logstash-output-elasticsearch 11.13.1-java → 11.14.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +19 -0
- data/docs/index.asciidoc +211 -62
- data/lib/logstash/outputs/elasticsearch/http_client_builder.rb +44 -19
- data/lib/logstash/outputs/elasticsearch.rb +52 -0
- data/lib/logstash/plugin_mixins/elasticsearch/api_configs.rb +51 -7
- data/lib/logstash/plugin_mixins/elasticsearch/common.rb +2 -3
- data/logstash-output-elasticsearch.gemspec +2 -1
- data/spec/integration/outputs/index_spec.rb +16 -16
- data/spec/unit/outputs/elasticsearch/data_stream_support_spec.rb +1 -1
- data/spec/unit/outputs/elasticsearch_spec.rb +91 -17
- data/spec/unit/outputs/elasticsearch_ssl_spec.rb +166 -50
- metadata +16 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c6405648edffa1a591049d280196f4e7d0e4812f029daf782346e76e202f40b0
|
4
|
+
data.tar.gz: 2a8c1ae4c5cf07839aba4a7416305bae027b5461602c8518770f716683643e42
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9d5f80600ff713cd5429b7c1fe3dde0c665918e1ff1dbf69e8ca2e5a71a6c5e083031ad8951eeb561c0007e305bf2e808884ffdc97e9cd13aaa068df8cdd3e77
|
7
|
+
data.tar.gz: 1f5e4fe699a2c7189d84215a5631a42b20f608600ad10a97e464e19429586b5949d0f1570d67535e748e2f2e24a43bd323418b4fa114b8896eb568894ee35f82
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,22 @@
|
|
1
|
+
## 11.14.1
|
2
|
+
- [DOC] Fixed incorrect pull request link on the CHANGELOG `11.14.0` entry [#1122](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1122)
|
3
|
+
|
4
|
+
## 11.14.0
|
5
|
+
- Added SSL settings for: [#1118](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1118)
|
6
|
+
- `ssl_truststore_type`: The format of the truststore file
|
7
|
+
- `ssl_keystore_type`: The format of the keystore file
|
8
|
+
- `ssl_certificate`: OpenSSL-style X.509 certificate file to authenticate the client
|
9
|
+
- `ssl_key`: OpenSSL-style RSA private key that corresponds to the `ssl_certificate`
|
10
|
+
- `ssl_cipher_suites`: The list of cipher suites
|
11
|
+
- Reviewed and deprecated SSL settings to comply with Logstash's naming convention
|
12
|
+
- Deprecated `ssl` in favor of `ssl_enabled`
|
13
|
+
- Deprecated `cacert` in favor of `ssl_certificate_authorities`
|
14
|
+
- Deprecated `keystore` in favor of `ssl_keystore_path`
|
15
|
+
- Deprecated `keystore_password` in favor of `ssl_keystore_password`
|
16
|
+
- Deprecated `truststore` in favor of `ssl_truststore_path`
|
17
|
+
- Deprecated `truststore_password` in favor of `ssl_truststore_password`
|
18
|
+
- Deprecated `ssl_certificate_verification` in favor of `ssl_verification_mode`
|
19
|
+
|
1
20
|
## 11.13.1
|
2
21
|
- Avoid crash by ensuring ILM settings are injected in the correct location depending on the default (or custom) template format, template_api setting and ES version [#1102](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1102)
|
3
22
|
|
data/docs/index.asciidoc
CHANGED
@@ -299,7 +299,7 @@ checks.
|
|
299
299
|
==== Elasticsearch Output Configuration Options
|
300
300
|
|
301
301
|
This plugin supports the following configuration options plus the
|
302
|
-
<<plugins-{type}s-{plugin}-common-options>> described later.
|
302
|
+
<<plugins-{type}s-{plugin}-common-options>> and the <<plugins-{type}s-{plugin}-deprecated-options>> described later.
|
303
303
|
|
304
304
|
[cols="<,<,<",options="header",]
|
305
305
|
|=======================================================================
|
@@ -307,7 +307,6 @@ This plugin supports the following configuration options plus the
|
|
307
307
|
| <<plugins-{type}s-{plugin}-action>> |<<string,string>>|No
|
308
308
|
| <<plugins-{type}s-{plugin}-api_key>> |<<password,password>>|No
|
309
309
|
| <<plugins-{type}s-{plugin}-bulk_path>> |<<string,string>>|No
|
310
|
-
| <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|No
|
311
310
|
| <<plugins-{type}s-{plugin}-ca_trusted_fingerprint>> |<<string,string>>|No
|
312
311
|
| <<plugins-{type}s-{plugin}-cloud_auth>> |<<password,password>>|No
|
313
312
|
| <<plugins-{type}s-{plugin}-cloud_id>> |<<string,string>>|No
|
@@ -333,8 +332,6 @@ This plugin supports the following configuration options plus the
|
|
333
332
|
| <<plugins-{type}s-{plugin}-ilm_policy>> |<<string,string>>|No
|
334
333
|
| <<plugins-{type}s-{plugin}-ilm_rollover_alias>> |<<string,string>>|No
|
335
334
|
| <<plugins-{type}s-{plugin}-index>> |<<string,string>>|No
|
336
|
-
| <<plugins-{type}s-{plugin}-keystore>> |a valid filesystem path|No
|
337
|
-
| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|No
|
338
335
|
| <<plugins-{type}s-{plugin}-silence_errors_in_log>> |<<array,array>>|No
|
339
336
|
| <<plugins-{type}s-{plugin}-manage_template>> |<<boolean,boolean>>|No
|
340
337
|
| <<plugins-{type}s-{plugin}-parameters>> |<<hash,hash>>|No
|
@@ -358,16 +355,24 @@ This plugin supports the following configuration options plus the
|
|
358
355
|
| <<plugins-{type}s-{plugin}-sniffing>> |<<boolean,boolean>>|No
|
359
356
|
| <<plugins-{type}s-{plugin}-sniffing_delay>> |<<number,number>>|No
|
360
357
|
| <<plugins-{type}s-{plugin}-sniffing_path>> |<<string,string>>|No
|
361
|
-
| <<plugins-{type}s-{plugin}-
|
362
|
-
| <<plugins-{type}s-{plugin}-
|
358
|
+
| <<plugins-{type}s-{plugin}-ssl_certificate>> |<<path,path>>|No
|
359
|
+
| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |list of <<path,path>>|No
|
360
|
+
| <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |list of <<string,string>>|No
|
361
|
+
| <<plugins-{type}s-{plugin}-ssl_enabled>> |<<boolean,boolean>>|No
|
362
|
+
| <<plugins-{type}s-{plugin}-ssl_key>> |<<path,path>>|No
|
363
|
+
| <<plugins-{type}s-{plugin}-ssl_keystore_password>> |<<password,password>>|No
|
364
|
+
| <<plugins-{type}s-{plugin}-ssl_keystore_path>> |<<path,path>>|No
|
365
|
+
| <<plugins-{type}s-{plugin}-ssl_keystore_type>> |<<string,string>>|No
|
363
366
|
| <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<string,string>>|No
|
367
|
+
| <<plugins-{type}s-{plugin}-ssl_truststore_password>> |<<password,password>>|No
|
368
|
+
| <<plugins-{type}s-{plugin}-ssl_truststore_path>> |<<path,path>>|No
|
369
|
+
| <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
|
370
|
+
| <<plugins-{type}s-{plugin}-ssl_verification_mode>> |<<string,string>>, one of `["full", "none"]`|No
|
364
371
|
| <<plugins-{type}s-{plugin}-template>> |a valid filesystem path|No
|
365
372
|
| <<plugins-{type}s-{plugin}-template_api>> |<<string,string>>, one of `["auto", "legacy", "composable"]`|No
|
366
373
|
| <<plugins-{type}s-{plugin}-template_name>> |<<string,string>>|No
|
367
374
|
| <<plugins-{type}s-{plugin}-template_overwrite>> |<<boolean,boolean>>|No
|
368
375
|
| <<plugins-{type}s-{plugin}-timeout>> |<<number,number>>|No
|
369
|
-
| <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|No
|
370
|
-
| <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|No
|
371
376
|
| <<plugins-{type}s-{plugin}-upsert>> |<<string,string>>|No
|
372
377
|
| <<plugins-{type}s-{plugin}-user>> |<<string,string>>|No
|
373
378
|
| <<plugins-{type}s-{plugin}-validate_after_inactivity>> |<<number,number>>|No
|
@@ -408,7 +413,7 @@ For more details on actions, check out the {ref}/docs-bulk.html[Elasticsearch bu
|
|
408
413
|
* There is no default value for this setting.
|
409
414
|
|
410
415
|
Authenticate using Elasticsearch API key.
|
411
|
-
Note that this option also requires SSL/TLS, which can be enabled by supplying a <<plugins-{type}s-{plugin}-cloud_id>>, a list of HTTPS <<plugins-{type}s-{plugin}-hosts>>, or by setting <<plugins-{type}s-{plugin}-ssl,`
|
416
|
+
Note that this option also requires SSL/TLS, which can be enabled by supplying a <<plugins-{type}s-{plugin}-cloud_id>>, a list of HTTPS <<plugins-{type}s-{plugin}-hosts>>, or by setting <<plugins-{type}s-{plugin}-ssl,`ssl_enabled => true`>>.
|
412
417
|
|
413
418
|
Format is `id:api_key` where `id` and `api_key` are as returned by the
|
414
419
|
Elasticsearch {ref}/security-api-create-api-key.html[Create API key API].
|
@@ -422,14 +427,6 @@ Elasticsearch {ref}/security-api-create-api-key.html[Create API key API].
|
|
422
427
|
HTTP Path to perform the _bulk requests to
|
423
428
|
this defaults to a concatenation of the path parameter and "_bulk"
|
424
429
|
|
425
|
-
[id="plugins-{type}s-{plugin}-cacert"]
|
426
|
-
===== `cacert`
|
427
|
-
|
428
|
-
* Value type is <<path,path>>
|
429
|
-
* There is no default value for this setting.
|
430
|
-
|
431
|
-
The .cer or .pem file to validate the server's certificate.
|
432
|
-
|
433
430
|
[id="plugins-{type}s-{plugin}-ca_trusted_fingerprint"]
|
434
431
|
===== `ca_trusted_fingerprint`
|
435
432
|
|
@@ -769,23 +766,6 @@ Logstash uses
|
|
769
766
|
http://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html[Joda
|
770
767
|
formats] and the `@timestamp` field of each event is being used as source for the date.
|
771
768
|
|
772
|
-
[id="plugins-{type}s-{plugin}-keystore"]
|
773
|
-
===== `keystore`
|
774
|
-
|
775
|
-
* Value type is <<path,path>>
|
776
|
-
* There is no default value for this setting.
|
777
|
-
|
778
|
-
The keystore used to present a certificate to the server.
|
779
|
-
It can be either .jks or .p12
|
780
|
-
|
781
|
-
[id="plugins-{type}s-{plugin}-keystore_password"]
|
782
|
-
===== `keystore_password`
|
783
|
-
|
784
|
-
* Value type is <<password,password>>
|
785
|
-
* There is no default value for this setting.
|
786
|
-
|
787
|
-
Set the keystore password
|
788
|
-
|
789
769
|
[id="plugins-{type}s-{plugin}-manage_template"]
|
790
770
|
===== `manage_template`
|
791
771
|
|
@@ -1034,8 +1014,35 @@ the default value is computed by concatenating the path value and "_nodes/http"
|
|
1034
1014
|
if sniffing_path is set it will be used as an absolute path
|
1035
1015
|
do not use full URL here, only paths, e.g. "/sniff/_nodes/http"
|
1036
1016
|
|
1037
|
-
[id="plugins-{type}s-{plugin}-
|
1038
|
-
===== `
|
1017
|
+
[id="plugins-{type}s-{plugin}-ssl_certificate"]
|
1018
|
+
===== `ssl_certificate`
|
1019
|
+
* Value type is <<path,path>>
|
1020
|
+
* There is no default value for this setting.
|
1021
|
+
|
1022
|
+
SSL certificate to use to authenticate the client. This certificate should be an OpenSSL-style X.509 certificate file.
|
1023
|
+
|
1024
|
+
NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-ssl_key>> is set.
|
1025
|
+
|
1026
|
+
[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
|
1027
|
+
===== `ssl_certificate_authorities`
|
1028
|
+
|
1029
|
+
* Value type is a list of <<path,path>>
|
1030
|
+
* There is no default value for this setting
|
1031
|
+
|
1032
|
+
The .cer or .pem files to validate the server's certificate.
|
1033
|
+
|
1034
|
+
NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_truststore_path>> at the same time.
|
1035
|
+
|
1036
|
+
[id="plugins-{type}s-{plugin}-ssl_cipher_suites"]
|
1037
|
+
===== `ssl_cipher_suites`
|
1038
|
+
* Value type is a list of <<string,string>>
|
1039
|
+
* There is no default value for this setting
|
1040
|
+
|
1041
|
+
The list of cipher suites to use, listed by priorities.
|
1042
|
+
Supported cipher suites vary depending on the Java and protocol versions.
|
1043
|
+
|
1044
|
+
[id="plugins-{type}s-{plugin}-ssl_enabled"]
|
1045
|
+
===== `ssl_enabled`
|
1039
1046
|
|
1040
1047
|
* Value type is <<boolean,boolean>>
|
1041
1048
|
* There is no default value for this setting.
|
@@ -1044,15 +1051,41 @@ Enable SSL/TLS secured communication to Elasticsearch cluster.
|
|
1044
1051
|
Leaving this unspecified will use whatever scheme is specified in the URLs listed in <<plugins-{type}s-{plugin}-hosts>> or extracted from the <<plugins-{type}s-{plugin}-cloud_id>>.
|
1045
1052
|
If no explicit protocol is specified plain HTTP will be used.
|
1046
1053
|
|
1047
|
-
[id="plugins-{type}s-{plugin}-
|
1048
|
-
===== `
|
1054
|
+
[id="plugins-{type}s-{plugin}-ssl_key"]
|
1055
|
+
===== `ssl_key`
|
1056
|
+
* Value type is <<path,path>>
|
1057
|
+
* There is no default value for this setting.
|
1049
1058
|
|
1050
|
-
|
1051
|
-
* Default value is `true`
|
1059
|
+
OpenSSL-style RSA private key that corresponds to the <<plugins-{type}s-{plugin}-ssl_certificate>>.
|
1052
1060
|
|
1053
|
-
|
1054
|
-
|
1055
|
-
|
1061
|
+
NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-ssl_certificate>> is set.
|
1062
|
+
|
1063
|
+
[id="plugins-{type}s-{plugin}-ssl_keystore_password"]
|
1064
|
+
===== `ssl_keystore_password`
|
1065
|
+
|
1066
|
+
* Value type is <<password,password>>
|
1067
|
+
* There is no default value for this setting.
|
1068
|
+
|
1069
|
+
Set the keystore password
|
1070
|
+
|
1071
|
+
[id="plugins-{type}s-{plugin}-ssl_keystore_path"]
|
1072
|
+
===== `ssl_keystore_path`
|
1073
|
+
|
1074
|
+
* Value type is <<path,path>>
|
1075
|
+
* There is no default value for this setting.
|
1076
|
+
|
1077
|
+
The keystore used to present a certificate to the server.
|
1078
|
+
It can be either `.jks` or `.p12`
|
1079
|
+
|
1080
|
+
NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_certificate>> at the same time.
|
1081
|
+
|
1082
|
+
[id="plugins-{type}s-{plugin}-ssl_keystore_type"]
|
1083
|
+
===== `ssl_keystore_type`
|
1084
|
+
|
1085
|
+
* Value can be any of: `jks`, `pkcs12`
|
1086
|
+
* If not provided, the value will be inferred from the keystore filename.
|
1087
|
+
|
1088
|
+
The format of the keystore file. It must be either `jks` or `pkcs12`.
|
1056
1089
|
|
1057
1090
|
[id="plugins-{type}s-{plugin}-ssl_supported_protocols"]
|
1058
1091
|
===== `ssl_supported_protocols`
|
@@ -1064,13 +1097,56 @@ https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
|
|
1064
1097
|
|
1065
1098
|
List of allowed SSL/TLS versions to use when establishing a connection to the Elasticsearch cluster.
|
1066
1099
|
|
1067
|
-
For Java 8 `'TLSv1.3'` is supported
|
1100
|
+
For Java 8 `'TLSv1.3'` is supported only since **8u262** (AdoptOpenJDK), but requires that you set the
|
1068
1101
|
`LS_JAVA_OPTS="-Djdk.tls.client.protocols=TLSv1.3"` system property in Logstash.
|
1069
1102
|
|
1070
1103
|
NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the one packaged with Logstash,
|
1071
1104
|
the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
|
1072
1105
|
the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
|
1073
1106
|
|
1107
|
+
[id="plugins-{type}s-{plugin}-ssl_truststore_password"]
|
1108
|
+
===== `ssl_truststore_password`
|
1109
|
+
|
1110
|
+
* Value type is <<password,password>>
|
1111
|
+
* There is no default value for this setting.
|
1112
|
+
|
1113
|
+
Set the truststore password
|
1114
|
+
|
1115
|
+
[id="plugins-{type}s-{plugin}-ssl_truststore_path"]
|
1116
|
+
===== `ssl_truststore_path`
|
1117
|
+
|
1118
|
+
* Value type is <<path,path>>
|
1119
|
+
* There is no default value for this setting.
|
1120
|
+
|
1121
|
+
The truststore to validate the server's certificate.
|
1122
|
+
It can be either `.jks` or `.p12`.
|
1123
|
+
|
1124
|
+
NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> at the same time.
|
1125
|
+
|
1126
|
+
[id="plugins-{type}s-{plugin}-ssl_truststore_type"]
|
1127
|
+
===== `ssl_truststore_type`
|
1128
|
+
|
1129
|
+
* Value can be any of: `jks`, `pkcs12`
|
1130
|
+
* If not provided, the value will be inferred from the truststore filename.
|
1131
|
+
|
1132
|
+
The format of the truststore file. It must be either `jks` or `pkcs12`.
|
1133
|
+
|
1134
|
+
[id="plugins-{type}s-{plugin}-ssl_verification_mode"]
|
1135
|
+
===== `ssl_verification_mode`
|
1136
|
+
|
1137
|
+
* Value can be any of: `full`, `none`
|
1138
|
+
* Default value is `full`
|
1139
|
+
|
1140
|
+
Defines how to verify the certificates presented by another party in the TLS connection:
|
1141
|
+
|
1142
|
+
`full` validates that the server certificate has an issue date that’s within
|
1143
|
+
the not_before and not_after dates; chains to a trusted Certificate Authority (CA), and
|
1144
|
+
has a hostname or IP address that matches the names within the certificate.
|
1145
|
+
|
1146
|
+
`none` performs no certificate validation.
|
1147
|
+
|
1148
|
+
WARNING: Setting certificate verification to `none` disables many security benefits of SSL/TLS, which is very dangerous. For more information on disabling certificate verification please read https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
|
1149
|
+
|
1074
1150
|
[id="plugins-{type}s-{plugin}-template"]
|
1075
1151
|
===== `template`
|
1076
1152
|
|
@@ -1139,24 +1215,6 @@ the "logstash" template (i.e. removing all customized settings)
|
|
1139
1215
|
Set the timeout, in seconds, for network operations and requests sent Elasticsearch. If
|
1140
1216
|
a timeout occurs, the request will be retried.
|
1141
1217
|
|
1142
|
-
[id="plugins-{type}s-{plugin}-truststore"]
|
1143
|
-
===== `truststore`
|
1144
|
-
|
1145
|
-
* Value type is <<path,path>>
|
1146
|
-
* There is no default value for this setting.
|
1147
|
-
|
1148
|
-
The truststore to validate the server's certificate.
|
1149
|
-
It can be either .jks or .p12.
|
1150
|
-
Use either `:truststore` or `:cacert`.
|
1151
|
-
|
1152
|
-
[id="plugins-{type}s-{plugin}-truststore_password"]
|
1153
|
-
===== `truststore_password`
|
1154
|
-
|
1155
|
-
* Value type is <<password,password>>
|
1156
|
-
* There is no default value for this setting.
|
1157
|
-
|
1158
|
-
Set the truststore password
|
1159
|
-
|
1160
1218
|
[id="plugins-{type}s-{plugin}-upsert"]
|
1161
1219
|
===== `upsert`
|
1162
1220
|
|
@@ -1213,6 +1271,97 @@ https://www.elastic.co/blog/elasticsearch-versioning-support[versioning support
|
|
1213
1271
|
blog] and {ref}/docs-index_.html#_version_types[Version types] in the
|
1214
1272
|
Elasticsearch documentation.
|
1215
1273
|
|
1274
|
+
[id="plugins-{type}s-{plugin}-deprecated-options"]
|
1275
|
+
==== Elasticsearch Output Deprecated Configuration Options
|
1276
|
+
|
1277
|
+
This plugin supports the following deprecated configurations.
|
1278
|
+
|
1279
|
+
WARNING: Deprecated options are subject to removal in future releases.
|
1280
|
+
|
1281
|
+
[cols="<,<,<",options="header",]
|
1282
|
+
|=======================================================================
|
1283
|
+
|Setting|Input type|Replaced by
|
1284
|
+
| <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|<<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
|
1285
|
+
| <<plugins-{type}s-{plugin}-keystore>> |a valid filesystem path|<<plugins-{type}s-{plugin}-ssl_keystore_path>>
|
1286
|
+
| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|<<plugins-{type}s-{plugin}-ssl_keystore_password>>
|
1287
|
+
| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|<<plugins-{type}s-{plugin}-ssl_enabled>>
|
1288
|
+
| <<plugins-{type}s-{plugin}-ssl_certificate_verification>> |<<boolean,boolean>>|<<plugins-{type}s-{plugin}-ssl_verification_mode>>
|
1289
|
+
| <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|<<plugins-{type}s-{plugin}-ssl_truststore_path>>
|
1290
|
+
| <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|<<plugins-{type}s-{plugin}-ssl_truststore_password>>
|
1291
|
+
|=======================================================================
|
1292
|
+
|
1293
|
+
|
1294
|
+
[id="plugins-{type}s-{plugin}-cacert"]
|
1295
|
+
===== `cacert`
|
1296
|
+
deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>]
|
1297
|
+
|
1298
|
+
* Value type is a list of <<path,path>>
|
1299
|
+
* There is no default value for this setting.
|
1300
|
+
|
1301
|
+
The .cer or .pem file to validate the server's certificate.
|
1302
|
+
|
1303
|
+
[id="plugins-{type}s-{plugin}-keystore"]
|
1304
|
+
===== `keystore`
|
1305
|
+
deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_path>>]
|
1306
|
+
|
1307
|
+
* Value type is <<path,path>>
|
1308
|
+
* There is no default value for this setting.
|
1309
|
+
|
1310
|
+
The keystore used to present a certificate to the server.
|
1311
|
+
It can be either .jks or .p12
|
1312
|
+
|
1313
|
+
NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_certificate>> at the same time.
|
1314
|
+
|
1315
|
+
[id="plugins-{type}s-{plugin}-keystore_password"]
|
1316
|
+
===== `keystore_password`
|
1317
|
+
deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_password>>]
|
1318
|
+
|
1319
|
+
* Value type is <<password,password>>
|
1320
|
+
* There is no default value for this setting.
|
1321
|
+
|
1322
|
+
Set the keystore password
|
1323
|
+
|
1324
|
+
[id="plugins-{type}s-{plugin}-ssl"]
|
1325
|
+
===== `ssl`
|
1326
|
+
deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
|
1327
|
+
|
1328
|
+
* Value type is <<boolean,boolean>>
|
1329
|
+
* There is no default value for this setting.
|
1330
|
+
|
1331
|
+
Enable SSL/TLS secured communication to Elasticsearch cluster.
|
1332
|
+
Leaving this unspecified will use whatever scheme is specified in the URLs listed in <<plugins-{type}s-{plugin}-hosts>> or extracted from the <<plugins-{type}s-{plugin}-cloud_id>>.
|
1333
|
+
If no explicit protocol is specified plain HTTP will be used.
|
1334
|
+
|
1335
|
+
[id="plugins-{type}s-{plugin}-ssl_certificate_verification"]
|
1336
|
+
===== `ssl_certificate_verification`
|
1337
|
+
deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_verification_mode>>]
|
1338
|
+
|
1339
|
+
* Value type is <<boolean,boolean>>
|
1340
|
+
* Default value is `true`
|
1341
|
+
|
1342
|
+
Option to validate the server's certificate. Disabling this severely compromises security.
|
1343
|
+
For more information on disabling certificate verification please read
|
1344
|
+
https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
|
1345
|
+
|
1346
|
+
[id="plugins-{type}s-{plugin}-truststore"]
|
1347
|
+
===== `truststore`
|
1348
|
+
deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_path>>]
|
1349
|
+
|
1350
|
+
* Value type is <<path,path>>
|
1351
|
+
* There is no default value for this setting.
|
1352
|
+
|
1353
|
+
The truststore to validate the server's certificate.
|
1354
|
+
It can be either `.jks` or `.p12`.
|
1355
|
+
Use either `:truststore` or `:cacert`.
|
1356
|
+
|
1357
|
+
[id="plugins-{type}s-{plugin}-truststore_password"]
|
1358
|
+
===== `truststore_password`
|
1359
|
+
deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_password>>]
|
1360
|
+
|
1361
|
+
* Value type is <<password,password>>
|
1362
|
+
* There is no default value for this setting.
|
1363
|
+
|
1364
|
+
Set the truststore password
|
1216
1365
|
|
1217
1366
|
[id="plugins-{type}s-{plugin}-common-options"]
|
1218
1367
|
include::{include_path}/{type}.asciidoc[]
|
@@ -107,38 +107,53 @@ module LogStash; module Outputs; class ElasticSearch;
|
|
107
107
|
end
|
108
108
|
|
109
109
|
def self.setup_ssl(logger, params)
|
110
|
-
params["
|
111
|
-
return {} if params["
|
110
|
+
params["ssl_enabled"] = true if params["hosts"].any? {|h| h.scheme == "https" }
|
111
|
+
return {} if params["ssl_enabled"].nil?
|
112
112
|
|
113
|
-
return {:ssl => {:enabled => false}} if params["
|
113
|
+
return {:ssl => {:enabled => false}} if params["ssl_enabled"] == false
|
114
114
|
|
115
|
-
|
116
|
-
params.values_at('cacert', 'truststore', 'truststore_password', 'keystore', 'keystore_password')
|
115
|
+
ssl_certificate_authorities, ssl_truststore_path, ssl_certificate, ssl_keystore_path = params.values_at('ssl_certificate_authorities', 'ssl_truststore_path', 'ssl_certificate', 'ssl_keystore_path')
|
117
116
|
|
118
|
-
if
|
119
|
-
raise
|
117
|
+
if ssl_certificate_authorities && ssl_truststore_path
|
118
|
+
raise LogStash::ConfigurationError, 'Use either "ssl_certificate_authorities/cacert" or "ssl_truststore_path/truststore" when configuring the CA certificate'
|
119
|
+
end
|
120
|
+
|
121
|
+
if ssl_certificate && ssl_keystore_path
|
122
|
+
raise LogStash::ConfigurationError, 'Use either "ssl_certificate" or "ssl_keystore_path/keystore" when configuring client certificates'
|
120
123
|
end
|
121
124
|
|
122
125
|
ssl_options = {:enabled => true}
|
123
126
|
|
124
|
-
if
|
125
|
-
|
126
|
-
|
127
|
-
ssl_options[:truststore_password] = truststore_password.value if truststore_password
|
127
|
+
if ssl_certificate_authorities&.any?
|
128
|
+
raise LogStash::ConfigurationError, 'Multiple values on "ssl_certificate_authorities" are not supported by this plugin' if ssl_certificate_authorities.size > 1
|
129
|
+
ssl_options[:ca_file] = ssl_certificate_authorities.first
|
128
130
|
end
|
129
131
|
|
130
|
-
ssl_options
|
131
|
-
|
132
|
-
|
133
|
-
|
132
|
+
setup_ssl_store(ssl_options, 'truststore', params)
|
133
|
+
setup_ssl_store(ssl_options, 'keystore', params)
|
134
|
+
|
135
|
+
ssl_key = params["ssl_key"]
|
136
|
+
if ssl_certificate
|
137
|
+
raise LogStash::ConfigurationError, 'Using an "ssl_certificate" requires an "ssl_key"' unless ssl_key
|
138
|
+
ssl_options[:client_cert] = ssl_certificate
|
139
|
+
ssl_options[:client_key] = ssl_key
|
140
|
+
elsif !ssl_key.nil?
|
141
|
+
raise LogStash::ConfigurationError, 'An "ssl_certificate" is required when using an "ssl_key"'
|
134
142
|
end
|
135
143
|
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
144
|
+
ssl_verification_mode = params["ssl_verification_mode"]
|
145
|
+
unless ssl_verification_mode.nil?
|
146
|
+
case ssl_verification_mode
|
147
|
+
when 'none'
|
148
|
+
logger.warn "You have enabled encryption but DISABLED certificate verification, " +
|
149
|
+
"to make sure your data is secure set `ssl_verification_mode => full`"
|
150
|
+
ssl_options[:verify] = :disable
|
151
|
+
else
|
152
|
+
ssl_options[:verify] = :strict
|
153
|
+
end
|
140
154
|
end
|
141
155
|
|
156
|
+
ssl_options[:cipher_suites] = params["ssl_cipher_suites"] if params.include?("ssl_cipher_suites")
|
142
157
|
ssl_options[:trust_strategy] = params["ssl_trust_strategy"] if params.include?("ssl_trust_strategy")
|
143
158
|
|
144
159
|
protocols = params['ssl_supported_protocols']
|
@@ -147,6 +162,16 @@ module LogStash; module Outputs; class ElasticSearch;
|
|
147
162
|
{ ssl: ssl_options }
|
148
163
|
end
|
149
164
|
|
165
|
+
# @param kind is a string [truststore|keystore]
|
166
|
+
def self.setup_ssl_store(ssl_options, kind, params)
|
167
|
+
store_path = params["ssl_#{kind}_path"]
|
168
|
+
if store_path
|
169
|
+
ssl_options[kind.to_sym] = store_path
|
170
|
+
ssl_options["#{kind}_type".to_sym] = params["ssl_#{kind}_type"] if params.include?("ssl_#{kind}_type")
|
171
|
+
ssl_options["#{kind}_password".to_sym] = params["ssl_#{kind}_password"].value if params.include?("ssl_#{kind}_password")
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
150
175
|
def self.setup_basic_auth(logger, params)
|
151
176
|
user, password = params["user"], params["password"]
|
152
177
|
|
@@ -96,10 +96,14 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
|
|
96
96
|
require "logstash/outputs/elasticsearch/data_stream_support"
|
97
97
|
require 'logstash/plugin_mixins/ecs_compatibility_support'
|
98
98
|
require 'logstash/plugin_mixins/deprecation_logger_support'
|
99
|
+
require 'logstash/plugin_mixins/normalize_config_support'
|
99
100
|
|
100
101
|
# Protocol agnostic methods
|
101
102
|
include(LogStash::PluginMixins::ElasticSearch::Common)
|
102
103
|
|
104
|
+
# Config normalization helpers
|
105
|
+
include(LogStash::PluginMixins::NormalizeConfigSupport)
|
106
|
+
|
103
107
|
# Methods for ILM support
|
104
108
|
include(LogStash::Outputs::ElasticSearch::Ilm)
|
105
109
|
|
@@ -282,6 +286,8 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
|
|
282
286
|
end
|
283
287
|
|
284
288
|
def register
|
289
|
+
setup_ssl_params!
|
290
|
+
|
285
291
|
if !failure_type_logging_whitelist.empty?
|
286
292
|
log_message = "'failure_type_logging_whitelist' is deprecated and in a future version of Elasticsearch " +
|
287
293
|
"output plugin will be removed, please use 'silence_errors_in_log' instead."
|
@@ -622,6 +628,52 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
|
|
622
628
|
end
|
623
629
|
end
|
624
630
|
|
631
|
+
def setup_ssl_params!
|
632
|
+
@ssl_enabled = normalize_config(:ssl_enabled) do |normalize|
|
633
|
+
normalize.with_deprecated_alias(:ssl)
|
634
|
+
end
|
635
|
+
|
636
|
+
@ssl_certificate_authorities = normalize_config(:ssl_certificate_authorities) do |normalize|
|
637
|
+
normalize.with_deprecated_mapping(:cacert) do |cacert|
|
638
|
+
[cacert]
|
639
|
+
end
|
640
|
+
end
|
641
|
+
|
642
|
+
@ssl_keystore_path = normalize_config(:ssl_keystore_path) do |normalize|
|
643
|
+
normalize.with_deprecated_alias(:keystore)
|
644
|
+
end
|
645
|
+
|
646
|
+
@ssl_keystore_password = normalize_config(:ssl_keystore_password) do |normalize|
|
647
|
+
normalize.with_deprecated_alias(:keystore_password)
|
648
|
+
end
|
649
|
+
|
650
|
+
@ssl_truststore_path = normalize_config(:ssl_truststore_path) do |normalize|
|
651
|
+
normalize.with_deprecated_alias(:truststore)
|
652
|
+
end
|
653
|
+
|
654
|
+
@ssl_truststore_password = normalize_config(:ssl_truststore_password) do |normalize|
|
655
|
+
normalize.with_deprecated_alias(:truststore_password)
|
656
|
+
end
|
657
|
+
|
658
|
+
@ssl_verification_mode = normalize_config(:ssl_verification_mode) do |normalize|
|
659
|
+
normalize.with_deprecated_mapping(:ssl_certificate_verification) do |ssl_certificate_verification|
|
660
|
+
if ssl_certificate_verification == true
|
661
|
+
"full"
|
662
|
+
else
|
663
|
+
"none"
|
664
|
+
end
|
665
|
+
end
|
666
|
+
end
|
667
|
+
|
668
|
+
params['ssl_enabled'] = @ssl_enabled unless @ssl_enabled.nil?
|
669
|
+
params['ssl_certificate_authorities'] = @ssl_certificate_authorities unless @ssl_certificate_authorities.nil?
|
670
|
+
params['ssl_keystore_path'] = @ssl_keystore_path unless @ssl_keystore_path.nil?
|
671
|
+
params['ssl_keystore_password'] = @ssl_keystore_password unless @ssl_keystore_password.nil?
|
672
|
+
params['ssl_truststore_path'] = @ssl_truststore_path unless @ssl_truststore_path.nil?
|
673
|
+
params['ssl_truststore_password'] = @ssl_truststore_password unless @ssl_truststore_password.nil?
|
674
|
+
params['ssl_verification_mode'] = @ssl_verification_mode unless @ssl_verification_mode.nil?
|
675
|
+
end
|
676
|
+
|
625
677
|
# To be overidden by the -java version
|
626
678
|
VALID_HTTP_ACTIONS = ["index", "delete", "create", "update"]
|
627
679
|
def valid_actions
|
@@ -45,35 +45,79 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
45
45
|
# Enable SSL/TLS secured communication to Elasticsearch cluster. Leaving this unspecified will use whatever scheme
|
46
46
|
# is specified in the URLs listed in 'hosts'. If no explicit protocol is specified plain HTTP will be used.
|
47
47
|
# If SSL is explicitly disabled here the plugin will refuse to start if an HTTPS URL is given in 'hosts'
|
48
|
-
:ssl => { :validate => :boolean },
|
48
|
+
:ssl => { :validate => :boolean, :deprecated => "Set 'ssl_enabled' instead." },
|
49
|
+
|
50
|
+
# Enable SSL/TLS secured communication to Elasticsearch cluster. Leaving this unspecified will use whatever scheme
|
51
|
+
# is specified in the URLs listed in 'hosts'. If no explicit protocol is specified plain HTTP will be used.
|
52
|
+
# If SSL is explicitly disabled here the plugin will refuse to start if an HTTPS URL is given in 'hosts'
|
53
|
+
:ssl_enabled => { :validate => :boolean },
|
49
54
|
|
50
55
|
# Option to validate the server's certificate. Disabling this severely compromises security.
|
51
56
|
# For more information on disabling certificate verification please read
|
52
57
|
# https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
|
53
|
-
:ssl_certificate_verification => { :validate => :boolean, :default => true },
|
58
|
+
:ssl_certificate_verification => { :validate => :boolean, :default => true, :deprecated => "Set 'ssl_verification_mode' instead." },
|
59
|
+
|
60
|
+
# Options to verify the server's certificate.
|
61
|
+
# "full": validates that the provided certificate has an issue date that’s within the not_before and not_after dates;
|
62
|
+
# chains to a trusted Certificate Authority (CA); has a hostname or IP address that matches the names within the certificate.
|
63
|
+
# "none": performs no certificate validation. Disabling this severely compromises security (https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)
|
64
|
+
:ssl_verification_mode => { :validate => %w[full none], :default => 'full' },
|
54
65
|
|
55
66
|
# The .cer or .pem file to validate the server's certificate
|
56
|
-
:cacert => { :validate => :path },
|
67
|
+
:cacert => { :validate => :path, :deprecated => "Set 'ssl_certificate_authorities' instead." },
|
68
|
+
|
69
|
+
# The .cer or .pem files to validate the server's certificate
|
70
|
+
:ssl_certificate_authorities => { :validate => :path, :list => true },
|
57
71
|
|
58
72
|
# One or more hex-encoded SHA256 fingerprints to trust as Certificate Authorities
|
59
73
|
:ca_trusted_fingerprint => LogStash::PluginMixins::CATrustedFingerprintSupport,
|
60
74
|
|
61
75
|
# The JKS truststore to validate the server's certificate.
|
62
76
|
# Use either `:truststore` or `:cacert`
|
63
|
-
:truststore => { :validate => :path },
|
77
|
+
:truststore => { :validate => :path, :deprecated => "Set 'ssl_truststore_path' instead." },
|
78
|
+
|
79
|
+
# The JKS truststore to validate the server's certificate.
|
80
|
+
# Use either `:ssl_truststore_path` or `:ssl_certificate_authorities`
|
81
|
+
:ssl_truststore_path => { :validate => :path },
|
82
|
+
|
83
|
+
# The format of the truststore file. It must be either jks or pkcs12
|
84
|
+
:ssl_truststore_type => { :validate => %w[pkcs12 jks] },
|
85
|
+
|
86
|
+
# Set the truststore password
|
87
|
+
:truststore_password => { :validate => :password, :deprecated => "Use 'ssl_truststore_password' instead." },
|
64
88
|
|
65
89
|
# Set the truststore password
|
66
|
-
:
|
90
|
+
:ssl_truststore_password => { :validate => :password },
|
67
91
|
|
68
92
|
# The keystore used to present a certificate to the server.
|
69
93
|
# It can be either .jks or .p12
|
70
|
-
:keystore => { :validate => :path },
|
94
|
+
:keystore => { :validate => :path, :deprecated => "Set 'ssl_keystore_path' instead." },
|
95
|
+
|
96
|
+
# The keystore used to present a certificate to the server.
|
97
|
+
# It can be either .jks or .p12
|
98
|
+
:ssl_keystore_path => { :validate => :path },
|
99
|
+
|
100
|
+
# The format of the keystore file. It must be either jks or pkcs12
|
101
|
+
:ssl_keystore_type => { :validate => %w[pkcs12 jks] },
|
71
102
|
|
72
103
|
# Set the keystore password
|
73
|
-
:keystore_password => { :validate => :password },
|
104
|
+
:keystore_password => { :validate => :password, :deprecated => "Set 'ssl_keystore_password' instead." },
|
105
|
+
|
106
|
+
# Set the keystore password
|
107
|
+
:ssl_keystore_password => { :validate => :password },
|
74
108
|
|
75
109
|
:ssl_supported_protocols => { :validate => ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'], :default => [], :list => true },
|
76
110
|
|
111
|
+
# OpenSSL-style X.509 certificate certificate to authenticate the client
|
112
|
+
:ssl_certificate => { :validate => :path },
|
113
|
+
|
114
|
+
# OpenSSL-style RSA private key to authenticate the client
|
115
|
+
:ssl_key => { :validate => :path },
|
116
|
+
|
117
|
+
# The list of cipher suites to use, listed by priorities.
|
118
|
+
# Supported cipher suites vary depending on which version of Java is used.
|
119
|
+
:ssl_cipher_suites => { :validate => :string, :list => true },
|
120
|
+
|
77
121
|
# This setting asks Elasticsearch for the list of all cluster nodes and adds them to the hosts list.
|
78
122
|
# Note: This will return ALL nodes with HTTP enabled (including master nodes!). If you use
|
79
123
|
# this with master nodes, you probably want to disable HTTP on them by setting
|
@@ -28,8 +28,7 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
28
28
|
|
29
29
|
setup_hosts
|
30
30
|
|
31
|
-
|
32
|
-
params['ssl'] = effectively_ssl? unless params.include?('ssl')
|
31
|
+
params['ssl_enabled'] = effectively_ssl? unless params.include?('ssl_enabled')
|
33
32
|
|
34
33
|
# inject the TrustStrategy from CATrustedFingerprintSupport
|
35
34
|
if trust_strategy_for_ca_trusted_fingerprint
|
@@ -74,7 +73,7 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
74
73
|
end
|
75
74
|
|
76
75
|
def effectively_ssl?
|
77
|
-
return @
|
76
|
+
return @ssl_enabled unless @ssl_enabled.nil?
|
78
77
|
|
79
78
|
hosts = Array(@hosts)
|
80
79
|
return false if hosts.nil? || hosts.empty?
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'logstash-output-elasticsearch'
|
3
|
-
s.version = '11.
|
3
|
+
s.version = '11.14.1'
|
4
4
|
s.licenses = ['apache-2.0']
|
5
5
|
s.summary = "Stores logs in Elasticsearch"
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -26,6 +26,7 @@ Gem::Specification.new do |s|
|
|
26
26
|
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.0'
|
27
27
|
s.add_runtime_dependency 'logstash-mixin-deprecation_logger_support', '~>1.0'
|
28
28
|
s.add_runtime_dependency 'logstash-mixin-ca_trusted_fingerprint_support', '~>1.0'
|
29
|
+
s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
|
29
30
|
|
30
31
|
s.add_development_dependency 'logstash-codec-plain'
|
31
32
|
s.add_development_dependency 'logstash-devutils'
|
@@ -289,8 +289,8 @@ describe "indexing" do
|
|
289
289
|
"hosts" => [ get_host_port ],
|
290
290
|
"user" => user,
|
291
291
|
"password" => password,
|
292
|
-
"
|
293
|
-
"
|
292
|
+
"ssl_enabled" => true,
|
293
|
+
"ssl_certificate_authorities" => cacert,
|
294
294
|
"index" => index
|
295
295
|
}
|
296
296
|
end
|
@@ -302,7 +302,7 @@ describe "indexing" do
|
|
302
302
|
|
303
303
|
context "when no keystore nor ca cert set and verification is disabled" do
|
304
304
|
let(:config) do
|
305
|
-
super().tap { |config| config.delete('
|
305
|
+
super().tap { |config| config.delete('ssl_certificate_authorities') }.merge('ssl_verification_mode' => 'none')
|
306
306
|
end
|
307
307
|
|
308
308
|
include_examples("an indexer", true)
|
@@ -311,9 +311,9 @@ describe "indexing" do
|
|
311
311
|
context "when keystore is set and verification is disabled" do
|
312
312
|
let(:config) do
|
313
313
|
super().merge(
|
314
|
-
'
|
315
|
-
'
|
316
|
-
'
|
314
|
+
'ssl_verification_mode' => 'none',
|
315
|
+
'ssl_keystore_path' => 'spec/fixtures/test_certs/test.p12',
|
316
|
+
'ssl_keystore_password' => '1234567890'
|
317
317
|
)
|
318
318
|
end
|
319
319
|
|
@@ -322,10 +322,10 @@ describe "indexing" do
|
|
322
322
|
|
323
323
|
context "when keystore has self-signed cert and verification is disabled" do
|
324
324
|
let(:config) do
|
325
|
-
super().tap { |config| config.delete('
|
326
|
-
'
|
327
|
-
'
|
328
|
-
'
|
325
|
+
super().tap { |config| config.delete('ssl_certificate_authorities') }.merge(
|
326
|
+
'ssl_verification_mode' => 'none',
|
327
|
+
'ssl_keystore_path' => 'spec/fixtures/test_certs/test_self_signed.p12',
|
328
|
+
'ssl_keystore_password' => '1234567890'
|
329
329
|
)
|
330
330
|
end
|
331
331
|
|
@@ -349,8 +349,8 @@ describe "indexing" do
|
|
349
349
|
let(:config) do
|
350
350
|
{
|
351
351
|
"hosts" => ["https://#{CGI.escape(user)}:#{CGI.escape(password)}@elasticsearch:9200"],
|
352
|
-
"
|
353
|
-
"
|
352
|
+
"ssl_enabled" => true,
|
353
|
+
"ssl_certificate_authorities" => "spec/fixtures/test_certs/test.crt",
|
354
354
|
"index" => index
|
355
355
|
}
|
356
356
|
end
|
@@ -358,10 +358,10 @@ describe "indexing" do
|
|
358
358
|
include_examples("an indexer", true)
|
359
359
|
end
|
360
360
|
|
361
|
-
context "without providing `
|
361
|
+
context "without providing `ssl_certificate_authorities`" do
|
362
362
|
let(:config) do
|
363
363
|
super().tap do |c|
|
364
|
-
c.delete("
|
364
|
+
c.delete("ssl_certificate_authorities")
|
365
365
|
end
|
366
366
|
end
|
367
367
|
|
@@ -369,10 +369,10 @@ describe "indexing" do
|
|
369
369
|
end
|
370
370
|
|
371
371
|
if Gem::Version.new(LOGSTASH_VERSION) >= Gem::Version.new("8.3.0")
|
372
|
-
context "with `ca_trusted_fingerprint` instead of `
|
372
|
+
context "with `ca_trusted_fingerprint` instead of `ssl_certificate_authorities`" do
|
373
373
|
let(:config) do
|
374
374
|
super().tap do |c|
|
375
|
-
c.delete("
|
375
|
+
c.delete("ssl_certificate_authorities")
|
376
376
|
c.update("ca_trusted_fingerprint" => ca_trusted_fingerprint)
|
377
377
|
end
|
378
378
|
end
|
@@ -114,7 +114,7 @@ describe LogStash::Outputs::ElasticSearch::DataStreamSupport do
|
|
114
114
|
{
|
115
115
|
'hosts' => [ 'http://127.0.0.1:12345' ],
|
116
116
|
'http_compression' => 'true', 'bulk_path' => '_bulk', 'timeout' => '30',
|
117
|
-
'user' => 'elastic', 'password' => 'ForSearch!', '
|
117
|
+
'user' => 'elastic', 'password' => 'ForSearch!', 'ssl_enabled' => 'false'
|
118
118
|
}
|
119
119
|
end
|
120
120
|
|
@@ -699,9 +699,8 @@ describe LogStash::Outputs::ElasticSearch do
|
|
699
699
|
end
|
700
700
|
end
|
701
701
|
|
702
|
-
|
703
|
-
|
704
|
-
let(:options) { {"ssl" => true}}
|
702
|
+
context "With the 'ssl_enabled' option" do
|
703
|
+
let(:options) { {"ssl_enabled" => true}}
|
705
704
|
|
706
705
|
include_examples("an encrypted client connection")
|
707
706
|
end
|
@@ -712,6 +711,81 @@ describe LogStash::Outputs::ElasticSearch do
|
|
712
711
|
end
|
713
712
|
end
|
714
713
|
|
714
|
+
describe "SSL deprecated settings" do
|
715
|
+
let(:base_options) { {"ssl" => "true"} }
|
716
|
+
|
717
|
+
context "with client certificate" do
|
718
|
+
let(:do_register) { true }
|
719
|
+
let(:cacert) { Stud::Temporary.file.path }
|
720
|
+
let(:options) { base_options.merge(
|
721
|
+
"cacert" => cacert,
|
722
|
+
"ssl_certificate_verification" => false
|
723
|
+
) }
|
724
|
+
|
725
|
+
after :each do
|
726
|
+
File.delete(cacert)
|
727
|
+
end
|
728
|
+
|
729
|
+
it "should map new configs into params" do
|
730
|
+
expect(subject.params).to match hash_including(
|
731
|
+
"ssl_enabled" => true,
|
732
|
+
"ssl_verification_mode" => "none",
|
733
|
+
"ssl_certificate_authorities" => [cacert]
|
734
|
+
)
|
735
|
+
end
|
736
|
+
|
737
|
+
it "should set new configs variables" do
|
738
|
+
expect(subject.instance_variable_get(:@ssl_enabled)).to eql(true)
|
739
|
+
expect(subject.instance_variable_get(:@ssl_verification_mode)).to eql("none")
|
740
|
+
expect(subject.instance_variable_get(:@ssl_certificate_authorities)).to eql([cacert])
|
741
|
+
end
|
742
|
+
end
|
743
|
+
|
744
|
+
context "with java stores" do
|
745
|
+
let(:do_register) { true }
|
746
|
+
let(:keystore) { Stud::Temporary.file.path }
|
747
|
+
let(:truststore) { Stud::Temporary.file.path }
|
748
|
+
let(:options) { base_options.merge(
|
749
|
+
"keystore" => keystore,
|
750
|
+
"keystore_password" => "keystore",
|
751
|
+
"truststore" => truststore,
|
752
|
+
"truststore_password" => "truststore",
|
753
|
+
"ssl_certificate_verification" => true
|
754
|
+
) }
|
755
|
+
|
756
|
+
let(:spy_http_client_builder!) do
|
757
|
+
allow(described_class::HttpClientBuilder).to receive(:build).with(any_args).and_call_original
|
758
|
+
allow(described_class::HttpClientBuilder).to receive(:setup_ssl).with(any_args).and_return({})
|
759
|
+
end
|
760
|
+
|
761
|
+
after :each do
|
762
|
+
File.delete(keystore)
|
763
|
+
File.delete(truststore)
|
764
|
+
end
|
765
|
+
|
766
|
+
it "should map new configs into params" do
|
767
|
+
expect(subject.params).to match hash_including(
|
768
|
+
"ssl_enabled" => true,
|
769
|
+
"ssl_keystore_path" => keystore,
|
770
|
+
"ssl_truststore_path" => truststore,
|
771
|
+
"ssl_verification_mode" => "full"
|
772
|
+
)
|
773
|
+
|
774
|
+
expect(subject.params["ssl_keystore_password"].value).to eql("keystore")
|
775
|
+
expect(subject.params["ssl_truststore_password"].value).to eql("truststore")
|
776
|
+
end
|
777
|
+
|
778
|
+
it "should set new configs variables" do
|
779
|
+
expect(subject.instance_variable_get(:@ssl_enabled)).to eql(true)
|
780
|
+
expect(subject.instance_variable_get(:@ssl_keystore_path)).to eql(keystore)
|
781
|
+
expect(subject.instance_variable_get(:@ssl_keystore_password).value).to eql("keystore")
|
782
|
+
expect(subject.instance_variable_get(:@ssl_truststore_path)).to eql(truststore)
|
783
|
+
expect(subject.instance_variable_get(:@ssl_truststore_password).value).to eql("truststore")
|
784
|
+
expect(subject.instance_variable_get(:@ssl_verification_mode)).to eql("full")
|
785
|
+
end
|
786
|
+
end
|
787
|
+
end
|
788
|
+
|
715
789
|
describe "retry_on_conflict" do
|
716
790
|
let(:num_retries) { 123 }
|
717
791
|
let(:event) { LogStash::Event.new("myactionfield" => "update", "message" => "blah") }
|
@@ -1093,12 +1167,12 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1093
1167
|
it 'adds the appropriate Authorization header to the manticore client' do
|
1094
1168
|
expect(manticore_options[:headers]).to eq({ "Authorization" => base64_api_key })
|
1095
1169
|
end
|
1096
|
-
it 'is provides
|
1097
|
-
expect(described_class::HttpClientBuilder).to have_received(:build).with(anything, anything, hash_including('
|
1170
|
+
it 'is provides ssl_enabled=>true to the http client builder' do; aggregate_failures do
|
1171
|
+
expect(described_class::HttpClientBuilder).to have_received(:build).with(anything, anything, hash_including('ssl_enabled'=>true))
|
1098
1172
|
end; end
|
1099
1173
|
end
|
1100
1174
|
|
1101
|
-
context "when set without
|
1175
|
+
context "when set without ssl_enabled => true" do
|
1102
1176
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1103
1177
|
let(:options) { { "api_key" => api_key } }
|
1104
1178
|
|
@@ -1114,14 +1188,14 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1114
1188
|
end
|
1115
1189
|
end
|
1116
1190
|
|
1117
|
-
context "when set without
|
1191
|
+
context "when set without ssl_enabled specified but with an https host" do
|
1118
1192
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1119
1193
|
let(:options) { { "hosts" => ["https://some.host.com"], "api_key" => api_key } }
|
1120
1194
|
|
1121
1195
|
it_behaves_like 'secure api-key authenticated client'
|
1122
1196
|
end
|
1123
1197
|
|
1124
|
-
context "when set without
|
1198
|
+
context "when set without ssl_enabled specified but with an http host`" do
|
1125
1199
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1126
1200
|
let(:options) { { "hosts" => ["http://some.host.com"], "api_key" => api_key } }
|
1127
1201
|
|
@@ -1130,9 +1204,9 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1130
1204
|
end
|
1131
1205
|
end
|
1132
1206
|
|
1133
|
-
context "when set with `
|
1207
|
+
context "when set with `ssl_enabled => false`" do
|
1134
1208
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1135
|
-
let(:options) { { "
|
1209
|
+
let(:options) { { "ssl_enabled" => "false", "api_key" => api_key } }
|
1136
1210
|
|
1137
1211
|
it "should raise a configuration error" do
|
1138
1212
|
expect { subject.register }.to raise_error LogStash::ConfigurationError, /requires SSL\/TLS/
|
@@ -1142,13 +1216,13 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1142
1216
|
context "when set" do
|
1143
1217
|
let(:options) { { "api_key" => ::LogStash::Util::Password.new(api_key) } }
|
1144
1218
|
|
1145
|
-
context "with
|
1146
|
-
let(:options) { super().merge("
|
1219
|
+
context "with ssl_enabled => true" do
|
1220
|
+
let(:options) { super().merge("ssl_enabled" => true) }
|
1147
1221
|
it_behaves_like 'secure api-key authenticated client'
|
1148
1222
|
end
|
1149
1223
|
|
1150
|
-
context "with
|
1151
|
-
let(:options) { super().merge("
|
1224
|
+
context "with ssl_enabled => false" do
|
1225
|
+
let(:options) { super().merge("ssl_enabled" => "false") }
|
1152
1226
|
|
1153
1227
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1154
1228
|
it "should raise a configuration error" do
|
@@ -1156,7 +1230,7 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1156
1230
|
end
|
1157
1231
|
end
|
1158
1232
|
|
1159
|
-
context "without
|
1233
|
+
context "without ssl_enabled specified" do
|
1160
1234
|
context "with an https host" do
|
1161
1235
|
let(:options) { super().merge("hosts" => ["https://some.host.com"]) }
|
1162
1236
|
it_behaves_like 'secure api-key authenticated client'
|
@@ -1180,7 +1254,7 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1180
1254
|
|
1181
1255
|
context 'user also set' do
|
1182
1256
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1183
|
-
let(:options) { { "
|
1257
|
+
let(:options) { { "ssl_enabled" => true, "api_key" => api_key, 'user' => 'another' } }
|
1184
1258
|
|
1185
1259
|
it "should fail" do
|
1186
1260
|
expect { subject.register }.to raise_error LogStash::ConfigurationError, /Multiple authentication options are specified/
|
@@ -1189,7 +1263,7 @@ describe LogStash::Outputs::ElasticSearch do
|
|
1189
1263
|
|
1190
1264
|
context 'cloud_auth also set' do
|
1191
1265
|
let(:do_register) { false } # this is what we want to test, so we disable the before(:each) call
|
1192
|
-
let(:options) { { "
|
1266
|
+
let(:options) { { "ssl_enabled" => true, "api_key" => api_key, 'cloud_auth' => 'foobar' } }
|
1193
1267
|
|
1194
1268
|
it "should fail" do
|
1195
1269
|
expect { subject.register }.to raise_error LogStash::ConfigurationError, /Multiple authentication options are specified/
|
@@ -1,81 +1,197 @@
|
|
1
1
|
require_relative "../../../spec/spec_helper"
|
2
2
|
require 'stud/temporary'
|
3
3
|
|
4
|
-
describe "SSL
|
4
|
+
describe "SSL options" do
|
5
5
|
let(:manticore_double) { double("manticoreSSL #{self.inspect}") }
|
6
|
+
|
7
|
+
let(:settings) { { "ssl_enabled" => true, "hosts" => "localhost", "pool_max" => 1, "pool_max_per_route" => 1 } }
|
8
|
+
|
9
|
+
subject do
|
10
|
+
require "logstash/outputs/elasticsearch"
|
11
|
+
LogStash::Outputs::ElasticSearch.new(settings)
|
12
|
+
end
|
13
|
+
|
6
14
|
before do
|
7
15
|
allow(manticore_double).to receive(:close)
|
8
|
-
|
16
|
+
|
9
17
|
response_double = double("manticore response").as_null_object
|
10
18
|
# Allow healtchecks
|
11
19
|
allow(manticore_double).to receive(:head).with(any_args).and_return(response_double)
|
12
20
|
allow(manticore_double).to receive(:get).with(any_args).and_return(response_double)
|
13
|
-
|
14
21
|
allow(::Manticore::Client).to receive(:new).and_return(manticore_double)
|
15
22
|
end
|
16
|
-
|
17
|
-
|
18
|
-
subject
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
"
|
25
|
-
|
26
|
-
|
27
|
-
|
23
|
+
|
24
|
+
after do
|
25
|
+
subject.close
|
26
|
+
end
|
27
|
+
|
28
|
+
context "when ssl_verification_mode" do
|
29
|
+
context "is set to none" do
|
30
|
+
let(:settings) { super().merge(
|
31
|
+
"ssl_verification_mode" => 'none',
|
32
|
+
) }
|
33
|
+
|
34
|
+
it "should print a warning" do
|
35
|
+
expect(subject.logger).to receive(:warn).with(/You have enabled encryption but DISABLED certificate verification/).at_least(:once)
|
36
|
+
allow(subject.logger).to receive(:warn).with(any_args)
|
37
|
+
|
38
|
+
subject.register
|
39
|
+
allow(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:start)
|
40
|
+
end
|
41
|
+
|
42
|
+
it "should pass the flag to the ES client" do
|
43
|
+
expect(::Manticore::Client).to receive(:new) do |args|
|
44
|
+
expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :disable)
|
45
|
+
end.and_return(manticore_double)
|
46
|
+
|
47
|
+
subject.register
|
48
|
+
end
|
28
49
|
end
|
29
|
-
|
30
|
-
|
31
|
-
|
50
|
+
|
51
|
+
context "is set to full" do
|
52
|
+
let(:settings) { super().merge(
|
53
|
+
"ssl_verification_mode" => 'full',
|
54
|
+
) }
|
55
|
+
|
56
|
+
it "should pass the flag to the ES client" do
|
57
|
+
expect(::Manticore::Client).to receive(:new) do |args|
|
58
|
+
expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :strict)
|
59
|
+
end.and_return(manticore_double)
|
60
|
+
|
61
|
+
subject.register
|
62
|
+
end
|
32
63
|
end
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
64
|
+
end
|
65
|
+
|
66
|
+
context "with the conflicting configs" do
|
67
|
+
context "ssl_certificate_authorities and ssl_truststore_path set" do
|
68
|
+
let(:ssl_truststore_path) { Stud::Temporary.file.path }
|
69
|
+
let(:ssl_certificate_authorities_path) { Stud::Temporary.file.path }
|
70
|
+
let(:settings) { super().merge(
|
71
|
+
"ssl_truststore_path" => ssl_truststore_path,
|
72
|
+
"ssl_certificate_authorities" => ssl_certificate_authorities_path
|
73
|
+
) }
|
74
|
+
|
75
|
+
after :each do
|
76
|
+
File.delete(ssl_truststore_path)
|
77
|
+
File.delete(ssl_certificate_authorities_path)
|
78
|
+
end
|
79
|
+
|
80
|
+
it "should raise a configuration error" do
|
81
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Use either "ssl_certificate_authorities\/cacert" or "ssl_truststore_path\/truststore"/)
|
82
|
+
end
|
40
83
|
end
|
41
84
|
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
85
|
+
context "ssl_certificate and ssl_keystore_path set" do
|
86
|
+
let(:ssl_keystore_path) { Stud::Temporary.file.path }
|
87
|
+
let(:ssl_certificate_path) { Stud::Temporary.file.path }
|
88
|
+
let(:settings) { super().merge(
|
89
|
+
"ssl_certificate" => ssl_certificate_path,
|
90
|
+
"ssl_keystore_path" => ssl_keystore_path
|
91
|
+
) }
|
92
|
+
|
93
|
+
after :each do
|
94
|
+
File.delete(ssl_keystore_path)
|
95
|
+
File.delete(ssl_certificate_path)
|
96
|
+
end
|
97
|
+
|
98
|
+
it "should raise a configuration error" do
|
99
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Use either "ssl_certificate" or "ssl_keystore_path\/keystore"/)
|
100
|
+
end
|
49
101
|
end
|
50
102
|
end
|
51
103
|
|
52
|
-
context "when
|
53
|
-
let(:
|
54
|
-
|
55
|
-
`openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout lumberjack.key -out #{keystore_path}.pem`
|
56
|
-
end
|
104
|
+
context "when configured with Java store files" do
|
105
|
+
let(:ssl_truststore_path) { Stud::Temporary.file.path }
|
106
|
+
let(:ssl_keystore_path) { Stud::Temporary.file.path }
|
57
107
|
|
58
108
|
after :each do
|
59
|
-
File.delete(
|
60
|
-
|
109
|
+
File.delete(ssl_truststore_path)
|
110
|
+
File.delete(ssl_keystore_path)
|
111
|
+
end
|
112
|
+
|
113
|
+
let(:settings) { super().merge(
|
114
|
+
"ssl_truststore_path" => ssl_truststore_path,
|
115
|
+
"ssl_truststore_type" => "jks",
|
116
|
+
"ssl_truststore_password" => "foo",
|
117
|
+
"ssl_keystore_path" => ssl_keystore_path,
|
118
|
+
"ssl_keystore_type" => "jks",
|
119
|
+
"ssl_keystore_password" => "bar",
|
120
|
+
"ssl_verification_mode" => "full",
|
121
|
+
"ssl_cipher_suites" => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
|
122
|
+
"ssl_supported_protocols" => ["TLSv1.3"]
|
123
|
+
) }
|
124
|
+
|
125
|
+
it "should pass the parameters to the ES client" do
|
126
|
+
expect(::Manticore::Client).to receive(:new) do |args|
|
127
|
+
expect(args[:ssl]).to match hash_including(
|
128
|
+
:enabled => true,
|
129
|
+
:keystore => ssl_keystore_path,
|
130
|
+
:keystore_type => "jks",
|
131
|
+
:keystore_password => "bar",
|
132
|
+
:truststore => ssl_truststore_path,
|
133
|
+
:truststore_type => "jks",
|
134
|
+
:truststore_password => "foo",
|
135
|
+
:verify => :strict,
|
136
|
+
:cipher_suites => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
|
137
|
+
:protocols => ["TLSv1.3"],
|
138
|
+
)
|
139
|
+
end.and_return(manticore_double)
|
140
|
+
|
141
|
+
subject.register
|
61
142
|
end
|
143
|
+
end
|
144
|
+
|
145
|
+
context "when configured with certificate files" do
|
146
|
+
let(:ssl_certificate_authorities_path) { Stud::Temporary.file.path }
|
147
|
+
let(:ssl_certificate_path) { Stud::Temporary.file.path }
|
148
|
+
let(:ssl_key_path) { Stud::Temporary.file.path }
|
149
|
+
let(:settings) { super().merge(
|
150
|
+
"ssl_certificate_authorities" => [ssl_certificate_authorities_path],
|
151
|
+
"ssl_certificate" => ssl_certificate_path,
|
152
|
+
"ssl_key" => ssl_key_path,
|
153
|
+
"ssl_verification_mode" => "full",
|
154
|
+
"ssl_cipher_suites" => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
|
155
|
+
"ssl_supported_protocols" => ["TLSv1.3"]
|
156
|
+
) }
|
62
157
|
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
"ssl" => true,
|
68
|
-
"cacert" => keystore_path,
|
69
|
-
}
|
70
|
-
next LogStash::Outputs::ElasticSearch.new(settings)
|
158
|
+
after :each do
|
159
|
+
File.delete(ssl_certificate_authorities_path)
|
160
|
+
File.delete(ssl_certificate_path)
|
161
|
+
File.delete(ssl_key_path)
|
71
162
|
end
|
72
163
|
|
73
|
-
it "should pass the
|
164
|
+
it "should pass the parameters to the ES client" do
|
74
165
|
expect(::Manticore::Client).to receive(:new) do |args|
|
75
|
-
expect(args[:ssl]).to
|
76
|
-
|
166
|
+
expect(args[:ssl]).to match hash_including(
|
167
|
+
:enabled => true,
|
168
|
+
:ca_file => ssl_certificate_authorities_path,
|
169
|
+
:client_cert => ssl_certificate_path,
|
170
|
+
:client_key => ssl_key_path,
|
171
|
+
:verify => :strict,
|
172
|
+
:cipher_suites => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
|
173
|
+
:protocols => ["TLSv1.3"],
|
174
|
+
)
|
175
|
+
end.and_return(manticore_double)
|
176
|
+
|
77
177
|
subject.register
|
78
178
|
end
|
79
179
|
|
180
|
+
context "and only the ssl_certificate is set" do
|
181
|
+
let(:settings) { super().reject { |k| "ssl_key".eql?(k) } }
|
182
|
+
|
183
|
+
it "should raise a configuration error" do
|
184
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError, /Using an "ssl_certificate" requires an "ssl_key"/)
|
185
|
+
end
|
186
|
+
end
|
187
|
+
|
188
|
+
context "and only the ssl_key is set" do
|
189
|
+
let(:settings) { super().reject { |k| "ssl_certificate".eql?(k) } }
|
190
|
+
|
191
|
+
it "should raise a configuration error" do
|
192
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError, /An "ssl_certificate" is required when using an "ssl_key"/)
|
193
|
+
end
|
194
|
+
end
|
80
195
|
end
|
81
196
|
end
|
197
|
+
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-output-elasticsearch
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 11.
|
4
|
+
version: 11.14.1
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-03-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -112,6 +112,20 @@ dependencies:
|
|
112
112
|
- - "~>"
|
113
113
|
- !ruby/object:Gem::Version
|
114
114
|
version: '1.0'
|
115
|
+
- !ruby/object:Gem::Dependency
|
116
|
+
requirement: !ruby/object:Gem::Requirement
|
117
|
+
requirements:
|
118
|
+
- - "~>"
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
version: '1.0'
|
121
|
+
name: logstash-mixin-normalize_config_support
|
122
|
+
prerelease: false
|
123
|
+
type: :runtime
|
124
|
+
version_requirements: !ruby/object:Gem::Requirement
|
125
|
+
requirements:
|
126
|
+
- - "~>"
|
127
|
+
- !ruby/object:Gem::Version
|
128
|
+
version: '1.0'
|
115
129
|
- !ruby/object:Gem::Dependency
|
116
130
|
requirement: !ruby/object:Gem::Requirement
|
117
131
|
requirements:
|