key' }
+    end
+
+    client.close
+    response_json.fetch('key')
+  end
+
+  def fetch_source_id
+    response = faraday_client.post("#{url}/api/ws/v1/sources",
+                                   JSON.dump('service_type' => 'custom', 'name' => 'whatever'),
+                                   { 'Content-Type' => 'application/json',
+                                     'Accept' => 'application/json',
+                                     'Authorization' => "Bearer #{access_token}" })
+
+    source_response_json = JSON.load(response.body)
+    source_response_json.fetch('id')
+  end
+
+  def expect_indexed(total_expected, total_property_keys, expected_message_prefix)
+    results = Stud.try(20.times, RSpec::Expectations::ExpectationNotMetError) do
+      attempt_response = execute_search_call
+      expect(attempt_response.status).to eq(200)
+      parsed_resp = JSON.parse(attempt_response.body)
+      expect(parsed_resp.dig(*total_property_keys)).to eq(total_expected)
+      parsed_resp['results']
+    end
+    expect(results.first.fetch('message')).to start_with(expected_message_prefix)
   end
 end

data/spec/unit/outputs/client_spec.rb

@@ -0,0 +1,26 @@
+require "logstash/devutils/rspec/spec_helper"
+require 'logstash/plugin_mixins/enterprise_search/client'
+
+describe LogStash::PluginMixins::EnterpriseSearch::AppSearch::Client do
+  subject(:client) { described_class.new({}, params: {}) }
+
+  it 'should inherit Elastic::EnterpriseSearch::AppSearch::Client' do
+    expect(described_class.ancestors).to include(Elastic::EnterpriseSearch::AppSearch::Client)
+  end
+
+  it 'should include LogStash::PluginMixins::EnterpriseSearch::ManticoreTransport' do
+    expect(described_class.ancestors).to include(LogStash::PluginMixins::EnterpriseSearch::ManticoreTransport)
+  end
+end
+
+describe LogStash::PluginMixins::EnterpriseSearch::WorkplaceSearch::Client do
+  subject(:client) { described_class.new({}, params: {}) }
+
+  it 'should inherit Elastic::EnterpriseSearch::AppSearch::Client' do
+    expect(described_class.ancestors).to include(Elastic::EnterpriseSearch::WorkplaceSearch::Client)
+  end
+
+  it 'should include LogStash::PluginMixins::EnterpriseSearch::ManticoreTransport' do
+    expect(described_class.ancestors).to include(LogStash::PluginMixins::EnterpriseSearch::ManticoreTransport)
+  end
+end

data/spec/unit/outputs/elastic_app_search_spec.rb

@@ -0,0 +1,117 @@
+require 'logstash/devutils/rspec/spec_helper'
+require 'logstash/outputs/elastic_app_search'
+require 'logstash/codecs/plain'
+require 'logstash/event'
+
+describe LogStash::Outputs::ElasticAppSearch do
+  let(:event) { LogStash::Event.new('message' => 'An event') }
+  let(:api_key) { 'my_key' }
+  let(:engine) { 'test-engine' }
+  let(:config) { { 'api_key' => api_key, 'engine' => engine } }
+  let(:client) { double('Client') }
+
+  subject(:plugin) { described_class.new(config) }
+
+  before(:each) do
+    allow(plugin).to receive(:check_connection!)
+    plugin.instance_variable_set(:@client, client)
+  end
+
+  describe '#register' do
+    context 'when engine is defined in sprintf format' do
+      let(:config) { super().merge('engine' => '%{engine_name_field}') }
+      it 'does not raise an error' do
+        expect { plugin.register }.to_not raise_error
+      end
+    end
+  end
+
+  describe '#multi_receive' do
+    let(:response) { double('Response') }
+    let(:response_status) { 200 }
+    let(:response_body) { [{ 'errors' => [] }] }
+
+    before(:each) do
+      allow(response).to receive(:status).and_return(response_status)
+      allow(response).to receive(:body).and_return(response_body)
+    end
+
+    it 'should remove @timestamp and @version fields' do
+      allow(client).to receive(:index_documents) do |_, arguments|
+        expect(arguments[:documents].length).to eq(1)
+        expect(arguments[:documents].first).to_not include('@timestamp', '@version')
+        response
+      end
+
+      plugin.multi_receive([event])
+    end
+
+    context 'with :document_id configured' do
+      let(:config) { super().merge('document_id' => 'foo') }
+
+      it 'should include `id` field' do
+        allow(client).to receive(:index_documents) do |_, arguments|
+          expect(arguments[:documents].length).to eq(1)
+          expect(arguments[:documents].first).to include('id')
+          expect(arguments[:documents].first['id']).to eq('foo')
+          response
+        end
+
+        plugin.multi_receive([event])
+      end
+    end
+
+    context 'with :timestamp_destination configured' do
+      let(:config) { super().merge('timestamp_destination' => 'copied_timestamp') }
+
+      it 'should copy @timestamp value to :timestamp_destination field' do
+        allow(client).to receive(:index_documents) do |_, arguments|
+          expect(arguments[:documents].length).to eq(1)
+          expect(arguments[:documents].first).to include('copied_timestamp')
+          expect(arguments[:documents].first['copied_timestamp']).to_not be_nil
+          response
+        end
+
+        plugin.multi_receive([event])
+      end
+    end
+
+    context 'when multiple engines are defined in sprintf format' do
+      let(:response_body) { [{ 'errors' => [] }, { 'errors' => [] }] }
+      let(:config) { { 'api_key' => api_key, 'engine' => '%{engine_field}' } }
+
+      it 'should index events grouped by resolved engine' do
+        event_engine_a = LogStash::Event.new('message' => 'engine_a', 'engine_field' => 'engine_a')
+        event_engine_b = LogStash::Event.new('message' => 'engine_b', 'engine_field' => 'engine_b')
+
+        allow(client).to receive(:index_documents).twice do |resolved_engine, arguments|
+          docs = arguments[:documents]
+          expect(docs.length).to eq(1)
+          expect(arguments[:documents].first['message']).to eq(resolved_engine)
+          response
+        end
+
+        plugin.multi_receive([event_engine_a, event_engine_b])
+      end
+    end
+
+    context 'when indexing fail' do
+      let(:response_status) { 400 }
+      let(:response_body) { [{ 'errors' => ['failed'] }, { 'errors' => [] }] }
+
+      it 'should log warn message' do
+        allow(client).to receive(:index_documents).and_return(response)
+        allow(plugin.logger).to receive(:warn)
+
+        successful_event = LogStash::Event.new
+        plugin.multi_receive([successful_event, event])
+
+        successful_document = successful_event.to_hash
+        successful_document.delete('@timestamp')
+        successful_document.delete('@version')
+
+        expect(plugin.logger).to have_received(:warn).with('Document failed to index. Dropping..', :document => successful_document, :errors => ['failed']).once
+      end
+    end
+  end
+end

data/spec/unit/outputs/elastic_workplace_search_spec.rb

@@ -0,0 +1,117 @@
+require 'logstash/devutils/rspec/spec_helper'
+require 'logstash/outputs/elastic_workplace_search'
+require 'logstash/codecs/plain'
+require 'logstash/event'
+
+describe LogStash::Outputs::ElasticWorkplaceSearch do
+  let(:event) { LogStash::Event.new('message' => 'An event') }
+  let(:access_token) { 'my_key' }
+  let(:source) { 'test-source' }
+  let(:config) { { 'access_token' => access_token, 'source' => source } }
+  let(:client) { double('Client') }
+
+
+  subject(:plugin) { described_class.new(config) }
+
+  before(:each) do
+    allow(plugin).to receive(:check_connection!)
+    plugin.instance_variable_set(:@client, client)
+  end
+
+  describe '#register' do
+    context 'when source is defined in sprintf format' do
+      let(:config) { super().merge('source' => '%{source_name_field}') }
+      it 'does not raise an error' do
+        expect { plugin.register }.to_not raise_error
+      end
+    end
+  end
+
+  describe '#multi_receive' do
+    let(:response) { double('Response') }
+    let(:response_status) { 200 }
+    let(:response_body) { {} }
+
+    before(:each) do
+      allow(response).to receive(:status).and_return(response_status)
+      allow(response).to receive(:body).and_return(response_body)
+    end
+
+    it 'should remove @timestamp and @version fields' do
+      allow(client).to receive(:index_documents) do |_, arguments|
+        expect(arguments[:documents].length).to eq(1)
+        expect(arguments[:documents].first).to_not include('@timestamp', '@version')
+        response
+      end
+
+      plugin.multi_receive([event])
+    end
+
+    context 'with :document_id configured' do
+      let(:config) { super().merge('document_id' => 'foo') }
+
+      it 'should include `id` field' do
+        allow(client).to receive(:index_documents) do |_, arguments|
+          expect(arguments[:documents].length).to eq(1)
+          expect(arguments[:documents].first).to include('id')
+          expect(arguments[:documents].first['id']).to eq('foo')
+          response
+        end
+
+        plugin.multi_receive([event])
+      end
+    end
+
+    context 'with :timestamp_destination configured' do
+      let(:config) { super().merge('timestamp_destination' => 'copied_timestamp') }
+
+      it 'should copy @timestamp value to :timestamp_destination field' do
+        allow(client).to receive(:index_documents) do |_, arguments|
+          expect(arguments[:documents].length).to eq(1)
+          expect(arguments[:documents].first).to include('copied_timestamp')
+          expect(arguments[:documents].first['copied_timestamp']).to_not be_nil
+          response
+        end
+
+        plugin.multi_receive([event])
+      end
+    end
+
+    context 'when multiple sources are defined in sprintf format' do
+      let(:config) { { 'access_token' => access_token, 'source' => '%{source_field}' } }
+
+      it 'should index events grouped by resolved source' do
+        event_source_a = LogStash::Event.new('message' => 'source_a', 'source_field' => 'source_a')
+        event_source_b = LogStash::Event.new('message' => 'source_b', 'source_field' => 'source_b')
+
+        allow(client).to receive(:index_documents).twice do |resolved_source, arguments|
+          docs = arguments[:documents]
+          expect(docs.length).to eq(1)
+          expect(arguments[:documents].first['message']).to eq(resolved_source)
+          response
+        end
+
+        plugin.multi_receive([event_source_a, event_source_b])
+      end
+    end
+
+    context 'when indexing fail' do
+      let(:response_status) { 400 }
+      let(:response_body) { { 'results' => [{ 'errors' => ['failed'] }, { 'errors' => [] }] } }
+
+      it 'should log warn message' do
+        allow(client).to receive(:index_documents).and_return(response)
+        allow(plugin.logger).to receive(:warn)
+
+        successful_event = LogStash::Event.new
+        plugin.multi_receive([successful_event, event])
+
+        successful_document = successful_event.to_hash
+        successful_document.delete('@timestamp')
+        successful_document.delete('@version')
+
+        expect(plugin.logger).to have_received(:warn).with('Document failed to index. Dropping..', :document => successful_document, :errors => ['failed']).once
+      end
+    end
+  end
+end

data/spec/unit/outputs/manticore_transport_spec.rb

@@ -0,0 +1,124 @@
+require 'logstash/devutils/rspec/spec_helper'
+require 'stud/temporary'
+require 'logstash/plugin_mixins/enterprise_search/manticore_transport'
+
+describe LogStash::PluginMixins::EnterpriseSearch::ManticoreTransport do
+  describe 'Client class' do
+    subject(:client_class) do
+      Class.new(Elastic::EnterpriseSearch::Client) do
+        attr_reader :params
+        include LogStash::PluginMixins::EnterpriseSearch::ManticoreTransport
+
+        def initialize(options, params: {})
+          @params = params
+          super options
+        end
+      end
+    end
+
+    context "#transport" do
+      let(:client) { client_class.new({}, params: {}) }
+
+      it 'should override #transport' do
+        expect(client.method(:transport).owner).to eq(LogStash::PluginMixins::EnterpriseSearch::ManticoreTransport)
+      end
+
+      it 'should use manticore setting the :ssl argument' do
+        ssl_config = { ssl: { verify: :disable } }
+        allow(client).to receive(:build_ssl_config).and_return(ssl_config)
+
+        result = client.transport
+
+        if LogStash::PluginMixins::EnterpriseSearch::ManticoreTransport.eps_version_7?
+          expect(result.transport).to be_a(Elasticsearch::Transport::Transport::HTTP::Manticore)
+        else
+          expect(result.transport).to be_a(Elastic::Transport::Transport::HTTP::Manticore)
+        end
+
+        expect(result.instance_variable_get(:@arguments)[:ssl]).to eq(ssl_config)
+      end
+    end
+
+    context '#build_ssl_config' do
+      let(:params) { {} }
+      let(:client) { client_class.new({}, params: params) }
+      let(:built_ssl_options) { client.send(:build_ssl_config) }
+
+      [{ param_value: 'full', client_value: :strict },
+       { param_value: 'none', client_value: :disable }].each do |config|
+        context "when ssl_verification_mode is `#{config[:param_value]}`" do
+          let(:params) { super().merge('ssl_verification_mode' => config[:param_value]) }
+          it "should set :verify to #{config[:client_value]}" do
+            expect(built_ssl_options[:verify]).to eq(config[:client_value])
+          end
+        end
+      end
+
+      context 'when ssl_certificate_authorities is set' do
+        let(:ca_path) { 'spec/fixtures/certificates/root_ca.crt'}
+        let(:params) { super().merge('ssl_certificate_authorities' => [ca_path]) }
+
+        it 'should set :ca_file' do
+          expect(built_ssl_options[:ca_file]).to eq(ca_path)
+        end
+      end
+
+      context 'when ssl_cipher_suites is set' do
+        let(:params) { super().merge('ssl_cipher_suites' => ['TLS_FOO_BAR']) }
+
+        it 'should set :cipher_suites' do
+          expect(built_ssl_options[:cipher_suites]).to eq(['TLS_FOO_BAR'])
+        end
+      end
+
+      context 'when ssl_supported_protocols is set' do
+        let(:params) { super().merge('ssl_supported_protocols' => %w[TLSv1.2 TLSv1.3]) }
+
+        it 'should set :protocols' do
+          expect(built_ssl_options[:protocols]).to eq( %w[TLSv1.2 TLSv1.3])
+        end
+      end
+
+      context 'when ssl_truststore options are set' do
+        let(:keystore_path) { 'spec/fixtures/certificates/root_keystore.jks'}
+        let(:keystore_password) { LogStash::Util::Password.new('changeme') }
+
+        let(:params) do
+          super().merge('ssl_truststore_path' => keystore_path,
+                        'ssl_truststore_type' => 'jks',
+                        'ssl_truststore_password' => keystore_password)
+        end
+
+        it 'should set :truststore options' do
+          expect(built_ssl_options[:truststore]).to eq(keystore_path)
+          expect(built_ssl_options[:truststore_type]).to eq('jks')
+          expect(built_ssl_options[:truststore_password]).to eq('changeme')
+        end
+      end
+    end
+  end
+
+  describe 'Client class with no :params' do
+    subject(:client_class) { Class.new(Elastic::EnterpriseSearch::Client) }
+
+    context 'when included' do
+      it 'should raise an ArgumentError' do
+        expect do
+          client_class.include LogStash::PluginMixins::EnterpriseSearch::ManticoreTransport
+        end.to raise_error(ArgumentError).with_message(/must respond to :params/)
+      end
+    end
+  end
+
+  describe 'No client class' do
+    subject(:client) { Class.new }
+
+    context 'when included' do
+      it 'should raise an ArgumentError' do
+        expect do
+          client.include LogStash::PluginMixins::EnterpriseSearch::ManticoreTransport
+        end.to raise_error(ArgumentError).with_message(/must inherit Elastic::EnterpriseSearch::Client/)
+      end
+    end
+  end
+end