logstash-output-elasticsearch 12.1.3-java → 12.1.5-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +1 -1
- data/docs/index.asciidoc +11 -3
- data/lib/logstash/outputs/elasticsearch/http_client_builder.rb +23 -2
- data/lib/logstash/plugin_mixins/elasticsearch/api_configs.rb +2 -1
- data/logstash-output-elasticsearch.gemspec +2 -2
- data/spec/unit/http_client_builder_spec.rb +34 -0
- data/version +1 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 84a9fb2d6f4345422640ad3b59e9c0cb59b330569cbd33dc79cc1356b828bd34
|
|
4
|
+
data.tar.gz: 73375c880a26de3986cc1b984f3f898af055f040e1b3ea8e9772c1be78c03a3f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b5c8e15da6a79b51df996e6295687281d1dd19d668b6443455aeee3218e2c88f1aea271560cdad6bbde6a5c1ce44085e9bac4acb8dd65f4b84a596f589be1369
|
|
7
|
+
data.tar.gz: 5ae3d4135fd0f18460b7872b58f8385ed254c9154cd150116f43cae5b54557e92a0ac7403fac7e51161b1ffc24171cf49571662c25684a46adb02a866e73e720
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## 12.1.5
|
|
2
|
+
- Support Elastic Cloud API keys in the `api_key` option, which now accepts an `id:api_key` pair, its base64-encoded form, or an `essu_` Cloud API key, and rejects an unrecognized format at startup [#1274](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1274)
|
|
3
|
+
|
|
4
|
+
## 12.1.4
|
|
5
|
+
- [Doc] Add note for index option [#1269](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1269)
|
|
6
|
+
|
|
1
7
|
## 12.1.3
|
|
2
8
|
- Improves the logging experience when DLQ used [#1253](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1253)
|
|
3
9
|
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Logstash Plugin
|
|
2
2
|
|
|
3
|
-
[](https://github.com/logstash-plugins/logstash-output-elasticsearch/actions/workflows/tests.yml)
|
|
3
|
+
[](https://github.com/logstash-plugins/logstash-output-elasticsearch/actions/workflows/unit-tests.yml)
|
|
4
4
|
[](https://github.com/logstash-plugins/logstash-output-elasticsearch/actions/workflows/secure-integration-tests.yml)
|
|
5
5
|
[](https://github.com/logstash-plugins/logstash-output-elasticsearch/actions/workflows/integration-tests.yml)
|
|
6
6
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -467,8 +467,11 @@ For more details on actions, check out the {ref}/docs-bulk.html[Elasticsearch bu
|
|
|
467
467
|
Authenticate using Elasticsearch API key.
|
|
468
468
|
Note that this option also requires SSL/TLS, which can be enabled by supplying a <<plugins-{type}s-{plugin}-cloud_id>>, a list of HTTPS <<plugins-{type}s-{plugin}-hosts>>, or by setting <<plugins-{type}s-{plugin}-ssl_enabled,`ssl_enabled => true`>>.
|
|
469
469
|
|
|
470
|
-
|
|
471
|
-
Elasticsearch {ref}/security-api-create-api-key.html[Create API key API].
|
|
470
|
+
The format is `id:api_key`, where `id` and `api_key` are as returned by the
|
|
471
|
+
Elasticsearch {ref}/security-api-create-api-key.html[Create API key API]. The
|
|
472
|
+
base64-encoded form of that pair is also accepted, as is an
|
|
473
|
+
https://www.elastic.co/docs/deploy-manage/api-keys/elastic-cloud-api-keys[Elastic Cloud API key]
|
|
474
|
+
(prefixed with `essu_`), which is used as-is.
|
|
472
475
|
|
|
473
476
|
[id="plugins-{type}s-{plugin}-bulk_path"]
|
|
474
477
|
===== `bulk_path`
|
|
@@ -842,10 +845,15 @@ NOTE: `ilm_rollover_alias` does NOT support dynamic variable substitution as
|
|
|
842
845
|
The indexing target to write events to.
|
|
843
846
|
Can point to an {ref}/index-mgmt.html[index], {ref}/aliases.html[alias], or {ref}/data-streams.html[data stream].
|
|
844
847
|
This can be dynamic using the `%{foo}` syntax.
|
|
848
|
+
|
|
849
|
+
NOTE: When using dynamic syntax, verify that the resolved index names align with your cluster index templates and Index Lifecycle Management (ILM) configuration.
|
|
850
|
+
|
|
851
|
+
WARNING: Date math (e.g. `%{+yyyy.MM.dd}`) is not recommended for use with aliases or data streams.
|
|
852
|
+
|
|
845
853
|
The default value will partition your indices by day so you can more easily
|
|
846
854
|
delete old data or only search specific date ranges.
|
|
847
855
|
Indexes may not contain uppercase characters.
|
|
848
|
-
For weekly indexes ISO 8601 format is recommended, eg. logstash-%{+xxxx.ww}
|
|
856
|
+
For weekly indexes ISO 8601 format is recommended, eg. `logstash-%{+xxxx.ww}`.
|
|
849
857
|
Logstash uses
|
|
850
858
|
http://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html[Joda
|
|
851
859
|
formats] and the `@timestamp` field of each event is being used as source for the date.
|
|
@@ -190,8 +190,7 @@ module LogStash; module Outputs; class ElasticSearch;
|
|
|
190
190
|
|
|
191
191
|
return {} unless (api_key&.value)
|
|
192
192
|
|
|
193
|
-
value =
|
|
194
|
-
|
|
193
|
+
value = resolve_api_key(api_key.value)
|
|
195
194
|
{ "Authorization" => "ApiKey #{value}" }
|
|
196
195
|
end
|
|
197
196
|
|
|
@@ -212,6 +211,28 @@ module LogStash; module Outputs; class ElasticSearch;
|
|
|
212
211
|
url.match?(/\?[^\s#]+/) ? '&' : '?'
|
|
213
212
|
end
|
|
214
213
|
|
|
214
|
+
# Resolves the `api_key` value into the credential used in the
|
|
215
|
+
# `Authorization: ApiKey` header. An already base64-encoded key and an
|
|
216
|
+
# Elastic Cloud API key are used as-is; a raw `id:api_key` pair is
|
|
217
|
+
# base64-encoded. An unrecognized value is rejected so a malformed key
|
|
218
|
+
# surfaces at startup rather than as a later authentication failure.
|
|
219
|
+
def resolve_api_key(key_value)
|
|
220
|
+
if is_base64?(key_value) || cloud_api_key?(key_value)
|
|
221
|
+
key_value
|
|
222
|
+
elsif key_value.match?(/\A[^:]+:[^:]+\z/)
|
|
223
|
+
Base64.strict_encode64(key_value)
|
|
224
|
+
else
|
|
225
|
+
raise LogStash::ConfigurationError, "Invalid api_key format. Expected a base64-encoded key, an 'id:api_key' pair, or a Cloud API key (essu_ prefix)."
|
|
226
|
+
end
|
|
227
|
+
end
|
|
228
|
+
|
|
229
|
+
# Elastic Cloud API keys (such as the unified Serverless keys) are opaque
|
|
230
|
+
# tokens prefixed with `essu_` that Elasticsearch accepts verbatim in the
|
|
231
|
+
# `Authorization: ApiKey` header, with no base64 encoding.
|
|
232
|
+
def cloud_api_key?(string)
|
|
233
|
+
string.match?(/\Aessu_.+/)
|
|
234
|
+
end
|
|
235
|
+
|
|
215
236
|
def is_base64?(string)
|
|
216
237
|
begin
|
|
217
238
|
string == Base64.strict_encode64(Base64.strict_decode64(string))
|
|
@@ -16,7 +16,8 @@ module LogStash; module PluginMixins; module ElasticSearch
|
|
|
16
16
|
:password => { :validate => :password },
|
|
17
17
|
|
|
18
18
|
# Authenticate using Elasticsearch API key.
|
|
19
|
-
#
|
|
19
|
+
# Format is either the `id:api_key` pair (as returned by https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html[Create API key]),
|
|
20
|
+
# its base64-encoded form, or an https://www.elastic.co/docs/deploy-manage/api-keys/elastic-cloud-api-keys[Elastic Cloud API key] (prefixed with `essu_`) can be used.
|
|
20
21
|
:api_key => { :validate => :password },
|
|
21
22
|
|
|
22
23
|
# Cloud authentication string ("<username>:<password>" format) is an alternative for the `user`/`password` configuration.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-output-elasticsearch'
|
|
3
|
-
s.version = '
|
|
3
|
+
s.version = ::File.read('version').split("\n").first
|
|
4
4
|
s.licenses = ['apache-2.0']
|
|
5
5
|
s.summary = "Stores logs in Elasticsearch"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
|
|
|
12
12
|
s.platform = RUBY_PLATFORM
|
|
13
13
|
|
|
14
14
|
# Files
|
|
15
|
-
s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
|
|
15
|
+
s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "version", "docs/**/*"]
|
|
16
16
|
|
|
17
17
|
# Tests
|
|
18
18
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
|
@@ -62,6 +62,40 @@ describe LogStash::Outputs::ElasticSearch::HttpClientBuilder do
|
|
|
62
62
|
expect(api_key_header["Authorization"]).to eql(expected)
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
|
+
|
|
66
|
+
context "when api-key is an Elastic Cloud API key (essu_ prefix)" do
|
|
67
|
+
# The suffix is intentionally not canonical base64: a Cloud key is opaque
|
|
68
|
+
# and must be forwarded verbatim regardless of its payload encoding.
|
|
69
|
+
let(:api_key) { "essu_VFZGblZreFhTekJ4ZDB4M2NHUnZRMEU2YzNWd1pYSnpaV055WlhRPQ==AAAAAAAA" }
|
|
70
|
+
let(:api_key_secured) do
|
|
71
|
+
secured = double("api_key")
|
|
72
|
+
allow(secured).to receive(:value).and_return(api_key)
|
|
73
|
+
secured
|
|
74
|
+
end
|
|
75
|
+
let(:options) { { "api_key" => api_key_secured } }
|
|
76
|
+
let(:logger) { double("logger") }
|
|
77
|
+
let(:api_key_header) { klass.setup_api_key(logger, options) }
|
|
78
|
+
|
|
79
|
+
it "returns the cloud api-key header verbatim without re-encoding" do
|
|
80
|
+
expected = "ApiKey #{api_key}"
|
|
81
|
+
expect(api_key_header["Authorization"]).to eql(expected)
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
context "when api-key has an unrecognized format" do
|
|
86
|
+
let(:api_key) { "not-a-valid-key" }
|
|
87
|
+
let(:api_key_secured) do
|
|
88
|
+
secured = double("api_key")
|
|
89
|
+
allow(secured).to receive(:value).and_return(api_key)
|
|
90
|
+
secured
|
|
91
|
+
end
|
|
92
|
+
let(:options) { { "api_key" => api_key_secured } }
|
|
93
|
+
let(:logger) { double("logger") }
|
|
94
|
+
|
|
95
|
+
it "raises a configuration error" do
|
|
96
|
+
expect { klass.setup_api_key(logger, options) }.to raise_error(LogStash::ConfigurationError, /Invalid api_key format/)
|
|
97
|
+
end
|
|
98
|
+
end
|
|
65
99
|
end
|
|
66
100
|
|
|
67
101
|
describe "customizing action paths" do
|
data/version
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
12.1.5
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-output-elasticsearch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 12.1.
|
|
4
|
+
version: 12.1.5
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2026-
|
|
10
|
+
date: 2026-07-03 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: manticore
|
|
@@ -334,6 +334,7 @@ files:
|
|
|
334
334
|
- spec/unit/outputs/elasticsearch_ssl_spec.rb
|
|
335
335
|
- spec/unit/outputs/error_whitelist_spec.rb
|
|
336
336
|
- spec/unit/outputs/license_check_spec.rb
|
|
337
|
+
- version
|
|
337
338
|
homepage: https://www.elastic.co/guide/en/logstash/current/index.html
|
|
338
339
|
licenses:
|
|
339
340
|
- apache-2.0
|