Coder Social home page Coder Social logo

logstash-mixin-http_client's Issues

Support redirects on "unsafe" HTTP methods

The httpclient library used by this mixin is very conservative when it comes to status code handling, that only does what MUST be done (not what MAY be done) according to the RFC7231.

According to this RFC, requests MAY be automatically redirected but caution should be taken for unsafe methods (safe: GET/HEAD/OPTIONS, unsafe: POST/PUT/DELETE/PATCH).

The existing setRedirectsEnabled flag will only redirect on safe methods, but it may be desirable to redirect on PUT/POST if the users so wishes, by having this behavior behind an "off-by-default" flag.

truststore_password should be :validate => :password

Doing :validate => :password will wrap the value in an object which resists leaking the password secret by obscuring #to_s and #inspect calls.

Changes:

  • Set this to :validate => :password
  • Change @truststore_password uses to be @truststore_password.value to get the actual configured value.

Improve retry handling and semantics

It's unclear how the automatic_retries setting works, and if it applies to network failures, to non 200 status codes, or both (or neither).

Plugins using this mixin don't have visibility if requests are retried at all.

For example here's an endpoint that returns a 503 and doesn't seem to be retried:

/tmp/logstash-7.11.1
❯ echo 1 | bin/logstash -e "filter { http { url => 'http://httpstat.us/503' automatic_retries => 100 } }"
[..]
[2021-02-19T18:14:38,262][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-02-19T18:14:38,297][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2021-02-19T18:14:38,457][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2021-02-19T18:14:39,220][ERROR][logstash.filters.http    ][main][bd532599e066920b19b659b8756ad4a5751741b31fc6994b60c993f22fc75bbc] error during HTTP request {:url=>"http://httpstat.us/503", :code=>503, :response=>""}
{
          "tags" => [
        [0] "_httprequestfailure"
    ],
          "host" => "joaos-mbp.lan",
       "message" => "1",
          "type" => "stdin",
      "@version" => "1",
    "@timestamp" => 2021-02-19T18:14:38.288Z
}
[2021-02-19T18:14:39,405][INFO ][logstash.javapipeline    ][main] Pipeline terminated {"pipeline.id"=>"main", "uptime"=>1887}

And, here's a dns failure, that doesn't seem to be retried either:

/tmp/logstash-7.11.1
❯ echo 1 | bin/logstash -e "filter { http { url => 'http://httpstat.us/503' automatic_retries => 100 } }"
[2021-02-19T18:15:35,758][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.11.1", "jruby.version"=>"jruby 9.2.13.0 (2.5.7) 2020-08-03 9a89c94bcc OpenJDK 64-Bit Server VM 11.0.9+11 on 11.0.9+11 +indy +jit [darwin-x86_64]"}
[2021-02-19T18:15:37,967][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-02-19T18:15:38,006][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2021-02-19T18:15:38,177][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2021-02-19T18:15:38,373][ERROR][logstash.filters.http    ][main][bd532599e066920b19b659b8756ad4a5751741b31fc6994b60c993f22fc75bbc] error during HTTP request {:url=>"http://httpstat.us/503", :body=>nil, :client_error=>"httpstat.us: nodename nor servname provided, or not known"}
{
          "host" => "Joaos-MacBook-Pro.local",
    "@timestamp" => 2021-02-19T18:15:37.992Z,
       "message" => "1",
          "type" => "stdin",
          "tags" => [
        [0] "_httprequestfailure"
    ],
      "@version" => "1"
}
[2021-02-19T18:15:38,536][INFO ][logstash.javapipeline    ][main] Pipeline terminated {"pipeline.id"=>"main", "uptime"=>1252}
[2021-02-19T18:15:38,565][INFO ][logstash.pipelinesregistry] Removed pipeline from registry successfully {:pipeline_id=>:main}
[2021-02-19T18:15:38,597][INFO ][logstash.runner          ] Logstash shut down.

Add flag to disable strict SSL hostname verifification

Would it be possible to add a verification_mode parameter similar as in filebeat:
https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#_verification_mode

A hack to demonstrate this hard-coded.

--- ./vendor/bundle/jruby/2.5.0/gems/logstash-mixin-http_client-7.0.0/lib/logstash/plugin_mixins/http_client.rb    2021-01-12 14:47:39.000000000 +0000
+++ ./vendor/bundle/jruby/2.5.0/gems/logstash-mixin-http_client-7.0.0/lib/logstash/plugin_mixins/http_client.rb.verify_on    2021-01-12 14:49:57.000000000 +0000
@@ -170,6 +170,9 @@
       raise InvalidHTTPConfigError, "You must specify both client_cert and client_key for an HTTP client, or neither!"
     end

+    # dirty hack to disable host name verification unconditionally
+    c[:ssl][:verify] = :disable
+
     c
   end

This should of course be implemented then as a flag, such that the flag could be set in e.g. http-output plugin.
The default should remain enabled so that there is no unexpected security impact as a result of this change.

socks5

could you please add support for using a socks5 proxy for http client ?

Add ssl_enabled option

Add a new ssl_enabled setting for enabling/disabling the other SSL configurations, so plugins using this mixing can easily be compliant with the Logstash SSL standards.

When disabled, and other ssl_ option are set, it should log a warning message letting users know that those settings won't be used by the client.

Raise LogStash::Configuration Error on bad per-URL keys

It seems that there's a lot of confusion as to which options get set at the root level for this mixin and which ones get set per-URL.

Currently 'extra' options specified per-URL do not generate any errors. They should.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.