logstash-output-opensearch 1.0.0-java

data/spec/integration/outputs/retry_spec.rb

@@ -0,0 +1,182 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+#  The OpenSearch Contributors require contributions made to
+#  this file be licensed under the Apache-2.0 license or a
+#  compatible open source license.
+#
+#  Modifications Copyright OpenSearch Contributors. See
+#  GitHub history for details.
+
+require "logstash/outputs/opensearch"
+require_relative "../../../spec/opensearch_spec_helper"
+
+describe "failures in bulk class expected behavior", :integration => true do
+  let(:template) { '{"template" : "not important, will be updated by :index"}' }
+  let(:event1) { LogStash::Event.new("somevalue" => 100, "@timestamp" => "2014-11-17T20:37:17.223Z", "@metadata" => {"retry_count" => 0}) }
+  let(:action1) do
+    ["index", {:_id=>nil, routing_field_name =>nil, :_index=>"logstash-2014.11.17" }, event1.to_hash]
+  end
+  let(:event2) { LogStash::Event.new("geoip" => { "location" => [ 0.0, 0.0] }, "@timestamp" => "2014-11-17T20:37:17.223Z", "@metadata" => {"retry_count" => 0}) }
+  let(:action2) do
+    ["index", {:_id=>nil, routing_field_name =>nil, :_index=>"logstash-2014.11.17" }, event2.to_hash]
+  end
+  let(:invalid_event) { LogStash::Event.new("geoip" => { "location" => "notlatlon" }, "@timestamp" => "2014-11-17T20:37:17.223Z") }
+
+  def mock_actions_with_response(*resp)
+    raise ArgumentError, "Cannot mock actions until subject is registered and has a client!" unless subject.client
+
+    expanded_responses = resp.map do |resp|
+      items = resp["statuses"] && resp["statuses"].map do |status|
+        {"create" => {"status" => status, "error" => "Error for #{status}"}}
+      end
+
+      {
+        "errors" => resp["errors"],
+        "items" => items
+      }
+    end
+
+    allow(subject.client).to receive(:bulk).and_return(*expanded_responses)
+  end
+
+  subject! do
+    settings = {
+      "manage_template" => true,
+      "index" => "logstash-2014.11.17",
+      "template_overwrite" => true,
+      "hosts" => get_host_port(),
+      "retry_max_interval" => 64,
+      "retry_initial_interval" => 2
+    }
+    next LogStash::Outputs::OpenSearch.new(settings)
+  end
+
+  before :each do
+    # Delete all templates first.
+    require "elasticsearch"
+    allow(Stud).to receive(:stoppable_sleep)
+
+    # Clean OpenSearch of data before we start.
+    @client = get_client
+    @client.indices.delete_template(:name => "*")
+    @client.indices.delete(:index => "*")
+    @client.indices.refresh
+  end
+
+  after :each do
+    subject.close
+  end
+
+  it "should retry exactly once if all bulk actions are successful" do
+    expect(subject).to receive(:submit).with([action1, action2]).once.and_call_original
+    subject.register
+    mock_actions_with_response({"errors" => false})
+    subject.multi_receive([event1, event2])
+  end
+
+  it "retry exceptions within the submit body" do
+    call_count = 0
+    subject.register
+
+    expect(subject.client).to receive(:bulk).with(anything).exactly(3).times do
+      if (call_count += 1) <= 2
+        raise "error first two times"
+      else
+        {"errors" => false}
+      end
+    end
+
+    subject.multi_receive([event1])
+  end
+
+  it "should retry actions with response status of 503" do    expect(subject).to receive(:submit).with([action1, action1, action1, action2]).ordered.once.and_call_original
+    expect(subject).to receive(:submit).with([action1, action2]).ordered.once.and_call_original
+    expect(subject).to receive(:submit).with([action2]).ordered.once.and_call_original
+
+    subject.register
+    mock_actions_with_response({"errors" => true, "statuses" => [200, 200, 503, 503]},
+                               {"errors" => true, "statuses" => [200, 503]},
+                               {"errors" => false})
+
+    subject.multi_receive([event1, event1, event1, event2])
+  end
+
+  retryable_codes = [429, 502, 503]
+
+  retryable_codes.each do |code|
+    it "should retry actions with response status of #{code}" do
+      subject.register
+
+      mock_actions_with_response({"errors" => true, "statuses" => [code]},
+                                 {"errors" => false})
+      expect(subject).to receive(:submit).with([action1]).twice.and_call_original
+
+      subject.multi_receive([event1])
+    end
+  end
+
+  it "should retry an event infinitely until a non retryable status occurs" do
+    expect(subject).to receive(:submit).with([action1]).exactly(6).times.and_call_original
+    subject.register
+
+    mock_actions_with_response({"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [400]})
+
+    subject.multi_receive([event1])
+  end
+
+  it "should sleep for an exponentially increasing amount of time on each retry, capped by the max" do
+    [2, 4, 8, 16, 32, 64, 64].each_with_index do |interval,i|
+      expect(Stud).to receive(:stoppable_sleep).with(interval).ordered
+    end
+
+    subject.register
+
+    mock_actions_with_response({"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [429]},
+                               {"errors" => true, "statuses" => [400]})
+
+    subject.multi_receive([event1])
+  end
+
+  it "non-retryable errors like mapping errors (400) should be dropped and not be retried (unfortunately)" do
+    subject.register
+    expect(subject).to receive(:submit).once.and_call_original
+    subject.multi_receive([invalid_event])
+    subject.close
+
+    @client.indices.refresh
+    r = @client.search(index: 'logstash-*')
+    expect(r).to have_hits(0)
+  end
+
+  it "successful requests should not be appended to retry queue" do
+    expect(subject).to receive(:submit).once.and_call_original
+
+    subject.register
+    subject.multi_receive([event1])
+    subject.close
+    @client.indices.refresh
+    r = @client.search(index: 'logstash-*')
+    expect(r).to have_hits(1)
+  end
+
+  it "should only index proper events" do
+    subject.register
+    subject.multi_receive([invalid_event, event1])
+    subject.close
+
+    @client.indices.refresh
+    r = @client.search(index: 'logstash-*')
+    expect(r).to have_hits(1)
+  end
+end

data/spec/integration/outputs/routing_spec.rb

@@ -0,0 +1,70 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+#  The OpenSearch Contributors require contributions made to
+#  this file be licensed under the Apache-2.0 license or a
+#  compatible open source license.
+#
+#  Modifications Copyright OpenSearch Contributors. See
+#  GitHub history for details.
+
+require_relative "../../../spec/opensearch_spec_helper"
+
+shared_examples "a routing indexer" do
+    let(:index) { 10.times.collect { rand(10).to_s }.join("") }
+    let(:type) { 10.times.collect { rand(10).to_s }.join("") }
+    let(:event_count) { 10000 + rand(500) }
+    let(:routing) { "not_implemented" }
+    let(:config) { "not_implemented" }
+    subject { LogStash::Outputs::OpenSearch.new(config) }
+
+    before do
+      subject.register
+      event_count.times do
+        subject.multi_receive([LogStash::Event.new("message" => "test", "type" => type)])
+      end
+    end
+
+
+    it "ships events" do
+      index_url = "http://#{get_host_port()}/#{index}"
+
+      client = Manticore::Client.new
+      client.post("#{index_url}/_refresh").call
+
+      # Wait until all events are available.
+      Stud::try(10.times) do
+        data = ""
+
+        response = client.get("#{index_url}/_count?q=*&routing=#{routing}").call
+        result = LogStash::Json.load(response.body)
+        cur_count = result["count"]
+        expect(cur_count).to eq(event_count)
+      end
+    end
+end
+
+describe "(http protocol) index events with static routing", :integration => true do
+  it_behaves_like 'a routing indexer' do
+    let(:routing) { "test" }
+    let(:config) {
+      {
+        "hosts" => get_host_port,
+        "index" => index,
+        "routing" => routing
+      }
+    }
+  end
+end
+
+describe "(http_protocol) index events with fieldref in routing value", :integration => true do
+  it_behaves_like 'a routing indexer' do
+    let(:routing) { "test" }
+    let(:config) {
+      {
+        "hosts" => get_host_port,
+        "index" => index,
+        "routing" => "%{message}"
+      }
+    }
+  end
+end

data/spec/integration/outputs/sniffer_spec.rb

@@ -0,0 +1,70 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+#  The OpenSearch Contributors require contributions made to
+#  this file be licensed under the Apache-2.0 license or a
+#  compatible open source license.
+#
+#  Modifications Copyright OpenSearch Contributors. See
+#  GitHub history for details.
+
+require_relative "../../../spec/opensearch_spec_helper"
+require "logstash/outputs/opensearch/http_client"
+require "json"
+require "socket"
+
+describe "pool sniffer", :integration => true do
+  let(:logger) { Cabin::Channel.get }
+  let(:adapter) { LogStash::Outputs::OpenSearch::HttpClient::ManticoreAdapter.new(logger) }
+  let(:es_host) { get_host_port.split(":").first }
+  let(:es_port) { get_host_port.split(":").last }
+  let(:es_ip) { IPSocket.getaddress(es_host) }
+  let(:initial_urls) { [::LogStash::Util::SafeURI.new("http://#{get_host_port}")] }
+  let(:options) do
+    {
+      :resurrect_delay => 2, # Shorten the delay a bit to speed up tests
+      :url_normalizer => proc {|u| u},
+      :metric => ::LogStash::Instrument::NullMetric.new(:dummy).namespace(:alsodummy)
+    }
+  end
+
+  subject { LogStash::Outputs::OpenSearch::HttpClient::Pool.new(logger, adapter, initial_urls, options) }
+
+  describe("Simple sniff parsing")  do
+    before(:each) { subject.start }
+
+    context "with single node" do
+      it "should execute a sniff without error" do
+        expect { subject.check_sniff }.not_to raise_error
+      end
+
+      it "should return single sniff URL" do
+        uris = subject.check_sniff
+
+        expect(uris.size).to eq(1)
+      end
+    end
+  end
+
+
+
+  describe("Complex sniff parsing") do
+    before(:each) do
+      response_double = double("_nodes/http", body: File.read("spec/fixtures/_nodes/nodes.json"))
+      allow(subject).to receive(:perform_request).and_return([nil, { version: "any" }, response_double])
+      subject.start
+    end
+
+    context "with mixed master-only, data-only, and data + master nodes" do
+      it "should execute a sniff without error" do
+        expect { subject.check_sniff }.not_to raise_error
+      end
+
+      it "should return the correct sniff URLs" do
+        # ie. with the master-only node, and with the node name correctly set.
+        uris = subject.check_sniff
+
+        expect(uris).to include(::LogStash::Util::SafeURI.new("//dev-masterdata:9201"), ::LogStash::Util::SafeURI.new("//dev-data:9202"))
+      end
+    end
+  end
+end

data/spec/integration/outputs/templates_spec.rb

@@ -0,0 +1,105 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+#  The OpenSearch Contributors require contributions made to
+#  this file be licensed under the Apache-2.0 license or a
+#  compatible open source license.
+#
+#  Modifications Copyright OpenSearch Contributors. See
+#  GitHub history for details.
+
+require_relative "../../../spec/opensearch_spec_helper"
+
+describe "index template expected behavior", :integration => true do
+  subject! do
+    require "logstash/outputs/opensearch"
+    settings = {
+      "manage_template" => true,
+      "template_overwrite" => true,
+      "hosts" => "#{get_host_port()}"
+    }
+    next LogStash::Outputs::OpenSearch.new(settings)
+  end
+
+  before :each do
+    # Delete all templates first.
+    require "elasticsearch"
+
+    # Clean OpenSearch of data before we start.
+    @client = get_client
+    @client.indices.delete_template(:name => "*")
+
+    # This can fail if there are no indexes, ignore failure.
+    @client.indices.delete(:index => "*") rescue nil
+
+    subject.register
+
+    subject.multi_receive([
+      LogStash::Event.new("message" => "sample message here"),
+      LogStash::Event.new("somemessage" => { "message" => "sample nested message here" }),
+      LogStash::Event.new("somevalue" => 100),
+      LogStash::Event.new("somevalue" => 10),
+      LogStash::Event.new("somevalue" => 1),
+      LogStash::Event.new("country" => "us"),
+      LogStash::Event.new("country" => "at"),
+      LogStash::Event.new("geoip" => { "location" => [ 0.0, 0.0 ] })
+    ])
+
+    @client.indices.refresh
+
+    # Wait or fail until everything's indexed.
+    Stud::try(20.times) do
+      r = @client.search(index: 'logstash-*')
+      expect(r).to have_hits(8)
+    end
+  end
+
+  it "permits phrase searching on string fields" do
+    results = @client.search(:q => "message:\"sample message\"")
+    expect(results).to have_hits(1)
+    expect(results["hits"]["hits"][0]["_source"]["message"]).to eq("sample message here")
+  end
+
+  it "numbers dynamically map to a numeric type and permit range queries" do
+    results = @client.search(:q => "somevalue:[5 TO 105]")
+    expect(results).to have_hits(2)
+
+    values = results["hits"]["hits"].collect { |r| r["_source"]["somevalue"] }
+    expect(values).to include(10)
+    expect(values).to include(100)
+    expect(values).to_not include(1)
+  end
+
+  it "does not create .keyword field for top-level message field" do
+    results = @client.search(:q => "message.keyword:\"sample message here\"")
+    expect(results).to have_hits(0)
+  end
+
+  it "creates .keyword field for nested message fields" do
+    results = @client.search(:q => "somemessage.message.keyword:\"sample nested message here\"")
+    expect(results).to have_hits(1)
+  end
+
+  it "creates .keyword field from any string field which is not_analyzed" do
+    results = @client.search(:q => "country.keyword:\"us\"")
+    expect(results).to have_hits(1)
+    expect(results["hits"]["hits"][0]["_source"]["country"]).to eq("us")
+
+    # partial or terms should not work.
+    results = @client.search(:q => "country.keyword:\"u\"")
+    expect(results).to have_hits(0)
+  end
+
+  it "make [geoip][location] a geo_point" do
+    expect(field_properties_from_template("logstash", "geoip")["location"]["type"]).to eq("geo_point")
+  end
+
+  it "aggregate .keyword results correctly " do
+    results = @client.search(:body => { "aggregations" => { "my_agg" => { "terms" => { "field" => "country.keyword" } } } })["aggregations"]["my_agg"]
+    terms = results["buckets"].collect { |b| b["key"] }
+
+    expect(terms).to include("us")
+
+    # 'at' is a stopword, make sure stopwords are not ignored.
+    expect(terms).to include("at")
+  end
+end

data/spec/integration/outputs/update_spec.rb

@@ -0,0 +1,123 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+#  The OpenSearch Contributors require contributions made to
+#  this file be licensed under the Apache-2.0 license or a
+#  compatible open source license.
+#
+#  Modifications Copyright OpenSearch Contributors. See
+#  GitHub history for details.
+
+require_relative "../../../spec/opensearch_spec_helper"
+
+describe "Update actions without scripts", :integration => true do
+  require "logstash/outputs/opensearch"
+
+  def get_es_output( options={} )
+    settings = {
+      "manage_template" => true,
+      "index" => "logstash-update",
+      "template_overwrite" => true,
+      "hosts" => get_host_port(),
+      "action" => "update"
+    }
+    LogStash::Outputs::OpenSearch.new(settings.merge!(options))
+  end
+
+  before :each do
+    @client = get_client
+    # Delete all templates first.
+    # Clean OpenSearch of data before we start.
+    @client.indices.delete_template(:name => "*")
+    # This can fail if there are no indexes, ignore failure.
+    @client.indices.delete(:index => "*") rescue nil
+    @client.index(
+      :index => 'logstash-update',
+      :type => doc_type,
+      :id => "123",
+      :body => { :message => 'Test', :counter => 1 }
+    )
+    @client.indices.refresh
+  end
+
+  it "should fail without a document_id" do
+    subject = get_es_output
+    expect { subject.register }.to raise_error(LogStash::ConfigurationError)
+  end
+
+  context "when update only" do
+    it "should not create new document" do
+      subject = get_es_output({ 'document_id' => "456" } )
+      subject.register
+      subject.multi_receive([LogStash::Event.new("message" => "sample message here")])
+      expect {@client.get(:index => 'logstash-update', :type => doc_type, :id => "456", :refresh => true)}.to raise_error(Elasticsearch::Transport::Transport::Errors::NotFound)
+    end
+
+    it "should update existing document" do
+      subject = get_es_output({ 'document_id' => "123" })
+      subject.register
+      subject.multi_receive([LogStash::Event.new("message" => "updated message here")])
+      r = @client.get(:index => 'logstash-update', :type => doc_type, :id => "123", :refresh => true)
+      expect(r["_source"]["message"]).to eq('updated message here')
+    end
+
+    # The es ruby client treats the data field differently. Make sure this doesn't
+    # raise an exception
+    it "should update an existing document that has a 'data' field" do
+      subject = get_es_output({ 'document_id' => "123" })
+      subject.register
+      subject.multi_receive([LogStash::Event.new("data" => "updated message here", "message" => "foo")])
+      r = @client.get(:index => 'logstash-update', :type => doc_type, :id => "123", :refresh => true)
+      expect(r["_source"]["data"]).to eq('updated message here')
+      expect(r["_source"]["message"]).to eq('foo')
+    end
+
+    it "should allow default (internal) version" do
+      subject = get_es_output({ 'document_id' => "123", "version" => "99" })
+      subject.register
+    end
+
+    it "should allow internal version" do
+      subject = get_es_output({ 'document_id' => "123", "version" => "99", "version_type" => "internal" })
+      subject.register
+    end
+
+    it "should not allow external version" do
+      subject = get_es_output({ 'document_id' => "123", "version" => "99", "version_type" => "external" })
+      expect { subject.register }.to raise_error(LogStash::ConfigurationError)
+    end
+
+    it "should not allow external_gt version" do
+      subject = get_es_output({ 'document_id' => "123", "version" => "99", "version_type" => "external_gt" })
+      expect { subject.register }.to raise_error(LogStash::ConfigurationError)
+    end
+
+    it "should not allow external_gte version" do
+      subject = get_es_output({ 'document_id' => "123", "version" => "99", "version_type" => "external_gte" })
+      expect { subject.register }.to raise_error(LogStash::ConfigurationError)
+    end
+
+  end
+
+  context "when update with upsert" do
+    it "should create new documents with provided upsert" do
+      subject = get_es_output({ 'document_id' => "456", 'upsert' => '{"message": "upsert message"}' })
+      subject.register
+      subject.multi_receive([LogStash::Event.new("message" => "sample message here")])
+      r = @client.get(:index => 'logstash-update', :type => doc_type, :id => "456", :refresh => true)
+      expect(r["_source"]["message"]).to eq('upsert message')
+    end
+
+    it "should create new documents with event/doc as upsert" do
+      subject = get_es_output({ 'document_id' => "456", 'doc_as_upsert' => true })
+      subject.register
+      subject.multi_receive([LogStash::Event.new("message" => "sample message here")])
+      r = @client.get(:index => 'logstash-update', :type => doc_type, :id => "456", :refresh => true)
+      expect(r["_source"]["message"]).to eq('sample message here')
+    end
+
+    it "should fail on documents with event/doc as upsert at external version" do
+      subject = get_es_output({ 'document_id' => "456", 'doc_as_upsert' => true, 'version' => 999, "version_type" => "external" })
+      expect { subject.register }.to raise_error(LogStash::ConfigurationError)
+    end
+  end
+end