logstash-output-elasticsearch-test 11.16.0-x86_64-linux

data/spec/unit/outputs/elasticsearch_ssl_spec.rb

@@ -0,0 +1,197 @@
+require_relative "../../../spec/spec_helper"
+require 'stud/temporary'
+
+describe "SSL options" do
+  let(:manticore_double) { double("manticoreSSL #{self.inspect}") }
+
+  let(:settings) { { "ssl_enabled" => true, "hosts" => "localhost", "pool_max" => 1, "pool_max_per_route" => 1 } }
+
+  subject do
+    require "logstash/outputs/elasticsearch"
+    LogStash::Outputs::ElasticSearch.new(settings)
+  end
+
+  before do
+    allow(manticore_double).to receive(:close)
+
+    response_double = double("manticore response").as_null_object
+    # Allow healtchecks
+    allow(manticore_double).to receive(:head).with(any_args).and_return(response_double)
+    allow(manticore_double).to receive(:get).with(any_args).and_return(response_double)
+    allow(::Manticore::Client).to receive(:new).and_return(manticore_double)
+  end
+
+  after do
+    subject.close
+  end
+
+  context "when ssl_verification_mode" do
+    context "is set to none" do
+      let(:settings) { super().merge(
+        "ssl_verification_mode" => 'none',
+      ) }
+
+      it "should print a warning" do
+        expect(subject.logger).to receive(:warn).with(/You have enabled encryption but DISABLED certificate verification/).at_least(:once)
+        allow(subject.logger).to receive(:warn).with(any_args)
+
+        subject.register
+        allow(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:start)
+      end
+
+      it "should pass the flag to the ES client" do
+        expect(::Manticore::Client).to receive(:new) do |args|
+          expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :disable)
+        end.and_return(manticore_double)
+
+        subject.register
+      end
+    end
+
+    context "is set to full" do
+      let(:settings) { super().merge(
+        "ssl_verification_mode" => 'full',
+      ) }
+
+      it "should pass the flag to the ES client" do
+        expect(::Manticore::Client).to receive(:new) do |args|
+          expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :default)
+        end.and_return(manticore_double)
+
+        subject.register
+      end
+    end
+  end
+
+  context "with the conflicting configs" do
+    context "ssl_certificate_authorities and ssl_truststore_path set" do
+      let(:ssl_truststore_path) { Stud::Temporary.file.path }
+      let(:ssl_certificate_authorities_path) { Stud::Temporary.file.path }
+      let(:settings) { super().merge(
+        "ssl_truststore_path" => ssl_truststore_path,
+        "ssl_certificate_authorities" => ssl_certificate_authorities_path
+      ) }
+
+      after :each do
+        File.delete(ssl_truststore_path)
+        File.delete(ssl_certificate_authorities_path)
+      end
+
+      it "should raise a configuration error" do
+        expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Use either "ssl_certificate_authorities\/cacert" or "ssl_truststore_path\/truststore"/)
+      end
+    end
+
+    context "ssl_certificate and ssl_keystore_path set" do
+      let(:ssl_keystore_path) { Stud::Temporary.file.path }
+      let(:ssl_certificate_path) { Stud::Temporary.file.path }
+      let(:settings) { super().merge(
+        "ssl_certificate" => ssl_certificate_path,
+        "ssl_keystore_path" => ssl_keystore_path
+      ) }
+
+      after :each do
+        File.delete(ssl_keystore_path)
+        File.delete(ssl_certificate_path)
+      end
+
+      it "should raise a configuration error" do
+        expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Use either "ssl_certificate" or "ssl_keystore_path\/keystore"/)
+      end
+    end
+  end
+
+  context "when configured with Java store files" do
+    let(:ssl_truststore_path) { Stud::Temporary.file.path }
+    let(:ssl_keystore_path) { Stud::Temporary.file.path }
+
+    after :each do
+      File.delete(ssl_truststore_path)
+      File.delete(ssl_keystore_path)
+    end
+
+    let(:settings) { super().merge(
+      "ssl_truststore_path" => ssl_truststore_path,
+      "ssl_truststore_type" => "jks",
+      "ssl_truststore_password" => "foo",
+      "ssl_keystore_path" => ssl_keystore_path,
+      "ssl_keystore_type" => "jks",
+      "ssl_keystore_password" => "bar",
+      "ssl_verification_mode" => "full",
+      "ssl_cipher_suites" => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
+      "ssl_supported_protocols" => ["TLSv1.3"]
+    ) }
+
+    it "should pass the parameters to the ES client" do
+      expect(::Manticore::Client).to receive(:new) do |args|
+        expect(args[:ssl]).to match hash_including(
+                                      :enabled => true,
+                                      :keystore => ssl_keystore_path,
+                                      :keystore_type => "jks",
+                                      :keystore_password => "bar",
+                                      :truststore => ssl_truststore_path,
+                                      :truststore_type => "jks",
+                                      :truststore_password => "foo",
+                                      :verify => :default,
+                                      :cipher_suites => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
+                                      :protocols => ["TLSv1.3"],
+                                    )
+      end.and_return(manticore_double)
+
+      subject.register
+    end
+  end
+
+  context "when configured with certificate files" do
+    let(:ssl_certificate_authorities_path) { Stud::Temporary.file.path }
+    let(:ssl_certificate_path) { Stud::Temporary.file.path }
+    let(:ssl_key_path) { Stud::Temporary.file.path }
+    let(:settings) { super().merge(
+      "ssl_certificate_authorities" => [ssl_certificate_authorities_path],
+      "ssl_certificate" => ssl_certificate_path,
+      "ssl_key" => ssl_key_path,
+      "ssl_verification_mode" => "full",
+      "ssl_cipher_suites" => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
+      "ssl_supported_protocols" => ["TLSv1.3"]
+    ) }
+
+    after :each do
+      File.delete(ssl_certificate_authorities_path)
+      File.delete(ssl_certificate_path)
+      File.delete(ssl_key_path)
+    end
+
+    it "should pass the parameters to the ES client" do
+      expect(::Manticore::Client).to receive(:new) do |args|
+        expect(args[:ssl]).to match hash_including(
+                                      :enabled => true,
+                                      :ca_file => ssl_certificate_authorities_path,
+                                      :client_cert => ssl_certificate_path,
+                                      :client_key => ssl_key_path,
+                                      :verify => :default,
+                                      :cipher_suites => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
+                                      :protocols => ["TLSv1.3"],
+                                    )
+      end.and_return(manticore_double)
+
+      subject.register
+    end
+
+    context "and only the ssl_certificate is set" do
+      let(:settings) { super().reject { |k| "ssl_key".eql?(k) } }
+
+      it "should raise a configuration error" do
+        expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Using an "ssl_certificate" requires an "ssl_key"/)
+      end
+    end
+
+    context "and only the ssl_key is set" do
+      let(:settings) { super().reject { |k| "ssl_certificate".eql?(k) } }
+
+      it "should raise a configuration error" do
+        expect { subject.register }.to raise_error(LogStash::ConfigurationError, /An "ssl_certificate" is required when using an "ssl_key"/)
+      end
+    end
+  end
+end
+

data/spec/unit/outputs/error_whitelist_spec.rb

@@ -0,0 +1,56 @@
+require "logstash/outputs/elasticsearch"
+require_relative "../../../spec/es_spec_helper"
+
+describe "whitelisting error types in expected behavior" do
+  let(:template) { '{"template" : "not important, will be updated by :index"}' }
+  let(:event1) { LogStash::Event.new("somevalue" => 100, "@timestamp" => "2014-11-17T20:37:17.223Z") }
+  let(:action1) { ["index", {:_id=>1, :routing=>nil, :_index=>"logstash-2014.11.17", :_type=> doc_type }, event1] }
+  let(:settings) { {"manage_template" => true, "index" => "logstash-2014.11.17", "template_overwrite" => true, "hosts" => get_host_port() } }
+
+  subject { LogStash::Outputs::ElasticSearch.new(settings) }
+
+  before :each do
+    allow(subject.logger).to receive(:warn)
+    allow(subject).to receive(:maximum_seen_major_version).and_return(0)
+    allow(subject).to receive(:alive_urls_count).and_return(1)
+    allow(subject).to receive(:finish_register)
+
+    subject.register
+
+    allow(subject.client).to receive(:get_xpack_info)
+    allow(subject.client).to receive(:bulk).and_return(
+      {
+        "errors" => true,
+        "items" => [{
+          "create" => {
+            "status" => 409, 
+            "error" => {
+              "type" => "document_already_exists_exception",
+              "reason" => "[shard] document already exists"
+            }
+          }
+        }]
+      })
+
+    subject.multi_receive([event1])
+  end
+
+  after :each do
+    subject.close
+  end
+
+  describe "when failure logging is enabled for everything" do
+    it "should log a failure on the action" do
+      expect(subject.logger).to have_received(:warn).with("Failed action", anything)
+    end
+  end
+
+  describe "when failure logging is disabled for document exists error" do
+    let(:settings) { super().merge("silence_errors_in_log" => ["document_already_exists_exception"]) }
+
+    it "should log a failure on the action" do
+      expect(subject.logger).not_to have_received(:warn).with("Failed action", anything)
+    end
+  end
+
+end

data/spec/unit/outputs/license_check_spec.rb

@@ -0,0 +1,57 @@
+require "logstash/devutils/rspec/spec_helper"
+require "logstash/outputs/elasticsearch/http_client"
+require "logstash/outputs/elasticsearch/license_checker"
+
+describe LogStash::Outputs::ElasticSearch::LicenseChecker do
+
+  # Note that the actual license checking logic is spec'ed in pool_spec.rb
+
+  context "LicenseChecker API required by Pool class" do
+    subject { described_class }
+
+    it "defines the appropriate_license? methods" do
+      expect(subject.instance_methods).to include(:appropriate_license?)
+    end
+  end
+
+  context "Pool class API required by the LicenseChecker" do
+    subject { LogStash::Outputs::ElasticSearch::HttpClient::Pool }
+
+    it "contains the get_license method" do
+      expect(LogStash::Outputs::ElasticSearch::HttpClient::Pool.instance_methods).to include(:get_license)
+    end
+  end
+
+  context "appropriate license" do
+    let(:logger) { double("logger") }
+    let(:url) { LogStash::Util::SafeURI.new("https://cloud.elastic.co") }
+    let(:pool) { double("pool") }
+    subject { described_class.new(logger) }
+
+    it "is true when connect to serverless" do
+      allow(pool).to receive(:serverless?).and_return(true)
+      expect(subject.appropriate_license?(pool, url)).to eq true
+    end
+
+    it "is true when license status is active" do
+      allow(pool).to receive(:serverless?).and_return(false)
+      allow(pool).to receive(:get_license).with(url).and_return(LogStash::Json.load File.read("spec/fixtures/license_check/active.json"))
+      expect(subject.appropriate_license?(pool, url)).to eq true
+    end
+
+    it "is true when license status is inactive" do
+      allow(logger).to receive(:warn).with(instance_of(String), anything)
+      allow(pool).to receive(:serverless?).and_return(false)
+      allow(pool).to receive(:get_license).with(url).and_return(LogStash::Json.load File.read("spec/fixtures/license_check/inactive.json"))
+      expect(subject.appropriate_license?(pool, url)).to eq true
+    end
+
+    it "is false when no license return" do
+      allow(logger).to receive(:error).with(instance_of(String), anything)
+      allow(pool).to receive(:serverless?).and_return(false)
+      allow(pool).to receive(:get_license).with(url).and_return(LogStash::Json.load('{}'))
+      expect(subject.appropriate_license?(pool, url)).to eq false
+    end
+  end
+end
+