logstash-output-elasticsearch 11.13.0-java → 11.14.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +19 -0
- data/docs/index.asciidoc +211 -62
- data/lib/logstash/outputs/elasticsearch/http_client_builder.rb +44 -19
- data/lib/logstash/outputs/elasticsearch/template_manager.rb +26 -3
- data/lib/logstash/outputs/elasticsearch.rb +52 -0
- data/lib/logstash/plugin_mixins/elasticsearch/api_configs.rb +51 -7
- data/lib/logstash/plugin_mixins/elasticsearch/common.rb +2 -3
- data/logstash-output-elasticsearch.gemspec +2 -1
- data/spec/integration/outputs/index_spec.rb +16 -16
- data/spec/unit/outputs/elasticsearch/data_stream_support_spec.rb +1 -1
- data/spec/unit/outputs/elasticsearch/template_manager_spec.rb +72 -20
- data/spec/unit/outputs/elasticsearch_spec.rb +91 -17
- data/spec/unit/outputs/elasticsearch_ssl_spec.rb +166 -50
- metadata +16 -2
@@ -45,35 +45,79 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
45
45
|
# Enable SSL/TLS secured communication to Elasticsearch cluster. Leaving this unspecified will use whatever scheme
|
46
46
|
# is specified in the URLs listed in 'hosts'. If no explicit protocol is specified plain HTTP will be used.
|
47
47
|
# If SSL is explicitly disabled here the plugin will refuse to start if an HTTPS URL is given in 'hosts'
|
48
|
-
:ssl => { :validate => :boolean },
|
48
|
+
:ssl => { :validate => :boolean, :deprecated => "Set 'ssl_enabled' instead." },
|
49
|
+
|
50
|
+
# Enable SSL/TLS secured communication to Elasticsearch cluster. Leaving this unspecified will use whatever scheme
|
51
|
+
# is specified in the URLs listed in 'hosts'. If no explicit protocol is specified plain HTTP will be used.
|
52
|
+
# If SSL is explicitly disabled here the plugin will refuse to start if an HTTPS URL is given in 'hosts'
|
53
|
+
:ssl_enabled => { :validate => :boolean },
|
49
54
|
|
50
55
|
# Option to validate the server's certificate. Disabling this severely compromises security.
|
51
56
|
# For more information on disabling certificate verification please read
|
52
57
|
# https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
|
53
|
-
:ssl_certificate_verification => { :validate => :boolean, :default => true },
|
58
|
+
:ssl_certificate_verification => { :validate => :boolean, :default => true, :deprecated => "Set 'ssl_verification_mode' instead." },
|
59
|
+
|
60
|
+
# Options to verify the server's certificate.
|
61
|
+
# "full": validates that the provided certificate has an issue date that’s within the not_before and not_after dates;
|
62
|
+
# chains to a trusted Certificate Authority (CA); has a hostname or IP address that matches the names within the certificate.
|
63
|
+
# "none": performs no certificate validation. Disabling this severely compromises security (https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)
|
64
|
+
:ssl_verification_mode => { :validate => %w[full none], :default => 'full' },
|
54
65
|
|
55
66
|
# The .cer or .pem file to validate the server's certificate
|
56
|
-
:cacert => { :validate => :path },
|
67
|
+
:cacert => { :validate => :path, :deprecated => "Set 'ssl_certificate_authorities' instead." },
|
68
|
+
|
69
|
+
# The .cer or .pem files to validate the server's certificate
|
70
|
+
:ssl_certificate_authorities => { :validate => :path, :list => true },
|
57
71
|
|
58
72
|
# One or more hex-encoded SHA256 fingerprints to trust as Certificate Authorities
|
59
73
|
:ca_trusted_fingerprint => LogStash::PluginMixins::CATrustedFingerprintSupport,
|
60
74
|
|
61
75
|
# The JKS truststore to validate the server's certificate.
|
62
76
|
# Use either `:truststore` or `:cacert`
|
63
|
-
:truststore => { :validate => :path },
|
77
|
+
:truststore => { :validate => :path, :deprecated => "Set 'ssl_truststore_path' instead." },
|
78
|
+
|
79
|
+
# The JKS truststore to validate the server's certificate.
|
80
|
+
# Use either `:ssl_truststore_path` or `:ssl_certificate_authorities`
|
81
|
+
:ssl_truststore_path => { :validate => :path },
|
82
|
+
|
83
|
+
# The format of the truststore file. It must be either jks or pkcs12
|
84
|
+
:ssl_truststore_type => { :validate => %w[pkcs12 jks] },
|
85
|
+
|
86
|
+
# Set the truststore password
|
87
|
+
:truststore_password => { :validate => :password, :deprecated => "Use 'ssl_truststore_password' instead." },
|
64
88
|
|
65
89
|
# Set the truststore password
|
66
|
-
:
|
90
|
+
:ssl_truststore_password => { :validate => :password },
|
67
91
|
|
68
92
|
# The keystore used to present a certificate to the server.
|
69
93
|
# It can be either .jks or .p12
|
70
|
-
:keystore => { :validate => :path },
|
94
|
+
:keystore => { :validate => :path, :deprecated => "Set 'ssl_keystore_path' instead." },
|
95
|
+
|
96
|
+
# The keystore used to present a certificate to the server.
|
97
|
+
# It can be either .jks or .p12
|
98
|
+
:ssl_keystore_path => { :validate => :path },
|
99
|
+
|
100
|
+
# The format of the keystore file. It must be either jks or pkcs12
|
101
|
+
:ssl_keystore_type => { :validate => %w[pkcs12 jks] },
|
71
102
|
|
72
103
|
# Set the keystore password
|
73
|
-
:keystore_password => { :validate => :password },
|
104
|
+
:keystore_password => { :validate => :password, :deprecated => "Set 'ssl_keystore_password' instead." },
|
105
|
+
|
106
|
+
# Set the keystore password
|
107
|
+
:ssl_keystore_password => { :validate => :password },
|
74
108
|
|
75
109
|
:ssl_supported_protocols => { :validate => ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'], :default => [], :list => true },
|
76
110
|
|
111
|
+
# OpenSSL-style X.509 certificate certificate to authenticate the client
|
112
|
+
:ssl_certificate => { :validate => :path },
|
113
|
+
|
114
|
+
# OpenSSL-style RSA private key to authenticate the client
|
115
|
+
:ssl_key => { :validate => :path },
|
116
|
+
|
117
|
+
# The list of cipher suites to use, listed by priorities.
|
118
|
+
# Supported cipher suites vary depending on which version of Java is used.
|
119
|
+
:ssl_cipher_suites => { :validate => :string, :list => true },
|
120
|
+
|
77
121
|
# This setting asks Elasticsearch for the list of all cluster nodes and adds them to the hosts list.
|
78
122
|
# Note: This will return ALL nodes with HTTP enabled (including master nodes!). If you use
|
79
123
|
# this with master nodes, you probably want to disable HTTP on them by setting
|
@@ -28,8 +28,7 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
28
28
|
|
29
29
|
setup_hosts
|
30
30
|
|
31
|
-
|
32
|
-
params['ssl'] = effectively_ssl? unless params.include?('ssl')
|
31
|
+
params['ssl_enabled'] = effectively_ssl? unless params.include?('ssl_enabled')
|
33
32
|
|
34
33
|
# inject the TrustStrategy from CATrustedFingerprintSupport
|
35
34
|
if trust_strategy_for_ca_trusted_fingerprint
|
@@ -74,7 +73,7 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
74
73
|
end
|
75
74
|
|
76
75
|
def effectively_ssl?
|
77
|
-
return @
|
76
|
+
return @ssl_enabled unless @ssl_enabled.nil?
|
78
77
|
|
79
78
|
hosts = Array(@hosts)
|
80
79
|
return false if hosts.nil? || hosts.empty?
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'logstash-output-elasticsearch'
|
3
|
-
s.version = '11.
|
3
|
+
s.version = '11.14.0'
|
4
4
|
s.licenses = ['apache-2.0']
|
5
5
|
s.summary = "Stores logs in Elasticsearch"
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -26,6 +26,7 @@ Gem::Specification.new do |s|
|
|
26
26
|
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.0'
|
27
27
|
s.add_runtime_dependency 'logstash-mixin-deprecation_logger_support', '~>1.0'
|
28
28
|
s.add_runtime_dependency 'logstash-mixin-ca_trusted_fingerprint_support', '~>1.0'
|
29
|
+
s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
|
29
30
|
|
30
31
|
s.add_development_dependency 'logstash-codec-plain'
|
31
32
|
s.add_development_dependency 'logstash-devutils'
|
@@ -289,8 +289,8 @@ describe "indexing" do
|
|
289
289
|
"hosts" => [ get_host_port ],
|
290
290
|
"user" => user,
|
291
291
|
"password" => password,
|
292
|
-
"
|
293
|
-
"
|
292
|
+
"ssl_enabled" => true,
|
293
|
+
"ssl_certificate_authorities" => cacert,
|
294
294
|
"index" => index
|
295
295
|
}
|
296
296
|
end
|
@@ -302,7 +302,7 @@ describe "indexing" do
|
|
302
302
|
|
303
303
|
context "when no keystore nor ca cert set and verification is disabled" do
|
304
304
|
let(:config) do
|
305
|
-
super().tap { |config| config.delete('
|
305
|
+
super().tap { |config| config.delete('ssl_certificate_authorities') }.merge('ssl_verification_mode' => 'none')
|
306
306
|
end
|
307
307
|
|
308
308
|
include_examples("an indexer", true)
|
@@ -311,9 +311,9 @@ describe "indexing" do
|
|
311
311
|
context "when keystore is set and verification is disabled" do
|
312
312
|
let(:config) do
|
313
313
|
super().merge(
|
314
|
-
'
|
315
|
-
'
|
316
|
-
'
|
314
|
+
'ssl_verification_mode' => 'none',
|
315
|
+
'ssl_keystore_path' => 'spec/fixtures/test_certs/test.p12',
|
316
|
+
'ssl_keystore_password' => '1234567890'
|
317
317
|
)
|
318
318
|
end
|
319
319
|
|
@@ -322,10 +322,10 @@ describe "indexing" do
|
|
322
322
|
|
323
323
|
context "when keystore has self-signed cert and verification is disabled" do
|
324
324
|
let(:config) do
|
325
|
-
super().tap { |config| config.delete('
|
326
|
-
'
|
327
|
-
'
|
328
|
-
'
|
325
|
+
super().tap { |config| config.delete('ssl_certificate_authorities') }.merge(
|
326
|
+
'ssl_verification_mode' => 'none',
|
327
|
+
'ssl_keystore_path' => 'spec/fixtures/test_certs/test_self_signed.p12',
|
328
|
+
'ssl_keystore_password' => '1234567890'
|
329
329
|
)
|
330
330
|
end
|
331
331
|
|
@@ -349,8 +349,8 @@ describe "indexing" do
|
|
349
349
|
let(:config) do
|
350
350
|
{
|
351
351
|
"hosts" => ["https://#{CGI.escape(user)}:#{CGI.escape(password)}@elasticsearch:9200"],
|
352
|
-
"
|
353
|
-
"
|
352
|
+
"ssl_enabled" => true,
|
353
|
+
"ssl_certificate_authorities" => "spec/fixtures/test_certs/test.crt",
|
354
354
|
"index" => index
|
355
355
|
}
|
356
356
|
end
|
@@ -358,10 +358,10 @@ describe "indexing" do
|
|
358
358
|
include_examples("an indexer", true)
|
359
359
|
end
|
360
360
|
|
361
|
-
context "without providing `
|
361
|
+
context "without providing `ssl_certificate_authorities`" do
|
362
362
|
let(:config) do
|
363
363
|
super().tap do |c|
|
364
|
-
c.delete("
|
364
|
+
c.delete("ssl_certificate_authorities")
|
365
365
|
end
|
366
366
|
end
|
367
367
|
|
@@ -369,10 +369,10 @@ describe "indexing" do
|
|
369
369
|
end
|
370
370
|
|
371
371
|
if Gem::Version.new(LOGSTASH_VERSION) >= Gem::Version.new("8.3.0")
|
372
|
-
context "with `ca_trusted_fingerprint` instead of `
|
372
|
+
context "with `ca_trusted_fingerprint` instead of `ssl_certificate_authorities`" do
|
373
373
|
let(:config) do
|
374
374
|
super().tap do |c|
|
375
|
-
c.delete("
|
375
|
+
c.delete("ssl_certificate_authorities")
|
376
376
|
c.update("ca_trusted_fingerprint" => ca_trusted_fingerprint)
|
377
377
|
end
|
378
378
|
end
|
@@ -114,7 +114,7 @@ describe LogStash::Outputs::ElasticSearch::DataStreamSupport do
|
|
114
114
|
{
|
115
115
|
'hosts' => [ 'http://127.0.0.1:12345' ],
|
116
116
|
'http_compression' => 'true', 'bulk_path' => '_bulk', 'timeout' => '30',
|
117
|
-
'user' => 'elastic', 'password' => 'ForSearch!', '
|
117
|
+
'user' => 'elastic', 'password' => 'ForSearch!', 'ssl_enabled' => 'false'
|
118
118
|
}
|
119
119
|
end
|
120
120
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
require_relative "../../../../spec/spec_helper"
|
2
2
|
require "logstash/outputs/elasticsearch/template_manager"
|
3
3
|
|
4
4
|
describe LogStash::Outputs::ElasticSearch::TemplateManager do
|
@@ -33,33 +33,85 @@ describe LogStash::Outputs::ElasticSearch::TemplateManager do
|
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
36
|
-
|
36
|
+
context "index template with ilm settings" do
|
37
37
|
let(:plugin_settings) { {"manage_template" => true, "template_overwrite" => true} }
|
38
38
|
let(:plugin) { LogStash::Outputs::ElasticSearch.new(plugin_settings) }
|
39
39
|
|
40
|
-
describe "
|
41
|
-
let(:file_path) { described_class.default_template_path(8) }
|
42
|
-
let(:template) { described_class.read_template_file(file_path)}
|
40
|
+
describe "with custom template" do
|
43
41
|
|
44
|
-
|
45
|
-
|
46
|
-
described_class.
|
47
|
-
|
48
|
-
|
49
|
-
|
42
|
+
describe "in version 8+" do
|
43
|
+
let(:file_path) { described_class.default_template_path(8) }
|
44
|
+
let(:template) { described_class.read_template_file(file_path)}
|
45
|
+
|
46
|
+
it "should update settings" do
|
47
|
+
expect(plugin).to receive(:maximum_seen_major_version).at_least(:once).and_return(8)
|
48
|
+
described_class.add_ilm_settings_to_template(plugin, template)
|
49
|
+
expect(template['template']['settings']['index.lifecycle.name']).not_to eq(nil)
|
50
|
+
expect(template['template']['settings']['index.lifecycle.rollover_alias']).not_to eq(nil)
|
51
|
+
expect(template.include?('settings')).to be_falsey
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
describe "in version < 8" do
|
56
|
+
let(:file_path) { described_class.default_template_path(7) }
|
57
|
+
let(:template) { described_class.read_template_file(file_path)}
|
58
|
+
|
59
|
+
it "should update settings" do
|
60
|
+
expect(plugin).to receive(:maximum_seen_major_version).at_least(:once).and_return(7)
|
61
|
+
described_class.add_ilm_settings_to_template(plugin, template)
|
62
|
+
expect(template['settings']['index.lifecycle.name']).not_to eq(nil)
|
63
|
+
expect(template['settings']['index.lifecycle.rollover_alias']).not_to eq(nil)
|
64
|
+
expect(template.include?('template')).to be_falsey
|
65
|
+
end
|
50
66
|
end
|
51
67
|
end
|
52
68
|
|
53
|
-
|
54
|
-
let(:
|
55
|
-
|
69
|
+
context "resolve template setting" do
|
70
|
+
let(:plugin_settings) { super().merge({"template_api" => template_api}) }
|
71
|
+
|
72
|
+
describe "with composable template API" do
|
73
|
+
let(:template_api) { "composable" }
|
56
74
|
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
75
|
+
it 'resolves composable index template API compatible setting' do
|
76
|
+
expect(plugin).to receive(:maximum_seen_major_version).at_least(:once).and_return(8) # required to log
|
77
|
+
template = {}
|
78
|
+
described_class.resolve_template_settings(plugin, template)
|
79
|
+
expect(template["template"]["settings"]).not_to eq(nil)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
describe "with legacy template API" do
|
84
|
+
let(:template_api) { "legacy" }
|
85
|
+
|
86
|
+
it 'resolves legacy index template API compatible setting' do
|
87
|
+
expect(plugin).to receive(:maximum_seen_major_version).at_least(:once).and_return(7) # required to log
|
88
|
+
template = {}
|
89
|
+
described_class.resolve_template_settings(plugin, template)
|
90
|
+
expect(template["settings"]).not_to eq(nil)
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
describe "with `template_api => 'auto'`" do
|
95
|
+
let(:template_api) { "auto" }
|
96
|
+
|
97
|
+
describe "with ES < 8 versions" do
|
98
|
+
|
99
|
+
it 'resolves legacy index template API compatible setting' do
|
100
|
+
expect(plugin).to receive(:maximum_seen_major_version).at_least(:once).and_return(7)
|
101
|
+
template = {}
|
102
|
+
described_class.resolve_template_settings(plugin, template)
|
103
|
+
expect(template["settings"]).not_to eq(nil)
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
describe "with ES >= 8 versions" do
|
108
|
+
it 'resolves composable index template API compatible setting' do
|
109
|
+
expect(plugin).to receive(:maximum_seen_major_version).at_least(:once).and_return(8)
|
110
|
+
template = {}
|
111
|
+
described_class.resolve_template_settings(plugin, template)
|
112
|
+
expect(template["template"]["settings"]).not_to eq(nil)
|
113
|
+
end
|
114
|
+
end
|
63
115
|
end
|
64
116
|
end
|
65
117
|
end
|
@@ -699,9 +699,8 @@ describe LogStash::Outputs::ElasticSearch do
|
|
699
699
|
end
|
700
700
|
end
|
701
701
|
|
702
|
-
|
703
|
-
|
704
|
-
let(:options) { {"ssl" => true}}
|
702
|
+
context "With the 'ssl_enabled' option" do
|
703
|
+
let(:options) { {"ssl_enabled" => true}}
|
705
704
|
|
706
705
|
include_examples("an encrypted client connection")
|
707
706
|
end
|
@@ -712,6 +711,81 @@ describe LogStash::Outputs::ElasticSearch do
|
|
712
711
|
end
|
713
712
|
end
|
714
713
|
|
714
|
+
describe "SSL deprecated settings" do
|
715
|
+
let(:base_options) { {"ssl" => "true"} }
|
716
|
+
|
717
|
+
context "with client certificate" do
|
718
|
+
let(:do_register) { true }
|
719
|
+
let(:cacert) { Stud::Temporary.file.path }
|
720
|
+
let(:options) { base_options.merge(
|
721
|
+
"cacert" => cacert,
|
722
|
+
"ssl_certificate_verification" => false
|
723
|
+
) }
|
724
|
+
|
725
|
+
after :each do
|
726
|
+
File.delete(cacert)
|
727
|
+
end
|
728
|
+
|
729
|
+
it "should map new configs into params" do
|
730
|
+
expect(subject.params).to match hash_including(
|
731
|
+
"ssl_enabled" => true,
|
732
|
+
"ssl_verification_mode" => "none",
|
733
|
+
"ssl_certificate_authorities" => [cacert]
|
734
|
+
)
|
735
|
+
end
|
736
|
+
|
737
|
+
it "should set new configs variables" do
|
738
|
+
expect(subject.instance_variable_get(:@ssl_enabled)).to eql(true)
|
739
|
+
expect(subject.instance_variable_get(:@ssl_verification_mode)).to eql("none")
|
740
|
+
expect(subject.instance_variable_get(:@ssl_certificate_authorities)).to eql([cacert])
|
741
|
+
end
|
742
|
+
end
|
743
|
+
|
744
|
+
context "with java stores" do
|
745
|
+
let(:do_register) { true }
|
746
|
+
let(:keystore) { Stud::Temporary.file.path }
|
747
|
+
let(:truststore) { Stud::Temporary.file.path }
|
748
|
+
let(:options) { base_options.merge(
|
749
|
+
"keystore" => keystore,
|
750
|
+
"keystore_password" => "keystore",
|
751
|
+
"truststore" => truststore,
|
752
|
+
"truststore_password" => "truststore",
|
753
|
+
"ssl_certificate_verification" => true
|
754
|
+
) }
|
755
|
+
|
756
|
+
let(:spy_http_client_builder!) do
|
757
|
+
allow(described_class::HttpClientBuilder).to receive(:build).with(any_args).and_call_original
|
758
|
+
allow(described_class::HttpClientBuilder).to receive(:setup_ssl).with(any_args).and_return({})
|
759
|
+
end
|
760
|
+
|
761
|
+
after :each do
|
762
|
+
File.delete(keystore)
|
763
|
+
File.delete(truststore)
|
764
|
+
end
|
765
|
+
|
766
|
+
it "should map new configs into params" do
|
767
|
+
expect(subject.params).to match hash_including(
|
768
|
+
"ssl_enabled" => true,
|
769
|
+
"ssl_keystore_path" => keystore,
|
770
|
+
"ssl_truststore_path" => truststore,
|
771
|
+
"ssl_verification_mode" => "full"
|
772
|
+
)
|
773
|
+
|
774
|
+
expect(subject.params["ssl_keystore_password"].value).to eql("keystore")
|
775
|
+
expect(subject.params["ssl_truststore_password"].value).to eql("truststore")
|
776
|
+
end
|
777
|
+
|
778
|
+
it "should set new configs variables" do
|
779
|
+
expect(subject.instance_variable_get(:@ssl_enabled)).to eql(true)
|
780
|
+
expect(subject.instance_variable_get(:@ssl_keystore_path)).to eql(keystore)
|
781
|
+
expect(subject.instance_variable_get(:@ssl_keystore_password).value).to eql("keystore")
|
782
|
+
expect(subject.instance_variable_get(:@ssl_truststore_path)).to eql(truststore)
|
783
|
+
expect(subject.instance_variable_get(:@ssl_truststore_password).value).to eql("truststore")
|
784
|
+
expect(subject.instance_variable_get(:@ssl_verification_mode)).to eql("full")
|
785
|
+
end
|
786
|
+
end
|
787
|
+
end
|
788
|
+
|
715
789
|
describe "retry_on_conflict" do
|
716
790
|
let(:num_retries) { 123 }
|
717
791
|
let(:event) { LogStash::Event.new("myactionfield" => "update", "message" => "blah") }
|
@@ -1093,12 +1167,12 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1093
1167
|
it 'adds the appropriate Authorization header to the manticore client' do
|
1094
1168
|
expect(manticore_options[:headers]).to eq({ "Authorization" => base64_api_key })
|
1095
1169
|
end
|
1096
|
-
it 'is provides
|
1097
|
-
expect(described_class::HttpClientBuilder).to have_received(:build).with(anything, anything, hash_including('
|
1170
|
+
it 'is provides ssl_enabled=>true to the http client builder' do; aggregate_failures do
|
1171
|
+
expect(described_class::HttpClientBuilder).to have_received(:build).with(anything, anything, hash_including('ssl_enabled'=>true))
|
1098
1172
|
end; end
|
1099
1173
|
end
|
1100
1174
|
|
1101
|
-
context "when set without
|
1175
|
+
context "when set without ssl_enabled => true" do
|
1102
1176
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1103
1177
|
let(:options) { { "api_key" => api_key } }
|
1104
1178
|
|
@@ -1114,14 +1188,14 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1114
1188
|
end
|
1115
1189
|
end
|
1116
1190
|
|
1117
|
-
context "when set without
|
1191
|
+
context "when set without ssl_enabled specified but with an https host" do
|
1118
1192
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1119
1193
|
let(:options) { { "hosts" => ["https://some.host.com"], "api_key" => api_key } }
|
1120
1194
|
|
1121
1195
|
it_behaves_like 'secure api-key authenticated client'
|
1122
1196
|
end
|
1123
1197
|
|
1124
|
-
context "when set without
|
1198
|
+
context "when set without ssl_enabled specified but with an http host`" do
|
1125
1199
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1126
1200
|
let(:options) { { "hosts" => ["http://some.host.com"], "api_key" => api_key } }
|
1127
1201
|
|
@@ -1130,9 +1204,9 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1130
1204
|
end
|
1131
1205
|
end
|
1132
1206
|
|
1133
|
-
context "when set with `
|
1207
|
+
context "when set with `ssl_enabled => false`" do
|
1134
1208
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1135
|
-
let(:options) { { "
|
1209
|
+
let(:options) { { "ssl_enabled" => "false", "api_key" => api_key } }
|
1136
1210
|
|
1137
1211
|
it "should raise a configuration error" do
|
1138
1212
|
expect { subject.register }.to raise_error LogStash::ConfigurationError, /requires SSL\/TLS/
|
@@ -1142,13 +1216,13 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1142
1216
|
context "when set" do
|
1143
1217
|
let(:options) { { "api_key" => ::LogStash::Util::Password.new(api_key) } }
|
1144
1218
|
|
1145
|
-
context "with
|
1146
|
-
let(:options) { super().merge("
|
1219
|
+
context "with ssl_enabled => true" do
|
1220
|
+
let(:options) { super().merge("ssl_enabled" => true) }
|
1147
1221
|
it_behaves_like 'secure api-key authenticated client'
|
1148
1222
|
end
|
1149
1223
|
|
1150
|
-
context "with
|
1151
|
-
let(:options) { super().merge("
|
1224
|
+
context "with ssl_enabled => false" do
|
1225
|
+
let(:options) { super().merge("ssl_enabled" => "false") }
|
1152
1226
|
|
1153
1227
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1154
1228
|
it "should raise a configuration error" do
|
@@ -1156,7 +1230,7 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1156
1230
|
end
|
1157
1231
|
end
|
1158
1232
|
|
1159
|
-
context "without
|
1233
|
+
context "without ssl_enabled specified" do
|
1160
1234
|
context "with an https host" do
|
1161
1235
|
let(:options) { super().merge("hosts" => ["https://some.host.com"]) }
|
1162
1236
|
it_behaves_like 'secure api-key authenticated client'
|
@@ -1180,7 +1254,7 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1180
1254
|
|
1181
1255
|
context 'user also set' do
|
1182
1256
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1183
|
-
let(:options) { { "
|
1257
|
+
let(:options) { { "ssl_enabled" => true, "api_key" => api_key, 'user' => 'another' } }
|
1184
1258
|
|
1185
1259
|
it "should fail" do
|
1186
1260
|
expect { subject.register }.to raise_error LogStash::ConfigurationError, /Multiple authentication options are specified/
|
@@ -1189,7 +1263,7 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1189
1263
|
|
1190
1264
|
context 'cloud_auth also set' do
|
1191
1265
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1192
|
-
let(:options) { { "
|
1266
|
+
let(:options) { { "ssl_enabled" => true, "api_key" => api_key, 'cloud_auth' => 'foobar' } }
|
1193
1267
|
|
1194
1268
|
it "should fail" do
|
1195
1269
|
expect { subject.register }.to raise_error LogStash::ConfigurationError, /Multiple authentication options are specified/
|