logstash-output-scalyr 0.2.6 → 0.2.7.beta

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d304cddbc773ab520aac6f831897fc0ea1e00aef12f28528b31f388891048069
-  data.tar.gz: 970a67aef4939a74f2032f5aeefec859bb29b4fd4ec34955bb47d173427a1331
+  metadata.gz: '098686f8c748dbe1d02cec87e92aa49df5db05049ff0d87ccd6fbb6271ccd797'
+  data.tar.gz: '0073297594f936703190252584559ae60cd81a7b3807f1b2685b6966fece5610'
 SHA512:
-  metadata.gz: 81535be5b8b2d5a377c09803e0af45a35e581b42c10b4576155f9482313bdc2a8d43444cf3ee886b825705507ca292f599326046cf4b1e516afb33979ac7de37
-  data.tar.gz: f0c566e5d739121926a5470258572386e0e587865e65499fac2dea040193d655283439faa4ebf72c38905f0a040db5a091cb0a1b45840e74f0360fc2c576a635
+  metadata.gz: 507ddc7c825ae4612907c4ad451597bf516732b389b5a628598f8eec12e8cdc1f7c4b5b71533803665d1fd18b3fce43a0aa3989729192eea26b2948273f9d267
+  data.tar.gz: 310a452e0df0b74081a061030322b3f2a013bad233ba99b424fcea428af336f86370cb76bda62c06c5edcbee81731e5a498e137daf4f7d42a843ef988a8664df

data/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Beta
 
+## 0.2.7.beta
+
+* SSL cert validation code has been simplified. Now ``ssl_ca_bundle_path`` config option
+  defaults to the CA bundle path which is vendored / bundled with the RubyGem and includes CA
+  certs of the authorities which are used for DataSet API endpoint certificates.
+
+  In addition to that, ``append_builtin_cert`` config option has been removed and the code now
+  throws error in case invalid / inexistent path is specified for the ``ssl_ca_bundle_path``
+  config option - this represents a fatal config error.
+
 ## 0.2.6.beta, 0.2.6
 
 * Update default value of ``ssl_ca_bundle_path`` config option to

data/README.md

@@ -132,42 +132,23 @@ set on the event object to prevent API from rejecting an invalid request.
 
 ## Note On Server SSL Certificate Validation
 
-By default when validating DataSet endpoint server SSL certificate, logstash plugin will use a
-combination of system CA certs bundle from ``/etc/ssl/certs/ca-certificates.crt`` and combination
-of root CA certificates which are bundled with this plugin which represent root certificates used
-to issue / sign server certificates used by the DataSet API endpoint.
+By default when validating DataSet endpoint server SSL certificate, logstash uses CA certificate
+bundles which is vendored / bundled with the RubyGem / plugin. This bundle includes CA certificate
+files of authoried which are used to issue DataSet API endpoint certificates.
 
-In case you want to use only system CA certs bundle (not use certs which are bundled with the
-plugin), you can do that by using the following config options:
+If you want to use system CA bundle, you should update ``ssl_ca_bundle_path`` to system CA bundle
+path (e.g. ``/etc/ssl/certs/ca-certificates.crt``), as shown in the example below:
 
 ```
 output {
  scalyr {
    api_write_token => 'SCALYR_API_KEY'
    ...
-   # You only need to set this config option in case default CA bundle path on your system is
-   # different
    ssl_ca_bundle_path => "/etc/ssl/certs/ca-certificates.crt"
-   append_builtin_cert => false
  }
 }
 ```
 
-In case you want to use only root CA certs which are bundled with the plugin (not use system CA
-certs bundle), you can do that by using the following config options:
-
-```
-output {
- scalyr {
-   api_write_token => 'SCALYR_API_KEY'
-   ...
-   # You only need to set this config option in case default CA bundle path on your system is
-   # different
-   ssl_ca_bundle_path => nil
-   append_builtin_cert => true
- }
-}
-```
 
 ## Options
 
@@ -185,7 +166,7 @@ output {
 
 - Path to SSL CA bundle file which is used to verify the server certificate.
 
-`config :ssl_ca_bundle_path, :validate => :string, :default => "/etc/ssl/certs/ca-certificates.crt"`
+`config :ssl_ca_bundle_path, :validate => :string, :default => CA_CERTS_PATH`
 
 If for some reason you need to disable server cert validation (you are strongly recommended to
 not disable it unless specifically instructed to do so or have a valid reason for it), you can do
@@ -460,6 +441,12 @@ Or to run a single test function defined on line XXX
 bundle exec rspec spec/scalyr/common/util_spec.rb:XXX
 ```
 
+Or using more verbose output mode:
+
+```bash
+bundle exec rspec -fd spec/scalyr/common/util_spec.rb
+```
+
 ## Instrumentation and metrics
 
 By default, plugin logs a special line with metrics to Scalyr every 5 minutes. This line contains

data/lib/logstash/outputs/scalyr.rb

@@ -133,13 +133,14 @@ class LogStash::Outputs::Scalyr < LogStash::Outputs::Base
   # Whether or not to verify the connection to Scalyr, only set to false for debugging.
   config :ssl_verify_peer, :validate => :boolean, :default => true
 
-  # Path to SSL bundle file.
-  # Technically, we could also use Ruby specific cert store + using OpenSSL::X509::DEFAULT_CERT_FILE
-  # here, although that variable stores der and not pem format.
-  config :ssl_ca_bundle_path, :validate => :string, :default => "/etc/ssl/certs/ca-certificates.crt"
+  # Path to SSL bundle file used to validate remote / server SSL certificate. By default, path to
+  # the CA bundled which is vendored / bundled with the RubyGem is used.
+  # If user has a specific reason to change this value (e.g. to a system ca bundle such as 
+  # /etc/ssl/certs/ca-certificates.crt, they can update this option).
+  config :ssl_ca_bundle_path, :validate => :string, :default => CA_CERTS_PATH
 
-  # If we should append our built-in Scalyr cert to the one we find at `ssl_ca_bundle_path`.
-  config :append_builtin_cert, :validate => :boolean, :default => true
+  # Unused since v0.2.7, left here for backward compatibility reasons
+  config :append_builtin_cert, :validate => :boolean, :default => false
 
   config :max_request_buffer, :validate => :number, :default => 5500000  # echee TODO: eliminate?
   config :force_message_encoding, :validate => :string, :default => nil
@@ -261,6 +262,10 @@ class LogStash::Outputs::Scalyr < LogStash::Outputs::Base
       end
     end
 
+    if not @append_builtin_cert.nil?
+      @logger.warn "append_builtin_cert config option has been deprecated and is unused in versions 0.2.7 and above"
+    end
+
     @dlq_writer = dlq_enabled? ? execution_context.dlq_writer : nil
 
     @message_encoding = nil
@@ -352,7 +357,7 @@ class LogStash::Outputs::Scalyr < LogStash::Outputs::Base
     @running = true
     @client_session = Scalyr::Common::Client::ClientSession.new(
         @logger, @add_events_uri,
-        @compression_type, @compression_level, @ssl_verify_peer, @ssl_ca_bundle_path, @append_builtin_cert,
+        @compression_type, @compression_level, @ssl_verify_peer, @ssl_ca_bundle_path,
         @record_stats_for_status, @flush_quantile_estimates_on_status_send,
         @http_connect_timeout, @http_socket_timeout, @http_request_timeout, @http_pool_max, @http_pool_max_per_route
     )
@@ -378,7 +383,7 @@ class LogStash::Outputs::Scalyr < LogStash::Outputs::Base
     # This way we don't need to keep idle long running connection open.
     initial_send_status_client_session = Scalyr::Common::Client::ClientSession.new(
         @logger, @add_events_uri,
-        @compression_type, @compression_level, @ssl_verify_peer, @ssl_ca_bundle_path, @append_builtin_cert,
+        @compression_type, @compression_level, @ssl_verify_peer, @ssl_ca_bundle_path,
         @record_stats_for_status, @flush_quantile_estimates_on_status_send,
         @http_connect_timeout, @http_socket_timeout, @http_request_timeout, @http_pool_max, @http_pool_max_per_route
     )

data/lib/scalyr/common/client.rb

@@ -57,7 +57,7 @@ end
 class ClientSession
 
   def initialize(logger, add_events_uri, compression_type, compression_level,
-                 ssl_verify_peer, ssl_ca_bundle_path, append_builtin_cert,
+                 ssl_verify_peer, ssl_ca_bundle_path,
                  record_stats_for_status, flush_quantile_estimates_on_status_send,
                  connect_timeout, socket_timeout, request_timeout, pool_max, pool_max_per_route)
     @logger = logger
@@ -66,7 +66,6 @@ class ClientSession
     @compression_level = compression_level
     @ssl_verify_peer = ssl_verify_peer
     @ssl_ca_bundle_path = ssl_ca_bundle_path
-    @append_builtin_cert = append_builtin_cert
     @record_stats_for_status = record_stats_for_status
     @flush_quantile_estimates_on_status_send = flush_quantile_estimates_on_status_send
     @connect_timeout = connect_timeout
@@ -75,9 +74,6 @@ class ClientSession
     @pool_max = pool_max
     @pool_max_per_route = pool_max_per_route
 
-    # A cert to use by default to avoid issues caused by the OpenSSL library not validating certs according to standard
-    @cert_string = CA_CERT_STRING
-
     # Request statistics are accumulated across multiple threads and must be accessed through a mutex
     @stats_lock = Mutex.new
     @latency_stats = get_new_latency_stats
@@ -120,41 +116,15 @@ class ClientSession
     # verify peers to prevent potential MITM attacks
     if @ssl_verify_peer
       c[:ssl][:verify] = :strict
+      @logger.info("Using CA bundle from #{@ssl_ca_bundle_path} to validate the server side certificate")
 
-      if not @append_builtin_cert
-        # System CA bundle is used, no need to copy it over and append our bundled CA cert
-        @logger.info("Using CA bundle from #{@ssl_ca_bundle_path} to validate the server side certificate")
-        @ca_cert_path = @ssl_ca_bundle_path
-
-        if not File.file?(@ssl_ca_bundle_path)
-          # TODO: For now we don't throw to keep code backward compatible. In the future in case
-          # file doesn't exist, we should throw instead of write empty CA cert file and pass that 
-          # to Manticore which will eventually fail and throw on cert validation
-          #raise Errno::ENOENT.new("ssl_ca_bundle_path config option to an invalid file path which doesn't exist - #{@ssl_ca_bundle_path}")
-          @ca_cert = Tempfile.new("ca_cert")
-          @ca_cert_path = @ca_cert.path
-        end
-      else
-        @ca_cert = Tempfile.new("ca_cert")
-
-        if File.file?(@ssl_ca_bundle_path)
-          @ca_cert.write(File.read(@ssl_ca_bundle_path))
-          @ca_cert.flush
-        else
-          @logger.warn("CA bundle (#{@ssl_ca_bundle_path}) doesn't exist, using only bundled CA certificates")
-        end
-
-        open(@ca_cert.path, "a") do |f|
-          f.puts @cert_string
-        end
-
-        @ca_cert.flush
-        @ca_cert_path = @ca_cert.path
-
-        @logger.info("Using CA bundle from #{@ssl_ca_bundle_path} combined with bundled certificates to validate the server side certificate (#{@ca_cert_path})")
+      if not File.file?(@ssl_ca_bundle_path)
+        raise Errno::ENOENT.new("Invalid path for ssl_ca_bundle_path config option - file doesn't exist or is not readable")
       end
-      c[:ssl][:ca_file] = @ca_cert_path
+
+      c[:ssl][:ca_file] = @ssl_ca_bundle_path
     else
+      @logger.warn("SSL certificate validation has been disabled. You are strongly encouraged to enable it to prevent possible MITM and similar attacks.")
       c[:ssl][:verify] = :disable
     end
 

data/lib/scalyr/constants.rb

@@ -1,15 +1,14 @@
 # encoding: utf-8
 
-PLUGIN_VERSION = "v0.2.6"
+PLUGIN_VERSION = "v0.2.7.beta"
 
 # Special event level attribute name which can be used for setting event level serverHost attribute
 EVENT_LEVEL_SERVER_HOST_ATTRIBUTE_NAME = '__origServerHost'
 
 # Path to the bundled root CA certs used to sign server cert
-CA_CERT_PATH = File.expand_path(File.join(File.dirname(__FILE__), + "/certs/ca_certs.crt"))
+CA_CERTS_PATH = File.expand_path(File.join(File.dirname(__FILE__), + "/certs/ca_certs.crt"))
 
-# Cert which is append to a copy of "/etc/ssl/certs/ca-bundle.crt" file.
-# This is done for backward compatibility and convenience reasons when "appending_builtin_cert"
-# plugin config option is set to true - eventually we want to default it to false and just rely
-# on system ca bundle by default.
-CA_CERT_STRING = File.read(CA_CERT_PATH)
+# Additional check on import to catch this issue early (in case of a invalid path or similar)
+if not File.file?(CA_CERTS_PATH)
+  raise Errno::ENOENT.new("Invalid path specified for CA_CERTS_PATH module constant (likely a developer error).")
+end

data/logstash-output-scalyr.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'logstash-output-scalyr'
-  s.version         = '0.2.6'
+  s.version         = '0.2.7.beta'
   s.licenses = ['Apache-2.0']
   s.summary = "Scalyr output plugin for Logstash"
   s.description     = "Sends log data collected by Logstash to Scalyr (https://www.scalyr.com)"

data/spec/logstash/outputs/fixtures/example_com.pem

@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHQDCCBiigAwIBAgIQD9B43Ujxor1NDyupa2A4/jANBgkqhkiG9w0BAQsFADBN
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
+aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTI4MDAwMDAwWhcN
+MjAxMjAyMTIwMDAwWjCBpTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
+aWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMTwwOgYDVQQKEzNJbnRlcm5ldCBDb3Jw
+b3JhdGlvbiBmb3IgQXNzaWduZWQgTmFtZXMgYW5kIE51bWJlcnMxEzARBgNVBAsT
+ClRlY2hub2xvZ3kxGDAWBgNVBAMTD3d3dy5leGFtcGxlLm9yZzCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANDwEnSgliByCGUZElpdStA6jGaPoCkrp9vV
+rAzPpXGSFUIVsAeSdjF11yeOTVBqddF7U14nqu3rpGA68o5FGGtFM1yFEaogEv5g
+rJ1MRY/d0w4+dw8JwoVlNMci+3QTuUKf9yH28JxEdG3J37Mfj2C3cREGkGNBnY80
+eyRJRqzy8I0LSPTTkhr3okXuzOXXg38ugr1x3SgZWDNuEaE6oGpyYJIBWZ9jF3pJ
+QnucP9vTBejMh374qvyd0QVQq3WxHrogy4nUbWw3gihMxT98wRD1oKVma1NTydvt
+hcNtBfhkp8kO64/hxLHrLWgOFT/l4tz8IWQt7mkrBHjbd2XLVPkCAwEAAaOCA8Ew
+ggO9MB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBRm
+mGIC4AmRp9njNvt2xrC/oW2nvjCBgQYDVR0RBHoweIIPd3d3LmV4YW1wbGUub3Jn
+ggtleGFtcGxlLmNvbYILZXhhbXBsZS5lZHWCC2V4YW1wbGUubmV0ggtleGFtcGxl
+Lm9yZ4IPd3d3LmV4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5lZHWCD3d3dy5leGFt
+cGxlLm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv
+bS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5j
+b20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgG
+CCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAEC
+AjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj
+ZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t
+L0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIB
+fwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb
+37jjd80OyA3cEAAAAWdcMZVGAAAEAwBIMEYCIQCEZIG3IR36Gkj1dq5L6EaGVycX
+sHvpO7dKV0JsooTEbAIhALuTtf4wxGTkFkx8blhTV+7sf6pFT78ORo7+cP39jkJC
+AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFnXDGWFQAABAMA
+RzBFAiBvqnfSHKeUwGMtLrOG3UGLQIoaL3+uZsGTX3MfSJNQEQIhANL5nUiGBR6g
+l0QlCzzqzvorGXyB/yd7nttYttzo8EpOAHYAb1N2rDHwMRnYmQCkURX/dxUcEdkC
+wQApBo2yCJo32RMAAAFnXDGWnAAABAMARzBFAiEA5Hn7Q4SOyqHkT+kDsHq7ku7z
+RDuM7P4UDX2ft2Mpny0CIE13WtxJAUr0aASFYZ/XjSAMMfrB0/RxClvWVss9LHKM
+MA0GCSqGSIb3DQEBCwUAA4IBAQBzcIXvQEGnakPVeJx7VUjmvGuZhrr7DQOLeP4R
+8CmgDM1pFAvGBHiyzvCH1QGdxFl6cf7wbp7BoLCRLR/qPVXFMwUMzcE1GLBqaGZM
+v1Yh2lvZSLmMNSGRXdx113pGLCInpm/TOhfrvr0TxRImc8BdozWJavsn1N2qdHQu
+N+UBO6bQMLCD0KHEdSGFsuX6ZwAworxTg02/1qiDu7zW7RyzHvFYA4IAjpzvkPIa
+X6KjBtpdvp/aXabmL95YgBjT8WJ7pqOfrqhpcmOBZa6Cg6O1l4qbIFH/Gj9hQB5I
+0Gs4+eH6F9h3SojmPTYkT+8KuZ9w84Mn+M8qBXUQoYoKgIjN
+-----END CERTIFICATE-----

data/spec/logstash/outputs/scalyr_integration_spec.rb

@@ -10,6 +10,8 @@ require 'webmock/rspec'
 gem 'json', '1.8.6'
 require 'json'
 
+EXAMPLE_COME_CA_CERTS_PATH = File.expand_path(File.join(File.dirname(__FILE__), + "/fixtures/example_com.pem"))
+
 WebMock.allow_net_connect!
 
 RSpec.configure do |rspec|
@@ -64,50 +66,35 @@ describe LogStash::Outputs::Scalyr do
         end
       end
 
-      context "when pointing at a location without any valid certs and not using builtin" do
-        it "throws an SSLError" do
+      context "when pointing at an invalid location (doesnt exist) without any valid certs" do
+        it "throws an Errno::ENOENT error" do
               plugin = LogStash::Outputs::Scalyr.new({
                 'api_write_token' => '1234',
                 'perform_connectivity_check' => false,
                 'ssl_ca_bundle_path' => '/fakepath/nocerts',
-                'append_builtin_cert' => false,
                 'max_retries' => 2,
                 'retry_max_interval' => 2,
                 'retry_initial_interval' => 0.2,
               })
-              plugin.register
-              plugin.instance_variable_set(:@running, false)
-              allow(plugin.instance_variable_get(:@logger)).to receive(:warn)
-              plugin.multi_receive(sample_events)
-              expect(plugin.instance_variable_get(:@logger)).to have_received(:warn).with("Error uploading to Scalyr (will backoff-retry)",
-                {
-                  :error_class=>"Manticore::UnknownException",
-                  :batch_num=>1,
-                  :message=>"Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty",
-                  #:message=>"java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty",
-                  :payload_size=>737,
-                  :record_count=>3,
-                  :total_batches=>1,
-                  :url=>"https://agent.scalyr.com/addEvents",
-                  :will_retry_in_seconds=>0.4
-                }
-              )
+
+              expect {
+                plugin.register
+              }.to raise_error(Errno::ENOENT, /Invalid path for ssl_ca_bundle_path config option - file doesn't exist or is not readable/)
         end
       end
 
-      context "when system certs are missing and not using builtin" do
+      context "when pointing to an empty certs file" do
         it "throws an SSLError" do
-          `sudo mv #{OpenSSL::X509::DEFAULT_CERT_FILE} /tmp/system_cert.pem`
-          `sudo mv #{OpenSSL::X509::DEFAULT_CERT_DIR} /tmp/system_certs`
+          temp_file = file = Tempfile.new('emot_certs_file')
 
           begin
               plugin = LogStash::Outputs::Scalyr.new({
                 'api_write_token' => '1234',
                 'perform_connectivity_check' => false,
-                'append_builtin_cert' => false,
                 'max_retries' => 2,
                 'retry_max_interval' => 2,
                 'retry_initial_interval' => 0.2,
+                'ssl_ca_bundle_path' => temp_file.path
               })
               plugin.register
               plugin.instance_variable_set(:@running, false)
@@ -127,9 +114,8 @@ describe LogStash::Outputs::Scalyr do
                 }
               )
           end
-          ensure
-            `sudo mv /tmp/system_certs #{OpenSSL::X509::DEFAULT_CERT_DIR}`
-            `sudo mv /tmp/system_cert.pem #{OpenSSL::X509::DEFAULT_CERT_FILE}`
+        ensure
+          temp_file.unlink
         end
       end
 
@@ -180,23 +166,22 @@ describe LogStash::Outputs::Scalyr do
         end
       end
 
-      context "when an error occurs with retries at 15" do
-        it "exits after 5 retries and emits a log" do
-              plugin = LogStash::Outputs::Scalyr.new({
-                'api_write_token' => '1234',
-                'perform_connectivity_check' => false,
-                'ssl_ca_bundle_path' => '/fakepath/nocerts',
-                'append_builtin_cert' => false,
-                'max_retries' => 15,
-                'retry_max_interval' => 0.5,
-                'retry_initial_interval' => 0.2,
-              })
-              plugin.register
-              allow(plugin.instance_variable_get(:@logger)).to receive(:error)
-              plugin.multi_receive(sample_events)
-              expect(plugin.instance_variable_get(:@logger)).to have_received(:error).with("Failed to send 3 events after 15 tries.", anything
-              )
-        end
+      context "when an error occurs with retries at 15 and invalid example_com cert" do
+        it "exits after 15 retries and emits a log" do
+          plugin = LogStash::Outputs::Scalyr.new({
+            'api_write_token' => '1234',
+            'perform_connectivity_check' => false,
+            'ssl_ca_bundle_path' => EXAMPLE_COME_CA_CERTS_PATH,
+            'max_retries' => 15,
+            'retry_max_interval' => 0.2,
+            'retry_initial_interval' => 0.1,
+          })
+          plugin.register
+          allow(plugin.instance_variable_get(:@logger)).to receive(:error)
+          plugin.multi_receive(sample_events)
+          expect(plugin.instance_variable_get(:@logger)).to have_received(:error).with("Failed to send 3 events after 15 tries.", anything
+          )
+      end
       end
   end
 
@@ -209,11 +194,10 @@ describe LogStash::Outputs::Scalyr do
         plugin = LogStash::Outputs::Scalyr.new({
           'api_write_token' => '1234',
           'perform_connectivity_check' => false,
-          'ssl_ca_bundle_path' => '/fakepath/nocerts',
-          'append_builtin_cert' => false,
+          'ssl_ca_bundle_path' => EXAMPLE_COME_CA_CERTS_PATH,
           'max_retries' => 2,
-          'retry_max_interval' => 2,
-          'retry_initial_interval' => 0.2,
+          'retry_max_interval' => 0.2,
+          'retry_initial_interval' => 0.1,
         })
         plugin.register
         plugin.instance_variable_set(:@running, false)
@@ -230,7 +214,7 @@ describe LogStash::Outputs::Scalyr do
             :record_count=>3,
             :total_batches=>1,
             :url=>"https://agent.scalyr.com/addEvents",
-            :will_retry_in_seconds=>0.4,
+            :will_retry_in_seconds=>0.2,
             :body=>"stubbed response"
           }
         )
@@ -245,11 +229,10 @@ describe LogStash::Outputs::Scalyr do
         plugin = LogStash::Outputs::Scalyr.new({
           'api_write_token' => '1234',
           'perform_connectivity_check' => false,
-          'ssl_ca_bundle_path' => '/fakepath/nocerts',
-          'append_builtin_cert' => false,
+          'ssl_ca_bundle_path' => EXAMPLE_COME_CA_CERTS_PATH,
           'max_retries' => 2,
-          'retry_max_interval' => 2,
-          'retry_initial_interval' => 0.2,
+          'retry_max_interval' => 0.2,
+          'retry_initial_interval' => 0.1,
         })
         plugin.register
         plugin.instance_variable_set(:@running, false)
@@ -266,7 +249,7 @@ describe LogStash::Outputs::Scalyr do
             :record_count=>3,
             :total_batches=>1,
             :url=>"https://agent.scalyr.com/addEvents",
-            :will_retry_in_seconds=>0.4,
+            :will_retry_in_seconds=>0.2,
             :body=>"stubbed response"
           }
         )
@@ -281,11 +264,10 @@ describe LogStash::Outputs::Scalyr do
         plugin = LogStash::Outputs::Scalyr.new({
             'api_write_token' => '1234',
             'perform_connectivity_check' => false,
-            'ssl_ca_bundle_path' => '/fakepath/nocerts',
-            'append_builtin_cert' => false,
+            'ssl_ca_bundle_path' => EXAMPLE_COME_CA_CERTS_PATH,
             'max_retries' => 2,
-            'retry_max_interval' => 2,
-            'retry_initial_interval' => 0.2,
+            'retry_max_interval' => 0.2,
+            'retry_initial_interval' => 0.1,
         })
         plugin.register
         plugin.instance_variable_set(:@running, false)
@@ -302,7 +284,7 @@ describe LogStash::Outputs::Scalyr do
             :record_count=>3,
             :total_batches=>1,
             :url=>"https://agent.scalyr.com/addEvents",
-            :will_retry_in_seconds=>0.4,
+            :will_retry_in_seconds=>0.2,
             :body=>("0123456789" * 50) + "012345678..."
           }
         )
@@ -318,11 +300,10 @@ describe LogStash::Outputs::Scalyr do
         plugin = LogStash::Outputs::Scalyr.new({
             'api_write_token' => '1234',
             'perform_connectivity_check' => false,
-            'ssl_ca_bundle_path' => '/fakepath/nocerts',
-            'append_builtin_cert' => false,
+            'ssl_ca_bundle_path' => EXAMPLE_COME_CA_CERTS_PATH,
             'max_retries' => 2,
-            'retry_max_interval' => 2,
-            'retry_initial_interval' => 0.2,
+            'retry_max_interval' => 0.2,
+            'retry_initial_interval' => 0.1,
         })
         plugin.register
         plugin.instance_variable_set(:@running, false)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-scalyr
 version: !ruby/object:Gem::Version
-  version: 0.2.6
+  version: 0.2.7.beta
 platform: ruby
 authors:
 - Edward Chee
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-01 00:00:00.000000000 Z
+date: 2022-08-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -171,6 +171,7 @@ files:
 - spec/benchmarks/metrics_overhead.rb
 - spec/benchmarks/set_session_level_serverhost_on_events.rb
 - spec/benchmarks/util.rb
+- spec/logstash/outputs/fixtures/example_com.pem
 - spec/logstash/outputs/scalyr_integration_spec.rb
 - spec/logstash/outputs/scalyr_spec.rb
 - spec/scalyr/common/util_spec.rb
@@ -191,9 +192,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project:
 rubygems_version: 2.7.10
@@ -207,6 +208,7 @@ test_files:
 - spec/benchmarks/metrics_overhead.rb
 - spec/benchmarks/set_session_level_serverhost_on_events.rb
 - spec/benchmarks/util.rb
+- spec/logstash/outputs/fixtures/example_com.pem
 - spec/logstash/outputs/scalyr_integration_spec.rb
 - spec/logstash/outputs/scalyr_spec.rb
 - spec/scalyr/common/util_spec.rb