Skip to content

Commit 7dba5d1

Browse files
robbaveydonoghuc
andauthored
Mark previously deprecated SSL settings as obsolete (#149)
* Mark previously deprecated SSL settings as obsolete - SSL settings that were marked deprecated in version `5.6.0` are now marked obsolete, and will prevent the plugin from starting. - These settings are: - `cacert`, which should be replaced by `ssl_certificate_authorities` - `client_cert`, which should be replaced by `ssl_certificate` - `client_key`, which should be replaced by `ssl_key` - `keystore`, which should be replaced by `ssl_keystore_path` - `keystore_password`, which should be replaced by `ssl_keystore_password` - `keystore_type`, which should be replaced by `ssl_keystore_password` - `truststore`, which should be replaced by `ssl_truststore_path>` - `truststore_password`, which should be replaced by `ssl_truststore_password` - `truststore_type`, which should be replaced by `ssl_truststore_type` --------- Co-authored-by: Cas Donoghue <[email protected]>
1 parent b0c82dc commit 7dba5d1

File tree

5 files changed

+74
-97
lines changed

5 files changed

+74
-97
lines changed

CHANGELOG.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,17 @@
1+
## 6.0.0
2+
- SSL settings that were marked deprecated in version `5.6.0` are now marked obsolete, and will prevent the plugin from starting.
3+
- These settings are:
4+
- `cacert`, which should be replaced by `ssl_certificate_authorities`
5+
- `client_cert`, which should be replaced by `ssl_certificate`
6+
- `client_key`, which should be replaced by `ssl_key`
7+
- `keystore`, which should be replaced by `ssl_keystore_path`
8+
- `keystore_password`, which should be replaced by `ssl_keystore_password`
9+
- `keystore_type`, which should be replaced by `ssl_keystore_password`
10+
- `truststore`, which should be replaced by `ssl_truststore_path>`
11+
- `truststore_password`, which should be replaced by `ssl_truststore_password`
12+
- `truststore_type`, which should be replaced by `ssl_truststore_type`
13+
- [#149](https://github.com/logstash-plugins/logstash-input-http_poller/pull/149)
14+
115
## 5.6.0
216
- Added new `ssl_enabled` setting for enabling/disabling the SSL configurations [#146](https://github.com/logstash-plugins/logstash-input-http_poller/pull/146)
317

docs/index.asciidoc

Lines changed: 26 additions & 93 deletions
Original file line numberDiff line numberDiff line change
@@ -122,21 +122,19 @@ Here’s how ECS compatibility mode affects output.
122122

123123
This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
124124

125+
NOTE: As of version `6.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed.
126+
Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
127+
128+
125129
[cols="<,<,<",options="header",]
126130
|=======================================================================
127131
|Setting |Input type|Required
128132
| <<plugins-{type}s-{plugin}-automatic_retries>> |<<number,number>>|No
129-
| <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|__Deprecated__
130-
| <<plugins-{type}s-{plugin}-client_cert>> |a valid filesystem path|__Deprecated__
131-
| <<plugins-{type}s-{plugin}-client_key>> |a valid filesystem path|__Deprecated__
132133
| <<plugins-{type}s-{plugin}-connect_timeout>> |<<number,number>>|No
133134
| <<plugins-{type}s-{plugin}-cookies>> |<<boolean,boolean>>|No
134135
| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
135136
| <<plugins-{type}s-{plugin}-follow_redirects>> |<<boolean,boolean>>|No
136137
| <<plugins-{type}s-{plugin}-keepalive>> |<<boolean,boolean>>|No
137-
| <<plugins-{type}s-{plugin}-keystore>> |a valid filesystem path|__Deprecated__
138-
| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|__Deprecated__
139-
| <<plugins-{type}s-{plugin}-keystore_type>> |<<string,string>>|__Deprecated__
140138
| <<plugins-{type}s-{plugin}-metadata_target>> |<<string,string>>|No
141139
| <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
142140
| <<plugins-{type}s-{plugin}-pool_max>> |<<number,number>>|No
@@ -158,9 +156,6 @@ This plugin supports the following configuration options plus the <<plugins-{typ
158156
| <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
159157
| <<plugins-{type}s-{plugin}-ssl_verification_mode>> |<<string,string>>, one of `["full", "none"]`|No
160158
| <<plugins-{type}s-{plugin}-target>> |<<string,string>>|No
161-
| <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|__Deprecated__
162-
| <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|__Deprecated__
163-
| <<plugins-{type}s-{plugin}-truststore_type>> |<<string,string>>|__Deprecated__
164159
| <<plugins-{type}s-{plugin}-urls>> |<<hash,hash>>|Yes
165160
| <<plugins-{type}s-{plugin}-user>> |<<string,string>>|No
166161
| <<plugins-{type}s-{plugin}-validate_after_inactivity>> |<<number,number>>|No
@@ -181,33 +176,6 @@ How many times should the client retry a failing URL. We highly recommend NOT se
181176
to zero if keepalive is enabled. Some servers incorrectly end keepalives early requiring a retry!
182177
Note: if `retry_non_idempotent` is set only GET, HEAD, PUT, DELETE, OPTIONS, and TRACE requests will be retried.
183178

184-
[id="plugins-{type}s-{plugin}-cacert"]
185-
===== `cacert`
186-
deprecated[5.5.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate_authorities>>]
187-
188-
* Value type is <<path,path>>
189-
* There is no default value for this setting.
190-
191-
If you need to use a custom X.509 CA (.pem certs) specify the path to that here
192-
193-
[id="plugins-{type}s-{plugin}-client_cert"]
194-
===== `client_cert`
195-
deprecated[5.5.0, Replaced by <<plugins-{type}s-{plugin}-ssl_certificate>>]
196-
197-
* Value type is <<path,path>>
198-
* There is no default value for this setting.
199-
200-
If you'd like to use a client certificate (note, most people don't want this) set the path to the x509 cert here
201-
202-
[id="plugins-{type}s-{plugin}-client_key"]
203-
===== `client_key`
204-
deprecated[5.5.0, Replaced by <<plugins-{type}s-{plugin}-ssl_key>>]
205-
206-
* Value type is <<path,path>>
207-
* There is no default value for this setting.
208-
209-
If you're using a client certificate specify the path to the encryption key here
210-
211179
[id="plugins-{type}s-{plugin}-connect_timeout"]
212180
===== `connect_timeout`
213181

@@ -317,34 +285,6 @@ Should redirects be followed? Defaults to `true`
317285
Turn this on to enable HTTP keepalive support. We highly recommend setting `automatic_retries` to at least
318286
one with this to fix interactions with broken keepalive implementations.
319287

320-
[id="plugins-{type}s-{plugin}-keystore"]
321-
===== `keystore`
322-
deprecated[5.5.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_path>>]
323-
324-
* Value type is <<path,path>>
325-
* There is no default value for this setting.
326-
327-
If you need to use a custom keystore (`.jks`) specify that here. This does not work with .pem keys!
328-
329-
[id="plugins-{type}s-{plugin}-keystore_password"]
330-
===== `keystore_password`
331-
deprecated[5.5.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_password>>]
332-
333-
* Value type is <<password,password>>
334-
* There is no default value for this setting.
335-
336-
Specify the keystore password here.
337-
Note, most .jks files created with keytool require a password!
338-
339-
[id="plugins-{type}s-{plugin}-keystore_type"]
340-
===== `keystore_type`
341-
deprecated[5.5.0, Replaced by <<plugins-{type}s-{plugin}-ssl_keystore_type>>]
342-
343-
* Value type is <<string,string>>
344-
* Default value is `"JKS"`
345-
346-
Specify the keystore type here. One of `JKS` or `PKCS12`. Default is `JKS`
347-
348288
[id="plugins-{type}s-{plugin}-metadata_target"]
349289
===== `metadata_target`
350290

@@ -569,35 +509,6 @@ Define the target field for placing the received data. If this setting is omitte
569509
TIP: When ECS is enabled, set `target` in the codec (if the codec has a `target` option).
570510
Example: `codec => json { target => "TARGET_FIELD_NAME" }`
571511

572-
573-
[id="plugins-{type}s-{plugin}-truststore"]
574-
===== `truststore`
575-
deprecated[5.5.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_path>>]
576-
577-
* Value type is <<path,path>>
578-
* There is no default value for this setting.
579-
580-
If you need to use a custom truststore (`.jks`) specify that here. This does not work with .pem certs!
581-
582-
[id="plugins-{type}s-{plugin}-truststore_password"]
583-
===== `truststore_password`
584-
deprecated[5.5.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_password>>]
585-
586-
* Value type is <<password,password>>
587-
* There is no default value for this setting.
588-
589-
Specify the truststore password here.
590-
Note, most .jks files created with keytool require a password!
591-
592-
[id="plugins-{type}s-{plugin}-truststore_type"]
593-
===== `truststore_type`
594-
deprecated[5.5.0, Replaced by <<plugins-{type}s-{plugin}-ssl_truststore_type>>]
595-
596-
* Value type is <<string,string>>
597-
* Default value is `"JKS"`
598-
599-
Specify the truststore type here. One of `JKS` or `PKCS12`. Default is `JKS`
600-
601512
[id="plugins-{type}s-{plugin}-urls"]
602513
===== `urls`
603514

@@ -663,6 +574,28 @@ being leased to the consumer. Non-positive value passed to this method disables
663574
connection validation. This check helps detect connections that have become
664575
stale (half-closed) while kept inactive in the pool."
665576

577+
578+
[id="plugins-{type}s-{plugin}-obsolete-options"]
579+
==== HTTP Poller Input Obsolete Configuration Options
580+
581+
WARNING: As of version `6.0.0` of this plugin, some configuration options have been replaced.
582+
The plugin will fail to start if it contains any of these obsolete options.
583+
584+
[cols="<,<",options="header",]
585+
|=======================================================================
586+
|Setting|Replaced by
587+
| cacert |<<plugins-{type}s-{plugin}-ssl_certificate_authorities>>
588+
| client_cert |<<plugins-{type}s-{plugin}-ssl_certificate>>
589+
| client_key |<<plugins-{type}s-{plugin}-ssl_key>>
590+
| keystore |<<plugins-{type}s-{plugin}-ssl_keystore_path>>
591+
| keystore_password |<<plugins-{type}s-{plugin}-ssl_keystore_password>>
592+
| keystore_type |<<plugins-{type}s-{plugin}-ssl_keystore_password>>
593+
| truststore |<<plugins-{type}s-{plugin}-ssl_truststore_path>>
594+
| truststore_password |<<plugins-{type}s-{plugin}-ssl_truststore_password>>
595+
| truststore_type |<<plugins-{type}s-{plugin}-ssl_truststore_type>>
596+
|=======================================================================
597+
598+
666599
[id="plugins-{type}s-{plugin}-common-options"]
667600
include::{include_path}/{type}.asciidoc[]
668601

lib/logstash/inputs/http_poller.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
require 'logstash/plugin_mixins/scheduler'
1212

1313
class LogStash::Inputs::HTTP_Poller < LogStash::Inputs::Base
14-
include LogStash::PluginMixins::HttpClient[:with_deprecated => true]
14+
include LogStash::PluginMixins::HttpClient[:with_obsolete => true]
1515
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
1616
include LogStash::PluginMixins::ECSCompatibilitySupport::TargetCheck
1717
include LogStash::PluginMixins::EventSupport::EventFactoryAdapter

logstash-input-http_poller.gemspec

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
Gem::Specification.new do |s|
22
s.name = 'logstash-input-http_poller'
3-
s.version = '5.6.0'
3+
s.version = '6.0.0'
44
s.licenses = ['Apache License (2.0)']
55
s.summary = "Decodes the output of an HTTP API into events"
66
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
2020
# Gem dependencies
2121
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
2222
s.add_runtime_dependency 'logstash-codec-plain'
23-
s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.4.0", "< 8.0.0"
23+
s.add_runtime_dependency "logstash-mixin-http_client", ">= 7.5.0", "< 8.0.0"
2424
s.add_runtime_dependency 'logstash-mixin-scheduler', '~> 1.0'
2525
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.3'
2626
s.add_runtime_dependency 'logstash-mixin-event_support', '~> 1.0', '>= 1.0.1'

spec/inputs/http_poller_spec.rb

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -210,7 +210,7 @@
210210
context "given 'at' expression" do
211211
let(:opts) {
212212
{
213-
"schedule" => { "at" => "2000-01-01 00:05:00 +0000"},
213+
"schedule" => { "at" => "2000-01-01 00:15:00 +0000"},
214214
"urls" => default_urls,
215215
"codec" => "json",
216216
"metadata_target" => metadata_target
@@ -557,4 +557,34 @@ def run_plugin_and_yield_queue(plugin, sleep: nil)
557557
let(:allowed_lag) { 10 } # CI: wait till scheduler shuts down
558558
end
559559
end
560+
561+
describe "obsolete settings" do
562+
let(:default_url) { "http://localhost:2322" }
563+
let(:config) {
564+
{
565+
"schedule" => { "cron" => "0 0 0 0 0 UTC" },
566+
"urls" => default_urls,
567+
"codec" => "json"
568+
}
569+
}
570+
[{:name => 'cacert', :canonical_name => 'ssl_certificate_authorities'},
571+
{:name => 'client_cert', :canonical_name => 'ssl_certificate'},
572+
{:name => 'client_key', :canonical_name => 'ssl_key'},
573+
{:name => "keystore", :canonical_name => 'ssl_keystore_path'},
574+
{:name => 'truststore', :canonical_name => 'ssl_truststore_path'},
575+
{:name => "keystore_password", :canonical_name => "ssl_keystore_password"},
576+
{:name => 'truststore_password', :canonical_name => "ssl_truststore_password"},
577+
{:name => "keystore_type", :canonical_name => "ssl_keystore_type"},
578+
{:name => 'truststore_type', :canonical_name => 'ssl_truststore_type'}
579+
].each do |settings|
580+
context "with option #{settings[:name]}" do
581+
let(:obsolete_config) { config.merge(settings[:name] => 'test_value') }
582+
583+
it "emits an error about the setting `#{settings[:name]}` now being obsolete and provides guidance to use `#{settings[:canonical_name]}`" do
584+
error_text = /The setting `#{settings[:name]}` in plugin `http_poller` is obsolete and is no longer available. Use `#{settings[:canonical_name]}` instead/i
585+
expect { LogStash::Inputs::HTTP_Poller.new(obsolete_config)}.to raise_error LogStash::ConfigurationError, error_text
586+
end
587+
end
588+
end
589+
end
560590
end

0 commit comments

Comments
 (0)