RubyGems - logstash-output-http - Versions diffs - 5.5.0 → 5.6.0 - Mend

logstash-output-http 5.5.0 → 5.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69cfc19c5b3ecafee365f0a532e6390f087d80aa6810d8e6dfd7b33dbc78457b
-  data.tar.gz: 01c64da9e9de7c6d69198d6ba84844729ef06449bc1858d7769f10c7ee89d417
+  metadata.gz: 652d47afcc760258e4dd50ff4ecc7c5418e0e8b70a07e72e23e8c62bde080158
+  data.tar.gz: 38ecc6f8941d7e6690967d8601a39d43f365add3df4a5be3d553b5db3427ba44
 SHA512:
-  metadata.gz: 6489a0ec4a312b2e4dea006fdba7fd14ea51df714ce62ba1b344417d9147272454a46bf87031fc1ac878027acd0cd5be44e70b6f572d89599de08ebbecee35c5
-  data.tar.gz: a8c247a839589cf6df3cb11f7123b0f097905502127656cba405a7af5d6d4123e6684d113478d1781a99670ff7512562303ca5df30e78b13cb201b225f61b905
+  metadata.gz: a1f800d614b94d7c86fd1b00a3334c444ece5b44ac47937789d400ec033705b816f05c2f2f0a8f204a1badb0b7c1e885f4ce54be8a1ce89377a9d2ab526c74aa
+  data.tar.gz: 047f61872bf497e485658acf016d55af655bbdaa3a04a5e521036a20e8b50ccb2ef5a89699d7879aa387030b0d6f1efcb08fc4ed69f92cb97f419a66aa15cb69

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,11 @@
+## 5.6.0
+  - Added standardized SSL settings and deprecates their non-standard counterparts. Deprecated settings will continue to work, and will provide pipeline maintainers with guidance toward using their standardized counterparts [#140](https://github.com/logstash-plugins/logstash-output-http/pull/140)
+  - Added new `ssl_truststore_path`, `ssl_truststore_password`, and `ssl_truststore_type` settings for configuring SSL-trust using a PKCS-12 or JKS trust store, deprecating their `truststore`, `truststore_password`, and `truststore_type` counterparts.
+  - Added new `ssl_certificate_authorities` setting for configuring SSL-trust using a PEM-formatted list certificate authorities, deprecating its `cacert` counterpart.
+  - Added new `ssl_keystore_path`, `ssl_keystore_password`, and `ssl_keystore_type` settings for configuring SSL-identity using a PKCS-12 or JKS key store, deprecating their `keystore`, `keystore_password`, and `keystore_type` counterparts.
+  - Added new `ssl_certificate` and `ssl_key` settings for configuring SSL-identity using a PEM-formatted certificate/key pair, deprecating their `client_cert` and `client_key` counterparts.
+  - Added the `ssl_cipher_suites` option
 ## 5.5.0
   - Feat: added `ssl_supported_protocols` option [#131](https://github.com/logstash-plugins/logstash-output-http/pull/131)

data/docs/index.asciidoc CHANGED Viewed

@@ -74,9 +74,9 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 |=======================================================================
 |Setting |Input type|Required
 | <<plugins-{type}s-{plugin}-automatic_retries>> |<<number,number>>|No
-| <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|No
-| <<plugins-{type}s-{plugin}-client_cert>> |a valid filesystem path|No
-| <<plugins-{type}s-{plugin}-client_key>> |a valid filesystem path|No
+| <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|__Deprecated__
+| <<plugins-{type}s-{plugin}-client_cert>> |a valid filesystem path|__Deprecated__
+| <<plugins-{type}s-{plugin}-client_key>> |a valid filesystem path|__Deprecated__
 | <<plugins-{type}s-{plugin}-connect_timeout>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-content_type>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-cookies>> |<<boolean,boolean>>|No
@@ -87,9 +87,9 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-http_method>> |<<string,string>>, one of `["put", "post", "patch", "delete", "get", "head"]`|Yes
 | <<plugins-{type}s-{plugin}-ignorable_codes>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-keepalive>> |<<boolean,boolean>>|No
-| <<plugins-{type}s-{plugin}-keystore>> |a valid filesystem path|No
-| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|No
-| <<plugins-{type}s-{plugin}-keystore_type>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-keystore>> |a valid filesystem path|__Deprecated__
+| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|__Deprecated__
+| <<plugins-{type}s-{plugin}-keystore_type>> |<<string,string>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-mapping>> |<<hash,hash>>|No
 | <<plugins-{type}s-{plugin}-message>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-pool_max>> |<<number,number>>|No
@@ -100,11 +100,20 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-retry_non_idempotent>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-retryable_codes>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-socket_timeout>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-ssl_certificate>> |<<path,path>>|No
+| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |list of <<path,path>>|No
+| <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |list of <<string,string>>|No
+| <<plugins-{type}s-{plugin}-ssl_keystore_password>> |<<password,password>>|No
+| <<plugins-{type}s-{plugin}-ssl_keystore_path>> |<<path,path>>|No
+| <<plugins-{type}s-{plugin}-ssl_keystore_type>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<string,string>>|No
-| <<plugins-{type}s-{plugin}-ssl_verification_mode>> |<<string,string>>|No
-| <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|No
-| <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|No
-| <<plugins-{type}s-{plugin}-truststore_type>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-ssl_truststore_password>> |<<password,password>>|No
+| <<plugins-{type}s-{plugin}-ssl_truststore_path>> |<<path,path>>|No
+| <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-ssl_verification_mode>> |<<string,string>>, one of `["full", "none"]`|No
+| <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|__Deprecated__
+| <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|__Deprecated__
+| <<plugins-{type}s-{plugin}-truststore_type>> |<<string,string>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-url>> |<<string,string>>|Yes
 | <<plugins-{type}s-{plugin}-validate_after_inactivity>> |<<number,number>>|No
 |=======================================================================
@@ -127,6 +136,7 @@ See <<plugins-{type}s-{plugin}-retry_policy,Retry Policy>> for more information.
 [id="plugins-{type}s-{plugin}-cacert"]
 ===== `cacert`
+deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>]
   * Value type is <<path,path>>
   * There is no default value for this setting.
@@ -135,6 +145,7 @@ If you need to use a custom X.509 CA (.pem certs) specify the path to that here
 [id="plugins-{type}s-{plugin}-client_cert"]
 ===== `client_cert`
+deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate>>]
   * Value type is <<path,path>>
   * There is no default value for this setting.
@@ -143,6 +154,7 @@ If you'd like to use a client certificate (note, most people don't want this) se
 [id="plugins-{type}s-{plugin}-client_key"]
 ===== `client_key`
+deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_key>>]
   * Value type is <<path,path>>
   * There is no default value for this setting.
@@ -254,6 +266,7 @@ one with this to fix interactions with broken keepalive implementations.
 [id="plugins-{type}s-{plugin}-keystore"]
 ===== `keystore`
+deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_path>>]
   * Value type is <<path,path>>
   * There is no default value for this setting.
@@ -262,6 +275,7 @@ If you need to use a custom keystore (`.jks`) specify that here. This does not w
 [id="plugins-{type}s-{plugin}-keystore_password"]
 ===== `keystore_password`
+deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_password>>]
   * Value type is <<password,password>>
   * There is no default value for this setting.
@@ -270,7 +284,8 @@ Specify the keystore password here.
 Note, most .jks files created with keytool require a password!
 [id="plugins-{type}s-{plugin}-keystore_type"]
-===== `keystore_type`
+===== `keystore_type`
+deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_type>>]
   * Value type is <<string,string>>
   * Default value is `"JKS"`
@@ -379,6 +394,67 @@ See <<plugins-{type}s-{plugin}-retry_policy,Retry Policy>> for more information.
 Timeout (in seconds) to wait for data on the socket. Default is `10s`
+[id="plugins-{type}s-{plugin}-ssl_certificate"]
+===== `ssl_certificate`
+  * Value type is <<path,path>>
+  * There is no default value for this setting.
+SSL certificate to use to authenticate the client. This certificate should be an OpenSSL-style X.509 certificate file.
+NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-ssl_key>> is set.
+[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
+===== `ssl_certificate_authorities`
+  * Value type is a list of <<path,path>>
+  * There is no default value for this setting
+The .cer or .pem CA files to validate the server's certificate.
+[id="plugins-{type}s-{plugin}-ssl_cipher_suites"]
+===== `ssl_cipher_suites`
+  * Value type is a list of <<string,string>>
+  * There is no default value for this setting
+The list of cipher suites to use, listed by priorities.
+Supported cipher suites vary depending on the Java and protocol versions.
+[id="plugins-{type}s-{plugin}-ssl_key"]
+===== `ssl_key`
+  * Value type is <<path,path>>
+  * There is no default value for this setting.
+OpenSSL-style RSA private key that corresponds to the <<plugins-{type}s-{plugin}-ssl_certificate>>.
+NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-ssl_certificate>> is set.
+[id="plugins-{type}s-{plugin}-ssl_keystore_password"]
+===== `ssl_keystore_password`
+  * Value type is <<password,password>>
+  * There is no default value for this setting.
+Set the keystore password
+[id="plugins-{type}s-{plugin}-ssl_keystore_path"]
+===== `ssl_keystore_path`
+  * Value type is <<path,path>>
+  * There is no default value for this setting.
+The keystore used to present a certificate to the server.
+It can be either `.jks` or `.p12`
+[id="plugins-{type}s-{plugin}-ssl_keystore_type"]
+===== `ssl_keystore_type`
+  * Value can be any of: `jks`, `pkcs12`
+  * If not provided, the value will be inferred from the keystore filename.
+The format of the keystore file. It must be either `jks` or `pkcs12`.
 [id="plugins-{type}s-{plugin}-ssl_supported_protocols"]
 ===== `ssl_supported_protocols`
@@ -396,6 +472,31 @@ NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as
 the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
 the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
+[id="plugins-{type}s-{plugin}-ssl_truststore_password"]
+===== `ssl_truststore_password`
+  * Value type is <<password,password>>
+  * There is no default value for this setting.
+Set the truststore password
+[id="plugins-{type}s-{plugin}-ssl_truststore_path"]
+===== `ssl_truststore_path`
+  * Value type is <<path,path>>
+  * There is no default value for this setting.
+The truststore to validate the server's certificate.
+It can be either `.jks` or `.p12`.
+[id="plugins-{type}s-{plugin}-ssl_truststore_type"]
+===== `ssl_truststore_type`
+  * Value can be any of: `jks`, `pkcs12`
+  * If not provided, the value will be inferred from the truststore filename.
+The format of the truststore file. It must be either `jks` or `pkcs12`.
 [id="plugins-{type}s-{plugin}-ssl_verification_mode"]
 ===== `ssl_verification_mode`
@@ -414,6 +515,7 @@ Using `none`  in production environments is strongly discouraged.
 [id="plugins-{type}s-{plugin}-truststore"]
 ===== `truststore`
+deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_path>>]
   * Value type is <<path,path>>
   * There is no default value for this setting.
@@ -422,6 +524,7 @@ If you need to use a custom truststore (`.jks`) specify that here. This does not
 [id="plugins-{type}s-{plugin}-truststore_password"]
 ===== `truststore_password`
+deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_password>>]
   * Value type is <<password,password>>
   * There is no default value for this setting.
@@ -431,6 +534,7 @@ Note, most .jks files created with keytool require a password!
 [id="plugins-{type}s-{plugin}-truststore_type"]
 ===== `truststore_type`
+deprecated[5.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_type>>]
   * Value type is <<string,string>>
   * Default value is `"JKS"`

data/lib/logstash/outputs/http.rb CHANGED Viewed

@@ -7,7 +7,7 @@ require "logstash/plugin_mixins/http_client"
 require "zlib"
 class LogStash::Outputs::Http < LogStash::Outputs::Base
-  include LogStash::PluginMixins::HttpClient
+  include LogStash::PluginMixins::HttpClient[:with_deprecated => true]
   concurrency :shared

data/logstash-output-http.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-output-http'
-  s.version         = '5.5.0'
+  s.version         = '5.6.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Sends events to a generic HTTP or HTTPS endpoint"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
-  s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.2.0", "< 8.0.0"
+  s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.3.0", "< 8.0.0"
   s.add_development_dependency 'logstash-devutils'
   s.add_development_dependency 'sinatra'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-http
 version: !ruby/object:Gem::Version
-  version: 5.5.0
+  version: 5.6.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-28 00:00:00.000000000 Z
+date: 2023-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -35,7 +35,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 7.2.0
+        version: 7.3.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 8.0.0
@@ -46,7 +46,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 7.2.0
+        version: 7.3.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 8.0.0
@@ -133,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.2.33
 signing_key:
 specification_version: 4
 summary: Sends events to a generic HTTP or HTTPS endpoint