logstash-output-elasticsearch 11.3.3-java → 11.5.0-java

data/lib/logstash/outputs/elasticsearch/templates/ecs-v8/elasticsearch-7x.json

@@ -4,7 +4,7 @@
   ],
   "mappings": {
     "_meta": {
-      "version": "8.0.0-dev"
+      "version": "8.0.1"
     },
     "date_detection": false,
     "dynamic_templates": [

data/lib/logstash/outputs/elasticsearch/templates/ecs-v8/elasticsearch-8x.json

@@ -15,7 +15,7 @@
     },
     "mappings": {
       "_meta": {
-        "version": "8.0.0-dev"
+        "version": "8.0.1"
       },
       "date_detection": false,
       "dynamic_templates": [

data/lib/logstash/plugin_mixins/elasticsearch/api_configs.rb

@@ -66,6 +66,8 @@ module LogStash; module PluginMixins; module ElasticSearch
         # Set the keystore password
         :keystore_password => { :validate => :password },
 
+        :ssl_supported_protocols => { :validate => ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'], :default => [], :list => true },
+
         # This setting asks Elasticsearch for the list of all cluster nodes and adds them to the hosts list.
         # Note: This will return ALL nodes with HTTP enabled (including master nodes!). If you use
         # this with master nodes, you probably want to disable HTTP on them by setting

data/logstash-output-elasticsearch.gemspec

@@ -1,7 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-output-elasticsearch'
-  s.version         = '11.3.3'
-
+  s.version         = '11.5.0'
   s.licenses        = ['apache-2.0']
   s.summary         = "Stores logs in Elasticsearch"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -21,7 +20,7 @@ Gem::Specification.new do |s|
   # Special flag to let us know this is actually a logstash plugin
   s.metadata = { "logstash_plugin" => "true", "logstash_group" => "output" }
 
-  s.add_runtime_dependency "manticore", '>= 0.7.1', '< 1.0.0'
+  s.add_runtime_dependency "manticore", '>= 0.8.0', '< 1.0.0'
   s.add_runtime_dependency 'stud', ['>= 0.0.17', '~> 0.0']
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
   s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.0'

data/spec/es_spec_helper.rb

@@ -59,7 +59,11 @@ module ESHelper
   end
 
   def self.es_version
-    RSpec.configuration.filter[:es_version] || ENV['ES_VERSION'] || ENV['ELASTIC_STACK_VERSION']
+    [
+      nilify(RSpec.configuration.filter[:es_version]),
+      nilify(ENV['ES_VERSION']),
+      nilify(ENV['ELASTIC_STACK_VERSION']),
+    ].compact.first
   end
 
   RSpec::Matchers.define :have_hits do |expected|

data/spec/fixtures/test_certs/test_invalid.crt

@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGVzCCBD+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJQVDEL
+MAkGA1UECAwCTkExDzANBgNVBAcMBkxpc2JvbjEOMAwGA1UECgwFTXlMYWIxDzAN
+BgNVBAMMBlJvb3RDQTAeFw0yMjAxMTgwNTA0MDZaFw0yNTAxMTgwNTA0MDZaMFIx
+CzAJBgNVBAYTAkxTMQswCQYDVQQIDAJOQTESMBAGA1UEBwwJRVMgT3V0cHV0MREw
+DwYDVQQKDAhMb2dzdGFzaDEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAunKYkXLoAC14bdIveIZlImtrp2rkQ5Ugz/vGVWFJ
+YatJh9x5dmqJQeO1gpGayNedbwDI/50CTDoqwCz4aunMKpgQdKHryjeuR1zqElhC
+QLZtAkzM/pCkTnMYvXDfJrBZcSWP+ddlkH8ffmN0Fxf3LsKln+K5A4hASrVGSKYw
++eNDV7yIxdhthqD0xNRuw/j3lSLxwBbwKOs7Mh+xmdMa4vs3AKJvG9LdTm7xdHtD
+4rkQAA7TRQOR5pl+eDICRnNkGVzgPMdf2kM94ZU7TI1zUMqV1uPNE05Vps14kuWq
+Z84r8ecExCo6mQxrQ1M7Y2UBGa5NM9kb+UP1famANadEOlS5kAGEtcpHnh1WK+98
+4mxtMQJHIOOASde/coA3mZ4Oa8Z0Hzy3fsNvD9ieLo2V8yQN9UAQshbB1BEuOaRr
+9wQKT4jlnCinZ4UU6FpEJ7NIiZ9wBKqNbN8iySPYmRihOj6BDuEQB/W/K54KQB5n
+ctT6MsoTyTFgqe3Zn0owMrGCsSDJsvUcaAz7ZsnesoiFtKsYyRZAWJVcLO5R0FxZ
+YjCGk9stspLT1cqmJ8VbMLhiW7T4ZP+sZj3B+aSZWnS5r78I4G9sB9swDMJMjNRP
+O15zvQKIRluULhm9WhPET78Iy9Qg1zoiGdnzxBSZ9Sh8+yb57cCRD4da7eLne4Sb
+uU8CAwEAAaOCATwwggE4MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMG
+CWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFPqrHNv/8Io82JmzcNWBdaRmftvdMIGIBgNVHSMEgYAwfoAU
+oVp0nHjq6mJ/UGuFhnSK7yjbPyuhUKROMEwxCzAJBgNVBAYTAlBUMQswCQYDVQQI
+DAJOQTEPMA0GA1UEBwwGTGlzYm9uMQ4wDAYDVQQKDAVNeUxhYjEPMA0GA1UEAwwG
+Um9vdENBghRT5Ucn3UmwssDUYlgL5RyE1/DeETAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3
+DQEBCwUAA4ICAQDHt/3rR3rzESrZNNLIU+jbW6Vsfcr22mghhbdoU+pnkZB8Spzp
+AUqgmSlOOuz/3OMLPP64sj+gm9kiU177uBoqJUsnaAaV0LNvp+EIWIdskw0OGU2X
+uOslZK5EdYGqGgRlElnohPRXcFXwsh//QJYDmNnnC3Fk+ZjZQKjH4q4Ur8ECPqit
+wVnRXqlKfLRjWWzvTgoPTAN42KHP2R7xxIHdV+cXH6riLLvtkWcGJbfoQaSuNOvc
+GAIoQc2YmIiVsGZ82n9Ww2zO9ByqF+KfGgIFDTCp1CzpfLKLLhzMv/p4n2zf/BOb
+MCJJfljOewqmzMo48Wj2vk/46IAGl5uA6PnDwa0LNgomA9c6loDcYEOsCr69xL+D
+7GL/Jzm9HaTE97lRGVwoKBG0hKabFEfOueKB6Oab8bVTuY99kbbRaFZs7I9QYVQy
+eY38YJv5kN3yAjFclO39R8cAngqecbQDZ7xTl7dF7CvrpAoNI8olL01Kjy/+vfX4
+WAMO9YONnVPwwB05voRZfKErVKi9iwAWa5m9DdtE5QdfjcsXZkITW2CF2skSgujw
+BS8P8Z+HccKa+qEPQM+eBWjrlzlx/XC2iXKE1w4zZL0wRgY7+W4dIMgJmPmV/Gue
+5wSnZtMueBdyKy+xFrJcszoakKg/JfSesKfnVLC+60EL2FQqbrGCEiTp2A==
+-----END CERTIFICATE-----

data/spec/fixtures/test_certs/test_invalid.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAunKYkXLoAC14bdIveIZlImtrp2rkQ5Ugz/vGVWFJYatJh9x5
+dmqJQeO1gpGayNedbwDI/50CTDoqwCz4aunMKpgQdKHryjeuR1zqElhCQLZtAkzM
+/pCkTnMYvXDfJrBZcSWP+ddlkH8ffmN0Fxf3LsKln+K5A4hASrVGSKYw+eNDV7yI
+xdhthqD0xNRuw/j3lSLxwBbwKOs7Mh+xmdMa4vs3AKJvG9LdTm7xdHtD4rkQAA7T
+RQOR5pl+eDICRnNkGVzgPMdf2kM94ZU7TI1zUMqV1uPNE05Vps14kuWqZ84r8ecE
+xCo6mQxrQ1M7Y2UBGa5NM9kb+UP1famANadEOlS5kAGEtcpHnh1WK+984mxtMQJH
+IOOASde/coA3mZ4Oa8Z0Hzy3fsNvD9ieLo2V8yQN9UAQshbB1BEuOaRr9wQKT4jl
+nCinZ4UU6FpEJ7NIiZ9wBKqNbN8iySPYmRihOj6BDuEQB/W/K54KQB5nctT6MsoT
+yTFgqe3Zn0owMrGCsSDJsvUcaAz7ZsnesoiFtKsYyRZAWJVcLO5R0FxZYjCGk9st
+spLT1cqmJ8VbMLhiW7T4ZP+sZj3B+aSZWnS5r78I4G9sB9swDMJMjNRPO15zvQKI
+RluULhm9WhPET78Iy9Qg1zoiGdnzxBSZ9Sh8+yb57cCRD4da7eLne4SbuU8CAwEA
+AQKCAgEAjd1oLTOrR4dRnO5S5HgON9RYg3iX2rx7zQUb8hcmSMSWHGQrn2iMq6/h
+iknT5oH47l9AkQ4ck3em07bkBiWDDd3Kl5Qk3ybi2rXd/LtfHfIwm5FoYUIZYv+8
+kVhy0vNX+vnDxSyZwQqZIgf2ayP3FoNQlolikUd4899ebSTXGyxLL1TrFO8K12dd
+Fu80oLStXbLLE4fgkKH71rW64vp3+MGBJmBx/k/ByE4uNp0cGEUL4Z9mLZr7xuSA
+EGCszoI6Zfn/PP/O9To4uY5dInB2j8C1pl6KyefO0C6DUfKiaH29fkBzpfcjwxRq
+AT4xb/2IisvPPmYyHMYS4ty4CxsMk7Cu5q+DlmRMa7ShOOdSAw+1k7yUl3rodXuu
+48k806s1cpoowo1aiNYMlZ6scQ0GtYU9/KfeWyfzO3QzgNguyAXifZNepU6qumUw
+S3670/1O/7KfpUCd8zgGmbHXlm6lhGj6ZHRDVDvp9/RKkqySbTGuWAXRgK3iLvEg
+26KTBtqW6WMx0XsZf7T2CDfXqdL+XzDrYNl9GB5rqgCjBUmsaK9QdwDGw4oFY3+k
+9KzBYj7wE7/W9vjBNBoWg/821McHJyYDaFCdOyC0YkppZKNENMcUkNE1noXQB7w5
+ib0NPWum//H+DT+F2iKOzP7N5f4XpHUSRnpYQ3C3d3Jt7n9NRoECggEBAObPgZd/
+ZnrgZtt++tMAsG8wEfjPS4GM/vbAdNJFruT1zamwIQv4ba/7/m2UO2nIpS1T6vBR
+MeVjsaueNe2K/9iRbXWKidTj38EnWCeEQQek9+bCjXqW01WjF+fomXYGSOj2RUWx
+5z7CcsfFe2N4yQxZEv9ynf2PZsA90F5FGcm7RvputhcY79Oyq8/baQmT2JpJMbHT
+X3J1usCQyIBjaGRErh0rSwXKcNL09Z1P5t4TDkZ+bctzO3s/0qdgS0E3keilyE4L
+cKe+hoGl8CsCaUBSmzY5evuLVChoZi6Pwlk84+CxFm5O9l505Bmphb22vZXII3ZS
+k7zDIJEBRzN+Sy8CggEBAM7LqE0yy56c55itsWQOKAVYyObn7HdwylQvd3OaEDhG
+L5MFFdif/GeLHcNzv2eRnd2n7cyjDfHR7znw9H0/xlLlloxonGiGR3XXCGexQYBY
+lJPkeCQRPAqNWXxUKsSPaChXJROsXRy6G2dgcdruM88z9iKnyeu8Ky++y8r6DLrm
+niTcRdqzz2HiGbnUyYdH7mg3IVT5LZsXxNyLAN+t4r0LmeZkijCC5xUd1brOxEAM
+h36qJZ1XXAGmhPgYW31VAqyDZ4oL9PGXEU/MCrxp8xHflbBOWBLm80gYmbZzxvvK
+4aGdXYWRmlEI3MS+HsvtcGXh4WOE1nLSU3cvDDIBa+ECggEBAKO+hvORoIR/+rix
+hwR2srTO55EajzijbKZltvsOEJvCfltp5qf1YOu+3Kukw9myTOyxYjWHhNx2M6/L
+F/sj54oe8ga3eD0eRLllTjcKro/byztcvr4/jkJs6CLQcz62CrerL03YfnOZw5BS
+W80f/ZHTB5VOHSOrvnuX3uFiKH9ja2FzdZ9BQ7NuSFG4GPaAeuRKFQVRLZ+oQgsn
+K/dZjs/Dobpz4k+DZTNkMXOfIexenHwKaZ4ya/puNuYjfIASCmOAaXBk0VFP62DC
+9nWsyjql4BNCCCu4lsXr+sIBnyFr/0aCm6U6Q7KTPtet2oHSyQEf8XiZ8NGzpMD6
+pSa07GUCggEBAJc0JCAmJuoX0eM6BT2ieDLIo0TqiWUf7GC3wECfgoKTFxAJpNqa
+yCQxfRa/WFFzEJnUwrRg+L47AQ89lpbJ/cn5IyYRC2QF4tRP4U5oNfuRSToF0K6W
+h28zwR1+MTM9pCvy5CJJYl+x2H2y8CzjBLDZTnwycRrToEQt3rbQNGSoYTOUd+Mc
+nGL2vla5No2a08ARp2aJN4ZyT7fuTzo9207c36+tDbnAzRQMl40ayDYIsz2zTQOJ
+r7VpO0poDOVMNkNLZXZznarUCY1uJN91HIySDdI2xoEzquipTCMy7miHBIl2Fb6n
+Is1jjICyfrQfLZLhITryExcroGnB1cnubiECggEAdOeyL1Q0MC59nbZ3E0OwCSMe
+HAEbcEp8J6nyyxJ+VVSVSmh5SIEajSh5PPkrzzqKkVo6LSXvHeiwvx5R302RBIew
+GZ41oUJA5ApPWAiZo/pusRR0nnClBXPSqFOb7uYuDTXuma2rWcN3xt4L1zGbSMS7
+de3Wsp6kVv3q2uF/2fv78BwpwaRQaDcmw269iSHjMAtVbBm2QIkN4FI+4CCUdn7H
+plUAW5CXWtAHRKFJwjF/I8PYAlyvGb4i8ll/RK5hworj1VrPgnKIg2JP8LcAm1a4
+9sk2DRryU+7PZBWgqaXeTfoDUzdcKmWx/jbGPP7Wlvh3Ao6ityQ0pauWZKzSFg==
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/test_certs/test_self_signed.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdzCCA1+gAwIBAgIUNtmhsOlqXXLvFvsvImAvs9ZrnFkwDQYJKoZIhvcNAQEL
+BQAwSzELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMQswCQYDVQQHDAJFUzERMA8G
+A1UECgwITG9nc3Rhc2gxDzANBgNVBAMMBmNsaWVudDAeFw0yMjAxMTgxMzIwMDNa
+Fw0yNTAxMTgxMzIwMDNaMEsxCzAJBgNVBAYTAkxTMQswCQYDVQQIDAJOQTELMAkG
+A1UEBwwCRVMxETAPBgNVBAoMCExvZ3N0YXNoMQ8wDQYDVQQDDAZjbGllbnQwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDT+NYvZzi7y2RHvklPQ7BYV478
+A+nN/ncakJ0JjmdekwDhUjb8VO/YxN68FyLargI89hsa9Aw20GRZrtibUYfl2qZy
+CW5Gydl/t2evCbO2mIcObImsagp/wNbPfopX8efU1aK3KPSlES0qDX6oB2hl9Afx
+oeJY+NBlg1xhVWC8/WAKxG/me9XPYhsOSVYR8UiA2RkPnhSND6dqqR+KGUdhxcZH
+rB2Y/fHyy2uAgErWguNSvVRudy7yZn5eAIhV2cI+710SOGPIXPbMPzdJBiNFNhaK
+QSCze+lC7xJg2lYhR+2H3DofhftemPMLPtFauVUe1xm5rP/hrVSbZuNN8DEffpAO
+whhgsDDmkAh8oY+OTSWCdjKHrir+Dbqo/OfmMK5tkC12LP2e45nvGKLrJGsHtBeP
++l3edtYLy0lvKVXvF/3krujTQYrA04Gqb9JKsvUSFarlhiY3dmJ1+na3kCNRu5Ei
+oFlvr8uWJLeEFTll6ahTGkCnWZ5bHP1NNYD4JRwTNtujArtWxEEomoiyjgw3RfHE
+pGlSaljnCvP9OX72zfrpfbQJx937CEt22jVTyKls4TPvkX+bKXHUVNG0xDlMcUK/
++DdTDLxD+j0gBJofSD/uWeWd8VhwSG7jY5PimUhQxwrHouyKbktF3useuElH/3wn
+pDy0hPKbgZmATChOBQIDAQABo1MwUTAdBgNVHQ4EFgQUKj3kW3xSP4/7D9djf8DM
+XdAG0e8wHwYDVR0jBBgwFoAUKj3kW3xSP4/7D9djf8DMXdAG0e8wDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAbNsBp/QUTXNKblQUPsjK97BDHVLs
+pdcHAabLd5Cwveb+0RyqUoMGz+XmtOiCS4bX5uLnNbjiFQK1zMyen6RBmdfZ4+nv
+/Uh5XMQx3oZCCrmXbTEsFjlSgQuQlTGlaJBZXKwN7KmBgqvsNEPRwteDPOLuQ4DP
+4zc/6euJDeHcrqTYEF4sYB5srkkL4A0Kw3ZaukopKMpdEaAzgqeQdQ5AqbKlfiiI
+/XJxomGLQ7LWY9KWYeZZ3RhdN/mEREFYHZ+OkptPcKqjQimIq6JulHVQJar3A3ec
+zaVsyT4UkDDn0nf8N/D9mjbCuO3Pd/8EHgqRzxMvglkCkDElrucrXjECK6SBpmgu
+nCIvEIJxlHqLicBAQxdv6/N+UILZ37Wg1MyoIkzQA1j6lkw8kMLi0OIStZ6COOVA
+6x00SDH7GwkWEWJCGN7v8xOTd4ftN3Srhsai0wMyNtA39Wi3GiAWo8XwtfrtkWwk
+7zmWYZu/Q98WAKSv7V5UYkCCzI1R9L2ZRBYtl94kQyfCzwVAyw7+x+z2mFm9hKIo
+g4Gc2UVOgMdYeghNwst7GUmCOJGo1hAr36UtZgDV4PnM1V41GAFNff+XArdZTpgu
+dEEhFp2ITlM/+9c68EvFMUhoi8M0GBv7IPwOE70f4blkBvTnNLQqe0bRfwB4FUcI
+8X4SIgxrmMAlKIc=
+-----END CERTIFICATE-----

data/spec/fixtures/test_certs/test_self_signed.key

@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI+GmeuhQKe3oCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBMDAiAm75L9BIIJSAuO3VTZO5tn
+F16ZpsL/9CW03G78wIGfiDE3Z4cWGfV/b+0eLUiPEPTWXwsT2dKOK1ih7yWecOLY
+Bb1jE/RJGd6SdAvE7Ur8xyEQhDgVbybcn0hubjQj4koP/k7HwcVVyR4cyXUCKcsr
+105LS4lagX3RI6zQCpK47dKbBj3YpZKN8CZPM03SEnmFh+QMDoXAegP2941hIdvL
+UO+VY5UpCe1VweBaMAXS6xWSk+LCQ/rlvR7vOTFkXqqC9KybkmrwN8hP2DPi218P
+XdQ720tP5gfhYLZtWoEQGrSgoJ7P4we3YyTMtCMmBZLuk5zk/OfwvX7Z+RlxX2rN
+TQxn2DlOc5anEG23r3Opv/ETm4awPgpdYYm7by3MJEY0lnOTZRuze8LcW6NjvyVd
+oi7geDPmVdvs5AQTV4aSBNfd9xvaq5NWiFPTbtnK17FqWSnWYlmrGJLaWvmSSBdZ
+4BLKElaU9v5uOmCCExaTpx4r+RcNZIdfAggCpcThwJuLtS1Kt0VhDvW5vkUbEq7h
+lhObPkUQfCEOgcNgo97ww1E4GxJEth6TN1hP78pcDYg7/Lb4p4DzrBTHH2IFYVmW
+cd195YeJIHOt96LWQuslv1HK24Of4+8luR/aLEfT1pGjyvm+5ShsgklEv21YVLJZ
+a4NKw8VNL5Y0ErlgN5RXd0n4MAdQHfpHSSUmcW3WNkC607OiS5f4DOAwoyWu8Roa
+9RaHpvJcQEtT1g0qCmLPoaqXOXqXJL+/ayEPXtaTv9wfUYgYpQdaB1b88/USneCx
+yUpSnI1Sn4HiZiaNzh+ZpHf0qBDdwPslRXFjtBefoOfJidklTTMQ4kEx4j6Uh2lM
+u2EEq0/kldydIUKhqpNdvOBmsylAzOoeWX/PQrVneRXZwe18aZb4QbEtPdB+Lobf
+oqRSObI98o9B7joXDJ891GnlsiNg+JvKBgUR9hce14EV8wU25/DiuFr6Mm8yUv3f
+UaGf8Cz6H8poj8djBoSF5vrVxu9Ucxkt4thN6J7/OXCnCCOU0vV+FUQqE23FPadh
+VK9MMA3cQKPiv+d4HNJriThLEgj2s+5xxZ2QXMl1gGNmMEHclIOA2BOSqoq8VkKS
+BpLQEZHMyfkRHzB+bclJnkAFLb2Vh/y3SkOgFggJFIRq0kL7g5PYrOwS6qRgHnNZ
+tw+hdTMWBLMwLNgMs1rWkEvTxvT//mDRKFmOV/rlG3xozb6OKB+7O60Tx1N5o3oP
+KH7qD3bzJ8JyIg85oJJHqOvvMlkoFk4qhL0l8N79EQy/+bOKpQeOxhWDuIpd0sCA
+FJjVEBFlYVI25ZO0pjFYvFQKd8IwfA2DpnXX7DRLZmzUvNG7mfkhmzKzqjwAw3GY
+RKfRdYF3OMo6/QcKDE3xl/x7XyepAnFlTEQzHHD6o+uhWEvX0+7McY2YAmPrXUjf
+bC+au6vp6945FoBe1AcqbQb2ZdJqQq9F1bgi0QwWhh/JlQfvRMz3PqcYct/92Wvr
+Fq6P+awwEq0V2XvOU376f5qC2TPOoEyErCHj+m5zUTezP6rmeO6G1txf1qdVfvcS
+yqU5iOyQZnf++ObJCsV3HILu3FyOVKrjplFYF7VzLwcNw/ulUK4d2LaZX99WTTJA
+H18OG3x0Y0OqLyWKkO9Pl5WkCW8v8IvocDwVl3KsZI6m6JE+92t+IDI2p27hiN8+
+PzoOQ51EGY/nmtDevaxAy4HcOxXYQJV3gZrAOOlBe+7KwPw1mhR/BW64y7JZaCsj
+m7CTWbu/tt+xio+PGJ4woj5K5zKDKkP2O46shJRS5/03r3EDrfySgYvfT1M2y9Aw
+tGdFQhF8tMSRUYWVPaj8dBH/cRoFvOSI4ARek/TbbJO0XHYPV+rf76MA8VpE6EFK
+BskLXLsgxti3sm5p/6D6tg6iC7efBkEebtKmjMvLK38Td1h8aVRZ1tVtJj7K/hYw
+Zp2WQaEwpZskgVGXvN+fMN33VUNTYqNS6jTYwPY9OyN1lwoaxw4yAhJolLKp9qJZ
+SF7CdYFbao6pgBj5/pzTwANPeRtm5M2gzrNrLgPHjM5w43R3mC6L2qG47Apw8DnI
+HhyfzWbnS4UNP64yZoeIY7QpykGcOsR3wO5qjg9hH3WFOgWMciOzOKn3LnhcA05I
+C8a4W+xYEcWYfRG7oTBpMKgswWz+++Ho09MuDbkDO3WSwmaKw+dU+ACJc0L6Rov2
+wEe0vE4vNugvUbS15ST9Z3zKZuEnMVDw8u5qFLDRz9tEhF/wgi4O9W4k/Qy6Ib42
+SUJxbLxPRC8w/CnzRa6xHPxzDcfYQbwnNG+hq5PPgn8xyoIjNJatfigo9o3THRbv
+wwDzJEWEzhew9MVYz0Re09KZrCi4BqCNCMwkAM8nOdPu38+MO+0DylqgIY+0u/zt
+HbfKl+cbImCuRWzUZFzb6lo3uEJeUZa0UjrxykYCupzMNJ15ezXYxSsWgH58ah/0
+6uqw0I8XwJM6mWY7BQvhixUXmeOgRBFBaNaLBe/bvvEideoEAXgLWw5ID40PZvh4
+4nRtMSOdEJFt6EGLnNl+WCC/f9B/NXHKx2yTzXam52UEe0SDnDcDca3v4z54U2MY
+v3qozFf8GSM1EFAcEHRDfCLj+/gXgOHK2DFcMc3YwGJUfiSbz2LfGzFG34nezJDA
+TtRFdRlW4ctqUKA4CkGbbZlJ6v9WFAg72BD5OognB035vtpdvfLOiUfUeflskMTt
+Uyci5s5sxw8TWRIpaXwk1pnLcivXC0TSVnzi1HhD6pNsejkBXBeQPxB6qMbWUhQb
+RDzRqbe4z0/IjG6uAXhacXw087iPjPN7+xtZJWwCaQjWGuNn2Fs76CJRrWlt/DF9
+PgaBlpul8EuNyMqZWKaehln0zBvH5Y177BXlrEeTpuUo5/kPWj2jEu51jfe+xIW8
+3RejLknCS39KjOV794ImLw8B1WlCwrfajVnXwgga8fCY6KGz7u3Prqq9irhRfycO
+pAl7Rja/fb/1yBuQHrUU1lgYIXqb262lebMhLlDHntc+J8Vjk++UuP2WjPNeztp2
+H4VF5NxMKJU8gScaN67FUtFYst5cz2aJuDHxbitFHKgoxNFYHVMjY26X/kmZVnUb
+aNCsaa8YbPPUDmHf2rJjIlK+PZLvLlENFbWDxaRC7/ab39Za9DTD9zH4aut6gw3Y
+q/eu/hnuc3qa580zbpgcAg==
+-----END ENCRYPTED PRIVATE KEY-----

data/spec/integration/outputs/ilm_spec.rb

@@ -236,7 +236,8 @@ describe 'Elasticsearch has index lifecycle management enabled', :integration =>
   let (:settings) {
     {
         "ilm_enabled" => ilm_enabled,
-        "hosts" => "#{get_host_port()}"
+        "hosts" => "#{get_host_port()}",
+        "ecs_compatibility" => "disabled", # specs are tightly tied to non-ECS defaults
     }
   }
   let (:small_max_doc_policy) { max_docs_policy(3) }

data/spec/integration/outputs/index_spec.rb

@@ -46,7 +46,8 @@ describe "TARGET_BULK_BYTES", :integration => true do
 end
 
 describe "indexing" do
-  let(:event) { LogStash::Event.new("message" => "Hello World!", "type" => type) }
+  let(:message) { "Hello from #{__FILE__}" }
+  let(:event) { LogStash::Event.new("message" => message, "type" => type) }
   let(:index) { 10.times.collect { rand(10).to_s }.join("") }
   let(:type) { ESHelper.es_version_satisfies?("< 7") ? "doc" : "_doc" }
   let(:event_count) { 1 + rand(2) }
@@ -55,31 +56,66 @@ describe "indexing" do
   subject { LogStash::Outputs::ElasticSearch.new(config) }
   
   let(:es_url) { "http://#{get_host_port}" }
-  let(:index_url) {"#{es_url}/#{index}"}
-  let(:http_client_options) { {} }
-  let(:http_client) do
-    Manticore::Client.new(http_client_options)
+  let(:index_url) { "#{es_url}/#{index}" }
+
+  let(:curl_opts) { nil }
+
+  let(:es_admin) { 'admin' } # default user added in ES -> 8.x requires auth credentials for /_refresh etc
+  let(:es_admin_pass) { 'elastic' }
+
+  def curl_and_get_json_response(url, method: :get); require 'open3'
+    cmd = "curl -s -v --show-error #{curl_opts} -X #{method.to_s.upcase} -k #{url}"
+    begin
+      out, err, status = Open3.capture3(cmd)
+    rescue Errno::ENOENT
+      fail "curl not available, make sure curl binary is installed and available on $PATH"
+    end
+
+    if status.success?
+      http_status = err.match(/< HTTP\/1.1 (\d+)/)[1] || '0' # < HTTP/1.1 200 OK\r\n
+
+      if http_status.strip[0].to_i > 2
+        error = (LogStash::Json.load(out)['error']) rescue nil
+        if error
+          fail "#{cmd.inspect} received an error: #{http_status}\n\n#{error.inspect}"
+        else
+          warn out
+          fail "#{cmd.inspect} unexpected response: #{http_status}\n\n#{err}"
+        end
+      end
+
+      LogStash::Json.load(out)
+    else
+      warn out
+      fail "#{cmd.inspect} process failed: #{status}\n\n#{err}"
+    end
   end
 
+  let(:initial_events) { [] }
+
   before do
     subject.register
-    subject.multi_receive([])
+    subject.multi_receive(initial_events) if initial_events
   end
-  
+
+  after do
+    subject.do_close
+  end
+
   shared_examples "an indexer" do |secure|
     it "ships events" do
       subject.multi_receive(events)
 
-      http_client.post("#{es_url}/_refresh").call
+      curl_and_get_json_response "#{es_url}/_refresh", method: :post
 
-      response = http_client.get("#{index_url}/_count?q=*")
-      result = LogStash::Json.load(response.body)
+      result = curl_and_get_json_response "#{index_url}/_count?q=*"
       cur_count = result["count"]
       expect(cur_count).to eq(event_count)
 
-      response = http_client.get("#{index_url}/_search?q=*&size=1000")
-      result = LogStash::Json.load(response.body)
+      result = curl_and_get_json_response "#{index_url}/_search?q=*&size=1000"
       result["hits"]["hits"].each do |doc|
+        expect(doc["_source"]["message"]).to eq(message)
+
         if ESHelper.es_version_satisfies?("< 8")
           expect(doc["_type"]).to eq(type)
         else
@@ -132,50 +168,109 @@ describe "indexing" do
   describe "a secured indexer", :secure_integration => true do
     let(:user) { "simpleuser" }
     let(:password) { "abc123" }
-    let(:cacert) { "spec/fixtures/test_certs/test.crt" }
-    let(:es_url) {"https://elasticsearch:9200"}
+    let(:cacert) { "spec/fixtures/test_certs/ca.crt" }
+    let(:es_url) { "https://#{get_host_port}" }
     let(:config) do
       {
-        "hosts" => ["elasticsearch:9200"],
+        "hosts" => [ get_host_port ],
         "user" => user,
         "password" => password,
         "ssl" => true,
-        "cacert" => "spec/fixtures/test_certs/test.crt",
+        "cacert" => cacert,
         "index" => index
       }
-    end
-    let(:http_client_options) do
-      {
-        :auth => {
-          :user => user,
-          :password => password
-        }, 
-        :ssl => {
-          :enabled => true,
-          :ca_file => cacert
-        }
-      }
-    end
-    it_behaves_like("an indexer", true)
-    
-    describe "with a password requiring escaping" do
-      let(:user) { "f@ncyuser" }
-      let(:password) { "ab%12#" }
-      
-      include_examples("an indexer", true)
-    end
-    
-    describe "with a user/password requiring escaping in the URL" do
-      let(:config) do
-        {
-          "hosts" => ["https://#{CGI.escape(user)}:#{CGI.escape(password)}@elasticsearch:9200"],
-          "ssl" => true,
-          "cacert" => "spec/fixtures/test_certs/test.crt",
-          "index" => index
-        }
+    end 
+
+    let(:curl_opts) { "-u #{user}:#{password}" }
+
+    if ENV['ES_SSL_KEY_INVALID'] == 'true' # test_invalid.crt (configured in ES) has SAN: DNS:localhost
+      # javax.net.ssl.SSLPeerUnverifiedException: Host name 'elasticsearch' does not match the certificate subject ...
+
+      context "when no keystore nor ca cert set and verification is disabled" do
+        let(:config) do
+          super().tap { |config| config.delete('cacert') }.merge('ssl_certificate_verification' => false)
+        end
+
+        include_examples("an indexer", true)
       end
-      
-      include_examples("an indexer", true)
+
+      context "when keystore is set and verification is disabled" do
+        let(:config) do
+          super().merge(
+              'ssl_certificate_verification' => false,
+              'keystore' => 'spec/fixtures/test_certs/test.p12',
+              'keystore_password' => '1234567890'
+          )
+        end
+
+        include_examples("an indexer", true)
+      end
+
+      context "when keystore has self-signed cert and verification is disabled" do
+        let(:config) do
+          super().tap { |config| config.delete('cacert') }.merge(
+              'ssl_certificate_verification' => false,
+              'keystore' => 'spec/fixtures/test_certs/test_self_signed.p12',
+              'keystore_password' => '1234567890'
+          )
+        end
+
+        include_examples("an indexer", true)
+      end
+
+    else
+
+      let(:curl_opts) { "#{super()} --tlsv1.2 --tls-max 1.3 -u #{es_admin}:#{es_admin_pass}" } # due ES 8.x we need user/password
+
+      it_behaves_like("an indexer", true)
+
+      describe "with a password requiring escaping" do
+        let(:user) { "f@ncyuser" }
+        let(:password) { "ab%12#" }
+
+        include_examples("an indexer", true)
+      end
+
+      describe "with a user/password requiring escaping in the URL" do
+        let(:config) do
+          {
+              "hosts" => ["https://#{CGI.escape(user)}:#{CGI.escape(password)}@elasticsearch:9200"],
+              "ssl" => true,
+              "cacert" => "spec/fixtures/test_certs/test.crt",
+              "index" => index
+          }
+        end
+
+        include_examples("an indexer", true)
+      end
+
+      context 'with enforced TLSv1.3 protocol' do
+        let(:config) { super().merge 'ssl_supported_protocols' => [ 'TLSv1.3' ] }
+
+        it_behaves_like("an indexer", true)
+      end
+
+      context 'with enforced TLSv1.2 protocol (while ES only enabled TLSv1.3)' do
+        let(:config) { super().merge 'ssl_supported_protocols' => [ 'TLSv1.2' ] }
+
+        let(:initial_events) { nil }
+
+        it "does not ship events" do
+          curl_and_get_json_response index_url, method: :put # make sure index exists
+          Thread.start { subject.multi_receive(events) } # we'll be stuck in a retry loop
+          sleep 2.5
+
+          curl_and_get_json_response "#{es_url}/_refresh", method: :post
+
+          result = curl_and_get_json_response "#{index_url}/_count?q=*"
+          cur_count = result["count"]
+          expect(cur_count).to eq(0) # ES output keeps re-trying but ends up with a
+          # [Manticore::ClientProtocolException] Received fatal alert: protocol_version
+        end
+
+      end if ENV['ES_SSL_SUPPORTED_PROTOCOLS'] == 'TLSv1.3'
+
     end
+
   end
 end

data/spec/integration/outputs/ingest_pipeline_spec.rb

@@ -6,7 +6,8 @@ describe "Ingest pipeline execution behavior", :integration => true do
     settings = {
       "hosts" => "#{get_host_port()}",
       "pipeline" => "apache-logs",
-      "data_stream" => 'false'
+      "data_stream" => 'false',
+      "ecs_compatibility" => "disabled", # specs are tightly tied to non-ECS defaults
     }
     next LogStash::Outputs::ElasticSearch.new(settings)
   end

data/spec/integration/outputs/no_es_on_startup_spec.rb

@@ -12,13 +12,13 @@ describe "elasticsearch is down on startup", :integration => true do
                                            "template_overwrite" => true,
                                            "hosts" => get_host_port(),
                                            "retry_max_interval" => 64,
-                                           "retry_initial_interval" => 2
+                                           "retry_initial_interval" => 2,
+                                           'ecs_compatibility' => 'disabled'
                                        })
   }
 
   before :each do
     # Delete all templates first.
-    require "elasticsearch"
     allow(Stud).to receive(:stoppable_sleep)
 
     # Clean ES of data before we start.
@@ -33,7 +33,9 @@ describe "elasticsearch is down on startup", :integration => true do
   end
 
   it 'should ingest events when Elasticsearch recovers before documents are sent' do
-    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_raise(::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new(StandardError.new, "big fail"))
+    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_raise(
+        ::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new StandardError.new("TEST: before docs are sent"), 'http://test.es/'
+    )
     subject.register
     allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_return(ESHelper.es_version)
     subject.multi_receive([event1, event2])
@@ -43,7 +45,9 @@ describe "elasticsearch is down on startup", :integration => true do
   end
 
   it 'should ingest events when Elasticsearch recovers after documents are sent' do
-    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_raise(::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new(StandardError.new, "big fail"))
+    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_raise(
+        ::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new StandardError.new("TEST: after docs are sent"), 'http://test.es/'
+    )
     subject.register
     Thread.new do
       sleep 4
@@ -56,11 +60,13 @@ describe "elasticsearch is down on startup", :integration => true do
   end
 
   it 'should get cluster_uuid when Elasticsearch recovers from license check failure' do
-    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_license).with(instance_of(LogStash::Util::SafeURI)).and_raise(::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new(StandardError.new, "big fail"))
+    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_license).and_raise(
+        ::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new StandardError.new("TEST: docs are sent"), 'http://test.es/_license'
+    )
     subject.register
     Thread.new do
       sleep 4
-      allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_license).with(instance_of(LogStash::Util::SafeURI)).and_call_original
+      allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_license).and_call_original
     end
     subject.multi_receive([event1, event2])
     @es.indices.refresh

data/spec/integration/outputs/retry_spec.rb

@@ -45,7 +45,8 @@ describe "failures in bulk class expected behavior", :integration => true do
       "template_overwrite" => true,
       "hosts" => get_host_port(),
       "retry_max_interval" => 64,
-      "retry_initial_interval" => 2
+      "retry_initial_interval" => 2,
+      "ecs_compatibility" => "disabled", # specs are tightly tied to non-ECS defaults
     }
     next LogStash::Outputs::ElasticSearch.new(settings)
   end

data/spec/unit/outputs/elasticsearch_ssl_spec.rb

@@ -33,7 +33,7 @@ describe "SSL option" do
     
     it "should pass the flag to the ES client" do
       expect(::Manticore::Client).to receive(:new) do |args|
-        expect(args[:ssl]).to eq(:enabled => true, :verify => false)
+        expect(args[:ssl]).to match hash_including(:enabled => true, :verify => :disable)
       end.and_return(manticore_double)
       
       subject.register