* Improve smoke tests for observability SRE image
This commit adds a new rspec test to run the observability SRE container in a
docker compose network with filebeat and elasticsearch. It uses some simple test
data through a pipeline with plugins we expect to be used in production. The
rspec tests will ensure the test data is flowing from filebeat to logstash to
elasticsearch by querying elasticsearch for expected transformed data.
* REVERT ME: debug whats goig on in CI :(
* Run filebeat container as root
* Work around strict file ownership perms for filebeat
We add the filebeat config in a volume, the permissions checks fail due test
runner not being a root user. This commit disables that check in filebeat as
seems to be the consensus solution online for example: https://event-driven.io/en/tricks_on_how_to_set_up_related_docker_images/
* Dynaimcally generate PKI instead of checking it in
Instead of checking in PKI, dynamically generate it with gradle task for
starting containers and running the tests. This improvement avoids github
warning of checked in keys and avoid expiration headaches. Generation is very
fast and does not add any significant overhead to test setup.
* Remove use of "should" in rspec docstrings
see https://github.com/rubocop/rspec-style-guide?tab=readme-ov-file#should-in-example-docstrings
* Ensure permissions readable for volume
Now that certs are dynamically generated, ensure they are able to be read in container
* Use elasticsearch-fips image for smoke testing
* Add git ignore for temp certs
* x-pack: add fips_validation plugin to be included in fips builds
The `logstash-integration-fips_validation` plugin provides no runtime
pipeline plugins, but instead provides hooks to ensure that the logstash
process is correctly configured for compliance with FIPS 140-3.
It is installed while building the observabilitySRE artifacts.
* fips validation: ensure BCFIPS,BCJSSE,SUN are first 3 security providers
* remove re-injection of BCFIPS jars
* Update lib/bootstrap/rubygems.rb
* add integration spec for fips_validation plugin
* add missing logstash_plugin helper
* fixup
* skip non-fips spec on fips-configured artifact, add spec details
* Fix empty node stats pipelines (#17185) (#17197)
Fixed an issue where the `/_node/stats` API displayed empty pipeline metrics
when X-Pack monitoring was enabled
(cherry picked from commit 86785815bd)
Co-authored-by: kaisecheng <69120390+kaisecheng@users.noreply.github.com>
* Update z_rubycheck.rake to no longer inject Xmx1g (#17211)
This allows the environment variable JRUBY_OPTS to be used for setting properties like Xmx
original pr: #16420
(cherry picked from commit f562f37df2)
Co-authored-by: kaisecheng <69120390+kaisecheng@users.noreply.github.com>
* Improve warning for insufficient file resources for PQ max_bytes (#16656) (#17222)
This commit refactors the `PersistedQueueConfigValidator` class to provide a
more detailed, accurate and actionable warning when pipeline's PQ configs are at
risk of running out of disk space. See
https://github.com/elastic/logstash/issues/14839 for design considerations. The
highlights of the changes include accurately determining the free resources on a
filesystem disk and then providing a breakdown of the usage for each of the
paths configured for a queue.
(cherry picked from commit 062154494a)
Co-authored-by: Cas Donoghue <cas.donoghue@gmail.com>
* gradle task migrate to the new artifacts-api (#17232) (#17236)
This commit migrates gradle task to the new artifacts-api
- remove dependency on staging artifacts
- all builds use snapshot artifacts
- resolve version from current branch, major.x, previous minor,
with priority given in that order.
Co-authored-by: Andrea Selva <selva.andre@gmail.com>
(cherry picked from commit 0a745686f6)
Co-authored-by: kaisecheng <69120390+kaisecheng@users.noreply.github.com>
* tests: ls2ls delay checking until events have been processed (#17167) (#17252)
* tests: ls2ls delay checking until events have been processed
* Make sure upstream sends expected number of events before checking the expectation with downstream. Remove unnecessary or duplicated logics from the spec.
* Add exception handling in `wait_for_rest_api` to make wait for LS REST API retriable.
---------
Co-authored-by: Mashhur <mashhur.sattorov@elastic.co>
Co-authored-by: Mashhur <99575341+mashhurs@users.noreply.github.com>
(cherry picked from commit 73ffa243bf)
Co-authored-by: Ry Biesemeyer <yaauie@users.noreply.github.com>
* Additional cleanify changes to ls2ls integ tests (#17246) (#17255)
* Additional cleanify changes to ls2ls integ tests: replace heartbeat-input with reload option, set queue drain to get consistent result.
(cherry picked from commit 1e06eea86e)
Co-authored-by: Mashhur <99575341+mashhurs@users.noreply.github.com>
* [8.x] Reimplement LogStash::Numeric setting in Java (backport #17127) (#17273)
This is an automatic backport of pull request #17127 done by [Mergify](https://mergify.com).
----
* Reimplement LogStash::Numeric setting in Java (#17127)
Reimplements `LogStash::Setting::Numeric` Ruby setting class into the `org.logstash.settings.NumericSetting` and exposes it through `java_import` as `LogStash::Setting::NumericSetting`.
Updates the rspec tests:
- verifies `java.lang.IllegalArgumentException` instead of `ArgumentError` is thrown because the kind of exception thrown by Java code, during verification.
(cherry picked from commit 07a3c8e73b)
* Fixed reference of SettingNumeric class (on main modules were removed)
---------
Co-authored-by: Andrea Selva <selva.andre@gmail.com>
* [CI] Health report integration tests use the new artifacts-api (#17274) (#17277)
migrate to the new artifacts-api
(cherry picked from commit feb2b92ba2)
Co-authored-by: kaisecheng <69120390+kaisecheng@users.noreply.github.com>
* Backport 17203 and 17267 8.x (#17270)
* Pluginmanager clean after mutate (#17203)
* pluginmanager: always clean after mutate
* pluginmanager: don't skip updating plugins installed with --version
* pr feedback
(cherry picked from commit 8c96913807)
* Pluginmanager install preserve (#17267)
* tests: integration tests for pluginmanager install --preserve
* fix regression where pluginmanager's install --preserve flag didn't
* [Backport 8.x] benchmark script (#17283)
This commit cherry-picked the missing becnhmark script PRs
The deprecated artifacts-api is removed
[CI] benchmark uses the new artifacts-api (#17224)
[CI] benchmark readme (#16783)
Introduce a new flag to explicitly permit legacy monitoring (#16586) (Only take the benchmark script)
[ci] fix wrong queue type in benchmark marathon (#16465)
[CI] fix benchmark marathon (#16447)
[CI] benchmark dashboard and pipeline for testing against multiple versions (#16421)
* Fix pqcheck and pqrepair on Windows (#17210) (#17259)
A recent change to pqheck, attempted to address an issue where the
pqcheck would not on Windows mahcines when located in a folder containing
a space, such as "C:\program files\elastic\logstash". While this fixed an
issue with spaces in folders, it introduced a new issue related to Java options,
and the pqcheck was still unable to run on Windows.
This PR attempts to address the issue, by removing the quotes around the Java options,
which caused the option parsing to fail, and instead removes the explicit setting of
the classpath - the use of `set CLASSPATH=` in the `:concat` function is sufficient
to set the classpath, and should also fix the spaces issue
Fixes: #17209
(cherry picked from commit ba5f21576c)
Co-authored-by: Rob Bavey <rob.bavey@elastic.co>
* Shareable function for partitioning integration tests (#17223) (#17303)
For the fedramp high work https://github.com/elastic/logstash/pull/17038/files a
use case for multiple scripts consuming the partitioning functionality emerged.
As we look to more advanced partitioning we want to ensure that the
functionality will be consumable from multiple scripts.
See https://github.com/elastic/logstash/pull/17219#issuecomment-2698650296
(cherry picked from commit d916972877)
Co-authored-by: Cas Donoghue <cas.donoghue@gmail.com>
* [8.x] Surface failures from nested rake/shell tasks (backport #17310) (#17317)
* Surface failures from nested rake/shell tasks (#17310)
Previously when rake would shell out the output would be lost. This
made debugging CI logs difficult. This commit updates the stack with
improved message surfacing on error.
(cherry picked from commit 0d931a502a)
# Conflicts:
# rubyUtils.gradle
* Extend ruby linting tasks to handle file inputs (#16660)
This commit extends the gradle and rake tasks to pass through a list of files
for rubocop to lint. This allows more specificity and fine grained control for
linting when the consumer of the tasks only wishes to lint a select few files.
* Ensure shellwords library is loaded
Without this depending on task load order `Shellwords` may not be available.
---------
Co-authored-by: Cas Donoghue <cas.donoghue@gmail.com>
* Forward Port of Release notes for `8.16.5` and `8.17.3` (#17187), (#17188) (#17266) (#17321)
* Forward Port of Release notes for 8.17.3 (#17187)
* Update release notes for 8.17.3
---------
Co-authored-by: logstashmachine <43502315+logstashmachine@users.noreply.github.com>
Co-authored-by: Rob Bavey <rob.bavey@elastic.co>
* Forward Port of Release notes for 8.16.5 (#17188)
* Update release notes for 8.16.5
---------
Co-authored-by: logstashmachine <43502315+logstashmachine@users.noreply.github.com>
Co-authored-by: Rob Bavey <rob.bavey@elastic.co>
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: logstashmachine <43502315+logstashmachine@users.noreply.github.com>
(cherry picked from commit 63e8fd1d21)
Co-authored-by: Rob Bavey <rob.bavey@elastic.co>
* Add Deprecation tag to arcsight module (#17331)
* [8.x] Upgrade elasticsearch-ruby client. (backport #17161) (#17306)
* Upgrade elasticsearch-ruby client. (#17161)
* Fix Faraday removed basic auth option and apply the ES client module name change.
(cherry picked from commit e748488e4a)
* Apply the required changes in elasticsearch_client.rb after upgrading the elasticsearch-ruby client to 8.x
* Swallow the exception and make non-connectable client when ES client raises connection refuses exception.
---------
Co-authored-by: Mashhur <99575341+mashhurs@users.noreply.github.com>
Co-authored-by: Mashhur <mashhur.sattorov@elastic.co>
* Removed unused configHash computation that can be replaced by PipelineConfig.configHash() (#17336) (#17345)
Removed unused configHash computation happening in AbstractPipeline and used only in tests replaced by PipelineConfig.configHash() invocation
(cherry picked from commit 787fd2c62f)
Co-authored-by: Andrea Selva <selva.andre@gmail.com>
* Use org.logstash.common.Util to hashing by default to SHA256 (#17346) (#17352)
Removes the usage fo Apache Commons Codec MessgeDigest to use internal Util class with embodies hashing methods.
(cherry picked from commit 9c0e50faac)
Co-authored-by: Andrea Selva <selva.andre@gmail.com>
* Added test to verify the int overflow happen (#17353) (#17354)
Use long instead of int type to keep the length of the first token.
The size limit validation requires to sum two integers, one with the length of the accumulated chars till now plus the next fragment head part. If any of the two sizes is close to the max integer it generates an overflow and could successfully fail the test 9c0e50faac/logstash-core/src/main/java/org/logstash/common/BufferedTokenizerExt.java (L123).
To fall in this case it's required that sizeLimit is bigger then 2^32 bytes (2GB) and data fragments without any line delimiter is pushed to the tokenizer with a total size close to 2^32 bytes.
(cherry picked from commit afde43f918)
Co-authored-by: Andrea Selva <selva.andre@gmail.com>
* [8.x] add ci shared qualified-version script (backport #17311) (#17348)
* add ci shared qualified-version script (#17311)
* ci: add shareable script for generating qualified version
* ci: use shared script to generate qualified version
(cherry picked from commit 10b5a84f84)
# Conflicts:
# .buildkite/scripts/dra/build_docker.sh
* resolve merge conflict
---------
Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com>
* tests: make integration split quantity configurable (#17219) (#17367)
* tests: make integration split quantity configurable
Refactors shared splitter bash function to take a list of files on stdin
and split into a configurable number of partitions, emitting only those from
the currently-selected partition to stdout.
Also refactors the only caller in the integration_tests launcher script to
accept an optional partition_count parameter (defaulting to `2` for backward-
compatibility), to provide the list of specs to the function's stdin, and to
output relevant information about the quantity of partition splits and which
was selected.
* ci: run integration tests in 3 parts
(cherry picked from commit 3e0f488df2)
Co-authored-by: Rye Biesemeyer <yaauie@users.noreply.github.com>
* Update buildkite with new patterns from 8.x
This commit updates the buildkite definitions to be compatible with the
upstream 8.x branch. Specificially:
- Split integration tests for fips into 3 runners.
- Use the new shared bash helper for computing QUALIFIED_VERSION
It also continues standardization of using a "fedrampHighMode" for indicating
the tests should be running in the context of our custom image for the SRE team.
* Bug fix: Actually use shared integration_tests.sh file
After refactoring to use the same script, I forgot to actually use it
in the buildkite definition...
---------
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: kaisecheng <69120390+kaisecheng@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Ry Biesemeyer <yaauie@users.noreply.github.com>
Co-authored-by: Mashhur <99575341+mashhurs@users.noreply.github.com>
Co-authored-by: Andrea Selva <selva.andre@gmail.com>
Co-authored-by: Rob Bavey <rob.bavey@elastic.co>
Co-authored-by: Mashhur <mashhur.sattorov@elastic.co>
* Conditionally install bcfips jars when building for observabilitySRE
This commit implements a pattern for performing specific gradle tasks based on a
newly named "fedrampHighMode" option. This option is used to configure tests to
run with additional configuration specific to the observabilitySRE use case.
Similarly the additional jar dependencies for bouncycastle fips providers are
conditionally installed gated on the "fedrampHighMode" option.
In order to ensure the the "fedrampHighMode" option persists through the layers
of sub-processes spawned between gradle and rake we store and respect an
environment variable FEDRAMP_HIGH_MODE. This may be useful generally in building
the docker image.
Try codereview suggestion
* Use gradle pattern for setting properties with env vars
Gradle has a mechanism for setting properties with environment variables
prefixed with `ORG_GRADLE_PROJECT`. This commit updates the gradle tasks to use
that pattern.
See
https://docs.gradle.org/current/userguide/build_environment.html#setting_a_project_property
for details.
* Add a smoke test for observability SRE container
Add a CI cell to ensure the observability contater is building successfully. In
order to show success run a quick smoke test to point out any glaring issues.
This adds some general, low risk plugins for doing quick testing. This will help
developers in debugging as we work on this image.
* Show what is happening when rake fails
* Debug deeper in the stack
Show the stdout/stderr when shelling out fails.
* Debug layers of build tooling
Open3 is not capturing stdout for some reason. Capture it and print to see what is wrong in CI.
* Actually run ls command in docker container 🤦
* Update safe_system based on code review suggestion
* Dynamically generate version for container invocation
Co-authored-by: Ry Biesemeyer <yaauie@users.noreply.github.com>
* Refactor smoke test setup to script
Avoid interpolation backflips with buildkite by extracting to a script.
* Split out message surfacing improvment to separate PR.
Moved to: https://github.com/elastic/logstash/pull/17310
* Extract version qualifier into standalone script
* Wait for version-qualifier.sh script to land upstream
Use https://github.com/elastic/logstash/pull/17311 once it lands and gets
backported to 8.x. For now just hard code version.
---------
Co-authored-by: Ry Biesemeyer <yaauie@users.noreply.github.com>
This commit adds two new CI cells to cover x-pack tests running in FIPS mode.
This ensures we have coverage of these features when running existing x-pack
tests.
* Modify FIPS test runner environment for integration tests
This commit makes two small changes to the dockerfile used to define the fips
test environment. Specifically it adds curl (which is required by integration
tests), make (which is required by test setup), adds a c compiler (gcc and glibc
for integration tests which compile a small c program) and turns off debug ssl
logging as it is extremely noisy in logs and breaking some assumptions in
tests about logfile content.
Closes https://github.com/elastic/ingest-dev/issues/5074
* Do not run test env as root
The elastic stack is not meant to be run as root. This commit updates the test
environment to provision a non root user and have the container context execute
under that providioned user.
Closes https://github.com/elastic/ingest-dev/issues/5088
* Skip unit tests that reach out to rubygems for fips mode
The `update` test setup reaches out to rubygems with net/http which is
incompatible with our use of openssl in fips mode. This commit skips those tests
when running under fips.
See https://github.com/elastic/ingest-dev/issues/5071
* Work around random data request limits in BCFIPS
This commit changes test setup to make chunked calls to random data generation
in order to work around a limit in fips mode.
See https://github.com/elastic/ingest-dev/issues/5072 for details.
* Skip tests validating openssl defaults
Openssl will not be used when running under FIPS mode. The test setup and tests
themselves were failing when running in FIPS mode. This commit skips the tests
that are covering behavior that will be disabled.
See https://github.com/elastic/ingest-dev/issues/5069
* Skip tests that require pluginmanager to install plugins
This commit skips tests that rely on using the pluginmanager to install plugins
during tests which require reaching out to rubygems.
See https://github.com/elastic/ingest-dev/issues/5108
* Skip prepare offline pack integration tests in fips mode
The offline pack tests require on pluginmanager to use net-http library for
resolving deps. This will not operate under fips mode. Skip when running in fips
mode.
See https://github.com/elastic/ingest-dev/issues/5109
* Ensure a gem executible is on path for test setup
This commit modifies the generate-gems script to ensure that a `gem` executable
is on the path. If there is not one on the test runner, then use the one bundled
with vendored jruby.
* Skip webserver specs when running in FIPS mode
This commit skips the existing webserver tests. We have some options and need to
understand some requirements for the webserver functionality for fips mode. The
https://github.com/elastic/ingest-dev/issues/5110 issue has a ton of details.
* Skip cli `remove` integration tests for FIPS
This commit skips tests that are running `remove` action for the pluginmanager.
These require reaching out to rubygems which is not available in FIPS mode.
These tests were added post initial integration tests scoping work but are
clearly requiring skips for FIPS mode.
* Add openssl package to FIPS testing env container
The setup script for filebeats requires an openssl executable. This commit
updates the testing container with this tool.
See https://github.com/elastic/ingest-dev/issues/5107
* Re-introduce retries for FIPS tests now that we are in a passing state
* Run ruby unit tests under FIPS mode
This commit shows a proposed pattern for running automated tests for logstash in
FIPS mode. It uses a new identifier in gradle for conditionally setting
properties to configure fips mode. The tests are run in a container
representative of the base image the final artifacts will be built from.
* Move everything from qa/fips -> x-pack
This commit moves test setup/config under x-pack dir.
* Extend test pipelines for fips mode to java unit tests and integration
* Add git to container for gradle
* move fips-mode gradle hooks to x-pack
* Skip license check for now
---------
Co-authored-by: Ry Biesemeyer <ry.biesemeyer@elastic.co>
Non clean backport of #16576
----
Reimplements `LogStash::Setting::String` Ruby setting class into the `org.logstash.settings.SettingString` and exposes it through `java_import` as `LogStash::Setting::SettingString`.
Updates the rspec tests in two ways:
- logging mock is now converted to real Log4J appender that spy log line that are later verified
- verifies `java.lang.IllegalArgumentException` instead of `ArgumentError` is thrown because the kind of exception thrown by Java code, during verification.
* Fixed the rename of NullableString to SettingNullableString
* Fixed runner test to use real spy logger from Java Settings instead of mock test double
* [test] Fix xpack test to check for http_address stats only if the webserver is enabled (#16525)
Set the 'api.enabled' setting to reflect the flag webserver_enabled and consequently test for http_address presence in settings iff the web server is enabled.
(cherry picked from commit 648472106f)
* Update also the global LogStash::SETTINGS's 'api.enabled' setting value becuase used in the constructor of StatsEventFactory and needs to be in synch with the settings provided to the Agent constructor
---------
Co-authored-by: Andrea Selva <selva.andre@gmail.com>
* geoip: extract database manager to stand-alone feature
Introduces an Elastic-licensed GeoipDatabaseManagement tool that can be used
by ANY plugin running on Elastic-licensed Logstash to retrieve a subscription
to a GeoIP database that ensures EULA-compliance and frequent updates, and
migrates the previous Elastic-licensed code-in-Logstash-core extension to
the Geoip Filter to use this new tool, requiring ZERO changes to in-the-wild
versions of the plugin.
The implementation of the new tool follows the previous implementation as
closely as possible, but presents a new interface that ensures that a
consumer can ATOMICALLY subscribe to a database path without risk that the
subscriber will receive an update or expiry before it is finished applying
the initial value:
~~~ ruby
geoip_manager = LogStash::GeoipDatabaseManagement::Manager.instance
subscription = geoip_manager.subscribe('City')
subscription.observe(construct: ->(initial_dbinfo){ },
on_update: ->(updated_dbinfo){ },
on_expire: ->( _ ){ })
subscription.release!
~~~
* docs: link in geoip database manager docs
* docs: reorganize pending 'geoip database management' feature
* docs: link to geoip pages from feature index
* geoip: add SubscriptionObserver "interface"
simplifies using Subscription#observe from Java
* geoip: fixup SubscriptionObserver after rename
* geoip: quacking like a SubscriptionObserver is enough
* geoip: simplify constants of legacy geoip filter extension
* geoip: bump logging level to debug for non-actionable log
* geoip: refine log message to omit non-actionable info
* re-enable invokedynamic (was disabled to avoid upstream bug)
* geoip: resolve testing fall-out from filter extension's "private" constants removal
* geoip: consistently use `DataPath#resolve` internally, too
This commit adds a call to identify serverless cluster before fetching `/_xpack` to verify the license and supported features.
When it is serverless, the license checker uses hardcoded xpack info instead of calling xpack API. The internal pipeline of monitoring is disabled and logs error when configured to use legacy monitoring.
Fixes:
ingest-dev#2303
ingest-dev#2284
Co-authored-by: Rob Bavey <rob.bavey@elastic.co>
Set of changes to make Logstash compatible to JRuby 9.4.
Bundle JRuby 9.4.3.0
- Redefine space token in `LSCL` and `grammar` treetop from `_` which would generated methods in the form `def _0` (deprecated since `2.7`) to `sc`.
- `I18n.t` method doesn't accept hash as second argument
- `URI.encode` has been replaced with same functionality with `URI::Parser.new.escape`
- `YAML.load` needs explicit `fallback: false` to return false when the yaml string is empty (or contains only comments)
- JRuby's `JavaClass` has been removed, now it can use `java.lang.Class` directly
- explicitly require gem `thwait` to satisfy `require "thwait"` (In `Gemfile.template` and `logstash-core/logstash-core.gemspec`)
- fix not args `clone` to be `def clone(*args)`
- fix `Enumeration.each_slice` which from `Ruby 3.1` is [chainable](https://rubyreferences.github.io/rubychanges/3.1.html#enumerableeach_cons-and-each_slice-return-a-receiver) and doesn't return `nil`. JRuby fixed in https://github.com/jruby/jruby/issues/7015
- Expanded `Down.download` arguments map ca16bbed3c302006967413eb9d3862f2da81f7ae
- Avoid to pass `nil` in the list of couples used in `Hash[ <list of couples> ]` which from Ruby `3.0` generates an `ArgumentError`
- Removed space not allowed between method name and parentheses `initialize (` is forbidden. 29b607dcdef98f81a73ad171639fd13aaa65e243
- With [Ruby 2.7 the `Kernel#open`](https://rubyreferences.github.io/rubychanges/2.7.html#network-and-web) doesn't fallback to `URI#open`, fixed test code that used that to verify open port. e5b70de54c5301f51a767da67294092af0cfafdc
- Avoid to drop `rdoc/` folder from vendored JRuby else `bin/logstash -i irb` would crash, commit b71f73e9c6edb81a7b7ae1305047e506f61c6e8c
Co-authored-by: João Duarte <jsvd@users.noreply.github.com>
This commit adds missing Elasticsearch SSL settings and replaces deprecated options being used on `xpack.monitoring.*` and `xpack.management.*` settings:
Changes:
- Updated deprecated monitoring and management Elasticsearch's SSL settings so no warnings are logged.
