logstash-output-elasticsearch 11.13.0-java → 11.14.0-java

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,81 +1,197 @@
1
1
  require_relative "../../../spec/spec_helper"
2
2
  require 'stud/temporary'
3
3
 
4
- describe "SSL option" do
4
+ describe "SSL options" do
5
5
  let(:manticore_double) { double("manticoreSSL #{self.inspect}") }
6
+
7
+ let(:settings) { { "ssl_enabled" => true, "hosts" => "localhost", "pool_max" => 1, "pool_max_per_route" => 1 } }
8
+
9
+ subject do
10
+ require "logstash/outputs/elasticsearch"
11
+ LogStash::Outputs::ElasticSearch.new(settings)
12
+ end
13
+
6
14
  before do
7
15
  allow(manticore_double).to receive(:close)
8
-
16
+
9
17
  response_double = double("manticore response").as_null_object
10
18
  # Allow healtchecks
11
19
  allow(manticore_double).to receive(:head).with(any_args).and_return(response_double)
12
20
  allow(manticore_double).to receive(:get).with(any_args).and_return(response_double)
13
-
14
21
  allow(::Manticore::Client).to receive(:new).and_return(manticore_double)
15
22
  end
16
-
17
- context "when using ssl without cert verification" do
18
- subject do
19
- require "logstash/outputs/elasticsearch"
20
- settings = {
21
- "hosts" => "localhost",
22
- "ssl" => true,
23
- "ssl_certificate_verification" => false,
24
- "pool_max" => 1,
25
- "pool_max_per_route" => 1
26
- }
27
- LogStash::Outputs::ElasticSearch.new(settings)
23
+
24
+ after do
25
+ subject.close
26
+ end
27
+
28
+ context "when ssl_verification_mode" do
29
+ context "is set to none" do
30
+ let(:settings) { super().merge(
31
+ "ssl_verification_mode" => 'none',
32
+ ) }
33
+
34
+ it "should print a warning" do
35
+ expect(subject.logger).to receive(:warn).with(/You have enabled encryption but DISABLED certificate verification/).at_least(:once)
36
+ allow(subject.logger).to receive(:warn).with(any_args)
37
+
38
+ subject.register
39
+ allow(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:start)
40
+ end
41
+
42
+ it "should pass the flag to the ES client" do
43
+ expect(::Manticore::Client).to receive(:new) do |args|
44
+ expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :disable)
45
+ end.and_return(manticore_double)
46
+
47
+ subject.register
48
+ end
28
49
  end
29
-
30
- after do
31
- subject.close
50
+
51
+ context "is set to full" do
52
+ let(:settings) { super().merge(
53
+ "ssl_verification_mode" => 'full',
54
+ ) }
55
+
56
+ it "should pass the flag to the ES client" do
57
+ expect(::Manticore::Client).to receive(:new) do |args|
58
+ expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :strict)
59
+ end.and_return(manticore_double)
60
+
61
+ subject.register
62
+ end
32
63
  end
33
-
34
- it "should pass the flag to the ES client" do
35
- expect(::Manticore::Client).to receive(:new) do |args|
36
- expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :disable)
37
- end.and_return(manticore_double)
38
-
39
- subject.register
64
+ end
65
+
66
+ context "with the conflicting configs" do
67
+ context "ssl_certificate_authorities and ssl_truststore_path set" do
68
+ let(:ssl_truststore_path) { Stud::Temporary.file.path }
69
+ let(:ssl_certificate_authorities_path) { Stud::Temporary.file.path }
70
+ let(:settings) { super().merge(
71
+ "ssl_truststore_path" => ssl_truststore_path,
72
+ "ssl_certificate_authorities" => ssl_certificate_authorities_path
73
+ ) }
74
+
75
+ after :each do
76
+ File.delete(ssl_truststore_path)
77
+ File.delete(ssl_certificate_authorities_path)
78
+ end
79
+
80
+ it "should raise a configuration error" do
81
+ expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Use either "ssl_certificate_authorities\/cacert" or "ssl_truststore_path\/truststore"/)
82
+ end
40
83
  end
41
84
 
42
- it "should print a warning" do
43
- disabled_matcher = /You have enabled encryption but DISABLED certificate verification/
44
- expect(subject.logger).to receive(:warn).with(disabled_matcher).at_least(:once)
45
- allow(subject.logger).to receive(:warn).with(any_args)
46
-
47
- subject.register
48
- allow(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:start)
85
+ context "ssl_certificate and ssl_keystore_path set" do
86
+ let(:ssl_keystore_path) { Stud::Temporary.file.path }
87
+ let(:ssl_certificate_path) { Stud::Temporary.file.path }
88
+ let(:settings) { super().merge(
89
+ "ssl_certificate" => ssl_certificate_path,
90
+ "ssl_keystore_path" => ssl_keystore_path
91
+ ) }
92
+
93
+ after :each do
94
+ File.delete(ssl_keystore_path)
95
+ File.delete(ssl_certificate_path)
96
+ end
97
+
98
+ it "should raise a configuration error" do
99
+ expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Use either "ssl_certificate" or "ssl_keystore_path\/keystore"/)
100
+ end
49
101
  end
50
102
  end
51
103
 
52
- context "when using ssl with client certificates" do
53
- let(:keystore_path) { Stud::Temporary.file.path }
54
- before do
55
- `openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout lumberjack.key -out #{keystore_path}.pem`
56
- end
104
+ context "when configured with Java store files" do
105
+ let(:ssl_truststore_path) { Stud::Temporary.file.path }
106
+ let(:ssl_keystore_path) { Stud::Temporary.file.path }
57
107
 
58
108
  after :each do
59
- File.delete(keystore_path)
60
- subject.close
109
+ File.delete(ssl_truststore_path)
110
+ File.delete(ssl_keystore_path)
111
+ end
112
+
113
+ let(:settings) { super().merge(
114
+ "ssl_truststore_path" => ssl_truststore_path,
115
+ "ssl_truststore_type" => "jks",
116
+ "ssl_truststore_password" => "foo",
117
+ "ssl_keystore_path" => ssl_keystore_path,
118
+ "ssl_keystore_type" => "jks",
119
+ "ssl_keystore_password" => "bar",
120
+ "ssl_verification_mode" => "full",
121
+ "ssl_cipher_suites" => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
122
+ "ssl_supported_protocols" => ["TLSv1.3"]
123
+ ) }
124
+
125
+ it "should pass the parameters to the ES client" do
126
+ expect(::Manticore::Client).to receive(:new) do |args|
127
+ expect(args[:ssl]).to match hash_including(
128
+ :enabled => true,
129
+ :keystore => ssl_keystore_path,
130
+ :keystore_type => "jks",
131
+ :keystore_password => "bar",
132
+ :truststore => ssl_truststore_path,
133
+ :truststore_type => "jks",
134
+ :truststore_password => "foo",
135
+ :verify => :strict,
136
+ :cipher_suites => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
137
+ :protocols => ["TLSv1.3"],
138
+ )
139
+ end.and_return(manticore_double)
140
+
141
+ subject.register
61
142
  end
143
+ end
144
+
145
+ context "when configured with certificate files" do
146
+ let(:ssl_certificate_authorities_path) { Stud::Temporary.file.path }
147
+ let(:ssl_certificate_path) { Stud::Temporary.file.path }
148
+ let(:ssl_key_path) { Stud::Temporary.file.path }
149
+ let(:settings) { super().merge(
150
+ "ssl_certificate_authorities" => [ssl_certificate_authorities_path],
151
+ "ssl_certificate" => ssl_certificate_path,
152
+ "ssl_key" => ssl_key_path,
153
+ "ssl_verification_mode" => "full",
154
+ "ssl_cipher_suites" => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
155
+ "ssl_supported_protocols" => ["TLSv1.3"]
156
+ ) }
62
157
 
63
- subject do
64
- require "logstash/outputs/elasticsearch"
65
- settings = {
66
- "hosts" => "node01",
67
- "ssl" => true,
68
- "cacert" => keystore_path,
69
- }
70
- next LogStash::Outputs::ElasticSearch.new(settings)
158
+ after :each do
159
+ File.delete(ssl_certificate_authorities_path)
160
+ File.delete(ssl_certificate_path)
161
+ File.delete(ssl_key_path)
71
162
  end
72
163
 
73
- it "should pass the keystore parameters to the ES client" do
164
+ it "should pass the parameters to the ES client" do
74
165
  expect(::Manticore::Client).to receive(:new) do |args|
75
- expect(args[:ssl]).to include(:keystore => keystore_path, :keystore_password => "test")
76
- end.and_call_original
166
+ expect(args[:ssl]).to match hash_including(
167
+ :enabled => true,
168
+ :ca_file => ssl_certificate_authorities_path,
169
+ :client_cert => ssl_certificate_path,
170
+ :client_key => ssl_key_path,
171
+ :verify => :strict,
172
+ :cipher_suites => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
173
+ :protocols => ["TLSv1.3"],
174
+ )
175
+ end.and_return(manticore_double)
176
+
77
177
  subject.register
78
178
  end
79
179
 
180
+ context "and only the ssl_certificate is set" do
181
+ let(:settings) { super().reject { |k| "ssl_key".eql?(k) } }
182
+
183
+ it "should raise a configuration error" do
184
+ expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Using an "ssl_certificate" requires an "ssl_key"/)
185
+ end
186
+ end
187
+
188
+ context "and only the ssl_key is set" do
189
+ let(:settings) { super().reject { |k| "ssl_certificate".eql?(k) } }
190
+
191
+ it "should raise a configuration error" do
192
+ expect { subject.register }.to raise_error(LogStash::ConfigurationError, /An "ssl_certificate" is required when using an "ssl_key"/)
193
+ end
194
+ end
80
195
  end
81
196
  end
197
+
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-output-elasticsearch
3
3
  version: !ruby/object:Gem::Version
4
- version: 11.13.0
4
+ version: 11.14.0
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-02-07 00:00:00.000000000 Z
11
+ date: 2023-03-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -112,6 +112,20 @@ dependencies:
112
112
  - - "~>"
113
113
  - !ruby/object:Gem::Version
114
114
  version: '1.0'
115
+ - !ruby/object:Gem::Dependency
116
+ requirement: !ruby/object:Gem::Requirement
117
+ requirements:
118
+ - - "~>"
119
+ - !ruby/object:Gem::Version
120
+ version: '1.0'
121
+ name: logstash-mixin-normalize_config_support
122
+ prerelease: false
123
+ type: :runtime
124
+ version_requirements: !ruby/object:Gem::Requirement
125
+ requirements:
126
+ - - "~>"
127
+ - !ruby/object:Gem::Version
128
+ version: '1.0'
115
129
  - !ruby/object:Gem::Dependency
116
130
  requirement: !ruby/object:Gem::Requirement
117
131
  requirements: