logstash-output-http 5.4.1 → 5.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/docs/index.asciidoc +18 -0
- data/lib/logstash/outputs/http.rb +1 -1
- data/logstash-output-http.gemspec +2 -2
- data/spec/outputs/http_spec.rb +53 -114
- data/spec/spec_helper.rb +136 -0
- metadata +6 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 69cfc19c5b3ecafee365f0a532e6390f087d80aa6810d8e6dfd7b33dbc78457b
|
4
|
+
data.tar.gz: 01c64da9e9de7c6d69198d6ba84844729ef06449bc1858d7769f10c7ee89d417
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6489a0ec4a312b2e4dea006fdba7fd14ea51df714ce62ba1b344417d9147272454a46bf87031fc1ac878027acd0cd5be44e70b6f572d89599de08ebbecee35c5
|
7
|
+
data.tar.gz: a8c247a839589cf6df3cb11f7123b0f097905502127656cba405a7af5d6d4123e6684d113478d1781a99670ff7512562303ca5df30e78b13cb201b225f61b905
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
## 5.5.0
|
2
|
+
- Feat: added `ssl_supported_protocols` option [#131](https://github.com/logstash-plugins/logstash-output-http/pull/131)
|
3
|
+
|
1
4
|
## 5.4.1
|
2
5
|
- Fix retry indefinitely in termination process. This feature requires Logstash 8.1 [#129](https://github.com/logstash-plugins/logstash-output-http/pull/129)
|
3
6
|
- Docs: Add retry policy description [#130](https://github.com/logstash-plugins/logstash-output-http/pull/130)
|
data/docs/index.asciidoc
CHANGED
@@ -100,6 +100,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
100
100
|
| <<plugins-{type}s-{plugin}-retry_non_idempotent>> |<<boolean,boolean>>|No
|
101
101
|
| <<plugins-{type}s-{plugin}-retryable_codes>> |<<number,number>>|No
|
102
102
|
| <<plugins-{type}s-{plugin}-socket_timeout>> |<<number,number>>|No
|
103
|
+
| <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<string,string>>|No
|
103
104
|
| <<plugins-{type}s-{plugin}-ssl_verification_mode>> |<<string,string>>|No
|
104
105
|
| <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|No
|
105
106
|
| <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|No
|
@@ -378,6 +379,23 @@ See <<plugins-{type}s-{plugin}-retry_policy,Retry Policy>> for more information.
|
|
378
379
|
|
379
380
|
Timeout (in seconds) to wait for data on the socket. Default is `10s`
|
380
381
|
|
382
|
+
[id="plugins-{type}s-{plugin}-ssl_supported_protocols"]
|
383
|
+
===== `ssl_supported_protocols`
|
384
|
+
|
385
|
+
* Value type is <<string,string>>
|
386
|
+
* Allowed values are: `'TLSv1.1'`, `'TLSv1.2'`, `'TLSv1.3'`
|
387
|
+
* Default depends on the JDK being used. With up-to-date Logstash, the default is `['TLSv1.2', 'TLSv1.3']`.
|
388
|
+
`'TLSv1.1'` is not considered secure and is only provided for legacy applications.
|
389
|
+
|
390
|
+
List of allowed SSL/TLS versions to use when establishing a connection to the HTTP endpoint.
|
391
|
+
|
392
|
+
For Java 8 `'TLSv1.3'` is supported only since **8u262** (AdoptOpenJDK), but requires that you set the
|
393
|
+
`LS_JAVA_OPTS="-Djdk.tls.client.protocols=TLSv1.3"` system property in Logstash.
|
394
|
+
|
395
|
+
NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the one packaged with Logstash,
|
396
|
+
the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
|
397
|
+
the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
|
398
|
+
|
381
399
|
[id="plugins-{type}s-{plugin}-ssl_verification_mode"]
|
382
400
|
===== `ssl_verification_mode`
|
383
401
|
|
@@ -272,7 +272,7 @@ class LogStash::Outputs::Http < LogStash::Outputs::Base
|
|
272
272
|
:url => url,
|
273
273
|
:method => @http_method,
|
274
274
|
:message => exception.message,
|
275
|
-
:class => exception.class
|
275
|
+
:class => exception.class,
|
276
276
|
:will_retry => will_retry
|
277
277
|
}
|
278
278
|
if @logger.debug?
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'logstash-output-http'
|
3
|
-
s.version = '5.
|
3
|
+
s.version = '5.5.0'
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
5
5
|
s.summary = "Sends events to a generic HTTP or HTTPS endpoint"
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
|
|
20
20
|
|
21
21
|
# Gem dependencies
|
22
22
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
23
|
-
s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.
|
23
|
+
s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.2.0", "< 8.0.0"
|
24
24
|
|
25
25
|
s.add_development_dependency 'logstash-devutils'
|
26
26
|
s.add_development_dependency 'sinatra'
|
data/spec/outputs/http_spec.rb
CHANGED
@@ -1,109 +1,4 @@
|
|
1
|
-
require
|
2
|
-
require "logstash/outputs/http"
|
3
|
-
require "logstash/codecs/plain"
|
4
|
-
require "thread"
|
5
|
-
require "sinatra"
|
6
|
-
require "webrick"
|
7
|
-
require "webrick/https"
|
8
|
-
require 'openssl'
|
9
|
-
require_relative "../supports/compressed_requests"
|
10
|
-
|
11
|
-
PORT = rand(65535-1024) + 1025
|
12
|
-
|
13
|
-
class LogStash::Outputs::Http
|
14
|
-
attr_writer :agent
|
15
|
-
attr_reader :request_tokens
|
16
|
-
end
|
17
|
-
|
18
|
-
# note that Sinatra startup and shutdown messages are directly logged to stderr so
|
19
|
-
# it is not really possible to disable them without reopening stderr which is not advisable.
|
20
|
-
#
|
21
|
-
# == Sinatra (v1.4.6) has taken the stage on 51572 for development with backup from WEBrick
|
22
|
-
# == Sinatra has ended his set (crowd applauds)
|
23
|
-
#
|
24
|
-
class TestApp < Sinatra::Base
|
25
|
-
# on the fly uncompress gzip content
|
26
|
-
use CompressedRequests
|
27
|
-
|
28
|
-
set :environment, :production
|
29
|
-
set :sessions, false
|
30
|
-
|
31
|
-
@@server_settings = {
|
32
|
-
:AccessLog => [], # disable WEBrick logging
|
33
|
-
:Logger => WEBrick::BasicLog::new(nil, WEBrick::BasicLog::FATAL)
|
34
|
-
}
|
35
|
-
|
36
|
-
def self.server_settings
|
37
|
-
@@server_settings
|
38
|
-
end
|
39
|
-
|
40
|
-
def self.server_settings=(settings)
|
41
|
-
@@server_settings = settings
|
42
|
-
end
|
43
|
-
|
44
|
-
def self.multiroute(methods, path, &block)
|
45
|
-
methods.each do |method|
|
46
|
-
method.to_sym
|
47
|
-
self.send method, path, &block
|
48
|
-
end
|
49
|
-
end
|
50
|
-
|
51
|
-
def self.last_request=(request)
|
52
|
-
@last_request = request
|
53
|
-
end
|
54
|
-
|
55
|
-
def self.last_request
|
56
|
-
@last_request
|
57
|
-
end
|
58
|
-
|
59
|
-
def self.retry_fail_count=(count)
|
60
|
-
@retry_fail_count = count
|
61
|
-
end
|
62
|
-
|
63
|
-
def self.retry_fail_count()
|
64
|
-
@retry_fail_count || 2
|
65
|
-
end
|
66
|
-
|
67
|
-
multiroute(%w(get post put patch delete), "/good") do
|
68
|
-
self.class.last_request = request
|
69
|
-
[200, "YUP"]
|
70
|
-
end
|
71
|
-
|
72
|
-
multiroute(%w(get post put patch delete), "/bad") do
|
73
|
-
self.class.last_request = request
|
74
|
-
[400, "YUP"]
|
75
|
-
end
|
76
|
-
|
77
|
-
multiroute(%w(get post put patch delete), "/retry") do
|
78
|
-
self.class.last_request = request
|
79
|
-
|
80
|
-
if self.class.retry_fail_count > 0
|
81
|
-
self.class.retry_fail_count -= 1
|
82
|
-
[429, "Will succeed in #{self.class.retry_fail_count}"]
|
83
|
-
else
|
84
|
-
[200, "Done Retrying"]
|
85
|
-
end
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
RSpec.configure do
|
90
|
-
#http://stackoverflow.com/questions/6557079/start-and-call-ruby-http-server-in-the-same-script
|
91
|
-
def start_app_and_wait(app, opts = {})
|
92
|
-
queue = Queue.new
|
93
|
-
|
94
|
-
Thread.start do
|
95
|
-
begin
|
96
|
-
app.start!({ server: 'WEBrick', port: PORT }.merge opts) do |server|
|
97
|
-
queue.push(server)
|
98
|
-
end
|
99
|
-
rescue => e
|
100
|
-
warn "Error starting app: #{e.inspect}" # ignore
|
101
|
-
end
|
102
|
-
end
|
103
|
-
|
104
|
-
queue.pop # blocks until the start! callback runs
|
105
|
-
end
|
106
|
-
end
|
1
|
+
require File.expand_path('../spec_helper.rb', File.dirname(__FILE__))
|
107
2
|
|
108
3
|
describe LogStash::Outputs::Http do
|
109
4
|
# Wait for the async request to finish in this spinlock
|
@@ -520,24 +415,28 @@ describe LogStash::Outputs::Http do
|
|
520
415
|
end
|
521
416
|
end
|
522
417
|
|
523
|
-
describe LogStash::Outputs::Http do # different block as we're starting web server with TLS
|
418
|
+
RSpec.describe LogStash::Outputs::Http do # different block as we're starting web server with TLS
|
524
419
|
|
525
420
|
@@default_server_settings = TestApp.server_settings.dup
|
526
421
|
|
527
422
|
before do
|
528
|
-
|
529
|
-
TestApp.server_settings = @@default_server_settings.merge({
|
530
|
-
:SSLEnable => true,
|
531
|
-
:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
|
532
|
-
:SSLCertificate => cert,
|
533
|
-
:SSLPrivateKey => key
|
534
|
-
})
|
423
|
+
TestApp.server_settings = @@default_server_settings.merge(webrick_config)
|
535
424
|
|
536
425
|
TestApp.last_request = nil
|
537
426
|
|
538
427
|
@server = start_app_and_wait(TestApp)
|
539
428
|
end
|
540
429
|
|
430
|
+
let(:webrick_config) do
|
431
|
+
cert, key = WEBrick::Utils.create_self_signed_cert 2048, [["CN", ssl_cert_host]], "Logstash testing"
|
432
|
+
{
|
433
|
+
SSLEnable: true,
|
434
|
+
SSLVerifyClient: OpenSSL::SSL::VERIFY_NONE,
|
435
|
+
SSLCertificate: cert,
|
436
|
+
SSLPrivateKey: key
|
437
|
+
}
|
438
|
+
end
|
439
|
+
|
541
440
|
after do
|
542
441
|
@server.shutdown # WEBrick::HTTPServer
|
543
442
|
|
@@ -590,4 +489,44 @@ describe LogStash::Outputs::Http do # different block as we're starting web serv
|
|
590
489
|
|
591
490
|
end
|
592
491
|
|
492
|
+
context 'with supported_protocols set to (disabled) 1.1' do
|
493
|
+
|
494
|
+
let(:config) { super().merge 'ssl_supported_protocols' => ['TLSv1.1'], 'ssl_verification_mode' => 'none' }
|
495
|
+
|
496
|
+
it "keeps retrying due a protocol exception" do # TLSv1.1 not enabled by default
|
497
|
+
expect(subject).to receive(:log_failure).
|
498
|
+
with('Could not fetch URL', hash_including(message: 'No appropriate protocol (protocol is disabled or cipher suites are inappropriate)')).
|
499
|
+
at_least(:once)
|
500
|
+
Thread.start { subject.multi_receive [ event ] }
|
501
|
+
sleep 1.0
|
502
|
+
end
|
503
|
+
|
504
|
+
end unless tls_version_enabled_by_default?('TLSv1.1')
|
505
|
+
|
506
|
+
context 'with supported_protocols set to 1.2/1.3' do
|
507
|
+
|
508
|
+
let(:config) { super().merge 'ssl_supported_protocols' => ['TLSv1.2', 'TLSv1.3'], 'ssl_verification_mode' => 'none' }
|
509
|
+
|
510
|
+
let(:webrick_config) { super().merge SSLVersion: 'TLSv1.2' }
|
511
|
+
|
512
|
+
it "should process the request" do
|
513
|
+
subject.multi_receive [ event ]
|
514
|
+
expect(last_request_body).to include '"message":"hello!"'
|
515
|
+
end
|
516
|
+
|
517
|
+
end
|
518
|
+
|
519
|
+
context 'with supported_protocols set to 1.3' do
|
520
|
+
|
521
|
+
let(:config) { super().merge 'ssl_supported_protocols' => ['TLSv1.3'], 'ssl_verification_mode' => 'none' }
|
522
|
+
|
523
|
+
let(:webrick_config) { super().merge SSLVersion: 'TLSv1.3' }
|
524
|
+
|
525
|
+
it "should process the request" do
|
526
|
+
subject.multi_receive [ event ]
|
527
|
+
expect(last_request_body).to include '"message":"hello!"'
|
528
|
+
end
|
529
|
+
|
530
|
+
end if tls_version_enabled_by_default?('TLSv1.3') && JOpenSSL::VERSION > '0.12' # due WEBrick uses OpenSSL
|
531
|
+
|
593
532
|
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,136 @@
|
|
1
|
+
require "logstash/devutils/rspec/spec_helper"
|
2
|
+
require "logstash/outputs/http"
|
3
|
+
require "logstash/codecs/plain"
|
4
|
+
|
5
|
+
require "thread"
|
6
|
+
require "sinatra"
|
7
|
+
require "webrick"
|
8
|
+
require "webrick/https"
|
9
|
+
require 'openssl'
|
10
|
+
|
11
|
+
require "supports/compressed_requests"
|
12
|
+
|
13
|
+
PORT = rand(65535-1024) + 1025
|
14
|
+
|
15
|
+
class LogStash::Outputs::Http
|
16
|
+
attr_writer :agent
|
17
|
+
attr_reader :request_tokens
|
18
|
+
end
|
19
|
+
|
20
|
+
# NOTE: extend WEBrick with support for config[:SSLVersion]
|
21
|
+
WEBrick::GenericServer.class_eval do
|
22
|
+
alias_method :__setup_ssl_context, :setup_ssl_context
|
23
|
+
|
24
|
+
def setup_ssl_context(config)
|
25
|
+
ctx = __setup_ssl_context(config)
|
26
|
+
ctx.ssl_version = config[:SSLVersion] if config[:SSLVersion]
|
27
|
+
ctx
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
|
32
|
+
# note that Sinatra startup and shutdown messages are directly logged to stderr so
|
33
|
+
# it is not really possible to disable them without reopening stderr which is not advisable.
|
34
|
+
#
|
35
|
+
# == Sinatra (v1.4.6) has taken the stage on 51572 for development with backup from WEBrick
|
36
|
+
# == Sinatra has ended his set (crowd applauds)
|
37
|
+
#
|
38
|
+
class TestApp < Sinatra::Base
|
39
|
+
# on the fly uncompress gzip content
|
40
|
+
use CompressedRequests
|
41
|
+
|
42
|
+
set :environment, :production
|
43
|
+
set :sessions, false
|
44
|
+
|
45
|
+
@@server_settings = {
|
46
|
+
:AccessLog => [], # disable WEBrick logging
|
47
|
+
:Logger => WEBrick::BasicLog::new(nil, WEBrick::BasicLog::FATAL)
|
48
|
+
}
|
49
|
+
|
50
|
+
def self.server_settings
|
51
|
+
@@server_settings
|
52
|
+
end
|
53
|
+
|
54
|
+
def self.server_settings=(settings)
|
55
|
+
@@server_settings = settings
|
56
|
+
end
|
57
|
+
|
58
|
+
def self.multiroute(methods, path, &block)
|
59
|
+
methods.each do |method|
|
60
|
+
method.to_sym
|
61
|
+
self.send method, path, &block
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def self.last_request=(request)
|
66
|
+
@last_request = request
|
67
|
+
end
|
68
|
+
|
69
|
+
def self.last_request
|
70
|
+
@last_request
|
71
|
+
end
|
72
|
+
|
73
|
+
def self.retry_fail_count=(count)
|
74
|
+
@retry_fail_count = count
|
75
|
+
end
|
76
|
+
|
77
|
+
def self.retry_fail_count()
|
78
|
+
@retry_fail_count || 2
|
79
|
+
end
|
80
|
+
|
81
|
+
multiroute(%w(get post put patch delete), "/good") do
|
82
|
+
self.class.last_request = request
|
83
|
+
[200, "YUP"]
|
84
|
+
end
|
85
|
+
|
86
|
+
multiroute(%w(get post put patch delete), "/bad") do
|
87
|
+
self.class.last_request = request
|
88
|
+
[400, "YUP"]
|
89
|
+
end
|
90
|
+
|
91
|
+
multiroute(%w(get post put patch delete), "/retry") do
|
92
|
+
self.class.last_request = request
|
93
|
+
|
94
|
+
if self.class.retry_fail_count > 0
|
95
|
+
self.class.retry_fail_count -= 1
|
96
|
+
[429, "Will succeed in #{self.class.retry_fail_count}"]
|
97
|
+
else
|
98
|
+
[200, "Done Retrying"]
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
RSpec.configure do |config|
|
104
|
+
#http://stackoverflow.com/questions/6557079/start-and-call-ruby-http-server-in-the-same-script
|
105
|
+
def start_app_and_wait(app, opts = {})
|
106
|
+
queue = Queue.new
|
107
|
+
|
108
|
+
Thread.start do
|
109
|
+
begin
|
110
|
+
app.start!({ server: 'WEBrick', port: PORT }.merge opts) do |server|
|
111
|
+
yield(server) if block_given?
|
112
|
+
queue.push(server)
|
113
|
+
end
|
114
|
+
rescue => e
|
115
|
+
warn "Error starting app: #{e.inspect}" # ignore
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
queue.pop # blocks until the start! callback runs
|
120
|
+
end
|
121
|
+
|
122
|
+
config.extend(Module.new do
|
123
|
+
|
124
|
+
def tls_version_enabled_by_default?(tls_version)
|
125
|
+
begin
|
126
|
+
context = javax.net.ssl.SSLContext.getInstance('TLS')
|
127
|
+
context.init nil, nil, nil
|
128
|
+
context.getDefaultSSLParameters.getProtocols.include? tls_version.to_s
|
129
|
+
rescue => e
|
130
|
+
warn "#{__method__} failed : #{e.inspect}"
|
131
|
+
nil
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
end)
|
136
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-output-http
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.
|
4
|
+
version: 5.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-03-
|
11
|
+
date: 2022-03-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -35,7 +35,7 @@ dependencies:
|
|
35
35
|
requirements:
|
36
36
|
- - ">="
|
37
37
|
- !ruby/object:Gem::Version
|
38
|
-
version: 7.
|
38
|
+
version: 7.2.0
|
39
39
|
- - "<"
|
40
40
|
- !ruby/object:Gem::Version
|
41
41
|
version: 8.0.0
|
@@ -46,7 +46,7 @@ dependencies:
|
|
46
46
|
requirements:
|
47
47
|
- - ">="
|
48
48
|
- !ruby/object:Gem::Version
|
49
|
-
version: 7.
|
49
|
+
version: 7.2.0
|
50
50
|
- - "<"
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: 8.0.0
|
@@ -110,6 +110,7 @@ files:
|
|
110
110
|
- lib/logstash/outputs/http.rb
|
111
111
|
- logstash-output-http.gemspec
|
112
112
|
- spec/outputs/http_spec.rb
|
113
|
+
- spec/spec_helper.rb
|
113
114
|
- spec/supports/compressed_requests.rb
|
114
115
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
115
116
|
licenses:
|
@@ -138,4 +139,5 @@ specification_version: 4
|
|
138
139
|
summary: Sends events to a generic HTTP or HTTPS endpoint
|
139
140
|
test_files:
|
140
141
|
- spec/outputs/http_spec.rb
|
142
|
+
- spec/spec_helper.rb
|
141
143
|
- spec/supports/compressed_requests.rb
|