- Added monitoring settings support for file-based certificates and for the cipher suites: `xpack.monitoring.elasticsearch.ssl.certificate`, `xpack.monitoring.elasticsearch.ssl.key`, and `xpack.monitoring.elasticsearch.ssl.cipher_suites`.
- Added management settings support for file-based certificates and for the cipher suites: `xpack.management.elasticsearch.ssl.certificate`, `xpack.management.elasticsearch.ssl.key`, and `xpack.management.elasticsearch.ssl.cipher_suites`.
This commit adds a new logstash.yml setting "xpack.geoip.downloader.enabled" to disable the GeoIP databases auto-update feature. When disabled, Logstash will fall back to the CC database license indefinitely and delete any previously downloaded EULA databases.
Closes#14724
The Module is broken with the current version. The Type needs to be changed from syslog to _doc to fix the issue.
* remove dangling setting and add arcsight index suffixes
* add tests for new suffix in arcsight module
Co-authored-by: Tobias Schröer <tobias@schroeer.ch>
* add `ca_trusted_fingerprint` to core features (monitoring/central-management)
* Rely on released ES output
* fix: ensure commented-out examples in logstash.yml are functionally correct
* add admonition for how to get a trusted CA's fingerprint
* Refactor: require treetop/runtime - avoids loading polyglot
* Build: instruct Bundler not to auto-load polyglot/treetop
+ Build: these deps are properly required as needed
all of them only used in one place (outside of normal bootstrap)
This commit updates the version of jruby used in Logstash to `9.3.4.0`.
* Updates the references of `jruby` from `9.2.20.1` to `9.3.4.0`
* Updates references/locations of ruby from `2.5.0` to `2.6.0`
* Updates java imports including `org.logstash.util` to be quoted
* Without quoting the name of the import, the following error is observed in tests:
* `java.lang.NoClassDefFoundError: org/logstash/Util (wrong name: org/logstash/util)`
* Maybe an instance of https://github.com/jruby/jruby/issues/4861
* Adds a monkey patch to `require` to resolve compatibility issue between latest `jruby` and `polyglot` gem
* The addition of https://github.com/jruby/jruby/pull/7145 to disallow circular
causes, will throw when `polyglot` is thrown into the mix, and stop logstash from
starting and building - any gems that use an exception to determine whether or not
to load the native gem, will trigger the code added in that commit.
* This commit adds a monkey patch of `require` to rollback the circular cause exception
back to the original cause.
* Removes the use of the deprecated `JavaClass`
* Adds additional `require time` in `generate_build_metadata`
* Rewrites a test helper to avoid potentially calling `~>` on `FalseClass`
Co-authored-by: Joao Duarte <jsvduarte@gmail.com>
Co-authored-by: João Duarte <jsvd@users.noreply.github.com>
* [Central Pipeline Management] Fetch pipelines with wildcard IDs from ES and apply. #14076
* URL encoding applied, code review feedbacks taken: unit test case for getting es version API and separate method for ES wildcard support.
This commit is a forward port of #13925.
Covered all calls to ES with retryable when accessing the central management to query the pipelines configurations.
Wraps the calls to the central management Elasticsearch cluster with the utility class Stud::Try to handle the remote host error when the client used to connect hit a not available node.
Co-authored-by: Ry Biesemeyer <yaauie@users.noreply.github.com>
This PR substitutes ${VAR} in Expression, except RegexValueExpression, with the value in secret store, env.
The substitution happens after syntax parsing and before graph execution.
Fixed: #5115
* add product origin header to license checks
* add origin header to Central Management config fetcher
* add origin header to ES output for Monitoring pipeline
