RubyGems - logstash-output-tcp - Versions diffs - 6.0.3 → 6.1.0 - Mend

logstash-output-tcp 6.0.3 → 6.1.0

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +3 -5
data/docs/index.asciidoc +15 -0
data/lib/logstash/outputs/tcp.rb +72 -80
data/logstash-output-tcp.gemspec +5 -2
data/spec/outputs/tcp_spec.rb +152 -132
metadata +44 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5db164894be7c046e3dce9337af0ce5b684f19b1b35274a0d3b925e97fe402c8
-  data.tar.gz: 63dbb52d49285af564f83de8218c3af098b1d0f62d9deee019c15eae5cbd98e2
+  metadata.gz: d30cf25cfbc7e1cc2e72d5e1eb8ab8179d42b31413a549801a012d5e1be7e640
+  data.tar.gz: 53632382865d4bade1e6d56e9872b1b5db690fd9b866cb4d0952dfa8d1156cee
 SHA512:
-  metadata.gz: 10b22e722c22edce1fd3699e876ab898283d66ec0aa256f9d9c6159112bcf54f872b4e68d8bc7eb72b999c54442d5b65c69fa87194f6c6a58623f7c1939c9c09
-  data.tar.gz: eb6477d5f227184f46bac1c01453215fbd2f2ebf3c0fbb819413d5555d2ab7472ab61b11d737016487b3d1255bcc65fce008f350683ad28e9468fbb1f55ded49
+  metadata.gz: e48f3511c25df04edb79dfd0425c6a84d18808bce5f8d4910cabe024955e6c16f8b856a8ac7fac01cb7721e7628934101e14e7180497a7c6cc1096169290963e
+  data.tar.gz: 94758e5adb6be529f4c70715aa0796d1a15bd8d17e91d35c63fdc1b29eccea58c0f36e4c29b0cf911a3691fade34c895922ca9b0384cd3df405f723a97ff642f

data/CHANGELOG.md CHANGED Viewed

@@ -1,8 +1,6 @@
-## 6.0.3
-  - Pulled applicable back-ports from 6.1.0 [#50](https://github.com/logstash-plugins/logstash-output-tcp/pull/50)
-    - Fix: Ensure sockets are closed when this plugin is closed
-    - Fix: Fixes an issue in client mode where payloads larger than a connection's current TCP window could be silently truncated
-  - Fix: Fixes an issue in server mode where payloads larger than a connection's current TCP window could be silently truncated
+## 6.1.0
+  - Feat: ssl_supported_protocols (TLSv1.3) [#47](https://github.com/logstash-plugins/logstash-output-tcp/pull/47)
+  - Fix: close server and client sockets on plugin close
 ## 6.0.2
   - Fix: unable to start with password protected key [#45](https://github.com/logstash-plugins/logstash-output-tcp/pull/45)

data/docs/index.asciidoc CHANGED Viewed

@@ -45,6 +45,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-ssl_enable>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
+| <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_verify>> |<<boolean,boolean>>|No
 |=======================================================================
@@ -130,6 +131,20 @@ SSL key path
 SSL key passphrase
+[id="plugins-{type}s-{plugin}-ssl_supported_protocols"]
+===== `ssl_supported_protocols`
+  * Value type is <<string,string>>
+  * Allowed values are: `'TLSv1.1'`, `'TLSv1.2'`, `'TLSv1.3'`
+  * Default depends on the JDK being used. With up-to-date Logstash, the default is `['TLSv1.2', 'TLSv1.3']`.
+    `'TLSv1.1'` is not considered secure and is only provided for legacy applications.
+List of allowed SSL/TLS versions to use when establishing a secure connection.
+NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the one packaged with Logstash,
+the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
+the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
 [id="plugins-{type}s-{plugin}-ssl_verify"]
 ===== `ssl_verify`

data/lib/logstash/outputs/tcp.rb CHANGED Viewed

@@ -51,30 +51,23 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # SSL key passphrase
   config :ssl_key_passphrase, :validate => :password, :default => nil
-  ##
-  # @param socket [Socket]
-  # @param logger_context [#log_warn&#log_error&#logger]
+  # NOTE: the default setting [] uses SSL engine defaults
+  config :ssl_supported_protocols, :validate => ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'], :default => [], :list => true
   class Client
-    def initialize(socket, logger_context)
+    def initialize(socket, logger)
       @socket = socket
-      @peer_info = socket.peer
-      @logger_context = logger_context
+      @logger = logger
       @queue  = Queue.new
     end
     def run
       loop do
         begin
-          payload = @queue.pop
-          @logger_context.logger.trace("transmitting #{payload.bytesize} bytes", socket: @peer_info) if @logger_context.logger.trace? && payload && !payload.empty?
-          while payload && !payload.empty?
-            written_bytes_size = @socket.write(payload)
-            payload = payload.byteslice(written_bytes_size..-1)
-            @logger_context.logger.log_trace(">transmitted #{written_bytes_size} bytes; #{payload.bytesize} bytes remain", socket: @peer_info) if @logger_context.logger.trace?
-          end
+          @socket.write(@queue.pop)
         rescue => e
-          @logger_context.log_warn("tcp output exception: socket write failed", e, :socket => @peer_info)
+          log_warn 'socket write failed:', e, socket: (@socket ? @socket.to_s : nil)
           break
         end
       end
@@ -87,15 +80,14 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
     def close
       @socket.close
     rescue => e
-      @logger_context.log_warn 'socket close failed:', e, socket: @socket&.to_s
+      log_warn 'socket close failed:', e, socket: (@socket ? @socket.to_s : nil)
     end
   end # class Client
-  private
   def setup_ssl
     require "openssl"
-    @ssl_context = OpenSSL::SSL::SSLContext.new
+    @ssl_context = new_ssl_context
     if @ssl_cert
       @ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
       if @ssl_key
@@ -117,44 +109,63 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
       @ssl_context.cert_store = @cert_store
       @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
     end
-  end # def setup_ssl
-  public
+    @ssl_context.min_version = :TLS1_1 # not strictly required - JVM should have disabled TLSv1
+    if ssl_supported_protocols.any?
+      disabled_protocols = ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'] - ssl_supported_protocols
+      unless OpenSSL::SSL.const_defined? :OP_NO_TLSv1_3 # work-around JRuby-OpenSSL bug - missing constant
+        @ssl_context.max_version = :TLS1_2 if disabled_protocols.delete('TLSv1.3')
+      end
+      # mapping 'TLSv1.2' -> OpenSSL::SSL::OP_NO_TLSv1_2
+      disabled_protocols.map! { |v| OpenSSL::SSL.const_get "OP_NO_#{v.sub('.', '_')}" }
+      @ssl_context.options = disabled_protocols.reduce(@ssl_context.options, :|)
+    end
+    @ssl_context
+  end
+  private :setup_ssl
+  # @note to be able to hook up into #ssl_context from tests
+  def new_ssl_context
+    OpenSSL::SSL::SSLContext.new
+  end
+  private :new_ssl_context
+  # @overload Base#register
   def register
     require "socket"
     require "stud/try"
-    if @ssl_enable
-      setup_ssl
-    end # @ssl_enable
     @closed = Concurrent::AtomicBoolean.new(false)
-    @thread_no = Concurrent::AtomicFixnum.new(0)
+    setup_ssl if @ssl_enable
     if server?
       @logger.info("Starting tcp output listener", :address => "#{@host}:#{@port}")
       begin
         @server_socket = TCPServer.new(@host, @port)
       rescue Errno::EADDRINUSE
-        @logger.error("Could not start TCP server: Address in use",
-                      :host => @host, :port => @port)
+        @logger.error("Could not start tcp server: Address in use", host: @host, port: @port)
         raise
       end
       if @ssl_enable
         @server_socket = OpenSSL::SSL::SSLServer.new(@server_socket, @ssl_context)
       end # @ssl_enable
-      @client_threads = []
+      @client_threads = Concurrent::Array.new
       @accept_thread = Thread.new(@server_socket) do |server_socket|
         LogStash::Util.set_thread_name("[#{pipeline_id}]|output|tcp|server_accept")
         loop do
           break if @closed.value
-          Thread.start(server_socket.accept) do |client_socket|
+          client_socket = server_socket.accept_nonblock exception: false
+          if client_socket == :wait_readable
+            IO.select [ server_socket ]
+            next
+          end
+          Thread.start(client_socket) do |client_socket|
             # monkeypatch a 'peer' method onto the socket.
-            client_socket.extend(::LogStash::Util::SocketPeer)
-            @logger.debug("Accepted connection", :client => client_socket.peer,
-                          :server => "#{@host}:#{@port}")
-            client = Client.new(client_socket, self)
+            client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
+            @logger.debug("accepted connection", client: client_socket.peer, server: "#{@host}:#{@port}")
+            client = Client.new(client_socket, @logger)
             Thread.current[:client] = client
-            LogStash::Util.set_thread_name("[#{pipeline_id}]|output|tcp|client_socket-#{@thread_no.increment}")
+            LogStash::Util.set_thread_name("[#{pipeline_id}]|output|tcp|client_socket-#{@client_threads.size}")
             @client_threads << Thread.current
             client.run unless @closed.value
           end
@@ -168,62 +179,48 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
         end
       end
     else
-      @client_socket = nil
-      peer_info = nil
+      client_socket = nil
       @codec.on_event do |event, payload|
         begin
-          # not threadsafe; this is why we require `concurrency: single`
-          unless @client_socket
-            @client_socket = connect
-            peer_info = @client_socket.peer
-          end
-          writable_io = nil
-          while writable_io.nil? || writable_io.any? == false
-            readable_io, writable_io, _ = IO.select([@client_socket],[@client_socket])
-            # don't expect any reads, but a readable socket might
-            # mean the remote end closed, so read it and throw it away.
-            # we'll get an EOFError if it happens.
-            readable_io.each { |readable| readable.sysread(16384) }
-          end
+          client_socket = connect unless client_socket
+          r,w,e = IO.select([client_socket], [client_socket], [client_socket], nil)
+          # don't expect any reads, but a readable socket might
+          # mean the remote end closed, so read it and throw it away.
+          # we'll get an EOFError if it happens.
+          client_socket.sysread(16384) if r.any?
           # Now send the payload
-          @logger.trace("transmitting #{payload.bytesize} bytes", socket: peer_info) if @logger.trace? && payload && !payload.empty?
-          while payload && payload.bytesize > 0
-            written_bytes_size = @client_socket.syswrite(payload)
-            payload = payload.byteslice(written_bytes_size..-1)
-            @logger.trace(">transmitted #{written_bytes_size} bytes; #{payload.bytesize} bytes remain", socket: peer_info) if @logger.trace?
-          end
+          client_socket.syswrite(payload) if w.any?
         rescue => e
-          log_warn "client socket failed:", e, host: @host, port: @port, socket: peer_info
-          @client_socket.close rescue nil
-          @client_socket = nil
+          log_warn "client socket failed:", e, host: @host, port: @port, socket: (client_socket ? client_socket.to_s : nil)
+          client_socket.close rescue nil
+          client_socket = nil
           sleep @reconnect_interval
           retry
         end
       end
     end
-  end # def register
+  end
+  # @overload Base#receive
+  def receive(event)
+    @codec.encode(event)
+  end
   # @overload Base#close
   def close
-    if server?
-      # server-mode clean-up
-      @closed.make_true
-      @server_socket.shutdown rescue nil if @server_socket
+    @closed.make_true
+    @server_socket.close rescue nil if @server_socket
-      @client_threads&.each do |thread|
-        client = thread[:client]
-        client.close rescue nil if client
-      end
-    else
-      # client-mode clean-up
-      @client_socket&.close
+    return unless @client_threads
+    @client_threads.each do |thread|
+      client = thread[:client]
+      client.close rescue nil if client
     end
   end
   private
   def connect
     begin
       client_socket = TCPSocket.new(@host, @port)
@@ -238,26 +235,20 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
           raise
         end
       end
-      client_socket.extend(::LogStash::Util::SocketPeer)
-      @logger.debug("Opened connection", :client => "#{client_socket.peer}")
+      client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
+      @logger.debug("opened connection", :client => client_socket.peer)
       return client_socket
-    rescue StandardError => e
+    rescue => e
       log_error 'failed to connect:', e
       sleep @reconnect_interval
       retry
     end
   end # def connect
-  private
   def server?
     @mode == "server"
   end # def server?
-  public
-  def receive(event)
-    @codec.encode(event)
-  end # def receive
   def pipeline_id
     execution_context.pipeline_id || 'main'
   end
@@ -273,4 +264,5 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
     details[:backtrace] = e.backtrace if backtrace
     @logger.error(msg, details)
   end
 end # class LogStash::Outputs::Tcp

data/logstash-output-tcp.gemspec CHANGED Viewed

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-output-tcp'
-  s.version         = '6.0.3'
+  s.version         = '6.1.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Writes events over a TCP socket"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -21,11 +21,14 @@ Gem::Specification.new do |s|
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency 'logstash-core', '>= 8.1.0'
   s.add_runtime_dependency 'logstash-codec-json'
   s.add_runtime_dependency 'stud'
+  s.add_runtime_dependency 'jruby-openssl', '>= 0.12.2' # 0.12 supports TLSv1.3
   s.add_development_dependency 'logstash-devutils'
+  s.add_development_dependency 'logstash-codec-plain'
   s.add_development_dependency 'flores'
 end

data/spec/outputs/tcp_spec.rb CHANGED Viewed

@@ -3,14 +3,113 @@ require "logstash/outputs/tcp"
 require "flores/pki"
 describe LogStash::Outputs::Tcp do
-  subject(:instance) { described_class.new(config) }
-  let(:config) { {
-    "host" => "localhost",
-    "port" => 2000 + rand(3000),
-  } }
+  subject { described_class.new(config) }
+  let(:port) do
+    begin
+      # Start high to better avoid common services
+      port = rand(10000..65535)
+      s = TCPServer.new("127.0.0.1", port)
+      s.close
+      port
+    rescue Errno::EADDRINUSE
+      retry
+    end
+  end
+  let(:server) { TCPServer.new("127.0.0.1", port) }
+  let(:config) { { "host" => "localhost", "port" => port } }
+  let(:event) { LogStash::Event.new('message' => 'foo bar') }
+  context 'failing to connect' do
+    before { subject.register }
+    let(:config) { super().merge 'port' => 1000 }
+    it 'fails to connect' do
+      expect( subject ).to receive(:log_error).and_call_original
+      Thread.start { subject.receive(event) }
+      sleep 1.0
+    end
+  end
+  context 'server mode' do
+    before { subject.register }
+    let(:config) { super().merge 'mode' => 'server' }
+    let(:client) do
+      Stud::try(3.times) { TCPSocket.new("127.0.0.1", port) }
+    end
+    after { subject.close }
+    it 'receives serialized data' do; require 'json'
+      client # connect
+      Thread.start { sleep 0.5; subject.receive event }
+      read = client.recv(1000)
+      expect( read.size ).to be > 0
+      expect( JSON.parse(read)['message'] ).to eql 'foo bar'
+    end
+  end
+  context "with forced protocol" do
+    let(:config) do
+      super().merge 'ssl_supported_protocols' => [ 'TLSv1.1' ]
+    end
+    it "limits protocol selection" do
+      if OpenSSL::SSL.const_defined? :OP_NO_TLSv1_3
+        ssl_context = subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_3).to_not eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to_not eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      else
+        ssl_context = OpenSSL::SSL::SSLContext.new
+        allow(subject).to receive(:new_ssl_context).and_return(ssl_context)
+        expect(ssl_context).to receive(:max_version=).with(:'TLS1_2').and_call_original
+        ssl_context = subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to_not eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      end
+    end
+  end
+  context "with protocol range" do
+    let(:config) do
+      super().merge 'ssl_supported_protocols' => [ 'TLSv1.3', 'TLSv1.1', 'TLSv1.2' ]
+    end
+    it "does not limit protocol selection (except min_version)" do
+      ssl_context = OpenSSL::SSL::SSLContext.new
+      allow(subject).to receive(:new_ssl_context).and_return(ssl_context)
+      expect(ssl_context).to receive(:min_version=).with(:'TLS1_1').at_least(1).and_call_original
+      if OpenSSL::SSL.const_defined? :OP_NO_TLSv1_3
+        subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_3).to eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      else
+        subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      end
+      subject.send :setup_ssl
+    end
+  end
   context "when enabling SSL" do
-    let(:config) { super().merge("ssl_enable" => true) }
+    let(:config) { super().merge("ssl_enable" => true, 'codec' => 'plain') }
     context "and not providing a certificate/key pair" do
       it "registers without error" do
         expect { subject.register }.to_not raise_error
@@ -51,160 +150,81 @@ describe LogStash::Outputs::Tcp do
         end
       end
-    end
-    context "encrypted key using PKCS#1" do
-      let(:key_file) { File.join(FIXTURES_PATH, 'encrypted/instance.key') }
-      let(:crt_file) { File.join(FIXTURES_PATH, 'encrypted/instance.crt') }
-      let(:config) { super().merge("ssl_cert" => crt_file, "ssl_key" => key_file) }
-      it "registers with error (due missing password)" do
-        expect { subject.register }.to raise_error(OpenSSL::PKey::RSAError) # TODO need a better error
+      let(:secure_server) do
+        ssl_context = OpenSSL::SSL::SSLContext.new
+        ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(crt_file))
+        ssl_context.key = OpenSSL::PKey::RSA.new(File.read(key_file), nil)
+        ssl_context.ssl_version = server_ssl_version if server_ssl_version
+        ssl_context.min_version = server_min_version if server_min_version
+        ssl_context.max_version = server_max_version if server_max_version
+        OpenSSL::SSL::SSLServer.new(server, ssl_context)
       end
-      context 'with valid password' do
-        let(:config) { super().merge("ssl_key_passphrase" => '1234567890') }
+      let(:server_min_version) { nil }
+      let(:server_max_version) { nil }
+      let(:server_ssl_version) { nil }
-        it "registers without error" do
-          expect { subject.register }.to_not raise_error
-        end
+      context 'with supported protocol' do
-      end
-    end
-  end
+        let(:config) { super().merge("ssl_supported_protocols" => ['TLSv1.2']) }
-  ##
-  # Reads `in_io` until EOF and writes the bytes
-  # it receives to `out_io`, tolerating partial writes.
-  def siphon_until_eof(in_io, out_io)
-    buffer = ""
-    while (retval = in_io.read_nonblock(32*1024, buffer, exception:false)) do
-      (IO.select([in_io], nil, nil, 5); next) if retval == :wait_readable
-      while (buffer && !buffer.empty?) do
-        bytes_written = out_io.write(buffer)
-        buffer.replace buffer.byteslice(bytes_written..-1)
-      end
-    end
-  end
+        let(:server_min_version) { 'TLS1_2' }
-  context 'client mode' do
-    context 'transmitting data' do
-      let!(:io) { StringIO.new } # somewhere for our server to stash the data it receives
+        before { subject.register }
+        after { secure_server.close }
-      let(:server_host) { 'localhost' }
-      let(:server_port) { server.addr[1] } # get actual since we bind to port 0
-      let!(:server) { TCPServer.new(server_host, 0) }
+        it 'reads plain data' do
+          Thread.start { sleep 0.25; subject.receive event }
+          socket = secure_server.accept
+          read = socket.sysread(100)
+          expect( read.size ).to be > 0
+          expect( read ).to end_with 'foo bar'
+        end
-      let(:config) do
-        { 'host' => server_host, 'port' => server_port, 'mode' => 'client' }
       end
-      let(:event) { LogStash::Event.new({"hello" => "world"})}
+      context 'with unsupported protocol (on server)' do
-      subject(:instance) { described_class.new(config) }
+        let(:config) { super().merge("ssl_supported_protocols" => ['TLSv1.1']) }
-      before(:each) do
-        # accepts ONE connection
-        @server_socket_thread = Thread.start do
-          client = server.accept
-          siphon_until_eof(client, io)
-        end
-        instance.register
-      end
+        let(:server_min_version) { 'TLS1_2' }
-      after(:each) do
-        @server_socket_thread&.join
-      end
+        before { subject.register }
+        after { secure_server.close }
-      it 'encodes and transmits data' do
-        instance.receive(event)
-        sleep 1
-        instance.close # release the connection
-        @server_socket_thread.join(30)  || fail('server failed to join')
-        expect(io.string).to include('"hello"','"world"')
-      end
+        it 'fails (and loops retrying)' do
+          expect(subject.logger).to receive(:error).with(/connect ssl failure/i, hash_including(message: /No appropriate protocol/i)).and_call_original
+          expect(subject.logger).to receive(:error).with(/failed to connect/i, hash_including(exception: OpenSSL::SSL::SSLError)).and_call_original
+          expect(subject).to receive(:sleep).once.and_call_original
+          expect(subject).to receive(:sleep).once.and_throw :TEST_DONE # to be able to abort the retry loop
-      context 'when payload is very large' do
-        let(:one_hundred_megabyte_message) { "a" * 1024 * 1024 * 100 }
-        let(:event) { LogStash::Event.new("message" => one_hundred_megabyte_message) }
-        it 'encodes and transmits data' do
-          instance.receive(event)
-          sleep 1
-          instance.close # release the connection
-          @server_socket_thread.join(30)  || fail('server failed to join')
-          expect(io.string).to include('"message"',%Q("#{one_hundred_megabyte_message}"))
+          Thread.start { secure_server.accept rescue nil }
+          expect { subject.receive event }.to throw_symbol(:TEST_DONE)
         end
-      end
-    end
-  end
-  context 'server mode' do
+      end if LOGSTASH_VERSION > '7.0'
-    def wait_for_condition(total_time_in_seconds, &block)
-      deadline = Time.now + total_time_in_seconds
-      until Time.now > deadline
-        return if yield
-        sleep(1)
-      end
-      fail('condition not met!')
     end
-    context 'transmitting data' do
-      let(:server_host) { 'localhost' }
-      let(:server_port) { Random.rand(1024...5000) }
+    context "encrypted key using PKCS#1" do
+      let(:key_file) { File.join(FIXTURES_PATH, 'encrypted/instance.key') }
+      let(:crt_file) { File.join(FIXTURES_PATH, 'encrypted/instance.crt') }
+      let(:config) { super().merge("ssl_cert" => crt_file, "ssl_key" => key_file) }
-      let(:config) do
-        { 'host' => server_host, 'port' => server_port, 'mode' => 'server' }
+      it "registers with error (due missing password)" do
+        expect { subject.register }.to raise_error(OpenSSL::PKey::RSAError) # TODO need a better error
       end
-      subject(:instance) { described_class.new(config) }
-      before(:each) { instance.register } # start listener
-      after(:each) { instance.close }
-      let(:event) { LogStash::Event.new({"hello" => "world"})}
-      context 'when one client is connected' do
-        let(:io) { StringIO.new }
-        let(:client_socket) { TCPSocket.new(server_host, server_port) }
-        before(:each) do
-          @client_socket_thread = Thread.start { siphon_until_eof(client_socket, io) }
-          sleep 1 # wait for it to actually connect
-        end
-        it 'encodes and transmits data' do
-          sleep 1
-          instance.receive(event)
+      context 'with valid password' do
-          wait_for_condition(30) { !io.size.zero? }
-          sleep 1 # wait for the event to get sent...
-          instance.close # release the connection
+        let(:config) { super().merge("ssl_key_passphrase" => '1234567890') }
-          @client_socket_thread.join(30) || fail('client failed to join')
-          expect(io.string).to include('"hello"','"world"')
+        it "registers without error" do
+          expect { subject.register }.to_not raise_error
         end
-        context 'when payload is very large' do
-          let(:one_hundred_megabyte_message) { "a" * 1024 * 1024 * 100 }
-          let(:event) { LogStash::Event.new("message" => one_hundred_megabyte_message) }
-          it 'encodes and transmits data' do
-          instance.receive(event)
-          wait_for_condition(30) { io.size >= one_hundred_megabyte_message.size }
-          sleep 1 # wait for the event to get sent...
-          instance.close # release the connection
-          @client_socket_thread.join(30) || fail('client failed to join')
-            expect(io.string).to include('"message"',%Q("#{one_hundred_megabyte_message}"))
-          end
-        end
       end
     end
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-tcp
 version: !ruby/object:Gem::Version
-  version: 6.0.3
+  version: 6.1.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-11-04 00:00:00.000000000 Z
+date: 2022-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -30,6 +30,20 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.1.0
+  name: logstash-core
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.1.0
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -58,6 +72,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.12.2
+  name: jruby-openssl
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.12.2
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -72,6 +100,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-codec-plain
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements: