RubyGems - logstash-output-elasticsearch - Versions diffs - 11.13.0-java → 11.14.0-java - Mend

logstash-output-elasticsearch 11.13.0-java → 11.14.0-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +19 -0
data/docs/index.asciidoc +211 -62
data/lib/logstash/outputs/elasticsearch/http_client_builder.rb +44 -19
data/lib/logstash/outputs/elasticsearch/template_manager.rb +26 -3
data/lib/logstash/outputs/elasticsearch.rb +52 -0
data/lib/logstash/plugin_mixins/elasticsearch/api_configs.rb +51 -7
data/lib/logstash/plugin_mixins/elasticsearch/common.rb +2 -3
data/logstash-output-elasticsearch.gemspec +2 -1
data/spec/integration/outputs/index_spec.rb +16 -16
data/spec/unit/outputs/elasticsearch/data_stream_support_spec.rb +1 -1
data/spec/unit/outputs/elasticsearch/template_manager_spec.rb +72 -20
data/spec/unit/outputs/elasticsearch_spec.rb +91 -17
data/spec/unit/outputs/elasticsearch_ssl_spec.rb +166 -50
metadata +16 -2

data/spec/unit/outputs/elasticsearch_ssl_spec.rb CHANGED Viewed

@@ -1,81 +1,197 @@
 require_relative "../../../spec/spec_helper"
 require 'stud/temporary'
-describe "SSL option" do
+describe "SSL options" do
   let(:manticore_double) { double("manticoreSSL #{self.inspect}") }
+  let(:settings) { { "ssl_enabled" => true, "hosts" => "localhost", "pool_max" => 1, "pool_max_per_route" => 1 } }
+  subject do
+    require "logstash/outputs/elasticsearch"
+    LogStash::Outputs::ElasticSearch.new(settings)
+  end
   before do
     allow(manticore_double).to receive(:close)
     response_double = double("manticore response").as_null_object
     # Allow healtchecks
     allow(manticore_double).to receive(:head).with(any_args).and_return(response_double)
     allow(manticore_double).to receive(:get).with(any_args).and_return(response_double)
     allow(::Manticore::Client).to receive(:new).and_return(manticore_double)
   end
-  context "when using ssl without cert verification" do
-    subject do
-      require "logstash/outputs/elasticsearch"
-      settings = {
-        "hosts" => "localhost",
-        "ssl" => true,
-        "ssl_certificate_verification" => false,
-        "pool_max" => 1,
-        "pool_max_per_route" => 1
-      }
-      LogStash::Outputs::ElasticSearch.new(settings)
+  after do
+    subject.close
+  end
+  context "when ssl_verification_mode" do
+    context "is set to none" do
+      let(:settings) { super().merge(
+        "ssl_verification_mode" => 'none',
+      ) }
+      it "should print a warning" do
+        expect(subject.logger).to receive(:warn).with(/You have enabled encryption but DISABLED certificate verification/).at_least(:once)
+        allow(subject.logger).to receive(:warn).with(any_args)
+        subject.register
+        allow(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:start)
+      end
+      it "should pass the flag to the ES client" do
+        expect(::Manticore::Client).to receive(:new) do |args|
+          expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :disable)
+        end.and_return(manticore_double)
+        subject.register
+      end
     end
-    after do
-      subject.close
+    context "is set to full" do
+      let(:settings) { super().merge(
+        "ssl_verification_mode" => 'full',
+      ) }
+      it "should pass the flag to the ES client" do
+        expect(::Manticore::Client).to receive(:new) do |args|
+          expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :strict)
+        end.and_return(manticore_double)
+        subject.register
+      end
     end
-    it "should pass the flag to the ES client" do
-      expect(::Manticore::Client).to receive(:new) do |args|
-        expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :disable)
-      end.and_return(manticore_double)
-      subject.register
+  end
+  context "with the conflicting configs" do
+    context "ssl_certificate_authorities and ssl_truststore_path set" do
+      let(:ssl_truststore_path) { Stud::Temporary.file.path }
+      let(:ssl_certificate_authorities_path) { Stud::Temporary.file.path }
+      let(:settings) { super().merge(
+        "ssl_truststore_path" => ssl_truststore_path,
+        "ssl_certificate_authorities" => ssl_certificate_authorities_path
+      ) }
+      after :each do
+        File.delete(ssl_truststore_path)
+        File.delete(ssl_certificate_authorities_path)
+      end
+      it "should raise a configuration error" do
+        expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Use either "ssl_certificate_authorities\/cacert" or "ssl_truststore_path\/truststore"/)
+      end
     end
-    it "should print a warning" do
-      disabled_matcher = /You have enabled encryption but DISABLED certificate verification/
-      expect(subject.logger).to receive(:warn).with(disabled_matcher).at_least(:once)
-      allow(subject.logger).to receive(:warn).with(any_args)
-      subject.register
-      allow(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:start)
+    context "ssl_certificate and ssl_keystore_path set" do
+      let(:ssl_keystore_path) { Stud::Temporary.file.path }
+      let(:ssl_certificate_path) { Stud::Temporary.file.path }
+      let(:settings) { super().merge(
+        "ssl_certificate" => ssl_certificate_path,
+        "ssl_keystore_path" => ssl_keystore_path
+      ) }
+      after :each do
+        File.delete(ssl_keystore_path)
+        File.delete(ssl_certificate_path)
+      end
+      it "should raise a configuration error" do
+        expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Use either "ssl_certificate" or "ssl_keystore_path\/keystore"/)
+      end
     end
   end
-  context "when using ssl with client certificates" do
-    let(:keystore_path) { Stud::Temporary.file.path }
-    before do
-      `openssl req -x509  -batch -nodes -newkey rsa:2048 -keyout lumberjack.key -out #{keystore_path}.pem`
-    end
+  context "when configured with Java store files" do
+    let(:ssl_truststore_path) { Stud::Temporary.file.path }
+    let(:ssl_keystore_path) { Stud::Temporary.file.path }
     after :each do
-      File.delete(keystore_path)
-      subject.close
+      File.delete(ssl_truststore_path)
+      File.delete(ssl_keystore_path)
+    end
+    let(:settings) { super().merge(
+      "ssl_truststore_path" => ssl_truststore_path,
+      "ssl_truststore_type" => "jks",
+      "ssl_truststore_password" => "foo",
+      "ssl_keystore_path" => ssl_keystore_path,
+      "ssl_keystore_type" => "jks",
+      "ssl_keystore_password" => "bar",
+      "ssl_verification_mode" => "full",
+      "ssl_cipher_suites" => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
+      "ssl_supported_protocols" => ["TLSv1.3"]
+    ) }
+    it "should pass the parameters to the ES client" do
+      expect(::Manticore::Client).to receive(:new) do |args|
+        expect(args[:ssl]).to match hash_including(
+                                      :enabled => true,
+                                      :keystore => ssl_keystore_path,
+                                      :keystore_type => "jks",
+                                      :keystore_password => "bar",
+                                      :truststore => ssl_truststore_path,
+                                      :truststore_type => "jks",
+                                      :truststore_password => "foo",
+                                      :verify => :strict,
+                                      :cipher_suites => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
+                                      :protocols => ["TLSv1.3"],
+                                    )
+      end.and_return(manticore_double)
+      subject.register
     end
+  end
+  context "when configured with certificate files" do
+    let(:ssl_certificate_authorities_path) { Stud::Temporary.file.path }
+    let(:ssl_certificate_path) { Stud::Temporary.file.path }
+    let(:ssl_key_path) { Stud::Temporary.file.path }
+    let(:settings) { super().merge(
+      "ssl_certificate_authorities" => [ssl_certificate_authorities_path],
+      "ssl_certificate" => ssl_certificate_path,
+      "ssl_key" => ssl_key_path,
+      "ssl_verification_mode" => "full",
+      "ssl_cipher_suites" => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
+      "ssl_supported_protocols" => ["TLSv1.3"]
+    ) }
-    subject do
-      require "logstash/outputs/elasticsearch"
-      settings = {
-        "hosts" => "node01",
-        "ssl" => true,
-        "cacert" => keystore_path,
-      }
-      next LogStash::Outputs::ElasticSearch.new(settings)
+    after :each do
+      File.delete(ssl_certificate_authorities_path)
+      File.delete(ssl_certificate_path)
+      File.delete(ssl_key_path)
     end
-    it "should pass the keystore parameters to the ES client" do
+    it "should pass the parameters to the ES client" do
       expect(::Manticore::Client).to receive(:new) do |args|
-        expect(args[:ssl]).to include(:keystore => keystore_path, :keystore_password => "test")
-      end.and_call_original
+        expect(args[:ssl]).to match hash_including(
+                                      :enabled => true,
+                                      :ca_file => ssl_certificate_authorities_path,
+                                      :client_cert => ssl_certificate_path,
+                                      :client_key => ssl_key_path,
+                                      :verify => :strict,
+                                      :cipher_suites => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
+                                      :protocols => ["TLSv1.3"],
+                                    )
+      end.and_return(manticore_double)
       subject.register
     end
+    context "and only the ssl_certificate is set" do
+      let(:settings) { super().reject { |k| "ssl_key".eql?(k) } }
+      it "should raise a configuration error" do
+        expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Using an "ssl_certificate" requires an "ssl_key"/)
+      end
+    end
+    context "and only the ssl_key is set" do
+      let(:settings) { super().reject { |k| "ssl_certificate".eql?(k) } }
+      it "should raise a configuration error" do
+        expect { subject.register }.to raise_error(LogStash::ConfigurationError, /An "ssl_certificate" is required when using an "ssl_key"/)
+      end
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-elasticsearch
 version: !ruby/object:Gem::Version
-  version: 11.13.0
+  version: 11.14.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-07 00:00:00.000000000 Z
+date: 2023-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -112,6 +112,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  name: logstash-mixin-normalize_config_support
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements: