logstash-output-http 5.7.0 → 6.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ea9e1064040e6d7b09ea61a4f77de09bd1a56186d824ec6c26b870c2ac466975
-  data.tar.gz: b1ae025edddfc791309aeb4edd7a0a93a2b961358b73484b83625ad029cfceb7
+  metadata.gz: db0ed1f5276a90d88d30a99169a07a55017f9743ecebafc71c76714ef11f5871
+  data.tar.gz: 677dce576d73352be645576d4599d1a89bc116b5094f1bb47d224a9627dc8180
 SHA512:
-  metadata.gz: 2594c607190fcf16a6c6793a19ee2c14bab9d787f688f567ec1ec0a06669a771d7213e0189e5675ef211e9bc0d313b728a0cc613817bc2af554ea6ad04b4d554
-  data.tar.gz: 74ae9117f75b81e93e706d2acefe4c8e42d15139521aa4cf5310a21a7a9f4756763fbfa242de552cc222ed0550a03501489c55ccc56a16e0c71658c5d8c9e66e
+  metadata.gz: 27ac44cdad0f1b1c3abebdbdd5105377b0e311af48b18b3da88dba28566a8d3932428475b6aea7487b9fcd2c3e03352be31bcf4483c4a11a803fad40792d1986
+  data.tar.gz: 8ae0110d539687581f8ad419b7a6d6e33e1a20234205eb39f438df6309c2d701eb683fcfdd98d40dc568b6d7427e3140c7892e5b092136a4e6fba9777f8a6eb7

data/CHANGELOG.md

@@ -1,3 +1,20 @@
+## 6.0.0
+  - SSL settings that were marked deprecated in version `5.6.0` are now marked obsolete, and will prevent the plugin from starting.
+  - These settings are:   
+  - `cacert`, which should be replaced by `ssl_certificate_authorities`
+  - `client_cert`, which should be replaced by `ssl_certificate`
+  - `client_key`, which should be replaced by `ssl_key`
+  - `keystore`, which should be replaced by `ssl_keystore_path`
+  - `keystore_password`, which should be replaced by `ssl_keystore_password`
+  - `keystore_type`, which should be replaced by `ssl_keystore_password`
+  - `truststore`, which should be replaced by `ssl_truststore_path>`
+  - `truststore_password`, which should be replaced by `ssl_truststore_password`
+  - `truststore_type`, which should be replaced by `ssl_truststore_type`
+  - [#147](https://github.com/logstash-plugins/logstash-output-http/pull/147)
+
+## 5.7.1
+  - Added new development `rackup` dependency to fix tests 
+
 ## 5.7.0
   - Added new `ssl_enabled` setting for enabling/disabling the SSL configurations [#144](https://github.com/logstash-plugins/logstash-output-http/pull/144)
 

data/docs/index.asciidoc

@@ -70,13 +70,13 @@ NOTE: The `retry_failed` option does not control the library level retry.
 
 This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
 
+NOTE: As of version `6.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed. 
+Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
+
 [cols="<,<,<",options="header",]
 |=======================================================================
 |Setting |Input type|Required
 | <<plugins-{type}s-{plugin}-automatic_retries>> |<<number,number>>|No
-| <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|__Deprecated__
-| <<plugins-{type}s-{plugin}-client_cert>> |a valid filesystem path|__Deprecated__
-| <<plugins-{type}s-{plugin}-client_key>> |a valid filesystem path|__Deprecated__
 | <<plugins-{type}s-{plugin}-connect_timeout>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-content_type>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-cookies>> |<<boolean,boolean>>|No
@@ -87,9 +87,6 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-http_method>> |<<string,string>>, one of `["put", "post", "patch", "delete", "get", "head"]`|Yes
 | <<plugins-{type}s-{plugin}-ignorable_codes>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-keepalive>> |<<boolean,boolean>>|No
-| <<plugins-{type}s-{plugin}-keystore>> |a valid filesystem path|__Deprecated__
-| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|__Deprecated__
-| <<plugins-{type}s-{plugin}-keystore_type>> |<<string,string>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-mapping>> |<<hash,hash>>|No
 | <<plugins-{type}s-{plugin}-message>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-pool_max>> |<<number,number>>|No
@@ -112,9 +109,6 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-ssl_truststore_path>> |<<path,path>>|No
 | <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_verification_mode>> |<<string,string>>, one of `["full", "none"]`|No
-| <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|__Deprecated__
-| <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|__Deprecated__
-| <<plugins-{type}s-{plugin}-truststore_type>> |<<string,string>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-url>> |<<string,string>>|Yes
 | <<plugins-{type}s-{plugin}-validate_after_inactivity>> |<<number,number>>|No
 |=======================================================================
@@ -135,32 +129,6 @@ to a value other than zero if the <<plugins-{type}s-{plugin}-keepalive,`keepaliv
 Some servers incorrectly end keepalives early, requiring a retry.
 See <<plugins-{type}s-{plugin}-retry_policy,Retry Policy>> for more information.
 
-[id="plugins-{type}s-{plugin}-cacert"]
-===== `cacert` 
-deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>]
-
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-
-If you need to use a custom X.509 CA (.pem certs) specify the path to that here
-
-[id="plugins-{type}s-{plugin}-client_cert"]
-===== `client_cert` 
-deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate>>]
-
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-
-If you'd like to use a client certificate (note, most people don't want this) set the path to the x509 cert here
-
-[id="plugins-{type}s-{plugin}-client_key"]
-===== `client_key` 
-deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_key>>]
-
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-
-If you're using a client certificate specify the path to the encryption key here
 
 [id="plugins-{type}s-{plugin}-connect_timeout"]
 ===== `connect_timeout` 
@@ -265,34 +233,6 @@ enumerate them here. Responses returning these codes will be considered successe
 Turn this on to enable HTTP keepalive support. We highly recommend setting `automatic_retries` to at least
 one with this to fix interactions with broken keepalive implementations.
 
-[id="plugins-{type}s-{plugin}-keystore"]
-===== `keystore` 
-deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_path>>]
-
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-
-If you need to use a custom keystore (`.jks`) specify that here. This does not work with .pem keys!
-
-[id="plugins-{type}s-{plugin}-keystore_password"]
-===== `keystore_password` 
-deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_password>>]
-
-  * Value type is <<password,password>>
-  * There is no default value for this setting.
-
-Specify the keystore password here.
-Note, most .jks files created with keytool require a password!
-
-[id="plugins-{type}s-{plugin}-keystore_type"]
-===== `keystore_type`
-deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_type>>]
-
-  * Value type is <<string,string>>
-  * Default value is `"JKS"`
-
-Specify the keystore type here. One of `JKS` or `PKCS12`. Default is `JKS`
-
 [id="plugins-{type}s-{plugin}-mapping"]
 ===== `mapping` 
 
@@ -523,34 +463,6 @@ This mode disables many of the security benefits of SSL/TLS and should only be u
 It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors.
 Using `none`  in production environments is strongly discouraged.
 
-[id="plugins-{type}s-{plugin}-truststore"]
-===== `truststore` 
-deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_path>>]
-
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-
-If you need to use a custom truststore (`.jks`) specify that here. This does not work with .pem certs!
-
-[id="plugins-{type}s-{plugin}-truststore_password"]
-===== `truststore_password` 
-deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_password>>]
-
-  * Value type is <<password,password>>
-  * There is no default value for this setting.
-
-Specify the truststore password here.
-Note, most .jks files created with keytool require a password!
-
-[id="plugins-{type}s-{plugin}-truststore_type"]
-===== `truststore_type` 
-deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_type>>]
-
-  * Value type is <<string,string>>
-  * Default value is `"JKS"`
-
-Specify the truststore type here. One of `JKS` or `PKCS12`. Default is `JKS`
-
 [id="plugins-{type}s-{plugin}-url"]
 ===== `url` 
 
@@ -573,6 +485,27 @@ Quoting the Apache commons docs (this client is based Apache Commmons):
 See https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html#setValidateAfterInactivity(int)[these docs for more info]
 
 
+[id="plugins-{type}s-{plugin}-obsolete-options"]
+==== HTTP Output Obsolete Configuration Options
+
+WARNING: As of version `6.0.0` of this plugin, some configuration options have been replaced.
+The plugin will fail to start if it contains any of these obsolete options. 
+
+
+[cols="<,<",options="header",]
+|=======================================================================
+|Setting|Replaced by
+| cacert |<<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
+| client_cert |<<plugins-{type}s-{plugin}-ssl_certificate>>
+| client_key |<<plugins-{type}s-{plugin}-ssl_key>>
+| keystore |<<plugins-{type}s-{plugin}-ssl_keystore_path>>
+| keystore_password |<<plugins-{type}s-{plugin}-ssl_keystore_password>>
+| keystore_type |<<plugins-{type}s-{plugin}-ssl_keystore_password>>
+| truststore |<<plugins-{type}s-{plugin}-ssl_truststore_path>>
+| truststore_password |<<plugins-{type}s-{plugin}-ssl_truststore_password>>
+| truststore_type |<<plugins-{type}s-{plugin}-ssl_truststore_type>>
+|=======================================================================
+
 
 [id="plugins-{type}s-{plugin}-common-options"]
 include::{include_path}/{type}.asciidoc[]

data/lib/logstash/outputs/http.rb

@@ -7,7 +7,7 @@ require "logstash/plugin_mixins/http_client"
 require "zlib"
 
 class LogStash::Outputs::Http < LogStash::Outputs::Base
-  include LogStash::PluginMixins::HttpClient[:with_deprecated => true]
+  include LogStash::PluginMixins::HttpClient[:with_obsolete => true]
 
   concurrency :shared
 

data/logstash-output-http.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-output-http'
-  s.version         = '5.7.0'
+  s.version         = '6.0.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Sends events to a generic HTTP or HTTPS endpoint"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -20,9 +20,12 @@ Gem::Specification.new do |s|
 
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
-  s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.4.0", "< 8.0.0"
+  s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.5.0", "< 8.0.0"
 
   s.add_development_dependency 'logstash-devutils'
   s.add_development_dependency 'sinatra'
   s.add_development_dependency 'webrick'
+
+  # Pin to avoid using new Fiber-based implementation that breaks tests here
+  s.add_development_dependency 'rackup', "< 2.1.0"
 end

data/spec/outputs/http_spec.rb

@@ -20,6 +20,32 @@ describe LogStash::Outputs::Http do
   let(:url) { "http://localhost:#{port}/good" }
   let(:method) { "post" }
 
+  describe "obsolete settings" do
+    let(:config) { {"url" => url, "http_method" => "post"} }
+
+    [{:name => 'cacert', :canonical_name => 'ssl_certificate_authorities'},
+     {:name => 'client_cert', :canonical_name => 'ssl_certificate'},
+     {:name => 'client_key', :canonical_name => 'ssl_key'},
+     {:name => "keystore", :canonical_name => 'ssl_keystore_path'},
+     {:name => 'truststore', :canonical_name => 'ssl_truststore_path'},
+     {:name => "keystore_password", :canonical_name => "ssl_keystore_password"},
+     {:name => 'truststore_password', :canonical_name => "ssl_truststore_password"},
+     {:name => "keystore_type", :canonical_name => "ssl_keystore_type"},
+     {:name => 'truststore_type', :canonical_name => 'ssl_truststore_type'}
+    ].each do |settings|
+      context "with option #{settings[:name]}" do
+        let(:obsolete_config) { config.merge(settings[:name] => 'test_value') }
+
+        it "emits an error about the setting `#{settings[:name]}` now being obsolete and provides guidance to use `#{settings[:canonical_name]}`" do
+          error_text = /The setting `#{settings[:name]}` in plugin `http` is obsolete and is no longer available. Use `#{settings[:canonical_name]}` instead/i
+          expect { LogStash::Outputs::Http.new(obsolete_config) }.to raise_error LogStash::ConfigurationError, error_text
+        end
+
+      end
+    end
+  end
+
+
   shared_examples("verb behavior") do |method|
 
     shared_examples("failure log behaviour") do
@@ -255,7 +281,7 @@ describe LogStash::Outputs::Http do
       end
 
       let(:last_request) { TestApp.last_request }
-      let(:body) { last_request.body.read }
+      let(:body) {  read_last_request_body(last_request) }
       let(:content_type) { last_request.env["CONTENT_TYPE"] }
 
       it "should receive the request" do
@@ -458,7 +484,7 @@ RSpec.describe LogStash::Outputs::Http do # different block as we're starting we
   after  { subject.close }
 
   let(:last_request) { TestApp.last_request }
-  let(:last_request_body) { last_request.body.read }
+  let(:last_request_body) { read_last_request_body(last_request) }
 
   let(:event) { LogStash::Event.new("message" => "hello!") }
 
@@ -530,3 +556,10 @@ RSpec.describe LogStash::Outputs::Http do # different block as we're starting we
   end if tls_version_enabled_by_default?('TLSv1.3') && JOpenSSL::VERSION > '0.12' # due WEBrick uses OpenSSL
 
 end
+
+# Pre-emptively rewind the retrieval of `last_request.body` - for form based endpoints, the body
+# is placed in params, and body is empty, requiring a `rewind` for the body to be available for comparison
+def read_last_request_body(last_request)
+  last_request.body.rewind
+  last_request.body.read
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-http
 version: !ruby/object:Gem::Version
-  version: 5.7.0
+  version: 6.0.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-19 00:00:00.000000000 Z
+date: 2024-11-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -20,8 +20,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.99'
   name: logstash-core-plugin-api
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -35,18 +35,18 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 7.4.0
+        version: 7.5.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 8.0.0
   name: logstash-mixin-http_client
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 7.4.0
+        version: 7.5.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 8.0.0
@@ -57,8 +57,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-devutils
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -71,8 +71,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: sinatra
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -85,13 +85,27 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: webrick
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  name: rackup
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
 description: This gem is a Logstash plugin required to be installed on top of the
   Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
   gem is not a stand-alone program
@@ -133,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
 summary: Sends events to a generic HTTP or HTTPS endpoint