logstash-output-elasticsearch 11.5.0-java → 11.6.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/docs/index.asciidoc +10 -0
- data/lib/logstash/outputs/elasticsearch/http_client_builder.rb +2 -0
- data/lib/logstash/plugin_mixins/elasticsearch/api_configs.rb +13 -1
- data/lib/logstash/plugin_mixins/elasticsearch/common.rb +6 -1
- data/logstash-output-elasticsearch.gemspec +2 -1
- data/spec/fixtures/test_certs/ca.crt +27 -30
- data/spec/fixtures/test_certs/ca.der.sha256 +1 -0
- data/spec/fixtures/test_certs/renew.sh +13 -0
- data/spec/fixtures/test_certs/test.crt +28 -34
- data/spec/fixtures/test_certs/test.der.sha256 +1 -0
- data/spec/fixtures/test_certs/test.p12 +0 -0
- data/spec/integration/outputs/index_spec.rb +72 -1
- metadata +22 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cd68d4f20c14d9cac712f5069acb4085abbd6ed2a3e7d88dc99e5337de810608
|
|
4
|
+
data.tar.gz: c88b315e6cdd40597773a47be79c174e0c4b6a8aef8b355cef2e1f5bd6cdb536
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 44254336c7076ca9bf5289b753f4e472f1186a639a8f0572057b865b975a1e1f258598e30c2778b64782993a80a79456a42b88ef4c0915b17312de63362935c8
|
|
7
|
+
data.tar.gz: 808cc047ba6a3020ab334c11dbc123e22777e62894ac39c5557563b670d7b3adb4aac5326e98d6e9c505cc83743a93ccbacefec7e8458d7d2b4651431654d451
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
## 11.6.0
|
|
2
|
+
- Added support for `ca_trusted_fingerprint` when run on Logstash 8.3+ [#1074](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1074)
|
|
3
|
+
|
|
1
4
|
## 11.5.0
|
|
2
5
|
- Feat: add ssl_supported_protocols option [#1055](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1055)
|
|
3
6
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -307,6 +307,7 @@ This plugin supports the following configuration options plus the
|
|
|
307
307
|
| <<plugins-{type}s-{plugin}-api_key>> |<<password,password>>|No
|
|
308
308
|
| <<plugins-{type}s-{plugin}-bulk_path>> |<<string,string>>|No
|
|
309
309
|
| <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|No
|
|
310
|
+
| <<plugins-{type}s-{plugin}-ca_trusted_fingerprint>> |<<string,string>>|No
|
|
310
311
|
| <<plugins-{type}s-{plugin}-cloud_auth>> |<<password,password>>|No
|
|
311
312
|
| <<plugins-{type}s-{plugin}-cloud_id>> |<<string,string>>|No
|
|
312
313
|
| <<plugins-{type}s-{plugin}-custom_headers>> |<<hash,hash>>|No
|
|
@@ -422,6 +423,15 @@ this defaults to a concatenation of the path parameter and "_bulk"
|
|
|
422
423
|
|
|
423
424
|
The .cer or .pem file to validate the server's certificate.
|
|
424
425
|
|
|
426
|
+
[id="plugins-{type}s-{plugin}-ca_trusted_fingerprint"]
|
|
427
|
+
===== `ca_trusted_fingerprint`
|
|
428
|
+
|
|
429
|
+
* Value type is <<string,string>>, and must contain exactly 64 hexadecimal characters.
|
|
430
|
+
* There is no default value for this setting.
|
|
431
|
+
* Use of this option _requires_ Logstash 8.3+
|
|
432
|
+
|
|
433
|
+
The SHA-256 fingerprint of an SSL Certificate Authority to trust, such as the autogenerated self-signed CA for an Elasticsearch cluster.
|
|
434
|
+
|
|
425
435
|
[id="plugins-{type}s-{plugin}-cloud_auth"]
|
|
426
436
|
===== `cloud_auth`
|
|
427
437
|
|
|
@@ -139,6 +139,8 @@ module LogStash; module Outputs; class ElasticSearch;
|
|
|
139
139
|
ssl_options[:verify] = :disable # false accepts self-signed but still validates hostname
|
|
140
140
|
end
|
|
141
141
|
|
|
142
|
+
ssl_options[:trust_strategy] = params["ssl_trust_strategy"] if params.include?("ssl_trust_strategy")
|
|
143
|
+
|
|
142
144
|
protocols = params['ssl_supported_protocols']
|
|
143
145
|
ssl_options[:protocols] = protocols if protocols && protocols.any?
|
|
144
146
|
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
|
|
2
|
+
require 'logstash/plugin_mixins/ca_trusted_fingerprint_support'
|
|
3
|
+
|
|
1
4
|
module LogStash; module PluginMixins; module ElasticSearch
|
|
2
5
|
module APIConfigs
|
|
3
6
|
|
|
@@ -52,6 +55,9 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
|
52
55
|
# The .cer or .pem file to validate the server's certificate
|
|
53
56
|
:cacert => { :validate => :path },
|
|
54
57
|
|
|
58
|
+
# One or more hex-encoded SHA256 fingerprints to trust as Certificate Authorities
|
|
59
|
+
:ca_trusted_fingerprint => LogStash::PluginMixins::CATrustedFingerprintSupport,
|
|
60
|
+
|
|
55
61
|
# The JKS truststore to validate the server's certificate.
|
|
56
62
|
# Use either `:truststore` or `:cacert`
|
|
57
63
|
:truststore => { :validate => :path },
|
|
@@ -163,7 +169,13 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
|
163
169
|
}.freeze
|
|
164
170
|
|
|
165
171
|
def self.included(base)
|
|
166
|
-
CONFIG_PARAMS.each
|
|
172
|
+
CONFIG_PARAMS.each do |name, opts|
|
|
173
|
+
if opts.kind_of?(Module)
|
|
174
|
+
base.include(opts)
|
|
175
|
+
else
|
|
176
|
+
base.config(name, opts)
|
|
177
|
+
end
|
|
178
|
+
end
|
|
167
179
|
end
|
|
168
180
|
end
|
|
169
181
|
end; end; end
|
|
@@ -27,6 +27,11 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
|
27
27
|
fill_hosts_from_cloud_id
|
|
28
28
|
setup_hosts
|
|
29
29
|
|
|
30
|
+
# inject the TrustStrategy from CATrustedFingerprintSupport
|
|
31
|
+
if trust_strategy_for_ca_trusted_fingerprint
|
|
32
|
+
params["ssl_trust_strategy"] = trust_strategy_for_ca_trusted_fingerprint
|
|
33
|
+
end
|
|
34
|
+
|
|
30
35
|
params["metric"] = metric
|
|
31
36
|
if @proxy.eql?('')
|
|
32
37
|
@logger.warn "Supplied proxy setting (proxy => '') has no effect"
|
|
@@ -165,7 +170,7 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
|
165
170
|
|
|
166
171
|
sleep_interval = @retry_initial_interval
|
|
167
172
|
|
|
168
|
-
while submit_actions && submit_actions.
|
|
173
|
+
while submit_actions && submit_actions.size > 0
|
|
169
174
|
|
|
170
175
|
# We retry with whatever is didn't succeed
|
|
171
176
|
begin
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-output-elasticsearch'
|
|
3
|
-
s.version = '11.
