RubyGems - logstash-output-tcp - Versions diffs - 6.2.1 → 7.0.0 - Mend

logstash-output-tcp 6.2.1 → 7.0.0

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 12843c570af7ef789c697435e55375ecda6d6ed85a63181ae0501cc21298bbeb
-  data.tar.gz: 95a41abe82bb81210646428fb6d228a390a7ba87043e817dab5a75b19405195e
+  metadata.gz: d6f831af52dc575cf49b8bd64ac494753bbc852bb8cdc37df12ff7c1b0b40a7f
+  data.tar.gz: c0fd08ae08b9b9518f37164539db57a137ffea4c1a92b82915b2678f329b4247
 SHA512:
-  metadata.gz: 50d788801e0d243a7e3ba77cf4c96fb31e5a273656a99a6f5b5714076cb1bc4a5a0b5c3dcf8b3d36c7402d38a442129ebaf72b1f9cce7ec4dd22a532a7cd72ec
-  data.tar.gz: 43e9a8f1c6e401801eb8ead0fc6773ff39c3f2efa0f112cbf63075050769f2acb09f870734001c9678ee679fd2f633243c22cdb3d4cf8455ea6ae69f672d5fcc
+  metadata.gz: 3d2bf294da64059cdfd5d25ab58172e8b0d02011b9657fc72bbda2e4839d71ef64465405af9320fbaff72c2c4e76308fd696577f84c4eabad7e52bd8011ce6ca
+  data.tar.gz: 6ec47a3647e01a3324ddfdf9c0804d14aafa610e5e648d65fa90e37c89831cf1a8f5e3c3f709c564d9ae3bd55a794af62d9bbca8f2d098e0963e347e7a5ed85e

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,11 @@
+## 7.0.0
+  - SSL settings that were marked deprecated in version `6.2.0` are now marked obsolete, and will prevent the plugin from starting.
+  - These settings are:
+      - `ssl_cert`, which should be replaced by `ssl_certificate`
+      - `ssl_cacert`, which should be replaced by `ssl_certificate_authorities`
+      - `ssl_enable`, which should be replaced by `ssl_enabled`
+      - `ssl_verify`, which should be replaced by `ssl_client_authentication` when `mode` is `server` or `ssl_verification_mode`when mode is `client`
+      - [58](https://github.com/logstash-plugins/logstash-output-tcp/pull/58)
 ## 6.2.1
   - Document correct default plugin codec [#54](https://github.com/logstash-plugins/logstash-output-tcp/pull/54)

data/docs/index.asciidoc CHANGED Viewed

@@ -33,6 +33,10 @@ depending on `mode`.
 This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
+NOTE: As of version `7.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed. Please see the
+<<plugins-{type}s-{plugin}-obsolete-options>> for more details.
 [cols="<,<,<",options="header",]
 |=======================================================================
 |Setting |Input type|Required
@@ -40,19 +44,15 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-mode>> |<<string,string>>, one of `["server", "client"]`|No
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
 | <<plugins-{type}s-{plugin}-reconnect_interval>> |<<number,number>>|No
-| <<plugins-{type}s-{plugin}-ssl_cacert>> |a valid filesystem path|__Deprecated__
-| <<plugins-{type}s-{plugin}-ssl_cert>> |a valid filesystem path|__Deprecated__
 | <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_client_authentication>> |<<string,string>>, one of `["none", "optional", "required"]`|No
-| <<plugins-{type}s-{plugin}-ssl_enable>> |<<boolean,boolean>>|__Deprecated__
 | <<plugins-{type}s-{plugin}-ssl_enabled>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_verification_mode>> |<<string,string>>, one of `["full", "none"]`|No
-| <<plugins-{type}s-{plugin}-ssl_verify>> |<<boolean,boolean>>|No
 |=======================================================================
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -97,24 +97,6 @@ When mode is `client`, the port to connect to.
 When connect failed,retry interval in sec.
-[id="plugins-{type}s-{plugin}-ssl_cacert"]
-===== `ssl_cacert`
-deprecated[6.2.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>]
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.
-[id="plugins-{type}s-{plugin}-ssl_cert"]
-===== `ssl_cert`
-deprecated[6.2.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate>>]
-  * Value type is <<path,path>>
-  * There is no default value for this setting.
-SSL certificate path
 [id="plugins-{type}s-{plugin}-ssl_certificate"]
 ===== `ssl_certificate`
@@ -160,15 +142,6 @@ Please note that the server does not validate the client certificate CN (Common
 NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-mode>> is `server` and <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> is set.
-[id="plugins-{type}s-{plugin}-ssl_enable"]
-===== `ssl_enable`
-deprecated[6.2.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
-  * Value type is <<boolean,boolean>>
-  * Default value is `false`
-Enable SSL (must be set for other `ssl_` options to take effect).
 [id="plugins-{type}s-{plugin}-ssl_enabled"]
 ===== `ssl_enabled`
@@ -223,15 +196,21 @@ has a hostname or IP address that matches the names within the certificate.
 NOTE: This setting can be used only if <<plugins-{type}s-{plugin}-mode>> is `client`.
-[id="plugins-{type}s-{plugin}-ssl_verify"]
-===== `ssl_verify`
-deprecated[6.2.0, Replaced by <<plugins-{type}s-{plugin}-ssl_client_authentication>> and <<plugins-{type}s-{plugin}-ssl_verification_mode>>]
+[id="plugins-{type}s-{plugin}-obsolete-options"]
+==== TCP Output Obsolete Configuration Options
+WARNING: As of version `6.0.0` of this plugin, some configuration options have been replaced.
+The plugin will fail to start if it contains any of these obsolete options.
-  * Value type is <<boolean,boolean>>
-  * Default value is `false`
-Verify the identity of the other end of the SSL connection against the CA.
-For input, sets the field `sslsubject` to that of the client certificate.
+[cols="<,<",options="header",]
+|=======================================================================
+|Setting|Replaced by
+| ssl_cacert |<<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
+| ssl_cert |<<plugins-{type}s-{plugin}-ssl_certificate>>
+| ssl_enable |<<plugins-{type}s-{plugin}-ssl_enabled>>
+| ssl_verify |<<plugins-{type}s-{plugin}-ssl_client_authentication>> in `server` mode and <<plugins-{type}s-{plugin}-ssl_verification_mode>> in `client` mode
+|=======================================================================
 [id="plugins-{type}s-{plugin}-common-options"]
 include::{include_path}/{type}.asciidoc[]

data/lib/logstash/outputs/tcp.rb CHANGED Viewed

@@ -3,7 +3,6 @@ require "logstash/outputs/base"
 require "logstash/namespace"
 require "thread"
 require "logstash/util/socket_peer"
-require "logstash/plugin_mixins/normalize_config_support"
 # Write events over a TCP socket.
 #
@@ -13,8 +12,6 @@ require "logstash/plugin_mixins/normalize_config_support"
 # depending on `mode`.
 class LogStash::Outputs::Tcp < LogStash::Outputs::Base
-  include LogStash::PluginMixins::NormalizeConfigSupport
   config_name "tcp"
   concurrency :single
@@ -35,9 +32,6 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # `client` connects to a server.
   config :mode, :validate => ["server", "client"], :default => "client"
-  # Enable SSL (must be set for other `ssl_` options to take effect).
-  config :ssl_enable, :validate => :boolean, :default => false, :deprecated => "Use 'ssl_enabled' instead."
   # Enable SSL (must be set for other `ssl_` options to take effect).
   config :ssl_enabled, :validate => :boolean, :default => false
@@ -48,10 +42,6 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
   config :ssl_client_authentication, :validate => %w[none optional required], :default => 'none'
-  # Verify the identity of the other end of the SSL connection against the CA.
-  # For input, sets the field `sslsubject` to that of the client certificate.
-  config :ssl_verify, :validate => :boolean, :default => false, :deprecated => "Use 'ssl_client_authentication' when `mode` is 'server' or 'ssl_verification_mode' when mode is `client`"
   # Options to verify the server's certificate.
   # "full": validates that the provided certificate has an issue date that’s within the not_before and not_after dates;
   # chains to a trusted Certificate Authority (CA); has a hostname or IP address that matches the names within the certificate.
@@ -59,16 +49,11 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # "none": performs no certificate validation. Disabling this severely compromises security (https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)
   config :ssl_verification_mode, :validate => %w[full none], :default => 'full'
-  # The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.
-  config :ssl_cacert, :validate => :path, :deprecated => "Use 'ssl_certificate_authorities' instead."
   # Validate client certificate or certificate chain against these authorities. You can define multiple files.
   # All the certificates will be read and added to the trust store.
   config :ssl_certificate_authorities, :validate => :path, :list => true
-  # SSL certificate path
-  config :ssl_cert, :validate => :path, :deprecated => "Use 'ssl_certificate' instead."
   # SSL certificate path
   config :ssl_certificate, :validate => :path
@@ -84,6 +69,11 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # The list of ciphers suite to use
   config :ssl_cipher_suites, :validate => :string, :list => true
+  config :ssl_enable, :obsolete  => "Use 'ssl_enabled' instead."
+  config :ssl_verify, :obsolete => "Use 'ssl_client_authentication' when `mode` is 'server' or 'ssl_verification_mode' when mode is `client`"
+  config :ssl_cacert, :obsolete => "Use 'ssl_certificate_authorities' instead."
+  config :ssl_cert, :obsolete => "Use 'ssl_certificate' instead."
   class Client
     ##
@@ -189,11 +179,6 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   end
   private :load_cert_store
-  def initialize(*args)
-    super(*args)
-    setup_ssl_params!
-  end
   # @overload Base#register
   def register
     require "socket"
@@ -405,47 +390,6 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
     original_params.include?('ssl_enable') ? 'ssl_enable' : 'ssl_enabled'
   end
-  def setup_ssl_params!
-    @ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
-      normalizer.with_deprecated_alias(:ssl_enable)
-    end
-    @ssl_certificate = normalize_config(:ssl_certificate) do |normalizer|
-      normalizer.with_deprecated_alias(:ssl_cert)
-    end
-    if server?
-      @ssl_client_authentication = normalize_config(:ssl_client_authentication) do |normalizer|
-        normalizer.with_deprecated_mapping(:ssl_verify) do |ssl_verify|
-          ssl_verify == true ? 'required' : 'none'
-        end
-      end
-    else
-      @ssl_verification_mode = normalize_config(:ssl_verification_mode) do |normalize|
-        normalize.with_deprecated_mapping(:ssl_verify) do |ssl_verify|
-          ssl_verify == true ? 'full' : 'none'
-        end
-      end
-      # Keep backwards compatibility with the default :ssl_verify value (false)
-      if !original_params.include?('ssl_verify') && !original_params.include?('ssl_verification_mode')
-        @ssl_verification_mode = 'none'
-      end
-    end
-    @ssl_certificate_authorities = normalize_config(:ssl_certificate_authorities) do |normalize|
-      normalize.with_deprecated_mapping(:ssl_cacert) do |ssl_cacert|
-        if File.directory?(ssl_cacert)
-          Dir.children(ssl_cacert)
-          .map{ |f| File.join(ssl_cacert, f) }
-          .reject{ |f| File.directory?(f) || File.basename(f).start_with?('.') }
-        else
-          [ssl_cacert]
-        end
-      end
-    end
-  end
   def server?
     @mode == "server"
   end # def server?

data/logstash-output-tcp.gemspec CHANGED Viewed

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-output-tcp'
-  s.version         = '6.2.1'
+  s.version         = '7.0.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Writes events over a TCP socket"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -24,7 +24,6 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'logstash-core', '>= 8.1.0'
   s.add_runtime_dependency 'logstash-codec-json'
   s.add_runtime_dependency 'stud'
-  s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
   s.add_runtime_dependency 'jruby-openssl', '>= 0.12.2' # 0.12 supports TLSv1.3

data/spec/outputs/tcp_spec.rb CHANGED Viewed

@@ -24,6 +24,25 @@ describe LogStash::Outputs::Tcp do
   let(:event) { LogStash::Event.new('message' => 'foo bar') }
+  ['server', 'client'].each do |mode|
+    describe "handling obsolete settings for #{mode} mode" do
+      [{:name => 'ssl_cert', :replacement => 'ssl_certificate', :sample_value => "certificate_path"},
+       {:name => 'ssl_cacert', :replacement => 'ssl_certificate_authorities', :sample_value => "certificate_path"},
+       {:name => 'ssl_enable', :replacement => 'ssl_enabled', :sample_value => true},
+       {:name => 'ssl_verify', :replacement => 'ssl_client_authentication', :sample_value => 'peer'}].each do | obsolete_setting |
+        context "with obsolete #{obsolete_setting[:name]}" do
+          let (:deprecated_config) do
+            config.merge({'mode' => mode, obsolete_setting[:name] => obsolete_setting[:sample_value]})
+          end
+          it "should raise a config error with the appropriate message" do
+            expect { LogStash::Outputs::Tcp.new(deprecated_config).register }.to raise_error LogStash::ConfigurationError, /The setting `#{obsolete_setting[:name]}` in plugin `tcp` is obsolete and is no longer available. Use '#{obsolete_setting[:replacement]}'/i
+          end
+        end
+      end
+    end
+  end
   context 'failing to connect' do
     before { subject.register }
@@ -214,7 +233,7 @@ describe LogStash::Outputs::Tcp do
       context 'with supported protocol' do
-        let(:config) { super().merge("ssl_supported_protocols" => ['TLSv1.2']) }
+        let(:config) { super().merge("ssl_supported_protocols" => ['TLSv1.2'], "ssl_verification_mode" => "none") }
         let(:server_min_version) { 'TLS1_2' }
@@ -277,7 +296,7 @@ describe LogStash::Outputs::Tcp do
     context "and protocol is TLSv1.3" do
       let(:key_file) { File.join(FIXTURES_PATH, 'plaintext/instance.key') }
       let(:crt_file) { File.join(FIXTURES_PATH, 'plaintext/instance.crt') }
-      let(:config) { super().merge("ssl_certificate" => crt_file, "ssl_key" => key_file) }
+      let(:config) { super().merge("ssl_certificate" => crt_file, "ssl_key" => key_file, "ssl_verification_mode" => "none") }
       let(:secure_server) do
         ssl_context = OpenSSL::SSL::SSLContext.new
@@ -374,16 +393,6 @@ describe LogStash::Outputs::Tcp do
         end
       end
-      context "with deprecated ssl_verify = true and no ssl_certificate_authorities" do
-        let(:config) { super().merge(
-          'ssl_verify' => true,
-          'ssl_certificate_authorities' => []
-        ) }
-        it "should register without errors" do
-          expect { subject.register }.to_not raise_error
-        end
-      end
       %w[required optional].each do |ssl_client_authentication|
         context "with ssl_client_authentication = `#{ssl_client_authentication}` and no ssl_certificate_authorities" do
@@ -409,53 +418,6 @@ describe LogStash::Outputs::Tcp do
       end
     end
-    context "with deprecated settings" do
-      let(:ssl_verify) { true }
-      let(:certificate_path) { File.join(FIXTURES_PATH, 'plaintext/instance.crt') }
-      let(:config) do
-        {
-          "host" => "127.0.0.1",
-          "port" => port,
-          "ssl_enable" => true,
-          "ssl_cert" => certificate_path,
-          "ssl_key" => File.join(FIXTURES_PATH, 'plaintext/instance.key'),
-          "ssl_verify" => ssl_verify
-        }
-      end
-      context "and mode is server" do
-        let(:config) { super().merge("mode" => 'server') }
-        [true, false].each do |verify|
-          context "and ssl_verify is #{verify}" do
-            let(:ssl_verify) { verify }
-            it "should set new configs variables" do
-              subject.register
-              expect(subject.instance_variable_get(:@ssl_enabled)).to eql(true)
-              expect(subject.instance_variable_get(:@ssl_client_authentication)).to eql(verify ? 'required' : 'none')
-              expect(subject.instance_variable_get(:@ssl_certificate)).to eql(certificate_path)
-            end
-          end
-        end
-      end
-      context "and mode is client" do
-        let(:config) { super().merge("mode" => 'client') }
-        [true, false].each do |verify|
-          context "and ssl_verify is #{verify}" do
-            let(:ssl_verify) { verify }
-            it "should set new configs variables" do
-              subject.register
-              expect(subject.instance_variable_get(:@ssl_enabled)).to eql(true)
-              expect(subject.instance_variable_get(:@ssl_verification_mode)).to eql(verify ? 'full' : 'none')
-              expect(subject.instance_variable_get(:@ssl_certificate)).to eql(certificate_path)
-            end
-          end
-        end
-      end
-    end
     context "with ssl_client_authentication" do
       let(:config) do
         super().merge 'ssl_client_authentication' => 'required'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-tcp
 version: !ruby/object:Gem::Version
-  version: 6.2.1
+  version: 7.0.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-05 00:00:00.000000000 Z
+date: 2025-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -20,8 +20,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.99'
   name: logstash-core-plugin-api
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -37,8 +37,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 8.1.0
   name: logstash-core
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -51,8 +51,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-json
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -65,27 +65,13 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: stud
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  name: logstash-mixin-normalize_config_support
-  prerelease: false
-  type: :runtime
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -93,8 +79,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.12.2
   name: jruby-openssl
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -107,8 +93,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-devutils
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -121,8 +107,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-plain
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -135,8 +121,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: flores
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -185,7 +171,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
 summary: Writes events over a TCP socket