logstash-output-http 5.2.5 → 5.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/docs/index.asciidoc +17 -0
  4. data/lib/logstash/outputs/http.rb +4 -3
  5. data/logstash-output-http.gemspec +2 -2
  6. data/spec/outputs/http_spec.rb +107 -21
  7. metadata +5 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7bc2a004219fe6c466a5d60b24de18d1e70e8350da5f204279e43bdc0205b24a
4
- data.tar.gz: a3e44b45451030f4ba285df7875b418ef043df81e0689230b20a3de295484cde
3
+ metadata.gz: 58ad383035622e8cc13441e89147871f55669f22ff22835a0d6db9a87d1ab185
4
+ data.tar.gz: 28498a16c1ee3fefcf87cb6990ca99a90be82cb3e73438dc8a564d171a3bcc9f
5
5
  SHA512:
6
- metadata.gz: d9d08edfc5f3cb590177d1b529b30fde4e7fc4ed3ee70bca99dcd2e0c4cdb01cb91f90d5deb0fb60efc6ce3e632ff7db2bcb82890c4f7ad6a08a576c209f9fd9
7
- data.tar.gz: 79c522bf0c7be7dd4d60abccef78eb52dd52f8f3a3cd30fd141941aef6e1288ea5e5249fe718fbf4452b2f81a8f09d168ffabba7ecc2a6b374a9f25cedf886a4
6
+ metadata.gz: a14293accaea16058469ad4e2c92b759b8686fee8b068f31dd3d8984679260cb32c080287f08e02e9c2ac60ca84c8129fbe042eb76ca69333959cc07da50d6ae
7
+ data.tar.gz: e92646b17dbe8662d707526cb983f898bfa80392662bfe0658ad8abb80e0b786acbc24e73bce98e6621a8b99b75e90bede275cd7162da2a3b9137e93954525dc
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 5.3.0
2
+ - Feat: support ssl_verification_mode option [#126](https://github.com/logstash-plugins/logstash-output-http/pull/126)
3
+
1
4
  ## 5.2.5
2
5
  - Reduce amount of default logging on a failed request [#122](https://github.com/logstash-plugins/logstash-output-http/pull/122)
3
6
 
data/docs/index.asciidoc CHANGED
@@ -66,6 +66,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
66
66
  | <<plugins-{type}s-{plugin}-retry_non_idempotent>> |<<boolean,boolean>>|No
67
67
  | <<plugins-{type}s-{plugin}-retryable_codes>> |<<number,number>>|No
68
68
  | <<plugins-{type}s-{plugin}-socket_timeout>> |<<number,number>>|No
69
+ | <<plugins-{type}s-{plugin}-ssl_verification_mode>> |<<string,string>>|No
69
70
  | <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|No
70
71
  | <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|No
71
72
  | <<plugins-{type}s-{plugin}-truststore_type>> |<<string,string>>|No
@@ -337,6 +338,22 @@ If encountered as response codes this plugin will retry these requests
337
338
 
338
339
  Timeout (in seconds) to wait for data on the socket. Default is `10s`
339
340
 
341
+ [id="plugins-{type}s-{plugin}-ssl_verification_mode"]
342
+ ===== `ssl_verification_mode`
343
+
344
+ * Value type is <<string,string>>
345
+ * Supported values are: `full`, `none`
346
+ * Default value is `full`
347
+
348
+ Controls the verification of server certificates.
349
+ The `full` option verifies that the provided certificate is signed by a trusted authority (CA)
350
+ and also that the server’s hostname (or IP address) matches the names identified within the certificate.
351
+
352
+ The `none` setting performs no verification of the server’s certificate.
353
+ This mode disables many of the security benefits of SSL/TLS and should only be used after cautious consideration.
354
+ It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors.
355
+ Using `none` in production environments is strongly discouraged.
356
+
340
357
  [id="plugins-{type}s-{plugin}-truststore"]
341
358
  ===== `truststore`
342
359
 
data/lib/logstash/outputs/http.rb CHANGED
@@ -138,10 +138,11 @@ class LogStash::Outputs::Http < LogStash::Outputs::Base
138
138
  end
139
139
 
140
140
  def log_retryable_response(response)
141
+ retry_msg = @retry_failed ? 'will retry' : "won't retry"
141
142
  if (response.code == 429)
142
- @logger.debug? && @logger.debug("Encountered a 429 response, will retry. This is not serious, just flow control via HTTP")
143
+ @logger.debug? && @logger.debug("Encountered a 429 response, #{retry_msg}. This is not serious, just flow control via HTTP")
143
144
  else
144
- @logger.warn("Encountered a retryable HTTP request in HTTP output, will retry", :code => response.code, :body => response.body)
145
+ @logger.warn("Encountered a retryable HTTP request in HTTP output, #{retry_msg}", :code => response.code, :body => response.body)
145
146
  end
146
147
  end
147
148
 
@@ -299,7 +300,7 @@ class LogStash::Outputs::Http < LogStash::Outputs::Base
299
300
 
300
301
  # This is split into a separate method mostly to help testing
301
302
  def log_failure(message, opts)
302
- @logger.error("[HTTP Output Failure] #{message}", opts)
303
+ @logger.error(message, opts)
303
304
  end
304
305
 
305
306
  # Format the HTTP body
data/logstash-output-http.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-output-http'
3
- s.version = '5.2.5'
3
+ s.version = '5.3.0'
4
4
  s.licenses = ['Apache License (2.0)']
5
5
  s.summary = "Sends events to a generic HTTP or HTTPS endpoint"
6
6
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
20
20
 
21
21
  # Gem dependencies
22
22
  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
23
- s.add_runtime_dependency "logstash-mixin-http_client", ">= 6.0.0", "< 8.0.0"
23
+ s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.1.0", "< 8.0.0"
24
24
 
25
25
  s.add_development_dependency 'logstash-devutils'
26
26
  s.add_development_dependency 'sinatra'
data/spec/outputs/http_spec.rb CHANGED
@@ -3,6 +3,9 @@ require "logstash/outputs/http"
3
3
  require "logstash/codecs/plain"
4
4
  require "thread"
5
5
  require "sinatra"
6
+ require "webrick"
7
+ require "webrick/https"
8
+ require 'openssl'
6
9
  require_relative "../supports/compressed_requests"
7
10
 
8
11
  PORT = rand(65535-1024) + 1025
@@ -22,9 +25,20 @@ class TestApp < Sinatra::Base
22
25
  # on the fly uncompress gzip content
23
26
  use CompressedRequests
24
27
 
25
- # disable WEBrick logging
28
+ set :environment, :production
29
+ set :sessions, false
30
+
31
+ @@server_settings = {
32
+ :AccessLog => [], # disable WEBrick logging
33
+ :Logger => WEBrick::BasicLog::new(nil, WEBrick::BasicLog::FATAL)
34
+ }
35
+
26
36
  def self.server_settings
27
- { :AccessLog => [], :Logger => WEBrick::BasicLog::new(nil, WEBrick::BasicLog::FATAL) }
37
+ @@server_settings
38
+ end
39
+
40
+ def self.server_settings=(settings)
41
+ @@server_settings = settings
28
42
  end
29
43
 
30
44
  def self.multiroute(methods, path, &block)
@@ -72,31 +86,22 @@ class TestApp < Sinatra::Base
72
86
  end
73
87
  end
74
88
 
75
- RSpec.configure do |config|
89
+ RSpec.configure do
76
90
  #http://stackoverflow.com/questions/6557079/start-and-call-ruby-http-server-in-the-same-script
77
- def sinatra_run_wait(app, opts)
91
+ def start_app_and_wait(app, opts = {})
78
92
  queue = Queue.new
79
93
 
80
- t = java.lang.Thread.new(
81
- proc do
82
- begin
83
- app.run!(opts) do |server|
84
- queue.push("started")
85
- end
86
- rescue => e
87
- puts "Error in webserver thread #{e}"
88
- # ignore
94
+ Thread.start do
95
+ begin
96
+ app.start!({ server: 'WEBrick', port: PORT }.merge opts) do |server|
97
+ queue.push(server)
89
98
  end
99
+ rescue => e
100
+ warn "Error starting app: #{e.inspect}" # ignore
90
101
  end
91
- )
92
- t.daemon = true
93
- t.start
94
- queue.pop # blocks until the run! callback runs
95
- end
102
+ end
96
103
 
97
- config.before(:suite) do
98
- sinatra_run_wait(TestApp, :port => PORT, :server => 'webrick')
99
- puts "Test webserver on port #{PORT}"
104
+ queue.pop # blocks until the start! callback runs
100
105
  end
101
106
  end
102
107
 
@@ -104,6 +109,15 @@ describe LogStash::Outputs::Http do
104
109
  # Wait for the async request to finish in this spinlock
105
110
  # Requires pool_max to be 1
106
111
 
112
+ before(:all) do
113
+ @server = start_app_and_wait(TestApp)
114
+ end
115
+
116
+ after(:all) do
117
+ @server.shutdown # WEBrick::HTTPServer
118
+ TestApp.stop! rescue nil
119
+ end
120
+
107
121
  let(:port) { PORT }
108
122
  let(:event) {
109
123
  LogStash::Event.new({"message" => "hi"})
@@ -398,3 +412,75 @@ describe LogStash::Outputs::Http do
398
412
  end
399
413
  end
400
414
  end
415
+
416
+ describe LogStash::Outputs::Http do # different block as we're starting web server with TLS
417
+
418
+ @@default_server_settings = TestApp.server_settings.dup
419
+
420
+ before do
421
+ cert, key = WEBrick::Utils.create_self_signed_cert 2048, [["CN", ssl_cert_host]], "Logstash testing"
422
+ TestApp.server_settings = @@default_server_settings.merge({
423
+ :SSLEnable => true,
424
+ :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
425
+ :SSLCertificate => cert,
426
+ :SSLPrivateKey => key
427
+ })
428
+
429
+ TestApp.last_request = nil
430
+
431
+ @server = start_app_and_wait(TestApp)
432
+ end
433
+
434
+ after do
435
+ @server.shutdown # WEBrick::HTTPServer
436
+
437
+ TestApp.stop! rescue nil
438
+ TestApp.server_settings = @@default_server_settings
439
+ end
440
+
441
+ let(:ssl_cert_host) { 'localhost' }
442
+
443
+ let(:port) { PORT }
444
+ let(:url) { "https://localhost:#{port}/good" }
445
+ let(:method) { "post" }
446
+
447
+ let(:config) { { "url" => url, "http_method" => method } }
448
+
449
+ subject { LogStash::Outputs::Http.new(config) }
450
+
451
+ before { subject.register }
452
+ after { subject.close }
453
+
454
+ let(:last_request) { TestApp.last_request }
455
+ let(:last_request_body) { last_request.body.read }
456
+
457
+ let(:event) { LogStash::Event.new("message" => "hello!") }
458
+
459
+ context 'with default (full) verification' do
460
+
461
+ let(:config) { super() } # 'ssl_verification_mode' => 'full'
462
+
463
+ it "does NOT process the request (due client protocol exception)" do
464
+ # Manticore's default verification does not accept self-signed certificates!
465
+ Thread.start do
466
+ subject.multi_receive [ event ]
467
+ end
468
+ sleep 1.5
469
+
470
+ expect(last_request).to be nil
471
+ end
472
+
473
+ end
474
+
475
+ context 'with verification disabled' do
476
+
477
+ let(:config) { super().merge 'ssl_verification_mode' => 'none' }
478
+
479
+ it "should process the request" do
480
+ subject.multi_receive [ event ]
481
+ expect(last_request_body).to include '"message":"hello!"'
482
+ end
483
+
484
+ end
485
+
486
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-output-http
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.5
4
+ version: 5.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-27 00:00:00.000000000 Z
11
+ date: 2022-02-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -35,7 +35,7 @@ dependencies:
35
35
  requirements:
36
36
  - - ">="
37
37
  - !ruby/object:Gem::Version
38
- version: 6.0.0
38
+ version: 7.1.0
39
39
  - - "<"
40
40
  - !ruby/object:Gem::Version
41
41
  version: 8.0.0
@@ -46,7 +46,7 @@ dependencies:
46
46
  requirements:
47
47
  - - ">="
48
48
  - !ruby/object:Gem::Version
49
- version: 6.0.0
49
+ version: 7.1.0
50
50
  - - "<"
51
51
  - !ruby/object:Gem::Version
52
52
  version: 8.0.0
@@ -132,8 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
132
132
  - !ruby/object:Gem::Version
133
133
  version: '0'
134
134
  requirements: []
135
- rubyforge_project:
136
- rubygems_version: 2.6.13
135
+ rubygems_version: 3.1.6
137
136
  signing_key:
138
137
  specification_version: 4
139
138
  summary: Sends events to a generic HTTP or HTTPS endpoint