logstash-output-opensearch 1.0.0-java → 1.3.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/COMPATIBILITY.md +27 -0
- data/CONTRIBUTING.md +27 -5
- data/DEVELOPER_GUIDE.md +16 -7
- data/Gemfile +1 -1
- data/MAINTAINERS.md +3 -0
- data/NOTICE +9 -2
- data/README.md +75 -5
- data/lib/logstash/outputs/opensearch/http_client/manticore_adapter.rb +101 -4
- data/lib/logstash/outputs/opensearch/http_client/pool.rb +3 -16
- data/lib/logstash/outputs/opensearch/http_client.rb +12 -23
- data/lib/logstash/outputs/opensearch/http_client_builder.rb +5 -2
- data/lib/logstash/outputs/opensearch/templates/ecs-disabled/2x.json +44 -0
- data/lib/logstash/outputs/opensearch/templates/ecs-v8/1x.json +5252 -0
- data/lib/logstash/outputs/opensearch/templates/ecs-v8/2x.json +5252 -0
- data/lib/logstash/outputs/opensearch/templates/ecs-v8/7x.json +5252 -0
- data/lib/logstash/outputs/opensearch.rb +4 -5
- data/lib/logstash/plugin_mixins/opensearch/api_configs.rb +26 -0
- data/lib/logstash/plugin_mixins/opensearch/common.rb +2 -2
- data/logstash-output-opensearch.gemspec +20 -4
- data/spec/integration/outputs/compressed_indexing_spec.rb +11 -5
- data/spec/integration/outputs/create_spec.rb +7 -7
- data/spec/integration/outputs/delete_spec.rb +8 -8
- data/spec/integration/outputs/index_spec.rb +54 -12
- data/spec/integration/outputs/index_version_spec.rb +11 -11
- data/spec/integration/outputs/ingest_pipeline_spec.rb +3 -4
- data/spec/integration/outputs/metrics_spec.rb +0 -2
- data/spec/integration/outputs/no_opensearch_on_startup_spec.rb +0 -1
- data/spec/integration/outputs/painless_update_spec.rb +10 -10
- data/spec/integration/outputs/parent_spec.rb +2 -2
- data/spec/integration/outputs/retry_spec.rb +2 -2
- data/spec/integration/outputs/sniffer_spec.rb +2 -2
- data/spec/integration/outputs/templates_spec.rb +83 -59
- data/spec/integration/outputs/update_spec.rb +14 -14
- data/spec/opensearch_spec_helper.rb +12 -2
- data/spec/unit/outputs/opensearch/http_client/manticore_adapter_spec.rb +74 -4
- data/spec/unit/outputs/opensearch/http_client/pool_spec.rb +4 -87
- data/spec/unit/outputs/opensearch/http_client_spec.rb +6 -5
- data/spec/unit/outputs/opensearch/template_manager_spec.rb +23 -4
- data/spec/unit/outputs/opensearch_spec.rb +18 -2
- data.tar.gz.sig +0 -0
- metadata +75 -19
- metadata.gz.sig +0 -0
- data/lib/logstash/outputs/opensearch/distribution_checker.rb +0 -44
- data/lib/logstash/plugin_mixins/opensearch/noop_distribution_checker.rb +0 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bbe40e1f039f2d91a4adfb8b8fb9a28fd877156bf270060fa1d294986a769983
|
4
|
+
data.tar.gz: 9c2bd44c3e32cbf31d3ffac173a5e9b0ff2e4bcb9c4bd27267ac70a3a88ee6da
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ed114d31a8dd15ebe57cba0d87c278efe3be2a47743aa2cdfe99bf861e0934edb2772d09aa59eda0d9428b119dde77a16c82371ce19ca1cbfb5c6ce736692690
|
7
|
+
data.tar.gz: df6263f5109d5834bc19fa9804c082c95dc1867eed7926be99b7682c4c1cfb3abffa0ff23b16f123f55f196e353527d31d8d5a61f3011bbf56805f43fa890fdc
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/COMPATIBILITY.md
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
## Compatibility
|
2
|
+
|
3
|
+
### Matrix for Logstash OSS
|
4
|
+
|
5
|
+
| logstash-output-opensearch | Logstash OSS|
|
6
|
+
| ------------- | ------------- |
|
7
|
+
| 1.0.0+ | 7.13.2 |
|
8
|
+
|
9
|
+
### Matrix for OpenSearch
|
10
|
+
|
11
|
+
| logstash-output-opensearch | OpenSearch |
|
12
|
+
| ------------- | ------------- |
|
13
|
+
| 1.0.0+ | 1.0.0 |
|
14
|
+
|
15
|
+
|
16
|
+
### Matrix for ODFE
|
17
|
+
|
18
|
+
| logstash-output-opensearch | ODFE |
|
19
|
+
| ------------- | ------------- |
|
20
|
+
| 1.0.0+ | 1.x - 1.13.2 |
|
21
|
+
|
22
|
+
|
23
|
+
### Matrix for Elasticsearch OSS
|
24
|
+
|
25
|
+
| logstash-output-opensearch | Elasticsearch OSS|
|
26
|
+
| ------------- | ------------- |
|
27
|
+
| 1.0.0+ | 7.x - 7.10.2 |
|
data/CONTRIBUTING.md
CHANGED
@@ -6,6 +6,7 @@
|
|
6
6
|
- [Documentation Changes](#documentation-changes)
|
7
7
|
- [Contributing Code](#contributing-code)
|
8
8
|
- [Developer Certificate of Origin](#developer-certificate-of-origin)
|
9
|
+
- [License Headers](#license-headers)
|
9
10
|
- [Review Process](#review-process)
|
10
11
|
|
11
12
|
## Contributing to logstash-output-opensearch
|
@@ -35,17 +36,13 @@ If you've upgraded to the latest version and you can't find it in our open issue
|
|
35
36
|
|
36
37
|
If you've thought of a way that logstash-output-opensearch could be better, we want to hear about it. We track feature requests using GitHub, so please feel free to open an issue which describes the feature you would like to see, why you need it, and how it should work.
|
37
38
|
|
38
|
-
### Documentation Changes
|
39
|
-
|
40
|
-
//TODO
|
41
|
-
|
42
39
|
### Contributing Code
|
43
40
|
|
44
41
|
As with other types of contributions, the first step is to [**open an issue on GitHub**](https://github.com/opensearch-project/logstash-output-opensearch/issues/new/choose). Opening an issue before you make changes makes sure that someone else isn't already working on that particular problem. It also lets us all work together to find the right approach before you spend a bunch of time on a PR. So again, when in doubt, open an issue.
|
45
42
|
|
46
43
|
## Developer Certificate of Origin
|
47
44
|
|
48
|
-
logstash-output-opensearch is an open source product released under the Apache 2.0 license (see either [the Apache site](https://www.apache.org/licenses/LICENSE-2.0) or the [LICENSE
|
45
|
+
logstash-output-opensearch is an open source product released under the Apache 2.0 license (see either [the Apache site](https://www.apache.org/licenses/LICENSE-2.0) or the [LICENSE file](./LICENSE)). The Apache 2.0 license allows you to freely use, modify, distribute, and sell your own products that include Apache 2.0 licensed software.
|
49
46
|
|
50
47
|
We respect intellectual property rights of others and we want to make sure all incoming contributions are correctly attributed and licensed. A Developer Certificate of Origin (DCO) is a lightweight mechanism to do that.
|
51
48
|
|
@@ -88,6 +85,31 @@ Signed-off-by: Jane Smith <jane.smith@email.com>
|
|
88
85
|
```
|
89
86
|
You may type this line on your own when writing your commit messages. However, if your user.name and user.email are set in your git configs, you can use `-s` or `– – signoff` to add the `Signed-off-by` line to the end of the commit message.
|
90
87
|
|
88
|
+
## License Headers
|
89
|
+
|
90
|
+
New files in your code contributions should contain the following license header. If you are modifying existing files with license headers, or including new files that already have license headers, do not remove or modify them without guidance.
|
91
|
+
|
92
|
+
### Java
|
93
|
+
|
94
|
+
```
|
95
|
+
/*
|
96
|
+
* Copyright OpenSearch Contributors
|
97
|
+
* SPDX-License-Identifier: Apache-2.0
|
98
|
+
*/
|
99
|
+
```
|
100
|
+
|
101
|
+
### Python
|
102
|
+
```
|
103
|
+
# Copyright OpenSearch Contributors
|
104
|
+
# SPDX-License-Identifier: Apache-2.0
|
105
|
+
```
|
106
|
+
|
107
|
+
### Shell
|
108
|
+
```
|
109
|
+
# Copyright OpenSearch Contributors
|
110
|
+
# SPDX-License-Identifier: Apache-2.0
|
111
|
+
```
|
112
|
+
|
91
113
|
## Review Process
|
92
114
|
|
93
115
|
We deeply appreciate everyone who takes the time to make a contribution. We will review all contributions as quickly as possible. As a reminder, [opening an issue](https://github.com/opensearch-project/logstash-output-opensearch/issues/new/choose) discussing your change before you make it is the best way to smooth the PR process. This will prevent a rejection because someone else is already working on the problem, or because the solution is incompatible with the architectural direction.
|
data/DEVELOPER_GUIDE.md
CHANGED
@@ -8,6 +8,7 @@
|
|
8
8
|
- [Run plugin](#run-plugin-in-logstash)
|
9
9
|
- [Configuration for Logstash Output OpenSearch Plugin](#configuration-for-logstash-output-opensearch-plugin)
|
10
10
|
- [Submitting Changes](#submitting-changes)
|
11
|
+
- [Backports](#backports)
|
11
12
|
|
12
13
|
# Developer Guide
|
13
14
|
|
@@ -59,7 +60,7 @@ Perform the following from your project root directory eg: `~/workspace/logstash
|
|
59
60
|
|
60
61
|
```bash
|
61
62
|
# Set up Environment variable for docker to pull your test environment
|
62
|
-
export LOGSTASH_VERSION=7.13.2 # will use
|
63
|
+
export LOGSTASH_VERSION=7.13.2 # will use 7.13.2 version if not specified.
|
63
64
|
|
64
65
|
# Set up docker ( this will build, install into Logstash )
|
65
66
|
scripts/unit-test/docker-setup.sh
|
@@ -73,8 +74,8 @@ scripts/unit-test/docker-run.sh
|
|
73
74
|
|
74
75
|
```bash
|
75
76
|
# Set up Environment variable for Docker to pull your test environment
|
76
|
-
export LOGSTASH_VERSION=7.13.2 # will use
|
77
|
-
export OPENSEARCH_VERSION=1.0.0
|
77
|
+
export LOGSTASH_VERSION=7.13.2 # will use 7.13.2 version if not specified.
|
78
|
+
export OPENSEARCH_VERSION=1.0.0 # will use latest if not specified.
|
78
79
|
|
79
80
|
# Set up docker ( this will build, install into Logstash )
|
80
81
|
scripts/opensearch/docker-setup.sh
|
@@ -87,8 +88,8 @@ scripts/opensearch/docker-run.sh
|
|
87
88
|
|
88
89
|
```bash
|
89
90
|
# Set up Environment variable for Docker to pull your test environment
|
90
|
-
export LOGSTASH_VERSION=7.13.2 # will use
|
91
|
-
export OPENSEARCH_VERSION=1.0.0
|
91
|
+
export LOGSTASH_VERSION=7.13.2 # will use 7.13.2 version if not specified.
|
92
|
+
export OPENSEARCH_VERSION=1.0.0 # will use latest if not specified.
|
92
93
|
export SECURE_INTEGRATION=true # to run against cluster with security plugin
|
93
94
|
# Set up docker ( this will build, install into Logstash )
|
94
95
|
scripts/opensearch/docker-setup.sh
|
@@ -101,7 +102,7 @@ scripts/opensearch/docker-run.sh
|
|
101
102
|
|
102
103
|
```bash
|
103
104
|
# Set up Environment variable for docker to pull your test environment
|
104
|
-
export LOGSTASH_VERSION=7.13.2 # will use
|
105
|
+
export LOGSTASH_VERSION=7.13.2 # will use 7.13.2 version if not specified.
|
105
106
|
export OPENDISTRO_VERSION=1.13.2 # will use latest if not specified.
|
106
107
|
|
107
108
|
# Set up docker ( this will build, install into Logstash )
|
@@ -188,7 +189,7 @@ To run the Logstash Output Opensearch plugin, add following configuration in you
|
|
188
189
|
```
|
189
190
|
output {
|
190
191
|
opensearch {
|
191
|
-
hosts => "
|
192
|
+
hosts => ["hostname:port"]
|
192
193
|
user => "admin"
|
193
194
|
password => "admin"
|
194
195
|
index => "logstash-logs-%{+YYYY.MM.dd}"
|
@@ -206,3 +207,11 @@ Authorization to a secure OpenSearch cluster requires read permission at [index
|
|
206
207
|
## Submitting Changes
|
207
208
|
|
208
209
|
See [CONTRIBUTING](CONTRIBUTING.md).
|
210
|
+
|
211
|
+
## Backports
|
212
|
+
|
213
|
+
The Github workflow in [`backport.yml`](.github/workflows/backport.yml) creates backport PRs automatically when the
|
214
|
+
original PR with an appropriate label `backport <backport-branch-name>` is merged to main with the backport workflow
|
215
|
+
run successfully on the PR. For example, if a PR on main needs to be backported to `1.x` branch, add a label
|
216
|
+
`backport 1.x` to the PR and make sure the backport workflow runs on the PR along with other checks. Once this PR is
|
217
|
+
merged to main, the workflow will create a backport PR to the `1.x` branch.
|
data/Gemfile
CHANGED
@@ -17,4 +17,4 @@ use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "
|
|
17
17
|
if Dir.exist?(logstash_path) && use_logstash_source
|
18
18
|
gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
|
19
19
|
gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
|
20
|
-
end
|
20
|
+
end
|
data/MAINTAINERS.md
CHANGED
@@ -22,6 +22,9 @@ This document explains who the maintainers are (see below), what they do in this
|
|
22
22
|
| Jack Mazanec | [jmazanec15](https://github.com/jmazanec15) | Amazon |
|
23
23
|
| Vamshi Vijay Nakkirtha | [vamshin](https://github.com/vamshin) | Amazon |
|
24
24
|
| Vijayan Balasubramanian | [VijayanB](https://github.com/VijayanB) | Amazon |
|
25
|
+
| Deep Datta | [deepdatta](https://github.com/deepdatta) | Amazon |
|
26
|
+
| David Venable | [dlvenable](https://github.com/dlvenable) | Amazon |
|
27
|
+
| Shivani Shukla | [sshivanii](https://github.com/sshivanii) | Amazon |
|
25
28
|
|
26
29
|
## Maintainer Responsibilities
|
27
30
|
|
data/NOTICE
CHANGED
@@ -1,2 +1,9 @@
|
|
1
|
-
|
2
|
-
Copyright
|
1
|
+
OpenSearch (https://opensearch.org/)
|
2
|
+
Copyright OpenSearch Contributors
|
3
|
+
|
4
|
+
This product includes software developed by
|
5
|
+
Elasticsearch (http://www.elastic.co).
|
6
|
+
Copyright 2012-2015 Elasticsearch
|
7
|
+
|
8
|
+
This product includes software developed by The Apache Software
|
9
|
+
Foundation (http://www.apache.org/).
|
data/README.md
CHANGED
@@ -1,21 +1,25 @@
|
|
1
1
|
[![Build and Test logstash-output-opensearch plugin](https://github.com/opensearch-project/logstash-output-opensearch/actions/workflows/CI.yml/badge.svg)](https://github.com/opensearch-project/logstash-output-opensearch/actions/workflows/CI.yml)
|
2
2
|
![PRs welcome!](https://img.shields.io/badge/PRs-welcome!-success)
|
3
|
-
# Logstash
|
3
|
+
# Logstash Output OpenSearch
|
4
4
|
|
5
5
|
- [Welcome!](#welcome)
|
6
6
|
- [Project Resources](#project-resources)
|
7
|
+
- [Configuration for Logstash Output Opensearch Plugin](#configuration-for-logstash-output-opensearch-plugin)
|
7
8
|
- [Code of Conduct](#code-of-conduct)
|
8
9
|
- [License](#license)
|
9
10
|
- [Copyright](#copyright)
|
10
11
|
|
11
12
|
## Welcome!
|
12
13
|
|
13
|
-
**logstash-output-opensearch** is a community-driven, open source fork logstash-output-elasticsearch licensed under the [Apache v2.0 License](LICENSE
|
14
|
+
**logstash-output-opensearch** is a community-driven, open source fork logstash-output-elasticsearch licensed under the [Apache v2.0 License](LICENSE). For more information, see [opensearch.org](https://opensearch.org/).
|
15
|
+
|
16
|
+
The logstash-output-opensearch plugin helps to ship events from Logstash to OpenSearch cluster.
|
14
17
|
|
15
18
|
## Project Resources
|
16
19
|
|
17
20
|
* [Project Website](https://opensearch.org/)
|
18
|
-
* [Documentation](https://opensearch.org/)
|
21
|
+
* [Documentation](https://opensearch.org/docs/clients/logstash/index/)
|
22
|
+
* [Developer Guide](DEVELOPER_GUIDE.md)
|
19
23
|
* Need help? Try [Forums](https://discuss.opendistrocommunity.dev/)
|
20
24
|
* [Project Principles](https://opensearch.org/#principles)
|
21
25
|
* [Contributing to OpenSearch](CONTRIBUTING.md)
|
@@ -24,14 +28,80 @@
|
|
24
28
|
* [Admin Responsibilities](ADMINS.md)
|
25
29
|
* [Security](SECURITY.md)
|
26
30
|
|
31
|
+
## Configuration for Logstash Output Opensearch Plugin
|
32
|
+
|
33
|
+
To run the Logstash Output Opensearch plugin, add following configuration in your logstash.conf file.
|
34
|
+
```
|
35
|
+
output {
|
36
|
+
opensearch {
|
37
|
+
hosts => ["hostname:port"]
|
38
|
+
user => "admin"
|
39
|
+
password => "admin"
|
40
|
+
index => "logstash-logs-%{+YYYY.MM.dd}"
|
41
|
+
}
|
42
|
+
}
|
43
|
+
```
|
44
|
+
|
45
|
+
To run the Logstash Output Opensearch plugin using aws_iam authentication, refer to the sample configuration shown below:
|
46
|
+
```
|
47
|
+
output {
|
48
|
+
opensearch {
|
49
|
+
hosts => ["hostname:port"]
|
50
|
+
auth_type => {
|
51
|
+
type => 'aws_iam'
|
52
|
+
aws_access_key_id => 'ACCESS_KEY'
|
53
|
+
aws_secret_access_key => 'SECRET_KEY'
|
54
|
+
region => 'us-west-2'
|
55
|
+
}
|
56
|
+
index => "logstash-logs-%{+YYYY.MM.dd}"
|
57
|
+
}
|
58
|
+
}
|
59
|
+
```
|
60
|
+
|
61
|
+
In addition to the existing authentication mechanisms, if we want to add new authentication then we will be adding them in the configuration by using auth_type.
|
62
|
+
|
63
|
+
Example Configuration for basic authentication:
|
64
|
+
```
|
65
|
+
output {
|
66
|
+
opensearch {
|
67
|
+
hosts => ["hostname:port"]
|
68
|
+
auth_type => {
|
69
|
+
type => 'basic'
|
70
|
+
user => 'admin'
|
71
|
+
password => 'admin'
|
72
|
+
}
|
73
|
+
index => "logstash-logs-%{+YYYY.MM.dd}"
|
74
|
+
}
|
75
|
+
}
|
76
|
+
```
|
77
|
+
|
78
|
+
To ingest data into a `data stream` through logstash, we need to create the data stream and specify the name of data stream and the `op_type` of `create` in the output configuration. The sample configuration is shown below:
|
79
|
+
|
80
|
+
```yml
|
81
|
+
output {
|
82
|
+
opensearch {
|
83
|
+
hosts => ["https://hostname:port"]
|
84
|
+
auth_type => {
|
85
|
+
type => 'basic'
|
86
|
+
user => 'admin'
|
87
|
+
password => 'admin'
|
88
|
+
}
|
89
|
+
index => "my-data-stream"
|
90
|
+
action => "create"
|
91
|
+
}
|
92
|
+
}
|
93
|
+
```
|
94
|
+
|
95
|
+
For more details refer to this [documentation](https://opensearch.org/docs/latest/clients/logstash/ship-to-opensearch/#opensearch-output-plugin)
|
96
|
+
|
27
97
|
## Code of Conduct
|
28
98
|
|
29
99
|
This project has adopted the [Amazon Open Source Code of Conduct](CODE_OF_CONDUCT.md). For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq), or contact [opensource-codeofconduct@amazon.com](mailto:opensource-codeofconduct@amazon.com) with any additional questions or comments.
|
30
100
|
|
31
101
|
## License
|
32
102
|
|
33
|
-
This project is licensed under the [Apache v2.0 License](LICENSE
|
103
|
+
This project is licensed under the [Apache v2.0 License](LICENSE).
|
34
104
|
|
35
105
|
## Copyright
|
36
106
|
|
37
|
-
Copyright
|
107
|
+
Copyright OpenSearch Contributors. See [NOTICE](NOTICE) for details.
|
@@ -7,12 +7,31 @@
|
|
7
7
|
# Modifications Copyright OpenSearch Contributors. See
|
8
8
|
# GitHub history for details.
|
9
9
|
|
10
|
-
require '
|
10
|
+
require 'aws-sdk-core'
|
11
11
|
require 'cgi'
|
12
|
+
require 'manticore'
|
13
|
+
require 'uri'
|
12
14
|
|
13
15
|
module LogStash; module Outputs; class OpenSearch; class HttpClient;
|
14
|
-
|
15
|
-
|
16
|
+
AWS_DEFAULT_PORT = 443
|
17
|
+
AWS_DEFAULT_PROFILE = 'default'
|
18
|
+
AWS_DEFAULT_PROFILE_CREDENTIAL_RETRY = 0
|
19
|
+
AWS_DEFAULT_PROFILE_CREDENTIAL_TIMEOUT = 1
|
20
|
+
AWS_DEFAULT_REGION = 'us-east-1'
|
21
|
+
AWS_IAM_AUTH_TYPE = "aws_iam"
|
22
|
+
AWS_SERVICE = 'es'
|
23
|
+
BASIC_AUTH_TYPE = 'basic'
|
24
|
+
DEFAULT_HEADERS = { "content-type" => "application/json" }
|
25
|
+
|
26
|
+
AWSIAMCredential = Struct.new(
|
27
|
+
:access_key_id,
|
28
|
+
:secret_access_key,
|
29
|
+
:session_token,
|
30
|
+
:profile,
|
31
|
+
:instance_profile_credentials_retries,
|
32
|
+
:instance_profile_credentials_timeout,
|
33
|
+
:region)
|
34
|
+
|
16
35
|
class ManticoreAdapter
|
17
36
|
attr_reader :manticore, :logger
|
18
37
|
|
@@ -27,13 +46,65 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
|
|
27
46
|
options[:cookies] = false
|
28
47
|
|
29
48
|
@client_params = {:headers => DEFAULT_HEADERS.merge(options[:headers] || {})}
|
30
|
-
|
49
|
+
@type = get_auth_type(options) || nil
|
50
|
+
|
51
|
+
if @type == AWS_IAM_AUTH_TYPE
|
52
|
+
aws_iam_auth_initialization(options)
|
53
|
+
elsif @type == BASIC_AUTH_TYPE
|
54
|
+
basic_auth_initialization(options)
|
55
|
+
end
|
56
|
+
|
31
57
|
if options[:proxy]
|
32
58
|
options[:proxy] = manticore_proxy_hash(options[:proxy])
|
33
59
|
end
|
34
60
|
|
35
61
|
@manticore = ::Manticore::Client.new(options)
|
36
62
|
end
|
63
|
+
|
64
|
+
def get_auth_type(options)
|
65
|
+
if options[:auth_type] != nil
|
66
|
+
options[:auth_type]["type"]
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
def aws_iam_auth_initialization(options)
|
71
|
+
aws_access_key_id = options[:auth_type]["aws_access_key_id"] || nil
|
72
|
+
aws_secret_access_key = options[:auth_type]["aws_secret_access_key"] || nil
|
73
|
+
session_token = options[:auth_type]["session_token"] || nil
|
74
|
+
profile = options[:auth_type]["profile"] || AWS_DEFAULT_PROFILE
|
75
|
+
instance_cred_retries = options[:auth_type]["instance_profile_credentials_retries"] || AWS_DEFAULT_PROFILE_CREDENTIAL_RETRY
|
76
|
+
instance_cred_timeout = options[:auth_type]["instance_profile_credentials_timeout"] || AWS_DEFAULT_PROFILE_CREDENTIAL_TIMEOUT
|
77
|
+
region = options[:auth_type]["region"] || AWS_DEFAULT_REGION
|
78
|
+
set_aws_region(region)
|
79
|
+
|
80
|
+
credential_config = AWSIAMCredential.new(aws_access_key_id, aws_secret_access_key, session_token, profile, instance_cred_retries, instance_cred_timeout, region)
|
81
|
+
@credentials = Aws::CredentialProviderChain.new(credential_config).resolve
|
82
|
+
end
|
83
|
+
|
84
|
+
def basic_auth_initialization(options)
|
85
|
+
set_user_password(options)
|
86
|
+
end
|
87
|
+
|
88
|
+
def set_aws_region(region)
|
89
|
+
@region = region
|
90
|
+
end
|
91
|
+
|
92
|
+
def get_aws_region()
|
93
|
+
@region
|
94
|
+
end
|
95
|
+
|
96
|
+
def set_user_password(options)
|
97
|
+
@user = options[:auth_type]["user"]
|
98
|
+
@password = options[:auth_type]["password"]
|
99
|
+
end
|
100
|
+
|
101
|
+
def get_user()
|
102
|
+
@user
|
103
|
+
end
|
104
|
+
|
105
|
+
def get_password()
|
106
|
+
@password
|
107
|
+
end
|
37
108
|
|
38
109
|
# Transform the proxy option to a hash. Manticore's support for non-hash
|
39
110
|
# proxy options is broken. This was fixed in https://github.com/cheald/manticore/commit/34a00cee57a56148629ed0a47c329181e7319af5
|
@@ -61,6 +132,8 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
|
|
61
132
|
params = (params || {}).merge(@client_params) { |key, oldval, newval|
|
62
133
|
(oldval.is_a?(Hash) && newval.is_a?(Hash)) ? oldval.merge(newval) : newval
|
63
134
|
}
|
135
|
+
|
136
|
+
params[:headers] = params[:headers].clone
|
64
137
|
params[:body] = body if body
|
65
138
|
|
66
139
|
if url.user
|
@@ -71,9 +144,16 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
|
|
71
144
|
:password => CGI.unescape(url.password),
|
72
145
|
:eager => true
|
73
146
|
}
|
147
|
+
elsif @type == BASIC_AUTH_TYPE
|
148
|
+
add_basic_auth_to_params(params)
|
74
149
|
end
|
75
150
|
|
76
151
|
request_uri = format_url(url, path)
|
152
|
+
|
153
|
+
if @type == AWS_IAM_AUTH_TYPE
|
154
|
+
sign_aws_request(request_uri, path, method, params)
|
155
|
+
end
|
156
|
+
|
77
157
|
request_uri_as_string = remove_double_escaping(request_uri.to_s)
|
78
158
|
resp = @manticore.send(method.downcase, request_uri_as_string, params)
|
79
159
|
|
@@ -92,6 +172,23 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
|
|
92
172
|
resp
|
93
173
|
end
|
94
174
|
|
175
|
+
def sign_aws_request(request_uri, path, method, params)
|
176
|
+
url = URI::HTTPS.build({:host=>URI(request_uri.to_s).host, :port=>AWS_DEFAULT_PORT.to_s, :path=>path})
|
177
|
+
key = Seahorse::Client::Http::Request.new(options={:endpoint=>url, :http_method => method.to_s.upcase,
|
178
|
+
:headers => params[:headers],:body => params[:body]})
|
179
|
+
aws_signer = Aws::Signers::V4.new(@credentials, AWS_SERVICE, get_aws_region )
|
180
|
+
signed_key = aws_signer.sign(key)
|
181
|
+
params[:headers] = params[:headers].merge(signed_key.headers)
|
182
|
+
end
|
183
|
+
|
184
|
+
def add_basic_auth_to_params(params)
|
185
|
+
params[:auth] = {
|
186
|
+
:user => get_user(),
|
187
|
+
:password => get_password(),
|
188
|
+
:eager => true
|
189
|
+
}
|
190
|
+
end
|
191
|
+
|
95
192
|
# Returned urls from this method should be checked for double escaping.
|
96
193
|
def format_url(url, path_and_query=nil)
|
97
194
|
request_uri = url.clone
|
@@ -8,7 +8,6 @@
|
|
8
8
|
# GitHub history for details.
|
9
9
|
|
10
10
|
require "concurrent/atomic/atomic_reference"
|
11
|
-
require "logstash/plugin_mixins/opensearch/noop_distribution_checker"
|
12
11
|
|
13
12
|
module LogStash; module Outputs; class OpenSearch; class HttpClient;
|
14
13
|
class Pool
|
@@ -41,7 +40,6 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
|
|
41
40
|
end
|
42
41
|
|
43
42
|
attr_reader :logger, :adapter, :sniffing, :sniffer_delay, :resurrect_delay, :healthcheck_path, :sniffing_path, :bulk_path
|
44
|
-
attr_reader :distribution_checker
|
45
43
|
|
46
44
|
ROOT_URI_PATH = '/'.freeze
|
47
45
|
|
@@ -80,7 +78,6 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
|
|
80
78
|
@stopping = false
|
81
79
|
|
82
80
|
@last_version = Concurrent::AtomicReference.new
|
83
|
-
@distribution_checker = options[:distribution_checker] || LogStash::PluginMixins::OpenSearch::NoopDistributionChecker::INSTANCE
|
84
81
|
end
|
85
82
|
|
86
83
|
def start
|
@@ -239,8 +236,7 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
|
|
239
236
|
@state_mutex.synchronize do
|
240
237
|
meta[:version] = version
|
241
238
|
set_last_version(version, url)
|
242
|
-
|
243
|
-
meta[:state] = alive ? :alive : :dead
|
239
|
+
meta[:state] = :alive
|
244
240
|
end
|
245
241
|
rescue HostUnreachableError, BadResponseCodeError => e
|
246
242
|
logger.warn("Attempted to resurrect connection to dead OpenSearch instance, but got an error", url: url.sanitized.to_s, exception: e.class, message: e.message)
|
@@ -415,18 +411,9 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
|
|
415
411
|
end
|
416
412
|
end
|
417
413
|
|
418
|
-
def get_version_map(url)
|
419
|
-
request = perform_request_to_url(url, :get, ROOT_URI_PATH)
|
420
|
-
LogStash::Json.load(request.body)['version']
|
421
|
-
end
|
422
|
-
|
423
414
|
def get_version(url)
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
def get_distribution(url)
|
428
|
-
version_map = get_version_map(url)
|
429
|
-
version_map.has_key?('distribution') ? version_map['distribution'] : version_map['build_flavor'] # e.g. "opensearch or oss"
|
415
|
+
request = perform_request_to_url(url, :get, ROOT_URI_PATH)
|
416
|
+
LogStash::Json.load(request.body)["version"]["number"] # e.g. "7.10.0"
|
430
417
|
end
|
431
418
|
|
432
419
|
def last_version
|
@@ -15,23 +15,9 @@ require 'zlib'
|
|
15
15
|
require 'stringio'
|
16
16
|
|
17
17
|
module LogStash; module Outputs; class OpenSearch;
|
18
|
-
# This is a constant instead of a config option because
|
19
|
-
# there really isn't a good reason to configure it.
|
20
|
-
#
|
21
|
-
# The criteria used are:
|
22
|
-
# 1. We need a number that's less than 100MiB because OpenSearch
|
23
|
-
# won't accept bulks larger than that.
|
24
|
-
# 2. It must be large enough to amortize the connection constant
|
25
|
-
# across multiple requests.
|
26
|
-
# 3. It must be small enough that even if multiple threads hit this size
|
27
|
-
# we won't use a lot of heap.
|
28
|
-
#
|
29
|
-
# We wound up agreeing that a number greater than 10 MiB and less than 100MiB
|
30
|
-
# made sense. We picked one on the lowish side to not use too much heap.
|
31
|
-
TARGET_BULK_BYTES = 20 * 1024 * 1024 # 20MiB
|
32
|
-
|
33
18
|
class HttpClient
|
34
|
-
attr_reader :client, :options, :logger, :pool, :action_count, :recv_count
|
19
|
+
attr_reader :client, :options, :logger, :pool, :action_count, :recv_count, :target_bulk_bytes
|
20
|
+
|
35
21
|
# This is here in case we use DEFAULT_OPTIONS in the future
|
36
22
|
# DEFAULT_OPTIONS = {
|
37
23
|
# :setting => value
|
@@ -41,13 +27,14 @@ module LogStash; module Outputs; class OpenSearch;
|
|
41
27
|
# The `options` is a hash where the following symbol keys have meaning:
|
42
28
|
#
|
43
29
|
# * `:hosts` - array of String. Set a list of hosts to use for communication.
|
44
|
-
# * `:port` - number. set the port to use to communicate with OpenSearch
|
45
30
|
# * `:user` - String. The user to use for authentication.
|
46
31
|
# * `:password` - String. The password to use for authentication.
|
47
32
|
# * `:timeout` - Float. A duration value, in seconds, after which a socket
|
48
33
|
# operation or request will be aborted if not yet successfull
|
34
|
+
# * `:auth_type` - hash of String. It contains the type of authentication
|
35
|
+
# and it's respective credentials
|
49
36
|
# * `:client_settings` - a hash; see below for keys.
|
50
|
-
|
37
|
+
|
51
38
|
# The `client_settings` key is a has that can contain other settings:
|
52
39
|
#
|
53
40
|
# * `:ssl` - Boolean. Enable or disable SSL/TLS.
|
@@ -72,6 +59,8 @@ module LogStash; module Outputs; class OpenSearch;
|
|
72
59
|
# mutex to prevent requests and sniffing to access the
|
73
60
|
# connection pool at the same time
|
74
61
|
@bulk_path = @options[:bulk_path]
|
62
|
+
|
63
|
+
@target_bulk_bytes = @options[:target_bulk_bytes]
|
75
64
|
end
|
76
65
|
|
77
66
|
def build_url_template
|
@@ -104,7 +93,6 @@ module LogStash; module Outputs; class OpenSearch;
|
|
104
93
|
def bulk(actions)
|
105
94
|
@action_count ||= 0
|
106
95
|
@action_count += actions.size
|
107
|
-
|
108
96
|
return if actions.empty?
|
109
97
|
|
110
98
|
bulk_actions = actions.collect do |action, args, source|
|
@@ -131,7 +119,7 @@ module LogStash; module Outputs; class OpenSearch;
|
|
131
119
|
action.map {|line| LogStash::Json.dump(line)}.join("\n") :
|
132
120
|
LogStash::Json.dump(action)
|
133
121
|
as_json << "\n"
|
134
|
-
if (stream_writer.pos + as_json.bytesize) >
|
122
|
+
if (stream_writer.pos + as_json.bytesize) > @target_bulk_bytes && stream_writer.pos > 0
|
135
123
|
stream_writer.flush # ensure writer has sync'd buffers before reporting sizes
|
136
124
|
logger.debug("Sending partial bulk request for batch with one or more actions remaining.",
|
137
125
|
:action_count => batch_actions.size,
|
@@ -324,6 +312,8 @@ module LogStash; module Outputs; class OpenSearch;
|
|
324
312
|
|
325
313
|
adapter_options[:headers] = client_settings[:headers] if client_settings[:headers]
|
326
314
|
|
315
|
+
adapter_options[:auth_type] = options[:auth_type]
|
316
|
+
|
327
317
|
adapter_class = ::LogStash::Outputs::OpenSearch::HttpClient::ManticoreAdapter
|
328
318
|
adapter = adapter_class.new(@logger, adapter_options)
|
329
319
|
end
|
@@ -332,7 +322,6 @@ module LogStash; module Outputs; class OpenSearch;
|
|
332
322
|
adapter = build_adapter(options)
|
333
323
|
|
334
324
|
pool_options = {
|
335
|
-
:distribution_checker => options[:distribution_checker],
|
336
325
|
:sniffing => sniffing,
|
337
326
|
:sniffer_delay => options[:sniffer_delay],
|
338
327
|
:sniffing_path => options[:sniffing_path],
|
@@ -394,14 +383,14 @@ module LogStash; module Outputs; class OpenSearch;
|
|
394
383
|
end
|
395
384
|
|
396
385
|
def template_put(name, template)
|
397
|
-
path = "
|
386
|
+
path = "/#{template_endpoint}/#{name}"
|
398
387
|
logger.info("Installing OpenSearch template", name: name)
|
399
388
|
@pool.put(path, nil, LogStash::Json.dump(template))
|
400
389
|
end
|
401
390
|
|
402
391
|
def template_endpoint
|
403
392
|
# TODO: Check Version < 7.8 and use index template for >= 7.8 & OpenSearch
|
404
|
-
# https://
|
393
|
+
# https://opensearch.org/docs/opensearch/index-templates/
|
405
394
|
'_template'
|
406
395
|
end
|
407
396
|
|
@@ -24,7 +24,6 @@ module LogStash; module Outputs; class OpenSearch;
|
|
24
24
|
client_settings[:proxy] = params["proxy"] if params["proxy"]
|
25
25
|
|
26
26
|
common_options = {
|
27
|
-
:distribution_checker => params["distribution_checker"],
|
28
27
|
:client_settings => client_settings,
|
29
28
|
:metric => params["metric"],
|
30
29
|
:resurrect_delay => params["resurrect_delay"]
|
@@ -36,6 +35,7 @@ module LogStash; module Outputs; class OpenSearch;
|
|
36
35
|
end
|
37
36
|
|
38
37
|
common_options[:timeout] = params["timeout"] if params["timeout"]
|
38
|
+
common_options[:target_bulk_bytes] = params["target_bulk_bytes"]
|
39
39
|
|
40
40
|
if params["path"]
|
41
41
|
client_settings[:path] = dedup_slashes("/#{params["path"]}/")
|
@@ -107,7 +107,10 @@ module LogStash; module Outputs; class OpenSearch;
|
|
107
107
|
}
|
108
108
|
common_options.merge! update_options if params["action"] == 'update'
|
109
109
|
|
110
|
-
create_http_client(common_options.merge(:hosts => hosts,
|
110
|
+
create_http_client(common_options.merge(:hosts => hosts,
|
111
|
+
:logger => logger,
|
112
|
+
:auth_type => params["auth_type"]
|
113
|
+
))
|
111
114
|
end
|
112
115
|
|
113
116
|
def self.create_http_client(options)
|