logstash-output-elasticsearch 6.2.1-java → 6.2.2-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e5784a9d0afcd410642c33e371a91d7a8111a233
-  data.tar.gz: 7b1587c58e64395a14632f4d9172a1357af2b8c7
+  metadata.gz: e928c352ff9142db2275179850ffc1d83429bad1
+  data.tar.gz: eddc0f4e40153c9a04eee2fd962dd2a8cc16a762
 SHA512:
-  metadata.gz: 1711322d80f101e96e84ff8aa12d519d8226ab497abd458f1c492858c7ec0d7efa42f9893e5aea2234d8c7cd7ee32bc5a421d396db6888cfa25f7dcc47d0a7a5
-  data.tar.gz: 69564e37569720085ec839fd4ceae3210d2a63f31ae67ee2ee8ec4019af9325f7854e0da1641a966d1683ef9362afc295bdaee52201a1b280d0eca10cbb11421
+  metadata.gz: c4f28bda7b2a2a1d7abcb3e6c490be2e934ca09212bf8fbe73221f755be7fdb3a52977e219acf1cf79d09c59f8d63c0619b3653580fec3107b5725ded6279cbc
+  data.tar.gz: 71b74147d53ed2a662ceff0bbec1e1896c34ef984f92bed18096eec4c057eed9d05f111b4dca12346d6129fab022389ae6b384e85733f0d23ec12a1232d15f5e

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 6.2.2
+- Fixed a bug that forced users to URL encode the `password` option.
+  If you are currently manually escaping your passwords upgrading to this version
+  will break authentication. You should unescape your password if you have implemented
+  this workaround as it will otherwise be doubly encoded.
+  URL escaping is STILL required for passwords inline with URLs in the `hosts` option. 
+
 ## 6.2.1
 - When an HTTP error is encountered, log the response body instead of the request.
   The request body will still be logged at debug level.

data/lib/logstash/outputs/elasticsearch/common_configs.rb

@@ -87,6 +87,8 @@ module LogStash; module Outputs; class ElasticSearch
       #     `["https://127.0.0.1:9200/mypath"]` (If using a proxy on a subpath)
       # It is important to exclude http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[dedicated master nodes] from the `hosts` list
       # to prevent LS from sending bulk requests to the master nodes.  So this parameter should only reference either data or client nodes in Elasticsearch.
+      # 
+      # Any special characters present in the URLs here MUST be URL escaped! This means `#` should be put in as `%23` for instance.
       mod.config :hosts, :validate => :uri, :default => [::LogStash::Util::SafeURI.new("//127.0.0.1")], :list => true
 
       # This plugin uses the bulk index API for improved indexing performance.

data/lib/logstash/outputs/elasticsearch/http_client_builder.rb

@@ -1,3 +1,5 @@
+require 'cgi'
+
 module LogStash; module Outputs; class ElasticSearch;
   module HttpClientBuilder
     def self.build(logger, hosts, params)
@@ -119,11 +121,28 @@ module LogStash; module Outputs; class ElasticSearch;
 
     def self.setup_basic_auth(logger, params)
       user, password = params["user"], params["password"]
-      return {} unless user && password
+      unsafe_password = password && password.value
+      unsafe_escaped_password = unsafe_password ? CGI.escape(unsafe_password) : nil
+      
+      # TODO: Remove this when we release LS6.0.0
+      if unsafe_password =~ /%[0-9A-Fa-f]{2}/
+        m <<-EOM
+        The Elasticsearch output was provided a password that looks like it includes URL encoded characters.
+        Previous versions of this plugin had a bug that required a workaround where users needed to manually
+        URL encode special characters in the password field. Given this, URL encoded strings will 
+        be doubly escaped making authentication fail. This may not apply to you.
+        If your password just happens to include string parts that simply look 
+        like URL encoded strings like '%2F' but are in fact just a part of your 
+        password then you can safely ignore this message. 
+        EOM
+        @logger.warn(m)
+      end
+      
+      return {} unless user && unsafe_escaped_password
 
       {
         :user => user,
-        :password => password.value
+        :password => unsafe_escaped_password
       }
     end
   end

data/logstash-output-elasticsearch.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-output-elasticsearch'
-  s.version         = '6.2.1'
+  s.version         = '6.2.2'
   s.licenses        = ['apache-2.0']
   s.summary         = "Logstash Output to Elasticsearch"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/unit/http_client_builder_spec.rb

@@ -6,7 +6,7 @@ describe LogStash::Outputs::ElasticSearch::HttpClientBuilder do
   describe "auth setup with url encodable passwords" do
     let(:klass) { LogStash::Outputs::ElasticSearch::HttpClientBuilder }
     let(:user) { "foo@bar"}
-    let(:password) {"baz@blah" }
+    let(:password) {"bazblah" }
     let(:password_secured) do
       secured = double("password")
       allow(secured).to receive(:value).and_return(password)
@@ -23,5 +23,13 @@ describe LogStash::Outputs::ElasticSearch::HttpClientBuilder do
     it "should return the password verbatim" do
       expect(auth_setup[:password]).to eql(password)
     end
+    
+    context "passwords that need escaping" do
+      let(:password) { "foo@bar#" }
+      
+      it "should escape the password" do
+        expect(auth_setup[:password]).to eql("foo%40bar%23")
+      end
+    end
   end
-end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-elasticsearch
 version: !ruby/object:Gem::Version
-  version: 6.2.1
+  version: 6.2.2
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-01-13 00:00:00.000000000 Z
+date: 2017-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement