logstash-mixin-http_client 7.3.0 → 7.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc464a55d52c603e85ea2660d4421e299cf84a876c0535b42e96eb7b6ab6a39c
-  data.tar.gz: 147afafc098bc8b326a21200ac7354e80ecbbefb1736d7dbee2c49a50d9eba69
+  metadata.gz: 7113b42811db2555d08f0146bc031203fe686fed7ade1f3da648142385af3e03
+  data.tar.gz: 7f27a58c3bb605ebce070e0659ef32ff6dafa68dca9d1597e1851191e67e774f
 SHA512:
-  metadata.gz: 966d167f986302dfb50b7c83ad4101c77c23ce08c998749a184339516c7021c96da5c6f389fa71b6c8a06869fc0ac66a72988ac3ba8666dd5defb070333d4ae5
-  data.tar.gz: 8fe68d119b1ad22a102aaa810c39b364127911a7b2814e7330f7a04f70de36985b413c30a65a8d617edd9b8139c181dfe302777502efb8eaa579deecb1f9d553
+  metadata.gz: 5e4d182516285b5bbb9be15df611af50dc4fdbdf2cc2ae02d38d74ffa43ba330d74ff6d73f8802b81006cae11747b84294bf9181d588cbe549b315126ed755d8
+  data.tar.gz: 21630cc2c5e65ea70f307996d823486318c14beea2b0f5300d90f0b5d77ac8ab75312b37e24ccd3e8c9b3efa8dcbf44766efb854c5289958ba5eaafe5192d44f

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 7.5.0
+  - Adds new mixin configuration option `with_obsolete` to mark `ssl` options as obsolete
+
+## 7.4.0
+  - Adds new `ssl_enabled` setting for enabling/disabling the SSL configurations [#44](https://github.com/logstash-plugins/logstash-mixin-http_client/pull/44)
+
 ## 7.3.0
   - Adds standardized SSL settings and deprecates their non-standard counterparts. Deprecated settings will continue to work, and will provide pipeline maintainers with guidance toward using their standardized counterparts [#42](https://github.com/logstash-plugins/logstash-mixin-http_client/pull/42)
     - Adds new `ssl_truststore_path`, `ssl_truststore_password`, and `ssl_truststore_type` settings for configuring SSL-trust using a PKCS-12 or JKS trust store, deprecating their `truststore`, `truststore_password`, and `truststore_type` counterparts.

data/lib/logstash/plugin_mixins/http_client/obsolete_ssl_config_support.rb

@@ -0,0 +1,19 @@
+module LogStash::PluginMixins::HttpClient
+  module ObsoleteSslConfigSupport
+    def self.included(base)
+      fail ArgumentError unless base <= LogStash::PluginMixins::HttpClient::Implementation
+
+      base.config :cacert, :obsolete => 'Use `ssl_certificate_authorities` instead'
+      base.config :client_cert, :obsolete => 'Use `ssl_certificate` instead'
+      base.config :client_key, :obsolete => 'Use `ssl_key` instead'
+      base.config :keystore, :obsolete => 'Use `ssl_keystore_path` instead'
+      base.config :keystore_type, :obsolete => 'Use `ssl_keystore_type` instead'
+      base.config :truststore, :obsolete => 'Use `ssl_truststore_path` instead'
+      base.config :truststore_type, :obsolete => 'Use `ssl_truststore_type` instead'
+
+      # Retain validation for password types to avoid inadvertent information disclosure
+      base.config :keystore_password, :validate => :password, :obsolete => 'Use `ssl_keystore_password` instead'
+      base.config :truststore_password, :validate => :password, :obsolete => 'Use `ssl_truststore_password` instead'
+    end
+  end
+end

data/lib/logstash/plugin_mixins/http_client.rb

@@ -19,8 +19,10 @@ module LogStash::PluginMixins::HttpClient
   end
 
   class Adapter < Module
-    def initialize(with_deprecated: false)
+    def initialize(with_deprecated: false, with_obsolete: false)
+       raise ArgumentError, "A plugin cannot support deprecated and obsolete SSL settings" if with_deprecated && with_obsolete
       @include_dep = with_deprecated
+      @include_obsolete = with_obsolete
     end
 
     def included(base)
@@ -28,7 +30,11 @@ module LogStash::PluginMixins::HttpClient
       if @include_dep
         require_relative 'http_client/deprecated_ssl_config_support'
         base.include(DeprecatedSslConfigSupport)
+      elsif @include_obsolete
+        require_relative 'http_client/obsolete_ssl_config_support'
+        base.include(ObsoleteSslConfigSupport)
       end
+
       nil
     end
   end
@@ -75,6 +81,9 @@ module LogStash::PluginMixins::HttpClient
       # See https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html#setValidateAfterInactivity(int)[these docs for more info]
       base.config :validate_after_inactivity, :validate => :number, :default => 200
 
+      # Enable/disable the SSL configurations
+      base.config :ssl_enabled, :validate => :boolean, :default => true
+
       # If you need to use a custom X.509 CA (.pem certs) specify the path to that here
       base.config :ssl_certificate_authorities, :validate => :path, :list => :true
 
@@ -188,6 +197,13 @@ module LogStash::PluginMixins::HttpClient
     def ssl_options
 
       options = {}
+
+      unless @ssl_enabled
+        ignored_ssl_settings = original_params.select { |k| k != 'ssl_enabled' && k.start_with?('ssl_') }
+        self.logger.warn("Configured SSL settings are not used when `ssl_enabled` is set to `false`: #{ignored_ssl_settings.keys}") if ignored_ssl_settings.any?
+        return options
+      end
+
       if @ssl_certificate_authorities&.any?
         raise LogStash::ConfigurationError, 'Multiple values on `ssl_certificate_authorities` are not supported by this plugin' if @ssl_certificate_authorities.size > 1
 

data/logstash-mixin-http_client.gemspec

@@ -1,8 +1,8 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-mixin-http_client'
-  s.version         = '7.3.0'
+  s.version         = '7.5.0'
   s.licenses        = ['Apache License (2.0)']
-  s.summary         = "AWS mixins to provide a unified interface for Amazon Webservice"
+  s.summary         = "Mixin to provide consistent config deprecation and obsoletion across HTTP plugins"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
   s.authors         = ["Elastic"]
   s.email           = 'info@elastic.co'

data/spec/plugin_mixin/http_client_ssl_spec.rb

@@ -44,6 +44,16 @@ shared_examples 'a deprecated setting with guidance' do |deprecations_and_guidan
   end
 end
 
+shared_examples 'an obsolete setting with guidance' do |deprecations_and_guidance|
+
+  deprecations_and_guidance.each do |obsolete_setting, canonical_setting_name|
+    it "emits an error about the setting `#{obsolete_setting}` now being obsolete and provides guidance to use `#{canonical_setting_name}`" do
+      error_text = /The setting `#{obsolete_setting}` in plugin `with_obsolete` is obsolete and is no longer available. Use `#{canonical_setting_name}` instead/i
+      expect { plugin_class.new(conf)}.to raise_error LogStash::ConfigurationError, error_text
+    end
+  end
+end
+
 shared_examples 'with common ssl options' do
   describe 'with verify mode' do
     let(:file) { Stud::Temporary.file }
@@ -144,6 +154,33 @@ shared_examples("raise an http config error") do |message|
   end
 end
 
+shared_examples 'a client with obsolete ssl options' do
+  describe LogStash::PluginMixins::HttpClient do
+    let(:basic_config) { {} }
+    let(:impl) { plugin_class.new(basic_config) }
+    let(:use_deprecated_config) { true }
+
+    include_examples 'with common ssl options'
+
+    [{:name => 'cacert', :canonical_name => 'ssl_certificate_authorities'},
+     {:name => 'client_cert', :canonical_name => 'ssl_certificate'},
+     {:name => 'client_key', :canonical_name => 'ssl_key'},
+     {:name => "keystore", :canonical_name => 'ssl_keystore_path'},
+     {:name => 'truststore', :canonical_name => 'ssl_truststore_path'},
+     {:name => "keystore_password", :canonical_name => "ssl_keystore_password"},
+     {:name => 'truststore_password', :canonical_name => "ssl_truststore_password"},
+     {:name => "keystore_type", :canonical_name => "ssl_keystore_type"},
+     {:name => 'truststore_type', :canonical_name => 'ssl_truststore_type'}
+    ].each do |settings|
+      context "with option #{settings[:name]}" do
+        let(:conf) { basic_config.merge(settings[:name] => 'test_value') }
+
+        it_behaves_like('an obsolete setting with guidance', settings[:name] => settings[:canonical_name])
+      end
+    end
+  end
+end
+
 shared_examples 'a client with deprecated ssl options' do
   describe LogStash::PluginMixins::HttpClient do
     let(:basic_config) { {} }
@@ -339,6 +376,32 @@ shared_examples 'a client with standardized ssl options' do
         end
       end
     end
+
+    describe 'with ssl_enabled' do
+      context 'set to false' do
+        let(:basic_config) { super().merge('ssl_enabled' => false) }
+        let(:plugin) { plugin_class.new(basic_config) }
+
+        it 'should not configure the client :ssl' do
+          expect(plugin.client_config[:ssl]).to eq({})
+        end
+
+        context 'and another ssl_* config set' do
+          let(:basic_config) { super().merge('ssl_verification_mode' => 'none') }
+          let(:logger_mock) { double('logger') }
+
+          before(:each) do
+            allow(plugin).to receive(:logger).and_return(logger_mock)
+          end
+
+          it 'should log a warn message' do
+            allow(logger_mock).to receive(:warn)
+            plugin.client_config
+            expect(logger_mock).to have_received(:warn).with('Configured SSL settings are not used when `ssl_enabled` is set to `false`: ["ssl_verification_mode"]')
+          end
+        end
+      end
+    end
   end
 end
 
@@ -352,6 +415,11 @@ class PluginWithDeprecatedTrue < LogStash::Inputs::Base
   config_name 'with_deprecated'
 end
 
+class PluginWithObsoleteTrue < LogStash::Inputs::Base
+  include LogStash::PluginMixins::HttpClient[:with_obsolete => true]
+  config_name 'with_obsolete'
+end
+
 class PluginWithDeprecatedFalse < LogStash::Inputs::Base
   include LogStash::PluginMixins::HttpClient[:with_deprecated => false]
   config_name 'without_deprecated'
@@ -365,6 +433,10 @@ describe PluginWithNoModuleConfig do
   it 'includes DeprecatedSslConfigSupport module' do
     expect(plugin_class.ancestors).to include(LogStash::PluginMixins::HttpClient::DeprecatedSslConfigSupport)
   end
+
+  it 'does not include ObsoleteSslConfigSupport module' do
+    expect(plugin_class.ancestors).to_not include(LogStash::PluginMixins::HttpClient::ObsoleteSslConfigSupport)
+  end
 end
 
 describe PluginWithDeprecatedFalse do
@@ -375,11 +447,20 @@ describe PluginWithDeprecatedFalse do
   it 'does not include DeprecatedSslConfigSupport module' do
     expect(plugin_class.ancestors).to_not include(LogStash::PluginMixins::HttpClient::DeprecatedSslConfigSupport)
   end
+
+  it 'does not include ObsoleteSslConfigSupport module' do
+    expect(plugin_class.ancestors).to_not include(LogStash::PluginMixins::HttpClient::ObsoleteSslConfigSupport)
+  end
+
 end
 
 describe PluginWithDeprecatedTrue do
   let(:plugin_class) { PluginWithDeprecatedTrue }
 
+  it 'does not include ObsoleteSslConfigSupport module' do
+    expect(plugin_class.ancestors).to_not include(LogStash::PluginMixins::HttpClient::ObsoleteSslConfigSupport)
+  end
+
   it_behaves_like 'a client with deprecated ssl options'
 
   it_behaves_like 'a client with standardized ssl options'
@@ -435,4 +516,26 @@ describe PluginWithDeprecatedTrue do
   it 'includes DeprecatedSslConfigSupport module' do
     expect(plugin_class.ancestors).to include(LogStash::PluginMixins::HttpClient::DeprecatedSslConfigSupport)
   end
+end
+
+describe "PluginWithObsoleteAndDeprecatedTrue" do
+  it 'raises an error when trying to create a class with obsolete and deprecated both true' do
+    expect {
+      class PluginWithObsoleteAndDeprecatedTrue < LogStash::Inputs::Base
+        include LogStash::PluginMixins::HttpClient[:with_obsolete => true, :with_deprecated => true]
+        config_name 'with_obsolete_and_deprecated'
+    end }.to raise_error ArgumentError, "A plugin cannot support deprecated and obsolete SSL settings"
+  end
+end
+
+describe PluginWithObsoleteTrue do
+  let(:plugin_class) { PluginWithObsoleteTrue }
+
+  it 'includes ObsoleteSslConfigSupport module' do
+    expect(plugin_class.ancestors).to include(LogStash::PluginMixins::HttpClient::ObsoleteSslConfigSupport)
+  end
+
+  it_behaves_like 'a client with obsolete ssl options'
+
+  it_behaves_like 'a client with standardized ssl options'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-mixin-http_client
 version: !ruby/object:Gem::Version
-  version: 7.3.0
+  version: 7.5.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-30 00:00:00.000000000 Z
+date: 2024-11-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -20,8 +20,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.99'
   name: logstash-core-plugin-api
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -37,8 +37,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-plain
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -54,8 +54,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 1.0.0
   name: manticore
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -71,8 +71,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.0'
   name: logstash-mixin-normalize_config_support
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -85,8 +85,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-devutils
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -99,8 +99,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: stud
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -121,6 +121,7 @@ files:
 - README.md
 - lib/logstash/plugin_mixins/http_client.rb
 - lib/logstash/plugin_mixins/http_client/deprecated_ssl_config_support.rb
+- lib/logstash/plugin_mixins/http_client/obsolete_ssl_config_support.rb
 - logstash-mixin-http_client.gemspec
 - spec/plugin_mixin/http_client_spec.rb
 - spec/plugin_mixin/http_client_ssl_spec.rb
@@ -143,10 +144,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
-summary: AWS mixins to provide a unified interface for Amazon Webservice
+summary: Mixin to provide consistent config deprecation and obsoletion across HTTP
+  plugins
 test_files:
 - spec/plugin_mixin/http_client_spec.rb
 - spec/plugin_mixin/http_client_ssl_spec.rb