logstash-output-elasticsearch 10.6.2-java → 10.8.2-java

data/lib/logstash/outputs/elasticsearch/http_client.rb

@@ -286,6 +286,7 @@ module LogStash; module Outputs; class ElasticSearch;
       adapter = build_adapter(options)
 
       pool_options = {
+        :license_checker => options[:license_checker],
         :sniffing => sniffing,
         :sniffer_delay => options[:sniffer_delay],
         :sniffing_path => options[:sniffing_path],
@@ -343,15 +344,19 @@ module LogStash; module Outputs; class ElasticSearch;
     end
 
     def template_exists?(name)
-      exists?("/_template/#{name}")
+      exists?("/#{template_endpoint}/#{name}")
     end
 
     def template_put(name, template)
-      path = "_template/#{name}"
+      path = "#{template_endpoint}/#{name}"
       logger.info("Installing elasticsearch template to #{path}")
       @pool.put(path, nil, LogStash::Json.dump(template))
     end
 
+    def template_endpoint
+      maximum_seen_major_version < 8 ? '_template' : '_index_template'
+    end
+
     # ILM methods
 
     # check whether rollover alias already exists

data/lib/logstash/outputs/elasticsearch/http_client/pool.rb

@@ -1,3 +1,5 @@
+require "logstash/plugin_mixins/elasticsearch/noop_license_checker"
+
 module LogStash; module Outputs; class ElasticSearch; class HttpClient;
   class Pool
     class NoConnectionAvailableError < Error; end
@@ -29,6 +31,7 @@ module LogStash; module Outputs; class ElasticSearch; class HttpClient;
     end
 
     attr_reader :logger, :adapter, :sniffing, :sniffer_delay, :resurrect_delay, :healthcheck_path, :sniffing_path, :bulk_path
+    attr_reader :license_checker # license_checker is used by the pool specs
 
     ROOT_URI_PATH = '/'.freeze
     LICENSE_PATH = '/_license'.freeze
@@ -66,12 +69,10 @@ module LogStash; module Outputs; class ElasticSearch; class HttpClient;
       # Holds metadata about all URLs
       @url_info = {}
       @stopping = false
-    end
 
-    def oss?
-     LogStash::Outputs::ElasticSearch.oss?
+      @license_checker = options[:license_checker] || LogStash::PluginMixins::ElasticSearch::NoopLicenseChecker::INSTANCE
     end
-    
+
     def start
       update_initial_urls
       start_resurrectionist
@@ -210,7 +211,6 @@ module LogStash; module Outputs; class ElasticSearch; class HttpClient;
       end
     end
 
-
     def sniff_2x_1x(nodes)
       nodes.map do |id,info|
         # TODO Make sure this works with shield. Does that listed
@@ -245,16 +245,15 @@ module LogStash; module Outputs; class ElasticSearch; class HttpClient;
       end
     end
 
+    # Retrieve ES node license information
+    # @param url [LogStash::Util::SafeURI] ES node URL
+    # @return [Hash] deserialized license document or empty Hash upon any error
     def get_license(url)
       response = perform_request_to_url(url, :get, LICENSE_PATH)
       LogStash::Json.load(response.body)
-    end
-
-    def valid_es_license?(url)
-      license = get_license(url)
-      license.fetch("license", {}).fetch("status", nil) == "active"
     rescue => e
-      false
+      logger.error("Unable to get license information", url: url.sanitized.to_s, error_type: e.class, error: e.message)
+      {}
     end
 
     def health_check_request(url)
@@ -282,19 +281,9 @@ module LogStash; module Outputs; class ElasticSearch; class HttpClient;
               @logger.warn("Detected a node with a higher major version than previously observed. This could be the result of an elasticsearch cluster upgrade.", :previous_major => @maximum_seen_major_version, :new_major => major, :node_url => url.sanitized.to_s)
               set_new_major_version(major)
             end
-            if oss? || valid_es_license?(url)
-              meta[:state] = :alive
-            else
-              # As this version is to be shipped with Logstash 7.x we won't mark the connection as unlicensed
-              #
-              #  logger.error("Cannot connect to the Elasticsearch cluster configured in the Elasticsearch output. Logstash requires the default distribution of Elasticsearch. Please update to the default distribution of Elasticsearch for full access to all free features, or switch to the OSS distribution of Logstash.", :url => url.sanitized.to_s)
-              #  meta[:state] = :unlicensed
-              #
-              # Instead we'll log a deprecation warning and mark it as alive:
-              #
-              log_license_deprecation_warn(url)
-              meta[:state] = :alive
-            end
+
+            alive = @license_checker.appropriate_license?(self, url)
+            meta[:state] = alive ? :alive : :dead
           end
         rescue HostUnreachableError, BadResponseCodeError => e
           logger.warn("Attempted to resurrect connection to dead ES instance, but got an error.", url: url.sanitized.to_s, error_type: e.class, error: e.message)
@@ -306,10 +295,6 @@ module LogStash; module Outputs; class ElasticSearch; class HttpClient;
       @resurrectionist.join if @resurrectionist
     end
 
-    def log_license_deprecation_warn(url)
-      logger.warn("DEPRECATION WARNING: Connecting to an OSS distribution of Elasticsearch using the default distribution of Logstash will stop working in Logstash 8.0.0. Please upgrade to the default distribution of Elasticsearch, or use the OSS distribution of Logstash", :url => url.sanitized.to_s)
-    end
-
     def resurrectionist_alive?
       @resurrectionist ? @resurrectionist.alive? : nil
     end

data/lib/logstash/outputs/elasticsearch/http_client_builder.rb

@@ -15,6 +15,7 @@ module LogStash; module Outputs; class ElasticSearch;
       client_settings[:proxy] = params["proxy"] if params["proxy"]
       
       common_options = {
+        :license_checker => params["license_checker"],
         :client_settings => client_settings,
         :metric => params["metric"],
         :resurrect_delay => params["resurrect_delay"]

data/lib/logstash/outputs/elasticsearch/ilm.rb

@@ -5,10 +5,10 @@ module LogStash; module Outputs; class ElasticSearch
 
     def setup_ilm
       return unless ilm_in_use?
-        logger.warn("Overwriting supplied index #{@index} with rollover alias #{@ilm_rollover_alias}") unless default_index?(@index)
-        @index = @ilm_rollover_alias
-        maybe_create_rollover_alias
-        maybe_create_ilm_policy
+      logger.warn("Overwriting supplied index #{@index} with rollover alias #{@ilm_rollover_alias}") unless default_index?(@index)
+      @index = @ilm_rollover_alias
+      maybe_create_rollover_alias
+      maybe_create_ilm_policy
     end
 
     def default_rollover_alias?(rollover_alias)
@@ -75,6 +75,10 @@ module LogStash; module Outputs; class ElasticSearch
 
     private
 
+    def default_index?(index)
+      index == @default_index
+    end
+
     def ilm_policy_default?
       ilm_policy == LogStash::Outputs::ElasticSearch::DEFAULT_POLICY
     end
@@ -110,4 +114,4 @@ module LogStash; module Outputs; class ElasticSearch
       LogStash::Json.load(::IO.read(policy_path))
     end
   end
- end end end
+end; end; end

data/lib/logstash/outputs/elasticsearch/license_checker.rb

@@ -0,0 +1,47 @@
+module LogStash; module Outputs; class ElasticSearch
+  class LicenseChecker
+
+    def initialize(logger)
+      @logger = logger
+    end
+
+    # Figure out if the provided license is appropriate or not
+    # The appropriate_license? methods is the method called from LogStash::Outputs::ElasticSearch::HttpClient::Pool#healthcheck!
+    # @param url [LogStash::Util::SafeURI] ES node URL
+    # @param license [Hash] ES node deserialized licence document
+    # @return [Boolean] true if provided license is deemed appropriate
+    def appropriate_license?(pool, url)
+      return true if oss?
+
+      license = pool.get_license(url)
+      if valid_es_license?(license)
+        true
+      else
+        # As this version is to be shipped with Logstash 7.x we won't mark the connection as unlicensed
+        #
+        #  @logger.error("Cannot connect to the Elasticsearch cluster configured in the Elasticsearch output. Logstash requires the default distribution of Elasticsearch. Please update to the default distribution of Elasticsearch for full access to all free features, or switch to the OSS distribution of Logstash.", :url => url.sanitized.to_s)
+        #  meta[:state] = :unlicensed
+        #
+        # Instead we'll log a deprecation warning and mark it as alive:
+        #
+        log_license_deprecation_warn(url)
+        true
+      end
+    end
+
+    # Note that oss? could be private but is used by the Pool specs
+    def oss?
+      LogStash::OSS
+    end
+
+    # Note that valid_es_license? could be private but is used by the Pool specs
+    def valid_es_license?(license)
+      license.fetch("license", {}).fetch("status", nil) == "active"
+    end
+
+    # Note that log_license_deprecation_warn could be private but is used by the Pool specs
+    def log_license_deprecation_warn(url)
+      @logger.warn("DEPRECATION WARNING: Connecting to an OSS distribution of Elasticsearch using the default distribution of Logstash will stop working in Logstash 8.0.0. Please upgrade to the default distribution of Elasticsearch, or use the OSS distribution of Logstash", :url => url.sanitized.to_s)
+    end
+  end
+end; end; end

data/lib/logstash/outputs/elasticsearch/template_manager.rb

@@ -34,12 +34,17 @@ module LogStash; module Outputs; class ElasticSearch
     def self.add_ilm_settings_to_template(plugin, template)
       # Overwrite any index patterns, and use the rollover alias. Use 'index_patterns' rather than 'template' for pattern
       # definition - remove any existing definition of 'template'
-      template.delete('template') if template.include?('template')
+      template.delete('template') if template.include?('template') if plugin.maximum_seen_major_version < 8
       template['index_patterns'] = "#{plugin.ilm_rollover_alias}-*"
-      if template['settings'] && (template['settings']['index.lifecycle.name'] || template['settings']['index.lifecycle.rollover_alias'])
+      settings = template_settings(plugin, template)
+      if settings && (settings['index.lifecycle.name'] || settings['index.lifecycle.rollover_alias'])
         plugin.logger.info("Overwriting index lifecycle name and rollover alias as ILM is enabled.")
       end
-      template['settings'].update({ 'index.lifecycle.name' => plugin.ilm_policy, 'index.lifecycle.rollover_alias' => plugin.ilm_rollover_alias})
+      settings.update({ 'index.lifecycle.name' => plugin.ilm_policy, 'index.lifecycle.rollover_alias' => plugin.ilm_rollover_alias})
+    end
+
+    def self.template_settings(plugin, template)
+      plugin.maximum_seen_major_version < 8 ? template['settings']: template['template']['settings']
     end
 
     # Template name - if template_name set, use it

data/lib/logstash/outputs/elasticsearch/templates/ecs-disabled/elasticsearch-8x.json

@@ -1,44 +1,50 @@
 {
   "index_patterns" : "logstash-*",
   "version" : 80001,
-  "settings" : {
-    "index.refresh_interval" : "5s",
-    "number_of_shards": 1
-  },
-  "mappings" : {
-    "dynamic_templates" : [ {
-      "message_field" : {
-        "path_match" : "message",
-        "match_mapping_type" : "string",
-        "mapping" : {
-          "type" : "text",
-          "norms" : false
+  "template" : {
+    "settings" : {
+      "index.refresh_interval" : "5s",
+      "number_of_shards": 1
+    },
+    "mappings" : {
+      "dynamic_templates" : [ {
+        "message_field" : {
+          "path_match" : "message",
+          "match_mapping_type" : "string",
+          "mapping" : {
+            "type" : "text",
+            "norms" : false
+          }
         }
-      }
-    }, {
-      "string_fields" : {
-        "match" : "*",
-        "match_mapping_type" : "string",
-        "mapping" : {
-          "type" : "text", "norms" : false,
-          "fields" : {
-            "keyword" : { "type": "keyword", "ignore_above": 256 }
+      }, {
+        "string_fields" : {
+          "match" : "*",
+          "match_mapping_type" : "string",
+          "mapping" : {
+            "type" : "text", "norms" : false,
+            "fields" : {
+              "keyword" : { "type": "keyword", "ignore_above": 256 }
+            }
           }
         }
-      }
-    } ],
-    "properties" : {
-      "@timestamp": { "type": "date"},
-      "@version": { "type": "keyword"},
-      "geoip"  : {
-        "dynamic": true,
-        "properties" : {
-          "ip": { "type": "ip" },
-          "location" : { "type" : "geo_point" },
-          "latitude" : { "type" : "half_float" },
-          "longitude" : { "type" : "half_float" }
+      } ],
+      "properties" : {
+        "@timestamp": { "type": "date" },
+        "@version": { "type": "keyword" },
+        "geoip"  : {
+          "dynamic": true,
+          "properties" : {
+            "ip": { "type": "ip" },
+            "location" : { "type" : "geo_point" },
+            "latitude" : { "type" : "half_float" },
+            "longitude" : { "type" : "half_float" }
+          }
         }
       }
     }
+  },
+  "priority": 200,
+  "_meta" : {
+    "description": "index template for logstash-output-elasticsearch"
   }
 }

data/lib/logstash/plugin_mixins/elasticsearch/api_configs.rb

@@ -0,0 +1,163 @@
+module LogStash; module PluginMixins; module ElasticSearch
+  module APIConfigs
+
+    # This module defines common options that can be reused by alternate elasticsearch output plugins such as the elasticsearch_data_streams output.
+
+    DEFAULT_HOST = ::LogStash::Util::SafeURI.new("//127.0.0.1")
+
+    def self.included(mod)
+      # Username to authenticate to a secure Elasticsearch cluster
+      mod.config :user, :validate => :string
+      # Password to authenticate to a secure Elasticsearch cluster
+      mod.config :password, :validate => :password
+
+      # Authenticate using Elasticsearch API key.
+      # format is id:api_key (as returned by https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html[Create API key])
+      mod.config :api_key, :validate => :password
+
+      # Cloud authentication string ("<username>:<password>" format) is an alternative for the `user`/`password` configuration.
+      #
+      # For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html#_cloud_auth[cloud documentation]
+      mod.config :cloud_auth, :validate => :password
+
+      # The document ID for the index. Useful for overwriting existing entries in
+      # Elasticsearch with the same ID.
+      mod.config :document_id, :validate => :string
+
+      # HTTP Path at which the Elasticsearch server lives. Use this if you must run Elasticsearch behind a proxy that remaps
+      # the root path for the Elasticsearch HTTP API lives.
+      # Note that if you use paths as components of URLs in the 'hosts' field you may
+      # not also set this field. That will raise an error at startup
+      mod.config :path, :validate => :string
+
+      # HTTP Path to perform the _bulk requests to
+      # this defaults to a concatenation of the path parameter and "_bulk"
+      mod.config :bulk_path, :validate => :string
+
+      # Pass a set of key value pairs as the URL query string. This query string is added
+      # to every host listed in the 'hosts' configuration. If the 'hosts' list contains
+      # urls that already have query strings, the one specified here will be appended.
+      mod.config :parameters, :validate => :hash
+
+      # Enable SSL/TLS secured communication to Elasticsearch cluster. Leaving this unspecified will use whatever scheme
+      # is specified in the URLs listed in 'hosts'. If no explicit protocol is specified plain HTTP will be used.
+      # If SSL is explicitly disabled here the plugin will refuse to start if an HTTPS URL is given in 'hosts'
+      mod.config :ssl, :validate => :boolean
+
+      # Option to validate the server's certificate. Disabling this severely compromises security.
+      # For more information on disabling certificate verification please read
+      # https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
+      mod.config :ssl_certificate_verification, :validate => :boolean, :default => true
+
+      # The .cer or .pem file to validate the server's certificate
+      mod.config :cacert, :validate => :path
+
+      # The JKS truststore to validate the server's certificate.
+      # Use either `:truststore` or `:cacert`
+      mod.config :truststore, :validate => :path
+
+      # Set the truststore password
+      mod.config :truststore_password, :validate => :password
+
+      # The keystore used to present a certificate to the server.
+      # It can be either .jks or .p12
+      mod.config :keystore, :validate => :path
+
+      # Set the keystore password
+      mod.config :keystore_password, :validate => :password
+
+      # This setting asks Elasticsearch for the list of all cluster nodes and adds them to the hosts list.
+      # Note: This will return ALL nodes with HTTP enabled (including master nodes!). If you use
+      # this with master nodes, you probably want to disable HTTP on them by setting
+      # `http.enabled` to false in their elasticsearch.yml. You can either use the `sniffing` option or
+      # manually enter multiple Elasticsearch hosts using the `hosts` parameter.
+      mod.config :sniffing, :validate => :boolean, :default => false
+
+      # How long to wait, in seconds, between sniffing attempts
+      mod.config :sniffing_delay, :validate => :number, :default => 5
+
+      # HTTP Path to be used for the sniffing requests
+      # the default value is computed by concatenating the path value and "_nodes/http"
+      # if sniffing_path is set it will be used as an absolute path
+      # do not use full URL here, only paths, e.g. "/sniff/_nodes/http"
+      mod.config :sniffing_path, :validate => :string
+
+      # Set the address of a forward HTTP proxy.
+      # This used to accept hashes as arguments but now only accepts
+      # arguments of the URI type to prevent leaking credentials.
+      mod.config :proxy, :validate => :uri # but empty string is allowed
+
+      # Set the timeout, in seconds, for network operations and requests sent Elasticsearch. If
+      # a timeout occurs, the request will be retried.
+      mod.config :timeout, :validate => :number, :default => 60
+
+      # Set the Elasticsearch errors in the whitelist that you don't want to log.
+      # A useful example is when you want to skip all 409 errors
+      # which are `document_already_exists_exception`.
+      mod.config :failure_type_logging_whitelist, :validate => :array, :default => []
+
+      # While the output tries to reuse connections efficiently we have a maximum.
+      # This sets the maximum number of open connections the output will create.
+      # Setting this too low may mean frequently closing / opening connections
+      # which is bad.
+      mod.config :pool_max, :validate => :number, :default => 1000
+
+      # While the output tries to reuse connections efficiently we have a maximum per endpoint.
+      # This sets the maximum number of open connections per endpoint the output will create.
+      # Setting this too low may mean frequently closing / opening connections
+      # which is bad.
+      mod.config :pool_max_per_route, :validate => :number, :default => 100
+
+      # HTTP Path where a HEAD request is sent when a backend is marked down
+      # the request is sent in the background to see if it has come back again
+      # before it is once again eligible to service requests.
+      # If you have custom firewall rules you may need to change this
+      mod.config :healthcheck_path, :validate => :string
+
+      # How frequently, in seconds, to wait between resurrection attempts.
+      # Resurrection is the process by which backend endpoints marked 'down' are checked
+      # to see if they have come back to life
+      mod.config :resurrect_delay, :validate => :number, :default => 5
+
+      # How long to wait before checking if the connection is stale before executing a request on a connection using keepalive.
+      # You may want to set this lower, if you get connection errors regularly
+      # Quoting the Apache commons docs (this client is based Apache Commmons):
+      # 'Defines period of inactivity in milliseconds after which persistent connections must
+      # be re-validated prior to being leased to the consumer. Non-positive value passed to
+      # this method disables connection validation. This check helps detect connections that
+      # have become stale (half-closed) while kept inactive in the pool.'
+      # See https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html#setValidateAfterInactivity(int)[these docs for more info]
+      mod.config :validate_after_inactivity, :validate => :number, :default => 10000
+
+      # Enable gzip compression on requests. Note that response compression is on by default for Elasticsearch v5.0 and beyond
+      mod.config :http_compression, :validate => :boolean, :default => false
+
+      # Custom Headers to send on each request to elasticsearch nodes
+      mod.config :custom_headers, :validate => :hash, :default => {}
+
+      # Sets the host(s) of the remote instance. If given an array it will load balance requests across the hosts specified in the `hosts` parameter.
+      # Remember the `http` protocol uses the http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#modules-http[http] address (eg. 9200, not 9300).
+      #     `"127.0.0.1"`
+      #     `["127.0.0.1:9200","127.0.0.2:9200"]`
+      #     `["http://127.0.0.1"]`
+      #     `["https://127.0.0.1:9200"]`
+      #     `["https://127.0.0.1:9200/mypath"]` (If using a proxy on a subpath)
+      # It is important to exclude http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[dedicated master nodes] from the `hosts` list
+      # to prevent LS from sending bulk requests to the master nodes.  So this parameter should only reference either data or client nodes in Elasticsearch.
+      #
+      # Any special characters present in the URLs here MUST be URL escaped! This means `#` should be put in as `%23` for instance.
+      mod.config :hosts, :validate => :uri, :default => [ DEFAULT_HOST ], :list => true
+
+      # Cloud ID, from the Elastic Cloud web console. If set `hosts` should not be used.
+      #
+      # For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html#_cloud_id[cloud documentation]
+      mod.config :cloud_id, :validate => :string
+
+      # Set initial interval in seconds between bulk retries. Doubled on each retry up to `retry_max_interval`
+      mod.config :retry_initial_interval, :validate => :number, :default => 2
+
+      # Set max interval in seconds between bulk retries.
+      mod.config :retry_max_interval, :validate => :number, :default => 64
+    end
+  end
+end; end; end