logstash-promtail-input-http 3.3.7-java

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,346 @@
1
+ :plugin: http
2
+ :type: input
3
+ :default_codec: plain
4
+
5
+ ///////////////////////////////////////////
6
+ START - GENERATED VARIABLES, DO NOT EDIT!
7
+ ///////////////////////////////////////////
8
+ :version: %VERSION%
9
+ :release_date: %RELEASE_DATE%
10
+ :changelog_url: %CHANGELOG_URL%
11
+ :include_path: ../../../../logstash/docs/include
12
+ ///////////////////////////////////////////
13
+ END - GENERATED VARIABLES, DO NOT EDIT!
14
+ ///////////////////////////////////////////
15
+
16
+ [id="plugins-{type}s-{plugin}"]
17
+
18
+ === Http input plugin
19
+
20
+ include::{include_path}/plugin_header.asciidoc[]
21
+
22
+ ==== Description
23
+
24
+ Using this input you can receive single or multiline events over http(s).
25
+ Applications can send an HTTP request to the endpoint started by this input and
26
+ Logstash will convert it into an event for subsequent processing. Users
27
+ can pass plain text, JSON, or any formatted data and use a corresponding codec with this
28
+ input. For Content-Type `application/json` the `json` codec is used, but for all other
29
+ data formats, `plain` codec is used.
30
+
31
+ This input can also be used to receive webhook requests to integrate with other services
32
+ and applications. By taking advantage of the vast plugin ecosystem available in Logstash
33
+ you can trigger actionable events right from your application.
34
+
35
+ ==== Blocking Behavior
36
+
37
+ The HTTP protocol doesn't deal well with long running requests. This plugin will either return
38
+ a 429 (busy) error when Logstash is backlogged, or it will time out the request.
39
+
40
+ If a 429 error is encountered clients should sleep, backing off exponentially with some random
41
+ jitter, then retry their request.
42
+
43
+ This plugin will block if the Logstash queue is blocked and there are available HTTP input threads.
44
+ This will cause most HTTP clients to time out. Sent events will still be processed in this case. This
45
+ behavior is not optimal and will be changed in a future release. In the future, this plugin will always
46
+ return a 429 if the queue is busy, and will not time out in the event of a busy queue.
47
+
48
+ ==== Security
49
+ This plugin supports standard HTTP basic authentication headers to identify the requester.
50
+ You can pass in a username, password combination while sending data to this input
51
+
52
+ You can also setup SSL and send data securely over https, with multiple options such as
53
+ validating the client's certificate.
54
+
55
+ [id="plugins-{type}s-{plugin}-codec-settings"]
56
+ ==== Codec settings
57
+ This plugin has two configuration options for codecs: `codec` and `additional_codecs`.
58
+
59
+ Values in `additional_codecs` are prioritized over those specified in the
60
+ `codec` option. That is, the default `codec` is applied only if no codec
61
+ for the request's content-type is found in the `additional_codecs` setting.
62
+
63
+ [id="plugins-{type}s-{plugin}-options"]
64
+ ==== Http Input Configuration Options
65
+
66
+ This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
67
+
68
+ [cols="<,<,<",options="header",]
69
+ |=======================================================================
70
+ |Setting |Input type|Required
71
+ | <<plugins-{type}s-{plugin}-additional_codecs>> |<<hash,hash>>|No
72
+ | <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|No
73
+ | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
74
+ | <<plugins-{type}s-{plugin}-keystore>> |<<path,path>>|No
75
+ | <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|No
76
+ | <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
77
+ | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
78
+ | <<plugins-{type}s-{plugin}-max_pending_requests>> |<<number,number>>|No
79
+ | <<plugins-{type}s-{plugin}-response_headers>> |<<hash,hash>>|No
80
+ | <<plugins-{type}s-{plugin}-response_code>> |<<number,number>>, one of `[200, 201, 202, 204]`|No
81
+ | <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|No
82
+ | <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
83
+ | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
84
+ | <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
85
+ | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
86
+ | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
87
+ | <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|No
88
+ | <<plugins-{type}s-{plugin}-threads>> |<<number,number>>|No
89
+ | <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|No
90
+ | <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|No
91
+ | <<plugins-{type}s-{plugin}-user>> |<<string,string>>|No
92
+ | <<plugins-{type}s-{plugin}-verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|No
93
+ |=======================================================================
94
+
95
+ Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
96
+ input plugins.
97
+
98
+ &nbsp;
99
+
100
+ [id="plugins-{type}s-{plugin}-additional_codecs"]
101
+ ===== `additional_codecs`
102
+
103
+ * Value type is <<hash,hash>>
104
+ * Default value is `{"application/json"=>"json"}`
105
+
106
+ Apply specific codecs for specific content types.
107
+ The default codec will be applied only after this list is checked
108
+ and no codec for the request's content-type is found
109
+
110
+ [id="plugins-{type}s-{plugin}-cipher_suites"]
111
+ ===== `cipher_suites`
112
+
113
+ * Value type is <<array,array>>
114
+ * Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
115
+
116
+ The list of ciphers suite to use, listed by priorities.
117
+
118
+ [id="plugins-{type}s-{plugin}-host"]
119
+ ===== `host`
120
+
121
+ * Value type is <<string,string>>
122
+ * Default value is `"0.0.0.0"`
123
+
124
+ The host or ip to bind
125
+
126
+ [id="plugins-{type}s-{plugin}-keystore"]
127
+ ===== `keystore`
128
+
129
+ * Value type is <<path,path>>
130
+ * There is no default value for this setting.
131
+ * This option is deprecated
132
+
133
+ The JKS keystore to validate the client's certificates
134
+
135
+ Note: This option is deprecated and it will be removed in the next major version of Logstash.
136
+ Use `ssl_certificate` and `ssl_key` instead.
137
+
138
+ [id="plugins-{type}s-{plugin}-keystore_password"]
139
+ ===== `keystore_password`
140
+
141
+ * Value type is <<password,password>>
142
+ * There is no default value for this setting.
143
+ * This option is deprecated
144
+
145
+ Set the truststore password
146
+
147
+ Note: This option is deprecated and it will be removed in the next major version of Logstash.
148
+ Use `ssl_certificate` and `ssl_key` instead.
149
+
150
+ [id="plugins-{type}s-{plugin}-password"]
151
+ ===== `password`
152
+
153
+ * Value type is <<password,password>>
154
+ * There is no default value for this setting.
155
+
156
+ Password for basic authorization
157
+
158
+ [id="plugins-{type}s-{plugin}-port"]
159
+ ===== `port`
160
+
161
+ * Value type is <<number,number>>
162
+ * Default value is `8080`
163
+
164
+ The TCP port to bind to
165
+
166
+ [id="plugins-{type}s-{plugin}-max_content_length"]
167
+ ===== `max_content_length`
168
+
169
+ * Value type is <<number,number>>
170
+ * Default value is 104857600
171
+
172
+ The max content of an HTTP request in bytes. It defaults to 100mb.
173
+
174
+ [id="plugins-{type}s-{plugin}-max_pending_requests"]
175
+ ===== `max_pending_requests`
176
+
177
+ * Value type is <<number,number>>
178
+ * Default value is 200
179
+
180
+ Maximum number of incoming requests to store in a temporary queue before being processed by worker threads.
181
+ If a request arrives and the queue is full a 429 response will be returned immediately.
182
+ This queue exists to deal with micro bursts of events and to improve overall throughput,
183
+ so it should be changed very carefully as it can lead to memory pressure and impact performance.
184
+ If you need to deal both periodic or unforeseen spikes in incoming requests consider enabling the
185
+ Persistent Queue for the logstash pipeline.
186
+
187
+ [id="plugins-{type}s-{plugin}-response_code"]
188
+ ===== `response_code`
189
+
190
+ * Value can be any of: 200, 201, 202, 204
191
+ * Default value is `200`
192
+
193
+ The HTTP return code if the request is processed successfully.
194
+
195
+ Other return codes may happen in the case of an error condition, such as
196
+ invalid credentials (401), internal errors (503) or backpressure (429).
197
+
198
+ If 204 (No Content) is set, the response body will not be sent in the response.
199
+
200
+ [id="plugins-{type}s-{plugin}-response_headers"]
201
+ ===== `response_headers`
202
+
203
+ * Value type is <<hash,hash>>
204
+ * Default value is `{"Content-Type"=>"text/plain"}`
205
+
206
+ specify a custom set of response headers
207
+
208
+ [id="plugins-{type}s-{plugin}-remote_host_target_field"]
209
+ ===== `remote_host_target_field`
210
+
211
+ * Value type is <<string,string>>
212
+ * Default value is `"host"`
213
+
214
+ specify a target field for the client host of the http request
215
+
216
+ [id="plugins-{type}s-{plugin}-request_headers_target_field"]
217
+ ===== `request_headers_target_field`
218
+
219
+ * Value type is <<string,string>>
220
+ * Default value is `"headers"`
221
+
222
+ specify target field for the client host of the http request
223
+
224
+ [id="plugins-{type}s-{plugin}-ssl"]
225
+ ===== `ssl`
226
+
227
+ * Value type is <<boolean,boolean>>
228
+ * Default value is `false`
229
+
230
+ Events are by default sent in plain text. You can
231
+ enable encryption by setting `ssl` to true and configuring
232
+ the `ssl_certificate` and `ssl_key` options.
233
+
234
+ [id="plugins-{type}s-{plugin}-ssl_certificate"]
235
+ ===== `ssl_certificate`
236
+
237
+ * Value type is <<path,path>>
238
+ * There is no default value for this setting.
239
+
240
+ SSL certificate to use.
241
+
242
+ [id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
243
+ ===== `ssl_certificate_authorities`
244
+
245
+ * Value type is <<array,array>>
246
+ * Default value is `[]`
247
+
248
+ Validate client certificates against these authorities.
249
+ You can define multiple files or paths. All the certificates will
250
+ be read and added to the trust store. You need to configure the `ssl_verify_mode`
251
+ to `peer` or `force_peer` to enable the verification.
252
+
253
+
254
+ [id="plugins-{type}s-{plugin}-ssl_handshake_timeout"]
255
+ ===== `ssl_handshake_timeout`
256
+
257
+ * Value type is <<number,number>>
258
+ * Default value is `10000`
259
+
260
+ Time in milliseconds for an incomplete ssl handshake to timeout
261
+
262
+ [id="plugins-{type}s-{plugin}-ssl_key"]
263
+ ===== `ssl_key`
264
+
265
+ * Value type is <<path,path>>
266
+ * There is no default value for this setting.
267
+
268
+ SSL key to use.
269
+ NOTE: This key need to be in the PKCS8 format, you can convert it with https://www.openssl.org/docs/man1.1.0/apps/pkcs8.html[OpenSSL]
270
+ for more information.
271
+
272
+ [id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
273
+ ===== `ssl_key_passphrase`
274
+
275
+ * Value type is <<password,password>>
276
+ * There is no default value for this setting.
277
+
278
+ SSL key passphrase to use.
279
+
280
+ [id="plugins-{type}s-{plugin}-ssl_verify_mode"]
281
+ ===== `ssl_verify_mode`
282
+
283
+ * Value can be any of: `none`, `peer`, `force_peer`
284
+ * Default value is `"none"`
285
+
286
+ By default the server doesn't do any client verification.
287
+
288
+ `peer` will make the server ask the client to provide a certificate.
289
+ If the client provides a certificate, it will be validated.
290
+
291
+ `force_peer` will make the server ask the client to provide a certificate.
292
+ If the client doesn't provide a certificate, the connection will be closed.
293
+
294
+ This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
295
+
296
+ [id="plugins-{type}s-{plugin}-threads"]
297
+ ===== `threads`
298
+
299
+ * Value type is <<number,number>>
300
+ * Default value is number of processors
301
+
302
+ Number of threads to use for both accepting connections and handling requests
303
+
304
+ [id="plugins-{type}s-{plugin}-tls_max_version"]
305
+ ===== `tls_max_version`
306
+
307
+ * Value type is <<number,number>>
308
+ * Default value is `1.2`
309
+
310
+ The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
311
+ 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
312
+
313
+ [id="plugins-{type}s-{plugin}-tls_min_version"]
314
+ ===== `tls_min_version`
315
+
316
+ * Value type is <<number,number>>
317
+ * Default value is `1`
318
+
319
+ The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
320
+ 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
321
+
322
+ [id="plugins-{type}s-{plugin}-user"]
323
+ ===== `user`
324
+
325
+ * Value type is <<string,string>>
326
+ * There is no default value for this setting.
327
+
328
+ Username for basic authorization
329
+
330
+ [id="plugins-{type}s-{plugin}-verify_mode"]
331
+ ===== `verify_mode`
332
+
333
+ * Value can be any of: `none`, `peer`, `force_peer`
334
+ * Default value is `"none"`
335
+ * This option is deprecated
336
+
337
+ Set the client certificate verification method. Valid methods: none, peer, force_peer
338
+
339
+ Note: This option is deprecated and it will be removed in the next major version of Logstash.
340
+ Use `ssl_verify_mode` instead.
341
+
342
+
343
+ [id="plugins-{type}s-{plugin}-common-options"]
344
+ include::{include_path}/{type}.asciidoc[]
345
+
346
+ :default_codec!:
@@ -0,0 +1,10 @@
1
+ # AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.
2
+
3
+ require 'jar_dependencies'
4
+ require_jar('io.netty', 'netty-all', '4.1.49.Final')
5
+ require_jar('org.apache.logging.log4j', 'log4j-api', '2.11.1')
6
+ require_jar('com.google.protobuf', 'protobuf-java', '3.14.0')
7
+ require_jar('org.xerial.snappy', 'snappy-java', '1.1.8.4')
8
+ require_jar('com.fasterxml.jackson.core', 'jackson-core', '2.12.3')
9
+ require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.12.3')
10
+ require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '3.3.7')
@@ -0,0 +1,316 @@
1
+ # encoding: utf-8
2
+ require "logstash/inputs/base"
3
+ require "logstash/namespace"
4
+ require "stud/interval"
5
+ require "logstash-input-http_jars"
6
+
7
+ # Using this input you can receive single or multiline events over http(s).
8
+ # Applications can send a HTTP POST request with a body to the endpoint started by this
9
+ # input and Logstash will convert it into an event for subsequent processing. Users
10
+ # can pass plain text, JSON, or any formatted data and use a corresponding codec with this
11
+ # input. For Content-Type `application/json` the `json` codec is used, but for all other
12
+ # data formats, `plain` codec is used.
13
+ #
14
+ # This input can also be used to receive webhook requests to integrate with other services
15
+ # and applications. By taking advantage of the vast plugin ecosystem available in Logstash
16
+ # you can trigger actionable events right from your application.
17
+ #
18
+ # ==== Security
19
+ # This plugin supports standard HTTP basic authentication headers to identify the requester.
20
+ # You can pass in an username, password combination while sending data to this input
21
+ #
22
+ # You can also setup SSL and send data securely over https, with an option of validating
23
+ # the client's certificate. Currently, the certificate setup is through
24
+ # https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html[Java Keystore
25
+ # format]
26
+ #
27
+ class LogStash::Inputs::Http < LogStash::Inputs::Base
28
+ require "logstash/inputs/http/tls"
29
+
30
+ java_import "io.netty.handler.codec.http.HttpUtil"
31
+
32
+ config_name "http"
33
+
34
+ # Codec used to decode the incoming data.
35
+ # This codec will be used as a fall-back if the content-type
36
+ # is not found in the "additional_codecs" hash
37
+ default :codec, "plain"
38
+
39
+ # The host or ip to bind
40
+ config :host, :validate => :string, :default => "0.0.0.0"
41
+
42
+ # The TCP port to bind to
43
+ config :port, :validate => :number, :default => 8080
44
+
45
+ # Username for basic authorization
46
+ config :user, :validate => :string, :required => false
47
+
48
+ # Password for basic authorization
49
+ config :password, :validate => :password, :required => false
50
+
51
+ # Events are by default sent in plain text. You can
52
+ # enable encryption by setting `ssl` to true and configuring
53
+ # the `ssl_certificate` and `ssl_key` options.
54
+ config :ssl, :validate => :boolean, :default => false
55
+
56
+ # SSL certificate to use.
57
+ config :ssl_certificate, :validate => :path
58
+
59
+ # SSL key to use.
60
+ # NOTE: This key need to be in the PKCS8 format, you can convert it with https://www.openssl.org/docs/man1.1.0/apps/pkcs8.html[OpenSSL]
61
+ # for more information.
62
+ config :ssl_key, :validate => :path
63
+
64
+ # SSL key passphrase to use.
65
+ config :ssl_key_passphrase, :validate => :password
66
+
67
+ # Validate client certificates against these authorities.
68
+ # You can define multiple files or paths. All the certificates will
69
+ # be read and added to the trust store. You need to configure the `ssl_verify_mode`
70
+ # to `peer` or `force_peer` to enable the verification.
71
+ config :ssl_certificate_authorities, :validate => :array, :default => []
72
+
73
+ # By default the server doesn't do any client verification.
74
+ #
75
+ # `peer` will make the server ask the client to provide a certificate.
76
+ # If the client provides a certificate, it will be validated.
77
+ #
78
+ # `force_peer` will make the server ask the client to provide a certificate.
79
+ # If the client doesn't provide a certificate, the connection will be closed.
80
+ #
81
+ # This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
82
+ config :ssl_verify_mode, :validate => ["none", "peer", "force_peer"], :default => "none"
83
+
84
+ # Time in milliseconds for an incomplete ssl handshake to timeout
85
+ config :ssl_handshake_timeout, :validate => :number, :default => 10000
86
+
87
+ # The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
88
+ # 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
89
+ config :tls_min_version, :validate => :number, :default => TLS.min.version
90
+
91
+ # The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
92
+ # 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
93
+ config :tls_max_version, :validate => :number, :default => TLS.max.version
94
+
95
+ # The list of ciphers suite to use, listed by priorities.
96
+ config :cipher_suites, :validate => :array, :default => org.logstash.plugins.inputs.http.util.SslSimpleBuilder.getDefaultCiphers
97
+
98
+ # Apply specific codecs for specific content types.
99
+ # The default codec will be applied only after this list is checked
100
+ # and no codec for the request's content-type is found
101
+ config :additional_codecs, :validate => :hash, :default => { "application/json" => "json" }
102
+
103
+ # specify a custom set of response headers
104
+ config :response_headers, :validate => :hash, :default => { 'Content-Type' => 'text/plain' }
105
+
106
+ # target field for the client host of the http request
107
+ config :remote_host_target_field, :validate => :string, :default => "host"
108
+
109
+ # target field for the client host of the http request
110
+ config :request_headers_target_field, :validate => :string, :default => "headers"
111
+
112
+ config :threads, :validate => :number, :required => false, :default => ::LogStash::Config::CpuCoreStrategy.maximum
113
+
114
+ config :max_pending_requests, :validate => :number, :required => false, :default => 200
115
+
116
+ config :max_content_length, :validate => :number, :required => false, :default => 100 * 1024 * 1024
117
+
118
+ config :response_code, :validate => [200, 201, 202, 204], :default => 200
119
+ # Deprecated options
120
+
121
+ # The JKS keystore to validate the client's certificates
122
+ config :keystore, :validate => :path, :deprecated => "Set 'ssl_certificate' and 'ssl_key' instead."
123
+ config :keystore_password, :validate => :password, :deprecated => "Set 'ssl_key_passphrase' instead."
124
+
125
+ config :verify_mode, :validate => ['none', 'peer', 'force_peer'], :default => 'none',
126
+ :deprecated => "Set 'ssl_verify_mode' instead."
127
+
128
+ public
129
+ def register
130
+
131
+ validate_ssl_settings!
132
+
133
+ if @user && @password then
134
+ token = Base64.strict_encode64("#{@user}:#{@password.value}")
135
+ @auth_token = "Basic #{token}"
136
+ end
137
+
138
+ @codecs = Hash.new
139
+
140
+ @additional_codecs.each do |content_type, codec|
141
+ @codecs[content_type] = LogStash::Plugin.lookup("codec", codec).new
142
+ end
143
+
144
+
145
+ @promtail_input = org.logstash.plugins.inputs.http.promtail.PromtailHandler.new
146
+
147
+ require "logstash/inputs/http/message_handler"
148
+ message_handler = MessageHandler.new(self, @codec, @codecs, @auth_token)
149
+ @http_server = create_http_server(message_handler)
150
+ end # def register
151
+
152
+ def run(queue)
153
+ @queue = queue
154
+ @logger.info("Starting http input listener", :address => "#{@host}:#{@port}", :ssl => "#{@ssl}")
155
+ @http_server.run()
156
+ end
157
+
158
+ def stop
159
+ @http_server.close() rescue nil
160
+ end
161
+
162
+ def close
163
+ @http_server.close() rescue nil
164
+ end
165
+
166
+ def decode_body(headers, remote_address, body, default_codec, additional_codecs)
167
+ content_type = headers.fetch("content_type", "")
168
+
169
+ if (content_type.start_with?("application/x-protobuf"))
170
+ # events = @promtail_input.decode_str(@promtail_input.toUTF8String(body))
171
+ events = @promtail_input.decode(body)
172
+ events.each do |event|
173
+ push_decoded_event(headers, remote_address, LogStash::Event.new(event), false)
174
+ end
175
+ else
176
+ body_str = body
177
+ body_str = @promtail_input.toUTF8String(body) if !body.is_a?(String)
178
+ codec = additional_codecs.fetch(HttpUtil.getMimeType(content_type), default_codec)
179
+ codec.decode(body_str) { |event| push_decoded_event(headers, remote_address, event) }
180
+ codec.flush { |event| push_decoded_event(headers, remote_address, event) }
181
+ end
182
+
183
+ true
184
+ rescue => e
185
+ @logger.error(
186
+ "unable to process event.",
187
+ :message => e.message,
188
+ :class => e.class.name,
189
+ :backtrace => e.backtrace
190
+ )
191
+ false
192
+ end
193
+
194
+ def push_decoded_event(headers, remote_address, event, add_headers=true)
195
+ if add_headers
196
+ event.set(@request_headers_target_field, headers)
197
+ event.set(@remote_host_target_field, remote_address)
198
+ end
199
+ tenant = headers.fetch("tenant", "")
200
+ tenant = headers.fetch("x_scope_orgid", "") if tenant.empty?
201
+ if !tenant.empty?
202
+ event.set("tenant", tenant)
203
+ end
204
+ decorate(event)
205
+ @logger.info("Pushing request to #{remote_address} with headers #{headers} event: #{event}")
206
+ @queue << event
207
+ end
208
+
209
+ def validate_ssl_settings!
210
+ if !@ssl
211
+ @logger.warn("SSL Certificate will not be used") if @ssl_certificate
212
+ @logger.warn("SSL Key will not be used") if @ssl_key
213
+ @logger.warn("SSL Java Key Store will not be used") if @keystore
214
+ elsif !(ssl_key_configured? || ssl_jks_configured?)
215
+ raise LogStash::ConfigurationError, "Certificate or JKS must be configured"
216
+ end
217
+
218
+ if @ssl && (original_params.key?("verify_mode") && original_params.key?("ssl_verify_mode"))
219
+ raise LogStash::ConfigurationError, "Both 'ssl_verify_mode' and 'verify_mode' were set. Use only 'ssl_verify_mode'."
220
+ elsif original_params.key?("verify_mode")
221
+ @ssl_verify_mode_final = @verify_mode
222
+ elsif original_params.key?("ssl_verify_mode")
223
+ @ssl_verify_mode_final = @ssl_verify_mode
224
+ else
225
+ @ssl_verify_mode_final = @ssl_verify_mode
226
+ end
227
+
228
+ if @ssl && require_certificate_authorities? && !client_authentication?
229
+ raise LogStash::ConfigurationError, "Using `ssl_verify_mode` or `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `ssl_certificate_authorities`"
230
+ elsif @ssl && !require_certificate_authorities? && client_authentication?
231
+ raise LogStash::ConfigurationError, "The configuration of `ssl_certificate_authorities` requires setting `ssl_verify_mode` or `verify_mode` to PEER or FORCE_PEER"
232
+ end
233
+ end
234
+
235
+ def create_http_server(message_handler)
236
+ org.logstash.plugins.inputs.http.NettyHttpServer.new(
237
+ @host, @port, message_handler, build_ssl_params(), @threads, @max_pending_requests, @max_content_length, @response_code)
238
+ end
239
+
240
+ def build_ssl_params
241
+ return nil unless @ssl
242
+
243
+ if @keystore && @keystore_password
244
+ ssl_builder = org.logstash.plugins.inputs.http.util.JksSslBuilder.new(@keystore, @keystore_password.value)
245
+ else
246
+ begin
247
+ ssl_builder = org.logstash.plugins.inputs.http.util.SslSimpleBuilder
248
+ .new(@ssl_certificate, @ssl_key, @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value)
249
+ .setCipherSuites(normalized_ciphers)
250
+ rescue java.lang.IllegalArgumentException => e
251
+ @logger.error("SSL configuration invalid", error_details(e))
252
+ raise LogStash::ConfigurationError, e
253
+ end
254
+
255
+ if client_authentication?
256
+ ssl_builder.setCertificateAuthorities(@ssl_certificate_authorities)
257
+ end
258
+ end
259
+
260
+ new_ssl_handshake_provider(ssl_builder)
261
+ end
262
+
263
+ def ssl_key_configured?
264
+ !!(@ssl_certificate && @ssl_key)
265
+ end
266
+
267
+ def ssl_jks_configured?
268
+ !!(@keystore && @keystore_password)
269
+ end
270
+
271
+ def client_authentication?
272
+ @ssl_certificate_authorities && @ssl_certificate_authorities.size > 0
273
+ end
274
+
275
+ def require_certificate_authorities?
276
+ @ssl_verify_mode_final == "force_peer" || @ssl_verify_mode_final == "peer"
277
+ end
278
+
279
+ private
280
+
281
+ def normalized_ciphers
282
+ @cipher_suites.map(&:upcase)
283
+ end
284
+
285
+ def convert_protocols
286
+ TLS.get_supported(@tls_min_version..@tls_max_version).map(&:name)
287
+ end
288
+
289
+ def new_ssl_handshake_provider(ssl_builder)
290
+ begin
291
+ ssl_handler_provider = org.logstash.plugins.inputs.http.util.SslHandlerProvider.new(ssl_builder.build())
292
+ ssl_handler_provider.setVerifyMode(@ssl_verify_mode_final.upcase)
293
+ ssl_handler_provider.setProtocols(convert_protocols)
294
+ ssl_handler_provider.setHandshakeTimeoutMilliseconds(@ssl_handshake_timeout)
295
+ ssl_handler_provider
296
+ rescue java.lang.IllegalArgumentException => e
297
+ @logger.error("SSL configuration invalid", error_details(e))
298
+ raise LogStash::ConfigurationError, e
299
+ rescue java.lang.Exception => e
300
+ @logger.error("SSL configuration failed", error_details(e, true))
301
+ raise e
302
+ end
303
+ end
304
+
305
+ def error_details(e, trace = false)
306
+ error_details = { :exception => e.class, :message => e.message }
307
+ error_details[:backtrace] = e.backtrace if trace || @logger.debug?
308
+ cause = e.cause
309
+ if cause && e != cause
310
+ error_details[:cause] = { :exception => cause.class, :message => cause.message }
311
+ error_details[:cause][:backtrace] = cause.backtrace if trace || @logger.debug?
312
+ end
313
+ error_details
314
+ end
315
+
316
+ end # class LogStash::Inputs::Http