logstash-promtail-input-http 3.3.7-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +112 -0
- data/DEVELOPER.md +1 -0
- data/Gemfile +11 -0
- data/LICENSE +202 -0
- data/NOTICE.TXT +5 -0
- data/README.md +98 -0
- data/VERSION +1 -0
- data/docs/index.asciidoc +346 -0
- data/lib/logstash-input-http_jars.rb +10 -0
- data/lib/logstash/inputs/http.rb +316 -0
- data/lib/logstash/inputs/http/message_handler.rb +49 -0
- data/lib/logstash/inputs/http/tls.rb +40 -0
- data/lib/logstash/util/http_compressed_requests.rb +39 -0
- data/lib/tasks/build.rake +16 -0
- data/logstash-input-http.gemspec +33 -0
- data/spec/inputs/http_spec.rb +522 -0
- data/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.12.3/jackson-core-2.12.3.jar +0 -0
- data/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.12.3/jackson-databind-2.12.3.jar +0 -0
- data/vendor/jar-dependencies/com/google/protobuf/protobuf-java/3.14.0/protobuf-java-3.14.0.jar +0 -0
- data/vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final/netty-all-4.1.49.Final.jar +0 -0
- data/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar +0 -0
- data/vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.3.7/logstash-input-http-3.3.7.jar +0 -0
- data/vendor/jar-dependencies/org/xerial/snappy/snappy-java/1.1.8.4/snappy-java-1.1.8.4.jar +0 -0
- metadata +181 -0
@@ -0,0 +1,49 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "logstash-input-http_jars"
|
3
|
+
|
4
|
+
module LogStash module Inputs class Http
|
5
|
+
class MessageHandler
|
6
|
+
include org.logstash.plugins.inputs.http.IMessageHandler
|
7
|
+
|
8
|
+
attr_reader :input
|
9
|
+
|
10
|
+
def initialize(input, default_codec, additional_codecs, auth_token)
|
11
|
+
@input = input
|
12
|
+
@default_codec = default_codec
|
13
|
+
@additional_codecs = additional_codecs
|
14
|
+
@auth_token = auth_token
|
15
|
+
end
|
16
|
+
|
17
|
+
def validates_token(token)
|
18
|
+
if @auth_token
|
19
|
+
@auth_token == token
|
20
|
+
else
|
21
|
+
true
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
def requires_token
|
26
|
+
!!@auth_token
|
27
|
+
end
|
28
|
+
|
29
|
+
def onNewMessage(remote_address, headers, body)
|
30
|
+
@input.decode_body(headers, remote_address, body, @default_codec, @additional_codecs)
|
31
|
+
end
|
32
|
+
|
33
|
+
def copy
|
34
|
+
MessageHandler.new(@input, @default_codec.clone, clone_additional_codecs(), @auth_token)
|
35
|
+
end
|
36
|
+
|
37
|
+
def clone_additional_codecs
|
38
|
+
clone_additional_codecs = {}
|
39
|
+
@additional_codecs.each do |content_type, codec|
|
40
|
+
clone_additional_codecs[content_type] = codec.clone
|
41
|
+
end
|
42
|
+
clone_additional_codecs
|
43
|
+
end
|
44
|
+
|
45
|
+
def response_headers
|
46
|
+
@input.response_headers
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end; end; end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
module LogStash module Inputs class Http
|
3
|
+
class TLS
|
4
|
+
class TLSOption
|
5
|
+
include Comparable
|
6
|
+
|
7
|
+
attr_reader :name, :version
|
8
|
+
def initialize(name, version)
|
9
|
+
@name = name
|
10
|
+
@version = version
|
11
|
+
end
|
12
|
+
|
13
|
+
def <=>(other)
|
14
|
+
version <=> other.version
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
TLS_PROTOCOL_OPTIONS = [
|
19
|
+
TLSOption.new("TLSv1", 1),
|
20
|
+
TLSOption.new("TLSv1.1", 1.1),
|
21
|
+
TLSOption.new("TLSv1.2", 1.2)
|
22
|
+
]
|
23
|
+
|
24
|
+
def self.min
|
25
|
+
TLS_PROTOCOL_OPTIONS.min
|
26
|
+
end
|
27
|
+
|
28
|
+
def self.max
|
29
|
+
TLS_PROTOCOL_OPTIONS.max
|
30
|
+
end
|
31
|
+
|
32
|
+
def self.get_supported(versions)
|
33
|
+
if versions.is_a?(Range)
|
34
|
+
TLS_PROTOCOL_OPTIONS.select { |tls| versions.cover?(tls.version) }
|
35
|
+
else
|
36
|
+
TLS_PROTOCOL_OPTIONS.select { |tls| versions == tls.version }
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end; end; end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
class CompressedRequests
|
2
|
+
def initialize(app)
|
3
|
+
@app = app
|
4
|
+
end
|
5
|
+
|
6
|
+
def method_handled?(env)
|
7
|
+
!!(env['REQUEST_METHOD'] =~ /(POST|PUT)/)
|
8
|
+
end
|
9
|
+
|
10
|
+
def encoding_handled?(env)
|
11
|
+
['gzip', 'deflate'].include? env['HTTP_CONTENT_ENCODING']
|
12
|
+
end
|
13
|
+
|
14
|
+
def call(env)
|
15
|
+
if method_handled?(env) && encoding_handled?(env)
|
16
|
+
begin
|
17
|
+
extracted = decode(env['rack.input'], env['HTTP_CONTENT_ENCODING'])
|
18
|
+
rescue Zlib::Error
|
19
|
+
return [400, {'Content-Type' => 'text/plain'}, ["Failed to decompress body"]]
|
20
|
+
end
|
21
|
+
|
22
|
+
env.delete('HTTP_CONTENT_ENCODING')
|
23
|
+
env['CONTENT_LENGTH'] = extracted.bytesize
|
24
|
+
env['rack.input'] = StringIO.new(extracted)
|
25
|
+
end
|
26
|
+
|
27
|
+
@app.call(env)
|
28
|
+
end
|
29
|
+
|
30
|
+
def decode(input, content_encoding)
|
31
|
+
case content_encoding
|
32
|
+
when 'gzip' then
|
33
|
+
Zlib::GzipReader.new(input).read
|
34
|
+
when 'deflate' then
|
35
|
+
Zlib::Inflate.inflate(input.read)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "jars/installer"
|
3
|
+
require "fileutils"
|
4
|
+
|
5
|
+
desc "vendor"
|
6
|
+
task :vendor do
|
7
|
+
exit(1) unless system './gradlew vendor'
|
8
|
+
version = File.read("VERSION").strip
|
9
|
+
end
|
10
|
+
|
11
|
+
desc "clean"
|
12
|
+
task :clean do
|
13
|
+
["build", "vendor/jar-dependencies", "Gemfile.lock"].each do |p|
|
14
|
+
FileUtils.rm_rf(p)
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
HTTP_INPUT_VERSION = File.read(File.expand_path(File.join(File.dirname(__FILE__), "VERSION"))).strip unless defined?(HTTP_INPUT_VERSION)
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = 'logstash-promtail-input-http'
|
5
|
+
s.version = HTTP_INPUT_VERSION
|
6
|
+
s.licenses = ['Apache License (2.0)']
|
7
|
+
s.summary = "Receives events over HTTP or HTTPS"
|
8
|
+
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
9
|
+
s.authors = ["Elastic"]
|
10
|
+
s.email = 'info@elastic.co'
|
11
|
+
s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html"
|
12
|
+
s.require_paths = ["lib", "vendor/jar-dependencies"]
|
13
|
+
|
14
|
+
# Files
|
15
|
+
s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
|
16
|
+
# Tests
|
17
|
+
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
18
|
+
|
19
|
+
# Special flag to let us know this is actually a logstash plugin
|
20
|
+
s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
|
21
|
+
|
22
|
+
# Gem dependencies
|
23
|
+
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
24
|
+
s.add_runtime_dependency 'logstash-codec-plain'
|
25
|
+
s.add_runtime_dependency 'jar-dependencies', '~> 0.3', '>= 0.3.4'
|
26
|
+
|
27
|
+
s.add_development_dependency 'logstash-devutils'
|
28
|
+
s.add_development_dependency 'logstash-codec-json'
|
29
|
+
s.add_development_dependency 'logstash-codec-json_lines'
|
30
|
+
s.add_development_dependency 'manticore'
|
31
|
+
|
32
|
+
s.platform = "java"
|
33
|
+
end
|
@@ -0,0 +1,522 @@
|
|
1
|
+
require "logstash/devutils/rspec/spec_helper"
|
2
|
+
require "logstash/devutils/rspec/shared_examples"
|
3
|
+
require "logstash/inputs/http"
|
4
|
+
require "json"
|
5
|
+
require "manticore"
|
6
|
+
require "stud/temporary"
|
7
|
+
require "zlib"
|
8
|
+
require "stringio"
|
9
|
+
|
10
|
+
java_import "io.netty.handler.ssl.util.SelfSignedCertificate"
|
11
|
+
|
12
|
+
describe LogStash::Inputs::Http do
|
13
|
+
|
14
|
+
before do
|
15
|
+
srand(RSpec.configuration.seed)
|
16
|
+
end
|
17
|
+
|
18
|
+
let(:client) { Manticore::Client.new(client_options) }
|
19
|
+
let(:client_options) { { } }
|
20
|
+
let(:logstash_queue) { Queue.new }
|
21
|
+
let(:port) { rand(5000) + 1025 }
|
22
|
+
|
23
|
+
it_behaves_like "an interruptible input plugin" do
|
24
|
+
let(:config) { { "port" => port } }
|
25
|
+
end
|
26
|
+
|
27
|
+
after :each do
|
28
|
+
client.clear_pending
|
29
|
+
client.close
|
30
|
+
subject.stop
|
31
|
+
end
|
32
|
+
|
33
|
+
describe "request handling" do
|
34
|
+
subject { LogStash::Inputs::Http.new("port" => port) }
|
35
|
+
|
36
|
+
before :each do
|
37
|
+
subject.register
|
38
|
+
t = Thread.new { subject.run(logstash_queue) }
|
39
|
+
ok = false
|
40
|
+
until ok
|
41
|
+
begin
|
42
|
+
client.post("http://127.0.0.1:#{port}", :body => '{}').call
|
43
|
+
rescue => e
|
44
|
+
# retry
|
45
|
+
else
|
46
|
+
ok = true
|
47
|
+
end
|
48
|
+
sleep 0.01
|
49
|
+
end
|
50
|
+
logstash_queue.pop if logstash_queue.size == 1 # pop test event
|
51
|
+
end
|
52
|
+
|
53
|
+
describe "handling overflowing requests with a 429" do
|
54
|
+
let(:logstash_queue_size) { rand(10) + 1 }
|
55
|
+
let(:max_pending_requests) { rand(5) + 1 }
|
56
|
+
let(:threads) { rand(4) + 1 }
|
57
|
+
let(:logstash_queue) { SizedQueue.new(logstash_queue_size) }
|
58
|
+
let(:client_options) { {
|
59
|
+
"request_timeout" => 0.1,
|
60
|
+
"connect_timeout" => 3,
|
61
|
+
"socket_timeout" => 0.1
|
62
|
+
} }
|
63
|
+
|
64
|
+
subject { described_class.new("port" => port, "threads" => threads, "max_pending_requests" => max_pending_requests) }
|
65
|
+
|
66
|
+
context "when sending more requests than queue slots" do
|
67
|
+
it "should block when the queue is full" do
|
68
|
+
# these will queue and return 200
|
69
|
+
logstash_queue_size.times.each do |i|
|
70
|
+
response = client.post("http://127.0.0.1:#{port}", :body => '{}').call
|
71
|
+
expect(response.code).to eq(200)
|
72
|
+
end
|
73
|
+
|
74
|
+
# these will block
|
75
|
+
(threads + max_pending_requests).times.each do |i|
|
76
|
+
expect {
|
77
|
+
client.post("http://127.0.0.1:#{port}", :body => '{}').call
|
78
|
+
}.to raise_error(Manticore::SocketTimeout)
|
79
|
+
end
|
80
|
+
|
81
|
+
# by now we should be rejecting with 429
|
82
|
+
response = client.post("http://127.0.0.1:#{port}", :body => '{}').call
|
83
|
+
expect(response.code).to eq(429)
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
describe "remote host" do
|
89
|
+
subject { LogStash::Inputs::Http.new(config.merge("port" => port)) }
|
90
|
+
context "by default" do
|
91
|
+
let(:config) { {} }
|
92
|
+
it "is written to the \"host\" field" do
|
93
|
+
client.post("http://localhost:#{port}/loki/",
|
94
|
+
:headers => { "content-type" => "text/plain" },
|
95
|
+
:body => "hello").call
|
96
|
+
event = logstash_queue.pop
|
97
|
+
expect(event.get("host")).to eq("127.0.0.1")
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
context "when using remote_host_target_field" do
|
102
|
+
let(:config) { { "remote_host_target_field" => "remote_host" } }
|
103
|
+
it "is written to the value of \"remote_host_target_field\" property" do
|
104
|
+
client.post("http://localhost:#{port}/meh.json",
|
105
|
+
:headers => { "content-type" => "text/plain" },
|
106
|
+
:body => "hello").call
|
107
|
+
event = logstash_queue.pop
|
108
|
+
expect(event.get("remote_host")).to eq("127.0.0.1")
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
describe "request headers" do
|
114
|
+
subject { LogStash::Inputs::Http.new(config.merge("port" => port)) }
|
115
|
+
context "by default" do
|
116
|
+
let(:config) { {} }
|
117
|
+
it "are written to the \"headers\" field" do
|
118
|
+
client.post("http://localhost:#{port}/meh.json",
|
119
|
+
:headers => { "content-type" => "text/plain" },
|
120
|
+
:body => "hello").call
|
121
|
+
event = logstash_queue.pop
|
122
|
+
expect(event.get("headers")).to be_a(Hash)
|
123
|
+
expect(event.get("headers")).to include("request_method" => "POST")
|
124
|
+
end
|
125
|
+
end
|
126
|
+
context "when using request_headers_target_field" do
|
127
|
+
let(:config) { { "request_headers_target_field" => "request_headers" } }
|
128
|
+
it "are written to the field set in \"request_headers_target_field\"" do
|
129
|
+
client.post("http://localhost:#{port}/meh.json",
|
130
|
+
:headers => { "content-type" => "text/plain" },
|
131
|
+
:body => "hello").call
|
132
|
+
event = logstash_queue.pop
|
133
|
+
expect(event.get("request_headers")).to be_a(Hash)
|
134
|
+
expect(event.get("request_headers")).to include("request_method" => "POST")
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
it "should include remote host in \"host\" property" do
|
140
|
+
client.post("http://127.0.0.1:#{port}/meh.json",
|
141
|
+
:headers => { "content-type" => "text/plain" },
|
142
|
+
:body => "hello").call
|
143
|
+
event = logstash_queue.pop
|
144
|
+
expect(event.get("host")).to eq("127.0.0.1")
|
145
|
+
end
|
146
|
+
|
147
|
+
context "with default codec" do
|
148
|
+
subject { LogStash::Inputs::Http.new("port" => port) }
|
149
|
+
context "when receiving a text/plain request" do
|
150
|
+
it "should process the request normally" do
|
151
|
+
client.post("http://127.0.0.1:#{port}/meh.json",
|
152
|
+
:headers => { "content-type" => "text/plain" },
|
153
|
+
:body => "hello").call
|
154
|
+
event = logstash_queue.pop
|
155
|
+
expect(event.get("message")).to eq("hello")
|
156
|
+
end
|
157
|
+
end
|
158
|
+
context "when receiving a application/x-protobuf request" do
|
159
|
+
it "should decompress using snappy" do
|
160
|
+
promtail_input = org.logstash.plugins.inputs.http.promtail.PromtailHandler.new
|
161
|
+
message = "My compressed and protobuf-ed message"
|
162
|
+
promtail_input.sendLogHttp("http://127.0.0.1:#{port}/template/loki", message, nil)
|
163
|
+
event = logstash_queue.pop
|
164
|
+
expect(event.get("message")).to eq(message)
|
165
|
+
end
|
166
|
+
it "should set tenant" do
|
167
|
+
promtail_input = org.logstash.plugins.inputs.http.promtail.PromtailHandler.new
|
168
|
+
message = "My compressed and protobuf-ed message"
|
169
|
+
tenant = "sometenant"
|
170
|
+
promtail_input.sendLogHttp("http://127.0.0.1:#{port}/template/loki", message, tenant)
|
171
|
+
event = logstash_queue.pop
|
172
|
+
expect(event.get("message")).to eq(message)
|
173
|
+
expect(event.get("tenant")).to eq(tenant)
|
174
|
+
end
|
175
|
+
end
|
176
|
+
context "when receiving a deflate compressed text/plain request" do
|
177
|
+
it "should process the request normally" do
|
178
|
+
client.post("http://127.0.0.1:#{port}/meh.json",
|
179
|
+
:headers => { "content-type" => "text/plain", "content-encoding" => "deflate" },
|
180
|
+
:body => Zlib::Deflate.deflate("hello")).call
|
181
|
+
event = logstash_queue.pop
|
182
|
+
expect(event.get("message")).to eq("hello")
|
183
|
+
end
|
184
|
+
end
|
185
|
+
context "when receiving a deflate text/plain request that cannot be decompressed" do
|
186
|
+
let(:response) do
|
187
|
+
response = client.post("http://127.0.0.1:#{port}/meh.json",
|
188
|
+
:headers => { "content-type" => "text/plain", "content-encoding" => "deflate" },
|
189
|
+
:body => "hello").call
|
190
|
+
end
|
191
|
+
it "should respond with 400" do
|
192
|
+
expect(response.code).to eq(400)
|
193
|
+
end
|
194
|
+
end
|
195
|
+
context "when receiving a gzip compressed text/plain request" do
|
196
|
+
it "should process the request normally" do
|
197
|
+
wio = StringIO.new("w")
|
198
|
+
z = Zlib::GzipWriter.new(wio)
|
199
|
+
z.write("hello")
|
200
|
+
z.close
|
201
|
+
entity = org.apache.http.entity.ByteArrayEntity.new(wio.string.to_java_bytes)
|
202
|
+
response = client.post("http://127.0.0.1:#{port}",
|
203
|
+
:headers => { "Content-Encoding" => "gzip" },
|
204
|
+
:entity => entity).call
|
205
|
+
expect(response.code).to eq(200)
|
206
|
+
event = logstash_queue.pop
|
207
|
+
expect(event.get("message")).to eq("hello")
|
208
|
+
end
|
209
|
+
end
|
210
|
+
context "when receiving a gzip text/plain request that cannot be decompressed" do
|
211
|
+
let(:response) do
|
212
|
+
client.post("http://127.0.0.1:#{port}",
|
213
|
+
:headers => { "Content-Encoding" => "gzip" },
|
214
|
+
:body => Zlib::Deflate.deflate("hello")).call
|
215
|
+
end
|
216
|
+
it "should respond with 400" do
|
217
|
+
expect(response.code).to eq(400)
|
218
|
+
end
|
219
|
+
end
|
220
|
+
context "when receiving an application/json request" do
|
221
|
+
it "should parse the json body" do
|
222
|
+
client.post("http://127.0.0.1:#{port}/meh.json",
|
223
|
+
:headers => { "content-type" => "application/json" },
|
224
|
+
:body => { "message_body" => "Hello" }.to_json).call
|
225
|
+
event = logstash_queue.pop
|
226
|
+
expect(event.get("message_body")).to eq("Hello")
|
227
|
+
end
|
228
|
+
end
|
229
|
+
end
|
230
|
+
|
231
|
+
context "with json codec" do
|
232
|
+
subject { LogStash::Inputs::Http.new("port" => port, "codec" => "json") }
|
233
|
+
it "should parse the json body" do
|
234
|
+
response = client.post("http://127.0.0.1:#{port}/meh.json", :body => { "message" => "Hello" }.to_json).call
|
235
|
+
event = logstash_queue.pop
|
236
|
+
expect(event.get("message")).to eq("Hello")
|
237
|
+
end
|
238
|
+
end
|
239
|
+
|
240
|
+
context "with json_lines codec without final delimiter" do
|
241
|
+
subject { LogStash::Inputs::Http.new("port" => port, "codec" => "json_lines") }
|
242
|
+
let(:line1) { '{"foo": 1}' }
|
243
|
+
let(:line2) { '{"foo": 2}' }
|
244
|
+
it "should parse all json_lines in body including last one" do
|
245
|
+
client.post("http://localhost:#{port}/meh.json", :body => "#{line1}\n#{line2}").call
|
246
|
+
expect(logstash_queue.size).to eq(2)
|
247
|
+
event = logstash_queue.pop
|
248
|
+
expect(event.get("foo")).to eq(1)
|
249
|
+
event = logstash_queue.pop
|
250
|
+
expect(event.get("foo")).to eq(2)
|
251
|
+
end
|
252
|
+
end
|
253
|
+
|
254
|
+
context "when using a custom codec mapping" do
|
255
|
+
subject { LogStash::Inputs::Http.new("port" => port,
|
256
|
+
"additional_codecs" => { "application/json" => "plain" }) }
|
257
|
+
it "should decode the message accordingly" do
|
258
|
+
body = { "message" => "Hello" }.to_json
|
259
|
+
client.post("http://127.0.0.1:#{port}/meh.json",
|
260
|
+
:headers => { "content-type" => "application/json" },
|
261
|
+
:body => body).call
|
262
|
+
event = logstash_queue.pop
|
263
|
+
expect(event.get("message")).to eq(body)
|
264
|
+
end
|
265
|
+
end
|
266
|
+
|
267
|
+
context "when receiving a content-type with a charset" do
|
268
|
+
subject { LogStash::Inputs::Http.new("port" => port,
|
269
|
+
"additional_codecs" => { "application/json" => "plain" }) }
|
270
|
+
it "should decode the message accordingly" do
|
271
|
+
body = { "message" => "Hello" }.to_json
|
272
|
+
client.post("http://127.0.0.1:#{port}/meh.json",
|
273
|
+
:headers => { "content-type" => "application/json; charset=utf-8" },
|
274
|
+
:body => body).call
|
275
|
+
event = logstash_queue.pop
|
276
|
+
expect(event.get("message")).to eq(body)
|
277
|
+
end
|
278
|
+
end
|
279
|
+
|
280
|
+
context "when using custom headers" do
|
281
|
+
let(:custom_headers) { { 'access-control-allow-origin' => '*' } }
|
282
|
+
subject { LogStash::Inputs::Http.new("port" => port, "response_headers" => custom_headers) }
|
283
|
+
|
284
|
+
describe "the response" do
|
285
|
+
it "should include the custom headers" do
|
286
|
+
response = client.post("http://127.0.0.1:#{port}/meh", :body => "hello").call
|
287
|
+
expect(response.headers.to_hash).to include(custom_headers)
|
288
|
+
end
|
289
|
+
end
|
290
|
+
end
|
291
|
+
describe "basic auth" do
|
292
|
+
user = "test"; password = "pwd"
|
293
|
+
subject { LogStash::Inputs::Http.new("port" => port, "user" => user, "password" => password) }
|
294
|
+
let(:auth_token) { Base64.strict_encode64("#{user}:#{password}") }
|
295
|
+
context "when client doesn't present auth token" do
|
296
|
+
let!(:response) { client.post("http://127.0.0.1:#{port}/meh", :body => "hi").call }
|
297
|
+
it "should respond with 401" do
|
298
|
+
expect(response.code).to eq(401)
|
299
|
+
end
|
300
|
+
it 'should include a WWW-Authenticate: Basic header' do
|
301
|
+
expect(response['WWW-Authenticate']).to_not be_nil
|
302
|
+
|
303
|
+
expect(response['WWW-Authenticate']).to start_with('Basic realm=')
|
304
|
+
end
|
305
|
+
it "should not generate an event" do
|
306
|
+
expect(logstash_queue).to be_empty
|
307
|
+
end
|
308
|
+
end
|
309
|
+
context "when client presents incorrect auth token" do
|
310
|
+
let!(:response) do
|
311
|
+
client.post("http://127.0.0.1:#{port}/meh",
|
312
|
+
:headers => {
|
313
|
+
"content-type" => "text/plain",
|
314
|
+
"authorization" => "Basic meh"
|
315
|
+
},
|
316
|
+
:body => "hi").call
|
317
|
+
end
|
318
|
+
it "should respond with 401" do
|
319
|
+
expect(response.code).to eq(401)
|
320
|
+
end
|
321
|
+
it 'should not include a WWW-Authenticate header' do
|
322
|
+
expect(response['WWW-Authenticate']).to be_nil
|
323
|
+
end
|
324
|
+
it "should not generate an event" do
|
325
|
+
expect(logstash_queue).to be_empty
|
326
|
+
end
|
327
|
+
end
|
328
|
+
context "when client presents correct auth token" do
|
329
|
+
let!(:response) do
|
330
|
+
client.post("http://127.0.0.1:#{port}/meh",
|
331
|
+
:headers => {
|
332
|
+
"content-type" => "text/plain",
|
333
|
+
"authorization" => "Basic #{auth_token}"
|
334
|
+
}, :body => "hi").call
|
335
|
+
end
|
336
|
+
it "should respond with 200" do
|
337
|
+
expect(response.code).to eq(200)
|
338
|
+
end
|
339
|
+
it "should generate an event" do
|
340
|
+
expect(logstash_queue).to_not be_empty
|
341
|
+
end
|
342
|
+
end
|
343
|
+
end
|
344
|
+
|
345
|
+
describe "HTTP Protocol Handling" do
|
346
|
+
context "when an HTTP1.1 request is made" do
|
347
|
+
let(:protocol_version) do
|
348
|
+
Java::OrgApacheHttp::HttpVersion::HTTP_1_1
|
349
|
+
end
|
350
|
+
it "responds with a HTTP1.1 response" do
|
351
|
+
response = client.post("http://127.0.0.1:#{port}", :body => "hello")
|
352
|
+
response.request.set_protocol_version(protocol_version)
|
353
|
+
response.call
|
354
|
+
response_protocol_version = response.instance_variable_get(:@response).get_protocol_version
|
355
|
+
expect(response_protocol_version).to eq(protocol_version)
|
356
|
+
end
|
357
|
+
end
|
358
|
+
context "when an HTTP1.0 request is made" do
|
359
|
+
let(:protocol_version) do
|
360
|
+
Java::OrgApacheHttp::HttpVersion::HTTP_1_0
|
361
|
+
end
|
362
|
+
it "responds with a HTTP1.0 response" do
|
363
|
+
response = client.post("http://127.0.0.1:#{port}", :body => "hello")
|
364
|
+
response.request.set_protocol_version(protocol_version)
|
365
|
+
response.call
|
366
|
+
response_protocol_version = response.instance_variable_get(:@response).get_protocol_version
|
367
|
+
expect(response_protocol_version).to eq(protocol_version)
|
368
|
+
end
|
369
|
+
end
|
370
|
+
end
|
371
|
+
describe "return code" do
|
372
|
+
it "responds with a 200" do
|
373
|
+
response = client.post("http://127.0.0.1:#{port}", :body => "hello")
|
374
|
+
response.call
|
375
|
+
expect(response.code).to eq(200)
|
376
|
+
end
|
377
|
+
context "when response_code is configured" do
|
378
|
+
let(:code) { 202 }
|
379
|
+
subject { LogStash::Inputs::Http.new("port" => port, "response_code" => code) }
|
380
|
+
it "responds with the configured code" do
|
381
|
+
response = client.post("http://127.0.0.1:#{port}", :body => "hello")
|
382
|
+
response.call
|
383
|
+
expect(response.code).to eq(202)
|
384
|
+
end
|
385
|
+
end
|
386
|
+
end
|
387
|
+
end
|
388
|
+
|
389
|
+
context "with :ssl => false" do
|
390
|
+
subject { LogStash::Inputs::Http.new("port" => port, "ssl" => false) }
|
391
|
+
it "should not raise exception" do
|
392
|
+
expect { subject.register }.to_not raise_exception
|
393
|
+
end
|
394
|
+
end
|
395
|
+
context "with :ssl => true" do
|
396
|
+
context "without :ssl_certificate" do
|
397
|
+
subject { LogStash::Inputs::Http.new("port" => port, "ssl" => true) }
|
398
|
+
it "should raise exception" do
|
399
|
+
expect { subject.register }.to raise_exception(LogStash::ConfigurationError)
|
400
|
+
end
|
401
|
+
end
|
402
|
+
context "with :ssl_certificate" do
|
403
|
+
let(:ssc) { SelfSignedCertificate.new }
|
404
|
+
let(:ssl_certificate) { ssc.certificate }
|
405
|
+
let(:ssl_key) { ssc.private_key }
|
406
|
+
|
407
|
+
let(:config) do
|
408
|
+
{ "port" => port, "ssl" => true, "ssl_certificate" => ssl_certificate.path, "ssl_key" => ssl_key.path }
|
409
|
+
end
|
410
|
+
|
411
|
+
after(:each) { ssc.delete }
|
412
|
+
|
413
|
+
subject { LogStash::Inputs::Http.new(config) }
|
414
|
+
|
415
|
+
it "should not raise exception" do
|
416
|
+
expect { subject.register }.to_not raise_exception
|
417
|
+
end
|
418
|
+
|
419
|
+
context "with ssl_verify_mode = none" do
|
420
|
+
subject { LogStash::Inputs::Http.new(config.merge("ssl_verify_mode" => "none")) }
|
421
|
+
|
422
|
+
it "should not raise exception" do
|
423
|
+
expect { subject.register }.to_not raise_exception
|
424
|
+
end
|
425
|
+
end
|
426
|
+
["peer", "force_peer"].each do |verify_mode|
|
427
|
+
context "with ssl_verify_mode = #{verify_mode}" do
|
428
|
+
subject { LogStash::Inputs::Http.new("port" => port, "ssl" => true,
|
429
|
+
"ssl_certificate" => ssl_certificate.path,
|
430
|
+
"ssl_certificate_authorities" => ssl_certificate.path,
|
431
|
+
"ssl_key" => ssl_key.path,
|
432
|
+
"ssl_verify_mode" => verify_mode
|
433
|
+
) }
|
434
|
+
it "should not raise exception" do
|
435
|
+
expect { subject.register }.to_not raise_exception
|
436
|
+
end
|
437
|
+
end
|
438
|
+
end
|
439
|
+
context "with verify_mode = none" do
|
440
|
+
subject { LogStash::Inputs::Http.new(config.merge("verify_mode" => "none")) }
|
441
|
+
|
442
|
+
it "should not raise exception" do
|
443
|
+
expect { subject.register }.to_not raise_exception
|
444
|
+
end
|
445
|
+
end
|
446
|
+
["peer", "force_peer"].each do |verify_mode|
|
447
|
+
context "with verify_mode = #{verify_mode}" do
|
448
|
+
subject { LogStash::Inputs::Http.new("port" => port, "ssl" => true,
|
449
|
+
"ssl_certificate" => ssl_certificate.path,
|
450
|
+
"ssl_certificate_authorities" => ssl_certificate.path,
|
451
|
+
"ssl_key" => ssl_key.path,
|
452
|
+
"verify_mode" => verify_mode
|
453
|
+
) }
|
454
|
+
it "should not raise exception" do
|
455
|
+
expect { subject.register }.to_not raise_exception
|
456
|
+
end
|
457
|
+
end
|
458
|
+
end
|
459
|
+
|
460
|
+
context "with invalid cipher_suites" do
|
461
|
+
let(:config) { super().merge("cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
|
462
|
+
|
463
|
+
it "should raise a configuration error" do
|
464
|
+
expect( subject.logger ).to receive(:error) do |msg, opts|
|
465
|
+
expect( msg ).to match /.*?configuration invalid/
|
466
|
+
expect( opts[:message] ).to match /TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38.*? not available/
|
467
|
+
end
|
468
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError)
|
469
|
+
end
|
470
|
+
end
|
471
|
+
|
472
|
+
context "with invalid ssl certificate" do
|
473
|
+
before do
|
474
|
+
cert = File.readlines path = config["ssl_certificate"]
|
475
|
+
i = cert.index { |line| line.index('END CERTIFICATE') }
|
476
|
+
cert[i - 1] = ''
|
477
|
+
File.write path, cert.join("\n")
|
478
|
+
end
|
479
|
+
|
480
|
+
it "should raise a configuration error" do
|
481
|
+
expect( subject.logger ).to receive(:error) do |msg, opts|
|
482
|
+
expect( msg ).to match /SSL configuration invalid/
|
483
|
+
expect( opts[:message] ).to match /File does not contain valid certificate/i
|
484
|
+
end
|
485
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError)
|
486
|
+
end
|
487
|
+
end
|
488
|
+
|
489
|
+
context "with invalid ssl key config" do
|
490
|
+
let(:config) { super().merge("ssl_key_passphrase" => "1234567890") }
|
491
|
+
|
492
|
+
it "should raise a configuration error" do
|
493
|
+
expect( subject.logger ).to receive(:error) do |msg, opts|
|
494
|
+
expect( msg ).to match /SSL configuration invalid/
|
495
|
+
expect( opts[:message] ).to match /File does not contain valid private key/i
|
496
|
+
end
|
497
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError)
|
498
|
+
end
|
499
|
+
end
|
500
|
+
|
501
|
+
context "with invalid ssl certificate_authorities" do
|
502
|
+
let(:config) do
|
503
|
+
super().merge("ssl_verify_mode" => "peer",
|
504
|
+
"ssl_certificate_authorities" => [ ssc.certificate.path, ssc.private_key.path ])
|
505
|
+
end
|
506
|
+
|
507
|
+
it "should raise a cert error" do
|
508
|
+
expect( subject.logger ).to receive(:error) do |msg, opts|
|
509
|
+
expect( msg ).to match(/SSL configuration failed/), lambda { "unexpected: logger.error #{msg.inspect}, #{opts.inspect}" }
|
510
|
+
expect( opts[:message] ).to match /signed fields invalid/
|
511
|
+
end
|
512
|
+
begin
|
513
|
+
subject.register
|
514
|
+
rescue Java::JavaSecurityCert::CertificateParsingException
|
515
|
+
:pass
|
516
|
+
end
|
517
|
+
end
|
518
|
+
end
|
519
|
+
|
520
|
+
end
|
521
|
+
end
|
522
|
+
end
|