|
|
3
|
+
s.version = '11.6.0'
|
|
4
4
|
s.licenses = ['apache-2.0']
|
|
5
5
|
s.summary = "Stores logs in Elasticsearch"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -25,6 +25,7 @@ Gem::Specification.new do |s|
|
|
|
25
25
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
|
26
26
|
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.0'
|
|
27
27
|
s.add_runtime_dependency 'logstash-mixin-deprecation_logger_support', '~>1.0'
|
|
28
|
+
s.add_runtime_dependency 'logstash-mixin-ca_trusted_fingerprint_support', '~>1.0'
|
|
28
29
|
|
|
29
30
|
s.add_development_dependency 'logstash-codec-plain'
|
|
30
31
|
s.add_development_dependency 'logstash-devutils'
|
|
@@ -1,32 +1,29 @@
|
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
rJS678BNBVxInc7dzpY6el0Lr70CGwiJpX/N9P1yiTFZ7GZm3Kax8QnTtvqXzRIy
|
|
30
|
-
sBgt8BVZHUe1lWFYlG+jlakiXqz752nmHuwif7iBI4iWzRmW2vYPfTEmYPRLZES2
|
|
31
|
-
nIg9fQPvVw+fIHACZQ==
|
|
2
|
+
MIIFDDCCAvQCAQEwDQYJKoZIhvcNAQEFBQAwTDELMAkGA1UEBhMCUFQxCzAJBgNV
|
|
3
|
+
BAgMAk5BMQ8wDQYDVQQHDAZMaXNib24xDjAMBgNVBAoMBU15TGFiMQ8wDQYDVQQD
|
|
4
|
+
DAZSb290Q0EwHhcNMjIwNTIzMTcyODU1WhcNMjMwNTIzMTcyODU1WjBMMQswCQYD
|
|
5
|
+
VQQGEwJQVDELMAkGA1UECAwCTkExDzANBgNVBAcMBkxpc2JvbjEOMAwGA1UECgwF
|
|
6
|
+
TXlMYWIxDzANBgNVBAMMBlJvb3RDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
|
|
7
|
+
AgoCggIBAMtTMqAWuH17b9XqPa5L3HNqgnZ958+gvcOt7Q/sOEvcDQJgkzZ+Gywh
|
|
8
|
+
5er5JF2iomYOHiD5JncYr4YmRQKuYfD6B1WI5FuQthD/OlA1/RHqtbY27J33SaO6
|
|
9
|
+
6ro8gal7vjHrXKQkefVYRwdfO6DqqbhV6L4sMiy8FzQ55TMpoM35cWuvoAMxvSQq
|
|
10
|
+
GZ4pYYKnfNSGhzHvssfNS1xu/Lwb7Vju4jPhp+43BkGwEimI5km7jNC1nwjiHtxD
|
|
11
|
+
sY/s93AKa/vLktXKUK5nA3jjJOhAbRTVnbOAgxFt0YbX98xW/aUqscgBUVs9J/My
|
|
12
|
+
TRMwVKJ7Vsmth1PdJQksUASuzESlSPl09dMjTQ+MXzJDt0JvX8SIJPmbBng78MSa
|
|
13
|
+
CUhpOZiii1l2mBfPWejx20I/SMCUNmzbwm2w9JD50Jv2iX4l4ge4H1CIK1/orW1p
|
|
14
|
+
dY9xPL0uKYm6ADsDC0B8sGgNMBXeB6aLojY1/ITwmmfpfk9c/yWPfC7stHgCYRAv
|
|
15
|
+
5MfGAsmv0/ya5VrWQGBJkFiYy1pon6nxUjCbgn0RABojRoGdhhY3QDipgwmSgFZx
|
|
16
|
+
r064RFr1bt/Ml3MJmPf535mSwPdk/j/zw4IZTvlmwKW3FyMDhwYL/zX7J0c6MzMP
|
|
17
|
+
LEdi73Qjzmr3ENIrir4O86wNz81YRfYkg9ZX8yKJK9LBAUrYCjJ3AgMBAAEwDQYJ
|
|
18
|
+
KoZIhvcNAQEFBQADggIBAAGUkKT6GwoOOqPT7/FTdjU7h6q2vAaevd/TbYOBjhMw
|
|
19
|
+
XNVpmuIE/r9mXF5lR1MuMebUXIWrrthXeX0TqucQzsJI+pCNugQP0HyUNF83S4l9
|
|
20
|
+
G/0xvL2iYx7ftkMtje/NNiCUMpaXxulHi94fx4Kbivihlga6f8OF4+wNmIatb5bp
|
|
21
|
+
SnLE/CsE3vLrwPZgcROXhKy8ESAI4mLclOn86nOXbIunFRNxFHis/dQOxX+CfkPp
|
|
22
|
+
CDJv10jiaG9HCcGppNzDfxP0+v67RU2zTsCktEIILYBGTBBi5jczbtbtM0L/VCIA
|
|
23
|
+
AoJTGWkKtPUesAuthPaHsOAXUSnNYakf4PEyJF6g9mIiFyeosGNhgNcA6coKsX+6
|
|
24
|
+
pzS2pr+X2TiuNMGTCayFFIDpLvr99pPbf1yq2IBkEn09uZHLS/xyDxYtNaJAhbUh
|
|
25
|
+
JuszjjjfHDHVTnDykyIoTzfeLICFKoMRL0rUedljqYuI0QAic6rgn68dkfYK8zzy
|
|
26
|
+
IjRK5wZ4rM94xcEQfJSDxusJSPlCPTN4oe6A5HCaHe4GKYihiGKlOMGWkCxwYVa5
|
|
27
|
+
nl88TNh2xG6y+ZZMQDQJdRBwmJ/i+rDRTxHGuemQka5bZH8PRZGBYUiIRVS7N8px
|
|
28
|
+
Y1ITp+FdSlJAm41UGChuF8Our31AqZYvLNRWAvLJRhR/kNM9HMeURz7zI/KKYhlA
|
|
32
29
|
-----END CERTIFICATE-----
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
3e1c908fb2d7f1634643bb75462119c55a7cc392cd1877dd91d9f15f87e86757
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
#!/usr/bin/env bash
|
|
2
|
+
|
|
3
|
+
set -e
|
|
4
|
+
cd "$(dirname "$0")"
|
|
5
|
+
|
|
6
|
+
openssl x509 -x509toreq -in ca.crt -signkey ca.key -out ca.csr
|
|
7
|
+
openssl x509 -req -days 365 -in ca.csr -set_serial 0x01 -signkey ca.key -out ca.crt && rm ca.csr
|
|
8
|
+
openssl x509 -in ca.crt -outform der | sha256sum | awk '{print $1}' > ca.der.sha256
|
|
9
|
+
|
|
10
|
+
openssl x509 -x509toreq -in test.crt -signkey test.key -out test.csr
|
|
11
|
+
openssl x509 -req -days 365 -in test.csr -set_serial 0x01 -CA ca.crt -CAkey ca.key -out test.crt && rm test.csr
|
|
12
|
+
openssl x509 -in test.crt -outform der | sha256sum | awk '{print $1}' > test.der.sha256
|
|
13
|
+
openssl pkcs12 -export -inkey test.key -in test.crt -passout "pass:1234567890" -out test.p12
|
|
@@ -1,36 +1,30 @@
|
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
/
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
y9hq2b49bYlcSQMtmlimCBDiu82z0aYtVFLalZ2L/W7CMaeE3jpyzu/bbygRv/Bp
|
|
31
|
-
lKSaUtaFIVgiuRBPwIBDMyai3CJ5L+dJrJPU2JzzQvtJGFQCFCIHd9rqweubZB6V
|
|
32
|
-
re5cUn4dxlxA5SkZ0amFFV5DpP0YhThA/gq0t/NeWRmCEEBWNXZaqFmDhiYS5mnu
|
|
33
|
-
Z+NUtv8E332S46RdfneHe961SlMXEFC96I+1HOjXHdXlqKfOU8Qvy8VzsnpjuNE5
|
|
34
|
-
VTrvnAM1L3LwqtYQYfUWUHYZFYdvh8layA2ImNE7yx/9wIIkw/L1j9m71Upi6WKR
|
|
35
|
-
FKbYFqzgpWksa+zZ2RYYplUAxq0wYw==
|
|
2
|
+
MIIFEzCCAvsCAQEwDQYJKoZIhvcNAQEFBQAwTDELMAkGA1UEBhMCUFQxCzAJBgNV
|
|
3
|
+
BAgMAk5BMQ8wDQYDVQQHDAZMaXNib24xDjAMBgNVBAoMBU15TGFiMQ8wDQYDVQQD
|
|
4
|
+
DAZSb290Q0EwHhcNMjIwNTIzMTcyODU1WhcNMjMwNTIzMTcyODU1WjBTMQswCQYD
|
|
5
|
+
VQQGEwJQVDELMAkGA1UECAwCTkExDzANBgNVBAcMBkxpc2JvbjEOMAwGA1UECgwF
|
|
6
|
+
TXlMYWIxFjAUBgNVBAMMDWVsYXN0aWNzZWFyY2gwggIiMA0GCSqGSIb3DQEBAQUA
|
|
7
|
+
A4ICDwAwggIKAoICAQDGIT9szzhN5HvZ2nivnCDzVfdYbbqBhgEbPppWPyFcV0r2
|
|
8
|
+
rtmWfeK5EEdsTS/Ey4owTceOplPpAp4svF+a/i1/bHhqnQYYU4f7Qic4fDAszLdi
|
|
9
|
+
SIo0o1csNvIogm/P+uvSzE6eZRZUSmo49dY5SKSJt6Pjh6lM2MHEjsPKIKdAN57w
|
|
10
|
+
EN90q4IZv6AHE9rphqxcmF1k+j5xmhCUS1EJ+y7hyZ0S7Hghdgp/0cxSu/7YlVYy
|
|
11
|
+
JpkIlQd3RPXzEf6VSYjtr9Ajp1rhvv2611q0CB5NALg/KR3OiMPYmTg5HAKOdweN
|
|
12
|
+
am76nG3VxTeV3y+LW/pZAbi4qAl+4/c0eOGsL7o/YSn7qhThU1AWS9kY1WxTCrKR
|
|
13
|
+
h58rUGRfmvpnOR99xvR4jz942RNiY61pTmsvo+iJspTII3GZhwIGlHtxE9Rn50lW
|
|
14
|
+
QcDuDDHfObWhzb4rS55BERIwDUqD1LgCRd0ikRxPSvI1AM4cl35b4DTaDLcnM6EO
|
|
15
|
+
fy+QTYsgNoftU1PI1onDQ7ZdfgrTrIBFQQRwOqfyB4bB2zWVj62LSDvZoYYicNUe
|
|
16
|
+
cqyE1542WNKzmyE8Mrf3uknN2J6EH7EhmiyRBtGg3NEQCwIYM4/kWPNPOtkSjsn3
|
|
17
|
+
cNbMNUZiSnQn/nTs4T8g6b2rrwsay/FGUE83AbPqqcTlp2RUVnjbC8KA5+iV1wID
|
|
18
|
+
AQABMA0GCSqGSIb3DQEBBQUAA4ICAQAhg0y7SfTv2RIcU8tsvSGOpXM6KPx111eJ
|
|
19
|
+
pWrJTEZBCieCUhkonmlUifZHjV6B4d1OiS3GBXP0iAWff3Pb40co8AR4Brhne7Bd
|
|
20
|
+
xkD8TKReJ/sfeKDsr3enLxFrmcxWCD5x9b6ybl7aotzP1S286rPpehE3QKJM3L1Z
|
|
21
|
+
tRZik7pE3Iju4PpnvfaOAoJup9+v9Y6ySMKcMY19b/izM9VPwF+hllFQ31bibCRz
|
|
22
|
+
Mqa1o9k27e1MQEH7LpGcUBY18fofb2Ie3Y+wzfXm/xG/JrXxgRD/rpyBapCM6jcZ
|
|
23
|
+
C11mj2st+0/9pj4trhq39fj7f3+GWvOY2kZj9x/05gXcFmeaVOnZr/njcQfLd9K7
|
|
24
|
+
2WD1tgr4fTgG8H3UOUMfw5u+pGfAeky1mgHwkjNT6H9PDtoi3lh4y/CmspSSv6t7
|
|
25
|
+
szbaKZUsxXz49hLt8q4IrtHrzqVa3Jk5YXt3GAFlXP1ZnwV5/fvltFNrvpWeUjTn
|
|
26
|
+
IR9CLcYTV9gsLVq7OKFAwelBmcBbbyRoQdqFeoePhv6Frw9mDBoyYoZ8oMmg20to
|
|
27
|
+
in9VrxtbDjw9qaSY58kGNj1cKV5eUnKOi9v0gDjrVyKVuesnDeOmoi25/YvBbBA5
|
|
28
|
+
TKgMUwSmJ2P5p6W4h0ftV/Nyy1Hx/rwJ7ZcvUJCtwgCNOeXw9e61Ys+C2ruLSPuh
|
|
29
|
+
wRncxHmbiw==
|
|
36
30
|
-----END CERTIFICATE-----
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
dca380f330bdf3d4b242b3c48d541c4698eaffa0d532316b27e6080443e601b5
|
|
Binary file
|
|
@@ -93,8 +93,10 @@ describe "indexing" do
|
|
|
93
93
|
|
|
94
94
|
let(:initial_events) { [] }
|
|
95
95
|
|
|
96
|
+
let(:do_register) { true }
|
|
97
|
+
|
|
96
98
|
before do
|
|
97
|
-
subject.register
|
|
99
|
+
subject.register if do_register
|
|
98
100
|
subject.multi_receive(initial_events) if initial_events
|
|
99
101
|
end
|
|
100
102
|
|
|
@@ -103,6 +105,18 @@ describe "indexing" do
|
|
|
103
105
|
end
|
|
104
106
|
|
|
105
107
|
shared_examples "an indexer" do |secure|
|
|
108
|
+
before(:each) do
|
|
109
|
+
host_unreachable_error_class = LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError
|
|
110
|
+
allow(host_unreachable_error_class).to receive(:new).with(any_args).and_wrap_original do |m, original, url|
|
|
111
|
+
if original.message.include?("PKIX path building failed")
|
|
112
|
+
$stderr.puts "Client not connecting due to PKIX path building failure; " +
|
|
113
|
+
"shutting plugin down to prevent infinite retries"
|
|
114
|
+
subject.close # premature shutdown to prevent infinite retry
|
|
115
|
+
end
|
|
116
|
+
m.call(original, url)
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
|
|
106
120
|
it "ships events" do
|
|
107
121
|
subject.multi_receive(events)
|
|
108
122
|
|
|
@@ -144,6 +158,32 @@ describe "indexing" do
|
|
|
144
158
|
end
|
|
145
159
|
end
|
|
146
160
|
|
|
161
|
+
shared_examples "PKIX path failure" do
|
|
162
|
+
let(:do_register) { false }
|
|
163
|
+
let(:host_unreachable_error_class) { LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError }
|
|
164
|
+
|
|
165
|
+
before(:each) do
|
|
166
|
+
limit_execution
|
|
167
|
+
end
|
|
168
|
+
|
|
169
|
+
let(:limit_execution) do
|
|
170
|
+
Thread.new { sleep 5; subject.close }
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
it 'fails to establish TLS' do
|
|
174
|
+
allow(host_unreachable_error_class).to receive(:new).with(any_args).and_call_original.at_least(:once)
|
|
175
|
+
|
|
176
|
+
subject.register
|
|
177
|
+
limit_execution.join
|
|
178
|
+
|
|
179
|
+
sleep 1
|
|
180
|
+
|
|
181
|
+
expect(host_unreachable_error_class).to have_received(:new).at_least(:once) do |original, url|
|
|
182
|
+
expect(original.message).to include("PKIX path building failed")
|
|
183
|
+
end
|
|
184
|
+
end
|
|
185
|
+
end
|
|
186
|
+
|
|
147
187
|
describe "an indexer with custom index_type", :integration => true do
|
|
148
188
|
let(:config) {
|
|
149
189
|
{
|
|
@@ -244,6 +284,37 @@ describe "indexing" do
|
|
|
244
284
|
include_examples("an indexer", true)
|
|
245
285
|
end
|
|
246
286
|
|
|
287
|
+
context "without providing `cacert`" do
|
|
288
|
+
let(:config) do
|
|
289
|
+
super().tap do |c|
|
|
290
|
+
c.delete("cacert")
|
|
291
|
+
end
|
|
292
|
+
end
|
|
293
|
+
|
|
294
|
+
it_behaves_like("PKIX path failure")
|
|
295
|
+
end
|
|
296
|
+
|
|
297
|
+
if Gem::Version.new(LOGSTASH_VERSION) >= Gem::Version.new("8.3.0")
|
|
298
|
+
context "with `ca_trusted_fingerprint` instead of `cacert`" do
|
|
299
|
+
let(:config) do
|
|
300
|
+
super().tap do |c|
|
|
301
|
+
c.delete("cacert")
|
|
302
|
+
c.update("ca_trusted_fingerprint" => ca_trusted_fingerprint)
|
|
303
|
+
end
|
|
304
|
+
end
|
|
305
|
+
let(:ca_trusted_fingerprint) { File.read("spec/fixtures/test_certs/test.der.sha256").chomp }
|
|
306
|
+
|
|
307
|
+
|
|
308
|
+
it_behaves_like("an indexer", true)
|
|
309
|
+
|
|
310
|
+
context 'with an invalid `ca_trusted_fingerprint`' do
|
|
311
|
+
let(:ca_trusted_fingerprint) { super().reverse }
|
|
312
|
+
|
|
313
|
+
it_behaves_like("PKIX path failure")
|
|
314
|
+
end
|
|
315
|
+
end
|
|
316
|
+
end
|
|
317
|
+
|
|
247
318
|
context 'with enforced TLSv1.3 protocol' do
|
|
248
319
|
let(:config) { super().merge 'ssl_supported_protocols' => [ 'TLSv1.3' ] }
|
|
249
320
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-output-elasticsearch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 11.
|
|
4
|
+
version: 11.6.0
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-05-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -98,6 +98,20 @@ dependencies:
|
|
|
98
98
|
- - "~>"
|
|
99
99
|
- !ruby/object:Gem::Version
|
|
100
100
|
version: '1.0'
|
|
101
|
+
- !ruby/object:Gem::Dependency
|
|
102
|
+
requirement: !ruby/object:Gem::Requirement
|
|
103
|
+
requirements:
|
|
104
|
+
- - "~>"
|
|
105
|
+
- !ruby/object:Gem::Version
|
|
106
|
+
version: '1.0'
|
|
107
|
+
name: logstash-mixin-ca_trusted_fingerprint_support
|
|
108
|
+
prerelease: false
|
|
109
|
+
type: :runtime
|
|
110
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
111
|
+
requirements:
|
|
112
|
+
- - "~>"
|
|
113
|
+
- !ruby/object:Gem::Version
|
|
114
|
+
version: '1.0'
|
|
101
115
|
- !ruby/object:Gem::Dependency
|
|
102
116
|
requirement: !ruby/object:Gem::Requirement
|
|
103
117
|
requirements:
|
|
@@ -245,8 +259,11 @@ files:
|
|
|
245
259
|
- spec/fixtures/template-with-policy-es7x.json
|
|
246
260
|
- spec/fixtures/template-with-policy-es8x.json
|
|
247
261
|
- spec/fixtures/test_certs/ca.crt
|
|
262
|
+
- spec/fixtures/test_certs/ca.der.sha256
|
|
248
263
|
- spec/fixtures/test_certs/ca.key
|
|
264
|
+
- spec/fixtures/test_certs/renew.sh
|
|
249
265
|
- spec/fixtures/test_certs/test.crt
|
|
266
|
+
- spec/fixtures/test_certs/test.der.sha256
|
|
250
267
|
- spec/fixtures/test_certs/test.key
|
|
251
268
|
- spec/fixtures/test_certs/test.p12
|
|
252
269
|
- spec/fixtures/test_certs/test_invalid.crt
|
|
@@ -327,8 +344,11 @@ test_files:
|
|
|
327
344
|
- spec/fixtures/template-with-policy-es7x.json
|
|
328
345
|
- spec/fixtures/template-with-policy-es8x.json
|
|
329
346
|
- spec/fixtures/test_certs/ca.crt
|
|
347
|
+
- spec/fixtures/test_certs/ca.der.sha256
|
|
330
348
|
- spec/fixtures/test_certs/ca.key
|
|
349
|
+
- spec/fixtures/test_certs/renew.sh
|
|
331
350
|
- spec/fixtures/test_certs/test.crt
|
|
351
|
+
- spec/fixtures/test_certs/test.der.sha256
|
|
332
352
|
- spec/fixtures/test_certs/test.key
|
|
333
353
|
- spec/fixtures/test_certs/test.p12
|
|
334
354
|
- spec/fixtures/test_certs/test_invalid.crt
|