logstash-output-elasticsearch 11.22.9-java → 12.0.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1276b8bd29a1332d9dadb06c92e9c62b70e23293a7316d62c8e124b492f7b6b8
-  data.tar.gz: 7c6163b80bcffa621a2d19c91133b9d66733781ae5075f403a478ba0a7d122ed
+  metadata.gz: 983d99de3a0dcd5e58fb123e01ad8ee4c2396ce15fd565dda439e43c182b32e6
+  data.tar.gz: 8733e1a9b256b36e9f08a9be0803ca667817d7fe9f1e4cd1e090fe95882eb245
 SHA512:
-  metadata.gz: '092df2c01ae5c4f9e364bb56469ba3acbf705391bd4c04e65891deae3b9c377fd3be37c6dd6b12b0e9de2f4a3125e4d09df0de6d8dd03bc7ada19a85b1eaca4e'
-  data.tar.gz: ca93c24e48e71360d5e9722ec35025241c40eac255e83c60ce65b5d607517752609bb304e6d091f02cd8df06d9607afcdbe43c1d2dfb6f5990972fe40c0e1bd1
+  metadata.gz: f9626da6b7d428b17a16b2874a8758e260e84af265636fabea8e35dec0777ecdeae1b662910d2e065eccc4742ef706765d87b6cf475a141544a78347c69953de
+  data.tar.gz: 7997cfb3b851130a0504c0907761aba37ea31ec35deb7fc4de19eaf7f1ae00cee9df7b2575d59ace2b08c19ad7710460c534467bb79f7019c3a125478d0de5e2

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+## 12.0.0
+  - SSL settings that were marked deprecated in version `11.14.0` are now marked obsolete, and will prevent the plugin from starting.
+  - These settings are:
+    - `cacert`, which should be replaced by `ssl_certificate_authorities`
+    - `keystore`, which should be replaced by `ssl_keystore_path`
+    - `keystore_password`, which should be replaced by `ssl_keystore_password`
+    - `ssl`, which should be replaced by `ssl_enabled`
+    - `ssl_certificate_verification`, which should be replaced by `ssl_verification_mode`
+    - `truststore`, which should be replaced by `ssl_truststore_path`
+    - `truststore_password`, which should be replaced by `ssl_truststore_password`
+    - [#1197](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1197)
+
+## 11.22.10
+ - Add `x-elastic-product-origin` header to Elasticsearch requests [#1195](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1195)
+
 ## 11.22.9
  - Vendor ECS template for Elasticsearch 9.x in built gem [#1188](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1188)
 

data/docs/index.asciidoc

@@ -325,8 +325,10 @@ When a string value on an event contains one or more byte sequences that are not
 [id="plugins-{type}s-{plugin}-options"]
 ==== Elasticsearch Output Configuration Options
 
-This plugin supports the following configuration options plus the
-<<plugins-{type}s-{plugin}-common-options>> and the <<plugins-{type}s-{plugin}-deprecated-options>> described later.
+This plugin supports these configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
+
+NOTE: As of version 12.0.0 of this plugin, a number of previously deprecated SSL settings have been removed.
+Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
 
 [cols="<,<,<",options="header",]
 |=======================================================================
@@ -441,7 +443,7 @@ For more details on actions, check out the {ref}/docs-bulk.html[Elasticsearch bu
   * There is no default value for this setting.
 
 Authenticate using Elasticsearch API key.
-Note that this option also requires SSL/TLS, which can be enabled by supplying a <<plugins-{type}s-{plugin}-cloud_id>>, a list of HTTPS <<plugins-{type}s-{plugin}-hosts>>, or by setting <<plugins-{type}s-{plugin}-ssl,`ssl_enabled => true`>>.
+Note that this option also requires SSL/TLS, which can be enabled by supplying a <<plugins-{type}s-{plugin}-cloud_id>>, a list of HTTPS <<plugins-{type}s-{plugin}-hosts>>, or by setting <<plugins-{type}s-{plugin}-ssl_enabled,`ssl_enabled => true`>>.
 
 Format is `id:api_key` where `id` and `api_key` are as returned by the
 Elasticsearch {ref}/security-api-create-api-key.html[Create API key API].
@@ -1324,98 +1326,24 @@ https://www.elastic.co/blog/elasticsearch-versioning-support[versioning support
 blog] and {ref}/docs-index_.html#_version_types[Version types] in the
 Elasticsearch documentation.
 
-[id="plugins-{type}s-{plugin}-deprecated-options"]
-==== Elasticsearch Output Deprecated Configuration Options
-
-This plugin supports the following deprecated configurations.
+[id="plugins-{type}s-{plugin}-obsolete-options"]
+==== Elasticsearch Output Obsolete Configuration Options
 
-WARNING: Deprecated options are subject to removal in future releases.
+WARNING: As of version `12.0.0` of this plugin, some configuration options have been replaced.
+The plugin will fail to start if it contains any of these obsolete options.
 
-[cols="<,<,<",options="header",]
+[cols="<,<",options="header",]
 |=======================================================================
-|Setting|Input type|Replaced by
-| <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|<<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
-| <<plugins-{type}s-{plugin}-keystore>> |a valid filesystem path|<<plugins-{type}s-{plugin}-ssl_keystore_path>>
-| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|<<plugins-{type}s-{plugin}-ssl_keystore_password>>
-| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|<<plugins-{type}s-{plugin}-ssl_enabled>>
-| <<plugins-{type}s-{plugin}-ssl_certificate_verification>> |<<boolean,boolean>>|<<plugins-{type}s-{plugin}-ssl_verification_mode>>
-| <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|<<plugins-{type}s-{plugin}-ssl_truststore_path>>
-| <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|<<plugins-{type}s-{plugin}-ssl_truststore_password>>
+|Setting|Replaced by
+| cacert | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
+| keystore | <<plugins-{type}s-{plugin}-ssl_keystore_path>>
+| keystore_password | <<plugins-{type}s-{plugin}-ssl_keystore_password>>
+| ssl | <<plugins-{type}s-{plugin}-ssl_enabled>>
+| ssl_certificate_verification | <<plugins-{type}s-{plugin}-ssl_verification_mode>>
+| truststore | <<plugins-{type}s-{plugin}-ssl_truststore_path>>
+| truststore_password | <<plugins-{type}s-{plugin}-ssl_truststore_password>>
 |=======================================================================
 
-
-[id="plugins-{type}s-{plugin}-cacert"]
-===== `cacert`
-deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>]
-
-* Value type is a list of <<path,path>>
-* There is no default value for this setting.
-
-The .cer or .pem file to validate the server's certificate.
-
-[id="plugins-{type}s-{plugin}-keystore"]
-===== `keystore`
-deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_path>>]
-
-* Value type is <<path,path>>
-* There is no default value for this setting.
-
-The keystore used to present a certificate to the server.
-It can be either .jks or .p12
-
-NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_certificate>> at the same time.
-
-[id="plugins-{type}s-{plugin}-keystore_password"]
-===== `keystore_password`
-deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_password>>]
-
-* Value type is <<password,password>>
-* There is no default value for this setting.
-
-Set the keystore password
-
-[id="plugins-{type}s-{plugin}-ssl"]
-===== `ssl`
-deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
-
-* Value type is <<boolean,boolean>>
-* There is no default value for this setting.
-
-Enable SSL/TLS secured communication to Elasticsearch cluster.
-Leaving this unspecified will use whatever scheme is specified in the URLs listed in <<plugins-{type}s-{plugin}-hosts>> or extracted from the <<plugins-{type}s-{plugin}-cloud_id>>.
-If no explicit protocol is specified plain HTTP will be used.
-
-[id="plugins-{type}s-{plugin}-ssl_certificate_verification"]
-===== `ssl_certificate_verification`
-deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_verification_mode>>]
-
-* Value type is <<boolean,boolean>>
-* Default value is `true`
-
-Option to validate the server's certificate. Disabling this severely compromises security.
-For more information on disabling certificate verification please read
-https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
-
-[id="plugins-{type}s-{plugin}-truststore"]
-===== `truststore`
-deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_path>>]
-
-* Value type is <<path,path>>
-* There is no default value for this setting.
-
-The truststore to validate the server's certificate.
-It can be either `.jks` or `.p12`.
-Use either `:truststore` or `:cacert`.
-
-[id="plugins-{type}s-{plugin}-truststore_password"]
-===== `truststore_password`
-deprecated[11.14.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_password>>]
-
-* Value type is <<password,password>>
-* There is no default value for this setting.
-
-Set the truststore password
-
 [id="plugins-{type}s-{plugin}-common-options"]
 include::{include_path}/{type}.asciidoc[]
 

data/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb

@@ -2,7 +2,7 @@ require 'manticore'
 require 'cgi'
 
 module LogStash; module Outputs; class ElasticSearch; class HttpClient;
-  DEFAULT_HEADERS = { "Content-Type" => "application/json" }
+  DEFAULT_HEADERS = { "Content-Type" => "application/json", 'x-elastic-product-origin' => 'logstash-output-elasticsearch' }
   
   class ManticoreAdapter
     attr_reader :manticore, :logger

data/lib/logstash/outputs/elasticsearch.rb

@@ -275,7 +275,6 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
   def initialize(*params)
     super
     setup_ecs_compatibility_related_defaults
-    setup_ssl_params!
     setup_compression_level!
   end
 
@@ -694,52 +693,6 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
     end
   end
 
-  def setup_ssl_params!
-    @ssl_enabled = normalize_config(:ssl_enabled) do |normalize|
-      normalize.with_deprecated_alias(:ssl)
-    end
-
-    @ssl_certificate_authorities = normalize_config(:ssl_certificate_authorities) do |normalize|
-      normalize.with_deprecated_mapping(:cacert) do |cacert|
-        [cacert]
-      end
-    end
-
-    @ssl_keystore_path =  normalize_config(:ssl_keystore_path) do |normalize|
-      normalize.with_deprecated_alias(:keystore)
-    end
-
-    @ssl_keystore_password = normalize_config(:ssl_keystore_password) do |normalize|
-      normalize.with_deprecated_alias(:keystore_password)
-    end
-
-    @ssl_truststore_path = normalize_config(:ssl_truststore_path) do |normalize|
-      normalize.with_deprecated_alias(:truststore)
-    end
-
-    @ssl_truststore_password =  normalize_config(:ssl_truststore_password) do |normalize|
-      normalize.with_deprecated_alias(:truststore_password)
-    end
-
-    @ssl_verification_mode = normalize_config(:ssl_verification_mode) do |normalize|
-      normalize.with_deprecated_mapping(:ssl_certificate_verification) do |ssl_certificate_verification|
-        if ssl_certificate_verification == true
-          "full"
-        else
-          "none"
-        end
-      end
-    end
-
-    params['ssl_enabled'] = @ssl_enabled unless @ssl_enabled.nil?
-    params['ssl_certificate_authorities'] = @ssl_certificate_authorities unless @ssl_certificate_authorities.nil?
-    params['ssl_keystore_path'] = @ssl_keystore_path unless @ssl_keystore_path.nil?
-    params['ssl_keystore_password'] = @ssl_keystore_password unless @ssl_keystore_password.nil?
-    params['ssl_truststore_path'] = @ssl_truststore_path unless @ssl_truststore_path.nil?
-    params['ssl_truststore_password'] = @ssl_truststore_password unless @ssl_truststore_password.nil?
-    params['ssl_verification_mode'] = @ssl_verification_mode unless @ssl_verification_mode.nil?
-  end
-
   def setup_compression_level!
     @compression_level = normalize_config(:compression_level) do |normalize|
       normalize.with_deprecated_mapping(:http_compression) do |http_compression|

data/lib/logstash/plugin_mixins/elasticsearch/api_configs.rb

@@ -43,40 +43,23 @@ module LogStash; module PluginMixins; module ElasticSearch
         # urls that already have query strings, the one specified here will be appended.
         :parameters => { :validate => :hash },
 
-        # Enable SSL/TLS secured communication to Elasticsearch cluster. Leaving this unspecified will use whatever scheme
-        # is specified in the URLs listed in 'hosts'. If no explicit protocol is specified plain HTTP will be used.
-        # If SSL is explicitly disabled here the plugin will refuse to start if an HTTPS URL is given in 'hosts'
-        :ssl => { :validate => :boolean, :deprecated => "Set 'ssl_enabled' instead." },
-
         # Enable SSL/TLS secured communication to Elasticsearch cluster. Leaving this unspecified will use whatever scheme
         # is specified in the URLs listed in 'hosts'. If no explicit protocol is specified plain HTTP will be used.
         # If SSL is explicitly disabled here the plugin will refuse to start if an HTTPS URL is given in 'hosts'
         :ssl_enabled => { :validate => :boolean },
 
-        # Option to validate the server's certificate. Disabling this severely compromises security.
-        # For more information on disabling certificate verification please read
-        # https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
-        :ssl_certificate_verification => { :validate => :boolean, :default => true, :deprecated => "Set 'ssl_verification_mode' instead." },
-
         # Options to verify the server's certificate.
         # "full": validates that the provided certificate has an issue date that’s within the not_before and not_after dates;
         # chains to a trusted Certificate Authority (CA); has a hostname or IP address that matches the names within the certificate.
         # "none": performs no certificate validation. Disabling this severely compromises security (https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)
         :ssl_verification_mode => { :validate => %w[full none], :default => 'full' },
 
-        # The .cer or .pem file to validate the server's certificate
-        :cacert => { :validate => :path, :deprecated => "Set 'ssl_certificate_authorities' instead." },
-
         # The .cer or .pem files to validate the server's certificate
         :ssl_certificate_authorities => { :validate => :path, :list => true },
 
         # One or more hex-encoded SHA256 fingerprints to trust as Certificate Authorities
         :ca_trusted_fingerprint => LogStash::PluginMixins::CATrustedFingerprintSupport,
 
-        # The JKS truststore to validate the server's certificate.
-        # Use either `:truststore` or `:cacert`
-        :truststore => { :validate => :path, :deprecated => "Set 'ssl_truststore_path' instead." },
-
         # The JKS truststore to validate the server's certificate.
         # Use either `:ssl_truststore_path` or `:ssl_certificate_authorities`
         :ssl_truststore_path => { :validate => :path },
@@ -84,16 +67,9 @@ module LogStash; module PluginMixins; module ElasticSearch
         # The format of the truststore file. It must be either jks or pkcs12
         :ssl_truststore_type => { :validate => %w[pkcs12 jks] },
 
-        # Set the truststore password
-        :truststore_password => { :validate => :password, :deprecated => "Use 'ssl_truststore_password' instead." },
-
         # Set the truststore password
         :ssl_truststore_password => { :validate => :password },
 
-        # The keystore used to present a certificate to the server.
-        # It can be either .jks or .p12
-        :keystore => { :validate => :path, :deprecated => "Set 'ssl_keystore_path' instead." },
-
         # The keystore used to present a certificate to the server.
         # It can be either .jks or .p12
         :ssl_keystore_path => { :validate => :path },
@@ -101,9 +77,6 @@ module LogStash; module PluginMixins; module ElasticSearch
         # The format of the keystore file. It must be either jks or pkcs12
         :ssl_keystore_type => { :validate => %w[pkcs12 jks] },
 
-        # Set the keystore password
-        :keystore_password => { :validate => :password, :deprecated => "Set 'ssl_keystore_password' instead." },
-
         # Set the keystore password
         :ssl_keystore_password => { :validate => :password },
 
@@ -229,7 +202,17 @@ module LogStash; module PluginMixins; module ElasticSearch
         :dlq_custom_codes => { :validate => :number, :list => true, :default => [] },
 
         # if enabled, failed index name interpolation events go into dead letter queue.
-        :dlq_on_failed_indexname_interpolation => { :validate => :boolean, :default => true }
+        :dlq_on_failed_indexname_interpolation => { :validate => :boolean, :default => true },
+
+        # Obsolete Settings
+        :ssl => { :obsolete => "Set 'ssl_enabled' instead." },
+        :ssl_certificate_verification => { :obsolete => "Set 'ssl_verification_mode' instead." },
+        :cacert => { :obsolete => "Set 'ssl_certificate_authorities' instead." },
+        :truststore => { :obsolete => "Set 'ssl_truststore_path' instead." },
+        :keystore => { :obsolete => "Set 'ssl_keystore_path' instead." },
+        # Leave :validate to ensure obfuscation of sensitive setting for passwords
+        :truststore_password => { :validate => :password, :obsolete => "Use 'ssl_truststore_password' instead." },
+        :keystore_password => { :validate => :password, :obsolete => "Set 'ssl_keystore_password' instead." }
     }.freeze
 
     def self.included(base)
@@ -243,3 +226,4 @@ module LogStash; module PluginMixins; module ElasticSearch
     end
   end
 end; end; end
+

data/logstash-output-elasticsearch.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-output-elasticsearch'
-  s.version         = '11.22.9'
+  s.version         = '12.0.0'
   s.licenses        = ['apache-2.0']
   s.summary         = "Stores logs in Elasticsearch"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/integration/outputs/compressed_indexing_spec.rb

@@ -32,6 +32,13 @@ end
     let(:http_client) do
       Manticore::Client.new(http_client_options)
     end
+    let(:expected_headers) {
+      {
+        "Content-Encoding" => "gzip",
+        "Content-Type" => "application/json",
+        'x-elastic-product-origin' => 'logstash-output-elasticsearch'
+      }
+    }
 
     before do
       subject.register
@@ -64,7 +71,7 @@ end
 
     it "sets the correct content-encoding header and body is compressed" do
       expect(subject.client.pool.adapter.client).to receive(:send).
-        with(anything, anything, {:headers=>{"Content-Encoding"=>"gzip", "Content-Type"=>"application/json"}, :body => a_valid_gzip_encoded_string}).
+        with(anything, anything, {:headers=> expected_headers, :body => a_valid_gzip_encoded_string}).
         and_call_original
       subject.multi_receive(events)
     end

data/spec/integration/outputs/index_spec.rb

@@ -214,10 +214,13 @@ describe "indexing" do
     end
 
     it "sets the correct content-type header" do
-      expected_manticore_opts = {:headers => {"Content-Type" => "application/json"}, :body => anything}
+      expected_manticore_opts = {
+        :headers => {"Content-Type" => "application/json", 'x-elastic-product-origin' => 'logstash-output-elasticsearch'},
+        :body => anything
+      }
       if secure
         expected_manticore_opts = {
-          :headers => {"Content-Type" => "application/json"},
+          :headers => {"Content-Type" => "application/json", 'x-elastic-product-origin' => 'logstash-output-elasticsearch'},
           :body => anything,
           :auth => {
             :user => user,

data/spec/unit/outputs/elasticsearch/http_client/manticore_adapter_spec.rb

@@ -34,7 +34,7 @@ describe LogStash::Outputs::ElasticSearch::HttpClient::ManticoreAdapter do
       
       expect(subject.manticore).to receive(:get).
         with(expected_uri.to_s, {
-          :headers => {"Content-Type" => "application/json"},
+          :headers => LogStash::Outputs::ElasticSearch::HttpClient::DEFAULT_HEADERS,
           :auth => {
             :user => user,
             :password => password,

data/spec/unit/outputs/elasticsearch_spec.rb

@@ -1125,81 +1125,6 @@ describe LogStash::Outputs::ElasticSearch do
     end
   end
 
-  describe "SSL deprecated settings" do
-    let(:base_options) { {"ssl" => "true"} }
-
-    context "with client certificate" do
-      let(:do_register) { true }
-      let(:cacert) { Stud::Temporary.file.path }
-      let(:options) { base_options.merge(
-        "cacert" => cacert,
-        "ssl_certificate_verification" => false
-      ) }
-
-      after :each do
-        File.delete(cacert)
-      end
-
-      it "should map new configs into params" do
-        expect(subject.params).to match hash_including(
-                                          "ssl_enabled" => true,
-                                          "ssl_verification_mode" => "none",
-                                          "ssl_certificate_authorities" => [cacert]
-                                        )
-      end
-
-      it "should set new configs variables" do
-        expect(subject.instance_variable_get(:@ssl_enabled)).to eql(true)
-        expect(subject.instance_variable_get(:@ssl_verification_mode)).to eql("none")
-        expect(subject.instance_variable_get(:@ssl_certificate_authorities)).to eql([cacert])
-      end
-    end
-
-    context "with java stores" do
-      let(:do_register) { true }
-      let(:keystore) { Stud::Temporary.file.path }
-      let(:truststore) { Stud::Temporary.file.path }
-      let(:options) { base_options.merge(
-        "keystore" => keystore,
-        "keystore_password" => "keystore",
-        "truststore" => truststore,
-        "truststore_password" => "truststore",
-        "ssl_certificate_verification" => true
-      ) }
-
-      let(:spy_http_client_builder!) do
-        allow(described_class::HttpClientBuilder).to receive(:build).with(any_args).and_call_original
-        allow(described_class::HttpClientBuilder).to receive(:setup_ssl).with(any_args).and_return({})
-      end
-
-      after :each do
-        File.delete(keystore)
-        File.delete(truststore)
-      end
-
-      it "should map new configs into params" do
-        expect(subject.params).to match hash_including(
-                                          "ssl_enabled" => true,
-                                          "ssl_keystore_path" => keystore,
-                                          "ssl_truststore_path" => truststore,
-                                          "ssl_verification_mode" => "full"
-                                        )
-
-        expect(subject.params["ssl_keystore_password"].value).to eql("keystore")
-        expect(subject.params["ssl_truststore_password"].value).to eql("truststore")
-      end
-
-      it "should set new configs variables" do
-        expect(subject.instance_variable_get(:@ssl_enabled)).to eql(true)
-        expect(subject.instance_variable_get(:@ssl_keystore_path)).to eql(keystore)
-        expect(subject.instance_variable_get(:@ssl_keystore_password).value).to eql("keystore")
-        expect(subject.instance_variable_get(:@ssl_truststore_path)).to eql(truststore)
-        expect(subject.instance_variable_get(:@ssl_truststore_password).value).to eql("truststore")
-        expect(subject.instance_variable_get(:@ssl_verification_mode)).to eql("full")
-      end
-    end
-  end
-
   describe "retry_on_conflict" do
     let(:num_retries) { 123 }
     let(:event) { LogStash::Event.new("myactionfield" => "update", "message" => "blah") }

data/spec/unit/outputs/elasticsearch_ssl_spec.rb

@@ -195,3 +195,25 @@ describe "SSL options" do
   end
 end
 
+# Move outside the SSL options describe block that has the after hook
+describe "SSL obsolete settings" do
+  let(:base_settings) { { "hosts" => "localhost", "pool_max" => 1, "pool_max_per_route" => 1 } }
+  [
+    {name: 'ssl', replacement: 'ssl_enabled'},
+    {name: 'ssl_certificate_verification', replacement: 'ssl_verification_mode'},
+    {name: 'cacert', replacement: 'ssl_certificate_authorities'},
+    {name: 'truststore', replacement: 'ssl_truststore_path'},
+    {name: 'keystore', replacement: 'ssl_keystore_path'},
+    {name: 'truststore_password', replacement: 'ssl_truststore_password'},
+    {name: 'keystore_password', replacement: 'ssl_keystore_password'}
+  ].each do |obsolete_setting|
+    context "with option #{obsolete_setting[:name]}" do
+      let(:settings) { base_settings.merge(obsolete_setting[:name] => "value") }
+
+      it "emits an error about the setting being obsolete" do
+        error_text = /The setting `#{obsolete_setting[:name]}` in plugin `elasticsearch` is obsolete and is no longer available. (Use|Set) '#{obsolete_setting[:replacement]}' instead/i
+        expect { LogStash::Outputs::ElasticSearch.new(settings) }.to raise_error LogStash::ConfigurationError, error_text
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-elasticsearch
 version: !ruby/object:Gem::Version
-  version: 11.22.9
+  version: 12.0.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-13 00:00:00.000000000 Z
+date: 2024-12-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement