Add ssl_enabled option

CHANGELOG.md

@@ -1,3 +1,6 @@
+## 7.4.0
+  - Adds new `ssl_enabled` setting for enabling/disabling the SSL configurations [#44](https://github.com/logstash-plugins/logstash-mixin-http_client/pull/44)
+
 ## 7.3.0
   - Adds standardized SSL settings and deprecates their non-standard counterparts. Deprecated settings will continue to work, and will provide pipeline maintainers with guidance toward using their standardized counterparts [#42](https://github.com/logstash-plugins/logstash-mixin-http_client/pull/42)
     - Adds new `ssl_truststore_path`, `ssl_truststore_password`, and `ssl_truststore_type` settings for configuring SSL-trust using a PKCS-12 or JKS trust store, deprecating their `truststore`, `truststore_password`, and `truststore_type` counterparts.

lib/logstash/plugin_mixins/http_client.rb

@@ -75,6 +75,9 @@ def self.included(base)
       # See https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html#setValidateAfterInactivity(int)[these docs for more info]
       base.config :validate_after_inactivity, :validate => :number, :default => 200
 
+      # Enable/disable the SSL configurations
+      base.config :ssl_enabled, :validate => :boolean, :default => true
+
       # If you need to use a custom X.509 CA (.pem certs) specify the path to that here
       base.config :ssl_certificate_authorities, :validate => :path, :list => :true
 
@@ -188,6 +191,13 @@ def client_config
     def ssl_options
 
       options = {}
+
+      unless @ssl_enabled
+        ignored_ssl_settings = original_params.select { |k| k != 'ssl_enabled' && k.start_with?('ssl_') }
+        self.logger.warn("Configured SSL settings are not used when `ssl_enabled` is set to `false`: #{ignored_ssl_settings.keys}") if ignored_ssl_settings.any?
+        return options
+      end
+
       if @ssl_certificate_authorities&.any?
         raise LogStash::ConfigurationError, 'Multiple values on `ssl_certificate_authorities` are not supported by this plugin' if @ssl_certificate_authorities.size > 1
 

logstash-mixin-http_client.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-mixin-http_client'
-  s.version         = '7.3.0'
+  s.version         = '7.4.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "AWS mixins to provide a unified interface for Amazon Webservice"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

spec/plugin_mixin/http_client_ssl_spec.rb

@@ -339,6 +339,32 @@
         end
       end
     end
+
+    describe 'with ssl_enabled' do
+      context 'set to false' do
+        let(:basic_config) { super().merge('ssl_enabled' => false) }
+        let(:plugin) { plugin_class.new(basic_config) }
+
+        it 'should not configure the client :ssl' do
+          expect(plugin.client_config[:ssl]).to eq({})
+        end
+
+        context 'and another ssl_* config set' do
+          let(:basic_config) { super().merge('ssl_verification_mode' => 'none') }
+          let(:logger_mock) { double('logger') }
+
+          before(:each) do
+            allow(plugin).to receive(:logger).and_return(logger_mock)
+          end
+
+          it 'should log a warn message' do
+            allow(logger_mock).to receive(:warn)
+            plugin.client_config
+            expect(logger_mock).to have_received(:warn).with('Configured SSL settings are not used when `ssl_enabled` is set to `false`: ["ssl_verification_mode"]')
+          end
+        end
+      end
+    end
   end
 end