diff --git a/.ci/Dockerfile b/.ci/Dockerfile deleted file mode 100644 index db5c59e8..00000000 --- a/.ci/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -ARG ELASTIC_STACK_VERSION -FROM docker.elastic.co/logstash/logstash:$ELASTIC_STACK_VERSION -USER root -RUN yum install -y openssl -USER logstash -COPY --chown=logstash:logstash Gemfile /usr/share/plugins/plugin/Gemfile -COPY --chown=logstash:logstash *.gemspec VERSION* version* /usr/share/plugins/plugin/ -RUN cp /usr/share/logstash/logstash-core/versions-gem-copy.yml /usr/share/logstash/versions.yml -ENV PATH="${PATH}:/usr/share/logstash/vendor/jruby/bin:/usr/share/logstash/jdk/bin" -ENV LOGSTASH_SOURCE="1" -ENV ELASTIC_STACK_VERSION=$ELASTIC_STACK_VERSION -# DISTRIBUTION="default" (by default) or "oss" -ARG DISTRIBUTION -ENV DISTRIBUTION=$DISTRIBUTION -# INTEGRATION="true" while integration testing (false-y by default) -ARG INTEGRATION -ENV INTEGRATION=$INTEGRATION -RUN gem install bundler -v '< 2' -WORKDIR /usr/share/plugins/plugin -RUN bundle install --with test ci -COPY --chown=logstash:logstash . /usr/share/plugins/plugin -RUN bundle exec rake vendor -RUN .ci/setup.sh diff --git a/.ci/run.sh b/.ci/run.sh index 2d9dc683..ed8bd466 100755 --- a/.ci/run.sh +++ b/.ci/run.sh @@ -5,6 +5,7 @@ env set -ex -bundle exec rspec spec -bundle exec rake test:integration:setup -bundle exec rspec spec --tag integration -fd +jruby -rbundler/setup -S rspec -fd + +jruby -rbundler/setup -S rake test:integration:setup +jruby -rbundler/setup -S rspec spec --tag integration -fd diff --git a/.ci/setup.sh b/.ci/setup.sh new file mode 100755 index 00000000..29b865c8 --- /dev/null +++ b/.ci/setup.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ $(command -v apt) ]; then + sudo apt install -y openssl +else + sudo yum install -y openssl +fi \ No newline at end of file diff --git a/spec/inputs/beats_spec.rb b/spec/inputs/beats_spec.rb index 301571ef..c3cb86aa 100644 --- a/spec/inputs/beats_spec.rb +++ b/spec/inputs/beats_spec.rb @@ -166,7 +166,14 @@ end context "tls meta-data" do - let(:config) { super().merge("host" => host, "ssl_peer_metadata" => true, "ssl_certificate_authorities" => [ certificate.ssl_cert ]) } + let(:config) do + super().merge( + "host" => host, + "ssl_peer_metadata" => true, + "ssl_certificate_authorities" => [ certificate.ssl_cert ], + "ecs_compatibility" => 'disabled' + ) + end let(:host) { "192.168.1.20" } let(:port) { 9002 } diff --git a/spec/integration/filebeat_spec.rb b/spec/integration/filebeat_spec.rb index 885ce45c..e08a8a63 100644 --- a/spec/integration/filebeat_spec.rb +++ b/spec/integration/filebeat_spec.rb @@ -177,27 +177,34 @@ # Refactor this to use Flores's PKI instead of openssl command line # see: https://github.com/jordansissel/ruby-flores/issues/7 context "with a passphrase" do - let!(:temporary_directory) { Stud::Temporary.pathname } - let(:certificate_key_file) { ::File.join(temporary_directory, "certificate.key") } - let(:certificate_key_file_pkcs8) { ::File.join(temporary_directory, "certificate.pkcs8.key") } - let(:certificate_file) { ::File.join(temporary_directory, "certificate.crt") } - let(:passphrase) { "foobar" } - let(:beats) { - # Since we are using a shared context, this not obvious to make sure the openssl command - # is run before starting beats so we do it just before initializing it. - FileUtils.mkdir_p(temporary_directory) - openssl_cmd = "openssl req -x509 -batch -newkey rsa:2048 -keyout #{temporary_directory}/certificate.key -out #{temporary_directory}/certificate.crt -subj /CN=localhost -passout pass:#{passphrase}" - system(openssl_cmd) - convert_key_cmd = "openssl pkcs8 -topk8 -in #{temporary_directory}/certificate.key -out #{certificate_key_file_pkcs8} -passin pass:#{passphrase} -passout pass:#{passphrase}" - system(convert_key_cmd) - - LogStash::Inputs::Beats.new(input_config) - } - let(:input_config) { - super().merge({ - "ssl_key_passphrase" => passphrase, - "ssl_key" => certificate_key_file_pkcs8 - })} + + before(:all) do + @passphrase = "foobar".freeze + + FileUtils.mkdir_p temporary_directory = Stud::Temporary.pathname + + cert_key = ::File.join(temporary_directory, "certificate.key") + @cert_pub = ::File.join(temporary_directory, "certificate.crt") + @cert_key_pkcs8 = ::File.join(temporary_directory, "certificate.key.pkcs8") + + cmd = "openssl req -x509 -batch -newkey rsa:2048 -keyout #{cert_key} -out #{@cert_pub} -passout pass:#{@passphrase} -subj \"/C=EU/O=Logstash/CN=localhost\"" + unless system(cmd) + fail "failed to run openssl command: #{$?} \n#{cmd}" + end + + # NOTE: CentOS 7 base image (LS < 7.17) uses OpenSSL 1.0 while later is using Ubuntu 20.04 with OpenSSL 1.1.1 + # the default algorithm for `openssl pkcs8 -topk8` changed to -v2 which Java does not support (see GH-443) + cmd = "openssl pkcs8 -topk8 -in #{cert_key} -out #{@cert_key_pkcs8} -v1 PBE-SHA1-RC2-128 -passin pass:#{@passphrase} -passout pass:#{@passphrase}" + unless system(cmd) + fail "failed to run openssl command: #{$?} \n#{cmd}" + end + end + + let(:certificate_authorities) { [ @cert_pub ] } + + let(:input_config) do + super().merge("ssl_key_passphrase" => @passphrase, "ssl_key" => @cert_key_pkcs8, "ssl_certificate" => @cert_pub) + end include_examples "send events" end diff --git a/spec/support/integration_shared_context.rb b/spec/support/integration_shared_context.rb index acb27443..9bdb70d6 100644 --- a/spec/support/integration_shared_context.rb +++ b/spec/support/integration_shared_context.rb @@ -50,6 +50,7 @@ begin beats.run(queue) rescue => e + warn e.inspect if $VERBOSE retry unless beats.stop? end end