logstash-output-http 5.4.1 → 5.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/docs/index.asciidoc +133 -11
- data/lib/logstash/outputs/http.rb +2 -2
- data/logstash-output-http.gemspec +2 -2
- data/spec/outputs/http_spec.rb +53 -114
- data/spec/spec_helper.rb +136 -0
- metadata +7 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 652d47afcc760258e4dd50ff4ecc7c5418e0e8b70a07e72e23e8c62bde080158
|
4
|
+
data.tar.gz: 38ecc6f8941d7e6690967d8601a39d43f365add3df4a5be3d553b5db3427ba44
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a1f800d614b94d7c86fd1b00a3334c444ece5b44ac47937789d400ec033705b816f05c2f2f0a8f204a1badb0b7c1e885f4ce54be8a1ce89377a9d2ab526c74aa
|
7
|
+
data.tar.gz: 047f61872bf497e485658acf016d55af655bbdaa3a04a5e521036a20e8b50ccb2ef5a89699d7879aa387030b0d6f1efcb08fc4ed69f92cb97f419a66aa15cb69
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,14 @@
|
|
1
|
+
## 5.6.0
|
2
|
+
- Added standardized SSL settings and deprecates their non-standard counterparts. Deprecated settings will continue to work, and will provide pipeline maintainers with guidance toward using their standardized counterparts [#140](https://github.com/logstash-plugins/logstash-output-http/pull/140)
|
3
|
+
- Added new `ssl_truststore_path`, `ssl_truststore_password`, and `ssl_truststore_type` settings for configuring SSL-trust using a PKCS-12 or JKS trust store, deprecating their `truststore`, `truststore_password`, and `truststore_type` counterparts.
|
4
|
+
- Added new `ssl_certificate_authorities` setting for configuring SSL-trust using a PEM-formatted list certificate authorities, deprecating its `cacert` counterpart.
|
5
|
+
- Added new `ssl_keystore_path`, `ssl_keystore_password`, and `ssl_keystore_type` settings for configuring SSL-identity using a PKCS-12 or JKS key store, deprecating their `keystore`, `keystore_password`, and `keystore_type` counterparts.
|
6
|
+
- Added new `ssl_certificate` and `ssl_key` settings for configuring SSL-identity using a PEM-formatted certificate/key pair, deprecating their `client_cert` and `client_key` counterparts.
|
7
|
+
- Added the `ssl_cipher_suites` option
|
8
|
+
|
9
|
+
## 5.5.0
|
10
|
+
- Feat: added `ssl_supported_protocols` option [#131](https://github.com/logstash-plugins/logstash-output-http/pull/131)
|
11
|
+
|
1
12
|
## 5.4.1
|
2
13
|
- Fix retry indefinitely in termination process. This feature requires Logstash 8.1 [#129](https://github.com/logstash-plugins/logstash-output-http/pull/129)
|
3
14
|
- Docs: Add retry policy description [#130](https://github.com/logstash-plugins/logstash-output-http/pull/130)
|
data/docs/index.asciidoc
CHANGED
@@ -74,9 +74,9 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
74
74
|
|=======================================================================
|
75
75
|
|Setting |Input type|Required
|
76
76
|
| <<plugins-{type}s-{plugin}-automatic_retries>> |<<number,number>>|No
|
77
|
-
| <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|
|
78
|
-
| <<plugins-{type}s-{plugin}-client_cert>> |a valid filesystem path|
|
79
|
-
| <<plugins-{type}s-{plugin}-client_key>> |a valid filesystem path|
|
77
|
+
| <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|__Deprecated__
|
78
|
+
| <<plugins-{type}s-{plugin}-client_cert>> |a valid filesystem path|__Deprecated__
|
79
|
+
| <<plugins-{type}s-{plugin}-client_key>> |a valid filesystem path|__Deprecated__
|
80
80
|
| <<plugins-{type}s-{plugin}-connect_timeout>> |<<number,number>>|No
|
81
81
|
| <<plugins-{type}s-{plugin}-content_type>> |<<string,string>>|No
|
82
82
|
| <<plugins-{type}s-{plugin}-cookies>> |<<boolean,boolean>>|No
|
@@ -87,9 +87,9 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
87
87
|
| <<plugins-{type}s-{plugin}-http_method>> |<<string,string>>, one of `["put", "post", "patch", "delete", "get", "head"]`|Yes
|
88
88
|
| <<plugins-{type}s-{plugin}-ignorable_codes>> |<<number,number>>|No
|
89
89
|
| <<plugins-{type}s-{plugin}-keepalive>> |<<boolean,boolean>>|No
|
90
|
-
| <<plugins-{type}s-{plugin}-keystore>> |a valid filesystem path|
|
91
|
-
| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|
|
92
|
-
| <<plugins-{type}s-{plugin}-keystore_type>> |<<string,string>>|
|
90
|
+
| <<plugins-{type}s-{plugin}-keystore>> |a valid filesystem path|__Deprecated__
|
91
|
+
| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|__Deprecated__
|
92
|
+
| <<plugins-{type}s-{plugin}-keystore_type>> |<<string,string>>|__Deprecated__
|
93
93
|
| <<plugins-{type}s-{plugin}-mapping>> |<<hash,hash>>|No
|
94
94
|
| <<plugins-{type}s-{plugin}-message>> |<<string,string>>|No
|
95
95
|
| <<plugins-{type}s-{plugin}-pool_max>> |<<number,number>>|No
|
@@ -100,10 +100,20 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
100
100
|
| <<plugins-{type}s-{plugin}-retry_non_idempotent>> |<<boolean,boolean>>|No
|
101
101
|
| <<plugins-{type}s-{plugin}-retryable_codes>> |<<number,number>>|No
|
102
102
|
| <<plugins-{type}s-{plugin}-socket_timeout>> |<<number,number>>|No
|
103
|
-
| <<plugins-{type}s-{plugin}-
|
104
|
-
| <<plugins-{type}s-{plugin}-
|
105
|
-
| <<plugins-{type}s-{plugin}-
|
106
|
-
| <<plugins-{type}s-{plugin}-
|
103
|
+
| <<plugins-{type}s-{plugin}-ssl_certificate>> |<<path,path>>|No
|
104
|
+
| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |list of <<path,path>>|No
|
105
|
+
| <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |list of <<string,string>>|No
|
106
|
+
| <<plugins-{type}s-{plugin}-ssl_keystore_password>> |<<password,password>>|No
|
107
|
+
| <<plugins-{type}s-{plugin}-ssl_keystore_path>> |<<path,path>>|No
|
108
|
+
| <<plugins-{type}s-{plugin}-ssl_keystore_type>> |<<string,string>>|No
|
109
|
+
| <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<string,string>>|No
|
110
|
+
| <<plugins-{type}s-{plugin}-ssl_truststore_password>> |<<password,password>>|No
|
111
|
+
| <<plugins-{type}s-{plugin}-ssl_truststore_path>> |<<path,path>>|No
|
112
|
+
| <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
|
113
|
+
| <<plugins-{type}s-{plugin}-ssl_verification_mode>> |<<string,string>>, one of `["full", "none"]`|No
|
114
|
+
| <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|__Deprecated__
|
115
|
+
| <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|__Deprecated__
|
116
|
+
| <<plugins-{type}s-{plugin}-truststore_type>> |<<string,string>>|__Deprecated__
|
107
117
|
| <<plugins-{type}s-{plugin}-url>> |<<string,string>>|Yes
|
108
118
|
| <<plugins-{type}s-{plugin}-validate_after_inactivity>> |<<number,number>>|No
|
109
119
|
|=======================================================================
|
@@ -126,6 +136,7 @@ See <<plugins-{type}s-{plugin}-retry_policy,Retry Policy>> for more information.
|
|
126
136
|
|
127
137
|
[id="plugins-{type}s-{plugin}-cacert"]
|
128
138
|
===== `cacert`
|
139
|
+
deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>]
|
129
140
|
|
130
141
|
* Value type is <<path,path>>
|
131
142
|
* There is no default value for this setting.
|
@@ -134,6 +145,7 @@ If you need to use a custom X.509 CA (.pem certs) specify the path to that here
|
|
134
145
|
|
135
146
|
[id="plugins-{type}s-{plugin}-client_cert"]
|
136
147
|
===== `client_cert`
|
148
|
+
deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate>>]
|
137
149
|
|
138
150
|
* Value type is <<path,path>>
|
139
151
|
* There is no default value for this setting.
|
@@ -142,6 +154,7 @@ If you'd like to use a client certificate (note, most people don't want this) se
|
|
142
154
|
|
143
155
|
[id="plugins-{type}s-{plugin}-client_key"]
|
144
156
|
===== `client_key`
|
157
|
+
deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_key>>]
|
145
158
|
|
146
159
|
* Value type is <<path,path>>
|
147
160
|
* There is no default value for this setting.
|
@@ -253,6 +266,7 @@ one with this to fix interactions with broken keepalive implementations.
|
|
253
266
|
|
254
267
|
[id="plugins-{type}s-{plugin}-keystore"]
|
255
268
|
===== `keystore`
|
269
|
+
deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_path>>]
|
256
270
|
|
257
271
|
* Value type is <<path,path>>
|
258
272
|
* There is no default value for this setting.
|
@@ -261,6 +275,7 @@ If you need to use a custom keystore (`.jks`) specify that here. This does not w
|
|
261
275
|
|
262
276
|
[id="plugins-{type}s-{plugin}-keystore_password"]
|
263
277
|
===== `keystore_password`
|
278
|
+
deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_password>>]
|
264
279
|
|
265
280
|
* Value type is <<password,password>>
|
266
281
|
* There is no default value for this setting.
|
@@ -269,7 +284,8 @@ Specify the keystore password here.
|
|
269
284
|
Note, most .jks files created with keytool require a password!
|
270
285
|
|
271
286
|
[id="plugins-{type}s-{plugin}-keystore_type"]
|
272
|
-
===== `keystore_type`
|
287
|
+
===== `keystore_type`
|
288
|
+
deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_type>>]
|
273
289
|
|
274
290
|
* Value type is <<string,string>>
|
275
291
|
* Default value is `"JKS"`
|
@@ -378,6 +394,109 @@ See <<plugins-{type}s-{plugin}-retry_policy,Retry Policy>> for more information.
|
|
378
394
|
|
379
395
|
Timeout (in seconds) to wait for data on the socket. Default is `10s`
|
380
396
|
|
397
|
+
[id="plugins-{type}s-{plugin}-ssl_certificate"]
|
398
|
+
===== `ssl_certificate`
|
399
|
+
* Value type is <<path,path>>
|
400
|
+
* There is no default value for this setting.
|
401
|
+
|
402
|
+
SSL certificate to use to authenticate the client. This certificate should be an OpenSSL-style X.509 certificate file.
|
403
|
+
|
404
|
+
NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-ssl_key>> is set.
|
405
|
+
|
406
|
+
[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
|
407
|
+
===== `ssl_certificate_authorities`
|
408
|
+
|
409
|
+
* Value type is a list of <<path,path>>
|
410
|
+
* There is no default value for this setting
|
411
|
+
|
412
|
+
The .cer or .pem CA files to validate the server's certificate.
|
413
|
+
|
414
|
+
[id="plugins-{type}s-{plugin}-ssl_cipher_suites"]
|
415
|
+
===== `ssl_cipher_suites`
|
416
|
+
|
417
|
+
* Value type is a list of <<string,string>>
|
418
|
+
* There is no default value for this setting
|
419
|
+
|
420
|
+
The list of cipher suites to use, listed by priorities.
|
421
|
+
Supported cipher suites vary depending on the Java and protocol versions.
|
422
|
+
|
423
|
+
[id="plugins-{type}s-{plugin}-ssl_key"]
|
424
|
+
===== `ssl_key`
|
425
|
+
|
426
|
+
* Value type is <<path,path>>
|
427
|
+
* There is no default value for this setting.
|
428
|
+
|
429
|
+
OpenSSL-style RSA private key that corresponds to the <<plugins-{type}s-{plugin}-ssl_certificate>>.
|
430
|
+
|
431
|
+
NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-ssl_certificate>> is set.
|
432
|
+
|
433
|
+
[id="plugins-{type}s-{plugin}-ssl_keystore_password"]
|
434
|
+
===== `ssl_keystore_password`
|
435
|
+
|
436
|
+
* Value type is <<password,password>>
|
437
|
+
* There is no default value for this setting.
|
438
|
+
|
439
|
+
Set the keystore password
|
440
|
+
|
441
|
+
[id="plugins-{type}s-{plugin}-ssl_keystore_path"]
|
442
|
+
===== `ssl_keystore_path`
|
443
|
+
|
444
|
+
* Value type is <<path,path>>
|
445
|
+
* There is no default value for this setting.
|
446
|
+
|
447
|
+
The keystore used to present a certificate to the server.
|
448
|
+
It can be either `.jks` or `.p12`
|
449
|
+
|
450
|
+
[id="plugins-{type}s-{plugin}-ssl_keystore_type"]
|
451
|
+
===== `ssl_keystore_type`
|
452
|
+
|
453
|
+
* Value can be any of: `jks`, `pkcs12`
|
454
|
+
* If not provided, the value will be inferred from the keystore filename.
|
455
|
+
|
456
|
+
The format of the keystore file. It must be either `jks` or `pkcs12`.
|
457
|
+
|
458
|
+
[id="plugins-{type}s-{plugin}-ssl_supported_protocols"]
|
459
|
+
===== `ssl_supported_protocols`
|
460
|
+
|
461
|
+
* Value type is <<string,string>>
|
462
|
+
* Allowed values are: `'TLSv1.1'`, `'TLSv1.2'`, `'TLSv1.3'`
|
463
|
+
* Default depends on the JDK being used. With up-to-date Logstash, the default is `['TLSv1.2', 'TLSv1.3']`.
|
464
|
+
`'TLSv1.1'` is not considered secure and is only provided for legacy applications.
|
465
|
+
|
466
|
+
List of allowed SSL/TLS versions to use when establishing a connection to the HTTP endpoint.
|
467
|
+
|
468
|
+
For Java 8 `'TLSv1.3'` is supported only since **8u262** (AdoptOpenJDK), but requires that you set the
|
469
|
+
`LS_JAVA_OPTS="-Djdk.tls.client.protocols=TLSv1.3"` system property in Logstash.
|
470
|
+
|
471
|
+
NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the one packaged with Logstash,
|
472
|
+
the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
|
473
|
+
the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
|
474
|
+
|
475
|
+
[id="plugins-{type}s-{plugin}-ssl_truststore_password"]
|
476
|
+
===== `ssl_truststore_password`
|
477
|
+
|
478
|
+
* Value type is <<password,password>>
|
479
|
+
* There is no default value for this setting.
|
480
|
+
|
481
|
+
Set the truststore password
|
482
|
+
|
483
|
+
[id="plugins-{type}s-{plugin}-ssl_truststore_path"]
|
484
|
+
===== `ssl_truststore_path`
|
485
|
+
|
486
|
+
* Value type is <<path,path>>
|
487
|
+
* There is no default value for this setting.
|
488
|
+
|
489
|
+
The truststore to validate the server's certificate.
|
490
|
+
It can be either `.jks` or `.p12`.
|
491
|
+
|
492
|
+
[id="plugins-{type}s-{plugin}-ssl_truststore_type"]
|
493
|
+
===== `ssl_truststore_type`
|
494
|
+
|
495
|
+
* Value can be any of: `jks`, `pkcs12`
|
496
|
+
* If not provided, the value will be inferred from the truststore filename.
|
497
|
+
|
498
|
+
The format of the truststore file. It must be either `jks` or `pkcs12`.
|
499
|
+
|
381
500
|
[id="plugins-{type}s-{plugin}-ssl_verification_mode"]
|
382
501
|
===== `ssl_verification_mode`
|
383
502
|
|
@@ -396,6 +515,7 @@ Using `none` in production environments is strongly discouraged.
|
|
396
515
|
|
397
516
|
[id="plugins-{type}s-{plugin}-truststore"]
|
398
517
|
===== `truststore`
|
518
|
+
deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_path>>]
|
399
519
|
|
400
520
|
* Value type is <<path,path>>
|
401
521
|
* There is no default value for this setting.
|
@@ -404,6 +524,7 @@ If you need to use a custom truststore (`.jks`) specify that here. This does not
|
|
404
524
|
|
405
525
|
[id="plugins-{type}s-{plugin}-truststore_password"]
|
406
526
|
===== `truststore_password`
|
527
|
+
deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_password>>]
|
407
528
|
|
408
529
|
* Value type is <<password,password>>
|
409
530
|
* There is no default value for this setting.
|
@@ -413,6 +534,7 @@ Note, most .jks files created with keytool require a password!
|
|
413
534
|
|
414
535
|
[id="plugins-{type}s-{plugin}-truststore_type"]
|
415
536
|
===== `truststore_type`
|
537
|
+
deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_type>>]
|
416
538
|
|
417
539
|
* Value type is <<string,string>>
|
418
540
|
* Default value is `"JKS"`
|
@@ -7,7 +7,7 @@ require "logstash/plugin_mixins/http_client"
|
|
7
7
|
require "zlib"
|
8
8
|
|
9
9
|
class LogStash::Outputs::Http < LogStash::Outputs::Base
|
10
|
-
include LogStash::PluginMixins::HttpClient
|
10
|
+
include LogStash::PluginMixins::HttpClient[:with_deprecated => true]
|
11
11
|
|
12
12
|
concurrency :shared
|
13
13
|
|
@@ -272,7 +272,7 @@ class LogStash::Outputs::Http < LogStash::Outputs::Base
|
|
272
272
|
:url => url,
|
273
273
|
:method => @http_method,
|
274
274
|
:message => exception.message,
|
275
|
-
:class => exception.class
|
275
|
+
:class => exception.class,
|
276
276
|
:will_retry => will_retry
|
277
277
|
}
|
278
278
|
if @logger.debug?
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'logstash-output-http'
|
3
|
-
s.version = '5.
|
3
|
+
s.version = '5.6.0'
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
5
5
|
s.summary = "Sends events to a generic HTTP or HTTPS endpoint"
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
|
|
20
20
|
|
21
21
|
# Gem dependencies
|
22
22
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
23
|
-
s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.
|
23
|
+
s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.3.0", "< 8.0.0"
|
24
24
|
|
25
25
|
s.add_development_dependency 'logstash-devutils'
|
26
26
|
s.add_development_dependency 'sinatra'
|
data/spec/outputs/http_spec.rb
CHANGED
@@ -1,109 +1,4 @@
|
|
1
|
-
require
|
2
|
-
require "logstash/outputs/http"
|
3
|
-
require "logstash/codecs/plain"
|
4
|
-
require "thread"
|
5
|
-
require "sinatra"
|
6
|
-
require "webrick"
|
7
|
-
require "webrick/https"
|
8
|
-
require 'openssl'
|
9
|
-
require_relative "../supports/compressed_requests"
|
10
|
-
|
11
|
-
PORT = rand(65535-1024) + 1025
|
12
|
-
|
13
|
-
class LogStash::Outputs::Http
|
14
|
-
attr_writer :agent
|
15
|
-
attr_reader :request_tokens
|
16
|
-
end
|
17
|
-
|
18
|
-
# note that Sinatra startup and shutdown messages are directly logged to stderr so
|
19
|
-
# it is not really possible to disable them without reopening stderr which is not advisable.
|
20
|
-
#
|
21
|
-
# == Sinatra (v1.4.6) has taken the stage on 51572 for development with backup from WEBrick
|
22
|
-
# == Sinatra has ended his set (crowd applauds)
|
23
|
-
#
|
24
|
-
class TestApp < Sinatra::Base
|
25
|
-
# on the fly uncompress gzip content
|
26
|
-
use CompressedRequests
|
27
|
-
|
28
|
-
set :environment, :production
|
29
|
-
set :sessions, false
|
30
|
-
|
31
|
-
@@server_settings = {
|
32
|
-
:AccessLog => [], # disable WEBrick logging
|
33
|
-
:Logger => WEBrick::BasicLog::new(nil, WEBrick::BasicLog::FATAL)
|
34
|
-
}
|
35
|
-
|
36
|
-
def self.server_settings
|
37
|
-
@@server_settings
|
38
|
-
end
|
39
|
-
|
40
|
-
def self.server_settings=(settings)
|
41
|
-
@@server_settings = settings
|
42
|
-
end
|
43
|
-
|
44
|
-
def self.multiroute(methods, path, &block)
|
45
|
-
methods.each do |method|
|
46
|
-
method.to_sym
|
47
|
-
self.send method, path, &block
|
48
|
-
end
|
49
|
-
end
|
50
|
-
|
51
|
-
def self.last_request=(request)
|
52
|
-
@last_request = request
|
53
|
-
end
|
54
|
-
|
55
|
-
def self.last_request
|
56
|
-
@last_request
|
57
|
-
end
|
58
|
-
|
59
|
-
def self.retry_fail_count=(count)
|
60
|
-
@retry_fail_count = count
|
61
|
-
end
|
62
|
-
|
63
|
-
def self.retry_fail_count()
|
64
|
-
@retry_fail_count || 2
|
65
|
-
end
|
66
|
-
|
67
|
-
multiroute(%w(get post put patch delete), "/good") do
|
68
|
-
self.class.last_request = request
|
69
|
-
[200, "YUP"]
|
70
|
-
end
|
71
|
-
|
72
|
-
multiroute(%w(get post put patch delete), "/bad") do
|
73
|
-
self.class.last_request = request
|
74
|
-
[400, "YUP"]
|
75
|
-
end
|
76
|
-
|
77
|
-
multiroute(%w(get post put patch delete), "/retry") do
|
78
|
-
self.class.last_request = request
|
79
|
-
|
80
|
-
if self.class.retry_fail_count > 0
|
81
|
-
self.class.retry_fail_count -= 1
|
82
|
-
[429, "Will succeed in #{self.class.retry_fail_count}"]
|
83
|
-
else
|
84
|
-
[200, "Done Retrying"]
|
85
|
-
end
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
RSpec.configure do
|
90
|
-
#http://stackoverflow.com/questions/6557079/start-and-call-ruby-http-server-in-the-same-script
|
91
|
-
def start_app_and_wait(app, opts = {})
|
92
|
-
queue = Queue.new
|
93
|
-
|
94
|
-
Thread.start do
|
95
|
-
begin
|
96
|
-
app.start!({ server: 'WEBrick', port: PORT }.merge opts) do |server|
|
97
|
-
queue.push(server)
|
98
|
-
end
|
99
|
-
rescue => e
|
100
|
-
warn "Error starting app: #{e.inspect}" # ignore
|
101
|
-
end
|
102
|
-
end
|
103
|
-
|
104
|
-
queue.pop # blocks until the start! callback runs
|
105
|
-
end
|
106
|
-
end
|
1
|
+
require File.expand_path('../spec_helper.rb', File.dirname(__FILE__))
|
107
2
|
|
108
3
|
describe LogStash::Outputs::Http do
|
109
4
|
# Wait for the async request to finish in this spinlock
|
@@ -520,24 +415,28 @@ describe LogStash::Outputs::Http do
|
|
520
415
|
end
|
521
416
|
end
|
522
417
|
|
523
|
-
describe LogStash::Outputs::Http do # different block as we're starting web server with TLS
|
418
|
+
RSpec.describe LogStash::Outputs::Http do # different block as we're starting web server with TLS
|
524
419
|
|
525
420
|
@@default_server_settings = TestApp.server_settings.dup
|
526
421
|
|
527
422
|
before do
|
528
|
-
|
529
|
-
TestApp.server_settings = @@default_server_settings.merge({
|
530
|
-
:SSLEnable => true,
|
531
|
-
:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
|
532
|
-
:SSLCertificate => cert,
|
533
|
-
:SSLPrivateKey => key
|
534
|
-
})
|
423
|
+
TestApp.server_settings = @@default_server_settings.merge(webrick_config)
|
535
424
|
|
536
425
|
TestApp.last_request = nil
|
537
426
|
|
538
427
|
@server = start_app_and_wait(TestApp)
|
539
428
|
end
|
540
429
|
|
430
|
+
let(:webrick_config) do
|
431
|
+
cert, key = WEBrick::Utils.create_self_signed_cert 2048, [["CN", ssl_cert_host]], "Logstash testing"
|
432
|
+
{
|
433
|
+
SSLEnable: true,
|
434
|
+
SSLVerifyClient: OpenSSL::SSL::VERIFY_NONE,
|
435
|
+
SSLCertificate: cert,
|
436
|
+
SSLPrivateKey: key
|
437
|
+
}
|
438
|
+
end
|
439
|
+
|
541
440
|
after do
|
542
441
|
@server.shutdown # WEBrick::HTTPServer
|
543
442
|
|
@@ -590,4 +489,44 @@ describe LogStash::Outputs::Http do # different block as we're starting web serv
|
|
590
489
|
|
591
490
|
end
|
592
491
|
|
492
|
+
context 'with supported_protocols set to (disabled) 1.1' do
|
493
|
+
|
494
|
+
let(:config) { super().merge 'ssl_supported_protocols' => ['TLSv1.1'], 'ssl_verification_mode' => 'none' }
|
495
|
+
|
496
|
+
it "keeps retrying due a protocol exception" do # TLSv1.1 not enabled by default
|
497
|
+
expect(subject).to receive(:log_failure).
|
498
|
+
with('Could not fetch URL', hash_including(message: 'No appropriate protocol (protocol is disabled or cipher suites are inappropriate)')).
|
499
|
+
at_least(:once)
|
500
|
+
Thread.start { subject.multi_receive [ event ] }
|
501
|
+
sleep 1.0
|
502
|
+
end
|
503
|
+
|
504
|
+
end unless tls_version_enabled_by_default?('TLSv1.1')
|
505
|
+
|
506
|
+
context 'with supported_protocols set to 1.2/1.3' do
|
507
|
+
|
508
|
+
let(:config) { super().merge 'ssl_supported_protocols' => ['TLSv1.2', 'TLSv1.3'], 'ssl_verification_mode' => 'none' }
|
509
|
+
|
510
|
+
let(:webrick_config) { super().merge SSLVersion: 'TLSv1.2' }
|
511
|
+
|
512
|
+
it "should process the request" do
|
513
|
+
subject.multi_receive [ event ]
|
514
|
+
expect(last_request_body).to include '"message":"hello!"'
|
515
|
+
end
|
516
|
+
|
517
|
+
end
|
518
|
+
|
519
|
+
context 'with supported_protocols set to 1.3' do
|
520
|
+
|
521
|
+
let(:config) { super().merge 'ssl_supported_protocols' => ['TLSv1.3'], 'ssl_verification_mode' => 'none' }
|
522
|
+
|
523
|
+
let(:webrick_config) { super().merge SSLVersion: 'TLSv1.3' }
|
524
|
+
|
525
|
+
it "should process the request" do
|
526
|
+
subject.multi_receive [ event ]
|
527
|
+
expect(last_request_body).to include '"message":"hello!"'
|
528
|
+
end
|
529
|
+
|
530
|
+
end if tls_version_enabled_by_default?('TLSv1.3') && JOpenSSL::VERSION > '0.12' # due WEBrick uses OpenSSL
|
531
|
+
|
593
532
|
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,136 @@
|
|
1
|
+
require "logstash/devutils/rspec/spec_helper"
|
2
|
+
require "logstash/outputs/http"
|
3
|
+
require "logstash/codecs/plain"
|
4
|
+
|
5
|
+
require "thread"
|
6
|
+
require "sinatra"
|
7
|
+
require "webrick"
|
8
|
+
require "webrick/https"
|
9
|
+
require 'openssl'
|
10
|
+
|
11
|
+
require "supports/compressed_requests"
|
12
|
+
|
13
|
+
PORT = rand(65535-1024) + 1025
|
14
|
+
|
15
|
+
class LogStash::Outputs::Http
|
16
|
+
attr_writer :agent
|
17
|
+
attr_reader :request_tokens
|
18
|
+
end
|
19
|
+
|
20
|
+
# NOTE: extend WEBrick with support for config[:SSLVersion]
|
21
|
+
WEBrick::GenericServer.class_eval do
|
22
|
+
alias_method :__setup_ssl_context, :setup_ssl_context
|
23
|
+
|
24
|
+
def setup_ssl_context(config)
|
25
|
+
ctx = __setup_ssl_context(config)
|
26
|
+
ctx.ssl_version = config[:SSLVersion] if config[:SSLVersion]
|
27
|
+
ctx
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
|
32
|
+
# note that Sinatra startup and shutdown messages are directly logged to stderr so
|
33
|
+
# it is not really possible to disable them without reopening stderr which is not advisable.
|
34
|
+
#
|
35
|
+
# == Sinatra (v1.4.6) has taken the stage on 51572 for development with backup from WEBrick
|
36
|
+
# == Sinatra has ended his set (crowd applauds)
|
37
|
+
#
|
38
|
+
class TestApp < Sinatra::Base
|
39
|
+
# on the fly uncompress gzip content
|
40
|
+
use CompressedRequests
|
41
|
+
|
42
|
+
set :environment, :production
|
43
|
+
set :sessions, false
|
44
|
+
|
45
|
+
@@server_settings = {
|
46
|
+
:AccessLog => [], # disable WEBrick logging
|
47
|
+
:Logger => WEBrick::BasicLog::new(nil, WEBrick::BasicLog::FATAL)
|
48
|
+
}
|
49
|
+
|
50
|
+
def self.server_settings
|
51
|
+
@@server_settings
|
52
|
+
end
|
53
|
+
|
54
|
+
def self.server_settings=(settings)
|
55
|
+
@@server_settings = settings
|
56
|
+
end
|
57
|
+
|
58
|
+
def self.multiroute(methods, path, &block)
|
59
|
+
methods.each do |method|
|
60
|
+
method.to_sym
|
61
|
+
self.send method, path, &block
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def self.last_request=(request)
|
66
|
+
@last_request = request
|
67
|
+
end
|
68
|
+
|
69
|
+
def self.last_request
|
70
|
+
@last_request
|
71
|
+
end
|
72
|
+
|
73
|
+
def self.retry_fail_count=(count)
|
74
|
+
@retry_fail_count = count
|
75
|
+
end
|
76
|
+
|
77
|
+
def self.retry_fail_count()
|
78
|
+
@retry_fail_count || 2
|
79
|
+
end
|
80
|
+
|
81
|
+
multiroute(%w(get post put patch delete), "/good") do
|
82
|
+
self.class.last_request = request
|
83
|
+
[200, "YUP"]
|
84
|
+
end
|
85
|
+
|
86
|
+
multiroute(%w(get post put patch delete), "/bad") do
|
87
|
+
self.class.last_request = request
|
88
|
+
[400, "YUP"]
|
89
|
+
end
|
90
|
+
|
91
|
+
multiroute(%w(get post put patch delete), "/retry") do
|
92
|
+
self.class.last_request = request
|
93
|
+
|
94
|
+
if self.class.retry_fail_count > 0
|
95
|
+
self.class.retry_fail_count -= 1
|
96
|
+
[429, "Will succeed in #{self.class.retry_fail_count}"]
|
97
|
+
else
|
98
|
+
[200, "Done Retrying"]
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
RSpec.configure do |config|
|
104
|
+
#http://stackoverflow.com/questions/6557079/start-and-call-ruby-http-server-in-the-same-script
|
105
|
+
def start_app_and_wait(app, opts = {})
|
106
|
+
queue = Queue.new
|
107
|
+
|
108
|
+
Thread.start do
|
109
|
+
begin
|
110
|
+
app.start!({ server: 'WEBrick', port: PORT }.merge opts) do |server|
|
111
|
+
yield(server) if block_given?
|
112
|
+
queue.push(server)
|
113
|
+
end
|
114
|
+
rescue => e
|
115
|
+
warn "Error starting app: #{e.inspect}" # ignore
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
queue.pop # blocks until the start! callback runs
|
120
|
+
end
|
121
|
+
|
122
|
+
config.extend(Module.new do
|
123
|
+
|
124
|
+
def tls_version_enabled_by_default?(tls_version)
|
125
|
+
begin
|
126
|
+
context = javax.net.ssl.SSLContext.getInstance('TLS')
|
127
|
+
context.init nil, nil, nil
|
128
|
+
context.getDefaultSSLParameters.getProtocols.include? tls_version.to_s
|
129
|
+
rescue => e
|
130
|
+
warn "#{__method__} failed : #{e.inspect}"
|
131
|
+
nil
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
end)
|
136
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-output-http
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.
|
4
|
+
version: 5.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-09-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -35,7 +35,7 @@ dependencies:
|
|
35
35
|
requirements:
|
36
36
|
- - ">="
|
37
37
|
- !ruby/object:Gem::Version
|
38
|
-
version: 7.
|
38
|
+
version: 7.3.0
|
39
39
|
- - "<"
|
40
40
|
- !ruby/object:Gem::Version
|
41
41
|
version: 8.0.0
|
@@ -46,7 +46,7 @@ dependencies:
|
|
46
46
|
requirements:
|
47
47
|
- - ">="
|
48
48
|
- !ruby/object:Gem::Version
|
49
|
-
version: 7.
|
49
|
+
version: 7.3.0
|
50
50
|
- - "<"
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: 8.0.0
|
@@ -110,6 +110,7 @@ files:
|
|
110
110
|
- lib/logstash/outputs/http.rb
|
111
111
|
- logstash-output-http.gemspec
|
112
112
|
- spec/outputs/http_spec.rb
|
113
|
+
- spec/spec_helper.rb
|
113
114
|
- spec/supports/compressed_requests.rb
|
114
115
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
115
116
|
licenses:
|
@@ -132,10 +133,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
132
133
|
- !ruby/object:Gem::Version
|
133
134
|
version: '0'
|
134
135
|
requirements: []
|
135
|
-
rubygems_version: 3.
|
136
|
+
rubygems_version: 3.2.33
|
136
137
|
signing_key:
|
137
138
|
specification_version: 4
|
138
139
|
summary: Sends events to a generic HTTP or HTTPS endpoint
|
139
140
|
test_files:
|
140
141
|
- spec/outputs/http_spec.rb
|
142
|
+
- spec/spec_helper.rb
|
141
143
|
- spec/supports/compressed_requests.rb
|