RubyGems - logstash-output-tcp - Versions diffs - 6.0.3 → 6.1.0 - Mend

logstash-output-tcp 6.0.3 → 6.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +3 -5
data/docs/index.asciidoc +15 -0
data/lib/logstash/outputs/tcp.rb +72 -80
data/logstash-output-tcp.gemspec +5 -2
data/spec/outputs/tcp_spec.rb +152 -132
metadata +44 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5db164894be7c046e3dce9337af0ce5b684f19b1b35274a0d3b925e97fe402c8
-  data.tar.gz: 63dbb52d49285af564f83de8218c3af098b1d0f62d9deee019c15eae5cbd98e2
+  metadata.gz: d30cf25cfbc7e1cc2e72d5e1eb8ab8179d42b31413a549801a012d5e1be7e640
+  data.tar.gz: 53632382865d4bade1e6d56e9872b1b5db690fd9b866cb4d0952dfa8d1156cee
 SHA512:
-  metadata.gz: 10b22e722c22edce1fd3699e876ab898283d66ec0aa256f9d9c6159112bcf54f872b4e68d8bc7eb72b999c54442d5b65c69fa87194f6c6a58623f7c1939c9c09
-  data.tar.gz: eb6477d5f227184f46bac1c01453215fbd2f2ebf3c0fbb819413d5555d2ab7472ab61b11d737016487b3d1255bcc65fce008f350683ad28e9468fbb1f55ded49
+  metadata.gz: e48f3511c25df04edb79dfd0425c6a84d18808bce5f8d4910cabe024955e6c16f8b856a8ac7fac01cb7721e7628934101e14e7180497a7c6cc1096169290963e
+  data.tar.gz: 94758e5adb6be529f4c70715aa0796d1a15bd8d17e91d35c63fdc1b29eccea58c0f36e4c29b0cf911a3691fade34c895922ca9b0384cd3df405f723a97ff642f

data/CHANGELOG.md CHANGED Viewed

@@ -1,8 +1,6 @@
-## 6.0.3
-  - Pulled applicable back-ports from 6.1.0 [#50](https://github.com/logstash-plugins/logstash-output-tcp/pull/50)
-    - Fix: Ensure sockets are closed when this plugin is closed
-    - Fix: Fixes an issue in client mode where payloads larger than a connection's current TCP window could be silently truncated
-  - Fix: Fixes an issue in server mode where payloads larger than a connection's current TCP window could be silently truncated
+## 6.1.0
+  - Feat: ssl_supported_protocols (TLSv1.3) [#47](https://github.com/logstash-plugins/logstash-output-tcp/pull/47)
+  - Fix: close server and client sockets on plugin close
 ## 6.0.2
   - Fix: unable to start with password protected key [#45](https://github.com/logstash-plugins/logstash-output-tcp/pull/45)

data/docs/index.asciidoc CHANGED Viewed

@@ -45,6 +45,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-ssl_enable>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
+| <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_verify>> |<<boolean,boolean>>|No
 |=======================================================================
@@ -130,6 +131,20 @@ SSL key path
 SSL key passphrase
+[id="plugins-{type}s-{plugin}-ssl_supported_protocols"]
+===== `ssl_supported_protocols`
+  * Value type is <<string,string>>
+  * Allowed values are: `'TLSv1.1'`, `'TLSv1.2'`, `'TLSv1.3'`
+  * Default depends on the JDK being used. With up-to-date Logstash, the default is `['TLSv1.2', 'TLSv1.3']`.
+    `'TLSv1.1'` is not considered secure and is only provided for legacy applications.
+List of allowed SSL/TLS versions to use when establishing a secure connection.
+NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the one packaged with Logstash,
+the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
+the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
 [id="plugins-{type}s-{plugin}-ssl_verify"]
 ===== `ssl_verify`

data/lib/logstash/outputs/tcp.rb CHANGED Viewed

@@ -51,30 +51,23 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # SSL key passphrase
   config :ssl_key_passphrase, :validate => :password, :default => nil
-  ##
-  # @param socket [Socket]
-  # @param logger_context [#log_warn&#log_error&#logger]
+  # NOTE: the default setting [] uses SSL engine defaults
+  config :ssl_supported_protocols, :validate => ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'], :default => [], :list => true
   class Client
-    def initialize(socket, logger_context)
+    def initialize(socket, logger)
       @socket = socket
-      @peer_info = socket.peer
-      @logger_context = logger_context
+      @logger = logger
       @queue  = Queue.new
     end
     def run
       loop do
         begin
-          payload = @queue.pop
-          @logger_context.logger.trace("transmitting #{payload.bytesize} bytes", socket: @peer_info) if @logger_context.logger.trace? && payload && !payload.empty?
-          while payload && !payload.empty?
-            written_bytes_size = @socket.write(payload)
-            payload = payload.byteslice(written_bytes_size..-1)
-            @logger_context.logger.log_trace(">transmitted #{written_bytes_size} bytes; #{payload.bytesize} bytes remain", socket: @peer_info) if @logger_context.logger.trace?
-          end
+          @socket.write(@queue.pop)
         rescue => e
-          @logger_context.log_warn("tcp output exception: socket write failed", e, :socket => @peer_info)
+          log_warn 'socket write failed:', e, socket: (@socket ? @socket.to_s : nil)
           break
         end
       end
@@ -87,15 +80,14 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
     def close
       @socket.close
     rescue => e
-      @logger_context.log_warn 'socket close failed:', e, socket: @socket&.to_s
+      log_warn 'socket close failed:', e, socket: (@socket ? @socket.to_s : nil)
     end
   end # class Client
-  private
   def setup_ssl
     require "openssl"
-    @ssl_context = OpenSSL::SSL::SSLContext.new
+    @ssl_context = new_ssl_context
     if @ssl_cert
       @ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
       if @ssl_key
@@ -117,44 +109,63 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
       @ssl_context.cert_store = @cert_store
       @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
     end
-  end # def setup_ssl
-  public
+    @ssl_context.min_version = :TLS1_1 # not strictly required - JVM should have disabled TLSv1
+    if ssl_supported_protocols.any?
+      disabled_protocols = ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'] - ssl_supported_protocols
+      unless OpenSSL::SSL.const_defined? :OP_NO_TLSv1_3 # work-around JRuby-OpenSSL bug - missing constant
+        @ssl_context.max_version = :TLS1_2 if disabled_protocols.delete('TLSv1.3')
+      end
+      # mapping 'TLSv1.2' -> OpenSSL::SSL::OP_NO_TLSv1_2
+      disabled_protocols.map! { |v| OpenSSL::SSL.const_get "OP_NO_#{v.sub('.', '_')}" }
+      @ssl_context.options = disabled_protocols.reduce(@ssl_context.options, :|)
+    end
+    @ssl_context
+  end
+  private :setup_ssl
+  # @note to be able to hook up into #ssl_context from tests
+  def new_ssl_context
+    OpenSSL::SSL::SSLContext.new
+  end
+  private :new_ssl_context
+  # @overload Base#register
   def register
     require "socket"
     require "stud/try"
-    if @ssl_enable
-      setup_ssl
-    end # @ssl_enable
     @closed = Concurrent::AtomicBoolean.new(false)
-    @thread_no = Concurrent::AtomicFixnum.new(0)
+    setup_ssl if @ssl_enable
     if server?
       @logger.info("Starting tcp output listener", :address => "#{@host}:#{@port}")
       begin
         @server_socket = TCPServer.new(@host, @port)
       rescue Errno::EADDRINUSE
-        @logger.error("Could not start TCP server: Address in use",
-                      :host => @host, :port => @port)
+        @logger.error("Could not start tcp server: Address in use", host: @host, port: @port)
         raise
       end
       if @ssl_enable
         @server_socket = OpenSSL::SSL::SSLServer.new(@server_socket, @ssl_context)
       end # @ssl_enable
-      @client_threads = []
+      @client_threads = Concurrent::Array.new
       @accept_thread = Thread.new(@server_socket) do |server_socket|
         LogStash::Util.set_thread_name("[#{pipeline_id}]|output|tcp|server_accept")
         loop do
           break if @closed.value
-          Thread.start(server_socket.accept) do |client_socket|
+          client_socket = server_socket.accept_nonblock exception: false
+          if client_socket == :wait_readable
+            IO.select [ server_socket ]
+            next
+          end
+          Thread.start(client_socket) do |client_socket|
             # monkeypatch a 'peer' method onto the socket.
-            client_socket.extend(::LogStash::Util::SocketPeer)
-            @logger.debug("Accepted connection", :client => client_socket.peer,
-                          :server => "#{@host}:#{@port}")
-            client = Client.new(client_socket, self)
+            client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
+            @logger.debug("accepted connection", client: client_socket.peer, server: "#{@host}:#{@port}")
+            client = Client.new(client_socket, @logger)
             Thread.current[:client] = client
-            LogStash::Util.set_thread_name("[#{pipeline_id}]|output|tcp|client_socket-#{@thread_no.increment}")
+            LogStash::Util.set_thread_name("[#{pipeline_id}]|output|tcp|client_socket-#{@client_threads.size}")
             @client_threads << Thread.current
             client.run unless @closed.value
           end
@@ -168,62 +179,48 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
         end
       end
     else
-      @client_socket = nil
-      peer_info = nil
+      client_socket = nil
       @codec.on_event do |event, payload|
         begin
-          # not threadsafe; this is why we require `concurrency: single`
-          unless @client_socket
-            @client_socket = connect
-            peer_info = @client_socket.peer
-          end
-          writable_io = nil
-          while writable_io.nil? || writable_io.any? == false
-            readable_io, writable_io, _ = IO.select([@client_socket],[@client_socket])
-            # don't expect any reads, but a readable socket might
-            # mean the remote end closed, so read it and throw it away.
-            # we'll get an EOFError if it happens.
-            readable_io.each { |readable| readable.sysread(16384) }
-          end
+          client_socket = connect unless client_socket
+          r,w,e = IO.select([client_socket], [client_socket], [client_socket], nil)
+          # don't expect any reads, but a readable socket might
+          # mean the remote end closed, so read it and throw it away.
+          # we'll get an EOFError if it happens.
+          client_socket.sysread(16384) if r.any?
           # Now send the payload
-          @logger.trace("transmitting #{payload.bytesize} bytes", socket: peer_info) if @logger.trace? && payload && !payload.empty?
-          while payload && payload.bytesize > 0
-            written_bytes_size = @client_socket.syswrite(payload)
-            payload = payload.byteslice(written_bytes_size..-1)
-            @logger.trace(">transmitted #{written_bytes_size} bytes; #{payload.bytesize} bytes remain", socket: peer_info) if @logger.trace?
-          end
+          client_socket.syswrite(payload) if w.any?
         rescue => e
-          log_warn "client socket failed:", e, host: @host, port: @port, socket: peer_info
-          @client_socket.close rescue nil
-          @client_socket = nil
+          log_warn "client socket failed:", e, host: @host, port: @port, socket: (client_socket ? client_socket.to_s : nil)
+          client_socket.close rescue nil
+          client_socket = nil
           sleep @reconnect_interval
           retry
         end
       end
     end
-  end # def register
+  end
+  # @overload Base#receive
+  def receive(event)
+    @codec.encode(event)
+  end
   # @overload Base#close
   def close
-    if server?
-      # server-mode clean-up
-      @closed.make_true
-      @server_socket.shutdown rescue nil if @server_socket
+    @closed.make_true
+    @server_socket.close rescue nil if @server_socket
-      @client_threads&.each do |thread|
-        client = thread[:client]
-        client.close rescue nil if client
-      end
-    else
-      # client-mode clean-up
-      @client_socket&.close
+    return unless @client_threads
+    @client_threads.each do |thread|
+      client = thread[:client]
+      client.close rescue nil if client
     end
   end
   private
   def connect
     begin
       client_socket = TCPSocket.new(@host, @port)
@@ -238,26 +235,20 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
           raise
         end
       end
-      client_socket.extend(::LogStash::Util::SocketPeer)
-      @logger.debug("Opened connection", :client => "#{client_socket.peer}")
+      client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
+      @logger.debug("opened connection", :client => client_socket.peer)
       return client_socket
-    rescue StandardError => e
+    rescue => e
       log_error 'failed to connect:', e
       sleep @reconnect_interval
       retry
     end
   end # def connect
-  private
   def server?
     @mode == "server"
   end # def server?
-  public
-  def receive(event)
-    @codec.encode(event)
-  end # def receive
   def pipeline_id
     execution_context.pipeline_id || 'main'
   end
@@ -273,4 +264,5 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
     details[:backtrace] = e.backtrace if backtrace
     @logger.error(msg, details)
   end
 end # class LogStash::Outputs::Tcp

data/logstash-output-tcp.gemspec CHANGED Viewed

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-output-tcp'
-  s.version         = '6.0.3'
+  s.version         = '6.1.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Writes events over a TCP socket"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -21,11 +21,14 @@ Gem::Specification.new do |s|
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency 'logstash-core', '>= 8.1.0'
   s.add_runtime_dependency 'logstash-codec-json'
   s.add_runtime_dependency 'stud'
+  s.add_runtime_dependency 'jruby-openssl', '>= 0.12.2' # 0.12 supports TLSv1.3
   s.add_development_dependency 'logstash-devutils'
+  s.add_development_dependency 'logstash-codec-plain'
   s.add_development_dependency 'flores'
 end

data/spec/outputs/tcp_spec.rb CHANGED Viewed

@@ -3,14 +3,113 @@ require "logstash/outputs/tcp"
 require "flores/pki"
 describe LogStash::Outputs::Tcp do
-  subject(:instance) { described_class.new(config) }
-  let(:config) { {
-    "host" => "localhost",
-    "port" => 2000 + rand(3000),
-  } }
+  subject { described_class.new(config) }
+  let(:port) do
+    begin
+      # Start high to better avoid common services
+      port = rand(10000..65535)
+      s = TCPServer.new("127.0.0.1", port)
+      s.close
+      port
+    rescue Errno::EADDRINUSE
+      retry
+    end
+  end
+  let(:server) { TCPServer.new("127.0.0.1", port) }
+  let(:config) { { "host" => "localhost", "port" => port } }
+  let(:event) { LogStash::Event.new('message' => 'foo bar') }
+  context 'failing to connect' do
+    before { subject.register }
+    let(:config) { super().merge 'port' => 1000 }
+    it 'fails to connect' do
+      expect( subject ).to receive(:log_error).and_call_original
+      Thread.start { subject.receive(event) }
+      sleep 1.0
+    end
+  end
+  context 'server mode' do
+    before { subject.register }
+    let(:config) { super().merge 'mode' => 'server' }
+    let(:client) do
+      Stud::try(3.times) { TCPSocket.new("127.0.0.1", port) }
+    end
+    after { subject.close }
+    it 'receives serialized data' do; require 'json'
+      client # connect
+      Thread.start { sleep 0.5; subject.receive event }
+      read = client.recv(1000)
+      expect( read.size ).to be > 0
+      expect( JSON.parse(read)['message'] ).to eql 'foo bar'
+    end
+  end
+  context "with forced protocol" do
+    let(:config) do
+      super().merge 'ssl_supported_protocols' => [ 'TLSv1.1' ]
+    end
+    it "limits protocol selection" do
+      if OpenSSL::SSL.const_defined? :OP_NO_TLSv1_3
+        ssl_context = subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_3).to_not eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to_not eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      else
+        ssl_context = OpenSSL::SSL::SSLContext.new
+        allow(subject).to receive(:new_ssl_context).and_return(ssl_context)
+        expect(ssl_context).to receive(:max_version=).with(:'TLS1_2').and_call_original
+        ssl_context = subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to_not eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      end
+    end
+  end
+  context "with protocol range" do
+    let(:config) do
+      super().merge 'ssl_supported_protocols' => [ 'TLSv1.3', 'TLSv1.1', 'TLSv1.2' ]
+    end
+    it "does not limit protocol selection (except min_version)" do
+      ssl_context = OpenSSL::SSL::SSLContext.new
+      allow(subject).to receive(:new_ssl_context).and_return(ssl_context)
+      expect(ssl_context).to receive(:min_version=).with(:'TLS1_1').at_least(1).and_call_original
+      if OpenSSL::SSL.const_defined? :OP_NO_TLSv1_3
+        subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_3).to eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      else
+        subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      end
+      subject.send :setup_ssl
+    end
+  end
   context "when enabling SSL" do
-    let(:config) { super().merge("ssl_enable" => true) }
+    let(:config) { super().merge("ssl_enable" => true, 'codec' => 'plain') }
     context "and not providing a certificate/key pair" do
       it "registers without error" do
         expect { subject.register }.to_not raise_error
@@ -51,160 +150,81 @@ describe LogStash::Outputs::Tcp do
         end
       end
-    end
-    context "encrypted key using PKCS#1" do
-      let(:key_file) { File.join(FIXTURES_PATH, 'encrypted/instance.key') }
-      let(:crt_file) { File.join(FIXTURES_PATH, 'encrypted/instance.crt') }
-      let(:config) { super().merge("ssl_cert" => crt_file, "ssl_key" => key_file) }
-      it "registers with error (due missing password)" do
-        expect { subject.register }.to raise_error(OpenSSL::PKey::RSAError) # TODO need a better error
+      let(:secure_server) do
+        ssl_context = OpenSSL::SSL::SSLContext.new
+        ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(crt_file))
+        ssl_context.key = OpenSSL::PKey::RSA.new(File.read(key_file), nil)
+        ssl_context.ssl_version = server_ssl_version if server_ssl_version
+        ssl_context.min_version = server_min_version if server_min_version
+        ssl_context.max_version = server_max_version if server_max_version
+        OpenSSL::SSL::SSLServer.new(server, ssl_context)
       end
-      context 'with valid password' do
-        let(:config) { super().merge("ssl_key_passphrase" => '1234567890') }
+      let(:server_min_version) { nil }
+      let(:server_max_version) { nil }
+      let(:server_ssl_version) { nil }
-        it "registers without error" do
-          expect { subject.register }.to_not raise_error
-        end
+      context 'with supported protocol' do
-      end
-    end
-  end
+        let(:config) { super().merge("ssl_supported_protocols" => ['TLSv1.2']) }
-  ##
-  # Reads `in_io` until EOF and writes the bytes
-  # it receives to `out_io`, tolerating partial writes.
-  def siphon_until_eof(in_io, out_io)
-    buffer = ""
-    while (retval = in_io.read_nonblock(32*1024, buffer, exception:false)) do
-      (IO.select([in_io], nil, nil, 5); next) if retval == :wait_readable
-      while (buffer && !buffer.empty?) do
-        bytes_written = out_io.write(buffer)
-        buffer.replace buffer.byteslice(bytes_written..-1)
-      end
-    end
-  end
+        let(:server_min_version) { 'TLS1_2' }
-  context 'client mode' do
-    context 'transmitting data' do
-      let!(:io) { StringIO.new } # somewhere for our server to stash the data it receives
+        before { subject.register }
+        after { secure_server.close }
-      let(:server_host) { 'localhost' }
-      let(:server_port) { server.addr[1] } # get actual since we bind to port 0
-      let!(:server) { TCPServer.new(server_host, 0) }
+        it 'reads plain data' do
+          Thread.start { sleep 0.25; subject.receive event }
+          socket = secure_server.accept
+          read = socket.sysread(100)
+          expect( read.size ).to be > 0
+          expect( read ).to end_with 'foo bar'
+        end
-      let(:config) do
-        { 'host' => server_host, 'port' => server_port, 'mode' => 'client' }
       end
-      let(:event) { LogStash::Event.new({"hello" => "world"})}
+      context 'with unsupported protocol (on server)' do
-      subject(:instance) { described_class.new(config) }
+        let(:config) { super().merge("ssl_supported_protocols" => ['TLSv1.1']) }
-      before(:each) do
-        # accepts ONE connection
-        @server_socket_thread = Thread.start do
-          client = server.accept
-          siphon_until_eof(client, io)
-        end
-        instance.register
-      end
+        let(:server_min_version) { 'TLS1_2' }
-      after(:each) do
-        @server_socket_thread&.join
-      end
+        before { subject.register }
+        after { secure_server.close }
-      it 'encodes and transmits data' do
-        instance.receive(event)
-        sleep 1
-        instance.close # release the connection
-        @server_socket_thread.join(30)  || fail('server failed to join')
-        expect(io.string).to include('"hello"','"world"')
-      end
+        it 'fails (and loops retrying)' do
+          expect(subject.logger).to receive(:error).with(/connect ssl failure/i, hash_including(message: /No appropriate protocol/i)).and_call_original
+          expect(subject.logger).to receive(:error).with(/failed to connect/i, hash_including(exception: OpenSSL::SSL::SSLError)).and_call_original
+          expect(subject).to receive(:sleep).once.and_call_original
+          expect(subject).to receive(:sleep).once.and_throw :TEST_DONE # to be able to abort the retry loop
-      context 'when payload is very large' do
-        let(:one_hundred_megabyte_message) { "a" * 1024 * 1024 * 100 }
-        let(:event) { LogStash::Event.new("message" => one_hundred_megabyte_message) }
-        it 'encodes and transmits data' do
-          instance.receive(event)
-          sleep 1
-          instance.close # release the connection
-          @server_socket_thread.join(30)  || fail('server failed to join')
-          expect(io.string).to include('"message"',%Q("#{one_hundred_megabyte_message}"))
+          Thread.start { secure_server.accept rescue nil }
+          expect { subject.receive event }.to throw_symbol(:TEST_DONE)
         end
-      end
-    end
-  end
-  context 'server mode' do
+      end if LOGSTASH_VERSION > '7.0'
-    def wait_for_condition(total_time_in_seconds, &block)
-      deadline = Time.now + total_time_in_seconds
-      until Time.now > deadline
-        return if yield
-        sleep(1)
-      end
-      fail('condition not met!')
     end
-    context 'transmitting data' do
-      let(:server_host) { 'localhost' }
-      let(:server_port) { Random.rand(1024...5000) }
+    context "encrypted key using PKCS#1" do
+      let(:key_file) { File.join(FIXTURES_PATH, 'encrypted/instance.key') }
+      let(:crt_file) { File.join(FIXTURES_PATH, 'encrypted/instance.crt') }
+      let(:config) { super().merge("ssl_cert" => crt_file, "ssl_key" => key_file) }
-      let(:config) do
-        { 'host' => server_host, 'port' => server_port, 'mode' => 'server' }
+      it "registers with error (due missing password)" do
+        expect { subject.register }.to raise_error(OpenSSL::PKey::RSAError) # TODO need a better error
       end
-      subject(:instance) { described_class.new(config) }
-      before(:each) { instance.register } # start listener
-      after(:each) { instance.close }
-      let(:event) { LogStash::Event.new({"hello" => "world"})}
-      context 'when one client is connected' do
-        let(:io) { StringIO.new }
-        let(:client_socket) { TCPSocket.new(server_host, server_port) }
-        before(:each) do
-          @client_socket_thread = Thread.start { siphon_until_eof(client_socket, io) }
-          sleep 1 # wait for it to actually connect
-        end
-        it 'encodes and transmits data' do
-          sleep 1
-          instance.receive(event)
+      context 'with valid password' do
-          wait_for_condition(30) { !io.size.zero? }
-          sleep 1 # wait for the event to get sent...
-          instance.close # release the connection
+        let(:config) { super().merge("ssl_key_passphrase" => '1234567890') }
-          @client_socket_thread.join(30) || fail('client failed to join')
-          expect(io.string).to include('"hello"','"world"')
+        it "registers without error" do
+          expect { subject.register }.to_not raise_error
         end
-        context 'when payload is very large' do
-          let(:one_hundred_megabyte_message) { "a" * 1024 * 1024 * 100 }
-          let(:event) { LogStash::Event.new("message" => one_hundred_megabyte_message) }
-          it 'encodes and transmits data' do
-          instance.receive(event)
-          wait_for_condition(30) { io.size >= one_hundred_megabyte_message.size }
-          sleep 1 # wait for the event to get sent...
-          instance.close # release the connection
-          @client_socket_thread.join(30) || fail('client failed to join')
-            expect(io.string).to include('"message"',%Q("#{one_hundred_megabyte_message}"))
-          end
-        end
       end
     end
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-tcp
 version: !ruby/object:Gem::Version
-  version: 6.0.3
+  version: 6.1.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-11-04 00:00:00.000000000 Z
+date: 2022-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -30,6 +30,20 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.1.0
+  name: logstash-core
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.1.0
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -58,6 +72,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.12.2
+  name: jruby-openssl
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.12.2
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -72,6 +100,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-codec-plain
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements: