RubyGems - logstash-output-tcp - Versions diffs - 6.2.0 → 7.0.0 - Mend

logstash-output-tcp 6.2.0 → 7.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9b97e9b9113d4cb10180102400b3a6ca6188f0a835df2628c059867ea0615fcf
-  data.tar.gz: b13b7dc96ea37efdf72e697396ebcadfeb864c09a65465182dc9a9c3a7c78eec
+  metadata.gz: d6f831af52dc575cf49b8bd64ac494753bbc852bb8cdc37df12ff7c1b0b40a7f
+  data.tar.gz: c0fd08ae08b9b9518f37164539db57a137ffea4c1a92b82915b2678f329b4247
 SHA512:
-  metadata.gz: '08058e53dfcd3f6fcbf4c1e51a82e59998f6ad4348b9dc16c57a86393a92353a7e9c2396984183b2577afe2c35162a333b4d0c5c5e5aac855ffafa3a5a1c0836'
-  data.tar.gz: f97cf1b1e6ddb5c5aeb01fe9f5cbb68aa71bf3798424a219095a8fe3a6b1678c3c7480f059769948e736277daf31f719eecd29a69b4a43bf81195ffa03025462
+  metadata.gz: 3d2bf294da64059cdfd5d25ab58172e8b0d02011b9657fc72bbda2e4839d71ef64465405af9320fbaff72c2c4e76308fd696577f84c4eabad7e52bd8011ce6ca
+  data.tar.gz: 6ec47a3647e01a3324ddfdf9c0804d14aafa610e5e648d65fa90e37c89831cf1a8f5e3c3f709c564d9ae3bd55a794af62d9bbca8f2d098e0963e347e7a5ed85e

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,14 @@
+## 7.0.0
+  - SSL settings that were marked deprecated in version `6.2.0` are now marked obsolete, and will prevent the plugin from starting.
+  - These settings are:
+      - `ssl_cert`, which should be replaced by `ssl_certificate`
+      - `ssl_cacert`, which should be replaced by `ssl_certificate_authorities`
+      - `ssl_enable`, which should be replaced by `ssl_enabled`
+      - `ssl_verify`, which should be replaced by `ssl_client_authentication` when `mode` is `server` or `ssl_verification_mode`when mode is `client`
+      - [58](https://github.com/logstash-plugins/logstash-output-tcp/pull/58)
+## 6.2.1
+  - Document correct default plugin codec [#54](https://github.com/logstash-plugins/logstash-output-tcp/pull/54)
 ## 6.2.0
   - Reviewed and deprecated SSL settings to comply with Logstash's naming convention [#53](https://github.com/logstash-plugins/logstash-output-tcp/pull/53)
     - Deprecated `ssl_enable` in favor of `ssl_enabled`

data/docs/index.asciidoc CHANGED Viewed

@@ -23,7 +23,7 @@ include::{include_path}/plugin_header.asciidoc[]
 Write events over a TCP socket.
-Each event json is separated by a newline.
+By default this plugin uses the `json` codec. In order to have each event json separated by a newline, use the `json_lines` codec.
 Can either accept connections from clients or connect to a server,
 depending on `mode`.
@@ -33,6 +33,10 @@ depending on `mode`.
 This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
+NOTE: As of version `7.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed. Please see the
+<<plugins-{type}s-{plugin}-obsolete-options>> for more details.
 [cols="<,<,<",options="header",]
 |=======================================================================
 |Setting |Input type|Required
@@ -40,19 +44,15 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-mode>> |<<string,string>>, one of `["server", "client"]`|No
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
 | <<plugins-{type}s-{plugin}-reconnect_interval>> |<<number,number>>|No
-| <<plugins-{type}s-{plugin}-ssl_cacert>> |a valid filesystem path|__Deprecated__
-| <<plugins-{type}s-{plugin}-ssl_cert>> |a valid filesystem path|__Deprecated__
 | <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_client_authentication>> |<<string,string>>, one of `["none", "optional", "required"]`|No
-| <<plugins-{type}s-{plugin}-ssl_enable>> |<<boolean,boolean>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-ssl_enabled>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_verification_mode>> |<<string,string>>, one of `["full", "none"]`|No
-| <<plugins-{type}s-{plugin}-ssl_verify>> |<<boolean,boolean>>|No
 |=======================================================================
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -97,24 +97,6 @@ When mode is `client`, the port to connect to.
 When connect failed,retry interval in sec.
-[id="plugins-{type}s-{plugin}-ssl_cacert"]
-===== `ssl_cacert`
-deprecated[6.2.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>]
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.
-[id="plugins-{type}s-{plugin}-ssl_cert"]
-===== `ssl_cert`
-deprecated[6.2.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate>>]
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-SSL certificate path
 [id="plugins-{type}s-{plugin}-ssl_certificate"]
 ===== `ssl_certificate`
@@ -160,15 +142,6 @@ Please note that the server does not validate the client certificate CN (Common
 NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-mode>> is `server` and <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> is set.
-[id="plugins-{type}s-{plugin}-ssl_enable"]
-===== `ssl_enable`
-deprecated[6.2.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
-  * Value type is <<boolean,boolean>>
-  * Default value is `false`
-Enable SSL (must be set for other `ssl_` options to take effect).
 [id="plugins-{type}s-{plugin}-ssl_enabled"]
 ===== `ssl_enabled`
@@ -223,15 +196,21 @@ has a hostname or IP address that matches the names within the certificate.
 NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-mode>> is `client`.
-[id="plugins-{type}s-{plugin}-ssl_verify"]
-===== `ssl_verify`
-deprecated[6.2.0, Replaced by <<plugins-{type}s-{plugin}-ssl_client_authentication>> and <<plugins-{type}s-{plugin}-ssl_verification_mode>>]
+[id="plugins-{type}s-{plugin}-obsolete-options"]
+==== TCP Output Obsolete Configuration Options
+WARNING: As of version `6.0.0` of this plugin, some configuration options have been replaced.
+The plugin will fail to start if it contains any of these obsolete options.
-  * Value type is <<boolean,boolean>>
-  * Default value is `false`
-Verify the identity of the other end of the SSL connection against the CA.
-For input, sets the field `sslsubject` to that of the client certificate.
+[cols="<,<",options="header",]
+|=======================================================================
+|Setting|Replaced by
+| ssl_cacert |<<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
+| ssl_cert |<<plugins-{type}s-{plugin}-ssl_certificate>>
+| ssl_enable |<<plugins-{type}s-{plugin}-ssl_enabled>>
+| ssl_verify |<<plugins-{type}s-{plugin}-ssl_client_authentication>> in `server` mode and <<plugins-{type}s-{plugin}-ssl_verification_mode>> in `client` mode
+|=======================================================================
 [id="plugins-{type}s-{plugin}-common-options"]
 include::{include_path}/{type}.asciidoc[]

data/lib/logstash/outputs/tcp.rb CHANGED Viewed

@@ -3,7 +3,6 @@ require "logstash/outputs/base"
 require "logstash/namespace"
 require "thread"
 require "logstash/util/socket_peer"
-require "logstash/plugin_mixins/normalize_config_support"
 # Write events over a TCP socket.
 #
@@ -13,8 +12,6 @@ require "logstash/plugin_mixins/normalize_config_support"
 # depending on `mode`.
 class LogStash::Outputs::Tcp < LogStash::Outputs::Base
-  include LogStash::PluginMixins::NormalizeConfigSupport
   config_name "tcp"
   concurrency :single
@@ -35,9 +32,6 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # `client` connects to a server.
   config :mode, :validate => ["server", "client"], :default => "client"
-  # Enable SSL (must be set for other `ssl_` options to take effect).
-  config :ssl_enable, :validate => :boolean, :default => false, :deprecated => "Use 'ssl_enabled' instead."
   # Enable SSL (must be set for other `ssl_` options to take effect).
   config :ssl_enabled, :validate => :boolean, :default => false
@@ -48,10 +42,6 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
   config :ssl_client_authentication, :validate => %w[none optional required], :default => 'none'
-  # Verify the identity of the other end of the SSL connection against the CA.
-  # For input, sets the field `sslsubject` to that of the client certificate.
-  config :ssl_verify, :validate => :boolean, :default => false, :deprecated => "Use 'ssl_client_authentication' when `mode` is 'server' or 'ssl_verification_mode' when mode is `client`"
   # Options to verify the server's certificate.
   # "full": validates that the provided certificate has an issue date that’s within the not_before and not_after dates;
   # chains to a trusted Certificate Authority (CA); has a hostname or IP address that matches the names within the certificate.
@@ -59,16 +49,11 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # "none": performs no certificate validation. Disabling this severely compromises security (https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)
   config :ssl_verification_mode, :validate => %w[full none], :default => 'full'
-  # The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.
-  config :ssl_cacert, :validate => :path, :deprecated => "Use 'ssl_certificate_authorities' instead."
   # Validate client certificate or certificate chain against these authorities. You can define multiple files.
   # All the certificates will be read and added to the trust store.
   config :ssl_certificate_authorities, :validate => :path, :list => true
-  # SSL certificate path
-  config :ssl_cert, :validate => :path, :deprecated => "Use 'ssl_certificate' instead."
   # SSL certificate path
   config :ssl_certificate, :validate => :path
@@ -84,6 +69,11 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # The list of ciphers suite to use
   config :ssl_cipher_suites, :validate => :string, :list => true
+  config :ssl_enable, :obsolete  => "Use 'ssl_enabled' instead."
+  config :ssl_verify, :obsolete => "Use 'ssl_client_authentication' when `mode` is 'server' or 'ssl_verification_mode' when mode is `client`"
+  config :ssl_cacert, :obsolete => "Use 'ssl_certificate_authorities' instead."
+  config :ssl_cert, :obsolete => "Use 'ssl_certificate' instead."
   class Client
     ##
@@ -189,11 +179,6 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   end
   private :load_cert_store
-  def initialize(*args)
-    super(*args)
-    setup_ssl_params!
-  end
   # @overload Base#register
   def register
     require "socket"
@@ -405,47 +390,6 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
     original_params.include?('ssl_enable') ? 'ssl_enable' : 'ssl_enabled'
   end
-  def setup_ssl_params!
-    @ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
-      normalizer.with_deprecated_alias(:ssl_enable)
-    end
-    @ssl_certificate = normalize_config(:ssl_certificate) do |normalizer|
-      normalizer.with_deprecated_alias(:ssl_cert)
-    end
-    if server?
-      @ssl_client_authentication = normalize_config(:ssl_client_authentication) do |normalizer|
-        normalizer.with_deprecated_mapping(:ssl_verify) do |ssl_verify|
-          ssl_verify == true ? 'required' : 'none'
-        end
-      end
-    else
-      @ssl_verification_mode = normalize_config(:ssl_verification_mode) do |normalize|
-        normalize.with_deprecated_mapping(:ssl_verify) do |ssl_verify|
-          ssl_verify == true ? 'full' : 'none'
-        end
-      end
-      # Keep backwards compatibility with the default :ssl_verify value (false)
-      if !original_params.include?('ssl_verify') && !original_params.include?('ssl_verification_mode')
-        @ssl_verification_mode = 'none'
-      end
-    end
-    @ssl_certificate_authorities = normalize_config(:ssl_certificate_authorities) do |normalize|
-      normalize.with_deprecated_mapping(:ssl_cacert) do |ssl_cacert|
-        if File.directory?(ssl_cacert)
-          Dir.children(ssl_cacert)
-          .map{ |f| File.join(ssl_cacert, f) }
-          .reject{ |f| File.directory?(f) || File.basename(f).start_with?('.') }
-        else
-          [ssl_cacert]
-        end
-      end
-    end
-  end
   def server?
     @mode == "server"
   end # def server?

data/logstash-output-tcp.gemspec CHANGED Viewed

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-output-tcp'
-  s.version         = '6.2.0'
+  s.version         = '7.0.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Writes events over a TCP socket"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -24,7 +24,6 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'logstash-core', '>= 8.1.0'
   s.add_runtime_dependency 'logstash-codec-json'
   s.add_runtime_dependency 'stud'
-  s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
   s.add_runtime_dependency 'jruby-openssl', '>= 0.12.2' # 0.12 supports TLSv1.3

data/spec/outputs/tcp_spec.rb CHANGED Viewed

@@ -24,6 +24,25 @@ describe LogStash::Outputs::Tcp do
   let(:event) { LogStash::Event.new('message' => 'foo bar') }
+  ['server', 'client'].each do |mode|
+    describe "handling obsolete settings for #{mode} mode" do
+      [{:name => 'ssl_cert', :replacement => 'ssl_certificate', :sample_value => "certificate_path"},
+       {:name => 'ssl_cacert', :replacement => 'ssl_certificate_authorities', :sample_value => "certificate_path"},
+       {:name => 'ssl_enable', :replacement => 'ssl_enabled', :sample_value => true},
+       {:name => 'ssl_verify', :replacement => 'ssl_client_authentication', :sample_value => 'peer'}].each do | obsolete_setting |
+        context "with obsolete #{obsolete_setting[:name]}" do
+          let (:deprecated_config) do
+            config.merge({'mode' => mode, obsolete_setting[:name] => obsolete_setting[:sample_value]})
+          end
+          it "should raise a config error with the appropriate message" do
+            expect { LogStash::Outputs::Tcp.new(deprecated_config).register }.to raise_error LogStash::ConfigurationError, /The setting `#{obsolete_setting[:name]}` in plugin `tcp` is obsolete and is no longer available. Use '#{obsolete_setting[:replacement]}'/i
+          end
+        end
+      end
+    end
+  end
   context 'failing to connect' do
     before { subject.register }
@@ -214,7 +233,7 @@ describe LogStash::Outputs::Tcp do
       context 'with supported protocol' do
-        let(:config) { super().merge("ssl_supported_protocols" => ['TLSv1.2']) }
+        let(:config) { super().merge("ssl_supported_protocols" => ['TLSv1.2'], "ssl_verification_mode" => "none") }
         let(:server_min_version) { 'TLS1_2' }
@@ -277,7 +296,7 @@ describe LogStash::Outputs::Tcp do
     context "and protocol is TLSv1.3" do
       let(:key_file) { File.join(FIXTURES_PATH, 'plaintext/instance.key') }
       let(:crt_file) { File.join(FIXTURES_PATH, 'plaintext/instance.crt') }
-      let(:config) { super().merge("ssl_certificate" => crt_file, "ssl_key" => key_file) }
+      let(:config) { super().merge("ssl_certificate" => crt_file, "ssl_key" => key_file, "ssl_verification_mode" => "none") }
       let(:secure_server) do
         ssl_context = OpenSSL::SSL::SSLContext.new
@@ -374,16 +393,6 @@ describe LogStash::Outputs::Tcp do
         end
       end
-      context "with deprecated ssl_verify = true and no ssl_certificate_authorities" do
-        let(:config) { super().merge(
-          'ssl_verify' => true,
-          'ssl_certificate_authorities' => []
-        ) }
-        it "should register without errors" do
-          expect { subject.register }.to_not raise_error
-        end
-      end
       %w[required optional].each do |ssl_client_authentication|
         context "with ssl_client_authentication = `#{ssl_client_authentication}` and no ssl_certificate_authorities" do
@@ -409,53 +418,6 @@ describe LogStash::Outputs::Tcp do
       end
     end
-    context "with deprecated settings" do
-      let(:ssl_verify) { true }
-      let(:certificate_path) { File.join(FIXTURES_PATH, 'plaintext/instance.crt') }
-      let(:config) do
-        {
-          "host" => "127.0.0.1",
-          "port" => port,
-          "ssl_enable" => true,
-          "ssl_cert" => certificate_path,
-          "ssl_key" => File.join(FIXTURES_PATH, 'plaintext/instance.key'),
-          "ssl_verify" => ssl_verify
-        }
-      end
-      context "and mode is server" do
-        let(:config) { super().merge("mode" => 'server') }
-        [true, false].each do |verify|
-          context "and ssl_verify is #{verify}" do
-            let(:ssl_verify) { verify }
-            it "should set new configs variables" do
-              subject.register
-              expect(subject.instance_variable_get(:@ssl_enabled)).to eql(true)
-              expect(subject.instance_variable_get(:@ssl_client_authentication)).to eql(verify ? 'required' : 'none')
-              expect(subject.instance_variable_get(:@ssl_certificate)).to eql(certificate_path)
-            end
-          end
-        end
-      end
-      context "and mode is client" do
-        let(:config) { super().merge("mode" => 'client') }
-        [true, false].each do |verify|
-          context "and ssl_verify is #{verify}" do
-            let(:ssl_verify) { verify }
-            it "should set new configs variables" do
-              subject.register
-              expect(subject.instance_variable_get(:@ssl_enabled)).to eql(true)
-              expect(subject.instance_variable_get(:@ssl_verification_mode)).to eql(verify ? 'full' : 'none')
-              expect(subject.instance_variable_get(:@ssl_certificate)).to eql(certificate_path)
-            end
-          end
-        end
-      end
-    end
     context "with ssl_client_authentication" do
       let(:config) do
         super().merge 'ssl_client_authentication' => 'required'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-tcp
 version: !ruby/object:Gem::Version
-  version: 6.2.0
+  version: 7.0.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-19 00:00:00.000000000 Z
+date: 2025-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -20,8 +20,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.99'
   name: logstash-core-plugin-api
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -37,8 +37,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 8.1.0
   name: logstash-core
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -51,8 +51,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-json
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -65,27 +65,13 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: stud
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  name: logstash-mixin-normalize_config_support
-  prerelease: false
-  type: :runtime
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -93,8 +79,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.12.2
   name: jruby-openssl
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -107,8 +93,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-devutils
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -121,8 +107,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-plain
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -135,8 +121,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: flores
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -185,7 +171,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
 summary: Writes events over a TCP socket